# Copyright 2019 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apps/v1 kind: Deployment metadata: name: turn-web-aggregator namespace: pod-broker-system labels: app: turn-web-aggregator spec: replicas: 1 selector: matchLabels: app: turn-web-aggregator template: metadata: labels: app: turn-web-aggregator spec: serviceAccount: pod-broker terminationGracePeriodSeconds: 10 containers: ### # HTTP api for serving aggregated json RTC configs. ### - name: web image: gcr.io/cloud-solutions-images/kube-pod-broker-coturn-web:latest env: # Run the web service in aggregator mode, serving addresses to all TURN nodes in json response. - name: DISCOVERY_DNS_NAME value: "turn-discovery.pod-broker-system.svc.cluster.local" - name: DISCOVERY_PORT_NAME value: "turn" # Use broker cookie secret for shared secret - name: TURN_SHARED_SECRET valueFrom: secretKeyRef: name: pod-broker key: COOKIE_SECRET # TURN realm from pod broker domain config map value - name: TURN_REALM valueFrom: configMapKeyRef: name: pod-broker-config key: POD_BROKER_PARAM_Domain - name: "PORT" value: "8080" # This is the port that will be written in the JSON response and must match what the coturn service is listening on. - name: TURN_PORT value: "3478" # Name of the auth header to get user name from - name: AUTH_HEADER_NAME value: "x-goog-authenticated-user-email" readinessProbe: tcpSocket: port: 8080 ports: - name: rest containerPort: 8080 ### # TURN node watcher sidecar # Updates Endpoints object with node external IP for DNS discovery. ### - name: node-watcher image: gcr.io/cloud-solutions-images/kube-pod-broker-coturn-web:latest command: ["/node_watcher.sh"] env: # Add the node name as an ENV var. # Used to determine if node is part of a private cluster by checking the value of the cloud.google.com/gke-private-cluster custom node label. - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: DISCOVERY_SVC_NAME value: "turn-discovery" - name: SVC_PORT value: "3478" - name: SVC_PORT_NAME value: "turn"