Dennis Paradzinski
6efce0c8f1
Some checks failed
deploy / deploy (push) Failing after 3s
Self-hosted Jitsi instance at meet.it.financeflow.de — avoids the meet.jit.si moderator-auth wall. Four components (web/prosody/jicofo/jvb) as raw k3s manifests, same deploy pattern as Embertime (Gitea Actions + kubectl apply + KUBECONFIG_B64 secret). JVB uses hostNetwork + UDP 10000 for media — requires router forward. Component passwords live in a kubectl-applied Secret (not in git); generate-secrets.sh produces a fresh manifest. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
48 lines
1.4 KiB
YAML
48 lines
1.4 KiB
YAML
# Videobridge — routes the actual media streams. Two critical bits:
|
|
#
|
|
# 1) hostNetwork: true — JVB binds UDP 10000 directly on the node's
|
|
# external interface. The router/firewall must forward UDP 10000
|
|
# from the public IP to that node, otherwise browsers can't reach
|
|
# it and you get audio-only fallback.
|
|
#
|
|
# 2) DOCKER_HOST_ADDRESS — the public IP/hostname browsers will use
|
|
# to reach the bridge. Replace `__PUBLIC_IP__` with darkember's
|
|
# public IP before applying, or override via kustomize/sed in the
|
|
# deploy step.
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: jvb
|
|
namespace: jitsi
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels: { app: jvb }
|
|
template:
|
|
metadata:
|
|
labels: { app: jvb }
|
|
spec:
|
|
hostNetwork: true
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
containers:
|
|
- name: jvb
|
|
image: jitsi/jvb:stable
|
|
envFrom:
|
|
- configMapRef: { name: jitsi-config }
|
|
- secretRef: { name: jitsi-secrets }
|
|
env:
|
|
- name: DOCKER_HOST_ADDRESS
|
|
value: "__PUBLIC_IP__"
|
|
- name: JVB_PORT
|
|
value: "10000"
|
|
ports:
|
|
- name: media
|
|
containerPort: 10000
|
|
hostPort: 10000
|
|
protocol: UDP
|
|
resources:
|
|
requests: { cpu: 100m, memory: 256Mi }
|
|
limits: { cpu: 2, memory: 2Gi }
|