blob: bafff0aa995199cd802cef96941ddda4d44513bb (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
---
### This hack is necessary becasue: https://github.com/kubernetes/kubernetes/issues/56374 and https://github.com/moby/moby/issues/8460
### at the moment there are two possible workarounds:
## - Setting sysctl net.ipv4.ip_unprivileged_port_start=0.
## This does not work because kubelet would not allow this for containers using host networking (and actually this would be a bad idea anyway).
## - Adding the CAP_NET_BIND_SERVICE capability on the turnserver binary file inside the container.
## This what we are doning here.
- name: create build directory for custom image
file:
path: "{{ coturn_base_path }}/{{ coturn_realm }}/build"
state: directory
- name: generate Dockerfile for custom image
copy:
content: |
FROM instrumentisto/coturn:{{ coturn_version }}
RUN apk --no-cache add libcap && setcap CAP_NET_BIND_SERVICE=+ep /usr/bin/turnserver
dest: "{{ coturn_base_path }}/{{ coturn_realm }}/build/Dockerfile"
register: coturn_custom_image_docker
- name: build custom image
docker_image:
name: "instrumentisto/coturn/{{ coturn_realm }}:{{ coturn_version }}"
state: present
force_source: "{{ coturn_custom_image_docker is changed }}"
source: build
build:
path: "{{ coturn_base_path }}/{{ coturn_realm }}/build"
network: host
pull: yes
|