jitsi-contrib / jitsi-kubernetes Goto Github PK

Tools and tutorials hwo to run the Jitsi Meet stack in a Kubernetes Cluster.

License: Apache License 2.0

jitsi-kubernetes's Introduction

Jitsi on Kubernetes

Jitsi is a set of Open Source projects that allows you to easily build and deploy secure videoconferencing solutions.

This repository provides tools and tutorials to run the Jitsi Meet stack in a Kubernetes Cluster. The stack is based on the official docker images provided by the Docker Jitsi-meet project.

There are quite a few different ways to deploy Jitsi with Kubernetes, not to mention different parameters as well depending on how you want it to scale. The following section provides examples, tutorials and general information how to run jitsi in a Kubernetes Cluster.

Kubernetes Kustomize - a simple deployment based on Kubernetes kustomize allowing you to configure your jitsi setup in an easy and transparent way.
Migration from Docker-Compose - if you already have a docker-compose stack running jitsi this will help you to migrate to Kubernetes.
Helm
Secure jitsi on Kubernetes - TBD

How to Contribute

You are sincerely invited to participate in it. If you want to share your thoughts or contribute to this project please report any issues here. All source are available on Github.

jitsi-kubernetes's People

Contributors

Stargazers

Watchers

jitsi-kubernetes's Issues

kustomize example not working

Hello I been banging my head trying to get this to work.
I have installed ingress-nginx following this since I am using digital ocean
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes
After this is working I removed the echo1 and echo2 that it was used for testing..
I installed the kustomize from here following with details the examples.

kubectl apply -k  ./kubernetes-jitsi
serviceaccount/jitsi unchanged
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/jitsi-privileged configured
role.rbac.authorization.k8s.io/jitsi-privileged unchanged
rolebinding.rbac.authorization.k8s.io/jitsi-privileged unchanged
service/jvb-udp unchanged
service/web unchanged
deployment.apps/jitsi unchanged
ingress.networking.k8s.io/jitsi configured

when I do a kubectl describe certificate -A it shows the cert created.
but I have two problems that may be related.

I get a invalid cert..
even if I accept it and move pass it I go to a page 404 not found from nginx.

on the describe ingress

 kubectl describe ingress
No resources found in default namespace.
[rek2@rek2laptop friendlyverse]$ kubectl describe ingress -A
Name:             jitsi
Namespace:        jitsi
Address:          
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
  tls-prod-jitsi terminates vid1.example.com
Rules:
  Host             Path  Backends
  ----             ----  --------
  vid1.example.com  
                   /   web:80 (10.244.0.204:80)
Annotations:       cert-manager.io/cluster-issuer: letsencrypt-prod
Events:
  Type    Reason             Age   From          Message
  ----    ------             ----  ----          -------
  Normal  CreateCertificate  31m   cert-manager  Successfully created Certificate "tls-jitsi"
  Normal  CreateCertificate  10m   cert-manager  Successfully created Certificate "tls-prod-jitsi"
  Normal  DeleteCertificate  10m   cert-manager  Successfully deleted unrequired Certificate "tls-jitsi"

I changed the secret to get another cert from tls-jitsi to tls-prod-jitsi but still same issue..
also there is a missing backend error in that output...

any tips?
Thanks

Provide a Docker-Compose migration example

Provide a example how to migrate from a existing Docker-Compose stack to kubernetes

How can I configure JVB which is running on Linux server with Jitsi Kubernetes deployment ?

Hi All,

As this helm chart deploy Jitsi meet on Kubernetes cluster and as our Kubernetes cluster is in Private subnet and it is hard to auto scale JVB in kubernetes cluster hence we want to run only Jicofo, Prosody and web in kubernetes cluster and JVB on another linux server.

How we can make the changes in Jicofo i.e. JMS to communicate with JVB ?
Please help me how we can achieve this ?

enabling jwt auth is not working

I'm not sure what am I missing here:
Based: https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker#jitsi-meet-web-configuration

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    k8s-app: jitsi
  name: jitsi
  namespace: jitsi
spec:
  template:
    metadata:
      labels:
        k8s-app: jitsi
    spec:
      containers:
        - name: web
          env:
            - name: PUBLIC_URL
              value: "https://jitsi.example.com"
            - name: ENABLE_AUTH
              value: '1'
            - name: ENABLE_GUESTS
              value: '0'
            - name: AUTH_TYPE
              value: 'jwt'
            - name: JWT_APP_ID
              value: '<app-id>'
            - name: JWT_APP_SECRET
              value: '<secret>'
            - name: JWT_ALLOW_EMPTY
              value: '0'

        - name: prosody
          env:
            - name: PUBLIC_URL
              value: "https://jitsi.example.com"
            - name: ENABLE_AUTH
              value: '1'
            - name: ENABLE_GUESTS
              value: '0'
            - name: AUTH_TYPE
              value: 'jwt'
            - name: JWT_APP_ID
              value: '<app-id>'
            - name: JWT_APP_SECRET
              value: '<secret>'
            - name: JWT_ALLOW_EMPTY
              value: '0'

do not see video after when join meet and jvb websocket connected

i do not know where I am

Provide a setup example for Kubernetes Kustomize

Provide a setup example for the jitsi-meet stack based on Kubernetes Kustomize

no matches for kind "Ingress" in version "networking.k8s.io/v1

When applying -k ./jitsi,

I am getting the following:

kubectl apply -k ./jitsi
serviceaccount/jitsi created
podsecuritypolicy.policy/jitsi-privileged created
role.rbac.authorization.k8s.io/jitsi-privileged created
rolebinding.rbac.authorization.k8s.io/jitsi-privileged created
service/jvb-udp created
service/web created
deployment.apps/jitsi created
error: unable to recognize "./jitsi": no matches for kind "Ingress" in version "networking.k8s.io/v1"

updating docker-compose file

Greetings,
you explain "Change all ports to have a single number form instead of Port:Port form (using the environment variables) "

In the file I see those ports defined as ’${HTTP_PORT}:80' or '${JVB_PORT}:${JVB_PORT}/udp’
So how exactly are those supposed to look instead and what is added as environment variables?

websocket connect error after when joined meet

I do not know where is error

I search the word wss://localhost:8443/colibri-ws/127.0.0.1/ in the https://github.com/jitsi

the result is not found

Documentation is not up-to-date

Looks like the documentation is not up-to-date (there is no 041-ingress.yaml file, for example).

Tried to follow the steps I thought it would be alright:

Create namespace
Create secret
Create the rest of the resources (010-jvb-service.yaml,020-rbac.yaml,030-deployment.yaml,040-web-service.yaml ).

I get CrashLoopBackOff.

Any idea on what to do next, please?

Upgrade Container Versions to stable

Change form latest to stable container versions to avoid breaking the deployment!

version: stable-5765-1

Cannot have more than 2 users connected

Hi, i'm trying to use this project to deploy Jitsi to my AWS Kubernetes Cluster. Whenever I add 3 or more clients to a room, every other webcam goes black and no sound is working anymore.
Here's my installation so far:
$cat 041-ingress.yml

---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: jitsi
  namespace: jitsi
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  rules:
    - host: visio.redacted.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web
                port:
                  number: 80
  tls:
  - hosts:
    - visio.redacted.com
    secretName: visio-tls-secret

$ cat 010-deployment.yml

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    k8s-app: jitsi
  name: jitsi
  namespace: jitsi
spec:
  template:
    metadata:
      labels:
        k8s-app: jitsi
    spec:
      containers:
        - name: web
          env:
            - name: PUBLIC_URL
              value: "https://visio.redacted.com"
          volumeMounts:
            - name: config
              mountPath: /config/custom-config.js
              subPath: custom-config.js
            - name: config
              mountPath: /config/interface_config.js
              subPath: interface_config.js
            - name: images
              mountPath: /usr/share/jitsi-meet/images/redacted.svg
              subPath: redacted.svg
        - name: prosody
          env:
            - name: PUBLIC_URL
              value: "https://visio.redacted.com"
        - name: jvb
          env:
            - name: PUBLIC_URL
              value: "https://visio.redacted.com"
        - name: jicofo
          env:
            - name: PUBLIC_URL
              value: "https://visio.redacted.com"
      volumes:
        - name: config
          configMap:
            name: jitsi-config
        - name: images
          configMap:
            name: redacted-logo

$ cat kustomization.yml

namespace: jitsi
bases:
- https://github.com/jitsi-contrib/kubernetes/doc/kustomize

resources:
- 041-ingress.yml

patchesStrategicMerge:
- 010-deployment.yml

configMapGenerator:
  - name: jitsi-config
    files:
      - custom-config.js
      - interface_config.js
  - name: redacted-logo
    files:
      - redacted.svg

I've allowed port 10000 for 0.0.0.0/32 to the cluster AWS Security Groups. I suspect this issue has to do with the absence of ingress/services to port 10000:

$ kubectl get svc -n jitsi
NAME      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)           AGE
jvb-udp   NodePort    10.100.144.41   <none>        30300:30300/UDP   13d
web       ClusterIP   10.100.28.75    <none>        80/TCP,443/TCP    13d
$ kubectl get ingress -n jitsi 
NAME    CLASS    HOSTS                 ADDRESS                                                    PORTS     AGE
jitsi   <none>   visio.redacted.com   a02d4fredacted151-1096927691.eu-west-3.elb.amazonaws.com   80, 443   13d

Any idea how to amend this configuration in order to have more than 2 clients connected simulatneously ?
Thanks !

Unable to record Video during meeting

Hello,

I am not able to record meeting and i am supposing this may be because we are not installing jibri in our deployment.
Any help to install jibri will be appreciated.

JSA-2021-0004 - Log4J Patch

See: https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2021-0005.md

Upgrade versions:

stable-5870 => stable-6726

Typo in README of Kustomize example

There is a typo in the REAME of the kustomize example

bases:
- https://github.com/jitsi-contrib/kubernetes/doc/kustomize

need to be changed into

bases:
- https://github.com/jitsi-contrib/jitsi-kubernetes/tree/main/doc/kustomize

upgrade from version 6726 to 6826

upgrade to latest stable version 6826

Jitsi kubernetes running in AWS EKS

Hello, I'm trying to setup Jitsi to run on EKS.

At the moment when creating a Load Balancer using the alb-aws-controller, the target group is not being setup properly.

Looking at the web-service file, I can see you're redirecting traffic from port 80 to port 80. It means that jitsi is listening on port 80, correct?

Or do I need to redirect to another port? Thanks in advance!

Rootless?

More of a question than an issue: Has anyone tried to run Jitisi-Kubernetes on a non-root Kubernetes platform such as OpenShift?

API supports is too old to run 020-rbac.yaml

PodSecurityPolicy has been removed since v1.25, so the error below occurs.

in 020-rbac.yaml

apiVersion: policy/v1
kind: PodSecurityPolicy

Error line:

error: resource mapping not found for name: "jitsi-privileged" namespace: "" from ".": no matches for kind "PodSecurityPolicy" in version "policy/v1"
ensure CRDs are installed first

error: accumulating resources

I went through the steps to deploy Jitsi on my microk8s cluster with kustomize and recieve following error:

error: accumulating resources: accumulation err='accumulating resources from 'https://github.com/jitsi-contrib/jitsi-kubernetes/tree/main/doc/kustomize': yaml: line 218: mapping values are not allowed in this context': evalsymlink failure on '/tmp/kustomize-2873540753/tree/main/doc/kustomize' : lstat /tmp/kustomize-2873540753/tree: no such file or directory

What have I done wrong?

The plan is to run jitsi on a internal server and access the Service with the IP, without exposing anything to the internet, so a https certificate by letsencrypt is not required or relevant for us.

I enabled the Ingress microk8s addon and created the .yaml files like this:

010-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    k8s-app: jitsi
  name: jitsi
  namespace: jitsi	   
spec:
  template:
    metadata:
      labels:
        k8s-app: jitsi
    spec:
      containers:
        - name: web
          env:
            - name: PUBLIC_URL
              value: "http://192.168.1.70"

        - name: prosody
          env:
            - name: PUBLIC_URL
              value: "http://192.168.1.70"

041-ingress.yaml

---
###################################################
# Ingress
###################################################
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: jitsi
  namespace: jitsi
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - 192.168.1.70
    secretName: tls-jitsi
  rules:
  - host: 192.168.1.70
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web
            port:
              number: 80

kustomization.yaml

namespace: jitsi
bases:
- https://github.com/jitsi-contrib/jitsi-kubernetes/tree/main/doc/kustomize

resources:
- 041-ingress.yaml

patchesStrategicMerge:
- 010-deployment.yaml

Thank you for your help!

jitsi-contrib / jitsi-kubernetes Goto Github PK

jitsi-kubernetes's Introduction

Jitsi on Kubernetes

How to Contribute

jitsi-kubernetes's People

Contributors

Stargazers

Watchers

Forkers

jitsi-kubernetes's Issues

Recommend Projects

Recommend Topics

Recommend Org