2 files changed, 64 insertions, 0 deletions

diff --git a/roles/apps/coturn/templates/pod.yml.j2 b/roles/apps/coturn/templates/pod.yml.j2
new file mode 100644
index 00000000..7c127c13
--- /dev/null
+++ b/roles/apps/coturn/templates/pod.yml.j2
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "coturn-{{ coturn_realm }}"
+spec:
+  securityContext:
+    allowPrivilegeEscalation: false
+    runAsUser: {{ coturn_uid }}
+    runAsGroup: {{ coturn_gid }}
+  hostNetwork: true
+  containers:
+  - name: coturn
+    image: "instrumentisto/coturn:{{ coturn_version }}"
+    args:
+      - --log-file=stdout
+    resources:
+      limits:
+        memory: "1Gi"
+    volumeMounts:
+    - name: config
+      mountPath: /etc/coturn/
+      readOnly: true
+    - name: run
+      mountPath: /var/run
+    - name: lib
+      mountPath: /var/lib/coturn
+  volumes:
+  - name: config
+    hostPath:
+      path: "{{ coturn_base_path }}/{{ coturn_realm }}/config/"
+      type: Directory
+  - name: run
+    emptyDir:
+      medium: Memory
+  - name: lib
+    emptyDir:
+      medium: Memory
diff --git a/roles/apps/coturn/templates/turnserver.conf.j2 b/roles/apps/coturn/templates/turnserver.conf.j2
new file mode 100644
index 00000000..9462f148
--- /dev/null
+++ b/roles/apps/coturn/templates/turnserver.conf.j2
@@ -0,0 +1,27 @@
+realm={{ coturn_realm }}
+fingerprint
+
+listening-port=3478
+# tls-listening-port=5349
+
+# cert=/etc/coturn/ssl/cert.pem
+# pkey=/etc/coturn/ssl/privkey.pem
+# dh-file=/etc/coturn/ssl/dhparam.pem
+# cipher-list="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:!RSA:!ADH:!AECDH:!MD5"
+# no-tlsv1
+# no-tlsv1_1
+no-tls
+no-dtls
+
+use-auth-secret
+static-auth-secret={{ coturn_auth_secret }}
+stale-nonce=600
+
+max-bps={{ coturn_max_bps }}
+bps-capacity={{ coturn_bps_capacity }}
+relay-threads={{ coturn_threads }}
+
+no-multicast-peers
+denied-peer-ip={{ kubernetes_standalone_pod_cidr | ipaddr('network') }}-{{ kubernetes_standalone_pod_cidr | ipaddr('broadcast') }}
+
+no-cli