search

jitsi-contrib / jitsi-kubernetes

Tools and tutorials hwo to run the Jitsi Meet stack in a Kubernetes Cluster.
Apache License 2.0
117 stars 37 forks source link

kustomize example not working #13

Open r3k2 opened 3 years ago

r3k2 commented 3 years ago

Hello I been banging my head trying to get this to work. I have installed ingress-nginx following this since I am using digital ocean https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes After this is working I removed the echo1 and echo2 that it was used for testing.. I installed the kustomize from here following with details the examples.

kubectl apply -k  ./kubernetes-jitsi
serviceaccount/jitsi unchanged
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/jitsi-privileged configured
role.rbac.authorization.k8s.io/jitsi-privileged unchanged
rolebinding.rbac.authorization.k8s.io/jitsi-privileged unchanged
service/jvb-udp unchanged
service/web unchanged
deployment.apps/jitsi unchanged
ingress.networking.k8s.io/jitsi configured

when I do a kubectl describe certificate -A it shows the cert created. but I have two problems that may be related.

  1. I get a invalid cert..
  2. even if I accept it and move pass it I go to a page 404 not found from nginx.

on the describe ingress 

 kubectl describe ingress
No resources found in default namespace.
[rek2@rek2laptop friendlyverse]$ kubectl describe ingress -A
Name:             jitsi
Namespace:        jitsi
Address:          
Default backend:  default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
  tls-prod-jitsi terminates vid1.example.com
Rules:
  Host             Path  Backends
  ----             ----  --------
  vid1.example.com  
                   /   web:80 (10.244.0.204:80)
Annotations:       cert-manager.io/cluster-issuer: letsencrypt-prod
Events:
  Type    Reason             Age   From          Message
  ----    ------             ----  ----          -------
  Normal  CreateCertificate  31m   cert-manager  Successfully created Certificate "tls-jitsi"
  Normal  CreateCertificate  10m   cert-manager  Successfully created Certificate "tls-prod-jitsi"
  Normal  DeleteCertificate  10m   cert-manager  Successfully deleted unrequired Certificate "tls-jitsi"

I changed the secret to get another cert from tls-jitsi to tls-prod-jitsi but still same issue.. also there is a missing backend error in that output...

any tips? Thanks

r3k2 commented 3 years ago

@rsoika @sapkra @marner2 @pierreozoux Hello im stuck on this, anyone have any idea? I notice Address is empty. we using a load balancer on digital ocean could this be the cause that we need extra step?

r3k2 commented 3 years ago

ok I figure it out... this tutorial says to follow the ingress nginx already installed and such I did but what it does not say is that we need to link this jitsi role to "nginx class" so it picks it up:

metadata:
  name: jitsi
  namespace: jitsi
  annotations:
    kubernetes.io/ingress.class: "nginx"   <-------------- THIS!!!
    cert-manager.io/cluster-issuer: "letsencrypt-prod"

now is working and I am getting an ip on the jitsi role:

kubectl get ingress -n jitsi      ░▒▓ ✔  at do-nyc3-jitsirocketchat ⎈  at 16:32:38  
NAME    CLASS    HOSTS             ADDRESS         PORTS     AGE
jitsi   <none>   vid1.example.com   159.xx.xx.xx   80, 443   22h

please update the steps so others wont get confused

pierreozoux commented 3 years ago

@r3k2 you can update it also :) and help with your experience :)

r3k2 commented 3 years ago

@pierreozoux sure, I dont use github to much for PR's anymore just gitlab/sourcehut etc but I will see if I can do a PR later this evening.

rsoika commented 3 years ago

@pierreozoux thanks for you feedback. I just updated the documentation according to your imput. Please make a short review:

https://github.com/jitsi-contrib/jitsi-kubernetes/tree/main/doc/kustomize#linking-the-ingressclass-nginx