From cc79996d0ed97d226cbda2012db916c0e2e88e7b Mon Sep 17 00:00:00 2001
From: Dominik Kaminski <kaminski@univention.de>
Date: Mon, 14 Aug 2023 13:46:04 +0200
Subject: [PATCH] fix(sovereign-workplace-jitsi): Fix nodePort deployment with
different egress gateway
---
.../templates/configmap.yaml | 11 ++++++++++-
.../templates/role.yaml | 3 +++
charts/sovereign-workplace-jitsi/values.yaml | 16 +++++++++++++++-
3 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/charts/sovereign-workplace-jitsi/templates/configmap.yaml b/charts/sovereign-workplace-jitsi/templates/configmap.yaml
index 9f729a5..6a039d2 100644
--- a/charts/sovereign-workplace-jitsi/templates/configmap.yaml
+++ b/charts/sovereign-workplace-jitsi/templates/configmap.yaml
@@ -43,10 +43,19 @@ data:
"[{ \"op\": \"add\", \"path\": \"/data/JVB_ADVERTISE_IPS\", \"value\": \"${ip}\" },
{ \"op\": \"add\", \"path\": \"/data/DOCKER_HOST_ADDRESS\", \"value\": \"${ip}\" }]"
{{- else if (eq .Values.jitsi.jvb.service.type "NodePort") }}
+ {{- if .Values.patchJVB.configuration.staticLoadbalancerIP }}
+ echo "Patching JVB to advertise IP: {{ .Values.patchJVB.configuration.staticLoadbalancerIP }}"
+ kubectl patch cm jitsi-jvb --type json --patch \
+ "[{ \"op\": \"add\", \"path\": \"/data/JVB_ADVERTISE_IPS\", \"value\": \"{{ .Values.patchJVB.configuration.staticLoadbalancerIP }}\" },
+ { \"op\": \"add\", \"path\": \"/data/DOCKER_HOST_ADDRESS\", \"value\": \"{{ .Values.patchJVB.configuration.staticLoadbalancerIP }}\" }]"
+ {{- end }}
port=$(kubectl get svc jitsi-jvb -o jsonpath='{.spec.ports[0].nodePort}');
- echo "Patching JVB to use port: ${port}"
+ echo "Patching JVB ConfigMap to use port: ${port}"
kubectl patch cm jitsi-jvb --type json --patch \
"[{ \"op\": \"add\", \"path\": \"/data/JVB_PORT\", \"value\": \"${port}\" }]"
+ echo "Patching JVB Service to use targetPort: ${port}"
+ kubectl patch svc jitsi-jvb --type json --patch \
+ "[{ \"op\": \"replace\", \"path\": \"/spec/ports/0/targetPort\", \"value\": ${port} }]"
{{- end }}
kubectl rollout restart deployment jitsi-jvb
{{- end }}
diff --git a/charts/sovereign-workplace-jitsi/templates/role.yaml b/charts/sovereign-workplace-jitsi/templates/role.yaml
index 908b857..47a987d 100644
--- a/charts/sovereign-workplace-jitsi/templates/role.yaml
+++ b/charts/sovereign-workplace-jitsi/templates/role.yaml
@@ -12,6 +12,7 @@ metadata:
{{- include "common.labels.standard" . | nindent 4 }}
rules:
# Get IP/Port from service.
+ # Update target port for nodePort
- apiGroups: [""]
resources:
- "services"
@@ -19,6 +20,8 @@ rules:
- "jitsi-jvb"
verbs:
- "get"
+ - "update"
+ - "patch"
# Update configmap for env vars.
- apiGroups: [""]
resources:
diff --git a/charts/sovereign-workplace-jitsi/values.yaml b/charts/sovereign-workplace-jitsi/values.yaml
index 6b50fb7..1ce4306 100644
--- a/charts/sovereign-workplace-jitsi/values.yaml
+++ b/charts/sovereign-workplace-jitsi/values.yaml
@@ -85,6 +85,13 @@ image:
# After deployment of JVB service, the job fetches the provisioned LoadBalancer IP or NodePort port to advertise.
patchJVB:
+ # Job configuration
+ configuration:
+ # -- Relevant for NodePort deployments only.
+ # In case you have a different egress gateway and thus the incoming ip can not be autodiscovered, provide the ip of
+ # your ingress gateway.
+ staticLoadbalancerIP: ""
+
# Security Context.
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
containerSecurityContext:
@@ -169,7 +176,7 @@ jitsi:
websockets:
colibri:
- enabled: false
+ enabled: true
xmpp:
enabled: false
@@ -219,6 +226,13 @@ jitsi:
- name: "jitsi-meet-swp"
mountPath: "/usr/share/jitsi-meet/static/oidc-redirect.html"
subPath: "oidc-redirect.html"
+ ingress:
+ annotations:
+ ingress.cilium.io/tcp-keep-alive: "enabled"
+ ingress.cilium.io/websocket: "enabled"
+ nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+ nginx.ingress.kubernetes.io/proxy-sent-timeout: "3600"
+ nginx.org/websocket-services: "http"
prosody:
image:
--
GitLab