diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Jitsi/deployment.yaml b/Jitsi/deployment.yaml new file mode 100644 index 0000000..731a136 --- /dev/null +++ b/Jitsi/deployment.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitsi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-5870 + imagePullPolicy: IfNotPresent + #volumeMounts: + # - name: base-patch + # mountPath: /usr/share/jitsi-meet/base.html + # subPath: base.html + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-5870 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: jvb-patch + mountPath: /etc/jitsi/videobridge/sip-communicator.properties + subPath: sip-communicator.properties + env: + - name: NAT_HARVESTER_LOCAL_ADDRESS + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles + volumes: + - name: jvb-patch + configMap: + name: jvb-config + serviceAccountName: jitsi diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Jitsi/deployment.yaml b/Jitsi/deployment.yaml new file mode 100644 index 0000000..731a136 --- /dev/null +++ b/Jitsi/deployment.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitsi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-5870 + imagePullPolicy: IfNotPresent + #volumeMounts: + # - name: base-patch + # mountPath: /usr/share/jitsi-meet/base.html + # subPath: base.html + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-5870 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: jvb-patch + mountPath: /etc/jitsi/videobridge/sip-communicator.properties + subPath: sip-communicator.properties + env: + - name: NAT_HARVESTER_LOCAL_ADDRESS + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles + volumes: + - name: jvb-patch + configMap: + name: jvb-config + serviceAccountName: jitsi diff --git a/Jitsi/ingress.yaml b/Jitsi/ingress.yaml new file mode 100644 index 0000000..32fe10d --- /dev/null +++ b/Jitsi/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeale-ingress-type: "minion" + name: jitsi + labels: + app: jitsi +spec: + rules: + - host: meet.jerxie.com + http: + paths: + - backend: + service: + name: web + port: + number: 80 + path: / + pathType: Prefix + diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Jitsi/deployment.yaml b/Jitsi/deployment.yaml new file mode 100644 index 0000000..731a136 --- /dev/null +++ b/Jitsi/deployment.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitsi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-5870 + imagePullPolicy: IfNotPresent + #volumeMounts: + # - name: base-patch + # mountPath: /usr/share/jitsi-meet/base.html + # subPath: base.html + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-5870 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: jvb-patch + mountPath: /etc/jitsi/videobridge/sip-communicator.properties + subPath: sip-communicator.properties + env: + - name: NAT_HARVESTER_LOCAL_ADDRESS + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles + volumes: + - name: jvb-patch + configMap: + name: jvb-config + serviceAccountName: jitsi diff --git a/Jitsi/ingress.yaml b/Jitsi/ingress.yaml new file mode 100644 index 0000000..32fe10d --- /dev/null +++ b/Jitsi/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeale-ingress-type: "minion" + name: jitsi + labels: + app: jitsi +spec: + rules: + - host: meet.jerxie.com + http: + paths: + - backend: + service: + name: web + port: + number: 80 + path: / + pathType: Prefix + diff --git a/Jitsi/jvb-service.yaml b/Jitsi/jvb-service.yaml new file mode 100644 index 0000000..2c8a7b5 --- /dev/null +++ b/Jitsi/jvb-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: jvb + name: jvb-udp +spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - port: 30300 + protocol: UDP + targetPort: 30300 + nodePort: 30300 + selector: + k8s-app: jitsi diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Jitsi/deployment.yaml b/Jitsi/deployment.yaml new file mode 100644 index 0000000..731a136 --- /dev/null +++ b/Jitsi/deployment.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitsi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-5870 + imagePullPolicy: IfNotPresent + #volumeMounts: + # - name: base-patch + # mountPath: /usr/share/jitsi-meet/base.html + # subPath: base.html + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-5870 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: jvb-patch + mountPath: /etc/jitsi/videobridge/sip-communicator.properties + subPath: sip-communicator.properties + env: + - name: NAT_HARVESTER_LOCAL_ADDRESS + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles + volumes: + - name: jvb-patch + configMap: + name: jvb-config + serviceAccountName: jitsi diff --git a/Jitsi/ingress.yaml b/Jitsi/ingress.yaml new file mode 100644 index 0000000..32fe10d --- /dev/null +++ b/Jitsi/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeale-ingress-type: "minion" + name: jitsi + labels: + app: jitsi +spec: + rules: + - host: meet.jerxie.com + http: + paths: + - backend: + service: + name: web + port: + number: 80 + path: / + pathType: Prefix + diff --git a/Jitsi/jvb-service.yaml b/Jitsi/jvb-service.yaml new file mode 100644 index 0000000..2c8a7b5 --- /dev/null +++ b/Jitsi/jvb-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: jvb + name: jvb-udp +spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - port: 30300 + protocol: UDP + targetPort: 30300 + nodePort: 30300 + selector: + k8s-app: jitsi diff --git a/Jitsi/kustomization.yaml b/Jitsi/kustomization.yaml new file mode 100644 index 0000000..0a2f59a --- /dev/null +++ b/Jitsi/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: jitsi +resources: +- namespace.yaml +- secret.yaml +- configmap.yaml +- jvb-service.yaml +- rbac.yaml +- deployment.yaml +- web-service.yaml +- ingress.yaml diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Jitsi/deployment.yaml b/Jitsi/deployment.yaml new file mode 100644 index 0000000..731a136 --- /dev/null +++ b/Jitsi/deployment.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitsi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-5870 + imagePullPolicy: IfNotPresent + #volumeMounts: + # - name: base-patch + # mountPath: /usr/share/jitsi-meet/base.html + # subPath: base.html + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-5870 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: jvb-patch + mountPath: /etc/jitsi/videobridge/sip-communicator.properties + subPath: sip-communicator.properties + env: + - name: NAT_HARVESTER_LOCAL_ADDRESS + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles + volumes: + - name: jvb-patch + configMap: + name: jvb-config + serviceAccountName: jitsi diff --git a/Jitsi/ingress.yaml b/Jitsi/ingress.yaml new file mode 100644 index 0000000..32fe10d --- /dev/null +++ b/Jitsi/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeale-ingress-type: "minion" + name: jitsi + labels: + app: jitsi +spec: + rules: + - host: meet.jerxie.com + http: + paths: + - backend: + service: + name: web + port: + number: 80 + path: / + pathType: Prefix + diff --git a/Jitsi/jvb-service.yaml b/Jitsi/jvb-service.yaml new file mode 100644 index 0000000..2c8a7b5 --- /dev/null +++ b/Jitsi/jvb-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: jvb + name: jvb-udp +spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - port: 30300 + protocol: UDP + targetPort: 30300 + nodePort: 30300 + selector: + k8s-app: jitsi diff --git a/Jitsi/kustomization.yaml b/Jitsi/kustomization.yaml new file mode 100644 index 0000000..0a2f59a --- /dev/null +++ b/Jitsi/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: jitsi +resources: +- namespace.yaml +- secret.yaml +- configmap.yaml +- jvb-service.yaml +- rbac.yaml +- deployment.yaml +- web-service.yaml +- ingress.yaml diff --git a/Jitsi/namespace.yaml b/Jitsi/namespace.yaml new file mode 100644 index 0000000..bcb3964 --- /dev/null +++ b/Jitsi/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jitsi diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Jitsi/deployment.yaml b/Jitsi/deployment.yaml new file mode 100644 index 0000000..731a136 --- /dev/null +++ b/Jitsi/deployment.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitsi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-5870 + imagePullPolicy: IfNotPresent + #volumeMounts: + # - name: base-patch + # mountPath: /usr/share/jitsi-meet/base.html + # subPath: base.html + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-5870 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: jvb-patch + mountPath: /etc/jitsi/videobridge/sip-communicator.properties + subPath: sip-communicator.properties + env: + - name: NAT_HARVESTER_LOCAL_ADDRESS + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles + volumes: + - name: jvb-patch + configMap: + name: jvb-config + serviceAccountName: jitsi diff --git a/Jitsi/ingress.yaml b/Jitsi/ingress.yaml new file mode 100644 index 0000000..32fe10d --- /dev/null +++ b/Jitsi/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeale-ingress-type: "minion" + name: jitsi + labels: + app: jitsi +spec: + rules: + - host: meet.jerxie.com + http: + paths: + - backend: + service: + name: web + port: + number: 80 + path: / + pathType: Prefix + diff --git a/Jitsi/jvb-service.yaml b/Jitsi/jvb-service.yaml new file mode 100644 index 0000000..2c8a7b5 --- /dev/null +++ b/Jitsi/jvb-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: jvb + name: jvb-udp +spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - port: 30300 + protocol: UDP + targetPort: 30300 + nodePort: 30300 + selector: + k8s-app: jitsi diff --git a/Jitsi/kustomization.yaml b/Jitsi/kustomization.yaml new file mode 100644 index 0000000..0a2f59a --- /dev/null +++ b/Jitsi/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: jitsi +resources: +- namespace.yaml +- secret.yaml +- configmap.yaml +- jvb-service.yaml +- rbac.yaml +- deployment.yaml +- web-service.yaml +- ingress.yaml diff --git a/Jitsi/namespace.yaml b/Jitsi/namespace.yaml new file mode 100644 index 0000000..bcb3964 --- /dev/null +++ b/Jitsi/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jitsi diff --git a/Jitsi/rbac.yaml b/Jitsi/rbac.yaml new file mode 100644 index 0000000..92bb7e3 --- /dev/null +++ b/Jitsi/rbac.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: jitsi-privileged +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostIPC: false + hostNetwork: true + hostPID: true + hostPorts: + - max: 65535 + min: 0 + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - projected + - secret +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: jitsi-privileged +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - jitsi-privileged + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: jitsi-privileged +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jitsi-privileged +subjects: +- kind: ServiceAccount + name: jitsi diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Jitsi/deployment.yaml b/Jitsi/deployment.yaml new file mode 100644 index 0000000..731a136 --- /dev/null +++ b/Jitsi/deployment.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitsi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-5870 + imagePullPolicy: IfNotPresent + #volumeMounts: + # - name: base-patch + # mountPath: /usr/share/jitsi-meet/base.html + # subPath: base.html + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-5870 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: jvb-patch + mountPath: /etc/jitsi/videobridge/sip-communicator.properties + subPath: sip-communicator.properties + env: + - name: NAT_HARVESTER_LOCAL_ADDRESS + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles + volumes: + - name: jvb-patch + configMap: + name: jvb-config + serviceAccountName: jitsi diff --git a/Jitsi/ingress.yaml b/Jitsi/ingress.yaml new file mode 100644 index 0000000..32fe10d --- /dev/null +++ b/Jitsi/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeale-ingress-type: "minion" + name: jitsi + labels: + app: jitsi +spec: + rules: + - host: meet.jerxie.com + http: + paths: + - backend: + service: + name: web + port: + number: 80 + path: / + pathType: Prefix + diff --git a/Jitsi/jvb-service.yaml b/Jitsi/jvb-service.yaml new file mode 100644 index 0000000..2c8a7b5 --- /dev/null +++ b/Jitsi/jvb-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: jvb + name: jvb-udp +spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - port: 30300 + protocol: UDP + targetPort: 30300 + nodePort: 30300 + selector: + k8s-app: jitsi diff --git a/Jitsi/kustomization.yaml b/Jitsi/kustomization.yaml new file mode 100644 index 0000000..0a2f59a --- /dev/null +++ b/Jitsi/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: jitsi +resources: +- namespace.yaml +- secret.yaml +- configmap.yaml +- jvb-service.yaml +- rbac.yaml +- deployment.yaml +- web-service.yaml +- ingress.yaml diff --git a/Jitsi/namespace.yaml b/Jitsi/namespace.yaml new file mode 100644 index 0000000..bcb3964 --- /dev/null +++ b/Jitsi/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jitsi diff --git a/Jitsi/rbac.yaml b/Jitsi/rbac.yaml new file mode 100644 index 0000000..92bb7e3 --- /dev/null +++ b/Jitsi/rbac.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: jitsi-privileged +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostIPC: false + hostNetwork: true + hostPID: true + hostPorts: + - max: 65535 + min: 0 + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - projected + - secret +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: jitsi-privileged +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - jitsi-privileged + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: jitsi-privileged +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jitsi-privileged +subjects: +- kind: ServiceAccount + name: jitsi diff --git a/Jitsi/secret.yaml b/Jitsi/secret.yaml new file mode 100644 index 0000000..3a313d2 --- /dev/null +++ b/Jitsi/secret.yaml @@ -0,0 +1,9 @@ +kind: Secret +apiVersion: v1 +metadata: + name: jitsi-config +type: Opaque +data: + JICOFO_AUTH_PASSWORD: "aml0c2lhZG1pbg==" + JICOFO_COMPONENT_SECRET: "aml0c2lhZG1pbg==" + JVB_AUTH_PASSWORD: "aml0c2lhZG1pbg==" diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Jitsi/deployment.yaml b/Jitsi/deployment.yaml new file mode 100644 index 0000000..731a136 --- /dev/null +++ b/Jitsi/deployment.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitsi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-5870 + imagePullPolicy: IfNotPresent + #volumeMounts: + # - name: base-patch + # mountPath: /usr/share/jitsi-meet/base.html + # subPath: base.html + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-5870 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: jvb-patch + mountPath: /etc/jitsi/videobridge/sip-communicator.properties + subPath: sip-communicator.properties + env: + - name: NAT_HARVESTER_LOCAL_ADDRESS + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles + volumes: + - name: jvb-patch + configMap: + name: jvb-config + serviceAccountName: jitsi diff --git a/Jitsi/ingress.yaml b/Jitsi/ingress.yaml new file mode 100644 index 0000000..32fe10d --- /dev/null +++ b/Jitsi/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeale-ingress-type: "minion" + name: jitsi + labels: + app: jitsi +spec: + rules: + - host: meet.jerxie.com + http: + paths: + - backend: + service: + name: web + port: + number: 80 + path: / + pathType: Prefix + diff --git a/Jitsi/jvb-service.yaml b/Jitsi/jvb-service.yaml new file mode 100644 index 0000000..2c8a7b5 --- /dev/null +++ b/Jitsi/jvb-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: jvb + name: jvb-udp +spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - port: 30300 + protocol: UDP + targetPort: 30300 + nodePort: 30300 + selector: + k8s-app: jitsi diff --git a/Jitsi/kustomization.yaml b/Jitsi/kustomization.yaml new file mode 100644 index 0000000..0a2f59a --- /dev/null +++ b/Jitsi/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: jitsi +resources: +- namespace.yaml +- secret.yaml +- configmap.yaml +- jvb-service.yaml +- rbac.yaml +- deployment.yaml +- web-service.yaml +- ingress.yaml diff --git a/Jitsi/namespace.yaml b/Jitsi/namespace.yaml new file mode 100644 index 0000000..bcb3964 --- /dev/null +++ b/Jitsi/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jitsi diff --git a/Jitsi/rbac.yaml b/Jitsi/rbac.yaml new file mode 100644 index 0000000..92bb7e3 --- /dev/null +++ b/Jitsi/rbac.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: jitsi-privileged +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostIPC: false + hostNetwork: true + hostPID: true + hostPorts: + - max: 65535 + min: 0 + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - projected + - secret +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: jitsi-privileged +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - jitsi-privileged + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: jitsi-privileged +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jitsi-privileged +subjects: +- kind: ServiceAccount + name: jitsi diff --git a/Jitsi/secret.yaml b/Jitsi/secret.yaml new file mode 100644 index 0000000..3a313d2 --- /dev/null +++ b/Jitsi/secret.yaml @@ -0,0 +1,9 @@ +kind: Secret +apiVersion: v1 +metadata: + name: jitsi-config +type: Opaque +data: + JICOFO_AUTH_PASSWORD: "aml0c2lhZG1pbg==" + JICOFO_COMPONENT_SECRET: "aml0c2lhZG1pbg==" + JVB_AUTH_PASSWORD: "aml0c2lhZG1pbg==" diff --git a/Jitsi/web-service.yaml b/Jitsi/web-service.yaml new file mode 100644 index 0000000..2146357 --- /dev/null +++ b/Jitsi/web-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: web + name: web +spec: + ports: + - name: "http" + port: 80 + targetPort: 80 + - name: "https" + port: 443 + targetPort: 443 + selector: + k8s-app: jitsi diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Jitsi/deployment.yaml b/Jitsi/deployment.yaml new file mode 100644 index 0000000..731a136 --- /dev/null +++ b/Jitsi/deployment.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitsi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-5870 + imagePullPolicy: IfNotPresent + #volumeMounts: + # - name: base-patch + # mountPath: /usr/share/jitsi-meet/base.html + # subPath: base.html + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-5870 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: jvb-patch + mountPath: /etc/jitsi/videobridge/sip-communicator.properties + subPath: sip-communicator.properties + env: + - name: NAT_HARVESTER_LOCAL_ADDRESS + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles + volumes: + - name: jvb-patch + configMap: + name: jvb-config + serviceAccountName: jitsi diff --git a/Jitsi/ingress.yaml b/Jitsi/ingress.yaml new file mode 100644 index 0000000..32fe10d --- /dev/null +++ b/Jitsi/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeale-ingress-type: "minion" + name: jitsi + labels: + app: jitsi +spec: + rules: + - host: meet.jerxie.com + http: + paths: + - backend: + service: + name: web + port: + number: 80 + path: / + pathType: Prefix + diff --git a/Jitsi/jvb-service.yaml b/Jitsi/jvb-service.yaml new file mode 100644 index 0000000..2c8a7b5 --- /dev/null +++ b/Jitsi/jvb-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: jvb + name: jvb-udp +spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - port: 30300 + protocol: UDP + targetPort: 30300 + nodePort: 30300 + selector: + k8s-app: jitsi diff --git a/Jitsi/kustomization.yaml b/Jitsi/kustomization.yaml new file mode 100644 index 0000000..0a2f59a --- /dev/null +++ b/Jitsi/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: jitsi +resources: +- namespace.yaml +- secret.yaml +- configmap.yaml +- jvb-service.yaml +- rbac.yaml +- deployment.yaml +- web-service.yaml +- ingress.yaml diff --git a/Jitsi/namespace.yaml b/Jitsi/namespace.yaml new file mode 100644 index 0000000..bcb3964 --- /dev/null +++ b/Jitsi/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jitsi diff --git a/Jitsi/rbac.yaml b/Jitsi/rbac.yaml new file mode 100644 index 0000000..92bb7e3 --- /dev/null +++ b/Jitsi/rbac.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: jitsi-privileged +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostIPC: false + hostNetwork: true + hostPID: true + hostPorts: + - max: 65535 + min: 0 + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - projected + - secret +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: jitsi-privileged +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - jitsi-privileged + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: jitsi-privileged +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jitsi-privileged +subjects: +- kind: ServiceAccount + name: jitsi diff --git a/Jitsi/secret.yaml b/Jitsi/secret.yaml new file mode 100644 index 0000000..3a313d2 --- /dev/null +++ b/Jitsi/secret.yaml @@ -0,0 +1,9 @@ +kind: Secret +apiVersion: v1 +metadata: + name: jitsi-config +type: Opaque +data: + JICOFO_AUTH_PASSWORD: "aml0c2lhZG1pbg==" + JICOFO_COMPONENT_SECRET: "aml0c2lhZG1pbg==" + JVB_AUTH_PASSWORD: "aml0c2lhZG1pbg==" diff --git a/Jitsi/web-service.yaml b/Jitsi/web-service.yaml new file mode 100644 index 0000000..2146357 --- /dev/null +++ b/Jitsi/web-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: web + name: web +spec: + ports: + - name: "http" + port: 80 + targetPort: 80 + - name: "https" + port: 443 + targetPort: 443 + selector: + k8s-app: jitsi diff --git a/Prometheus/.ingress.yaml.swp b/Prometheus/.ingress.yaml.swp deleted file mode 100644 index 6a2f7f8..0000000 --- a/Prometheus/.ingress.yaml.swp +++ /dev/null Binary files differ diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Jitsi/deployment.yaml b/Jitsi/deployment.yaml new file mode 100644 index 0000000..731a136 --- /dev/null +++ b/Jitsi/deployment.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitsi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-5870 + imagePullPolicy: IfNotPresent + #volumeMounts: + # - name: base-patch + # mountPath: /usr/share/jitsi-meet/base.html + # subPath: base.html + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-5870 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: jvb-patch + mountPath: /etc/jitsi/videobridge/sip-communicator.properties + subPath: sip-communicator.properties + env: + - name: NAT_HARVESTER_LOCAL_ADDRESS + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles + volumes: + - name: jvb-patch + configMap: + name: jvb-config + serviceAccountName: jitsi diff --git a/Jitsi/ingress.yaml b/Jitsi/ingress.yaml new file mode 100644 index 0000000..32fe10d --- /dev/null +++ b/Jitsi/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeale-ingress-type: "minion" + name: jitsi + labels: + app: jitsi +spec: + rules: + - host: meet.jerxie.com + http: + paths: + - backend: + service: + name: web + port: + number: 80 + path: / + pathType: Prefix + diff --git a/Jitsi/jvb-service.yaml b/Jitsi/jvb-service.yaml new file mode 100644 index 0000000..2c8a7b5 --- /dev/null +++ b/Jitsi/jvb-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: jvb + name: jvb-udp +spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - port: 30300 + protocol: UDP + targetPort: 30300 + nodePort: 30300 + selector: + k8s-app: jitsi diff --git a/Jitsi/kustomization.yaml b/Jitsi/kustomization.yaml new file mode 100644 index 0000000..0a2f59a --- /dev/null +++ b/Jitsi/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: jitsi +resources: +- namespace.yaml +- secret.yaml +- configmap.yaml +- jvb-service.yaml +- rbac.yaml +- deployment.yaml +- web-service.yaml +- ingress.yaml diff --git a/Jitsi/namespace.yaml b/Jitsi/namespace.yaml new file mode 100644 index 0000000..bcb3964 --- /dev/null +++ b/Jitsi/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jitsi diff --git a/Jitsi/rbac.yaml b/Jitsi/rbac.yaml new file mode 100644 index 0000000..92bb7e3 --- /dev/null +++ b/Jitsi/rbac.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: jitsi-privileged +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostIPC: false + hostNetwork: true + hostPID: true + hostPorts: + - max: 65535 + min: 0 + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - projected + - secret +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: jitsi-privileged +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - jitsi-privileged + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: jitsi-privileged +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jitsi-privileged +subjects: +- kind: ServiceAccount + name: jitsi diff --git a/Jitsi/secret.yaml b/Jitsi/secret.yaml new file mode 100644 index 0000000..3a313d2 --- /dev/null +++ b/Jitsi/secret.yaml @@ -0,0 +1,9 @@ +kind: Secret +apiVersion: v1 +metadata: + name: jitsi-config +type: Opaque +data: + JICOFO_AUTH_PASSWORD: "aml0c2lhZG1pbg==" + JICOFO_COMPONENT_SECRET: "aml0c2lhZG1pbg==" + JVB_AUTH_PASSWORD: "aml0c2lhZG1pbg==" diff --git a/Jitsi/web-service.yaml b/Jitsi/web-service.yaml new file mode 100644 index 0000000..2146357 --- /dev/null +++ b/Jitsi/web-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: web + name: web +spec: + ports: + - name: "http" + port: 80 + targetPort: 80 + - name: "https" + port: 443 + targetPort: 443 + selector: + k8s-app: jitsi diff --git a/Prometheus/.ingress.yaml.swp b/Prometheus/.ingress.yaml.swp deleted file mode 100644 index 6a2f7f8..0000000 --- a/Prometheus/.ingress.yaml.swp +++ /dev/null Binary files differ diff --git a/Prometheus/ingress.yaml b/Prometheus/ingress.yaml index e1f9bca..ba308a6 100644 --- a/Prometheus/ingress.yaml +++ b/Prometheus/ingress.yaml @@ -10,14 +10,11 @@ app: prometheus spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - - backend: - service: - name: prometheus-service - port: - number: 9090 - path: /kubernetes/prometheus(/|$)(.*) - pathType: Exact - + - path: /prometheus + pathType: Prefix + backend: + serviceName: prometheus-service + servicePort:9090 diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Jitsi/deployment.yaml b/Jitsi/deployment.yaml new file mode 100644 index 0000000..731a136 --- /dev/null +++ b/Jitsi/deployment.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitsi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-5870 + imagePullPolicy: IfNotPresent + #volumeMounts: + # - name: base-patch + # mountPath: /usr/share/jitsi-meet/base.html + # subPath: base.html + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-5870 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: jvb-patch + mountPath: /etc/jitsi/videobridge/sip-communicator.properties + subPath: sip-communicator.properties + env: + - name: NAT_HARVESTER_LOCAL_ADDRESS + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles + volumes: + - name: jvb-patch + configMap: + name: jvb-config + serviceAccountName: jitsi diff --git a/Jitsi/ingress.yaml b/Jitsi/ingress.yaml new file mode 100644 index 0000000..32fe10d --- /dev/null +++ b/Jitsi/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeale-ingress-type: "minion" + name: jitsi + labels: + app: jitsi +spec: + rules: + - host: meet.jerxie.com + http: + paths: + - backend: + service: + name: web + port: + number: 80 + path: / + pathType: Prefix + diff --git a/Jitsi/jvb-service.yaml b/Jitsi/jvb-service.yaml new file mode 100644 index 0000000..2c8a7b5 --- /dev/null +++ b/Jitsi/jvb-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: jvb + name: jvb-udp +spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - port: 30300 + protocol: UDP + targetPort: 30300 + nodePort: 30300 + selector: + k8s-app: jitsi diff --git a/Jitsi/kustomization.yaml b/Jitsi/kustomization.yaml new file mode 100644 index 0000000..0a2f59a --- /dev/null +++ b/Jitsi/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: jitsi +resources: +- namespace.yaml +- secret.yaml +- configmap.yaml +- jvb-service.yaml +- rbac.yaml +- deployment.yaml +- web-service.yaml +- ingress.yaml diff --git a/Jitsi/namespace.yaml b/Jitsi/namespace.yaml new file mode 100644 index 0000000..bcb3964 --- /dev/null +++ b/Jitsi/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jitsi diff --git a/Jitsi/rbac.yaml b/Jitsi/rbac.yaml new file mode 100644 index 0000000..92bb7e3 --- /dev/null +++ b/Jitsi/rbac.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: jitsi-privileged +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostIPC: false + hostNetwork: true + hostPID: true + hostPorts: + - max: 65535 + min: 0 + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - projected + - secret +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: jitsi-privileged +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - jitsi-privileged + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: jitsi-privileged +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jitsi-privileged +subjects: +- kind: ServiceAccount + name: jitsi diff --git a/Jitsi/secret.yaml b/Jitsi/secret.yaml new file mode 100644 index 0000000..3a313d2 --- /dev/null +++ b/Jitsi/secret.yaml @@ -0,0 +1,9 @@ +kind: Secret +apiVersion: v1 +metadata: + name: jitsi-config +type: Opaque +data: + JICOFO_AUTH_PASSWORD: "aml0c2lhZG1pbg==" + JICOFO_COMPONENT_SECRET: "aml0c2lhZG1pbg==" + JVB_AUTH_PASSWORD: "aml0c2lhZG1pbg==" diff --git a/Jitsi/web-service.yaml b/Jitsi/web-service.yaml new file mode 100644 index 0000000..2146357 --- /dev/null +++ b/Jitsi/web-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: web + name: web +spec: + ports: + - name: "http" + port: 80 + targetPort: 80 + - name: "https" + port: 443 + targetPort: 443 + selector: + k8s-app: jitsi diff --git a/Prometheus/.ingress.yaml.swp b/Prometheus/.ingress.yaml.swp deleted file mode 100644 index 6a2f7f8..0000000 --- a/Prometheus/.ingress.yaml.swp +++ /dev/null Binary files differ diff --git a/Prometheus/ingress.yaml b/Prometheus/ingress.yaml index e1f9bca..ba308a6 100644 --- a/Prometheus/ingress.yaml +++ b/Prometheus/ingress.yaml @@ -10,14 +10,11 @@ app: prometheus spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - - backend: - service: - name: prometheus-service - port: - number: 9090 - path: /kubernetes/prometheus(/|$)(.*) - pathType: Exact - + - path: /prometheus + pathType: Prefix + backend: + serviceName: prometheus-service + servicePort:9090 diff --git a/Selenium/selenium-hub-deployment.yaml b/Selenium/selenium-hub-deployment.yaml index 2b0fcf8..6832ded 100644 --- a/Selenium/selenium-hub-deployment.yaml +++ b/Selenium/selenium-hub-deployment.yaml @@ -21,8 +21,8 @@ - containerPort: 4444 resources: limits: - memory: 200Mi - cpu: ".3" + memory: 100Mi + cpu: ".4" livenessProbe: httpGet: path: /wd/hub/status diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Jitsi/deployment.yaml b/Jitsi/deployment.yaml new file mode 100644 index 0000000..731a136 --- /dev/null +++ b/Jitsi/deployment.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitsi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-5870 + imagePullPolicy: IfNotPresent + #volumeMounts: + # - name: base-patch + # mountPath: /usr/share/jitsi-meet/base.html + # subPath: base.html + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-5870 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: jvb-patch + mountPath: /etc/jitsi/videobridge/sip-communicator.properties + subPath: sip-communicator.properties + env: + - name: NAT_HARVESTER_LOCAL_ADDRESS + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles + volumes: + - name: jvb-patch + configMap: + name: jvb-config + serviceAccountName: jitsi diff --git a/Jitsi/ingress.yaml b/Jitsi/ingress.yaml new file mode 100644 index 0000000..32fe10d --- /dev/null +++ b/Jitsi/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeale-ingress-type: "minion" + name: jitsi + labels: + app: jitsi +spec: + rules: + - host: meet.jerxie.com + http: + paths: + - backend: + service: + name: web + port: + number: 80 + path: / + pathType: Prefix + diff --git a/Jitsi/jvb-service.yaml b/Jitsi/jvb-service.yaml new file mode 100644 index 0000000..2c8a7b5 --- /dev/null +++ b/Jitsi/jvb-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: jvb + name: jvb-udp +spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - port: 30300 + protocol: UDP + targetPort: 30300 + nodePort: 30300 + selector: + k8s-app: jitsi diff --git a/Jitsi/kustomization.yaml b/Jitsi/kustomization.yaml new file mode 100644 index 0000000..0a2f59a --- /dev/null +++ b/Jitsi/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: jitsi +resources: +- namespace.yaml +- secret.yaml +- configmap.yaml +- jvb-service.yaml +- rbac.yaml +- deployment.yaml +- web-service.yaml +- ingress.yaml diff --git a/Jitsi/namespace.yaml b/Jitsi/namespace.yaml new file mode 100644 index 0000000..bcb3964 --- /dev/null +++ b/Jitsi/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jitsi diff --git a/Jitsi/rbac.yaml b/Jitsi/rbac.yaml new file mode 100644 index 0000000..92bb7e3 --- /dev/null +++ b/Jitsi/rbac.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: jitsi-privileged +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostIPC: false + hostNetwork: true + hostPID: true + hostPorts: + - max: 65535 + min: 0 + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - projected + - secret +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: jitsi-privileged +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - jitsi-privileged + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: jitsi-privileged +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jitsi-privileged +subjects: +- kind: ServiceAccount + name: jitsi diff --git a/Jitsi/secret.yaml b/Jitsi/secret.yaml new file mode 100644 index 0000000..3a313d2 --- /dev/null +++ b/Jitsi/secret.yaml @@ -0,0 +1,9 @@ +kind: Secret +apiVersion: v1 +metadata: + name: jitsi-config +type: Opaque +data: + JICOFO_AUTH_PASSWORD: "aml0c2lhZG1pbg==" + JICOFO_COMPONENT_SECRET: "aml0c2lhZG1pbg==" + JVB_AUTH_PASSWORD: "aml0c2lhZG1pbg==" diff --git a/Jitsi/web-service.yaml b/Jitsi/web-service.yaml new file mode 100644 index 0000000..2146357 --- /dev/null +++ b/Jitsi/web-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: web + name: web +spec: + ports: + - name: "http" + port: 80 + targetPort: 80 + - name: "https" + port: 443 + targetPort: 443 + selector: + k8s-app: jitsi diff --git a/Prometheus/.ingress.yaml.swp b/Prometheus/.ingress.yaml.swp deleted file mode 100644 index 6a2f7f8..0000000 --- a/Prometheus/.ingress.yaml.swp +++ /dev/null Binary files differ diff --git a/Prometheus/ingress.yaml b/Prometheus/ingress.yaml index e1f9bca..ba308a6 100644 --- a/Prometheus/ingress.yaml +++ b/Prometheus/ingress.yaml @@ -10,14 +10,11 @@ app: prometheus spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - - backend: - service: - name: prometheus-service - port: - number: 9090 - path: /kubernetes/prometheus(/|$)(.*) - pathType: Exact - + - path: /prometheus + pathType: Prefix + backend: + serviceName: prometheus-service + servicePort:9090 diff --git a/Selenium/selenium-hub-deployment.yaml b/Selenium/selenium-hub-deployment.yaml index 2b0fcf8..6832ded 100644 --- a/Selenium/selenium-hub-deployment.yaml +++ b/Selenium/selenium-hub-deployment.yaml @@ -21,8 +21,8 @@ - containerPort: 4444 resources: limits: - memory: 200Mi - cpu: ".3" + memory: 100Mi + cpu: ".4" livenessProbe: httpGet: path: /wd/hub/status diff --git a/Selenium/selenium-hub-service.yaml b/Selenium/selenium-hub-service.yaml index c2ff064..a0c6fe8 100644 --- a/Selenium/selenium-hub-service.yaml +++ b/Selenium/selenium-hub-service.yaml @@ -9,6 +9,7 @@ - port: 4444 targetPort: 4444 name: hub-port + nodePort: 30040 selector: app: selenium-hub - type: ClusterIP + type: NodePort diff --git a/Grafana/ingress.yaml b/Grafana/ingress.yaml index 4b039b8..9233430 100644 --- a/Grafana/ingress.yaml +++ b/Grafana/ingress.yaml @@ -10,13 +10,13 @@ app: grafana spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - backend: service: name: grafana-service - port: + port: number: 3000 - path: /kubernetes/grafana(/|$)(.*) - pathType: Exact + path: /grafana + pathType: Prefix diff --git a/Jitsi/configmap.yaml b/Jitsi/configmap.yaml new file mode 100644 index 0000000..844c1cc --- /dev/null +++ b/Jitsi/configmap.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jvb-config +data: + sip-communicator.properties: | + org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=home.jerxie.com + org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=home.jerxie.com + org.ice4j.ice.harvest.DISABLE_AWS_HARVESTER=true + org.ice4j.ice.harvest.STUN_MAPPING_HARVESTER_ADDRESSES=meet-jit-si-turnrelay.jitsi.net:443 + org.jitsi.videobridge.ENABLE_STATISTICS=true + org.jitsi.videobridge.STATISTICS_TRANSPORT=muc + org.jitsi.videobridge.xmpp.user.shard.HOSTNAME=localhost + org.jitsi.videobridge.xmpp.user.shard.DOMAIN=auth.localhost + org.jitsi.videobridge.xmpp.user.shard.USERNAME=jvb + org.jitsi.videobridge.xmpp.user.shard.PASSWORD=109ndhgh + org.jitsi.videobridge.xmpp.user.shard.MUC_JIDS=JvbBrewery@internal.auth.localhost + org.jitsi.videobridge.xmpp.user.shard.MUC_NICKNAME=e35c27c4-db13-4673-acbf-63848217b83f diff --git a/Jitsi/deployment.yaml b/Jitsi/deployment.yaml new file mode 100644 index 0000000..731a136 --- /dev/null +++ b/Jitsi/deployment.yaml @@ -0,0 +1,168 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jitsi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + k8s-app: jitsi + name: jitsi +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + k8s-app: jitsi + template: + metadata: + labels: + k8s-app: jitsi + spec: + containers: + - name: jicofo + image: jitsi/jicofo:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: XMPP_SERVER + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: prosody + image: jitsi/prosody:stable-5870 + imagePullPolicy: IfNotPresent + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JICOFO_COMPONENT_SECRET + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_COMPONENT_SECRET + - name: JVB_AUTH_USER + value: jvb + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_USER + value: focus + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: web + image: jitsi/web:stable-5870 + imagePullPolicy: IfNotPresent + #volumeMounts: + # - name: base-patch + # mountPath: /usr/share/jitsi-meet/base.html + # subPath: base.html + env: + - name: PUBLIC_URL + value: "https://meet.jerxie.com" + - name: XMPP_SERVER + value: localhost + - name: JICOFO_AUTH_USER + value: focus + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: XMPP_BOSH_URL_BASE + value: http://127.0.0.1:5280 + - name: XMPP_MUC_DOMAIN + value: muc.meet.jitsi + - name: TZ + value: America/Los_Angeles + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: jvb + image: jitsi/jvb:stable-5870 + imagePullPolicy: IfNotPresent + volumeMounts: + - name: jvb-patch + mountPath: /etc/jitsi/videobridge/sip-communicator.properties + subPath: sip-communicator.properties + env: + - name: NAT_HARVESTER_LOCAL_ADDRESS + - name: XMPP_SERVER + value: localhost + - name: DOCKER_HOST_ADDRESS + value: localhost + - name: XMPP_DOMAIN + value: meet.jitsi + - name: XMPP_AUTH_DOMAIN + value: auth.meet.jitsi + - name: XMPP_INTERNAL_MUC_DOMAIN + value: internal-muc.meet.jitsi + - name: JVB_STUN_SERVERS + value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302 + - name: JICOFO_AUTH_USER + value: focus + - name: JVB_TCP_HARVESTER_DISABLED + value: "true" + - name: JVB_AUTH_USER + value: jvb + - name: JVB_PORT + value: "30300" + - name: JVB_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JVB_AUTH_PASSWORD + - name: JICOFO_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: jitsi-config + key: JICOFO_AUTH_PASSWORD + - name: JVB_BREWERY_MUC + value: jvbbrewery + - name: TZ + value: America/Los_Angeles + volumes: + - name: jvb-patch + configMap: + name: jvb-config + serviceAccountName: jitsi diff --git a/Jitsi/ingress.yaml b/Jitsi/ingress.yaml new file mode 100644 index 0000000..32fe10d --- /dev/null +++ b/Jitsi/ingress.yaml @@ -0,0 +1,22 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.org/mergeale-ingress-type: "minion" + name: jitsi + labels: + app: jitsi +spec: + rules: + - host: meet.jerxie.com + http: + paths: + - backend: + service: + name: web + port: + number: 80 + path: / + pathType: Prefix + diff --git a/Jitsi/jvb-service.yaml b/Jitsi/jvb-service.yaml new file mode 100644 index 0000000..2c8a7b5 --- /dev/null +++ b/Jitsi/jvb-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: jvb + name: jvb-udp +spec: + type: NodePort + externalTrafficPolicy: Cluster + ports: + - port: 30300 + protocol: UDP + targetPort: 30300 + nodePort: 30300 + selector: + k8s-app: jitsi diff --git a/Jitsi/kustomization.yaml b/Jitsi/kustomization.yaml new file mode 100644 index 0000000..0a2f59a --- /dev/null +++ b/Jitsi/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: jitsi +resources: +- namespace.yaml +- secret.yaml +- configmap.yaml +- jvb-service.yaml +- rbac.yaml +- deployment.yaml +- web-service.yaml +- ingress.yaml diff --git a/Jitsi/namespace.yaml b/Jitsi/namespace.yaml new file mode 100644 index 0000000..bcb3964 --- /dev/null +++ b/Jitsi/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: jitsi diff --git a/Jitsi/rbac.yaml b/Jitsi/rbac.yaml new file mode 100644 index 0000000..92bb7e3 --- /dev/null +++ b/Jitsi/rbac.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: jitsi-privileged +spec: + allowPrivilegeEscalation: true + fsGroup: + rule: RunAsAny + hostIPC: false + hostNetwork: true + hostPID: true + hostPorts: + - max: 65535 + min: 0 + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - projected + - secret +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: jitsi-privileged +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - jitsi-privileged + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: jitsi-privileged +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jitsi-privileged +subjects: +- kind: ServiceAccount + name: jitsi diff --git a/Jitsi/secret.yaml b/Jitsi/secret.yaml new file mode 100644 index 0000000..3a313d2 --- /dev/null +++ b/Jitsi/secret.yaml @@ -0,0 +1,9 @@ +kind: Secret +apiVersion: v1 +metadata: + name: jitsi-config +type: Opaque +data: + JICOFO_AUTH_PASSWORD: "aml0c2lhZG1pbg==" + JICOFO_COMPONENT_SECRET: "aml0c2lhZG1pbg==" + JVB_AUTH_PASSWORD: "aml0c2lhZG1pbg==" diff --git a/Jitsi/web-service.yaml b/Jitsi/web-service.yaml new file mode 100644 index 0000000..2146357 --- /dev/null +++ b/Jitsi/web-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + service: web + name: web +spec: + ports: + - name: "http" + port: 80 + targetPort: 80 + - name: "https" + port: 443 + targetPort: 443 + selector: + k8s-app: jitsi diff --git a/Prometheus/.ingress.yaml.swp b/Prometheus/.ingress.yaml.swp deleted file mode 100644 index 6a2f7f8..0000000 --- a/Prometheus/.ingress.yaml.swp +++ /dev/null Binary files differ diff --git a/Prometheus/ingress.yaml b/Prometheus/ingress.yaml index e1f9bca..ba308a6 100644 --- a/Prometheus/ingress.yaml +++ b/Prometheus/ingress.yaml @@ -10,14 +10,11 @@ app: prometheus spec: rules: - - host: home.jerxie.com + - host: kubernetes.jerxie.com http: paths: - - backend: - service: - name: prometheus-service - port: - number: 9090 - path: /kubernetes/prometheus(/|$)(.*) - pathType: Exact - + - path: /prometheus + pathType: Prefix + backend: + serviceName: prometheus-service + servicePort:9090 diff --git a/Selenium/selenium-hub-deployment.yaml b/Selenium/selenium-hub-deployment.yaml index 2b0fcf8..6832ded 100644 --- a/Selenium/selenium-hub-deployment.yaml +++ b/Selenium/selenium-hub-deployment.yaml @@ -21,8 +21,8 @@ - containerPort: 4444 resources: limits: - memory: 200Mi - cpu: ".3" + memory: 100Mi + cpu: ".4" livenessProbe: httpGet: path: /wd/hub/status diff --git a/Selenium/selenium-hub-service.yaml b/Selenium/selenium-hub-service.yaml index c2ff064..a0c6fe8 100644 --- a/Selenium/selenium-hub-service.yaml +++ b/Selenium/selenium-hub-service.yaml @@ -9,6 +9,7 @@ - port: 4444 targetPort: 4444 name: hub-port + nodePort: 30040 selector: app: selenium-hub - type: ClusterIP + type: NodePort diff --git a/Selenium/selenium-node-chrome-deployment.yaml b/Selenium/selenium-node-chrome-deployment.yaml index 0d85d4e..605964c 100644 --- a/Selenium/selenium-node-chrome-deployment.yaml +++ b/Selenium/selenium-node-chrome-deployment.yaml @@ -33,6 +33,6 @@ value: "4444" resources: limits: - memory: "300Mi" - cpu: ".4" + memory: "400Mi" + cpu: ".3"