# Videobridge — routes the actual media streams. Two critical bits:
#
#   1) hostNetwork: true  — JVB binds UDP 10001 directly on the node's
#      external interface. UDP 10000 is taken by an OpenDesk-bundled
#      Jitsi already running on the same node, so we shift to 10001.
#      Router/firewall forward UDP 10001 → darkember accordingly.
#
#   2) DOCKER_HOST_ADDRESS — the public IP/hostname browsers will use
#      to reach the bridge. Replace `__PUBLIC_IP__` with darkember's
#      public IP before applying, or override via kustomize/sed in the
#      deploy step.
apiVersion: apps/v1
kind: Deployment
metadata:
  name: jvb
  namespace: jitsi
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels: { app: jvb }
  template:
    metadata:
      labels: { app: jvb }
    spec:
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      containers:
        - name: jvb
          image: jitsi/jvb:stable
          envFrom:
            - configMapRef: { name: jitsi-config }
            - secretRef: { name: jitsi-secrets }
          env:
            - name: DOCKER_HOST_ADDRESS
              value: "__PUBLIC_IP__"
            - name: JVB_PORT
              value: "10001"
          ports:
            - name: media
              containerPort: 10001
              hostPort: 10001
              protocol: UDP
          resources:
            requests: { cpu: 100m, memory: 256Mi }
            limits:   { cpu: 2, memory: 2Gi }