Update ghcr.io/librespeed/speedtest:latest Docker digest to 233ac66

argocd-applications/base/jitsi-meet-application.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argo-app-jitsi-meet
+  namespace: argocd
+spec:
+  destination:
+    name: ''
+    namespace: default
+    server: https://kubernetes.default.svc
+  source:
+    path: jitsi-meet
+    repoURL: https://git.mziesel.nl/mans/argocd-test
+    targetRevision: HEAD
+  sources: []
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

argocd-applications/base/stirling-pdf-application.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argo-app-stirling-pdf
+  namespace: argocd
+spec:
+  destination:
+    name: ''
+    namespace: default
+    server: https://kubernetes.default.svc
+  source:
+    path: stirling-pdf
+    repoURL: https://git.mziesel.nl/mans/argocd-test
+    targetRevision: HEAD
+  sources: []
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

argocd-applications/kustomization.yaml

@@ -23,3 +23,5 @@ resources:
   - ./base/awx-application.yaml
   - ./base/backstage-application.yaml
   - ./base/smokeping-application.yaml
+  - ./base/stirling-pdf-application.yaml
+  - ./base/jitsi-meet-application.yaml

jitsi-meet/README.md

@@ -0,0 +1,7 @@
+TODO: proper secret management with git/argocd/vault
+
+add password when restoring
+
+```
+kubectl create secret generic jitsi-config -n jitsi-meet --from-literal=JICOFO_COMPONENT_SECRET=<REDACTED> --from-literal=JICOFO_AUTH_PASSWORD=<REDACTED> --from-literal=JVB_AUTH_PASSWORD=<REDACTED>
+```

jitsi-meet/base/jitsi-meet-deployment.yaml

@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    k8s-app: jitsi
+  name: jitsi
+  namespace: jitsi
+spec:
+  template:
+    metadata:
+      labels:
+        k8s-app: jitsi
+    spec:
+      containers:
+        - name: web
+          env:
+            - name: PUBLIC_URL
+              value: "https://meet.mziesel.nl"
+            - name: DISABLE_HTTPS
+              value: "1"
+            - name: ENABLE_HTTP_REDIRECT
+              value: "0"
+            - name: ENABLE_LETSENCRYPT
+              value: "0"
+        - name: prosody
+          env:
+            - name: PUBLIC_URL
+              value: "https://meet.mziesel.nl"
+        - name: jvb
+          env:
+            - name: JVB_ADVERTISE_IPS
+              value: srv01.home.mziesel.nl

jitsi-meet/base/jitsi-meet-ingress.yaml

@@ -0,0 +1,12 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: jitsi-meet-ingressroute
+spec:
+  routes:
+  - match: Host(`meet.mziesel.nl`)
+    kind: Rule
+    services:
+    - name: web
+      port: http
+  tls: {}

jitsi-meet/base/jitsi-meet-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: jitsi-meet

jitsi-meet/base/jitsi-meet-rbac-patch.yaml

@@ -0,0 +1,5 @@
+$patch: delete
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: jitsi-privileged

jitsi-meet/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: jitsi-meet
+
+resources:
+- ./base/jitsi-meet-namespace.yaml
+- ./base/jitsi-meet-ingress.yaml
+- github.com/jitsi-contrib/jitsi-kubernetes/doc/kustomize
+
+patches:
+- path: ./base/jitsi-meet-rbac-patch.yaml
+- path: ./base/jitsi-meet-deployment.yaml

librespeed/base/librespeed-deployment.yaml

@@ -14,7 +14,7 @@ spec:
         app: librespeed
     spec:
       containers:
-      - image: ghcr.io/librespeed/speedtest:latest@sha256:792f70abb05fe963152295743e59e9ff38ee7b9b4f07bd021d0cb59d5fdb4cba 
+      - image: ghcr.io/librespeed/speedtest:latest@sha256:233ac66e6951163fe930624f0ae34a72043ed5f61b2af9250948ccd8ac0bde12 
         name: librespeed
         ports:
           - name: web

stirling-pdf/base/stirling-pdf-deployment.yaml

@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: stirling-pdf
+  namespace: stirling-pdf
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: stirling-pdf
+  template:
+    metadata:
+      labels:
+        app: stirling-pdf
+    spec:
+      containers:
+        - image: stirlingtools/stirling-pdf:0.45.0@sha256:fdeb7410e64f3d0d34278848b017d59da210978aded8877e13e77b104ef11132
+          name: stirling-pdf
+          ports:
+            - name: web
+              containerPort: 8080
+          env:
+            - name: DOCKER_ENABLE_SECURITY
+              value: "false"
+            - name: METRICS_ENABLED
+              value: "false"
+          resources:
+            requests:
+              cpu: "128m"
+              memory: "256Mi"
+            limits:
+              # stirling eats up CPU when starting
+              cpu: "4"
+              memory: "1024Mi"

stirling-pdf/base/stirling-pdf-ingress.yaml

@@ -0,0 +1,12 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: stirling-pdf-ingressroute
+spec:
+  routes:
+  - match: Host(`pdf.mziesel.nl`) || Host(`pdf.k8s.mziesel.nl`)
+    kind: Rule
+    services:
+    - name: stirling-pdf
+      port: web
+  tls: {}

stirling-pdf/base/stirling-pdf-namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: stirling-pdf

stirling-pdf/base/stirling-pdf-svc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: stirling-pdf
+spec:
+  ports:
+    - name: web 
+      port: 80
+      targetPort: web
+  selector:
+    app: stirling-pdf

stirling-pdf/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: stirling-pdf
+
+resources:
+  - ./base/stirling-pdf-namespace.yaml
+  - ./base/stirling-pdf-deployment.yaml
+  - ./base/stirling-pdf-svc.yaml
+  - ./base/stirling-pdf-ingress.yaml