2 files changed, 13 insertions, 2 deletions

diff --git a/roles/apps/coturn/templates/pod-spec.yml.j2 b/roles/apps/coturn/templates/pod-spec.yml.j2
index d157af37..a0842784 100644
--- a/roles/apps/coturn/templates/pod-spec.yml.j2
+++ b/roles/apps/coturn/templates/pod-spec.yml.j2
@@ -2,10 +2,21 @@ securityContext:
   allowPrivilegeEscalation: false
   runAsUser: {{ coturn_uid }}
   runAsGroup: {{ coturn_gid }}
+{# this does not work: https://github.com/kubernetes/kubernetes/issues/56374, https://github.com/moby/moby/issues/8460
+{% if (coturn_listening_port < 1024) or (coturn_tls_listening_port < 1024) %}
+  capabilities:
+    add: ["NET_BIND_SERVICE"]
+{% endif %}
+#}
+terminationGracePeriodSeconds: 0
 hostNetwork: true
 containers:
 - name: coturn
+{% if (coturn_listening_port < 1024) or (coturn_tls_listening_port < 1024) %}
+  image: "instrumentisto/coturn/{{ coturn_realm }}:{{ coturn_version }}"
+{% else %}
   image: "instrumentisto/coturn:{{ coturn_version }}"
+{% endif %}
   args:
     - --log-file=stdout
   resources:
diff --git a/roles/apps/coturn/templates/turnserver.conf.j2 b/roles/apps/coturn/templates/turnserver.conf.j2
index d61cdad3..9a587951 100644
--- a/roles/apps/coturn/templates/turnserver.conf.j2
+++ b/roles/apps/coturn/templates/turnserver.conf.j2
@@ -1,8 +1,8 @@
 realm={{ coturn_realm }}
 fingerprint
 
-listening-port=3478
-tls-listening-port=5349
+listening-port={{ coturn_listening_port }}
+tls-listening-port={{ coturn_tls_listening_port }}
 
 cert=/etc/coturn/ssl/cert.pem
 pkey=/etc/coturn/ssl/privkey.pem