Open kfarr opened 6 months ago
Solution 1A, hardcoding the key in your YAML, does seem to work. Please note that it requires re-logging in once you've applied hcce.yaml. I'm guessing the re-login is required to issue a new JWT that uses the new key. However that is not the correct long-term solution so let's keep this issue open.
Solution 1B, using the docker method, also seems to work. See this Dockerfile
file from @Doginal
https://github.com/mozilla/hubs-cloud/pull/324/commits
and then run something like this if my notes are correct
docker build . -t hubs-ce-builder:latest
chmod +x render_hcce.sh
sudo docker run --rm -it -v $(pwd):/app hubs-ce-builder:latest
For 2B, answer from @Doginal and chatgpt, validated by @kfarr as working.
We need each node worker (the hardware you provisioned for gke) on the gke cluster to have those ports open to the internet as coturn and dialog like to connect via ip not dns.
To convert these AWS CLI commands to their equivalent gcloud commands for use with Google Cloud Platform, you'll need to use the gcloud compute firewall-rules create command. This command is used to create firewall rules in Google Cloud, similar to how security group rules are managed in AWS.
Here are the equivalent gcloud commands for each of your AWS CLI commands:
For TCP port 4443:
gcloud compute firewall-rules create rule-name-1 --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=tcp:4443 --source-ranges=0.0.0.0/0
For TCP port 5349:
gcloud compute firewall-rules create rule-name-2 --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=tcp:5349 --source-ranges=0.0.0.0/0
For UDP ports 35000 to 60000:
gcloud compute firewall-rules create rule-name-3 --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=udp:35000-60000 --source-ranges=0.0.0.0/0
For 2B, answer from @Doginal and chatgpt, validated by @kfarr as working.
We need each node worker (the hardware you provisioned for gke) on the gke cluster to have those ports open to the internet as coturn and dialog like to connect via ip not dns.
To convert these AWS CLI commands to their equivalent gcloud commands for use with Google Cloud Platform, you'll need to use the gcloud compute firewall-rules create command. This command is used to create firewall rules in Google Cloud, similar to how security group rules are managed in AWS.
Here are the equivalent gcloud commands for each of your AWS CLI commands:
For TCP port 4443:
gcloud compute firewall-rules create rule-name-1 --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=tcp:4443 --source-ranges=0.0.0.0/0
For TCP port 5349:
gcloud compute firewall-rules create rule-name-2 --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=tcp:5349 --source-ranges=0.0.0.0/0
For UDP ports 35000 to 60000:
gcloud compute firewall-rules create rule-name-3 --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=udp:35000-60000 --source-ranges=0.0.0.0/0
I can confirm running these gcloud commands immediately allowed my two browsers to have working audio.
After deployment using vanilla deployment method, and when user attempts to create a room, there is an error:
Potential causes: 1) newline issue - zsh / bash handle newlines differently
\n
instead of\\n
it needs to be escaped"-----BEGIN PRIVATE KEY-----\nMIIE"
... where MIIE are the first 4 characters of the key"-----BEGIN PRIVATE KEY-----\\nMIIE"
2) ports are blocked that are required by various hubs servicesPotential solutions: 1A) Hardcode the key in your YAML; 1B) newline within docker method 2B) May involve create a k8s network policy YAML, and/or changing GCP specific settings for Service workers / applications behind the haproxy firewall