distrust-stack/kustomizations/matrix/coturn/daemonset.yaml

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: coturn
spec:
  template:
    spec:
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
      containers:
        - name: "coturn"
          image: coturn/coturn
          args: ["-c", "/config/turnserver.conf"]
          ports:
            - name: turn-3478
              containerPort: 3478
              protocol: UDP
            - name: turn-49152
              containerPort: 49152
              hostPort: 49152
              protocol: UDP
            - name: turn-49153
              containerPort: 49153
              hostPort: 49153
              protocol: UDP
            - name: turn-49154
              containerPort: 49154
              hostPort: 49154
              protocol: UDP
            - name: turn-49155
              containerPort: 49155
              hostPort: 49155
              protocol: UDP
            - name: turn-49156
              containerPort: 49156
              hostPort: 49156
              protocol: UDP
            - name: turn-49157
              containerPort: 49157
              hostPort: 49157
              protocol: UDP
            - name: turn-49158
              containerPort: 49158
              hostPort: 49158
              protocol: UDP
          volumeMounts:
            - name: config
              mountPath: /config/turnserver.conf
              subPath: turnserver.conf
              readOnly: true
            - name: var-tmp
              mountPath: /var/tmp
          securityContext:
            capabilities:
              # https://github.com/coturn/coturn/issues/994
              add:
                - NET_BIND_SERVICE
              drop:
                - ALL
            readOnlyRootFilesystem: true
            allowPrivilegeEscalation: false
      volumes:
        - name: config
          secret:
            secretName: coturn
        - name: var-tmp
          emptyDir: {}
k/matrix/coturn: initial commit 2024-01-22 07:34:23 +00:00			`apiVersion: apps/v1`
			`kind: DaemonSet`
			`metadata:`
			`name: coturn`
			`spec:`
			`template:`
			`spec:`
			`securityContext:`
			`runAsUser: 1000`
			`runAsGroup: 1000`
			`fsGroup: 1000`
			`containers:`
			`- name: "coturn"`
			`image: coturn/coturn`
			`args: ["-c", "/config/turnserver.conf"]`
			`ports:`
			`- name: turn-3478`
			`containerPort: 3478`
			`protocol: UDP`
			`- name: turn-49152`
			`containerPort: 49152`
			`hostPort: 49152`
			`protocol: UDP`
			`- name: turn-49153`
			`containerPort: 49153`
			`hostPort: 49153`
			`protocol: UDP`
			`- name: turn-49154`
			`containerPort: 49154`
			`hostPort: 49154`
			`protocol: UDP`
			`- name: turn-49155`
			`containerPort: 49155`
			`hostPort: 49155`
			`protocol: UDP`
			`- name: turn-49156`
			`containerPort: 49156`
			`hostPort: 49156`
			`protocol: UDP`
			`- name: turn-49157`
			`containerPort: 49157`
			`hostPort: 49157`
			`protocol: UDP`
			`- name: turn-49158`
			`containerPort: 49158`
			`hostPort: 49158`
			`protocol: UDP`
			`volumeMounts:`
			`- name: config`
			`mountPath: /config/turnserver.conf`
			`subPath: turnserver.conf`
			`readOnly: true`
			`- name: var-tmp`
			`mountPath: /var/tmp`
			`securityContext:`
			`capabilities:`
			`# https://github.com/coturn/coturn/issues/994`
			`add:`
			`- NET_BIND_SERVICE`
			`drop:`
			`- ALL`
			`readOnlyRootFilesystem: true`
			`allowPrivilegeEscalation: false`
			`volumes:`
			`- name: config`
			`secret:`
			`secretName: coturn`
			`- name: var-tmp`
			`emptyDir: {}`