From 31bfacccd50227832dc367f942bce4f26b7e9c72 Mon Sep 17 00:00:00 2001 From: Amit Tewari Date: Mon, 30 Oct 2023 10:15:00 +0100 Subject: [PATCH 1/8] Chart upgrade for Jitsi stable-8960-1 version with some small and some large changes. A summary is: - Bump up from stable-8719 to stable-8960-1 - Add /config as emptyDir, to support readOnlyRootFilesystem - Make defaults config and cont-init scripts customize at deploy time - Add nodePorts for Prosody and Web for restricted Kubernetes deployments - Add example configurations, and Makefile, to test changes quickly --- Chart.yaml | 6 +- Makefile | 6 ++ charts/prosody/Chart.yaml | 4 +- .../templates/configmaps-cont-init.yaml | 13 +++ .../templates/configmaps-defaults.yaml | 25 ++++++ charts/prosody/templates/service.yaml | 3 + charts/prosody/templates/statefulset.yaml | 42 +++++++++- example-configurations/custom-defaults.yaml | 45 +++++++++++ templates/jicofo/configmaps-cont-init.yaml | 14 ++++ templates/jicofo/configmaps-defaults.yaml | 19 +++++ templates/jicofo/deployment.yaml | 37 ++++++++- templates/web/configmaps-cont-init.yaml | 13 +++ templates/web/configmaps-defaults.yaml | 55 +++++++++++++ templates/web/deployment.yaml | 79 ++++++++++++++++++- templates/web/service.yaml | 3 + values.yaml | 41 +++++++++- 16 files changed, 394 insertions(+), 11 deletions(-) create mode 100644 Makefile create mode 100644 charts/prosody/templates/configmaps-cont-init.yaml create mode 100644 charts/prosody/templates/configmaps-defaults.yaml create mode 100644 example-configurations/custom-defaults.yaml create mode 100644 templates/jicofo/configmaps-cont-init.yaml create mode 100644 templates/jicofo/configmaps-defaults.yaml create mode 100644 templates/web/configmaps-cont-init.yaml create mode 100644 templates/web/configmaps-defaults.yaml diff --git a/Chart.yaml b/Chart.yaml index 1a7d543..d416e3c 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -14,13 +14,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 1.3.7 +version: 1.4.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: stable-8719 +appVersion: stable-8960-1 dependencies: - name: prosody condition: prosody.enabled - version: 1.3.7 + version: 1.4.0 diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..26e2230 --- /dev/null +++ b/Makefile @@ -0,0 +1,6 @@ +template: + helm template --release-name jitsi-8960 . +templateWithCustomDefaults: + helm template --release-name jitsi-8960 . -f example-configurations/custom-defaults.yaml +package: + helm package . diff --git a/charts/prosody/Chart.yaml b/charts/prosody/Chart.yaml index 450f84c..f435b42 100644 --- a/charts/prosody/Chart.yaml +++ b/charts/prosody/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 1.3.7 +version: 1.4.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: stable-8719 +appVersion: stable-8960-1 diff --git a/charts/prosody/templates/configmaps-cont-init.yaml b/charts/prosody/templates/configmaps-cont-init.yaml new file mode 100644 index 0000000..cf3c38b --- /dev/null +++ b/charts/prosody/templates/configmaps-cont-init.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "prosody.fullname" . }}-cont-inits + labels: + {{- include "prosody.labels" . | nindent 4 }} +data: + 10-config: | + {{- if .Values.custom.contInit._10_config }} + {{- .Values.custom.contInit._10_config | nindent 4 }} + {{- else }} + # Using prosody /etc/cont-init.d/10-config from container image + {{ end }} diff --git a/charts/prosody/templates/configmaps-defaults.yaml b/charts/prosody/templates/configmaps-defaults.yaml new file mode 100644 index 0000000..0fd47bb --- /dev/null +++ b/charts/prosody/templates/configmaps-defaults.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "prosody.fullname" . }}-defaults + labels: + {{- include "prosody.labels" . | nindent 4 }} +data: + prosody.cfg.lua: | + {{- if .Values.custom.defaults._prosody_cfg_lua }} + {{- .Values.custom.defaults._prosody_cfg_lua | nindent 4 }} + {{- else }} + # Using prosody /default/prosody.cfg.lua from container image + {{ end }} + saslauthd.conf: | + {{- if .Values.custom.defaults._saslauthd_conf }} + {{- .Values.custom.defaults._saslauthd_conf | nindent 4 }} + {{- else }} + # Using prosody /default/saslauthd.conf from container image + {{ end }} + jitsi-meet.cfg.lua: | + {{- if .Values.custom.defaults._jitsi_meet_cfg_lua }} + {{- .Values.custom.defaults._jitsi_meet_cfg_lua | nindent 4 }} + {{- else }} + # Using prosody /default/conf.d/jitsi-meet.cfg.lua from container image + {{ end }} diff --git a/charts/prosody/templates/service.yaml b/charts/prosody/templates/service.yaml index f95c790..7441654 100644 --- a/charts/prosody/templates/service.yaml +++ b/charts/prosody/templates/service.yaml @@ -19,6 +19,9 @@ spec: - port: {{ index .Values.service.ports "xmpp-c2s" }} protocol: TCP name: tcp-xmpp-c2 + {{- if .Values.service.ports.xmppc2snodePort }} + nodePort: {{ index .Values.service.ports "xmppc2snodePort" }} + {{- end }} - port: {{ index .Values.service.ports "xmpp-s2s" }} protocol: TCP name: tcp-xmpp-s2 diff --git a/charts/prosody/templates/statefulset.yaml b/charts/prosody/templates/statefulset.yaml index 063c9fd..bd6a109 100644 --- a/charts/prosody/templates/statefulset.yaml +++ b/charts/prosody/templates/statefulset.yaml @@ -10,7 +10,7 @@ metadata: {{- end }} spec: serviceName: "prosody" - replicas: 1 + replicas: {{ .Values.replicas }} selector: matchLabels: {{- include "prosody.selectorLabels" . | nindent 6 }} @@ -82,12 +82,52 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: + - name: config + mountPath: /config - name: prosody-data mountPath: {{ .Values.dataDir }} + {{- if .Values.custom.contInit._10_config }} + - name: custom-cont-inits + mountPath: /etc/cont-init.d/10-config + subPath: 10-config + {{- end }} + {{- if .Values.custom.defaults._prosody_cfg_lua }} + - name: custom-defaults + mountPath: /defaults/prosody.cfg.lua + subPath: prosody.cfg.lua + {{- end }} + {{- if .Values.custom.defaults._saslauthd_conf }} + - name: custom-defaults + mountPath: /defaults/saslauthd.conf + subPath: saslauthd.conf + {{- end }} + {{- if .Values.custom.defaults._jitsi_meet_cfg_lua }} + - name: custom-defaults + mountPath: /defaults/conf.d/jitsi-meet.cfg.lua + subPath: jitsi-meet.cfg.lua + {{- end }} {{- with .Values.extraVolumeMounts }} {{- toYaml . | nindent 10 }} {{- end }} volumes: + - name: config + emptyDir: {} + - name: custom-cont-inits + configMap: + name: {{ include "prosody.fullname" . }}-cont-inits + items: + - key: 10-config + path: 10-config + - name: custom-defaults + configMap: + name: {{ include "prosody.fullname" . }}-defaults + items: + - key: prosody.cfg.lua + path: prosody.cfg.lua + - key: saslauthd.conf + path: saslauthd.conf + - key: jitsi-meet.cfg.lua + path: jitsi-meet.cfg.lua - name: prosody-data {{- if .Values.persistence.enabled }} persistentVolumeClaim: diff --git a/example-configurations/custom-defaults.yaml b/example-configurations/custom-defaults.yaml new file mode 100644 index 0000000..acb892c --- /dev/null +++ b/example-configurations/custom-defaults.yaml @@ -0,0 +1,45 @@ +prosody: + custom: + contInit: + _10_config: | + # Custom prosody /etc/cont-init.d/10-config + defaults: + _prosody_cfg_lua: | + # Custom prosody /defaults/prosody.cfg.lua + _saslauthd_conf: | + # Custom prosody /defaults/saslauthd.conf + _jitsi_meet_cfg_lua: | + # Custom prosody /defaults/conf.d/jitsi-meet.cfg.lua +jicofo: + custom: + contInit: + _10_config: | + # Custom jicofo /etc/cont-init.d/10-config + defaults: + _jicofo_conf: | + # Custom jicofo /defaults/jicofo.conf + _logging_properties: | + # Custom jicofo /defaults/logging.properties +web: + custom: + contInit: + _10_config: | + # Custom web /etc/cont-init.d/10-config + defaults: + _default: | + # Custom web /defaults/default + _ffdhe2048_txt: | + # Custom web /defaults/ffdhe2048.txt + _interface_config_js: | + # Custom web /defaults/interface_config.js + _meet_conf: | + # Custom web /defaults/meet.conf + _nginx_conf: | + # Custom web /defaults/nginx.conf + _settings_config_js: | + # Custom web /defaults/settings-config.js + _ssl_conf: | + # Custom web /defaults/ssl.conf + _system_config_js: | + # Custom web /defaults/system-config.js + diff --git a/templates/jicofo/configmaps-cont-init.yaml b/templates/jicofo/configmaps-cont-init.yaml new file mode 100644 index 0000000..4511bb6 --- /dev/null +++ b/templates/jicofo/configmaps-cont-init.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "jitsi-meet.jicofo.fullname" . }}-cont-inits + labels: + {{- include "jitsi-meet.jicofo.labels" . | nindent 4 }} +data: + 10-config: | + {{- if .Values.jicofo.custom.contInit._10_config }} + {{- .Values.jicofo.custom.contInit._10_config | nindent 4 }} + {{- else }} + # Using jicofo /etc/cont-init.d/10-config from container image + {{ end }} + diff --git a/templates/jicofo/configmaps-defaults.yaml b/templates/jicofo/configmaps-defaults.yaml new file mode 100644 index 0000000..ca07634 --- /dev/null +++ b/templates/jicofo/configmaps-defaults.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "jitsi-meet.jicofo.fullname" . }}-defaults + labels: + {{- include "jitsi-meet.jicofo.labels" . | nindent 4 }} +data: + jicofo.conf: | + {{- if .Values.jicofo.custom.defaults._jicofo_conf }} + {{- .Values.jicofo.custom.defaults._jicofo_conf | nindent 4 }} + {{- else }} + # Using jicofo /default/jicofo.conf from container image + {{ end }} + logging.properties: | + {{- if .Values.jicofo.custom.defaults._logging_properties }} + {{- .Values.jicofo.custom.defaults._logging_properties | nindent 4 }} + {{- else }} + # Using jicofo /default/logging.properties from container image + {{ end }} diff --git a/templates/jicofo/deployment.yaml b/templates/jicofo/deployment.yaml index a0f8187..7344e3b 100644 --- a/templates/jicofo/deployment.yaml +++ b/templates/jicofo/deployment.yaml @@ -34,6 +34,23 @@ spec: serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }} securityContext: {{- toYaml .Values.jicofo.podSecurityContext | nindent 8 }} + volumes: + - name: config + emptyDir: {} + - name: custom-cont-inits + configMap: + name: {{ include "jitsi-meet.jicofo.fullname" . }}-cont-inits + items: + - key: 10-config + path: 10-config + - name: custom-defaults + configMap: + name: {{ include "jitsi-meet.jicofo.fullname" . }}-defaults + items: + - key: jicofo.conf + path: jicofo.conf + - key: logging.properties + path: logging.properties containers: - name: {{ .Chart.Name }} securityContext: @@ -61,7 +78,25 @@ spec: {{- end }} resources: {{- toYaml .Values.jicofo.resources | nindent 12 }} - + volumeMounts: + # to support readOnlyRootFilesystem + - name: config + mountPath: /config + {{- if .Values.jicofo.custom.contInit._10_config }} + - name: custom-cont-inits + mountPath: /etc/cont-init.d/10-config + subPath: 10-config + {{- end }} + {{- if .Values.jicofo.custom.defaults._jicofo_conf }} + - name: custom-defaults + mountPath: /defaults/jicofo.conf + subPath: jicofo.conf + {{- end }} + {{- if .Values.jicofo.custom.defaults._logging_properties }} + - name: custom-defaults + mountPath: /defaults/logging.properties + subPath: logging.properties + {{- end }} {{- with .Values.jicofo.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/templates/web/configmaps-cont-init.yaml b/templates/web/configmaps-cont-init.yaml new file mode 100644 index 0000000..de8800e --- /dev/null +++ b/templates/web/configmaps-cont-init.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "jitsi-meet.web.fullname" . }}-cont-inits + labels: + {{- include "jitsi-meet.web.labels" . | nindent 4 }} +data: + 10-config: | + {{- if .Values.web.custom.contInit._10_config }} + {{- .Values.web.custom.contInit._10_config | nindent 4 }} + {{- else }} + # Using web /etc/cont-init.d/10-config from container image + {{ end }} diff --git a/templates/web/configmaps-defaults.yaml b/templates/web/configmaps-defaults.yaml new file mode 100644 index 0000000..11284ed --- /dev/null +++ b/templates/web/configmaps-defaults.yaml @@ -0,0 +1,55 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "jitsi-meet.web.fullname" . }}-defaults + labels: + {{- include "jitsi-meet.web.labels" . | nindent 4 }} +data: + default: | + {{- if .Values.web.custom.defaults._default }} + {{- .Values.web.custom.defaults._default | nindent 4 }} + {{- else }} + # Using web /defaults/default from container image + {{ end }} + ffdhe2048.txt: | + {{- if .Values.web.custom.defaults._ffdhe2048_txt }} + {{- .Values.web.custom.defaults._ffdhe2048_txt | nindent 4 }} + {{- else }} + # Using web /defaults/ffdhe2048.txt from container image + {{ end }} + interface_config.js: | + {{- if .Values.web.custom.defaults._interface_config_js }} + {{- .Values.web.custom.defaults._interface_config_js | nindent 4 }} + {{- else }} + # Using web /defaults/interface_config.js from container image + {{ end }} + meet.conf: | + {{- if .Values.web.custom.defaults._meet_conf }} + {{- .Values.web.custom.defaults._meet_conf | nindent 4 }} + {{- else }} + # Using web /defaults/meet.conf from container image + {{ end }} + nginx.conf: | + {{- if .Values.web.custom.defaults._nginx_conf }} + {{- .Values.web.custom.defaults._nginx_conf | nindent 4 }} + {{- else }} + # Using web /defaults/nginx.conf from container image + {{ end }} + settings-config.js: | + {{- if .Values.web.custom.defaults._settings_config_js }} + {{- .Values.web.custom.defaults._settings_config_js | nindent 4 }} + {{- else }} + # Using web /defaults/settings-config.js from container image + {{ end }} + ssl.conf: | + {{- if .Values.web.custom.defaults._ssl_conf }} + {{- .Values.web.custom.defaults._ssl_conf | nindent 4 }} + {{- else }} + # Using web /defaults/ssl.conf from container image + {{ end }} + system-config.js: | + {{- if .Values.web.custom.defaults._system_config_js }} + {{- .Values.web.custom.defaults._system_config_js | nindent 4 }} + {{- else }} + # Using web /defaults/system-config.js from container image + {{ end }} diff --git a/templates/web/deployment.yaml b/templates/web/deployment.yaml index 2b9c4ae..f4f50e9 100644 --- a/templates/web/deployment.yaml +++ b/templates/web/deployment.yaml @@ -61,8 +61,55 @@ spec: {{- end }} resources: {{- toYaml .Values.web.resources | nindent 12 }} - {{- with .Values.web.extraVolumeMounts }} volumeMounts: + - name: config + mountPath: /config + {{- if .Values.web.custom.contInit._10_config }} + - name: custom-cont-inits + mountPath: /etc/cont-init.d/10-config + subPath: 10-config + {{- end }} + {{- if .Values.web.custom.defaults._default }} + - name: custom-defaults + mountPath: /defaults/default + subPath: default + {{- end }} + {{- if .Values.web.custom.defaults._ffdhe2048_txt }} + - name: custom-defaults + mountPath: /defaults/ffdhe2048.txt + subPath: ffdhe2048.txt + {{- end }} + {{- if .Values.web.custom.defaults._interface_config_js }} + - name: custom-defaults + mountPath: /defaults/interface_config.js + subPath: interface_config.js + {{- end }} + {{- if .Values.web.custom.defaults._meet_conf }} + - name: custom-defaults + mountPath: /defaults/meet.conf + subPath: meet.conf + {{- end }} + {{- if .Values.web.custom.defaults._nginx_conf }} + - name: custom-defaults + mountPath: /defaults/nginx.conf + subPath: nginx.conf + {{- end }} + {{- if .Values.web.custom.defaults._settings_config_js }} + - name: custom-defaults + mountPath: /defaults/settings-config.js + subPath: settings-config.js + {{- end }} + {{- if .Values.web.custom.defaults._ssl_conf }} + - name: custom-defaults + mountPath: /defaults/ssl.conf + subPath: ssl.conf + {{- end }} + {{- if .Values.web.custom.defaults._system_config_js }} + - name: custom-defaults + mountPath: /defaults/system-config.js + subPath: system-config.js + {{- end }} + {{- with .Values.web.extraVolumeMounts }} {{- toYaml . | nindent 10 }} {{- end }} @@ -78,7 +125,35 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.web.extraVolumes }} volumes: + - name: config + emptyDir: {} + - name: custom-cont-inits + configMap: + name: {{ include "jitsi-meet.web.fullname" . }}-cont-inits + items: + - key: 10-config + path: 10-config + - name: custom-defaults + configMap: + name: {{ include "jitsi-meet.web.fullname" . }}-defaults + items: + - key: default + path: default + - key: ffdhe2048.txt + path: ffdhe2048.txt + - key: interface_config.js + path: interface_config.js + - key: meet.conf + path: meet.conf + - key: nginx.conf + path: nginx.conf + - key: settings-config.js + path: settings-config.js + - key: ssl.conf + path: ssl.conf + - key: system-config.js + path: system-config.js + {{- with .Values.web.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/templates/web/service.yaml b/templates/web/service.yaml index bf890a6..cfb70a9 100644 --- a/templates/web/service.yaml +++ b/templates/web/service.yaml @@ -10,6 +10,9 @@ spec: - port: {{ .Values.web.service.port }} protocol: TCP name: http + {{- if .Values.web.service.nodePort }} + nodePort: {{ index .Values.web.service.nodePort }} + {{- end }} {{- with .Values.web.service.externalIPs }} externalIPs: {{ toYaml . | indent 2 | trim }} diff --git a/values.yaml b/values.yaml index 863a1bb..e8f6275 100644 --- a/values.yaml +++ b/values.yaml @@ -15,7 +15,9 @@ fullnameOverride: "" enableAuth: false enableGuests: true -publicURL: "" +# Where Jitsi Web UI is made available +# such as jitsi.example.com +publicURL: "jitsi.example.com" tz: Europe/Amsterdam @@ -45,10 +47,25 @@ web: image: repository: jitsi/web + custom: + contInit: + _10_config: "" + defaults: + _default: "" + _ffdhe2048_txt: "" + _interface_config_js: "" + _meet_conf: "" + _nginx_conf: "" + _settings_config_js: "" + _ssl_conf: "" + _system_config_js: "" + extraEnvs: {} service: type: ClusterIP port: 80 + # If Jitsi web needs to be fronted by external LB, following can be used. + # nodePort: 30580 externalIPs: [] ingress: @@ -123,6 +140,13 @@ jicofo: image: repository: jitsi/jicofo + custom: + contInit: + _10_config: "" + defaults: + _jicofo_conf: "" + _logging_properties: "" + xmpp: password: componentSecret: @@ -130,6 +154,7 @@ jicofo: livenessProbe: tcpSocket: port: 8888 + readinessProbe: tcpSocket: port: 8888 @@ -367,6 +392,7 @@ extraCommonEnvs: {} prosody: enabled: true + replicas: 1 # this should be always 1, or 0 if we want prosody to be scaled down for replica setup server: extraEnvFrom: - secretRef: @@ -380,4 +406,15 @@ prosody: # name: '{{ include "prosody.fullname" . }}-jibri' image: repository: jitsi/prosody - tag: 'stable-8719' + tag: 'stable-8960-1' + # service: + # ports: + # If Prososy c2s in needed on private net outside the cluster + # xmppc2snodePort: 30522 + custom: + contInit: + _10_config: "" + defaults: + _prosody_cfg_lua: "" + _saslauthd_conf: "" + _jitsi_meet_cfg_lua: "" From 3e9b6b01886e7f0447221f85d4d221c280193245 Mon Sep 17 00:00:00 2001 From: Amit Tewari Date: Fri, 24 Nov 2023 13:53:07 +0100 Subject: [PATCH 2/8] Prevent accidental scaleup of prosody with multiple replicas --- charts/prosody/templates/statefulset.yaml | 4 ++-- example-configurations/custom-defaults.yaml | 1 + values.yaml | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/prosody/templates/statefulset.yaml b/charts/prosody/templates/statefulset.yaml index 4fb21dd..7d93b7d 100644 --- a/charts/prosody/templates/statefulset.yaml +++ b/charts/prosody/templates/statefulset.yaml @@ -10,7 +10,7 @@ metadata: {{- end }} spec: serviceName: "{{ include "prosody.fullname" . }}" - replicas: {{ .Values.replicas }} + replicas: {{ if .Values.scaleUp }}1{{ else }}0{{end}} selector: matchLabels: {{- include "prosody.selectorLabels" . | nindent 6 }} @@ -167,4 +167,4 @@ spec: {{- with .Values.extraVolumeClaimTemplates }} {{- toYaml . | nindent 2 }} {{- end }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/example-configurations/custom-defaults.yaml b/example-configurations/custom-defaults.yaml index acb892c..1d76e68 100644 --- a/example-configurations/custom-defaults.yaml +++ b/example-configurations/custom-defaults.yaml @@ -1,4 +1,5 @@ prosody: + scaleUp: false custom: contInit: _10_config: | diff --git a/values.yaml b/values.yaml index af1c479..c8433c0 100644 --- a/values.yaml +++ b/values.yaml @@ -392,7 +392,8 @@ extraCommonEnvs: {} prosody: enabled: true - replicas: 1 # this should be always 1, or 0 if we want prosody to be scaled down for replica setup + # scaleUp: false, if need to generate the configs but keep prosody down + scaleUp: true server: extraEnvFrom: - secretRef: From 7272f6c6b9a9c0df13f01a0c1a869acfc2b33565 Mon Sep 17 00:00:00 2001 From: Amit Tewari Date: Fri, 24 Nov 2023 19:54:02 +0100 Subject: [PATCH 3/8] Incorporate review feedback --- Makefile | 4 +--- example-configurations/custom-defaults.yaml | 1 + values.yaml | 10 +++++++--- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 26e2230..4cc2232 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,4 @@ template: - helm template --release-name jitsi-8960 . -templateWithCustomDefaults: - helm template --release-name jitsi-8960 . -f example-configurations/custom-defaults.yaml + helm template --release-name jitsi-example . -f example-configurations/custom-defaults.yaml package: helm package . diff --git a/example-configurations/custom-defaults.yaml b/example-configurations/custom-defaults.yaml index 1d76e68..1b7d5a3 100644 --- a/example-configurations/custom-defaults.yaml +++ b/example-configurations/custom-defaults.yaml @@ -1,3 +1,4 @@ +publicURL: "jitsi.example.com" prosody: scaleUp: false custom: diff --git a/values.yaml b/values.yaml index c8433c0..a71233b 100644 --- a/values.yaml +++ b/values.yaml @@ -17,7 +17,7 @@ enableAuth: false enableGuests: true # Where Jitsi Web UI is made available # such as jitsi.example.com -publicURL: "jitsi.example.com" +publicURL: "" tz: Europe/Amsterdam @@ -64,8 +64,12 @@ web: service: type: ClusterIP port: 80 - # If Jitsi web needs to be fronted by external LB, following can be used. + ## If you want to expose the Jitsi Web service directly + # (bypassing the Ingress Controller), use this: + # + # type: NodePort # nodePort: 30580 + # port: 80 externalIPs: [] ingress: @@ -409,7 +413,7 @@ prosody: repository: jitsi/prosody # service: # ports: - # If Prososy c2s in needed on private net outside the cluster + # If Prosody c2s in needed on private net outside the cluster # xmppc2snodePort: 30522 custom: contInit: From 3ef2f41ad220803dc5c907f8d73ab1c1d6b3807a Mon Sep 17 00:00:00 2001 From: Amit Tewari Date: Sat, 25 Nov 2023 09:14:41 +0100 Subject: [PATCH 4/8] Incorporate review feedback --- .helmignore | 3 +++ Makefile | 27 +++++++++++++++++++++++++-- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/.helmignore b/.helmignore index c6f6ee1..13d4cc3 100644 --- a/.helmignore +++ b/.helmignore @@ -25,3 +25,6 @@ docs/ # Built Helm charts *.tgz +# +example-configurations/ +Makefile diff --git a/Makefile b/Makefile index 4cc2232..c17a77b 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,27 @@ +NAME := jitsi-meet-example +NAMESPACE := +OUTFILE := + +ifeq "$(strip $(OUTFILE))" "" +OUT_FLAGS := +else +OUT_FLAGS := > $(OUTFILE) +endif + +ifeq "$(strip $(NAMESPACE))" "" +NS_FLAGS := +else +NS_FLAGS := -n $(NAMESPACE) +endif + +ifeq "$(strip $(VALUES))" "" +VAL_FLAGS := +else +VAL_FLAGS := -f $(VALUES) +endif + template: - helm template --release-name jitsi-example . -f example-configurations/custom-defaults.yaml + echo helm template ${NS_FLAGS} ${VAL_FLAGS} --release-name ${NAME} . ${OUT_FLAGS} + package: - helm package . + echo helm package . From 9d4e5ccfee0f493218319ab2af791d00b3d32017 Mon Sep 17 00:00:00 2001 From: Amit Tewari Date: Wed, 6 Dec 2023 21:32:05 +0100 Subject: [PATCH 5/8] Allow env vars value overrides from existing secrets There are cases where we may prefer to create common secrets outside the chart and override values filled from configmaps or secrets created from this chart. Common usecases would be Hashicorp Vault/ 1Password operator integrations. This commits makes such overrides possible. --- charts/prosody/templates/statefulset.yaml | 5 +++++ templates/jicofo/deployment.yaml | 5 +++++ templates/jvb/deployment.yaml | 5 +++++ templates/web/deployment.yaml | 5 +++++ values.yaml | 8 ++++++++ 5 files changed, 28 insertions(+) diff --git a/charts/prosody/templates/statefulset.yaml b/charts/prosody/templates/statefulset.yaml index 7d93b7d..adf2df4 100644 --- a/charts/prosody/templates/statefulset.yaml +++ b/charts/prosody/templates/statefulset.yaml @@ -49,6 +49,11 @@ spec: {{- range .Values.extraEnvFrom }} - {{ tpl (toYaml . ) $ | indent 12 | trim }} {{- end }} + {{- if .Values.global.releaseSecretsOverride.enabled }} + {{- range .Values.global.releaseSecretsOverride.extraEnvFrom }} + - {{ tpl (toYaml . ) $ | indent 12 | trim }} + {{- end }} + {{- end }} {{- if .Values.extraEnvs }} env: {{- range .Values.extraEnvs }} diff --git a/templates/jicofo/deployment.yaml b/templates/jicofo/deployment.yaml index 7344e3b..935d293 100644 --- a/templates/jicofo/deployment.yaml +++ b/templates/jicofo/deployment.yaml @@ -64,6 +64,11 @@ spec: name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common - configMapRef: name: {{ include "jitsi-meet.jicofo.fullname" . }} + {{- if .Values.global.releaseSecretsOverride.enabled }} + {{- range .Values.global.releaseSecretsOverride.extraEnvFrom }} + - {{ tpl (toYaml . ) $ | indent 12 | trim }} + {{- end }} + {{- end }} ports: - name: http containerPort: 80 diff --git a/templates/jvb/deployment.yaml b/templates/jvb/deployment.yaml index 4650555..c152952 100644 --- a/templates/jvb/deployment.yaml +++ b/templates/jvb/deployment.yaml @@ -59,6 +59,11 @@ spec: name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common - configMapRef: name: {{ include "jitsi-meet.jvb.fullname" . }} + {{- if .Values.global.releaseSecretsOverride.enabled }} + {{- range .Values.global.releaseSecretsOverride.extraEnvFrom }} + - {{ tpl (toYaml . ) $ | indent 12 | trim }} + {{- end }} + {{- end }} env: {{- if or .Values.jvb.useNodeIP .Values.jvb.publicIPs }} - name: DOCKER_HOST_ADDRESS diff --git a/templates/web/deployment.yaml b/templates/web/deployment.yaml index f4f50e9..1be6013 100644 --- a/templates/web/deployment.yaml +++ b/templates/web/deployment.yaml @@ -44,6 +44,11 @@ spec: name: {{ include "jitsi-meet.web.fullname" . }} - configMapRef: name: {{ include "call-nested" (list . "prosody" "prosody.fullname") }}-common + {{- if .Values.global.releaseSecretsOverride.enabled }} + {{- range .Values.global.releaseSecretsOverride.extraEnvFrom }} + - {{ tpl (toYaml . ) $ | indent 12 | trim }} + {{- end }} + {{- end }} ports: - name: http containerPort: 80 diff --git a/values.yaml b/values.yaml index a71233b..b768367 100644 --- a/values.yaml +++ b/values.yaml @@ -9,6 +9,14 @@ global: clusterDomain: cluster.local podLabels: {} podAnnotations: {} + releaseSecretsOverride: + enabled: false + #Support environment variables from pre-created secrets, such as 1Password operator + #extraEnvFrom: + # - secretRef: + # name: '{{ include "prosody.fullname" . }}-overrides' + # optional: true + imagePullSecrets: [] nameOverride: "" fullnameOverride: "" From 5b0c70dfc9c8dfec2a28b7d2bb664113764af2d3 Mon Sep 17 00:00:00 2001 From: Amit Tewari Date: Wed, 3 Jan 2024 14:23:12 +0100 Subject: [PATCH 6/8] Set defaultMode to let s6 execute custom init --- charts/prosody/templates/statefulset.yaml | 1 + templates/jicofo/deployment.yaml | 1 + templates/web/deployment.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/charts/prosody/templates/statefulset.yaml b/charts/prosody/templates/statefulset.yaml index adf2df4..ede5e1a 100644 --- a/charts/prosody/templates/statefulset.yaml +++ b/charts/prosody/templates/statefulset.yaml @@ -119,6 +119,7 @@ spec: emptyDir: {} - name: custom-cont-inits configMap: + defaultMode: 511 name: {{ include "prosody.fullname" . }}-cont-inits items: - key: 10-config diff --git a/templates/jicofo/deployment.yaml b/templates/jicofo/deployment.yaml index 935d293..0584728 100644 --- a/templates/jicofo/deployment.yaml +++ b/templates/jicofo/deployment.yaml @@ -39,6 +39,7 @@ spec: emptyDir: {} - name: custom-cont-inits configMap: + defaultMode: 511 name: {{ include "jitsi-meet.jicofo.fullname" . }}-cont-inits items: - key: 10-config diff --git a/templates/web/deployment.yaml b/templates/web/deployment.yaml index 1be6013..9b33572 100644 --- a/templates/web/deployment.yaml +++ b/templates/web/deployment.yaml @@ -135,6 +135,7 @@ spec: emptyDir: {} - name: custom-cont-inits configMap: + defaultMode: 511 name: {{ include "jitsi-meet.web.fullname" . }}-cont-inits items: - key: 10-config From ed0cc2fe7f8f1f4bae5026067afbf0039dcb99ff Mon Sep 17 00:00:00 2001 From: Amit Tewari Date: Thu, 25 Jan 2024 11:36:04 +0100 Subject: [PATCH 7/8] Prosody replica count and Jibri custom configs --- charts/prosody/templates/statefulset.yaml | 2 +- templates/jibri/configmaps-cont-init.yaml | 14 +++++++ templates/jibri/configmaps-defaults.yaml | 32 +++++++++++++++ templates/jibri/deployment.yaml | 48 +++++++++++++++++++++++ values.yaml | 10 ++++- 5 files changed, 103 insertions(+), 3 deletions(-) create mode 100644 templates/jibri/configmaps-cont-init.yaml create mode 100644 templates/jibri/configmaps-defaults.yaml diff --git a/charts/prosody/templates/statefulset.yaml b/charts/prosody/templates/statefulset.yaml index ede5e1a..04e6dea 100644 --- a/charts/prosody/templates/statefulset.yaml +++ b/charts/prosody/templates/statefulset.yaml @@ -10,7 +10,7 @@ metadata: {{- end }} spec: serviceName: "{{ include "prosody.fullname" . }}" - replicas: {{ if .Values.scaleUp }}1{{ else }}0{{end}} + replicas: {{ if .Values.enabled }}1{{ else }}0{{end}} selector: matchLabels: {{- include "prosody.selectorLabels" . | nindent 6 }} diff --git a/templates/jibri/configmaps-cont-init.yaml b/templates/jibri/configmaps-cont-init.yaml new file mode 100644 index 0000000..b09aa78 --- /dev/null +++ b/templates/jibri/configmaps-cont-init.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "jitsi-meet.jibri.fullname" . }}-cont-inits + labels: + {{- include "jitsi-meet.jibri.labels" . | nindent 4 }} +data: + 10-config: | + {{- if .Values.jibri.custom.contInit._10_config }} + {{- .Values.jibri.custom.contInit._10_config | nindent 4 }} + {{- else }} + # Using jibri /etc/cont-init.d/10-config from container image + {{ end }} + diff --git a/templates/jibri/configmaps-defaults.yaml b/templates/jibri/configmaps-defaults.yaml new file mode 100644 index 0000000..f53c13d --- /dev/null +++ b/templates/jibri/configmaps-defaults.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "jitsi-meet.jibri.fullname" . }}-defaults + labels: + {{- include "jitsi-meet.jibri.labels" . | nindent 4 }} +data: + jibri.conf: | + {{- if .Values.jibri.custom.defaults._jibri_conf }} + {{- .Values.jibri.custom.defaults._jibri_conf | nindent 4 }} + {{- else }} + # Using jibri /default/jibri.conf from container image + {{ end }} + logging.properties: | + {{- if .Values.jibri.custom.defaults._logging_properties }} + {{- .Values.jibri.custom.defaults._logging_properties | nindent 4 }} + {{- else }} + # Using jibri /default/logging.properties from container image + {{ end }} + autoscaler-sidecar.config: | + {{- if .Values.jibri.custom.defaults._jibri_autoscaler_sidecar_config }} + {{- .Values.jibri.custom.defaults._jibri_autoscaler_sidecar_config | nindent 4 }} + {{- else }} + # Using jibri /default/autoscaler-sidecar.config from container image + {{ end }} + xorg-video-dummy.conf: | + {{- if .Values.jibri.custom.defaults._xorg_video_dummy_conf }} + {{- .Values.jibri.custom.defaults._xorg_video_dummy_conf | nindent 4 }} + {{- else }} + # Using jibri /default/xorg-video-dummy.conf from container image + {{ end }} + diff --git a/templates/jibri/deployment.yaml b/templates/jibri/deployment.yaml index 8a731a2..a8b7b86 100644 --- a/templates/jibri/deployment.yaml +++ b/templates/jibri/deployment.yaml @@ -78,6 +78,33 @@ spec: {{- toYaml .Values.jibri.resources | nindent 12 }} volumeMounts: + - name: config + mountPath: /config + {{- if .Values.jibri.custom.contInit._10_config }} + - name: custom-cont-inits + mountPath: /etc/cont-init.d/10-config + subPath: 10-config + {{- end }} + {{- if .Values.jibri.custom.defaults._jibri_conf }} + - name: custom-defaults + mountPath: /defaults/jibri.conf + subPath: jibri.conf + {{- end }} + {{- if .Values.jibri.custom.defaults._logging_properties }} + - name: custom-defaults + mountPath: /defaults/logging.properties + subPath: logging.properties + {{- end }} + {{- if .Values.jibri.custom.defaults._autoscaler_sidecar_config }} + - name: custom-defaults + mountPath: /defaults/autoscaler-sidecar.config + subPath: autoscaler-sidecar.config + {{- end }} + {{- if .Values.jibri.custom.defaults._xorg_video_dummy_conf }} + - name: custom-defaults + mountPath: /defaults/xorg-video-dummy.conf + subPath: xorg-video-dummy.conf + {{- end }} - name: jibri-data mountPath: /data {{- if .Values.jibri.shm.enabled }} @@ -86,6 +113,27 @@ spec: {{- end }} volumes: + - name: config + emptyDir: {} + - name: custom-cont-inits + configMap: + defaultMode: 511 + name: {{ include "jitsi-meet.jibri.fullname" . }}-cont-inits + items: + - key: 10-config + path: 10-config + - name: custom-defaults + configMap: + name: {{ include "jitsi-meet.jibri.fullname" . }}-defaults + items: + - key: jibri.conf + path: jibri.conf + - key: logging.properties + path: logging.properties + - key: autoscaler-sidecar.config + path: autoscaler-sidecar.config + - key: xorg-video-dummy.conf + path: xorg-video-dummy.conf - name: jibri-data {{- if .Values.jibri.persistence.enabled }} persistentVolumeClaim: diff --git a/values.yaml b/values.yaml index ac1f72a..48f032d 100644 --- a/values.yaml +++ b/values.yaml @@ -430,6 +430,14 @@ jibri: | grep -qP 'HEALTHY (IDLE|BUSY)' extraEnvs: {} + custom: + contInit: + _10_config: "" + defaults: + _autoscaler_sidecar_config: "" + _jibri_conf: "" + _logging_properties: "" + _xorg_video_dummy_conf: "" serviceAccount: # Specifies whether a service account should be created @@ -451,8 +459,6 @@ extraCommonEnvs: {} prosody: enabled: true - # scaleUp: false, if need to generate the configs but keep prosody down - scaleUp: true server: extraEnvFrom: - secretRef: From d3ae004aa06aad2cbede93d9172c46c88625f698 Mon Sep 17 00:00:00 2001 From: Amit Tewari Date: Thu, 25 Jan 2024 13:35:01 +0100 Subject: [PATCH 8/8] Adjust permissions --- charts/prosody/templates/statefulset.yaml | 4 ++-- templates/jibri/deployment.yaml | 2 +- templates/jicofo/deployment.yaml | 2 +- templates/web/deployment.yaml | 2 +- values.yaml | 1 + 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/prosody/templates/statefulset.yaml b/charts/prosody/templates/statefulset.yaml index 04e6dea..5623efe 100644 --- a/charts/prosody/templates/statefulset.yaml +++ b/charts/prosody/templates/statefulset.yaml @@ -10,7 +10,7 @@ metadata: {{- end }} spec: serviceName: "{{ include "prosody.fullname" . }}" - replicas: {{ if .Values.enabled }}1{{ else }}0{{end}} + replicas: {{ if .Values.useExternalProsody }}0{{ else }}1{{end}} selector: matchLabels: {{- include "prosody.selectorLabels" . | nindent 6 }} @@ -119,7 +119,7 @@ spec: emptyDir: {} - name: custom-cont-inits configMap: - defaultMode: 511 + defaultMode: 493 name: {{ include "prosody.fullname" . }}-cont-inits items: - key: 10-config diff --git a/templates/jibri/deployment.yaml b/templates/jibri/deployment.yaml index a8b7b86..c995feb 100644 --- a/templates/jibri/deployment.yaml +++ b/templates/jibri/deployment.yaml @@ -117,7 +117,7 @@ spec: emptyDir: {} - name: custom-cont-inits configMap: - defaultMode: 511 + defaultMode: 493 name: {{ include "jitsi-meet.jibri.fullname" . }}-cont-inits items: - key: 10-config diff --git a/templates/jicofo/deployment.yaml b/templates/jicofo/deployment.yaml index 0584728..47d9180 100644 --- a/templates/jicofo/deployment.yaml +++ b/templates/jicofo/deployment.yaml @@ -39,7 +39,7 @@ spec: emptyDir: {} - name: custom-cont-inits configMap: - defaultMode: 511 + defaultMode: 493 name: {{ include "jitsi-meet.jicofo.fullname" . }}-cont-inits items: - key: 10-config diff --git a/templates/web/deployment.yaml b/templates/web/deployment.yaml index 9b33572..b65b968 100644 --- a/templates/web/deployment.yaml +++ b/templates/web/deployment.yaml @@ -135,7 +135,7 @@ spec: emptyDir: {} - name: custom-cont-inits configMap: - defaultMode: 511 + defaultMode: 493 name: {{ include "jitsi-meet.web.fullname" . }}-cont-inits items: - key: 10-config diff --git a/values.yaml b/values.yaml index 48f032d..112b6e2 100644 --- a/values.yaml +++ b/values.yaml @@ -459,6 +459,7 @@ extraCommonEnvs: {} prosody: enabled: true + useExternalProsody: false server: extraEnvFrom: - secretRef: