interface_config.js is shipped hardcoded by jitsi/web with
SHOW_JITSI_WATERMARK: true and there's no env-var override in the
upstream image. Patch via postStart lifecycle hook so the runtime-
rendered file gets sed'd after startup-templating finishes. nginx
serves the file fresh on every request, so the tiny race between
pod-ready and postStart completing is irrelevant in practice.
Self-hosted Jitsi instance at meet.it.financeflow.de — avoids the
meet.jit.si moderator-auth wall. Four components (web/prosody/jicofo/jvb)
as raw k3s manifests, same deploy pattern as Embertime (Gitea Actions
+ kubectl apply + KUBECONFIG_B64 secret).
JVB uses hostNetwork + UDP 10000 for media — requires router forward.
Component passwords live in a kubectl-applied Secret (not in git);
generate-secrets.sh produces a fresh manifest.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
