diff options
author | Christian Pointner <equinox@spreadspace.org> | 2021-03-21 02:26:21 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2021-03-21 02:26:21 +0100 |
commit | 46591f2232e69739da5ab120fe819e2305c53ab0 (patch) | |
tree | ee2ab2fcfcbcc5f3a43ad64c3d4d459483f4dfdf /roles/apps/coturn/tasks/privileged-ports-hack.yml | |
parent | install zstd to core/base (diff) |
add coturn server for glt
Diffstat (limited to 'roles/apps/coturn/tasks/privileged-ports-hack.yml')
-rw-r--r-- | roles/apps/coturn/tasks/privileged-ports-hack.yml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/roles/apps/coturn/tasks/privileged-ports-hack.yml b/roles/apps/coturn/tasks/privileged-ports-hack.yml new file mode 100644 index 00000000..bafff0aa --- /dev/null +++ b/roles/apps/coturn/tasks/privileged-ports-hack.yml @@ -0,0 +1,31 @@ +--- +### This hack is necessary becasue: https://github.com/kubernetes/kubernetes/issues/56374 and https://github.com/moby/moby/issues/8460 +### at the moment there are two possible workarounds: +## - Setting sysctl net.ipv4.ip_unprivileged_port_start=0. +## This does not work because kubelet would not allow this for containers using host networking (and actually this would be a bad idea anyway). +## - Adding the CAP_NET_BIND_SERVICE capability on the turnserver binary file inside the container. +## This what we are doning here. + +- name: create build directory for custom image + file: + path: "{{ coturn_base_path }}/{{ coturn_realm }}/build" + state: directory + +- name: generate Dockerfile for custom image + copy: + content: | + FROM instrumentisto/coturn:{{ coturn_version }} + RUN apk --no-cache add libcap && setcap CAP_NET_BIND_SERVICE=+ep /usr/bin/turnserver + dest: "{{ coturn_base_path }}/{{ coturn_realm }}/build/Dockerfile" + register: coturn_custom_image_docker + +- name: build custom image + docker_image: + name: "instrumentisto/coturn/{{ coturn_realm }}:{{ coturn_version }}" + state: present + force_source: "{{ coturn_custom_image_docker is changed }}" + source: build + build: + path: "{{ coturn_base_path }}/{{ coturn_realm }}/build" + network: host + pull: yes |