From 13944ceebd600af927995fce2dda606b4ac4ed38 Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Thu, 6 Mar 2025 11:23:02 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7(livekit)=20create=20custom=20LiveK?= =?UTF-8?q?it=20image=20with=20nip.io=20CA=20certificate?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Override LiveKit Docker image to include nip.io Certificate Authority for development environment. Addresses issue where LiveKit webhook calls fail in dev mode due to unknown CA. Custom image places certificate in appropriate location since LiveKit chart lacks volume mounting options for CA certs or webhook SSL disabling capabilities. Discussed with @rouja. --- .gitignore | 3 +++ bin/Tiltfile | 17 +++++++++++++++++ docker/livekit/Dockerfile | 6 ++++++ .../dev-keycloak/values.livekit.yaml.gotmpl | 5 +++++ src/helm/env.d/dev/values.livekit.yaml.gotmpl | 5 +++++ 5 files changed, 36 insertions(+) create mode 100644 docker/livekit/Dockerfile diff --git a/.gitignore b/.gitignore index 9e47df74..ce30ef9d 100644 --- a/.gitignore +++ b/.gitignore @@ -79,3 +79,6 @@ db.sqlite3 # Egress output docker/livekit/out + +# LiveKit CA configuration +docker/livekit/rootCA.pem diff --git a/bin/Tiltfile b/bin/Tiltfile index 18f8e769..7cd6d95e 100644 --- a/bin/Tiltfile +++ b/bin/Tiltfile @@ -45,6 +45,23 @@ docker_build( ) clean_old_images('localhost:5001/meet-summary') +# Copy the mkcert root CA certificate to our Docker build context +# This is necessary because we need to inject the certificate into our LiveKit container +local_resource( + 'copy-root-ca', + cmd='cp "$(mkcert -CAROOT)/rootCA.pem" ../docker/livekit/rootCA.pem', + deps=[], # No dependencies needed +) +# Build a custom LiveKit Docker image that includes our root CA certificate +# This allows LiveKit to trust our local development certificates +docker_build( + 'localhost:5001/meet-livekit:latest', + context='../docker/livekit', + dockerfile='./../docker/livekit/Dockerfile', + only=['.'], +) +clean_old_images('localhost:5001/meet-livekit') + k8s_yaml(local('cd ../src/helm && helmfile -n meet -e ${DEV_ENV:-dev} template .')) migration = ''' diff --git a/docker/livekit/Dockerfile b/docker/livekit/Dockerfile new file mode 100644 index 00000000..e211bff4 --- /dev/null +++ b/docker/livekit/Dockerfile @@ -0,0 +1,6 @@ +FROM livekit/livekit-server:latest + +# We inject the nip.io certificate manually because the livekit chart doesn't support volume mounting +COPY rootCA.pem /etc/ssl/certs/ + +ENTRYPOINT ["/livekit-server"] diff --git a/src/helm/env.d/dev-keycloak/values.livekit.yaml.gotmpl b/src/helm/env.d/dev-keycloak/values.livekit.yaml.gotmpl index 8aa59287..aac470fa 100644 --- a/src/helm/env.d/dev-keycloak/values.livekit.yaml.gotmpl +++ b/src/helm/env.d/dev-keycloak/values.livekit.yaml.gotmpl @@ -1,6 +1,11 @@ replicaCount: 1 terminationGracePeriodSeconds: 18000 +image: + repository: localhost:5001/meet-livekit + pullPolicy: Always + tag: "latest" + livekit: log_level: debug rtc: diff --git a/src/helm/env.d/dev/values.livekit.yaml.gotmpl b/src/helm/env.d/dev/values.livekit.yaml.gotmpl index 45622548..dd63e514 100644 --- a/src/helm/env.d/dev/values.livekit.yaml.gotmpl +++ b/src/helm/env.d/dev/values.livekit.yaml.gotmpl @@ -1,6 +1,11 @@ replicaCount: 1 terminationGracePeriodSeconds: 18000 +image: + repository: localhost:5001/meet-livekit + pullPolicy: Always + tag: "latest" + livekit: log_level: debug rtc: