Introduce new customization options and restricted config filesystems

Chart.yaml

@@ -14,13 +14,13 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 1.3.7
+version: 1.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: stable-8719
+appVersion: stable-8960-1
 
 dependencies:
   - name: prosody
     condition: prosody.enabled
-    version: 1.3.7
+    version: 1.4.0

Makefile

@@ -0,0 +1,6 @@
+template:
+	helm template --release-name jitsi-8960 .
+templateWithCustomDefaults:
+	helm template --release-name jitsi-8960 . -f example-configurations/custom-defaults.yaml
+package:
+	helm package .

charts/prosody/Chart.yaml

@@ -14,8 +14,8 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 1.3.7
+version: 1.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: stable-8719
+appVersion: stable-8960-1

charts/prosody/templates/configmaps-cont-init.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "prosody.fullname" . }}-cont-inits
+  labels:
+    {{- include "prosody.labels" . | nindent 4 }}
+data:
+  10-config: |
+    {{- if .Values.custom.contInit._10_config }}
+      {{- .Values.custom.contInit._10_config | nindent 4 }}
+    {{- else }}
+    # Using prosody /etc/cont-init.d/10-config from container image
+    {{ end }}

charts/prosody/templates/configmaps-defaults.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "prosody.fullname" . }}-defaults
+  labels:
+    {{- include "prosody.labels" . | nindent 4 }}
+data:
+  prosody.cfg.lua: |
+    {{- if .Values.custom.defaults._prosody_cfg_lua }}
+      {{- .Values.custom.defaults._prosody_cfg_lua | nindent 4 }}
+    {{- else }}
+    # Using prosody /default/prosody.cfg.lua from container image
+    {{ end }}
+  saslauthd.conf: |
+    {{- if .Values.custom.defaults._saslauthd_conf }}
+      {{- .Values.custom.defaults._saslauthd_conf | nindent 4 }}
+    {{- else }}
+    # Using prosody /default/saslauthd.conf from container image
+    {{ end }}
+  jitsi-meet.cfg.lua: |
+    {{- if .Values.custom.defaults._jitsi_meet_cfg_lua }}
+      {{- .Values.custom.defaults._jitsi_meet_cfg_lua | nindent 4 }}
+    {{- else }}
+    # Using prosody /default/conf.d/jitsi-meet.cfg.lua from container image
+    {{ end }}

charts/prosody/templates/service.yaml

@@ -19,6 +19,9 @@ spec:
     - port: {{ index .Values.service.ports "xmpp-c2s" }}
       protocol: TCP
       name: tcp-xmpp-c2
+      {{- if .Values.service.ports.xmppc2snodePort }}
+      nodePort: {{ index .Values.service.ports "xmppc2snodePort" }}
+      {{- end }}
     - port: {{ index .Values.service.ports "xmpp-s2s" }}
       protocol: TCP
       name: tcp-xmpp-s2

charts/prosody/templates/statefulset.yaml

@@ -10,7 +10,7 @@ metadata:
   {{- end }}
 spec:
   serviceName: "prosody"
-  replicas: 1
+  replicas: {{ .Values.replicas }}
   selector:
     matchLabels:
       {{- include "prosody.selectorLabels" . | nindent 6 }}
@@ -82,12 +82,52 @@ spec:
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           volumeMounts:
+          - name: config
+            mountPath: /config
           - name: prosody-data
             mountPath: {{ .Values.dataDir }}
+          {{- if .Values.custom.contInit._10_config }}
+          - name: custom-cont-inits
+            mountPath: /etc/cont-init.d/10-config
+            subPath: 10-config
+          {{- end }}
+          {{- if .Values.custom.defaults._prosody_cfg_lua }}
+          - name: custom-defaults
+            mountPath: /defaults/prosody.cfg.lua
+            subPath: prosody.cfg.lua
+          {{- end }}
+          {{- if .Values.custom.defaults._saslauthd_conf }}
+          - name: custom-defaults
+            mountPath: /defaults/saslauthd.conf
+            subPath: saslauthd.conf
+          {{- end }}
+          {{- if .Values.custom.defaults._jitsi_meet_cfg_lua }}
+          - name: custom-defaults
+            mountPath: /defaults/conf.d/jitsi-meet.cfg.lua
+            subPath: jitsi-meet.cfg.lua
+          {{- end }}
           {{- with .Values.extraVolumeMounts }}
           {{- toYaml . | nindent 10 }}
           {{- end }}
       volumes:
+      - name: config
+        emptyDir: {}
+      - name: custom-cont-inits
+        configMap:
+          name: {{ include "prosody.fullname" . }}-cont-inits
+          items:
+            - key: 10-config
+              path: 10-config
+      - name: custom-defaults
+        configMap:
+          name: {{ include "prosody.fullname" . }}-defaults
+          items:
+            - key: prosody.cfg.lua
+              path: prosody.cfg.lua
+            - key: saslauthd.conf
+              path: saslauthd.conf
+            - key: jitsi-meet.cfg.lua
+              path: jitsi-meet.cfg.lua
       - name: prosody-data
         {{- if .Values.persistence.enabled }}
         persistentVolumeClaim:

example-configurations/custom-defaults.yaml

@@ -0,0 +1,45 @@
+prosody:
+  custom:
+    contInit:
+      _10_config: |
+        # Custom prosody /etc/cont-init.d/10-config
+    defaults:
+      _prosody_cfg_lua: |
+        # Custom prosody /defaults/prosody.cfg.lua
+      _saslauthd_conf: |
+        # Custom prosody /defaults/saslauthd.conf
+      _jitsi_meet_cfg_lua: |
+        # Custom prosody /defaults/conf.d/jitsi-meet.cfg.lua
+jicofo:
+  custom:
+    contInit:
+      _10_config: |
+        # Custom jicofo /etc/cont-init.d/10-config
+    defaults:
+      _jicofo_conf: |
+        # Custom jicofo /defaults/jicofo.conf
+      _logging_properties: |
+        # Custom jicofo /defaults/logging.properties
+web:
+  custom:
+    contInit:
+      _10_config: |
+        # Custom web /etc/cont-init.d/10-config
+    defaults:
+      _default: |
+        # Custom web /defaults/default
+      _ffdhe2048_txt: |
+        # Custom web /defaults/ffdhe2048.txt
+      _interface_config_js: |
+        # Custom web /defaults/interface_config.js
+      _meet_conf: |
+        # Custom web /defaults/meet.conf
+      _nginx_conf: |
+        # Custom web /defaults/nginx.conf
+      _settings_config_js: |
+        # Custom web /defaults/settings-config.js
+      _ssl_conf: |
+        # Custom web /defaults/ssl.conf
+      _system_config_js: |
+        # Custom web /defaults/system-config.js
+

templates/jicofo/configmaps-cont-init.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "jitsi-meet.jicofo.fullname" . }}-cont-inits
+  labels:
+    {{- include "jitsi-meet.jicofo.labels" . | nindent 4 }}
+data:
+  10-config: |
+    {{- if .Values.jicofo.custom.contInit._10_config }}
+      {{- .Values.jicofo.custom.contInit._10_config | nindent 4 }}
+    {{- else }}
+    # Using jicofo /etc/cont-init.d/10-config from container image
+    {{ end }}
+

templates/jicofo/configmaps-defaults.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "jitsi-meet.jicofo.fullname" . }}-defaults
+  labels:
+    {{- include "jitsi-meet.jicofo.labels" . | nindent 4 }}
+data:
+  jicofo.conf: |
+    {{- if .Values.jicofo.custom.defaults._jicofo_conf }}
+      {{- .Values.jicofo.custom.defaults._jicofo_conf | nindent 4 }}
+    {{- else }}
+    # Using jicofo /default/jicofo.conf from container image
+    {{ end }}
+  logging.properties: |
+    {{- if .Values.jicofo.custom.defaults._logging_properties }}
+      {{- .Values.jicofo.custom.defaults._logging_properties | nindent 4 }}
+    {{- else }}
+    # Using jicofo /default/logging.properties from container image
+    {{ end }}

templates/jicofo/deployment.yaml

@@ -34,6 +34,23 @@ spec:
       serviceAccountName: {{ include "jitsi-meet.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.jicofo.podSecurityContext | nindent 8 }}
+      volumes:
+      - name: config
+        emptyDir: {}
+      - name: custom-cont-inits
+        configMap:
+          name: {{ include "jitsi-meet.jicofo.fullname" . }}-cont-inits
+          items:
+            - key: 10-config
+              path: 10-config
+      - name: custom-defaults
+        configMap:
+          name: {{ include "jitsi-meet.jicofo.fullname" . }}-defaults
+          items:
+            - key: jicofo.conf
+              path: jicofo.conf
+            - key: logging.properties
+              path: logging.properties
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -61,7 +78,25 @@ spec:
           {{- end }}
           resources:
             {{- toYaml .Values.jicofo.resources | nindent 12 }}
-
+          volumeMounts:
+          # to support readOnlyRootFilesystem
+          - name: config
+            mountPath: /config
+          {{- if .Values.jicofo.custom.contInit._10_config }}
+          - name: custom-cont-inits
+            mountPath: /etc/cont-init.d/10-config
+            subPath: 10-config
+          {{- end }}
+          {{- if .Values.jicofo.custom.defaults._jicofo_conf }}
+          - name: custom-defaults
+            mountPath: /defaults/jicofo.conf
+            subPath: jicofo.conf
+          {{- end }}
+          {{- if .Values.jicofo.custom.defaults._logging_properties }}
+          - name: custom-defaults
+            mountPath: /defaults/logging.properties
+            subPath: logging.properties
+          {{- end }}
       {{- with .Values.jicofo.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

templates/web/configmaps-cont-init.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "jitsi-meet.web.fullname" . }}-cont-inits
+  labels:
+    {{- include "jitsi-meet.web.labels" . | nindent 4 }}
+data:
+  10-config: |
+  {{- if .Values.web.custom.contInit._10_config }}
+    {{- .Values.web.custom.contInit._10_config | nindent 4 }}
+  {{- else }}
+  # Using web /etc/cont-init.d/10-config from container image
+  {{ end }}

templates/web/configmaps-defaults.yaml

@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "jitsi-meet.web.fullname" . }}-defaults
+  labels:
+    {{- include "jitsi-meet.web.labels" . | nindent 4 }}
+data:
+  default: |
+  {{- if .Values.web.custom.defaults._default }}
+    {{- .Values.web.custom.defaults._default | nindent 4 }}
+  {{- else }}
+  # Using web /defaults/default from container image
+  {{ end }}
+  ffdhe2048.txt: |
+  {{- if .Values.web.custom.defaults._ffdhe2048_txt }}
+    {{- .Values.web.custom.defaults._ffdhe2048_txt | nindent 4 }}
+  {{- else }}
+  # Using web /defaults/ffdhe2048.txt from container image
+  {{ end }}
+  interface_config.js: |
+  {{- if .Values.web.custom.defaults._interface_config_js }}
+    {{- .Values.web.custom.defaults._interface_config_js | nindent 4 }}
+  {{- else }}
+  # Using web /defaults/interface_config.js from container image
+  {{ end }}
+  meet.conf: |
+  {{- if .Values.web.custom.defaults._meet_conf }}
+    {{- .Values.web.custom.defaults._meet_conf | nindent 4 }}
+  {{- else }}
+  # Using web /defaults/meet.conf from container image
+  {{ end }}
+  nginx.conf: |
+  {{- if .Values.web.custom.defaults._nginx_conf }}
+    {{- .Values.web.custom.defaults._nginx_conf | nindent 4 }}
+  {{- else }}
+  # Using web /defaults/nginx.conf from container image
+  {{ end }}
+  settings-config.js: |
+  {{- if .Values.web.custom.defaults._settings_config_js }}
+    {{- .Values.web.custom.defaults._settings_config_js | nindent 4 }}
+  {{- else }}
+  # Using web /defaults/settings-config.js from container image
+  {{ end }}
+  ssl.conf: |
+  {{- if .Values.web.custom.defaults._ssl_conf }}
+    {{- .Values.web.custom.defaults._ssl_conf | nindent 4 }}
+  {{- else }}
+  # Using web /defaults/ssl.conf from container image
+  {{ end }}
+  system-config.js: |
+  {{- if .Values.web.custom.defaults._system_config_js }}
+    {{- .Values.web.custom.defaults._system_config_js | nindent 4 }}
+  {{- else }}
+  # Using web /defaults/system-config.js from container image
+  {{ end }}