Awesome

Helm Chart for Jitsi Meet

jitsi-meet Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application.

TL;DR;

helm repo add jitsi https://jitsi-contrib.github.io/jitsi-helm/
helm install myjitsi jitsi/jitsi-meet

Introduction

This chart bootstraps a jitsi-meet deployment, like the official one.

Exposing your Jitsi Meet installation

To be able to do video conferencing with other people, the JVB component should be reachable by all participants (e.g. on a public IP). Thus the default behaviour of advertised the internal IP of JVB, is not really suitable in many cases. Kubernetes offers multiple possibilities to work around the problem. Not all options are available depending on the Kubernetes cluster setup. The chart tries to make all options available without enforcing one.

Option 1: service of type `LoadBalancer`

This requires a cloud setup that enables a Loadbalancer attachement. This could be enabled via values:

jvb:
  service:
    type: LoadBalancer

  # Depending on the cloud, LB's public IP cannot be known in advance, so deploy first, without the next option.
  # Next: redeploy with the following option set to the public IP you retrieved from the API.
  # Additionally, you can add your cluster's public IPs if you want to use direct connection as a fallback.
  publicIPs:
    - 1.2.3.4
    # - 30.10.10.1
    # - 30.10.10.2

In this case you're not allowed to change the jvb.replicaCount to more than 1, UDP packets will be routed to random jvb, which would not allow for a working video setup.

Option 2: NodePort and node with Public IP or external loadbalancer

jvb:
  service:
    type: NodePort
  # Set the following variable if you want to use a specific external port for the service.
  # The default is to select a random port from Kubelet's allowed NodePort range (30000-32767).

  # nodePort: 10000

  # Use public IP of one (or more) of your nodes,
  # or the public IP of an external LB:
  publicIPs:
    - 30.10.10.1

In this case you're not allowed to change the jvb.replicaCount to more than 1, UDP packets will be routed to random jvb, which would not allow for a working video setup.

Option 3: hostPort and node with Public IP

jvb:
  useHostPort: true
  # Use public IP of one (or more) of your nodes,
  # or the public IP of an external LB:
  publicIPs:
    - 30.10.10.1

In this case you can have more the one jvb but you're putting you cluster at risk by having the nodes IPs and JVB ports directly exposed on the Internet.

Option 3.1: hostPort and auto-detected Node IP

jvb:
  useHostPort: true
  useNodeIP: true

This is similar to option 3, but every JVB pod will auto-detect it's own external IP address based on the node it's running on. This option might be better suited for installations that use OCTO.

Option 4: hostNetwork

jvb:
  useHostNetwork: true

Similar to Option 3, this way you expose JVB "as is" on the node, without any additional protection. This is not recommended, but might be useful in some rare cases.

Option 4: Use ingress TCP/UDP forward capabilities

In case of an ingress capable of doing tcp/udp forwarding (like nginx-ingress), it can be setup to forward the video streams.

# Don't forget to configure the ingress properly (separate configuration)
jvb:
  # 1.2.3.4 being one of the IP of the ingress controller
  publicIPs:
    - 1.2.3.4

Again in this case, only one jvb will work in this case.

Option 5: Bring your own setup

There are multiple other possibilities combining the available parameters, depending of your cluster/network setup.

Recording and streaming support

This chart includes support for Jibri, which allows Jitsi Meet users to record and stream their meetings. To enable Jibri support, add this section to your values.yaml:

jibri:
  ## Enabling Jibri will allow users to record
  ## and/or stream their meetings (e.g. to YouTube).
  enabled: true

  ## Enable single-use mode for Jibri (recommended).
  singleUseMode: false

  ## Enable multiple Jibri instances.
  ## Secommended for single-use mode.
  replicaCount: 1

  ## Enable recording service.
  ## Set this to true/false to enable/disable local recordings.
  ## Defaults to enabled (allow local recordings).
  recording: true

  ## Enable livestreaming service.
  ## Set this to true/false to enable/disable live streams.
  ## Defaults to disabled (livestreaming is forbidden).
  livestreaming: true

  ## Enable persistent storage for local recordings.
  ## If disabled, jibri pod will use a transient
  ## emptyDir-backed storage instead.
  persistence:
    enabled: true
    size: 32Gi

  shm:
    ## Set to true to enable "/dev/shm" mount.
    ## May be required by built-in Chromium.
    enabled: true

The above example will allow your Jitsi users to make local recordings, as well as live streams of their meetings.

Scaling your installation

At the moment you can freely scale Jitsi Web and Jibri pods, as they're stateless and require zero special configuration to work in multi-instance setup:

web:
  replicaCount: 3

jibri:
  replicaCount: 3

Also, this chart supports JVB scaling based on OCTO Relay feature, which allows different users to connect to different bridges and still see and hear each other. This feature requires some additional configuration. Here's an example based on the Option 3.1 mentioned above:

jvb:
  ## Set JVB instance count:
  replicaCount: 3
  ## Expose JVB interface port to the outside world
  #  only on nodes that actually have it:
  useHostPort: true
  ## Make every JVB pod announce its Node's external
  #  IP address and nothing more:
  useNodeIP: true


octo:
  ## Enable OCTO support for both JVB and Jicofo:
  enabled: true

Please note that the JVB scaling feature is currently under-tested and thus considered experimental. Also note that this chart doesn't allow to scale JVB into multiple zones/regions yet: all JVB pods will be part of the single OCTO region named all.

Adding custom Prosody plugins

In case you want to extend your Jitsi Meet installation with additional Prosody features, you can add custom plugins using additional ConfigMap mounts like this:

prosody:
  extraVolumes:
    - name: prosody-modules
      configMap:
        name: prosody-modules
  extraVolumeMounts:
    - name: prosody-modules
      subPath: mod_measure_client_presence.lua
      mountPath: /prosody-plugins-custom/mod_measure_client_presence.lua

Configuration

The following table lists the configurable parameters of the jisti-meet chart and their default values.

Parameter	Description	Default
`imagePullSecrets`	List of names of secrets resources containing private registry credentials	`[]`
`enableAuth`	Enable authentication	`false`
`enableGuests`	Enable guest access	`true`
`websockets.colibri.enabled`	Enable WebSocket support for JVB/Colibri	`false`
`websockets.xmpp.enabled`	Enable WebSocket support for Prosody/XMPP	`false`
`jibri.enabled`	Enable Jibri service	`false`
`jibri.useExternalJibri`	Use external Jibri service, instead of chart-provided one	`false`
`jibri.singleUseMode`	Enable Jibri single-use mode	`false`
`jibri.recording`	Enable local recording service	`true`
`jibri.livestreaming`	Enable livestreaming service	`false`
`jibri.persistence.enabled`	Enable persistent storage for Jibri recordings	`false`
`jibri.persistence.size`	Jibri persistent storage size	`4Gi`
`jibri.persistence.existingClaim`	Use pre-created PVC for Jibri	`(unset)`
`jibri.persistence.storageClassName`	StorageClass to use with Jibri	`(unset)`
`jibri.shm.enabled`	Allocate shared memory to Jibri pod	`false`
`jibri.shm.useHost`	Pass `/dev/shm` from host to Jibri	`false`
`jibri.shm.size`	Jibri shared memory size	`2Gi`
`jibri.replicaCount`	Number of replica of the jibri pods	`1`
`jibri.image.repository`	Name of the image to use for the jibri pods	`jitsi/jibri`
`jibri.extraEnvs`	Map containing additional environment variables for jibri	`{}`
`jibri.livenessProbe`	Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec	A livenessProbe map
`jibri.readinessProbe`	Map that holds the readiness probe, you can add parameters such as timeout or retries following the Kubernetes spec	A readinessProbe map
`jibri.breweryMuc`	Name of the XMPP MUC used by jibri	`jibribrewery`
`jibri.xmpp.user`	Name of the XMPP user used by jibri to authenticate	`jibri`
`jibri.xmpp.password`	Password used by jibri to authenticate on the XMPP service	10 random chars
`jibri.recorder.user`	Name of the XMPP user used by jibri to record	`recorder`
`jibri.recorder.password`	Password used by jibri to record on the XMPP service	10 random chars
`jibri.strategy`	Depolyment update strategy and parameters	`(unset)`
`jigasi.enabled`	Enable Jigasi service	`false`
`jigasi.useExternalJigasi`	Use external Jigasi service, instead of chart-provided one	`false`
`jigasi.replicaCount`	Number of replica of the Jigasi pods	`1`
`jigasi.image.repository`	Name of the image to use for the Jigasi pods	`jitsi/jigasi`
`jigasi.breweryMuc`	Name of the XMPP MUC used by Jigasi	`jigasibrewery`
`jigasi.xmpp.user`	Name of the XMPP user used by Jigasi to authenticate	`jigasi`
`jigasi.xmpp.password`	Password used by Jigasi to authenticate on the XMPP service	10 random chars
`jigasi.livenessProbe`	Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec	A livenessProbe map
`jigasi.readinessProbe`	Map that holds the readiness probe, you can add parameters such as timeout or retries following the Kubernetes spec	A readinessProbe map
`jigasi.extraEnvs`	Map containing additional environment variables for Jigasi	`{}`
`jicofo.replicaCount`	Number of replica of the jicofo pods	`1`
`jicofo.image.repository`	Name of the image to use for the jicofo pods	`jitsi/jicofo`
`jicofo.extraEnvs`	Map containing additional environment variables for jicofo	`{}`
`jicofo.livenessProbe`	Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec	A livenessProbe map
`jicofo.readinessProbe`	Map that holds the readiness probe, you can add parameters such as timeout or retries following the Kubernetes spec	A readinessProbe map
`jicofo.xmpp.password`	Password used by jicofo to authenticate on the XMPP service	10 random chars
`jicofo.xmpp.componentSecret`	Values of the secret used by jicofo for the xmpp-component	10 random chars
`jvb.publicIPs`	List of IP addresses for JVB to announce to clients	`(unset)`
`jvb.useNodeIP`	Auto-detect external IP address based on the Node IP	`false`
`jvb.stunServers`	List of STUN/TURN servers to announce to the users	`meet-jit-si-turnrelay.jitsi.net:443`
`jvb.service.enabled`	Boolean to enable os disable the jvb service creation	`false` if `jvb.useHostPort` is `true` otherwise `true`
`jvb.service.type`	Type of the jvb service	`ClusterIP`
`jvb.service.ipFamilyPolicy`	`ipFamilyPolicy` for the service (docs)	`(unset)`
`jvb.service.annotations`	Additional annotations for JVB service (might be useful for managed k8s)	`{}`
`jvb.service.extraPorts`	Additional ports to expose from your JVB pod(s)	`[]`
`jvb.UDPPort`	UDP port used by jvb, also affects port of service, and hostPort	`10000`
`jvb.nodePort`	UDP port used by NodePort service	`(unset)`
`jvb.useHostPort`	Enable HostPort feature (may not work on some CNI plugins)	`false`
`jvb.useHostNetwork`	Connect JVB pod to host network namespace	`false`
`jvb.extraEnvs`	Map containing additional environment variables to jvb	`{}`
`jvb.xmpp.user`	Name of the XMPP user used by jvb to authenticate	`jvb`
`jvb.xmpp.password`	Password used by jvb to authenticate on the XMPP service	10 random chars
`jvb.livenessProbe`	Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec	A livenessProbe map
`jvb.readinessProbe`	Map that holds the readiness probe, you can add parameters such as timeout or retries following the Kubernetes spec	A readinessProbe map
`jvb.metrics.enabled`	Boolean that control the metrics exporter for jvb. If true the `ServiceMonitor` will also created	`false`
`jvb.metrics.prometheusAnnotations`	Boolean that controls the generation of prometheus annotations, to expose metrics for HPA	`false`
`jvb.metrics.image.repository`	Default image repository for metrics exporter	`docker.io/systemli/prometheus-jitsi-meet-exporter`
`jvb.metrics.image.tag`	Default tag for metrics exporter	`1.1.5`
`jvb.metrics.image.pullPolicy`	ImagePullPolicy for metrics exporter	`IfNotPresent`
`jvb.metrics.serviceMonitor.enabled`	`ServiceMonitor` for Prometheus	`true`
`jvb.metrics.serviceMonitor.selector`	Selector for `ServiceMonitor`	`{ release: prometheus-operator }`
`jvb.metrics.serviceMonitor.interval`	Interval for `ServiceMonitor`	`10s`
`jvb.metrics.serviceMonitor.honorLabels`	Make `ServiceMonitor` honor labels	`false`
`jvb.metrics.resources`	Resources for the metrics container	`{ requests: { cpu: 10m, memory: 16Mi }, limits: { cpu: 20m, memory: 32Mi } }`
`octo.enabled`	Boolean to enable or disable the OCTO mode, for a single region	`false`
`web.httpsEnabled`	Boolean that enabled tls-termination on the web pods. Useful if you expose the UI via a `Loadbalancer` IP instead of an ingress	`false`
`web.httpRedirect`	Boolean that enabled http-to-https redirection. Useful for ingress that don't support this feature (ex: GKE ingress)	`false`
`web.resolverIP`	Override nameserver IP for Web container	(unset, use auto-detected nameserver IP)
`web.extraEnvs`	Map containing additional environment variable to web pods	`{}`
`web.livenessProbe`	Map that holds the liveness probe, you can add parameters such as timeout or retries following the Kubernetes spec	A livenessProbe map
`web.readinessProbe`	Map that holds the readiness probe, you can add parameters such as timeout or retries following the Kubernetes spec	A readinessProbe map
`tz`	System Time Zone	`Europe/Amsterdam`

Package

helm package . -d docs
helm repo index docs --url https://jitsi-contrib.github.io/jitsi-helm/