├── .editorconfig ├── LICENSE ├── README.md ├── jitsi-meet-examples ├── aws │ ├── README.md │ ├── cloudformation.yaml │ ├── jitsi-values.yaml │ └── k8s │ │ ├── ingress-haproxy-values.yaml │ │ ├── letsencrypt.yaml │ │ └── rbac-config-helm.yaml └── basic │ └── values.yaml └── jitsi-meet ├── .helmignore ├── Chart.yaml ├── configs ├── jicofo │ └── sip-communicator.properties ├── jvb │ ├── logging.properties │ └── sip-communicator.properties └── prosody │ ├── jitsi-meet.cfg.lua │ └── prosody.cfg.lua ├── templates ├── NOTES.txt ├── _helpers.tpl ├── hpa-web.yaml ├── ingress-web.yaml ├── jicofo-config.yaml ├── jicofo-sip-config.yaml ├── jvb-config.yaml ├── jvb-deployment.yaml ├── jvb-service.yaml ├── jvb-sip-config.yaml ├── prosody-cfg-cm.yaml ├── prosody-service.yaml ├── prosody-statefulset.yaml ├── service-web-jwt.yaml ├── service-web.yaml ├── serviceaccount.yaml ├── tests │ └── test-connection.yaml ├── web-deployment.yaml └── web-jwt-deployment.yaml └── values.yaml /.editorconfig: -------------------------------------------------------------------------------- 1 | [*.yaml] 2 | tab_width = 2 3 | trim_trailing_whitespace = true 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 taktakpeops 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Jitsi Meet 2 | A [Jitsi Meet](https://jitsi.org/jitsi-meet/) Chart for Kubernetes 3 | 4 | ## Install chart 5 | To download and to install the Jitsi Meet Chart, make sure that you have the Helm CLI (v2+) installed and clone this repository on your machine. 6 | 7 | Once done, you can find some examples [here](./jitsi-meet-examples). 8 | 9 | 10 | To install the chart, in your terminal, go to the `jitsi-meet-helm` repository and run the following command: 11 | 12 | ```bash 13 | helm install --namespace $MY_NAMESPACE -n jitsi-meet jitsi-meet -f ./jitsi-meet-examples/basic/values.yaml --wait 14 | ``` 15 | 16 | `$MY_NAMESPACE` should be replaced by the namespace you want to use for Jitsi Meet. 17 | 18 | It assumes that you have a [Nginx Ingress](https://docs.nginx.com/nginx-ingress-controller/overview/) controller and you use [CertManager](https://cert-manager.io/docs/installation/kubernetes/) along with [ACME](https://cert-manager.io/docs/configuration/acme/) issuer type for managing the HTTPS certificates. 19 | 20 | Because `--wait` flag, the status will be given once Jisti Meet is ready. 21 | 22 | ## Updating the chart 23 | To update the chart, in your terminal, go to the `jitsi-meet-helm` repository and run the following command: 24 | 25 | ```bash 26 | helm upgrade jitsi-meet jitsi-meet -f ./jitsi-meet-examples/basic/values.yaml --namespace $MY_NAMESPACE --wait 27 | ``` 28 | 29 | `$MY_NAMESPACE` should be replaced by the namespace you want to use for Jitsi Meet. 30 | 31 | ## Delete the chart 32 | To delete the chart, in your terminal, go to the `jitsi-meet-helm` repository and run the following command: 33 | 34 | ```bash 35 | helm delete --purge jitsi-meet 36 | ``` 37 | 38 | ## Demo 39 | Currently, the `aws` example is running on [`jitsi.project-meat.tk`](https://jitsi.project-meat.tk). Feel free to give it a try and share your feedback ! 40 | 41 | ## Warnings 42 | 43 | * This chart is still an experiment - it runs currently one replica of each component 44 | * Work needs to be done for writing route tables for the ingress to route UDP / TCP 45 | * JVB service uses a `NodePort` type for routing UDP outside of the cluster 46 | * The chart was tested on AWS and local Kubernetes cluster **ONLY** (no ingress - `kubectl port-forward` + `ngrok` to the rescue) 47 | * The `prosody` deployment deploys both `jicofo` and `prosody` in one pod in order to use `jicofo` as a sidecar container - maybe not wise 48 | 49 | ## Configuration 50 | 51 | The following table lists the configurable parameters of the Jitsi Meet chart and their default values. 52 | 53 | | Parameter | Description | Default | 54 | |---------------------------------------------------------|----------------------------------------|-----------------| 55 | | `image.pullSecrets` | Image pull secrets | `nil` | 56 | | `jicofo.image.repository` | Image repository | `jitsi/jicofo` | 57 | | `jicofo.image.tag` | Image tag | `latest` | 58 | | `jicofo.image.pullPolicy` | Image pull policy | `Always` | 59 | | `jicofo.environment` | Additional environment variables | `[]` | 60 | | `jicofo.componentSecret` | Base64 encoded component secret | `nil` | 61 | | `jicofo.userAuth.enabled` | Enabled authentication | `false` | 62 | | `jicofo.userAuth.name` | Username for authentication | `focus` | 63 | | `jicofo.userAuth.secret` | Secret for authentication | `nil` | 64 | | `jicofo.resources` | Pod resources | `{}` | 65 | | `jvb.image.repository` | Image repository | `jitsi/jvb` | 66 | | `jvb.image.tag` | Image tag | `latest` | 67 | | `jvb.image.pullPolicy` | Image pull policy | `Always` | 68 | | `jvb.replicaCount` | Replica count | `1` | 69 | | `jvb.environment` | Additional environment variables | `[]` | 70 | | `jvb.securityContext.fsGroup` | Security context deployment | `412` | 71 | | `jvb.service.annotations` | Service annotations | `[]` | 72 | | `jvb.service.type` | Service type | `NodePort` | 73 | | `jvb.service.externalTrafficPolicy` | External traffic policy | `Cluster` | 74 | | `jvb.ingress.enabled` | Yet to come, ingress UDP/TCP | `false` | 75 | | `jvb.resources` | Pod resources | `{}` | 76 | | `jvb.nodeSelector` | Node selector | `{}` | 77 | | `jvb.affinity` | Node affinity | `{}` | 78 | | `jvb.tolerations` | Node tolerations | `{}` | 79 | | `jvb.userAuth.enabled` | Enabled authentication | `false` | 80 | | `jvb.userAuth.name` | Username for authentication | `focus` | 81 | | `jvb.userAuth.secret` | Secret for authentication | `nil` | 82 | | `prosody.image.repository` | Image repository | `jitsi/prosody` | 83 | | `prosody.image.tag` | Image tag | `latest` | 84 | | `prosody.image.pullPolicy` | Image pull policy | `Always` | 85 | | `prosody.environment` | Additional environment variables | `[]` | 86 | | `prosody.replicaCount` | Replica count | `1` | 87 | | `prosody.service.annotations` | Service annotations | `[]` | 88 | | `prosody.service.type` | Service type | `ClusterIP` | 89 | | `prosody.service.sessionAffinityConfig.clientIPConfig` | Timeout client IP | `10800` | 90 | | `prosody.hpa.enabled` | Yet to come, horizontal pod autoscaler | `false` | 91 | | `prosody.resources` | Pod resources | `{}` | 92 | | `prosody.nodeSelector` | Node selector | `{}` | 93 | | `prosody.affinity` | Node affinity | `{}` | 94 | | `web.tolerations` | Node tolerations | `{}` | 95 | | `web.image.repository` | Image repository | `jitsi/prosody` | 96 | | `web.image.tag` | Image tag | `latest` | 97 | | `web.image.pullPolicy` | Image pull policy | `Always` | 98 | | `web.environment` | Additional environment variables | `[]` | 99 | | `web.replicaCount` | Replica count | `1` | 100 | | `web.hpa.enabled` | Yet to come, horizontal pod autoscaler | `false` | 101 | | `web.service.annotations` | Service annotations | `[]` | 102 | | `web.service.type` | Service type | `ClusterIP` | 103 | | `web.service.port` | Service port | `80` | 104 | | `web.ingress.enabled` | Yet to come, ingress UDP/TCP | `false` | 105 | | `web.resources` | Pod resources | `{}` | 106 | | `web.nodeSelector` | Node selector | `{}` | 107 | | `web.affinity` | Node affinity | `{}` | 108 | | `web.tolerations` | Node tolerations | `{}` | 109 | | `web.ingress.enabled` | Ingress controller | `false` | 110 | | `web.ingress.annotations` | Ingress annotations | `[]` | 111 | | `web.ingress.hosts` | Ingress host configuration | `[]` | 112 | | `web.ingress.tls` | TLS for ingress controller | `[]` | 113 | | `ingressControllerNamespace` | Yet to come, namespace ingress | `nil` | 114 | | `serviceAccount.create` | Create service account | `true` | 115 | | `serviceAccount.name` | Service account name | `nil` | 116 | | `podSecurityContext` | Pod Security context (except JVB) | `{}` | 117 | | `securityContext` | Security context | `{}` | 118 | 119 | ## Help 120 | For any assistance needed, please open an issue. 121 | 122 | ## Contributing 123 | In case you notice an issue or want to implement some improvements, feel free to open an issue describing your finding and/or to open a pull-request. 124 | 125 | -------------------------------------------------------------------------------- /jitsi-meet-examples/aws/README.md: -------------------------------------------------------------------------------- 1 | # AWS EKS Example 2 | 3 | An example for creating an EKS cluster and deploying Jitsi in EKS. 4 | 5 | ## Installation 6 | 7 | Make sure that you Helm (v2+) and the AWS CLI installed on your machine. Clone this repository and go to `jitsi-meet-examples/aws`. 8 | 9 | AWS offers a free tier that can be used for test purposes, more info [here](https://aws.amazon.com/free/). 10 | 11 | In this folder, you can find a CloudFormation template creating an EKS cluster and its VPC along with an EKS node group. A folder called `k8s` contains all the manifest to deploy for installing NGinx ingress, CertManager and ACME issuer. 12 | 13 | ### Creating the cluster 14 | 15 | First, go to your AWS Console in EC2 -> Key Pairs and create a new key called `eks-dev-nodes`. It will be used later for granting SSH access to the nodes. 16 | 17 | To create the cluster, make sure that your AWS CLI is correctly setup and authenticated. In your terminal, run the following command: 18 | 19 | ```bash 20 | aws cloudformation create-stack --stack-name eks-cluster --template-body="$(cat ./cloudformation.yaml)" --capabilities=CAPABILITY_IAM 21 | ``` 22 | 23 | After the stack got created, retrieve the credentials for updating your `kubeconfig` by running `aws eks update-kubeconfig --name dev`. 24 | 25 | ### Setting up the cluster 26 | Run `helm init` to install `tiller` in your cluster. In case you want to user a service account + a role binding, deploy at first `k8s/rbac-config-helm.yaml` (edit namespace name and service account manifest according to your need. Default is creating a `helm` namespace forcing to suffix all commands with `--tiller-namespace=helm` for executing the different commands). 27 | 28 | Once it's done, deploy the ingress controller using the values specified in `k8s/ingress-values.yaml` by doing the following in your terminal: 29 | 30 | ```bash 31 | kubectl create ns ingress 32 | helm upgrade -f ./k8s/ingress-values.yaml ingress stable/nginx-ingress --namespace ingress -i --wait 33 | ``` 34 | 35 | After it completes, deploy CertManager in the cluster: 36 | 37 | ```bash 38 | kubectl apply --validate=false -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml 39 | helm repo add jetstack https://charts.jetstack.io 40 | helm repo update 41 | helm upgrade cert-manager jetstack/cert-manager --namespace ingress --version v0.11.0 -i --wait 42 | kubectl apply -f ./k8s/letsencrypt.yaml 43 | ``` 44 | 45 | ### Creating the DNS 46 | For creating the DNS, I used [`https://my.freenom.com/`](https://my.freenom.com/) which offers free `.tk` domain name. 47 | 48 | For administrating the DNS, I decided to use [`Cloudflare`](https://www.cloudflare.com/pricing/) with a free-account. 49 | 50 | After creating your DNS, update the name servers to point to the Cloudflare ones. Once it's done, go to your AWS console in EC2 -> Load Balancers. Look for the ingress NLB and add its domain name as CNAME entry in Cloudflare. Create a new subdomain for Jitsi: add a new CNAME entry for your domain name in Cloudflare targetting the NLB URL. The NLB will take care of redirecting the traffic to the correct ingress controller. 51 | 52 | ### Deploying Jitsi 53 | Now that the cluster is setup, we can deploy Jitsi Meet in the cluster. Make sure that you edit the value of `web.ingress.hosts[0].host` to target the domain name created in the previous step. 54 | 55 | Run the following command in your terminal: 56 | ```bash 57 | kubectl create ns jitsi 58 | helm upgrade jitsi ../../jitsi-meet -f ./jitsi-values.yaml --namespace jitsi -i --wait 59 | ``` 60 | 61 | Once the installation is complete, go back to the AWS console in EC2 -> Security Groups. Look for the security group prefixed with the name prefixed with `eks-remoteAccess`. Go to the `inbound rules` and add a custom rule for opening the port 30300 for UDP. 62 | 63 | After it's done, launch a session and enjoy a call ! 64 | 65 | ### Cleaning the deployment 66 | 67 | To clean up the deployment, delete the Cloudformation stack by running `aws cloudformation delete-stack --stack-name jitsi`. 68 | 69 | ## Contributing 70 | 71 | In case you have questions, found an issue or simply want to improve the example, feel free to open an issue or a pull-requests. Both are welcome ! 72 | -------------------------------------------------------------------------------- /jitsi-meet-examples/aws/cloudformation.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: "2010-09-09" 2 | Description: Jitsi platform 3 | Parameters: 4 | ClusterName: 5 | Description: "Cluster name" 6 | Type: String 7 | Default: "dev" 8 | Subnet1AvailabilityZone: 9 | Description: "The availability zone for the subnet #1" 10 | Type: "AWS::EC2::AvailabilityZone::Name" 11 | Default: "eu-west-1b" 12 | Subnet2AvailabilityZone: 13 | Description: "The availability zone for the subnet #2" 14 | Type: "AWS::EC2::AvailabilityZone::Name" 15 | Default: "eu-west-1c" 16 | Resources: 17 | Role: 18 | Type: AWS::IAM::Role 19 | Properties: 20 | AssumeRolePolicyDocument: 21 | Version: '2012-10-17' 22 | Statement: 23 | - Effect: Allow 24 | Principal: 25 | Service: 26 | - eks.amazonaws.com 27 | Action: 28 | - sts:AssumeRole 29 | Policies: 30 | - PolicyDocument: 31 | Version: '2012-10-17' 32 | Statement: 33 | - Effect: Allow 34 | Resource: '*' 35 | Action: 36 | - autoscaling:DescribeAutoScalingGroups 37 | - autoscaling:DescribeLaunchConfigurations 38 | - autoscaling:DescribeTags 39 | - ec2:DescribeInstances 40 | - ec2:DescribeRegions 41 | - ec2:DescribeAccountAttributes 42 | - ec2:DescribeInternetGateways 43 | - ec2:DescribeRouteTables 44 | - ec2:DescribeSecurityGroups 45 | - ec2:DescribeSubnets 46 | - ec2:DescribeVolumes 47 | - ec2:CreateSecurityGroup 48 | - ec2:CreateTags 49 | - ec2:CreateVolume 50 | - ec2:ModifyInstanceAttribute 51 | - ec2:ModifyVolume 52 | - ec2:AttachVolume 53 | - ec2:AuthorizeSecurityGroupIngress 54 | - ec2:CreateRoute 55 | - ec2:DeleteRoute 56 | - ec2:DeleteSecurityGroup 57 | - ec2:DeleteVolume 58 | - ec2:DetachVolume 59 | - ec2:RevokeSecurityGroupIngress 60 | - ec2:DescribeVpcs 61 | - elasticloadbalancing:AddTags 62 | - elasticloadbalancing:AttachLoadBalancerToSubnets 63 | - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer 64 | - elasticloadbalancing:CreateLoadBalancer 65 | - elasticloadbalancing:CreateLoadBalancerPolicy 66 | - elasticloadbalancing:CreateLoadBalancerListeners 67 | - elasticloadbalancing:ConfigureHealthCheck 68 | - elasticloadbalancing:DeleteLoadBalancer 69 | - elasticloadbalancing:DeleteLoadBalancerListeners 70 | - elasticloadbalancing:DescribeLoadBalancers 71 | - elasticloadbalancing:DescribeLoadBalancerAttributes 72 | - elasticloadbalancing:DetachLoadBalancerFromSubnets 73 | - elasticloadbalancing:DeregisterInstancesFromLoadBalancer 74 | - elasticloadbalancing:ModifyLoadBalancerAttributes 75 | - elasticloadbalancing:RegisterInstancesWithLoadBalancer 76 | - elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer 77 | - elasticloadbalancing:AddTags 78 | - elasticloadbalancing:CreateListener 79 | - elasticloadbalancing:CreateTargetGroup 80 | - elasticloadbalancing:DeleteListener 81 | - elasticloadbalancing:DeleteTargetGroup 82 | - elasticloadbalancing:DescribeListeners 83 | - elasticloadbalancing:DescribeLoadBalancerPolicies 84 | - elasticloadbalancing:DescribeTargetGroups 85 | - elasticloadbalancing:DescribeTargetHealth 86 | - elasticloadbalancing:ModifyListener 87 | - elasticloadbalancing:ModifyTargetGroup 88 | - elasticloadbalancing:RegisterTargets 89 | - elasticloadbalancing:DeregisterTargets 90 | - elasticloadbalancing:SetLoadBalancerPoliciesOfListener 91 | - iam:CreateServiceLinkedRole 92 | - kms:DescribeKey 93 | PolicyName: 'eks-master' 94 | ManagedPolicyArns: 95 | - !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonEKSClusterPolicy' 96 | - !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonEKSServicePolicy' 97 | 98 | NodeInstanceRole: 99 | Type: "AWS::IAM::Role" 100 | Properties: 101 | AssumeRolePolicyDocument: 102 | Version: "2012-10-17" 103 | Statement: 104 | - Effect: Allow 105 | Principal: 106 | Service: 107 | - eks.amazonaws.com 108 | Action: 109 | - "sts:AssumeRole" 110 | - Effect: Allow 111 | Principal: 112 | Service: 113 | - ec2.amazonaws.com 114 | Action: 115 | - "sts:AssumeRole" 116 | ManagedPolicyArns: 117 | - !Sub "arn:${AWS::Partition}:iam::aws:policy/AmazonEKSWorkerNodePolicy" 118 | - !Sub "arn:${AWS::Partition}:iam::aws:policy/AmazonEKS_CNI_Policy" 119 | - !Sub "arn:${AWS::Partition}:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" 120 | - !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess' 121 | Policies: 122 | - PolicyDocument: 123 | Version: '2012-10-17' 124 | Statement: 125 | - Effect: Allow 126 | Action: 127 | - ec2:DescribeInstances 128 | - ec2:DescribeRegions 129 | - ecr:GetAuthorizationToken 130 | - ecr:BatchCheckLayerAvailability 131 | - ecr:GetDownloadUrlForLayer 132 | - ecr:GetRepositoryPolicy 133 | - ecr:DescribeRepositories 134 | - ecr:ListImages 135 | - ecr:BatchGetImage 136 | Resource: '*' 137 | PolicyName: 'eks-node' 138 | Path: / 139 | 140 | Vpc: 141 | Type: "AWS::EC2::VPC" 142 | Properties: 143 | CidrBlock: "10.0.0.0/24" 144 | EnableDnsHostnames: true 145 | EnableDnsSupport: true 146 | 147 | PublicRouteTable: 148 | Type: "AWS::EC2::RouteTable" 149 | Properties: 150 | VpcId: !Ref Vpc 151 | 152 | Subnet1: 153 | Type: "AWS::EC2::Subnet" 154 | Properties: 155 | CidrBlock: "10.0.0.0/26" 156 | VpcId: !Ref Vpc 157 | AvailabilityZone: !Ref Subnet1AvailabilityZone 158 | MapPublicIpOnLaunch: true 159 | Tags: 160 | - Key: !Join 161 | - "/" 162 | - - "kubernetes.io/cluster" 163 | - !Ref ClusterName 164 | Value: shared 165 | Subnet1Assoc: 166 | Type: "AWS::EC2::SubnetRouteTableAssociation" 167 | Properties: 168 | RouteTableId: !Ref PublicRouteTable 169 | SubnetId: !Ref Subnet1 170 | 171 | Subnet2: 172 | Type: "AWS::EC2::Subnet" 173 | Properties: 174 | CidrBlock: "10.0.0.192/26" 175 | VpcId: !Ref Vpc 176 | AvailabilityZone: !Ref Subnet2AvailabilityZone 177 | MapPublicIpOnLaunch: true 178 | Tags: 179 | - Key: !Join 180 | - "/" 181 | - - "kubernetes.io/cluster" 182 | - !Ref ClusterName 183 | Value: shared 184 | Subnet2Assoc: 185 | Type: "AWS::EC2::SubnetRouteTableAssociation" 186 | Properties: 187 | RouteTableId: !Ref PublicRouteTable 188 | SubnetId: !Ref Subnet2 189 | 190 | # Elastic IP 191 | Eip: 192 | Type: AWS::EC2::EIP 193 | DependsOn: VpcIgPairing 194 | Properties: 195 | Domain: vpc 196 | # Gateways 197 | InternetGateway: 198 | Type: "AWS::EC2::InternetGateway" 199 | InternetRoute: 200 | Type: "AWS::EC2::Route" 201 | Properties: 202 | RouteTableId: !Ref PublicRouteTable 203 | DestinationCidrBlock: "0.0.0.0/0" 204 | GatewayId: !Ref InternetGateway 205 | VpcIgPairing: 206 | Type: "AWS::EC2::VPCGatewayAttachment" 207 | Properties: 208 | InternetGatewayId: !Ref InternetGateway 209 | VpcId: !Ref Vpc 210 | 211 | SecurityGroup: 212 | Type: "AWS::EC2::SecurityGroup" 213 | Properties: 214 | GroupDescription: "Cluster SG" 215 | GroupName: cluster-sg 216 | VpcId: !Ref Vpc 217 | SecurityGroupIngress: 218 | - FromPort: 0 219 | ToPort: 65535 220 | IpProtocol: "-1" 221 | CidrIp: "0.0.0.0/0" 222 | SecurityGroupEgress: 223 | - IpProtocol: "-1" 224 | FromPort: 0 225 | ToPort: 65535 226 | CidrIp: "0.0.0.0/0" 227 | 228 | # SecurityGroupNodeGroups: 229 | # Type: "AWS::EC2::SecurityGroup" 230 | # Properties: 231 | # GroupDescription: "Cluster SG Node Group" 232 | # GroupName: node-group-sg 233 | # VpcId: !Ref Vpc 234 | # SecurityGroupIngress: 235 | # - FromPort: 22 236 | # ToPort: 22 237 | # IpProtocol: "tcp" 238 | # CidrIp: "0.0.0.0/0" 239 | # - FromPort: 443 240 | # ToPort: 443 241 | # IpProtocol: "tcp" 242 | # CidrIp: "0.0.0.0/0" 243 | # - FromPort: 30300 244 | # ToPort: 30300 245 | # IpProtocol: "udp" 246 | # CidrIp: "0.0.0.0/0" 247 | # - IpProtocol: -1 248 | # FromPort: 1025 249 | # ToPort: 65535 250 | # CidrIp: "0.0.0.0/0" 251 | # SecurityGroupEgress: 252 | # - IpProtocol: "-1" 253 | # FromPort: 0 254 | # ToPort: 65535 255 | # CidrIp: "0.0.0.0/0" 256 | 257 | # SecurityGroupIngressController: 258 | # Type: "AWS::EC2::SecurityGroup" 259 | # Properties: 260 | # GroupDescription: "Cluster SG ingress controller" 261 | # GroupName: ingress-ctrl-sg 262 | # VpcId: !Ref Vpc 263 | # SecurityGroupIngress: 264 | # - FromPort: 443 265 | # ToPort: 443 266 | # IpProtocol: "tcp" 267 | # CidrIp: "173.245.48.0/20" 268 | # - FromPort: 443 269 | # ToPort: 443 270 | # IpProtocol: "tcp" 271 | # CidrIp: "103.21.244.0/22" 272 | # - FromPort: 443 273 | # ToPort: 443 274 | # IpProtocol: "tcp" 275 | # CidrIp: "103.22.200.0/22" 276 | # - FromPort: 443 277 | # ToPort: 443 278 | # IpProtocol: "tcp" 279 | # CidrIp: "103.31.4.0/22" 280 | # - FromPort: 443 281 | # ToPort: 443 282 | # IpProtocol: "tcp" 283 | # CidrIp: "141.101.64.0/18" 284 | # - FromPort: 443 285 | # ToPort: 443 286 | # IpProtocol: "tcp" 287 | # CidrIp: "108.162.192.0/18" 288 | # - FromPort: 443 289 | # ToPort: 443 290 | # IpProtocol: "tcp" 291 | # CidrIp: "190.93.240.0/20" 292 | # - FromPort: 443 293 | # ToPort: 443 294 | # IpProtocol: "tcp" 295 | # CidrIp: "188.114.96.0/20" 296 | # - FromPort: 443 297 | # ToPort: 443 298 | # IpProtocol: "tcp" 299 | # CidrIp: "197.234.240.0/22" 300 | # - FromPort: 443 301 | # ToPort: 443 302 | # IpProtocol: "tcp" 303 | # CidrIp: "198.41.128.0/17" 304 | # - FromPort: 443 305 | # ToPort: 443 306 | # IpProtocol: "tcp" 307 | # CidrIp: "162.158.0.0/15" 308 | # - FromPort: 443 309 | # ToPort: 443 310 | # IpProtocol: "tcp" 311 | # CidrIp: "104.16.0.0/12" 312 | # - FromPort: 443 313 | # ToPort: 443 314 | # IpProtocol: "tcp" 315 | # CidrIp: "172.64.0.0/13" 316 | # - FromPort: 443 317 | # ToPort: 443 318 | # IpProtocol: "tcp" 319 | # CidrIp: "131.0.72.0/22" 320 | # SecurityGroupEgress: 321 | # - IpProtocol: "tcp" 322 | # FromPort: 1025 323 | # ToPort: 65535 324 | # CidrIp: "0.0.0.0/0" 325 | 326 | Cluster: 327 | Type: "AWS::EKS::Cluster" 328 | Properties: 329 | RoleArn: !GetAtt Role.Arn 330 | Name: !Ref ClusterName 331 | ResourcesVpcConfig: 332 | SubnetIds: 333 | - !Ref Subnet1 334 | - !Ref Subnet2 335 | SecurityGroupIds: 336 | - !Ref SecurityGroup 337 | 338 | DevNodeGroup: 339 | Type: "AWS::EKS::Nodegroup" 340 | DependsOn: Cluster 341 | Properties: 342 | ClusterName: !Ref ClusterName 343 | NodegroupName: group-dev 344 | AmiType: AL2_x86_64 345 | RemoteAccess: 346 | Ec2SshKey: "eks-dev-nodes" 347 | SourceSecurityGroups: 348 | - !Ref SecurityGroup 349 | ScalingConfig: 350 | MinSize: 2 351 | DesiredSize: 3 352 | MaxSize: 5 353 | InstanceTypes: 354 | - m5.large 355 | NodeRole: !GetAtt NodeInstanceRole.Arn 356 | Subnets: 357 | - !Ref Subnet1 358 | - !Ref Subnet2 359 | 360 | 361 | -------------------------------------------------------------------------------- /jitsi-meet-examples/aws/jitsi-values.yaml: -------------------------------------------------------------------------------- 1 | webHost: jitsi.meat-project.tk 2 | 3 | common: 4 | environment: 5 | - name: XMPP_DOMAIN 6 | value: jitsi.meet 7 | - name: XMPP_AUTH_DOMAIN 8 | value: auth.jitsi.meet 9 | - name: XMPP_INTERNAL_MUC_DOMAIN 10 | value: internal-muc.jitsi.meet 11 | - name: XMPP_MUC_DOMAIN 12 | value: muc.jitsi.meet 13 | - name: XMPP_GUEST_DOMAIN 14 | value: guest.jitsi.meet 15 | - name: JVB_BREWERY_MUC 16 | value: jvbbrewery 17 | - name: TZ 18 | value: Europe/Amsterdam 19 | 20 | jicofo: 21 | userAuth: 22 | enabled: true 23 | name: "focus" 24 | secret: dG90bw== 25 | componentSecret: dG90bw== 26 | replicaCount: 1 27 | environmnet: 28 | - name: JICOFO_AUTH_DOMAIN 29 | value: auth.jitsi.meet 30 | 31 | # need JVM optimisation 32 | jvb: 33 | userAuth: 34 | enabled: true 35 | name: "jvb" 36 | secret: dG90bw== 37 | ingress: 38 | enabled: false 39 | replicaCount: 2 40 | service: 41 | sessionAffinity: ClientIP 42 | environment: 43 | - name: JVB_STUN_SERVERS 44 | value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 45 | - name: JVB_TCP_HARVESTER_DISABLED 46 | value: "true" 47 | - name: DOCKER_HOST_ADDRESS 48 | valueFrom: 49 | fieldRef: 50 | fieldPath: status.hostIP 51 | - name: JVB_OPTS 52 | value: "--apis=xmpp,rest" 53 | - name: ENABLE_STATISTICS 54 | value: "true" 55 | # resources: 56 | # limits: 57 | # memory: 512Mi 58 | # cpu: 100m 59 | # requests: 60 | # memory: 256Mi 61 | # cpu: 25m 62 | 63 | prosody: 64 | auth: 65 | enabled: false 66 | guest: 0 67 | # type: jwt 68 | recorder: false 69 | replicaCount: 1 70 | environment: 71 | - name: JVB_TCP_HARVESTER_DISABLED 72 | value: "true" 73 | - name: ENABLE_GUESTS 74 | value: "1" 75 | 76 | web: 77 | ingress: 78 | enabled: true 79 | annotations: 80 | cert-manager.io/cluster-issuer: "letsencrypt" 81 | cert-manager.io/acme-challenge-type: http01 82 | ingress.kubernetes.io/auth: "oauth2_proxy" 83 | ingress.kubernetes.io/oauth-uri-prefix: "/oauth2" 84 | ingress.kubernetes.io/forwarded-for: "enabled" 85 | ingress.kubernetes.io/load-balance: "uri" 86 | ingress.kubernetes.io/ssl-redirect: "ON" 87 | ingress.kubernetes.io/ssl-certificate: jitsi/meet-web 88 | ingress.kubernetes.io/timeout-tunnel: 3h 89 | kubernetes.io/ingress.class: "haproxy" 90 | hosts: 91 | - host: jitsi.meat-project.tk 92 | oauth: true 93 | paths: 94 | - / 95 | tls: 96 | - hosts: 97 | - jitsi.meat-project.tk 98 | secretName: meet-web 99 | replicaCount: 2 100 | hpa: 101 | enabled: true 102 | minReplicas: 2 103 | maxReplicas: 5 104 | metrics: 105 | - type: Resource 106 | resource: 107 | name: memory 108 | targetAverageUtilization: 70 109 | - type: Resource 110 | resource: 111 | name: cpu 112 | targetAverageUtilization: 70 113 | jwtsidecar: 114 | extraArgs: 115 | provider: oidc 116 | email-domain: * 117 | provider-display-name: aws_cognito 118 | client-id: yourclientid 119 | client-secret: yourclientsecret 120 | insecure-oidc-allow-unverified-email: false 121 | oidc-issuer-url: issuerurl 122 | oidc-jwks-url: jwksurl 123 | scope: "openid profile aws.cognito.signin.user.admin" 124 | cookie-secure: true 125 | cookie-domain: mydomain.com 126 | cookie-secret: randomcookiesecret 127 | cookie-samesite: lax 128 | provider: oidc 129 | set-xauthrequest: true 130 | proxy-prefix: "/oauth2" 131 | environment: 132 | - name: JVB_TCP_HARVESTER_DISABLED 133 | value: "true" 134 | - name: ENABLE_GUESTS 135 | value: "1" 136 | - name: ENABLE_LETSENCRYPT 137 | value: "0" 138 | - name: DISABLE_HTTPS 139 | value: "1" 140 | resources: 141 | limits: 142 | memory: 128Mi 143 | cpu: 50m 144 | requests: 145 | memory: 64Mi 146 | cpu: 15m 147 | -------------------------------------------------------------------------------- /jitsi-meet-examples/aws/k8s/ingress-haproxy-values.yaml: -------------------------------------------------------------------------------- 1 | controller: 2 | replicaCount: 1 3 | autoscaling: 4 | enabled: true 5 | minReplicas: 1 6 | maxReplicas: 3 7 | targetCPUUtilizationPercentage: 70 8 | targetMemoryUtilizationPercentage: 50 9 | service: 10 | externalTrafficPolicy: Local 11 | annotations: 12 | service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp 13 | service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: '60' 14 | service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true' 15 | service.beta.kubernetes.io/aws-load-balancer-type: nlb 16 | resources: 17 | limits: 18 | memory: 64Mi 19 | cpu: 50m 20 | requests: 21 | memory: 32Mi 22 | cpu: 15m 23 | 24 | -------------------------------------------------------------------------------- /jitsi-meet-examples/aws/k8s/letsencrypt.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1alpha2 2 | kind: ClusterIssuer 3 | metadata: 4 | name: letsencrypt 5 | spec: 6 | acme: 7 | email: your@email.address 8 | server: https://acme-v02.api.letsencrypt.org/directory 9 | privateKeySecretRef: 10 | name: letsencrypt-secret 11 | solvers: 12 | - http01: 13 | ingress: 14 | class: haproxy -------------------------------------------------------------------------------- /jitsi-meet-examples/aws/k8s/rbac-config-helm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: helm 5 | --- 6 | apiVersion: v1 7 | kind: ServiceAccount 8 | metadata: 9 | name: tiller 10 | namespace: helm 11 | --- 12 | apiVersion: rbac.authorization.k8s.io/v1 13 | kind: ClusterRoleBinding 14 | metadata: 15 | name: tiller 16 | roleRef: 17 | apiGroup: rbac.authorization.k8s.io 18 | kind: ClusterRole 19 | name: cluster-admin 20 | subjects: 21 | - kind: ServiceAccount 22 | name: tiller 23 | namespace: helm -------------------------------------------------------------------------------- /jitsi-meet-examples/basic/values.yaml: -------------------------------------------------------------------------------- 1 | jicofo: 2 | userAuth: 3 | enabled: true 4 | name: "focus" 5 | secret: dG90bw== 6 | componentSecret: dG90bw== 7 | environment: 8 | - name: TZ 9 | value: Europe/Amsterdam 10 | - name: JVB_BREWERY_MUC 11 | value: jvbbrewery 12 | - name: XMPP_DOMAIN 13 | value: meet.jitsi 14 | - name: XMPP_AUTH_DOMAIN 15 | value: auth.meet.jitsi 16 | - name: XMPP_INTERNAL_MUC_DOMAIN 17 | value: internal-muc.meet.jitsi 18 | jvb: 19 | userAuth: 20 | enabled: true 21 | name: "jvb" 22 | secret: dG90bw== 23 | environment: 24 | - name: TZ 25 | value: Europe/Amsterdam 26 | - name: JVB_BREWERY_MUC 27 | value: jvbbrewery 28 | - name: XMPP_DOMAIN 29 | value: meet.jitsi 30 | - name: XMPP_AUTH_DOMAIN 31 | value: auth.meet.jitsi 32 | - name: XMPP_MUC_DOMAIN 33 | value: muc.meet.jitsi 34 | - name: XMPP_INTERNAL_MUC_DOMAIN 35 | value: internal-muc.meet.jitsi 36 | - name: JVB_STUN_SERVERS 37 | value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 38 | - name: JVB_TCP_HARVESTER_DISABLED 39 | value: "true" 40 | - name: DOCKER_HOST_ADDRESS 41 | valueFrom: 42 | fieldRef: 43 | fieldPath: status.hostIP 44 | 45 | prosody: 46 | environment: 47 | - name: JVB_TCP_HARVESTER_DISABLED 48 | value: "true" 49 | - name: TZ 50 | value: Europe/Amsterdam 51 | - name: JVB_BREWERY_MUC 52 | value: jvbbrewery 53 | - name: XMPP_DOMAIN 54 | value: meet.jitsi 55 | - name: XMPP_AUTH_DOMAIN 56 | value: auth.meet.jitsi 57 | - name: XMPP_INTERNAL_MUC_DOMAIN 58 | value: internal-muc.meet.jitsi 59 | - name: JVB_TCP_HARVESTER_DISABLED 60 | value: "true" 61 | - name: XMPP_MUC_DOMAIN 62 | value: muc.meet.jitsi 63 | 64 | web: 65 | ingress: 66 | enabled: true 67 | annotations: 68 | kubernetes.io/ingress.class: "nginx" 69 | nginx.ingress.kubernetes.io/force-ssl-redirect: "true" 70 | cert-manager.io/cluster-issuer: "letsencrypt" 71 | hosts: 72 | - host: jitsi.meat-project.tk 73 | paths: 74 | - "/" 75 | tls: 76 | - hosts: 77 | - jitsi.meat-project.tk 78 | secretName: jitsi-web 79 | environment: 80 | - name: XMPP_DOMAIN 81 | value: meet.jitsi 82 | - name: XMPP_AUTH_DOMAIN 83 | value: auth.meet.jitsi 84 | - name: XMPP_INTERNAL_MUC_DOMAIN 85 | value: internal-muc.meet.jitsi 86 | - name: XMPP_MUC_DOMAIN 87 | value: muc.meet.jitsi 88 | - name: TZ 89 | value: America/Los_Angeles 90 | - name: JVB_TCP_HARVESTER_DISABLED 91 | value: "true" -------------------------------------------------------------------------------- /jitsi-meet/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | .vscode/ 23 | -------------------------------------------------------------------------------- /jitsi-meet/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: "1.0" 3 | description: A Helm chart for Kubernetes 4 | name: jitsi-meet 5 | version: 0.1.0 6 | -------------------------------------------------------------------------------- /jitsi-meet/configs/jicofo/sip-communicator.properties: -------------------------------------------------------------------------------- 1 | org.jitsi.jicofo.ALWAYS_TRUST_MODE_ENABLED=true 2 | org.jitsi.jicofo.BRIDGE_MUC={{ .Env.JVB_BREWERY_MUC }}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }} 3 | 4 | {{ if and .Env.JIBRI_BREWERY_MUC .Env.JIBRI_PENDING_TIMEOUT }} 5 | org.jitsi.jicofo.jibri.BREWERY={{ .Env.JIBRI_BREWERY_MUC}}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }} 6 | org.jitsi.jicofo.jibri.PENDING_TIMEOUT={{ .Env.JIBRI_PENDING_TIMEOUT }} 7 | {{ end }} 8 | 9 | {{ if and .Env.JIGASI_SIP_URI .Env.JIGASI_BREWERY_MUC }} 10 | org.jitsi.jicofo.jigasi.BREWERY={{ .Env.JIGASI_BREWERY_MUC}}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }} 11 | {{ end }} 12 | 13 | {{ if .Env.ENABLE_AUTH | default "0" | toBool }} 14 | org.jitsi.jicofo.auth.URL=XMPP:{{ .Env.XMPP_DOMAIN }} 15 | {{ end }} 16 | 17 | {{ if .Env.JICOFO_RESERVATION_REST_BASE_URL }} 18 | org.jitsi.impl.reservation.rest.BASE_URL={{ .Env.JICOFO_RESERVATION_REST_BASE_URL }} 19 | {{ end }} 20 | -------------------------------------------------------------------------------- /jitsi-meet/configs/jvb/logging.properties: -------------------------------------------------------------------------------- 1 | handlers= java.util.logging.ConsoleHandler 2 | 3 | java.util.logging.ConsoleHandler.level = ALL 4 | java.util.logging.ConsoleHandler.formatter = net.java.sip.communicator.util.ScLogFormatter 5 | 6 | net.java.sip.communicator.util.ScLogFormatter.programname=JVB 7 | 8 | .level=INFO 9 | 10 | org.jitsi.videobridge.xmpp.ComponentImpl.level=FINE 11 | 12 | # All of the INFO level logs from MediaStreamImpl are unnecessary in the context of jitsi-videobridge. 13 | org.jitsi.impl.neomedia.MediaStreamImpl.level=WARNING -------------------------------------------------------------------------------- /jitsi-meet/configs/jvb/sip-communicator.properties: -------------------------------------------------------------------------------- 1 | org.jitsi.videobridge.SINGLE_PORT_HARVESTER_PORT={{ .Env.JVB_PORT }} 2 | org.jitsi.videobridge.DISABLE_TCP_HARVESTER={{ .Env.JVB_TCP_HARVESTER_DISABLED }} 3 | org.jitsi.videobridge.TCP_HARVESTER_PORT={{ .Env.JVB_TCP_PORT }} 4 | {{ if .Env.JVB_STUN_SERVERS }} 5 | org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES={{ .Env.JVB_STUN_SERVERS }} 6 | {{ end }} 7 | {{ $JVB_TCP_PORT := .Env.JVB_TCP_PORT | default "4443" }} 8 | {{ $JVB_TCP_MAPPED_PORT := .Env.JVB_TCP_MAPPED_PORT | default $JVB_TCP_PORT }} 9 | {{ if not (eq $JVB_TCP_PORT $JVB_TCP_MAPPED_PORT) }} 10 | org.jitsi.videobridge.TCP_HARVESTER_MAPPED_PORT={{ $JVB_TCP_MAPPED_PORT }} 11 | {{ end }} 12 | 13 | org.jitsi.videobridge.xmpp.user.shard.HOSTNAME={{ .Env.XMPP_SERVER }} 14 | org.jitsi.videobridge.xmpp.user.shard.DOMAIN={{ .Env.XMPP_AUTH_DOMAIN }} 15 | org.jitsi.videobridge.xmpp.user.shard.USERNAME={{ .Env.JVB_AUTH_USER }} 16 | org.jitsi.videobridge.xmpp.user.shard.PASSWORD={{ .Env.JVB_AUTH_PASSWORD }} 17 | org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS={{ .Env.JVB_BREWERY_MUC }}@{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }} 18 | org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME={{ .Env.HOSTNAME }} 19 | org.jitsi.videobridge.xmpp.user.shard.DISABLE_CERTIFICATE_VERIFICATION=true 20 | 21 | org.jitsi.videobridge.ENABLE_STATISTICS={{ .Env.ENABLE_STATISTICS }} 22 | org.jitsi.videobridge.STATISTICS_TRANSPORT=muc 23 | org.jitsi.videobridge.STATISTICS_INTERVAL=5000 24 | -------------------------------------------------------------------------------- /jitsi-meet/configs/prosody/jitsi-meet.cfg.lua: -------------------------------------------------------------------------------- 1 | admins = { {{ .Env.JVB_ADMINS }} } 2 | plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" } 3 | http_default_host = "{{ .Env.XMPP_DOMAIN }}" 4 | 5 | {{ $ENABLE_AUTH := .Env.ENABLE_AUTH | default "0" | toBool }} 6 | {{ $AUTH_TYPE := .Env.AUTH_TYPE | default "internal" }} 7 | {{ $JWT_ASAP_KEYSERVER := .Env.JWT_ASAP_KEYSERVER | default "" }} 8 | {{ $JWT_ALLOW_EMPTY := .Env.JWT_ALLOW_EMPTY | default "0" | toBool }} 9 | {{ $JWT_AUTH_TYPE := .Env.JWT_AUTH_TYPE | default "token" }} 10 | {{ $JWT_TOKEN_AUTH_MODULE := .Env.JWT_TOKEN_AUTH_MODULE | default "token_verification" }} 11 | 12 | {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_ISSUERS }} 13 | asap_accepted_issuers = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_ISSUERS) }}" } 14 | {{ end }} 15 | {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") .Env.JWT_ACCEPTED_AUDIENCES }} 16 | asap_accepted_audiences = { "{{ join "\",\"" (splitList "," .Env.JWT_ACCEPTED_AUDIENCES) }}" } 17 | {{ end }} 18 | VirtualHost "{{ .Env.XMPP_DOMAIN }}" 19 | {{ if $ENABLE_AUTH }} 20 | {{ if eq $AUTH_TYPE "jwt" }} 21 | authentication = "{{ $JWT_AUTH_TYPE }}" 22 | app_id = "{{ .Env.JWT_APP_ID }}" 23 | app_secret = "{{ .Env.JWT_APP_SECRET }}" 24 | allow_empty_token = {{ if $JWT_ALLOW_EMPTY }}true{{ else }}false{{ end }} 25 | {{ if $JWT_ASAP_KEYSERVER }} 26 | asap_key_server = "{{ .Env.JWT_ASAP_KEYSERVER }}" 27 | {{ end }} 28 | {{ else if eq $AUTH_TYPE "ldap" }} 29 | authentication = "cyrus" 30 | cyrus_application_name = "xmpp" 31 | allow_unencrypted_plain_auth = true 32 | {{ else if eq $AUTH_TYPE "internal" }} 33 | authentication = "internal_hashed" 34 | {{ end }} 35 | {{ else }} 36 | authentication = "anonymous" 37 | {{ end }} 38 | ssl = { 39 | key = "/config/certs/{{ .Env.XMPP_DOMAIN }}.key"; 40 | certificate = "/config/certs/{{ .Env.XMPP_DOMAIN }}.crt"; 41 | } 42 | modules_enabled = { 43 | "bosh"; 44 | "pubsub"; 45 | "ping"; 46 | "speakerstats"; 47 | "conference_duration"; 48 | {{ if eq $AUTH_TYPE "jwt" }} 49 | "{{ $JWT_TOKEN_AUTH_MODULE }}"; 50 | {{ end }} 51 | {{ if .Env.XMPP_MODULES }} 52 | "{{ join "\";\n\"" (splitList "," .Env.XMPP_MODULES) }}"; 53 | {{ end }} 54 | {{ if and $ENABLE_AUTH (eq $AUTH_TYPE "ldap") }} 55 | "auth_cyrus"; 56 | {{end}} 57 | } 58 | speakerstats_component = "speakerstats.{{ .Env.XMPP_DOMAIN }}" 59 | conference_duration_component = "conferenceduration.{{ .Env.XMPP_DOMAIN }}" 60 | c2s_require_encryption = false 61 | 62 | {{ if and $ENABLE_AUTH (.Env.ENABLE_GUESTS | default "0" | toBool) }} 63 | VirtualHost "{{ .Env.XMPP_GUEST_DOMAIN }}" 64 | authentication = "anonymous" 65 | c2s_require_encryption = false 66 | {{ end }} 67 | VirtualHost "{{ .Env.XMPP_AUTH_DOMAIN }}" 68 | ssl = { 69 | key = "/config/certs/{{ .Env.XMPP_AUTH_DOMAIN }}.key"; 70 | certificate = "/config/certs/{{ .Env.XMPP_AUTH_DOMAIN }}.crt"; 71 | } 72 | authentication = "internal_hashed" 73 | {{ if .Env.XMPP_RECORDER_DOMAIN }} 74 | VirtualHost "{{ .Env.XMPP_RECORDER_DOMAIN }}" 75 | modules_enabled = { 76 | "ping"; 77 | } 78 | authentication = "internal_hashed" 79 | {{ end }} 80 | Component "{{ .Env.XMPP_INTERNAL_MUC_DOMAIN }}" "muc" 81 | modules_enabled = { 82 | "ping"; 83 | {{ if .Env.XMPP_INTERNAL_MUC_MODULES }} 84 | "{{ join "\";\n\"" (splitList "," .Env.XMPP_INTERNAL_MUC_MODULES) }}"; 85 | {{ end }} 86 | } 87 | storage = "memory" 88 | muc_room_cache_size = 1000 89 | Component "{{ .Env.XMPP_MUC_DOMAIN }}" "muc" 90 | storage = "memory" 91 | modules_enabled = { 92 | {{ if .Env.XMPP_MUC_MODULES }} 93 | "{{ join "\";\n\"" (splitList "," .Env.XMPP_MUC_MODULES) }}"; 94 | {{ end }} 95 | {{ if eq $AUTH_TYPE "jwt" }} 96 | "{{ $JWT_TOKEN_AUTH_MODULE }}"; 97 | {{ end }} 98 | } 99 | muc_room_locking = false 100 | muc_room_default_public_jids = true 101 | Component "focus.{{ .Env.XMPP_DOMAIN }}" 102 | component_secret = "{{ .Env.JICOFO_COMPONENT_SECRET }}" 103 | Component "speakerstats.{{ .Env.XMPP_DOMAIN }}" "speakerstats_component" 104 | muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}" 105 | Component "conferenceduration.{{ .Env.XMPP_DOMAIN }}" "conference_duration_component" 106 | muc_component = "{{ .Env.XMPP_MUC_DOMAIN }}" -------------------------------------------------------------------------------- /jitsi-meet/configs/prosody/prosody.cfg.lua: -------------------------------------------------------------------------------- 1 | {{ $LOG_LEVEL := .Env.LOG_LEVEL | default "info" }} 2 | 3 | -- Prosody Example Configuration File 4 | -- 5 | -- Information on configuring Prosody can be found on our 6 | -- website at http://prosody.im/doc/configure 7 | -- 8 | -- Tip: You can check that the syntax of this file is correct 9 | -- when you have finished by running: luac -p prosody.cfg.lua 10 | -- If there are any errors, it will let you know what and where 11 | -- they are, otherwise it will keep quiet. 12 | -- 13 | -- The only thing left to do is rename this file to remove the .dist ending, and fill in the 14 | -- blanks. Good luck, and happy Jabbering! 15 | 16 | 17 | ---------- Server-wide settings ---------- 18 | -- Settings in this section apply to the whole server and are the default settings 19 | -- for any virtual hosts 20 | 21 | -- This is a (by default, empty) list of accounts that are admins 22 | -- for the server. Note that you must create the accounts separately 23 | -- (see http://prosody.im/doc/creating_accounts for info) 24 | -- Example: admins = { "user1@example.com", "user2@example.net" } 25 | admins = { {{ .Env.JVB_ADMINS }} } 26 | 27 | -- Enable use of libevent for better performance under high load 28 | -- For more information see: http://prosody.im/doc/libevent 29 | --use_libevent = true; 30 | 31 | -- This is the list of modules Prosody will load on startup. 32 | -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. 33 | -- Documentation on modules can be found at: http://prosody.im/doc/modules 34 | modules_enabled = { 35 | 36 | -- Generally required 37 | "roster"; -- Allow users to have a roster. Recommended ;) 38 | "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. 39 | "tls"; -- Add support for secure TLS on c2s/s2s connections 40 | "dialback"; -- s2s dialback support 41 | "disco"; -- Service discovery 42 | 43 | -- Not essential, but recommended 44 | "private"; -- Private XML storage (for room bookmarks, etc.) 45 | "vcard"; -- Allow users to set vCards 46 | 47 | -- These are commented by default as they have a performance impact 48 | --"privacy"; -- Support privacy lists 49 | --"compression"; -- Stream compression (Debian: requires lua-zlib module to work) 50 | 51 | -- Nice to have 52 | "version"; -- Replies to server version requests 53 | "uptime"; -- Report how long server has been running 54 | "time"; -- Let others know the time here on this server 55 | "ping"; -- Replies to XMPP pings with pongs 56 | "pep"; -- Enables users to publish their mood, activity, playing music and more 57 | "register"; -- Allow users to register on this server using a client and change passwords 58 | 59 | -- Admin interfaces 60 | "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands 61 | --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 62 | 63 | -- HTTP modules 64 | --"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" 65 | --"http_files"; -- Serve static files from a directory over HTTP 66 | 67 | -- Other specific functionality 68 | "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. 69 | --"groups"; -- Shared roster support 70 | --"announce"; -- Send announcement to all online users 71 | --"welcome"; -- Welcome users who register accounts 72 | --"watchregistrations"; -- Alert admins of registrations 73 | --"motd"; -- Send a message to users when they log in 74 | --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. 75 | {{ if .Env.GLOBAL_MODULES }} 76 | "{{ join "\";\n\"" (splitList "," .Env.GLOBAL_MODULES) }}"; 77 | {{ end }} 78 | }; 79 | consider_bosh_secure = true; 80 | https_ports = { } 81 | -- These modules are auto-loaded, but should you want 82 | -- to disable them then uncomment them here: 83 | modules_disabled = { 84 | -- "offline"; -- Store offline messages 85 | -- "c2s"; -- Handle client connections 86 | -- "s2s"; -- Handle server-to-server connections 87 | }; 88 | -- Disable account creation by default, for security 89 | -- For more information see http://prosody.im/doc/creating_accounts 90 | allow_registration = false; 91 | daemonize = false; 92 | pidfile = "/config/data/prosody.pid"; 93 | -- Force clients to use encrypted connections? This option will 94 | -- prevent clients from authenticating unless they are using encryption. 95 | c2s_require_encryption = false 96 | -- Force certificate authentication for server-to-server connections? 97 | -- This provides ideal security, but requires servers you communicate 98 | -- with to support encryption AND present valid, trusted certificates. 99 | -- NOTE: Your version of LuaSec must support certificate verification! 100 | -- For more information see http://prosody.im/doc/s2s#security 101 | s2s_secure_auth = false 102 | -- Many servers don't support encryption or have invalid or self-signed 103 | -- certificates. You can list domains here that will not be required to 104 | -- authenticate using certificates. They will be authenticated using DNS. 105 | --s2s_insecure_domains = { "gmail.com" } 106 | -- Even if you leave s2s_secure_auth disabled, you can still require valid 107 | -- certificates for some domains by specifying a list here. 108 | --s2s_secure_domains = { "jabber.org" } 109 | -- Select the authentication backend to use. The 'internal' providers 110 | -- use Prosody's configured data storage to store the authentication data. 111 | -- To allow Prosody to offer secure authentication mechanisms to clients, the 112 | -- default provider stores passwords in plaintext. If you do not trust your 113 | -- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed 114 | -- for information about using the hashed backend. 115 | authentication = "internal_hashed" 116 | -- Select the storage backend to use. By default Prosody uses flat files 117 | -- in its configured data directory, but it also supports more backends 118 | -- through modules. An "sql" backend is included by default, but requires 119 | -- additional dependencies. See http://prosody.im/doc/storage for more info. 120 | --storage = "sql" -- Default is "internal" (Debian: "sql" requires one of the 121 | -- lua-dbi-sqlite3, lua-dbi-mysql or lua-dbi-postgresql packages to work) 122 | -- For the "sql" backend, you can uncomment *one* of the below to configure: 123 | --sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. 124 | --sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } 125 | --sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } 126 | -- Logging configuration 127 | -- For advanced logging see http://prosody.im/doc/logging 128 | -- 129 | -- Debian: 130 | -- Logs info and higher to /var/log 131 | -- Logs errors to syslog also 132 | log = { 133 | { levels = {min = "{{ $LOG_LEVEL }}"}, to = "console"}; 134 | } 135 | {{ if .Env.GLOBAL_CONFIG }} 136 | {{ join "\n" (splitList "\\n" .Env.GLOBAL_CONFIG) }} 137 | {{ end }} 138 | -- Enable use of native prosody 0.11 support for epoll over select 139 | network_backend = "epoll"; 140 | -- Set the TCP backlog to 511 since the kernel rounds it up to the next power of 2: 512. 141 | network_settings = { 142 | tcp_backlog = 511; 143 | } 144 | component_interface = { "*" } 145 | data_path = "/config/data" 146 | Include "conf.d/*.cfg.lua" -------------------------------------------------------------------------------- /jitsi-meet/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.web.ingress.enabled }} 3 | {{- range $host := .Values.web.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.web.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.web.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "jitsi-meet.name-web" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.web.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "jitsi-meet.name-web" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "jitsi-meet.name-web" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.web.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "jitsi-meet.name-web" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | echo "Visit http://127.0.0.1:8080 to use your application" 20 | kubectl port-forward $POD_NAME 8080:80 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /jitsi-meet/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "jitsi-meet.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | If release name contains chart name it will be used as a full name. 13 | */}} 14 | {{- define "jitsi-meet.fullname" -}} 15 | {{- if .Values.fullnameOverride -}} 16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 17 | {{- else -}} 18 | {{- $name := default .Chart.Name .Values.nameOverride -}} 19 | {{- if contains $name .Release.Name -}} 20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 21 | {{- else -}} 22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 23 | {{- end -}} 24 | {{- end -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create the web server name 29 | */}} 30 | {{- define "jitsi-meet.name-web" -}} 31 | {{- $name := default .Chart.Name .Values.nameOverride -}} 32 | {{- printf "%s-%s" $name "web" | trunc 63 -}} 33 | {{- end -}} 34 | 35 | {{/* 36 | Create the XMPP server name 37 | */}} 38 | {{- define "jitsi-meet.name-prosody" -}} 39 | {{- printf "%s-%s" .Chart.Name "prosody" | trunc 63 -}} 40 | {{- end -}} 41 | 42 | {{/* 43 | Create the jicofo cmp name 44 | */}} 45 | {{- define "jitsi-meet.name-jicofo" -}} 46 | {{- printf "%s-%s" .Chart.Name "jicofo" | trunc 63 -}} 47 | {{- end -}} 48 | 49 | {{/* 50 | Create the jicofo config name 51 | */}} 52 | {{- define "jitsi-meet.name-jicofo-config" -}} 53 | {{- printf "%s-%s" .Chart.Name "jicofo-config" | trunc 63 -}} 54 | {{- end -}} 55 | 56 | {{/* 57 | Create the jvb server name 58 | */}} 59 | {{- define "jitsi-meet.name-jvb" -}} 60 | {{- printf "%s-%s" .Chart.Name "jvb" | trunc 63 -}} 61 | {{- end -}} 62 | 63 | {{/* 64 | Create the jvb config name 65 | */}} 66 | {{- define "jitsi-meet.name-jvb-config" -}} 67 | {{- printf "%s-%s" .Chart.Name "jvb-config" | trunc 63 -}} 68 | {{- end -}} 69 | 70 | {{/* 71 | Create the sidecar name for jwt auth 72 | */}} 73 | {{- define "jitsi-meet.name-jwt-sidecar" -}} 74 | {{- printf "%s-%s" .Chart.Name "jwt" | trunc 63 -}} 75 | {{- end -}} 76 | 77 | {{/* 78 | Create chart name and version as used by the chart label. 79 | */}} 80 | {{- define "jitsi-meet.chart" -}} 81 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 82 | {{- end -}} 83 | 84 | {{/* 85 | Common labels 86 | */}} 87 | {{- define "jitsi-meet.labels" -}} 88 | app.kubernetes.io/name: {{ include "jitsi-meet.name" . }} 89 | helm.sh/chart: {{ include "jitsi-meet.chart" . }} 90 | app.kubernetes.io/instance: {{ .Release.Name }} 91 | {{- if .Chart.AppVersion }} 92 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 93 | {{- end }} 94 | app.kubernetes.io/managed-by: {{ .Release.Service }} 95 | {{- end -}} 96 | 97 | {{/* 98 | Create the name of the service account to use 99 | */}} 100 | {{- define "jitsi-meet.serviceAccountName" -}} 101 | {{- if .Values.serviceAccount.create -}} 102 | {{ default (include "jitsi-meet.fullname" .) .Values.serviceAccount.name }} 103 | {{- else -}} 104 | {{ default "default" .Values.serviceAccount.name }} 105 | {{- end -}} 106 | {{- end -}} 107 | 108 | {{/* 109 | Create the link URL namespace/service:port for UDP route tables 110 | */}} 111 | {{- define "jitsi-meet.udp-route-table-entry" -}} 112 | {{- if .Values.jvb.service.udpPort -}} 113 | {{ printf "%d:%s/%s-jvb:%d" .Values.jvb.udpPort .Release.Namespace .Release.Name .Values.jvb.udpPort }} 114 | {{- end }} 115 | {{- if .Values.jvb.service.tcpPort -}} 116 | {{ printf "%d:%s/%s-jvb:%d" .Values.jvb.tcpPort .Release.Namespace .Release.Name .Values.jvb.tcpPort }} 117 | {{- end }} 118 | {{- end -}} 119 | 120 | {{/* 121 | Create the link URL namespace/service:port for TCP route tables 122 | */}} 123 | {{- define "jitsi-meet.tcp-route-table-entry" -}} 124 | {{- if .Values.jvb.service.tcpPort -}} 125 | {{ printf "%d:%s/%s-jvb:%d" .Values.jvb.tcpPort .Release.Namespace .Release.Name .Values.jvb.tcpPort }} 126 | {{- end }} 127 | {{- end -}} -------------------------------------------------------------------------------- /jitsi-meet/templates/hpa-web.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.web.hpa.enabled }} 2 | apiVersion: autoscaling/v2beta1 3 | kind: HorizontalPodAutoscaler 4 | metadata: 5 | name: {{ include "jitsi-meet.name-web" . }} 6 | labels: 7 | {{ include "jitsi-meet.labels" . | indent 4 }} 8 | spec: 9 | scaleTargetRef: 10 | apiVersion: apps/v1beta1 11 | kind: Deployment 12 | name: {{ include "jitsi-meet.name-web" . }} 13 | maxReplicas: {{ .Values.web.hpa.maxReplicas }} 14 | minReplicas: {{ .Values.web.hpa.minReplicas }} 15 | metrics: 16 | {{- range .Values.web.hpa.metrics }} 17 | - type: {{ .type }} 18 | resource: 19 | {{- toYaml .resource | nindent 8 }} 20 | {{- end }} 21 | {{- end }} -------------------------------------------------------------------------------- /jitsi-meet/templates/ingress-web.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.web.ingress.enabled -}} 2 | {{- $fullName := include "jitsi-meet.name-web" . -}} 3 | {{- $svcPort := .Values.web.service.port -}} 4 | {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1beta1 6 | {{- else -}} 7 | apiVersion: extensions/v1beta1 8 | {{- end }} 9 | kind: Ingress 10 | metadata: 11 | name: {{ $fullName }} 12 | labels: 13 | {{ include "jitsi-meet.labels" . | indent 4 }} 14 | {{- with .Values.web.ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | {{- if .Values.web.ingress.tls }} 20 | tls: 21 | {{- range .Values.web.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.web.ingress.hosts }} 31 | - host: {{ .host | quote }} 32 | http: 33 | paths: 34 | {{- if .oauth }} 35 | - path: /oauth2 36 | backend: 37 | serviceName: "{{ $fullName }}-jwt" 38 | servicePort: 4180 39 | {{- end }} 40 | {{- range .paths }} 41 | - path: {{ . | quote }} 42 | backend: 43 | serviceName: {{ $fullName }} 44 | servicePort: {{ $svcPort }} 45 | {{- end }} 46 | {{- end }} 47 | {{- end }} 48 | -------------------------------------------------------------------------------- /jitsi-meet/templates/jicofo-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ include "jitsi-meet.name-jicofo-config" . }} 5 | labels: 6 | {{ include "jitsi-meet.labels" . | indent 4 }} 7 | data: 8 | {{- if .Values.jicofo.userAuth.enabled }} 9 | JICOFO_AUTH_PASSWORD: {{ .Values.jicofo.userAuth.secret | quote }} 10 | {{- end }} 11 | JICOFO_COMPONENT_SECRET: {{ .Values.jicofo.componentSecret | quote }} -------------------------------------------------------------------------------- /jitsi-meet/templates/jicofo-sip-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "jitsi-meet.name-jicofo-config" . }}-cm 5 | labels: 6 | {{ include "jitsi-meet.labels" . | indent 4 }} 7 | data: 8 | sip-communicator.properties: |- 9 | {{- .Files.Get "configs/jicofo/sip-communicator.properties" | nindent 4 }} 10 | -------------------------------------------------------------------------------- /jitsi-meet/templates/jvb-config.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.jvb.userAuth.enabled -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ include "jitsi-meet.name-jvb-config" . }} 6 | labels: 7 | {{ include "jitsi-meet.labels" . | indent 4 }} 8 | data: 9 | JVB_AUTH_PASSWORD: {{ .Values.jvb.userAuth.secret | quote }} 10 | {{- end -}} 11 | -------------------------------------------------------------------------------- /jitsi-meet/templates/jvb-deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- $root := . -}} 2 | {{- $name := include "jitsi-meet.name-jvb" $root -}} 3 | {{- range $index, $nbr := until (.Values.prosody.replicaCount | int) }} 4 | --- 5 | {{- $depName := printf "%s-%d" $name $nbr -}} 6 | apiVersion: apps/v1beta2 7 | kind: Deployment 8 | metadata: 9 | name: {{ $depName | quote }} 10 | labels: 11 | {{ include "jitsi-meet.labels" $root | indent 4 }} 12 | spec: 13 | replicas: {{ $root.Values.jvb.replicaCount }} 14 | selector: 15 | matchLabels: 16 | app.kubernetes.io/name: {{ $depName | quote }} 17 | app.kubernetes.io/instance: {{ $root.Release.Name }} 18 | template: 19 | metadata: 20 | labels: 21 | app.kubernetes.io/name: {{ $depName | quote }} 22 | app.kubernetes.io/instance: {{ $root.Release.Name }} 23 | spec: 24 | {{- with $root.Values.imagePullSecrets }} 25 | imagePullSecrets: 26 | {{- toYaml . | nindent 8 }} 27 | {{- end }} 28 | serviceAccountName: {{ include "jitsi-meet.serviceAccountName" $root }} 29 | securityContext: 30 | {{- toYaml $root.Values.jvb.securityContext | nindent 8 }} 31 | containers: 32 | - name: {{ $name | quote }} 33 | image: {{ printf "%s:%s" $root.Values.jvb.image.repository $root.Values.jvb.image.tag | quote }} 34 | imagePullPolicy: {{ $root.Values.jvb.image.pullPolicy | quote }} 35 | securityContext: 36 | capabilities: 37 | add: 38 | - SYS_RESOURCE 39 | - NET_ADMIN 40 | {{- with $root.Values.jvb.podSecurityContext }} 41 | {{- toYaml . | nindent 12 }} 42 | {{- end }} 43 | env: 44 | - name: XMPP_SERVER 45 | value: {{ include "jitsi-meet.name-prosody" $root }} 46 | - name: PROSODY_INSTANCE 47 | value: {{ printf "%d" $nbr | quote }} 48 | {{- if $root.Values.jicofo.userAuth.enabled }} 49 | - name: JICOFO_AUTH_USER 50 | value: {{ $root.Values.jicofo.userAuth.name }} 51 | - name: JICOFO_AUTH_PASSWORD 52 | valueFrom: 53 | secretKeyRef: 54 | name: {{ template "jitsi-meet.name-jicofo-config" $root }} 55 | key: JICOFO_AUTH_PASSWORD 56 | {{- end }} 57 | {{- if $root.Values.jvb.userAuth.enabled }} 58 | - name: JVB_AUTH_USER 59 | value: {{ $root.Values.jvb.userAuth.name }} 60 | - name: JVB_AUTH_PASSWORD 61 | valueFrom: 62 | secretKeyRef: 63 | name: {{ template "jitsi-meet.name-jvb-config" $root }} 64 | key: JVB_AUTH_PASSWORD 65 | {{- end }} 66 | {{- if $root.Values.jicofo.componentSecret }} 67 | - name: JICOFO_COMPONENT_SECRET 68 | valueFrom: 69 | secretKeyRef: 70 | name: {{ include "jitsi-meet.name-jicofo-config" $root }} 71 | key: JICOFO_COMPONENT_SECRET 72 | {{- end }} 73 | - name: JVB_PORT 74 | value: {{ printf "%s%s" "3030" (toString $nbr) | quote }} 75 | {{- with $root.Values.jvb.environment }} 76 | {{- toYaml . | nindent 12 }} 77 | {{- end }} 78 | {{- with $root.Values.common.environment }} 79 | {{- toYaml . | nindent 12 }} 80 | {{- end }} 81 | ports: 82 | - name: video 83 | containerPort: {{ printf "%s%s" "3030" (toString $nbr) | int }} 84 | protocol: UDP 85 | volumeMounts: 86 | - name: dockersock 87 | mountPath: "/var/run/docker.sock" 88 | - name: config 89 | mountPath: "/defaults" 90 | resources: 91 | {{- toYaml $root.Values.jvb.resources | nindent 12 }} 92 | volumes: 93 | - name: dockersock 94 | hostPath: 95 | path: /var/run/docker.sock 96 | - name: config 97 | configMap: 98 | name: {{ template "jitsi-meet.name-jvb-config" $root }}-cm 99 | {{- with $root.Values.jvb.nodeSelector }} 100 | nodeSelector: 101 | {{- toYaml . | nindent 8 }} 102 | {{- end }} 103 | {{- with $root.Values.jvb.affinity }} 104 | affinity: 105 | {{- toYaml . | nindent 8 }} 106 | {{- end }} 107 | {{- with $root.Values.jvb.tolerations }} 108 | tolerations: 109 | {{- toYaml . | nindent 8 }} 110 | {{- end }} 111 | {{- end }} -------------------------------------------------------------------------------- /jitsi-meet/templates/jvb-service.yaml: -------------------------------------------------------------------------------- 1 | {{- $root := . }} 2 | {{- $name := include "jitsi-meet.name-jvb" $root }} 3 | {{- range $index, $nbr := until (.Values.prosody.replicaCount | int) }} 4 | {{- $port := printf "%s%s" "3030" (toString $nbr) }} 5 | {{- $target := printf "%s-%d" $name $nbr}} 6 | apiVersion: v1 7 | kind: Service 8 | metadata: 9 | name: {{ $target | quote }} 10 | labels: 11 | {{ include "jitsi-meet.labels" $root | indent 4 }} 12 | {{- with $root.Values.jvb.service.annotations }} 13 | annotations: 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | spec: 17 | type: NodePort 18 | externalTrafficPolicy: Local 19 | sessionAffinity: {{ $root.Values.jvb.service.sessionAffinity }} 20 | {{- if $root.Values.jvb.service.sessionAffinityConfig }} 21 | {{- toYaml $root.Values.jvb.service.sessionAffinityConfig }} 22 | {{- end }} 23 | ports: 24 | - port: {{ atoi $port }} 25 | protocol: UDP 26 | targetPort: video 27 | nodePort: {{ atoi $port }} 28 | selector: 29 | app.kubernetes.io/name: {{ $target | quote }} 30 | app.kubernetes.io/instance: {{ $root.Release.Name }} 31 | {{- end }} -------------------------------------------------------------------------------- /jitsi-meet/templates/jvb-sip-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "jitsi-meet.name-jvb-config" . }}-cm 5 | labels: 6 | {{ include "jitsi-meet.labels" . | indent 4 }} 7 | data: 8 | sip-communicator.properties: |- 9 | {{- .Files.Get "configs/jvb/sip-communicator.properties" | nindent 4 }} 10 | logging.properties: |- 11 | {{- .Files.Get "configs/jvb/logging.properties" | nindent 4 }} -------------------------------------------------------------------------------- /jitsi-meet/templates/prosody-cfg-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "jitsi-meet.name-prosody" . }}-config-cm 5 | labels: 6 | {{ include "jitsi-meet.labels" . | indent 4 }} 7 | data: 8 | prosody.cfg.lua: |- 9 | {{- .Files.Get "configs/prosody/prosody.cfg.lua" | b64enc | nindent 4 }} 10 | jitsi-meet.cfg.lua: |- 11 | {{- .Files.Get "configs/prosody/jitsi-meet.cfg.lua" | b64enc | nindent 4 }} -------------------------------------------------------------------------------- /jitsi-meet/templates/prosody-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "jitsi-meet.name-prosody" . }} 5 | labels: 6 | {{ include "jitsi-meet.labels" . | indent 4 }} 7 | spec: 8 | type: {{ .Values.prosody.service.type }} 9 | ports: 10 | - port: 5222 11 | targetPort: c2s1 12 | protocol: TCP 13 | name: c2s1 14 | - port: 5269 15 | targetPort: c2s2 16 | protocol: TCP 17 | name: c2s2 18 | - port: 5280 19 | targetPort: web 20 | protocol: TCP 21 | name: web 22 | - port: 5347 23 | targetPort: xmpp 24 | protocol: TCP 25 | name: xmpp 26 | sessionAffinity: ClientIP 27 | selector: 28 | app.kubernetes.io/name: {{ include "jitsi-meet.name-prosody" . }} 29 | app.kubernetes.io/instance: {{ .Release.Name }} 30 | -------------------------------------------------------------------------------- /jitsi-meet/templates/prosody-statefulset.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: {{ include "jitsi-meet.name-prosody" . }} 5 | labels: 6 | {{ include "jitsi-meet.labels" . | indent 4 }} 7 | spec: 8 | serviceName: {{ include "jitsi-meet.name-prosody" . }} 9 | replicas: {{ .Values.prosody.replicaCount }} 10 | selector: 11 | matchLabels: 12 | app.kubernetes.io/name: {{ include "jitsi-meet.name-prosody" . }} 13 | app.kubernetes.io/instance: {{ .Release.Name }} 14 | template: 15 | metadata: 16 | labels: 17 | app.kubernetes.io/name: {{ include "jitsi-meet.name-prosody" . }} 18 | app.kubernetes.io/instance: {{ .Release.Name }} 19 | spec: 20 | {{- with .Values.imagePullSecrets }} 21 | imagePullSecrets: 22 | {{- toYaml . | nindent 8 }} 23 | {{- end }} 24 | serviceAccountName: {{ template "jitsi-meet.serviceAccountName" . }} 25 | securityContext: 26 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 27 | containers: 28 | - name: {{ include "jitsi-meet.name-prosody" . }} 29 | securityContext: 30 | {{- toYaml .Values.securityContext | nindent 12 }} 31 | image: "{{ .Values.prosody.image.repository }}:{{ .Values.prosody.image.tag }}" 32 | imagePullPolicy: {{ .Values.prosody.image.pullPolicy }} 33 | env: 34 | {{ if .Values.jicofo.userAuth.enabled }} 35 | - name: JICOFO_AUTH_USER 36 | value: "{{ .Values.jicofo.userAuth.name }}" 37 | - name: JICOFO_AUTH_PASSWORD 38 | valueFrom: 39 | secretKeyRef: 40 | name: {{ include "jitsi-meet.name-jicofo-config" . }} 41 | key: JICOFO_AUTH_PASSWORD 42 | {{ end }} 43 | {{ if .Values.jicofo.componentSecret }} 44 | - name: JICOFO_COMPONENT_SECRET 45 | valueFrom: 46 | secretKeyRef: 47 | name: {{ include "jitsi-meet.name-jicofo-config" . }} 48 | key: JICOFO_COMPONENT_SECRET 49 | {{ end }} 50 | {{- if .Values.jvb.userAuth.enabled }} 51 | - name: JVB_AUTH_USER 52 | value: {{ .Values.jvb.userAuth.name }} 53 | - name: JVB_AUTH_PASSWORD 54 | valueFrom: 55 | secretKeyRef: 56 | name: {{ template "jitsi-meet.name-jvb-config" . }} 57 | key: JVB_AUTH_PASSWORD 58 | {{- end }} 59 | {{- if .Values.prosody.auth.enabled }} 60 | - name: ENABLE_AUTH 61 | value: "1" 62 | - name: ENABLE_GUESTS 63 | value: {{ .Values.prosody.auth.guest | quote }} 64 | - name: AUTH_TYPE 65 | value: {{ .Values.prosody.auth.type | quote }} 66 | {{- end }} 67 | {{- range .Values.prosody.environment }} 68 | - name: {{ .name | quote }} 69 | value: {{ .value | quote }} 70 | {{- end }} 71 | {{- range .Values.common.environment }} 72 | - name: {{ .name | quote }} 73 | value: {{ .value | quote }} 74 | {{- end }} 75 | ports: 76 | - containerPort: 5222 77 | protocol: TCP 78 | name: c2s1 79 | - containerPort: 5269 80 | protocol: TCP 81 | name: c2s2 82 | - containerPort: 5280 83 | protocol: TCP 84 | name: web 85 | - containerPort: 5347 86 | protocol: TCP 87 | name: xmpp 88 | # lifecycle: 89 | # postStart: 90 | # exec: 91 | # command: 92 | # - /bin/bash 93 | # - -c 94 | # - cat /var/app/prosody.cfg.lua | base64 -d > /defaults/prosody.cfg.lua 95 | # - cat /var/app/jitsi-meet.cfg.lua | base64 -d > /defaults/conf.d/jitsi-meet.cfg.lua 96 | # # {{ if .Values.prosody.auth.enabled }} 97 | # # - prosodyctl --config /config/prosody.cfg.lua register me $XMPP_DOMAIN $JVB_AUTH_PASSWORD; 98 | # # {{ end }} 99 | resources: 100 | {{- toYaml .Values.prosody.resources | nindent 12 }} 101 | volumeMounts: 102 | - name: config-prosody 103 | mountPath: "/var/app" 104 | - name: {{ include "jitsi-meet.name-jicofo" . }} 105 | image: "{{ .Values.jicofo.image.repository }}:{{ .Values.jicofo.image.tag }}" 106 | imagePullPolicy: {{ .Values.jicofo.image.pullPolicy }} 107 | securityContext: 108 | {{- toYaml .Values.securityContext | nindent 12 }} 109 | ports: 110 | - name: http 111 | containerPort: 80 112 | protocol: TCP 113 | env: 114 | {{ if .Values.jicofo.userAuth.enabled }} 115 | - name: JICOFO_AUTH_USER 116 | value: {{ .Values.jicofo.userAuth.name }} 117 | - name: JICOFO_AUTH_PASSWORD 118 | valueFrom: 119 | secretKeyRef: 120 | name: {{ include "jitsi-meet.name-jicofo-config" . }} 121 | key: JICOFO_AUTH_PASSWORD 122 | {{ end }} 123 | {{ if .Values.jicofo.componentSecret }} 124 | - name: JICOFO_COMPONENT_SECRET 125 | valueFrom: 126 | secretKeyRef: 127 | name: {{ include "jitsi-meet.name-jicofo-config" . }} 128 | key: JICOFO_COMPONENT_SECRET 129 | {{ end }} 130 | - name: XMPP_SERVER 131 | value: "localhost" 132 | {{- if .Values.prosody.auth.enabled }} 133 | - name: ENABLE_AUTH 134 | value: "1" 135 | {{- end }} 136 | {{- range .Values.jicofo.environment }} 137 | - name: {{ .name | quote }} 138 | value: {{ .value | quote }} 139 | {{- end }} 140 | {{- range .Values.common.environment }} 141 | - name: {{ .name | quote }} 142 | value: {{ .value | quote }} 143 | {{- end }} 144 | resources: 145 | {{- toYaml .Values.jicofo.resources | nindent 12 }} 146 | # lifecycle: 147 | # postStart: 148 | # exec: 149 | # command: 150 | # - /bin/bash 151 | # - -c 152 | # - cp /var/app/sip-communicator.properties /defaults/sip-communicator.properties 153 | volumeMounts: 154 | - name: config-jicofo 155 | mountPath: "/var/app" 156 | {{ if .Values.prosody.recorder }} 157 | - name: {{ include "jitsi-meet.name-jibri" . }} 158 | image: "{{ .Values.jibri.image.repository }}:{{ .Values.jibri.image.tag }}" 159 | imagePullPolicy: {{ .Values.jibri.image.pullPolicy }} 160 | securityContext: 161 | # required to record sound 162 | privileged: true 163 | capabilities: 164 | add: 165 | - SYS_RESOURCE 166 | - NET_BIND_SERVICE 167 | {{- with .Values.jibri.podSecurityContext }} 168 | {{- toYaml . | nindent 12 }} 169 | {{- end }} 170 | env: 171 | - name: XMPP_SERVER 172 | value: localhost 173 | {{- range .Values.jibri.environment }} 174 | - name: {{ .name | quote }} 175 | value: {{ .value | quote }} 176 | {{- end }} 177 | {{- range .Values.common.environment }} 178 | - name: {{ .name | quote }} 179 | value: {{ .value | quote }} 180 | {{- end }} 181 | volumeMounts: 182 | - mountPath: /dev/shm 183 | name: shm 184 | - mountPath: /dev/snd 185 | name: dev-snd 186 | {{ end }} 187 | volumes: 188 | - name: config-jicofo 189 | configMap: 190 | name: {{ template "jitsi-meet.name-jicofo-config" . }}-cm 191 | - name: config-prosody 192 | configMap: 193 | name: {{ template "jitsi-meet.name-prosody" . }}-config-cm 194 | {{ if .Values.prosody.recorder }} 195 | - name: shm 196 | hostPath: 197 | path: /dev/shm 198 | - name: dev-snd 199 | hostPath: 200 | path: /dev/snd 201 | {{ end }} 202 | {{- with .Values.prosody.nodeSelector }} 203 | nodeSelector: 204 | {{- toYaml . | nindent 8 }} 205 | {{- end }} 206 | {{- with .Values.prosody.affinity }} 207 | affinity: 208 | {{- toYaml . | nindent 8 }} 209 | {{- end }} 210 | {{- with .Values.prosody.tolerations }} 211 | tolerations: 212 | {{- toYaml . | nindent 8 }} 213 | {{- end }} 214 | -------------------------------------------------------------------------------- /jitsi-meet/templates/service-web-jwt.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "jitsi-meet.name-web" . }}-jwt 5 | labels: 6 | {{ include "jitsi-meet.labels" . | indent 4 }} 7 | spec: 8 | type: {{ .Values.web.service.type }} 9 | ports: 10 | - port: 4180 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | app.kubernetes.io/name: {{ include "jitsi-meet.name-web" . }}-jwt 16 | app.kubernetes.io/instance: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /jitsi-meet/templates/service-web.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "jitsi-meet.name-web" . }} 5 | labels: 6 | {{ include "jitsi-meet.labels" . | indent 4 }} 7 | spec: 8 | type: {{ .Values.web.service.type }} 9 | ports: 10 | - port: {{ .Values.web.service.port }} 11 | targetPort: http 12 | protocol: TCP 13 | name: http 14 | selector: 15 | app.kubernetes.io/name: {{ include "jitsi-meet.name-web" . }} 16 | app.kubernetes.io/instance: {{ .Release.Name }} 17 | -------------------------------------------------------------------------------- /jitsi-meet/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "jitsi-meet.serviceAccountName" . }} 6 | labels: 7 | {{ include "jitsi-meet.labels" . | indent 4 }} 8 | {{- end -}} 9 | -------------------------------------------------------------------------------- /jitsi-meet/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "jitsi-meet.fullname" . }}-test-connection" 5 | labels: 6 | {{ include "jitsi-meet.labels" . | indent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "jitsi-meet.name-web" . }}:{{ .Values.web.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /jitsi-meet/templates/web-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "jitsi-meet.name-web" . }} 5 | labels: 6 | {{ include "jitsi-meet.labels" . | indent 4 }} 7 | spec: 8 | replicas: {{ .Values.web.replicaCount }} 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: {{ include "jitsi-meet.name-web" . }} 12 | app.kubernetes.io/instance: {{ .Release.Name }} 13 | template: 14 | metadata: 15 | labels: 16 | app.kubernetes.io/name: {{ include "jitsi-meet.name-web" . }} 17 | app.kubernetes.io/instance: {{ .Release.Name }} 18 | spec: 19 | {{- with .Values.imagePullSecrets }} 20 | imagePullSecrets: 21 | {{- toYaml . | nindent 8 }} 22 | {{- end }} 23 | serviceAccountName: {{ template "jitsi-meet.serviceAccountName" . }} 24 | securityContext: 25 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 26 | containers: 27 | - name: {{ include "jitsi-meet.name-web" . }} 28 | securityContext: 29 | {{- toYaml .Values.securityContext | nindent 12 }} 30 | image: "{{ .Values.web.image.repository }}:{{ .Values.web.image.tag }}" 31 | imagePullPolicy: {{ .Values.web.image.pullPolicy }} 32 | env: 33 | - name: XMPP_SERVER 34 | value: {{ include "jitsi-meet.name-prosody" . }} 35 | {{- if .Values.jicofo.userAuth.enabled }} 36 | - name: JICOFO_AUTH_USER 37 | value: {{ .Values.jicofo.userAuth.name }} 38 | - name: JICOFO_AUTH_PASSWORD 39 | valueFrom: 40 | secretKeyRef: 41 | name: {{ include "jitsi-meet.name-jicofo-config" . }} 42 | key: JICOFO_AUTH_PASSWORD 43 | {{- end }} 44 | {{- if .Values.jvb.userAuth.enabled }} 45 | - name: JVB_AUTH_USER 46 | value: {{ .Values.jvb.userAuth.name }} 47 | - name: JVB_AUTH_PASSWORD 48 | valueFrom: 49 | secretKeyRef: 50 | name: {{ template "jitsi-meet.name-jvb-config" . }} 51 | key: JVB_AUTH_PASSWORD 52 | {{- end }} 53 | {{- if .Values.prosody.auth.enabled }} 54 | - name: ENABLE_AUTH 55 | value: "1" 56 | - name: ENABLE_GUESTS 57 | value: {{ .Values.prosody.auth.guest | quote }} 58 | {{- end }} 59 | - name: XMPP_BOSH_URL_BASE 60 | value: "http://{{ include "jitsi-meet.name-prosody" . }}:5280" 61 | {{- range .Values.web.environment }} 62 | - name: {{ .name | quote }} 63 | value: {{ .value | quote }} 64 | {{- end }} 65 | {{- range .Values.common.environment }} 66 | - name: {{ .name | quote }} 67 | value: {{ .value | quote }} 68 | {{- end }} 69 | ports: 70 | - name: http 71 | containerPort: 80 72 | protocol: TCP 73 | livenessProbe: 74 | httpGet: 75 | path: / 76 | port: http 77 | readinessProbe: 78 | httpGet: 79 | path: / 80 | port: http 81 | resources: 82 | {{- toYaml .Values.web.resources | nindent 12 }} 83 | {{- with .Values.web.nodeSelector }} 84 | nodeSelector: 85 | {{- toYaml . | nindent 8 }} 86 | {{- end }} 87 | {{- with .Values.web.affinity }} 88 | affinity: 89 | {{- toYaml . | nindent 8 }} 90 | {{- end }} 91 | {{- with .Values.web.tolerations }} 92 | tolerations: 93 | {{- toYaml . | nindent 8 }} 94 | {{- end }} 95 | -------------------------------------------------------------------------------- /jitsi-meet/templates/web-jwt-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "jitsi-meet.name-web" . }}-jwt 5 | labels: 6 | {{ include "jitsi-meet.labels" . | indent 4 }} 7 | spec: 8 | replicas: {{ .Values.web.replicaCount }} 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: {{ include "jitsi-meet.name-web" . }}-jwt 12 | app.kubernetes.io/instance: {{ .Release.Name }} 13 | template: 14 | metadata: 15 | labels: 16 | app.kubernetes.io/name: {{ include "jitsi-meet.name-web" . }}-jwt 17 | app.kubernetes.io/instance: {{ .Release.Name }} 18 | spec: 19 | {{- with .Values.imagePullSecrets }} 20 | imagePullSecrets: 21 | {{- toYaml . | nindent 8 }} 22 | {{- end }} 23 | serviceAccountName: {{ template "jitsi-meet.serviceAccountName" . }} 24 | securityContext: 25 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 26 | containers: 27 | - name: {{ include "jitsi-meet.name-jwt-sidecar" . }} 28 | image: quay.io/oauth2-proxy/oauth2-proxy:latest 29 | imagePullPolicy: IfNotPresent 30 | args: 31 | - --http-address=0.0.0.0:4180 32 | {{- range $key, $value := .Values.web.jwtsidecar.extraArgs }} 33 | {{- if $value }} 34 | - --{{ $key }}={{ $value }} 35 | {{- else }} 36 | - --{{ $key }} 37 | {{- end }} 38 | {{- end }} 39 | ports: 40 | - name: http 41 | containerPort: 4180 42 | protocol: TCP 43 | resources: 44 | {{- toYaml .Values.web.jwtsidecar.resources | nindent 12 }} 45 | {{- with .Values.web.nodeSelector }} 46 | nodeSelector: 47 | {{- toYaml . | nindent 8 }} 48 | {{- end }} 49 | {{- with .Values.web.affinity }} 50 | affinity: 51 | {{- toYaml . | nindent 8 }} 52 | {{- end }} 53 | {{- with .Values.web.tolerations }} 54 | tolerations: 55 | {{- toYaml . | nindent 8 }} 56 | {{- end }} 57 | -------------------------------------------------------------------------------- /jitsi-meet/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for jitsi-meet. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | image: 6 | pullSecrets: [] 7 | 8 | webHost: jitsi.meet.local 9 | 10 | web: 11 | image: 12 | repository: jitsi/web 13 | tag: latest 14 | pullPolicy: Always 15 | environment: 16 | - name: ENABLE_LETSENCRYPT 17 | value: false 18 | replicaCount: 1 19 | jwtsidecar: 20 | extraArgs: {} 21 | resources: {} 22 | hpa: 23 | enabled: false 24 | minReplicas: 1 25 | maxReplicas: 3 26 | metrics: 27 | targetCPUUtilizationPercentage: 70 28 | targetMemoryUtilizationPercentage: 70 29 | service: 30 | annotations: [] 31 | type: ClusterIP 32 | port: 80 33 | ingress: 34 | enabled: false 35 | annotations: [] 36 | hosts: 37 | - host: jitsi.meet.local 38 | oauth: false 39 | paths: [] 40 | tls: [] 41 | resources: {} 42 | nodeSelector: {} 43 | tolerations: [] 44 | affinity: {} 45 | 46 | jibri: 47 | image: 48 | repository: jitsi/jibri 49 | tag: latest 50 | pullPolicy: Always 51 | environment: [] 52 | resources: {} 53 | 54 | prosody: 55 | auth: 56 | enabled: true 57 | guest: 0 58 | type: internal 59 | image: 60 | repository: jitsi/prosody 61 | tag: latest 62 | pullPolicy: Always 63 | environment: [] 64 | replicaCount: 1 65 | service: 66 | annotations: [] 67 | type: ClusterIP 68 | portC2S1: 5222 69 | portC2S2: 5322 70 | sessionAffinityConfig: 71 | clientIPConfig: 72 | timeoutSeconds: 10800 # 3 hours 73 | hpa: 74 | enabled: false 75 | minReplicas: 1 76 | maxReplicas: 3 77 | metrics: 78 | - type: Resource 79 | resource: 80 | name: memory 81 | targetAverageUtilization: 70 82 | - type: Resource 83 | resource: 84 | name: cpu 85 | targetAverageUtilization: 70 86 | resources: {} 87 | nodeSelector: {} 88 | tolerations: [] 89 | affinity: {} 90 | recorder: false 91 | 92 | jicofo: # jicofo is used as a sidecar container for every prosody instance 93 | image: 94 | repository: jitsi/jicofo 95 | tag: latest 96 | pullPolicy: Always 97 | environment: [] 98 | componentSecret: "" 99 | userAuth: 100 | enabled: false 101 | name: "focus" 102 | secret: "" 103 | resources: {} 104 | 105 | jvb: 106 | image: 107 | repository: jitsi/jvb 108 | tag: latest 109 | pullPolicy: Always 110 | environment: [] 111 | replicaCount: 1 112 | securityContext: 113 | fsGroup: 412 114 | podSecurityContext: 115 | capabilities: 116 | add: 117 | - SYS_RESOURCE 118 | - NET_ADMIN 119 | service: 120 | annotations: [] 121 | type: NodePort 122 | externalTrafficPolicy: Cluster 123 | sessionAffinity: None 124 | ingress: 125 | enabled: false 126 | resources: {} 127 | nodeSelector: {} 128 | tolerations: [] 129 | affinity: {} 130 | userAuth: 131 | enabled: false 132 | name: "jvb" 133 | secret: "" 134 | 135 | ingressControllerNamespace: "" 136 | 137 | serviceAccount: 138 | # Specifies whether a service account should be created 139 | create: true 140 | # The name of the service account to use. 141 | # If not set and create is true, a name is generated using the fullname template 142 | name: 143 | 144 | podSecurityContext: {} 145 | # fsGroup: 2000 146 | 147 | securityContext: {} 148 | # capabilities: 149 | # drop: 150 | # - ALL 151 | # readOnlyRootFilesystem: true 152 | # runAsNonRoot: true 153 | # runAsUser: 1000 154 | 155 | --------------------------------------------------------------------------------