8 files changed, 49 insertions, 10 deletions

diff --git a/roles/apps/collabora/code/templates/pod.yml.j2 b/roles/apps/collabora/code/templates/pod.yml.j2
index ee4651a1..8ed092ac 100644
--- a/roles/apps/collabora/code/templates/pod.yml.j2
+++ b/roles/apps/collabora/code/templates/pod.yml.j2
@@ -26,6 +26,7 @@ spec:
     ports:
     - containerPort: 9980
       hostPort: {{ item.value.port }}
+      hostIP: 127.0.0.1
   volumes:
   - name: config
     hostPath:
diff --git a/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2 b/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2
index a4acdd21..9391290f 100644
--- a/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2
+++ b/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2
@@ -22,6 +22,7 @@ spec:
     ports:
     - containerPort: 9001
       hostPort: {{ item.value.port }}
+      hostIP: 127.0.0.1
   - name: database
     image: "mariadb:{{ item.value.database.version }}"
     securityContext:
diff --git a/roles/apps/jitsi/meet/templates/pod.yml.j2 b/roles/apps/jitsi/meet/templates/pod.yml.j2
index 93a4a33f..1504211a 100644
--- a/roles/apps/jitsi/meet/templates/pod.yml.j2
+++ b/roles/apps/jitsi/meet/templates/pod.yml.j2
@@ -18,8 +18,10 @@ spec:
   - name: jicofo
     image: "jitsi/jicofo:{{ jitsi_meet_version }}"
     resources:
+      requests:
+        memory: "1Gi"
       limits:
-        memory: "5Gi"
+        memory: "4Gi"
     volumeMounts:
     - name: config
       subPath: jicofo
@@ -50,6 +52,8 @@ spec:
   - name: prosody
     image: "jitsi/prosody:{{ jitsi_meet_version }}"
     resources:
+      requests:
+        memory: "128Mi"
       limits:
         memory: "512Mi"
     volumeMounts:
@@ -89,11 +93,15 @@ spec:
   - name: web
     image: "jitsi/web:{{ jitsi_meet_version }}"
     resources:
+      requests:
+        memory: "256Mi"
       limits:
         memory: "1Gi"
     ports:
-    - containerPort: 80
+    - protocol: TCP
+      containerPort: 80
       hostPort: {{ jitsi_meet_http_port }}
+      hostIP: 127.0.0.1
     volumeMounts:
     - name: config
       subPath: web
@@ -129,8 +137,15 @@ spec:
   - name: jvb
     image: "jitsi/jvb:{{ jitsi_meet_version }}"
     resources:
+      requests:
+        memory: "1Gi"
       limits:
-        memory: "5Gi"
+        memory: "4Gi"
+    ports:
+    - protocol: UDP
+      containerPort: {{ jitsi_meet_jvb_port }}
+      hostPort: {{ jitsi_meet_jvb_port }}
+      hostIP: "{{ external_ip | default(ansible_default_ipv4.address) }}"
     volumeMounts:
     - name: config
       subPath: jvb
@@ -157,13 +172,11 @@ spec:
     - name: JVB_BREWERY_MUC
       value: jvbbrewery
     - name: JVB_PORT
-      value: "10000"
+      value: "{{ jitsi_meet_jvb_port }}"
     - name: JVB_TCP_HARVESTER_DISABLED
       value: "true"
-    - name: JVB_STUN_SERVERS
-      value: stun.l.google.com:19302,stun1.l.google.com:19302,stun2.l.google.com:19302
     - name: DOCKER_HOST_ADDRESS
-      value: "{{ ansible_default_ipv4.address }}"
+      value: "{{ external_ip | default(ansible_default_ipv4.address) }}"
 
     - name: TZ
       value: {{ jitsi_meet_timezone }}
diff --git a/roles/apps/nextcloud/tasks/main.yml b/roles/apps/nextcloud/tasks/main.yml
index 7d52be32..68e9dc78 100644
--- a/roles/apps/nextcloud/tasks/main.yml
+++ b/roles/apps/nextcloud/tasks/main.yml
@@ -12,7 +12,7 @@
   - name: create zfs volumes for instances
     loop: "{{ nextcloud_instances | dict2items }}"
     loop_control:
-      label: "{{ item.key }} ({{ item.value.quota }})"
+      label: "{{ item.key }} ({{ item.value.quota | default('-') }})"
     zfs:
       name: "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}/{{ item.key }}"
       state: present
@@ -174,7 +174,8 @@
     prompt: |
       ************* {{ item.key }} is a new instance
       **
-      **  Please run the following commands to finalize the installation
+      **  Go to https://{{ item.value.hostnames[0] }} and finalize the
+      **  installation. After that run the following commands:
       **
       **  $ nextcloud-occ {{ item.key }} db:add-missing-indices
       **  $ nextcloud-occ {{ item.key }} db:convert-filecache-bigint
diff --git a/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2 b/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2
index dfef3810..72f8cb7a 100644
--- a/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2
+++ b/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2
@@ -41,6 +41,7 @@ spec:
     ports:
     - containerPort: 8080
       hostPort: {{ item.value.port }}
+      hostIP: 127.0.0.1
   - name: database
     image: "mariadb:{{ item.value.database.version }}"
     args:
diff --git a/roles/kubernetes/base/tasks/cri_docker.yml b/roles/kubernetes/base/tasks/cri_docker.yml
index 50558d70..0c400e2c 100644
--- a/roles/kubernetes/base/tasks/cri_docker.yml
+++ b/roles/kubernetes/base/tasks/cri_docker.yml
@@ -1,11 +1,22 @@
 ---
-
 - name: make sure the kubernetes_cri_socket variable is configured correctly
   assert:
     msg: "The variable kubernetes_cri_socket is not configured correctly. You might need to move your host to the group kubernetes-cluster or standalone-kubelet!"
     that:
       -  not kubernetes_cri_socket
 
+- name: create systemd snippet directory
+  file:
+    path:  /etc/systemd/system/kubelet.service.d/
+    state: directory
+
+- name: install systemd snippet to make sure kubelet starts after docker
+  copy:
+    content: |
+      [Unit]
+      After=docker.service
+    dest: /etc/systemd/system/kubelet.service.d/after-docker.conf
+
 - name: disable bridge and iptables in docker daemon config
   set_fact:
     docker_daemon_config: "{{ docker_daemon_config | default({}) | combine({'exec-opts': ['native.cgroupdriver=systemd'], 'bridge': 'none', 'iptables': false}) }}"
diff --git a/roles/nginx/base/defaults/main.yml b/roles/nginx/base/defaults/main.yml
index 9dd53cdf..79c79b49 100644
--- a/roles/nginx/base/defaults/main.yml
+++ b/roles/nginx/base/defaults/main.yml
@@ -14,3 +14,5 @@ nginx_snippets:
 nginx_dhparam_size: 2048
 
 nginx_stream_module: no
+
+# nginx_server_names_hash_bucket_size: 64
diff --git a/roles/nginx/base/tasks/main.yml b/roles/nginx/base/tasks/main.yml
index b0e7df5b..572b1513 100644
--- a/roles/nginx/base/tasks/main.yml
+++ b/roles/nginx/base/tasks/main.yml
@@ -33,3 +33,12 @@
 - name: install and setup stream module
   when: nginx_stream_module
   import_tasks: stream.yml
+
+- name: configure server_names_hash_bucket_size
+  when: nginx_server_names_hash_bucket_size is defined
+  lineinfile:
+    regexp: "^(\\s*)#?\\s*server_names_hash_bucket_size\\s"
+    line: "\\1server_names_hash_bucket_size {{ nginx_server_names_hash_bucket_size }};"
+    dest: /etc/nginx/nginx.conf
+    backrefs: yes
+  notify: restart nginx