Jitsi JVB container fails to deploy

[ryannix123]

@ktenzer So far, so good!

I'm having trouble deploying Jitsi, and I'm wondering if it's related to Jitsi running as root? The JVB image won't deploy, but all the other components do deploy successfully.

Since I'm not running Podman on my instance of OKD, should I use @shetze 's patch and create my own my non-root Jitsi Docker image on Quay?

Screen shot: https://drive.google.com/file/d/1x2DRpk9sf8Q18jc1qQdPc_Bydc5BNmW0/view?usp=sharing

[ktenzer]

This looks like issue with node selector. The operator will deploy the jvb to a node that matches the node selector. If you used the CR to create an instance of podium then the default node selector is app=jvb. You need to label a node with that so OKD knows where to deploy jvb. Reason we do this is that the jvb is the video bridge. It communicates directly with clients (web browser) of anyone joining video call. The node where jvb runs needs external IP as such and usually you dont want to have external IPs on all your nodes so we pin it to one node.

Did you label a node with app=jvb as is documented under operator deployment? oc label node ocp4-n4krq-worker-v996z app=jvb

[ryannix123]

Hi Keith,

We're running OKD 3.11, so we can't use the Operator, which I would prefer to do!.

Here is the error that I get when trying to run the label function.

oc label node ocp4-n4krq-worker-v996z app=jvb
Error from server (Forbidden): nodes "ocp4-n4krq-worker-v996z" is forbidden: User "rtn361@ads.northwestern.edu" cannot get nodes at the cluster scope: no RBAC policy matched

[ktenzer]

Yes you can use the Operator. Operators work fine in OKD or OCP 3.11. What doesnt is OLM (operator lifecycle manager) and operatorhub but following steps I provided avoids that.

Regarding your error ocp4-n4krq-worker-v996z is the node on my cluster. You need to replace that with a node on your cluster!

[ryannix123]

I must have misunderstood your comment on a previous thread about the Operator.

I logged into our single-node OKD 3.11 instance as the cluster-admin (Grant Shipley's Install OKD scrip), and obtained the name of the single node.

oc get node openshift
NAME        STATUS    ROLES                  AGE       VERSION
openshift   Ready     compute,infra,master   16d       v1.11.0+d4cacc0

However, as my unprivileged account, I can't label the node, but I can as the cluster-admin.

oc label node openshift app=jvb
Error from server (Forbidden): nodes "openshift" is forbidden: User "rtn361@ads.northwestern.edu" cannot get nodes at the cluster scope: no RBAC policy matched

oc label node openshift app=jvb
node/openshift labeled

Is that what I was supposed to do?

[ktenzer]

Yes you need to label whatever node you want to run the jvb service, in your case if you have just one node well then thats it

closing as this seems to be clarrified.