{"id":20156116,"url":"https://github.com/openfun/jitsi-k8s","last_synced_at":"2025-03-03T01:44:50.415Z","repository":{"id":40371272,"uuid":"381490251","full_name":"openfun/jitsi-k8s","owner":"openfun","description":"πŸš€ A Jitsi deployment on Kubernetes with autoscaling features","archived":false,"fork":false,"pushed_at":"2024-01-29T17:29:20.000Z","size":768,"stargazers_count":14,"open_issues_count":5,"forks_count":3,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-01-13T12:48:42.382Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openfun.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-29T20:34:55.000Z","updated_at":"2024-11-12T14:53:25.000Z","dependencies_parsed_at":"2025-01-13T12:42:27.989Z","dependency_job_id":"3df88a37-0ef4-45b6-ad00-3b8759f6f4ce","html_url":"https://github.com/openfun/jitsi-k8s","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openfun%2Fjitsi-k8s","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openfun%2Fjitsi-k8s/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openfun%2Fjitsi-k8s/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openfun%2Fjitsi-k8s/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openfun","download_url":"https://codeload.github.com/openfun/jitsi-k8s/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241596241,"owners_count":19988041,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T23:37:38.782Z","updated_at":"2025-03-03T01:44:50.394Z","avatar_url":"https://github.com/openfun.png","language":"HCL","readme":"# Jitsi-k8s, a scalable Jitsi deployment for Kubernetes\n\n## Overview\n\nThe goal of this project is to deploy a scalable [Jitsi](https://github.com/jitsi/jitsi-meet)\ninfrastructure on a Kubernetes cluster.\n\n## Architecture\n\nThis repository is composed of two parts:\n\n - A [Terraform](https://www.terraform.io/) project, whose goal is to deploy a ready-to-use Kubernetes\n cluster. It also installs some Helm packages to enable required features (e.g. custom metrics)\n\n - A [kustomize](https://kustomize.io/) project, in which are defined the resources to deploy on\n the Kubernetes cluster.\n\n\nWe made the following (opinionated) choices, but the project can be easily adapted to choose alternative options:\n\n- We use [Scaleway](https://www.scaleway.com/) as a cloud provider, to provision the Kubernetes cluster.\n- The Terraform state is stored in an [Openstack Swift](https://docs.openstack.org/swift/latest/) bucket.\n\n\n## Getting started\n\n### Terraform configuration\n\n#### 1.1 Configure Openstack credentials\n\nThe Terraform state is stored in an Openstack Swift bucket.\nSo, you need to provide the required environment variables to authenticate against Openstack.\n\nExecute the following command to initialize the `env.d/terraform` file:\n\n```\nmake bootstrap\n```\n\nThen, edit this file (`env.d/terraform`) and define the `OS_*` variables according to your Openstack environment.\n\nNote: if you use OVH as Swift bucket provider, you can get these values in the Horizon interface, by clicking on the Β«Openstack RC File v3Β» in the upper-right menu.\n\n#### 1.2 Create the Terraform state bucket\n\nImportant: if your team has already initialized the state bucket, skip this part and go to chapter `1.3`\n\nTo create the Swift bucket required to store the Terraform state, there is a\nTerraform project dedicated to this in the directory `terraform/create_state_bucket`.\n\nTo create the state bucket, you need to execute the following commands:\n\n```bin/state init```\n\nand then:\n\n```bin/state apply```\n\n#### 1.3 Initialize Terraform\n\nExecute the following command to initialize Terraform with the configured state.\n\n```bin/terraform init```\n\n#### 1.4. Scaleway credentials\n\nWe use Scaleway to provision the Kubernetes cluster. You need to set your Scaleway API credentials in environment variables.\n\n##### 1.4a: single environment\n\nIf you intend to deploy this project on a single environment, you can set the following variables in `env.d/terraform`:\n\n- `SCW_DEFAULT_PROJECT_ID`: your scaleway project ID\n- `SCW_ACCESS_KEY`: your Scaleway API access key\n- `SCW_SECRET_KEY`: your Scaleway API secret key\n\n##### 1.4b: multiple environments (recommended)\n\nIn most cases, you'll deploy this project on multiple environments (e.g.: preprod, production).\n\nYou'll have to create a Scaleway project for each of these environments.\nAnd each environment will have its own Terraform workspace.\n\nTo create a workspace named `production`, you can use the following command:\n\n```bin/terraform workspace new production```\n\nTo list the available workspaces:\n\n```bin/terraform workspace list```\n\nTo change the current workspace:\n\n```bin/activate```\n\nHere is a sample configuration for 2 environments (`production` and `preprod`) in `env.d/terraform`:\n\n```\nTF_VAR_scaleway_access_key={ production = \"access_key_A\", preprod = \"access_key_B\"}\nTF_VAR_scaleway_secret_key={ production = \"secret_key_A\", preprod = \"secret_key_B\"}\nTF_VAR_scaleway_project_id={ production = \"project_A\", preprod = \"project_B\"}\n```\n\n#### 1.5: customize configuration\n\nLook at the variables defined in `terraform/variables.tf`.\nYou can customize them by environment, just like we did in step `1.4b`.\n\n#### 1.5: deploy :rocket:\n\nExecute the following command to see what resources will be deployed:\n\n```bin/terraform plan```\n\nAnd when you are ready to deploy it:\n\n```bin/terraform apply```\n\n\n### Kubernetes\n\nOnce your kubernetes cluster is deployed, you can interact with it with the command `bin/kubectl`.\n\nFirst of all, don't forget to select the right environment one by executing `bin/activate`.\n\nBase Kubernetes resources definition are stored in the `k8s/base` directory, using [Kustomize](https://kustomize.io/).\n\n#### 2.1 Overlay initialization\n\nEach environment should be defined as a Kustomize overlay, inheriting from the base definition.\nTo generate a Kustomize overlay for your environment, you can execute the following command:\n\n```shell\nbin/init-overlay\n```\n\nYou will be asked for the FQDN (e.g. `jitsi-staging.example.com`) that you will use for this environment.\nYou will also be asked for an email address that will be used to create a Let's Encrypt issuer account.\n\nAfter then, your new overlay will be created in the directory `k8s/overlays/\u003cyour-environment\u003e/`.\nNote that this directory is ignored by git, we'll see later how to move it on a separate repository for team work.\n\nIt is ready to use as-is.\n\nIf you want to customize it, look at the environment variables defined in the `k8s/base/env` directory to see the default\nvalues and get an overview of what you can change easily.\n\nYou can for example change the region used for Octo, with \"default\" by default.\n\nYou can also override Kubernetes resources using [Kustomize](https://kustomize.io/).\n\n#### 2.2 DNS entry\n\nYou need to create a DNS `A` entry for the FQDN that you specified in the previous section.\nIt should point to the public IP reserved by terraform, you can get it by executing the\nfollowing command:\n\n```shell\nbin/terraform output ingress_public_address\n```\n\n#### 2.3 Deploy :rocket:\n\n\nTo generate the configuration to deploy, you can execute :\n```make k8s-build-config```\n\nAnd to actually deploy it, you can execute:\n```make k8s-apply-config```\n\n## Overlay versioning\n\nYou might want to share your overlays with your team and version it on a VCS.\nYou can do this, you just have to provide a OVERLAYS_HOME environment variable\ncontaining an absolute path to your overlay directory.\n\nYou can either export it as needed, or set it permanently in the\n`env.d/kustomize` file.\n\nExample:\n\n```\nIf you have the following terraform environments:\n- production\n- staging\n- test\n\nYou can store your overlays in a directory structure like this:\n/tmp/my-overlays\nβ”œβ”€β”€ production\nβ”‚ β”œβ”€β”€ kustomization.yaml\nβ”‚ └── ...\nβ”œβ”€β”€ staging\nβ”‚ β”œβ”€β”€ kustomization.yaml\nβ”‚ └── ...\n└── test\n β”œβ”€β”€ kustomization.yaml\n └── ...\n\nAnd you just have to set this value in `env.d/kustomize`:\nOVERLAYS_HOME=/tmp/my-overlays\n\n```\n\n## Adding jwt auth\n\nThis project is thought to allow delegating authentication to an external gateway like [jitsi magnify](https://github.com/openfun/jitsi-magnify) which uses JWT tokens to authenticate users. To activate this, you can change variables in the `jitsi-common.env` file of your overlay. For example, to delegate authentication to [jitsi magnify](https://github.com/openfun/jitsi-magnify), change auth type to jwt, put auth_url to url of your external gateway, and set values for app_id and app_secret that will also be set to the same values in magnify.\n\n## Secrets encryption\n\nIf you store your overlays on a shared repository, you might want to encrypt\nyour .env files that contain sensitive values, like the `jitsi-secrets.env`\nthat is used to generate a Kubernetes Secret.\n\nThere are multiple solutions to solve this problem, as Kustomize is extensible\nwith its plugin system. If you want to store sensitive values on an external\nsource (like AWS Secret Manager, Azure Vault or Hashicorp Vault), you can use\nthe [Secretize plugin](https://github.com/bbl/secretize).\n\nA `GpgSecretGenerator` plugin is bundled with this project. It allows to generate\na Secret from a GPG encrypted file (with a symmetric cipher). You can find an\nexample of usage within the [example](k8s/overlays/example/) overlay.\nYou might want to look at these files :\n- [kustomization.yaml](k8s/overlays/example/kustomization.yaml) : see the generators section\n- [secret-generator.yaml](k8s/overlays/example/secret-generator.yaml) : the generator configuration file\n- [secrets.env.gpg](k8s/overlays/example/secrets.env.gpg): the GPG encrypted env file (the passphrase is `example`) \n\nYou just have to provide the passphrase in the `SECRET_GPG_PASSWORD` environment variable when invoking `kustomize`.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenfun%2Fjitsi-k8s","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenfun%2Fjitsi-k8s","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenfun%2Fjitsi-k8s/lists"}