kubernetes/standalone: fix portmap and hostIP handling

author: Christian Pointner <equinox@spreadspace.org> 2020-05-17 19:15:27 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2020-05-17 19:15:27 +0200
commit: 3fbacd9378f1bc3bd8c021a3e1125100486ca863 (patch)
tree: 54f4c02b01403885efc22ff1adfc1e3fa0a8cc4d /roles
parent: jitsi-meet: actually use real secrets (diff)
2 files changed, 32 insertions, 8 deletions
diff --git a/roles/apps/jitsi/meet/templates/pod.yml.j2 b/roles/apps/jitsi/meet/templates/pod.yml.j2
index 93a4a33f..1504211a 100644
--- a/roles/apps/jitsi/meet/templates/pod.yml.j2
+++ b/roles/apps/jitsi/meet/templates/pod.yml.j2
@@ -18,8 +18,10 @@ spec:
   - name: jicofo
     image: "jitsi/jicofo:{{ jitsi_meet_version }}"
     resources:
+      requests:
+        memory: "1Gi"
       limits:
-        memory: "5Gi"
+        memory: "4Gi"
     volumeMounts:
     - name: config
       subPath: jicofo
@@ -50,6 +52,8 @@ spec:
   - name: prosody
     image: "jitsi/prosody:{{ jitsi_meet_version }}"
     resources:
+      requests:
+        memory: "128Mi"
       limits:
         memory: "512Mi"
     volumeMounts:
@@ -89,11 +93,15 @@ spec:
   - name: web
     image: "jitsi/web:{{ jitsi_meet_version }}"
     resources:
+      requests:
+        memory: "256Mi"
       limits:
         memory: "1Gi"
     ports:
-    - containerPort: 80
+    - protocol: TCP
+      containerPort: 80
       hostPort: {{ jitsi_meet_http_port }}
+      hostIP: 127.0.0.1
     volumeMounts:
     - name: config
       subPath: web
@@ -129,8 +137,15 @@ spec:
   - name: jvb
     image: "jitsi/jvb:{{ jitsi_meet_version }}"
     resources:
+      requests:
+        memory: "1Gi"
       limits:
-        memory: "5Gi"
+        memory: "4Gi"
+    ports:
+    - protocol: UDP
+      containerPort: {{ jitsi_meet_jvb_port }}
+      hostPort: {{ jitsi_meet_jvb_port }}
+      hostIP: "{{ external_ip | default(ansible_default_ipv4.address) }}"
     volumeMounts:
     - name: config
       subPath: jvb
@@ -157,13 +172,11 @@ spec:
     - name: JVB_BREWERY_MUC
       value: jvbbrewery
     - name: JVB_PORT
-      value: "10000"
+      value: "{{ jitsi_meet_jvb_port }}"
     - name: JVB_TCP_HARVESTER_DISABLED
       value: "true"
-    - name: JVB_STUN_SERVERS
-      value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
     - name: DOCKER_HOST_ADDRESS
-      value: "{{ ansible_default_ipv4.address }}"
+      value: "{{ external_ip | default(ansible_default_ipv4.address) }}"
 
     - name: TZ
       value: {{ jitsi_meet_timezone }}
diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml
index 50558d70..0c400e2c 100644
--- a/roles/kubernetes/base/tasks/cri_docker.yml
+++ b/roles/kubernetes/base/tasks/cri_docker.yml
@@ -1,11 +1,22 @@
 ---
-
 - name: make sure the kubernetes_cri_socket variable is configured correctly
   assert:
     msg: "The variable kubernetes_cri_socket is not configured correctly. You might need to move your host to the group kubernetes-cluster or standalone-kubelet!"
     that:
       -  not kubernetes_cri_socket
 
+- name: create systemd snippet directory
+  file:
+    path:  /etc/systemd/system/kubelet.service.d/
+    state: directory
+
+- name: install systemd snippet to make sure kubelet starts after docker
+  copy:
+    content: |
+      [Unit]
+      After=docker.service
+    dest: /etc/systemd/system/kubelet.service.d/after-docker.conf
+
 - name: disable bridge and iptables in docker daemon config
   set_fact:
     docker_daemon_config: "{{ docker_daemon_config | default({}) | combine({'exec-opts': ['native.cgroupdriver=systemd'], 'bridge': 'none', 'iptables': false}) }}"
author	Christian Pointner <equinox@spreadspace.org>	2020-05-17 19:15:27 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2020-05-17 19:15:27 +0200
commit	3fbacd9378f1bc3bd8c021a3e1125100486ca863 (patch)
tree	54f4c02b01403885efc22ff1adfc1e3fa0a8cc4d /roles
parent	jitsi-meet: actually use real secrets (diff)