7 files changed, 97 insertions, 11 deletions

diff --git a/dan/host_vars/sk-testvm.yml b/dan/host_vars/sk-testvm.yml
new file mode 100644
index 00000000..608e93b8
--- /dev/null
+++ b/dan/host_vars/sk-testvm.yml
@@ -0,0 +1,16 @@
+$ANSIBLE_VAULT;1.2;AES256;dan
+31376133386363353630663163613765373664666435646230336362316336303263616464666461
+3162383338383162356130643164666665356637343436380a383466636666653665323330306663
+39393863616336663061383961353465303765623636346131643231363665313233306439396431
+3464326432636431360a323566393463613737633564343432363036616566333236393266376438
+66346436396139313036666266323162623236393734663566396363633738626132396166333563
+66343261333430613635316334373333623837613364373563343666646639336236636531363766
+30356239613830616436306638653933633631633265643939613162313234303537316162313063
+64663362333737616337303034386262666265396435303936613831336433313936633765313462
+33616261323162316433353136666363303935623836396461396264356366336232323737643633
+62376630323633336435376230373834653466613333616263633436306466666138636365343134
+65633536363736623131663233366163656233373534653633333337373131663864363731323763
+39353264656264306539346165373638396538336230663032353361393865636238373063373636
+36613261396165363136386532323139376237383366363065663435313138663835616235643238
+63373636303730643665656630343331393661663263333438333063396234306332323437313266
+336465353132356530393733643835623230
diff --git a/dan/sk-testvm.yml b/dan/sk-testvm.yml
new file mode 100644
index 00000000..e15880c1
--- /dev/null
+++ b/dan/sk-testvm.yml
@@ -0,0 +1,14 @@
+---
+- name: Basic Setup
+  hosts: sk-testvm
+  roles:
+  - role: base
+  - role: sshd
+  - role: zsh
+  - role: apt-repo/base
+  - role: kubernetes/base
+  - role: kubernetes/standalone
+  - role: apt-repo/spreadspace
+  - role: acmetool/base
+  - role: nginx/base
+  - role: apps/jitsi/meet
diff --git a/inventory/host_vars/sk-cloudia/vars.yml b/inventory/host_vars/sk-cloudia/vars.yml
index f3b832e9..02bee381 100644
--- a/inventory/host_vars/sk-cloudia/vars.yml
+++ b/inventory/host_vars/sk-cloudia/vars.yml
@@ -33,7 +33,7 @@ kubelet_zfs:
 
 kubernetes_version: 1.18.2
 kubernetes_container_runtime: docker
-kubernetes_standalone_max_pods: 42
+kubernetes_standalone_max_pods: 100
 kubernetes_standalone_resolv_conf: /var/run/systemd/resolve/resolv.conf
 kubernetes_standalone_pod_cidr: 192.168.255.0/24
 kubernetes_standalone_cni_variant: with-localonly-portmap
diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml
index 8ffb8ac7..0b15d7ce 100644
--- a/inventory/host_vars/sk-testvm.yml
+++ b/inventory/host_vars/sk-testvm.yml
@@ -3,8 +3,8 @@ vm_host: sk-2019vm
 
 install:
   host: "{{ vm_host }}"
-  mem: 1024
-  numcpu: 1
+  mem: 10240
+  numcpu: 4
   disks:
     primary: /dev/sda
     scsi:
@@ -36,3 +36,34 @@ external_ip: "{{ network.primary.overlay }}"
 #
 # https://owncloud.org/news/upgrading-owncloud-on-debian-stable-to-official-packages/
 #
+
+docker_lvm:
+  vg: "{{ host_name }}"
+  lv: docker
+  size: 10G
+  fs: ext4
+
+kubelet_lvm:
+  vg: "{{ host_name }}"
+  lv: kubelet
+  size: 5G
+  fs: ext4
+
+
+kubernetes_version: 1.18.2
+kubernetes_container_runtime: docker
+kubernetes_standalone_max_pods: 42
+kubernetes_standalone_pod_cidr: 192.168.255.0/24
+kubernetes_standalone_cni_variant: with-portmap
+
+
+acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}"
+
+
+jitsi_meet_base_path: /srv/jitsi/meet
+
+jitsi_meet_version: stable-4548-1
+jitsi_meet_hostnames:
+  - meet-dev.elev8.at
+
+jitsi_meet_secrets: "{{ vault_jitsi_meet_secrets }}"
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index 89d073a8..a6a2c75e 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -305,6 +305,7 @@ k8s-lwl
 sk-cloudia
 ele-thetys
 lw-thetys
+sk-testvm
 
 [kubernetes:children]
 kubernetes-cluster
diff --git a/roles/apps/jitsi/meet/templates/pod.yml.j2 b/roles/apps/jitsi/meet/templates/pod.yml.j2
index 93a4a33f..1504211a 100644
--- a/roles/apps/jitsi/meet/templates/pod.yml.j2
+++ b/roles/apps/jitsi/meet/templates/pod.yml.j2
@@ -18,8 +18,10 @@ spec:
   - name: jicofo
     image: "jitsi/jicofo:{{ jitsi_meet_version }}"
     resources:
+      requests:
+        memory: "1Gi"
       limits:
-        memory: "5Gi"
+        memory: "4Gi"
     volumeMounts:
     - name: config
       subPath: jicofo
@@ -50,6 +52,8 @@ spec:
   - name: prosody
     image: "jitsi/prosody:{{ jitsi_meet_version }}"
     resources:
+      requests:
+        memory: "128Mi"
       limits:
         memory: "512Mi"
     volumeMounts:
@@ -89,11 +93,15 @@ spec:
   - name: web
     image: "jitsi/web:{{ jitsi_meet_version }}"
     resources:
+      requests:
+        memory: "256Mi"
       limits:
         memory: "1Gi"
     ports:
-    - containerPort: 80
+    - protocol: TCP
+      containerPort: 80
       hostPort: {{ jitsi_meet_http_port }}
+      hostIP: 127.0.0.1
     volumeMounts:
     - name: config
       subPath: web
@@ -129,8 +137,15 @@ spec:
   - name: jvb
     image: "jitsi/jvb:{{ jitsi_meet_version }}"
     resources:
+      requests:
+        memory: "1Gi"
       limits:
-        memory: "5Gi"
+        memory: "4Gi"
+    ports:
+    - protocol: UDP
+      containerPort: {{ jitsi_meet_jvb_port }}
+      hostPort: {{ jitsi_meet_jvb_port }}
+      hostIP: "{{ external_ip | default(ansible_default_ipv4.address) }}"
     volumeMounts:
     - name: config
       subPath: jvb
@@ -157,13 +172,11 @@ spec:
     - name: JVB_BREWERY_MUC
       value: jvbbrewery
     - name: JVB_PORT
-      value: "10000"
+      value: "{{ jitsi_meet_jvb_port }}"
     - name: JVB_TCP_HARVESTER_DISABLED
       value: "true"
-    - name: JVB_STUN_SERVERS
-      value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
     - name: DOCKER_HOST_ADDRESS
-      value: "{{ ansible_default_ipv4.address }}"
+      value: "{{ external_ip | default(ansible_default_ipv4.address) }}"
 
     - name: TZ
       value: {{ jitsi_meet_timezone }}
diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml
index 50558d70..0c400e2c 100644
--- a/roles/kubernetes/base/tasks/cri_docker.yml
+++ b/roles/kubernetes/base/tasks/cri_docker.yml
@@ -1,11 +1,22 @@
 ---
-
 - name: make sure the kubernetes_cri_socket variable is configured correctly
   assert:
     msg: "The variable kubernetes_cri_socket is not configured correctly. You might need to move your host to the group kubernetes-cluster or standalone-kubelet!"
     that:
       -  not kubernetes_cri_socket
 
+- name: create systemd snippet directory
+  file:
+    path:  /etc/systemd/system/kubelet.service.d/
+    state: directory
+
+- name: install systemd snippet to make sure kubelet starts after docker
+  copy:
+    content: |
+      [Unit]
+      After=docker.service
+    dest: /etc/systemd/system/kubelet.service.d/after-docker.conf
+
 - name: disable bridge and iptables in docker daemon config
   set_fact:
     docker_daemon_config: "{{ docker_daemon_config | default({}) | combine({'exec-opts': ['native.cgroupdriver=systemd'], 'bridge': 'none', 'iptables': false}) }}"