studio/meet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔧(livekit) create custom LiveKit image with nip.io CA certificate

Browse Source 
Override LiveKit Docker image to include nip.io Certificate Authority for
development environment. Addresses issue where LiveKit webhook calls fail in
dev mode due to unknown CA. Custom image places certificate in appropriate
location since LiveKit chart lacks volume mounting options for CA certs or
webhook SSL disabling capabilities.

Discussed with @rouja.
This commit is contained in:
lebaudantoine
2025-03-06 11:23:02 +01:00
committed by aleb_the_flash
parent 50719e8c25
commit 13944ceebd
5 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -79,3 +79,6 @@ db.sqlite3
# Egress output # Egress output
docker/livekit/out docker/livekit/out
# LiveKit CA configuration
docker/livekit/rootCA.pem

17
bin/Tiltfile
View File

@@ -45,6 +45,23 @@ docker_build(
) )
clean_old_images('localhost:5001/meet-summary') clean_old_images('localhost:5001/meet-summary')
# Copy the mkcert root CA certificate to our Docker build context
# This is necessary because we need to inject the certificate into our LiveKit container
local_resource(
'copy-root-ca',
cmd='cp "$(mkcert -CAROOT)/rootCA.pem" ../docker/livekit/rootCA.pem',
deps=[], # No dependencies needed
)
# Build a custom LiveKit Docker image that includes our root CA certificate
# This allows LiveKit to trust our local development certificates
docker_build(
'localhost:5001/meet-livekit:latest',
context='../docker/livekit',
dockerfile='./../docker/livekit/Dockerfile',
only=['.'],
)
clean_old_images('localhost:5001/meet-livekit')
k8s_yaml(local('cd ../src/helm && helmfile -n meet -e ${DEV_ENV:-dev} template .')) k8s_yaml(local('cd ../src/helm && helmfile -n meet -e ${DEV_ENV:-dev} template .'))
migration = ''' migration = '''

6
docker/livekit/Dockerfile Normal file
View File

@@ -0,0 +1,6 @@
FROM livekit/livekit-server:latest
# We inject the nip.io certificate manually because the livekit chart doesn't support volume mounting
COPY rootCA.pem /etc/ssl/certs/
ENTRYPOINT ["/livekit-server"]

5
src/helm/env.d/dev-keycloak/values.livekit.yaml.gotmpl
View File

@@ -1,6 +1,11 @@
replicaCount: 1 replicaCount: 1
terminationGracePeriodSeconds: 18000 terminationGracePeriodSeconds: 18000
image:
repository: localhost:5001/meet-livekit
pullPolicy: Always
tag: "latest"
livekit: livekit:
log_level: debug log_level: debug
rtc: rtc:

5
src/helm/env.d/dev/values.livekit.yaml.gotmpl
View File

@@ -1,6 +1,11 @@
replicaCount: 1 replicaCount: 1
terminationGracePeriodSeconds: 18000 terminationGracePeriodSeconds: 18000
image:
repository: localhost:5001/meet-livekit
pullPolicy: Always
tag: "latest"
livekit: livekit:
log_level: debug log_level: debug
rtc: rtc: