drgrove
/
distrust-stack
forked from public/stack
1
0
Fork 0
Code Pull Requests Activity
distrust-stack/kustomizations/matrix/coturn/daemonset.yaml

70 lines
1.9 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: DaemonSet
metadata:
name: coturn
spec:
template:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
containers:
- name: "coturn"
image: coturn/coturn
args: ["-c", "/config/turnserver.conf"]
ports:
- name: turn-3478
containerPort: 3478
protocol: UDP
- name: turn-49152
containerPort: 49152
hostPort: 49152
protocol: UDP
- name: turn-49153
containerPort: 49153
hostPort: 49153
protocol: UDP
- name: turn-49154
containerPort: 49154
hostPort: 49154
protocol: UDP
- name: turn-49155
containerPort: 49155
hostPort: 49155
protocol: UDP
- name: turn-49156
containerPort: 49156
hostPort: 49156
protocol: UDP
- name: turn-49157
containerPort: 49157
hostPort: 49157
protocol: UDP
- name: turn-49158
containerPort: 49158
hostPort: 49158
protocol: UDP
volumeMounts:
- name: config
mountPath: /config/turnserver.conf
subPath: turnserver.conf
readOnly: true
- name: var-tmp
mountPath: /var/tmp
securityContext:
capabilities:
# https://github.com/coturn/coturn/issues/994
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumes:
- name: config
secret:
secretName: coturn
- name: var-tmp
emptyDir: {}
View Git Blame Copy Permalink