summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2021-07-10 21:28:45 +0200
committerChristian Pointner <equinox@spreadspace.org>2021-07-10 21:28:45 +0200
commit3db6f8b21e2a6707381971a600268a0537f1074e (patch)
tree67c629dc9791fa012aef2f9f90ae75fc8389687a /roles
parentinstall coturn on ele-coturn (using old images) (diff)
coturn: use new images
Diffstat (limited to 'roles')
-rw-r--r--roles/apps/coturn/defaults/main.yml2
-rw-r--r--roles/apps/coturn/tasks/main.yml4
-rw-r--r--roles/apps/coturn/tasks/privileged-ports-hack.yml31
-rw-r--r--roles/apps/coturn/templates/pod-spec.yml.j28
4 files changed, 3 insertions, 42 deletions
diff --git a/roles/apps/coturn/defaults/main.yml b/roles/apps/coturn/defaults/main.yml
index 34629dbd..842e7f05 100644
--- a/roles/apps/coturn/defaults/main.yml
+++ b/roles/apps/coturn/defaults/main.yml
@@ -3,7 +3,7 @@ coturn_uid: 930
coturn_gid: 930
coturn_base_path: /srv/coturn
-# coturn_version: 4.5.1.1
+# coturn_version: 4.5.2-r2
# coturn_realm: example.com
# coturn_hostnames:
# - stun.example.com
diff --git a/roles/apps/coturn/tasks/main.yml b/roles/apps/coturn/tasks/main.yml
index a35734a8..838385ea 100644
--- a/roles/apps/coturn/tasks/main.yml
+++ b/roles/apps/coturn/tasks/main.yml
@@ -77,10 +77,6 @@
acmetool_cert_name: "coturn-{{ coturn_realm }}"
acmetool_cert_hostnames: "{{ coturn_hostnames }}"
-- name: apply hacky fix to support binding to privileged ports
- when: (coturn_listening_port < 1024) or (coturn_tls_listening_port < 1024)
- import_tasks: privileged-ports-hack.yml
-
- name: install pod manifest
vars:
kubernetes_standalone_pod:
diff --git a/roles/apps/coturn/tasks/privileged-ports-hack.yml b/roles/apps/coturn/tasks/privileged-ports-hack.yml
deleted file mode 100644
index 6025b7e7..00000000
--- a/roles/apps/coturn/tasks/privileged-ports-hack.yml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-### This hack is necessary because: https://github.com/kubernetes/kubernetes/issues/56374 and https://github.com/moby/moby/issues/8460.
-### AFAIK there are two possible workarounds at the moment:
-## - Setting sysctl net.ipv4.ip_unprivileged_port_start=0.
-## This does not work because kubelet would not allow this for containers using host networking (and actually this would be a bad idea anyway).
-## - Adding the CAP_NET_BIND_SERVICE capability on the turnserver binary file inside the container.
-## This is what we are doing here - at least until the upstream container includes this: https://github.com/instrumentisto/coturn-docker-image/issues/40
-
-- name: create build directory for custom image
- file:
- path: "{{ coturn_base_path }}/{{ coturn_realm }}/build"
- state: directory
-
-- name: generate Dockerfile for custom image
- copy:
- content: |
- FROM instrumentisto/coturn:{{ coturn_version }}
- RUN apk --no-cache add libcap && setcap CAP_NET_BIND_SERVICE=+ep /usr/bin/turnserver
- dest: "{{ coturn_base_path }}/{{ coturn_realm }}/build/Dockerfile"
- register: coturn_custom_image_docker
-
-- name: build custom image
- docker_image:
- name: "instrumentisto/coturn/{{ coturn_realm }}:{{ coturn_version }}"
- state: present
- force_source: "{{ coturn_custom_image_docker is changed }}"
- source: build
- build:
- path: "{{ coturn_base_path }}/{{ coturn_realm }}/build"
- network: host
- pull: yes
diff --git a/roles/apps/coturn/templates/pod-spec.yml.j2 b/roles/apps/coturn/templates/pod-spec.yml.j2
index a0842784..20612e4b 100644
--- a/roles/apps/coturn/templates/pod-spec.yml.j2
+++ b/roles/apps/coturn/templates/pod-spec.yml.j2
@@ -12,13 +12,9 @@ terminationGracePeriodSeconds: 0
hostNetwork: true
containers:
- name: coturn
-{% if (coturn_listening_port < 1024) or (coturn_tls_listening_port < 1024) %}
- image: "instrumentisto/coturn/{{ coturn_realm }}:{{ coturn_version }}"
-{% else %}
- image: "instrumentisto/coturn:{{ coturn_version }}"
-{% endif %}
+ image: "coturn/coturn:{{ coturn_version }}"
args:
- - --log-file=stdout
+ - --log-file=stdout
resources:
limits:
memory: "1Gi"