forked from public/stack
k/matrix/coturn: initial commit
This commit is contained in:
parent
19362e2706
commit
759571e589
|
@ -0,0 +1,118 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: coturn
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
turnserver.conf: ENC[AES256_GCM,data:suQA1LL8JiKemZo1LojR4WYSk5ex5DIv4wyOGjS6gZKGCViqR2uvIBT1DVI/LfIjYjuBDM7NqDOSP/kQxChJDrUksaOCU4Q5uc/eE9zlyP7A/c4Cb8evPQ1JApK2GTzFwz8J5x6S4aa+JpoAB5aTvijfcW131pmQOtz6uanEhuU1As9c9g57nbGGR2lLRx7rYVMqGC2fxg30JJewSjIYWsOJoz6+Y/callulnQKznil7cMYwjiMK/QoVgdsvmW4fjcm8PbBKdBZbh7nDQBcvtrr8lqyMBNl/XOTtU4Ael28YWzDtdbWH1jdJMnMieWxpa2D2XnWNqd0XdYxPwS3HnVHVXSgwOYUQutMyWNBA1wnIaC1sg8Z5lzqE38DzXfA=,iv:8wwzXOMCH4zadAtifiFAbwFEQ7O5CO2ogvCiuEDV8gU=,tag:D04paJjlkzeXmuyLvk4f8w==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2024-01-16T07:13:58Z"
|
||||||
|
mac: ENC[AES256_GCM,data:t8y4z+JQ2ua9KcykwoH2rHi1wsHC0Z1TkxkMZvUenQFxvwNTHC4NghwWGN2kcCDO9SjUb1J3BPobZd/EqSitQ7kTxyeBTa+qcylUIDvCmk9S1ZHVyJKhoQABbJX9raClYV3a3zrk5WNi4obXAHgXGpMdq1cVe53GR/X5z5ury7Q=,iv:x+WQ8t86EOrejNyv0grHSyd1bOpWcoZ/lqmFtFHHR0o=,tag:XuiuZUKe32MjNMg4nx9Kvg==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA82rPM2mSf/aARAAkFACzQmqyF9BqaD1qEjIO4e6owS/n4h3U6ee0Y7fhO8y
|
||||||
|
a5RJ4/HvMmfXcYeHm+CZjsFaui4YJkPS93clGTJzV4w15yXJUunIVjAmkvSrVh6P
|
||||||
|
GqRUtNpi1y+JCS3sjlAfvm3h9b08dNxFv7rTwZtDiP8zmcNuB0zbLBFR7G6ixetx
|
||||||
|
ZxL7piPYX75Rqoz8A/+V7VAtsoX8t3xv5xgjHzzfhiM3TeoQUgLnF8aN5huiSptf
|
||||||
|
dMmNMa0GGu5QaUjYJ3iHjv5eMtCJ79KwpuCfv5iX34Q++rTe5VUWoQabNAiE/Frt
|
||||||
|
Rc3JB8o8rfL6WME9qIIa5k654JlVDKqOvTH3mtHkOIWhD2+CEK89Siq3G35Kkct8
|
||||||
|
Ym7UNa6gE8IdSGkCOH81G4ZheU6Z8OKF1Z7dO+o7IdgIURTwLEFeBIC2PtWOKOJP
|
||||||
|
PnzqZNk1w4n4XK6hQg4bmIj8VaZXXgHEXcO/jaGCoRyr36BHCE1Sj1ae5cMUgDje
|
||||||
|
p6WKVO6gXfRg7SRJqQNUh03Lz0YKIjsI/429UPyf9mtXbHfvVyrW3+wyByok86FG
|
||||||
|
cGL1Y/N7thxAxXqHy4OZFCE0NMP2bobMzzGJTtDY9oPsGwTb6xk1g0wE5zg6IoQa
|
||||||
|
9hnObBJhdpvYcD6juz+V0wkeI30essnz7ZTtsLdfCox6mnP5BMTtzxmcRrCpNvHS
|
||||||
|
UQFIZa0XryYoXv3rcw6yUpkqv6aYzD3L4PnqYtGUEtbMoTb8NXa9Cp+1OeypqZ0g
|
||||||
|
7uO5zCKJgL6sBaPnJL5/n+afafzYcIOsQc2O+q0s4O1d5Q==
|
||||||
|
=3E6w
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 6B61ECD76088748C70590D55E90A401336C8AAA9
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMAw95Vf08z8oUAQ//abo3n5r8YdQ6p+/X031/n8MCvWKw+ERGSvDuT2r7g8m8
|
||||||
|
DqrBQmX578jHVmZkC2B6fYqEBuQAeyEJyQ56MLMuGMNSET8dgNS4Uj/gwvsuEDQf
|
||||||
|
NhU10WLkfQ3g2/o654BVzPC2b3UQTL4mmXqp0+ID79uynn0/WZ0TQQ8xj/uUaDS1
|
||||||
|
h6/uC7mmDGTHaxF3gFuYkvWMghU0bqX5BfrAPdICAr8FIqxUGIvUD6KkBu9hWTYP
|
||||||
|
RLtfwpU/DAcT/7pNtic25WzzQt7W0mok3zUZZq5r2UqO35x2XOrgC5DQ69QYf7JZ
|
||||||
|
a9S236gEpAS0Kl1IWSvY2kDzj/J27T3nonY2kX3a+UqVWX15LEmVmNNUMwjz91/b
|
||||||
|
0G+26vustzinHBs30EHGBqhyELjRW0RjcmlVGNXvZwhgGL5/LNIEcfBi19tIang1
|
||||||
|
dRYE9TasSeRbyTU/A/CXFDeuGtC8K552SzXjv1zP6gkwZFb0/zd0/XHPSyGyOLbM
|
||||||
|
1PC3JhkA8GEYQ7l9y5BdPXxZseuoSHDPHfMRIcnogx6w6rfBdd9+78M1WjnGzhYi
|
||||||
|
/utORBaiwU9Zk+Xm3B+WbkDl5+jio+UIp9nHoYAGfuJ9A6TZYBIavB6K171wALke
|
||||||
|
Kl6hoTxef/VGwdfXB9ikUy0bi0Km1vVpZGVzIjSFXiSlLkaamhxUFSgDPGZN21rS
|
||||||
|
UQHeXKkhgKXTEVvi+kypRbN2/174bElGTWz1C2TWPNJAcvvKmRw66t5g8pahnXbm
|
||||||
|
SYQoB5JaAl0URu6zHWBYhCjQjiyePhnxHV4tgGtEYAdY3g==
|
||||||
|
=xXRR
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA0/D4ws+/KPtARAAsxa6N9jRT1AUqfWI7gIfJK6i6g0F5oxRYJ5A2mjhc89k
|
||||||
|
ZAN4/tO9GC+Fg8+lLhPHdiz6v2T1+92AFXET3jm+ax6rYei2woMHNXKzgqxjkQEQ
|
||||||
|
xQ/3LcQ3+FOTrvy7Gir9HQ/DoWSePBF7tx16unxH75hi6AgOiT0nFoEbXP3CJXie
|
||||||
|
lVOO5r5jKgBg9LENj/U+9LHjXB6W0PbVdhxdeStk2TTKcmuDnrGeqKZ3SyZ9V33p
|
||||||
|
DEfydW+T0ac156Eb2tdszzW5e87oPmW78wvLkotboZcPVWBadRtJkzVn3JXoMAda
|
||||||
|
gN+W2+I4/4iQN8ITBQ+2i5GsdbHtnrmPkzSbtSqhujwZ1k/a7uRmHy46ejDK9QnT
|
||||||
|
lQzm2OKyjTlCDhnxnKj0eTE4nN0CDyxGBNlNVG2piKd8i+HpqrjKJ9IUcMj7oO3U
|
||||||
|
8rtQ2A0LHquNvu6ZatP6fUk3tKgLaEslV4ORXMlILdZXlYqgznmvWJaII3XVeu8l
|
||||||
|
G/tHPkOhrcQDIecBeYcTLZYXtPtmY1UNJZfbDazG/9J0rdq/r9NmnB7woy7FSYEp
|
||||||
|
yRNji1i/89nVLsu94ra1D6FHyxgIFTSLkD7s1iCMTsz0UdwfbxqdLIWumYrm04XF
|
||||||
|
wM2eTB8OAGe8mdfi1q4te0FEDMLTpdYBhYDDjHmBv4fXwKPcWkgixvNJtT6xPgLS
|
||||||
|
UQEvOn03hQ8MCQ5kh1R1FoTOw1UpgV0eqJSateC2wkBKbZ/4NWPbnZA7XAW6Jb98
|
||||||
|
JidKJ8TiYiI33hxUhu4nUeZWjNcd7MgHyl1Do2r7SfyICw==
|
||||||
|
=TXST
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA5Wf+FyJ+zFJAQ/+I9khYJfqjCHhrAaElVWKgn4c+7C+oilVNE0132pQZfLb
|
||||||
|
u17yv6AYY5zThK6Lg0GZMKaKFn+JuF9wonTyixJQccJ+w2MxsJQRNQZTV/t19HrQ
|
||||||
|
B+6YFLVPNyOglr7jf+o5BnOdIvpR0Cog5JDzn0j4iwpRWRSGW1sWXiABKWUIW0Ks
|
||||||
|
nR7Rm/k3Jm8zYO6LtoyYog5HGUEHRMuOY6Yoj/EEbfDLKFU5WZ+hfKnbGGM9KW31
|
||||||
|
RkXoCtjm2AstZTia5+Y0E3wNb9bbvpbkewyQd5KqaHmHaX3MzuoYKNHGVEgPMfla
|
||||||
|
Y26aED5uSLETv+C1U/jYJyxyVJxNYb2JBrS8a7+p+mo00Cvbs/pbM/cr5Y/Ogu7Q
|
||||||
|
Ed0+Ixst3LzSTOcYAAiEC/LpWztaIp/4h/cAfE7eKnsoFUVcv2lLpLHyI7fS/sJH
|
||||||
|
Ywp8tlqlfx7DaCqYEVjPMSfI9qBbJomoQ77szHL+Gyi4ibyF0iRz0/NnF5lmu5H5
|
||||||
|
sDAYiqnHEIpk1v+gWXoj/CQq7a5jJf044cYylcO+al27cugr+jr5TBQQVv+wDNJV
|
||||||
|
LqpAxmmz8yUJ6RlTSg5JwNlNCCOONv6f+lX0Cjk7V0kPcOMgbVn19Su7zIvhM7wd
|
||||||
|
m9mzuVWWx2SBGzORdK9W4tt7lybU7aCvusT1jP1nwXF/JCz9lyEbb1syaNIAiXHS
|
||||||
|
UQE2Va23CUVgB+cV/ImXBCEuAjZhiSMFVCtWOZrcqPS8EZX9s6WzscpsEmFnDE7t
|
||||||
|
GVR3u1IyjxTsuTxxYU0ldSjHqYFjQrgRD3ZBzwZcgeajqw==
|
||||||
|
=bF9b
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: F4BF5C81EC78A5DD341C91EEDC4B7D1F52E0BA4D
|
||||||
|
- created_at: "2024-01-11T20:55:07Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
wcFMA8KRInHl7Vz+ARAAoMRyGipvXTgUChfL1Lryej14FI9+8dvWQculBjPQzg6x
|
||||||
|
oxdPzz07ifIX8D64zfToE+qc439l/RYwiMx9XyGscEim0D1GIFPwxOm4DCXT+/5m
|
||||||
|
wlLkOBP7oMwirqSazS7dNF1hE83717QTi1GqC0UqhoMINtxrhQIv1Y6xxREqD1Wd
|
||||||
|
eW3M45p1i8iSZkzF7n0EhIK3J59Wl3vxt9FUX3YRWk1JH0oaqIc1VCH3TJc73DAx
|
||||||
|
9e1jIVQSo4R8BfQc5Y64xRh0eq/87Ud2E2x9JbZmpnw4FN/OHg9QqRMaZ9r6EQ/l
|
||||||
|
VerhJFkfSj3UVAfODzViKXyNTKRak1GOcQBE5lfAXynAW1nfTTx0re0rl6/tvOwC
|
||||||
|
i02a/raksTI8afak1RMclNFqlihsegGU239ZGDRPb4apL32nYY0SMim58vET8rv5
|
||||||
|
eTiQE1udg+1ttIRAGq/PxzHKlc6FUEdyJ6i2Da16c0K76FpF3Gnxxhw+Tleixx3h
|
||||||
|
6+PbhC2qEgt7LS8TNg9J2WTDy4Hlw5YEmzOAM9NA6UYrH9BHsR87sbdriz6pAC55
|
||||||
|
CnFkWptrME4CjUP72qIezRYt/4784ABTw6poQ51jP30641YhgPoYLrWS8hWQYaE3
|
||||||
|
jcrum3JQnLTjsE88OclcreKNvNj+b1t0uxuHa/6UdMnyRCd8osJ22s6JJHLGgB/S
|
||||||
|
UQHvy+Rv0QJ65DjsJ4TfdRBLcKXaF7Ar5SaANqGi8EYwjVbhfImwx5VSEsvQclEU
|
||||||
|
7JihoETtCrRwJM1BkJz3nuBAaYDm1Y+lWHSyVZ6xi8G0eg==
|
||||||
|
=n6cE
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: C92FE5A3FBD58DD3EC5AA26BB10116B8193F2DBD
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.8.1
|
|
@ -0,0 +1,69 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
name: coturn
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
fsGroup: 1000
|
||||||
|
containers:
|
||||||
|
- name: "coturn"
|
||||||
|
image: coturn/coturn
|
||||||
|
args: ["-c", "/config/turnserver.conf"]
|
||||||
|
ports:
|
||||||
|
- name: turn-3478
|
||||||
|
containerPort: 3478
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49152
|
||||||
|
containerPort: 49152
|
||||||
|
hostPort: 49152
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49153
|
||||||
|
containerPort: 49153
|
||||||
|
hostPort: 49153
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49154
|
||||||
|
containerPort: 49154
|
||||||
|
hostPort: 49154
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49155
|
||||||
|
containerPort: 49155
|
||||||
|
hostPort: 49155
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49156
|
||||||
|
containerPort: 49156
|
||||||
|
hostPort: 49156
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49157
|
||||||
|
containerPort: 49157
|
||||||
|
hostPort: 49157
|
||||||
|
protocol: UDP
|
||||||
|
- name: turn-49158
|
||||||
|
containerPort: 49158
|
||||||
|
hostPort: 49158
|
||||||
|
protocol: UDP
|
||||||
|
volumeMounts:
|
||||||
|
- name: config
|
||||||
|
mountPath: /config/turnserver.conf
|
||||||
|
subPath: turnserver.conf
|
||||||
|
readOnly: true
|
||||||
|
- name: var-tmp
|
||||||
|
mountPath: /var/tmp
|
||||||
|
securityContext:
|
||||||
|
capabilities:
|
||||||
|
# https://github.com/coturn/coturn/issues/994
|
||||||
|
add:
|
||||||
|
- NET_BIND_SERVICE
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
secret:
|
||||||
|
secretName: coturn
|
||||||
|
- name: var-tmp
|
||||||
|
emptyDir: {}
|
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
labels:
|
||||||
|
- includeSelectors: true
|
||||||
|
pairs:
|
||||||
|
app.kubernetes.io/name: coturn
|
||||||
|
app.kubernetes.io/part-of: matrix
|
||||||
|
resources:
|
||||||
|
- daemonset.yaml
|
||||||
|
- service.yaml
|
||||||
|
generators:
|
||||||
|
- secret-generator.yaml
|
|
@ -0,0 +1,6 @@
|
||||||
|
apiVersion: viaduct.ai/v1
|
||||||
|
kind: ksops
|
||||||
|
metadata:
|
||||||
|
name: coturn-ksops-secrets
|
||||||
|
files:
|
||||||
|
- config-secrets.enc.yaml
|
|
@ -0,0 +1,39 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: coturn
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- targetPort: turn-3478
|
||||||
|
name: turn-3478
|
||||||
|
port: 3478
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49152
|
||||||
|
name: turn-49152
|
||||||
|
port: 49152
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49153
|
||||||
|
name: turn-49153
|
||||||
|
port: 49153
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49154
|
||||||
|
name: turn-49154
|
||||||
|
port: 49154
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49155
|
||||||
|
name: turn-49155
|
||||||
|
port: 49155
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49156
|
||||||
|
name: turn-49156
|
||||||
|
port: 49156
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49157
|
||||||
|
name: turn-49157
|
||||||
|
port: 49157
|
||||||
|
protocol: UDP
|
||||||
|
- targetPort: turn-49158
|
||||||
|
name: turn-49158
|
||||||
|
port: 49158
|
||||||
|
protocol: UDP
|
Loading…
Reference in New Issue