Skip to content

Latest commit

 

History

History
114 lines (99 loc) · 5.2 KB

README.md

File metadata and controls

114 lines (99 loc) · 5.2 KB
Raw

Migration from Docker-Compose

If you already have a docker-compose stack running jitsi, read how to migrate to Kubernetes.

The following tutorial shows how to get a basic jitsi installation working behind an HA-proxy on a microk8s Kubernetes cluster using the kompose tool on the docker-compose.yml file supplied here. I've outlined the basic steps below. Also, I did in fact test with 3 participants, as with two it seems that the web service completely bypasses jvb which makes testing quite a hassle if you're trying to get up and running quickly.

Skip down to here if all you want to do is deploy to Kubernetes (may be broken in the future).

0) Transform env.example and docker-compose.yml into kompose-friendly format

These steps are already done, and the results are in the current directory. However, they may need to be updated if the jitsi team ever updates env.example or docker-compose.yml

0.a) .env file updates

  • XMPP_SERVER=prosody (these are identified by service name)
  • XMPP_BOSH_URL_BASE=http://prosody:5280
  • JVB_PORT=30300
  • JVB_TCP_PORT=30301
  • JVB_TCP_MAPPED_PORT=30301

0.b) docker-compose.yml updates

Kompose chokes on a few things with the current docker-compose.yml that we don't really need.

  • Delete all references to volumes, networks, and depends_on.
  • Change all ports to have a single number form instead of Port:Port form (using the environment variables)
  • Add an expose: - '9090' entry to the jvb service (this allows the internal websockets to work across multiple deployments)

Run Kompose and apply the result to Kubernetes

These steps must be done by the person deploying to kubernetes.

1) .env file updates

Rename example.env to .env and make at least the following adjustments:

  • PUBLIC_URL= (full external url to your service, usually defined by an ingress. Do NOT include a trailing slash, or else the websocket connections will break with prosody)
  • DOCKER_HOST_ADDRESS= (ip address of one of your kubernetes cluster nodes, not your external ip address - otherwise it won't work inside your LAN, and the STUN server figures out your public ip anyways)
  • Don't forget to add passwords! (run ./gen-passwords.sh)

2) Apply .env file to docker-compose and run kompose

Kompose doesn't support .env files, so get around this by doing the following:

docker-compose config > docker-compose-resolved.yaml
kompose convert -f docker-compose-resolved.yam

If there are errors, the error message should give enough information to know what to fix. Probably port issues like "FATA services.web.ports.0 must be a string or number." Simply delete anything other than the port number and the leading -.

3) Modify generated jvb-service.yaml

Since k8s ingress doesn't support forwarding udp, you need to change its type to NodePort. Also you don't need 9090 exposed via the service (just in the deployment spec), or 90901 if you set JVB_TCP_HARVESTER_DISABLED=true in the .env. Once I'm done, mine looks like this:

apiVersion: v1
kind: Service
metadata:
  annotations:
    kompose.cmd: C:\PATH\kompose-1.22.0.exe convert -f docker-compose-resolved.yaml
    kompose.version: 1.21.0 (992df58d8)
  creationTimestamp: null
  labels:
    io.kompose.service: jvb
  name: jvb
spec:
  type: NodePort
  externalTrafficPolicy: Cluster
  ports:
  - port: 30300
    protocol: UDP
    targetPort: 30300
    nodePort: 30300
  selector:
    io.kompose.service: jvb
status:
  loadBalancer: {}

4) kubectl apply -f <everything generated by kompose>.yaml

Use the following if jitsi is your namespace (create before if it doesn't exist):

kubectl apply -n jitsi -f prosody-deployment.yaml
kubectl apply -n jitsi -f prosody-service.yaml
kubectl apply -n jitsi -f jvb-deployment.yaml
kubectl apply -n jitsi -f jvb-service.yaml
kubectl apply -n jitsi -f jicofo-deployment.yaml
kubectl apply -n jitsi -f web-deployment.yaml
kubectl apply -n jitsi -f web-service.yaml

5) Configure ingress

I have cert-manager, so here is how I configure mine as an example (the timeouts increases are to make sure websockets work):

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: jitsi
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    cert-manager.io/issue-temporary-certificate: 'true'
    nginx.ingress.kubernetes.io/proxy-read-timeout: '3600'
    nginx.ingress.kubernetes.io/proxy-send-timeout: '3600'
spec:
  tls:
    - hosts:
        - jitsi.example.com
      secretName: jitsi-example-com-tls
  rules:
    - host: jitsi.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              serviceName: web
              servicePort: 80

6) Configure Port Forwarding and HA-proxy on your router or firewall

Forward port 30300 UDP to one of your node ports' 30300 (probably the same one you specified in DOCKER_HOST_ADDRESS), and same with TCP port 30301 if you set JVB_TCP_HARVESTER_DISABLED=false. Also either port forward 80/443 or point HA-proxy to your k8s ingress.

7) Done

Go to the website and test this. It probably won't support too many simultaneous meetings, but it's good enough for a small application.