summaryrefslogtreecommitdiff
path: root/roles/apps/coturn/templates/pod-spec.yml.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/apps/coturn/templates/pod-spec.yml.j2')
-rw-r--r--roles/apps/coturn/templates/pod-spec.yml.j211
1 files changed, 11 insertions, 0 deletions
diff --git a/roles/apps/coturn/templates/pod-spec.yml.j2 b/roles/apps/coturn/templates/pod-spec.yml.j2
index d157af37..a0842784 100644
--- a/roles/apps/coturn/templates/pod-spec.yml.j2
+++ b/roles/apps/coturn/templates/pod-spec.yml.j2
@@ -2,10 +2,21 @@ securityContext:
allowPrivilegeEscalation: false
runAsUser: {{ coturn_uid }}
runAsGroup: {{ coturn_gid }}
+{# this does not work: https://github.com/kubernetes/kubernetes/issues/56374, https://github.com/moby/moby/issues/8460
+{% if (coturn_listening_port < 1024) or (coturn_tls_listening_port < 1024) %}
+ capabilities:
+ add: ["NET_BIND_SERVICE"]
+{% endif %}
+#}
+terminationGracePeriodSeconds: 0
hostNetwork: true
containers:
- name: coturn
+{% if (coturn_listening_port < 1024) or (coturn_tls_listening_port < 1024) %}
+ image: "instrumentisto/coturn/{{ coturn_realm }}:{{ coturn_version }}"
+{% else %}
image: "instrumentisto/coturn:{{ coturn_version }}"
+{% endif %}
args:
- --log-file=stdout
resources:
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 20:46:36 +0000