Sienna Meridian Satterwhite
f3faf31d4b
- meet-config: rename ALLOWED_HOSTS → DJANGO_ALLOWED_HOSTS (django-configurations ListValue uses DJANGO_ prefix by default; without it the list was empty and every browser request got 400 DisallowedHost) - meet-config: set LIVEKIT_API_URL to public https://livekit.DOMAIN_SUFFIX so the meet frontend can reach LiveKit for WebSocket signaling - pingora-config: add livekit.DOMAIN_SUFFIX → livekit-server:80 WebSocket route - cert-manager: add livekit.DOMAIN_SUFFIX to TLS cert dnsNames - oidc-clients: fix meet redirect URI /oidc/callback/ → /api/v1.0/callback/ (meet embeds mozilla-django-oidc inside the api/v1.0/ prefix); add postLogoutRedirectUri for clean logout - livekit-values: replace hardcoded devkey:secret-placeholder with key_file loaded from a VSO-managed K8s Secret (secret/livekit in OpenBao) - media/vault-secrets: add VaultAuth + VaultStaticSecret for media namespace to sync livekit API credentials from OpenBao
53 lines
1.3 KiB
YAML
53 lines
1.3 KiB
YAML
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
|
|
namespace: media
|
|
|
|
resources:
|
|
- namespace.yaml
|
|
- vault-secrets.yaml
|
|
|
|
helmCharts:
|
|
# helm repo add livekit https://helm.livekit.io
|
|
# releaseName=livekit-server matches chart name → Helm deduplicates the prefix,
|
|
# so resources are named `livekit-server` instead of `livekit-livekit-server`.
|
|
- name: livekit-server
|
|
repo: https://helm.livekit.io
|
|
version: "1.9.0"
|
|
releaseName: livekit-server
|
|
namespace: media
|
|
valuesFile: livekit-values.yaml
|
|
|
|
# The livekit-server chart does not set .Release.Namespace in its templates,
|
|
# so kustomize's namespace field doesn't inject it automatically.
|
|
# Patch namespace onto each chart-rendered resource explicitly.
|
|
patches:
|
|
- patch: |
|
|
- op: add
|
|
path: /metadata/namespace
|
|
value: media
|
|
target:
|
|
kind: Deployment
|
|
name: livekit-server
|
|
- patch: |
|
|
- op: add
|
|
path: /metadata/namespace
|
|
value: media
|
|
target:
|
|
kind: Service
|
|
name: livekit-server
|
|
- patch: |
|
|
- op: add
|
|
path: /metadata/namespace
|
|
value: media
|
|
target:
|
|
kind: Service
|
|
name: livekit-server-turn
|
|
- patch: |
|
|
- op: add
|
|
path: /metadata/namespace
|
|
value: media
|
|
target:
|
|
kind: ConfigMap
|
|
name: livekit-server
|