Skip to content

Commit

Permalink
feat: Google NEG annotations for GCLB (#69)
Browse files Browse the repository at this point in the history
* feat: deployment annotations

* feat: GCLB

* fix: duplicate annotations

* feat: add sample file
  • Loading branch information
arrase authored Jun 26, 2023
1 parent e68ba57 commit 3257561
Show file tree
Hide file tree
Showing 4 changed files with 104 additions and 5 deletions.
96 changes: 96 additions & 0 deletions gclb-sample.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
# LiveKit Helm chart will set up a Deployment, Service, HPA, and Ingress as either
# a single or multi-node LiveKit deployment.
# After installing this chart, you would still need to
# * Open ports on the firewall to the hosts (see https://docs.livekit.io/deploy/ports-firewall)
# * Update DNS of hostnames to the ingress/service that were created

replicaCount: 1

# Suggested value for gracefully terminate the pod: 5 hours
terminationGracePeriodSeconds: 18000

livekit:
# port: 7880
# Uncomment to enable prometheus metrics
# prometheus_port: 6789
log_level: info
rtc:
use_external_ip: true
# default ports used
port_range_start: 50000
port_range_end: 60000
tcp_port: 7881
redis:
address: <redis_host:port>
# db: 0
# username:
# password:
# use_tls: true
# one or more API key/secret pairs
# see https://docs.livekit.io/guides/getting-started/#generate-api-key-and-secret
keys:
myapikey: "myapisecret"
turn:
enabled: true
# must match domain of your TLS cert
domain: turn.myhost.com
# tls_port must be 443 if turn load balancer is disabled
tls_port: 3478
# udp_port should be 443 for best connectivity through firewalls
udp_port: 443
# uncomment if you will manage TLS termination for TURN, secretName is not used
# when external_tls is set
# external_tls: true
# Kubernetes Secret containing TLS cert for <turn.myhost.com>
# See https://docs.livekit.io/deploy/kubernetes/#importing-ssl-certificates
secretName: <tlssecret>
# set the Kubernetes serviceType for the TURN service. By default it sets it to "LoadBalancer"
# See kubernetes serviceTypes on official documentation: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
serviceType: "LoadBalancer"

loadBalancer:
# valid values: disable, alb, aws, gke, gke-managed-cert, gke-native-vpc, do
# on AWS, we recommend using alb load balancer, which supports TLS termination
# * in order to use alb, aws-ingress-controller must be installed
# https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html
# * for gke-managed-cert type follow https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
# and set staticIpName to your reserved static IP, and certificateName to be
# name of the managed cert
# * for do uncomment clusterIssuer with your cert manager issuer
type: gclb
# staticIpName: <nameofIpAddressCreated>
# certificateName: <nameOfCert>
# clusterIssuer: letsencrypt-prod
tls:
# - hosts:
# - livekit.myhost.com
# with alb, certificates needs to reside in ACM for self-discovery
# with do, use cert-manager and create certificate for turn. Load balancer is autoamtic
# with gke, specify one or more secrets to use for the certificate
# see: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-multi-ssl#specifying_certificates_for_your_ingress
# secretName: <mysecret>

# autoscaling requires resources to be defined
autoscaling:
# set to true to enable autoscaling. when set, ignores replicaCount
enabled: false
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 60

# if LiveKit should run only on specific nodes
# this can be used to isolate designated nodes
nodeSelector:
{}
# node.kubernetes.io/instance-type: c5.2xlarge

resources:
{}
# Due to port restrictions, you can run only one instance of LiveKit per physical
# node. Because of that, we recommend giving it plenty of resources to work with
# limits:
# cpu: 6000m
# memory: 2048Mi
# requests:
# cpu: 4000m
# memory: 1024Mi
2 changes: 1 addition & 1 deletion livekit-server/templates/backendconfig.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if or (eq .Values.loadBalancer.type "gke") (eq .Values.loadBalancer.type "gke-managed-cert") (eq .Values.loadBalancer.type "gke-vpc-native") -}}
{{- if or (eq .Values.loadBalancer.type "gke") (eq .Values.loadBalancer.type "gke-managed-cert") (eq .Values.loadBalancer.type "gke-vpc-native") (eq .Values.loadBalancer.type "gclb") -}}
apiVersion: cloud.google.com/v1
kind: BackendConfig
metadata:
Expand Down
2 changes: 1 addition & 1 deletion livekit-server/templates/ingress.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if ne .Values.loadBalancer.type "disable" -}}
{{- if and (ne .Values.loadBalancer.type "disable") (ne .Values.loadBalancer.type "gclb") -}}
{{- $fullName := include "livekit-server.fullname" . -}}
{{- $svcPort := .Values.loadBalancer.servicePort -}}
kind: Ingress
Expand Down
9 changes: 6 additions & 3 deletions livekit-server/templates/service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,15 @@ metadata:
service.beta.kubernetes.io/aws-load-balancer-type: nlb
{{- else if or (eq .Values.loadBalancer.type "gke") (eq .Values.loadBalancer.type "gke-managed-cert") (eq .Values.loadBalancer.type "gke-vpc-native") }}
cloud.google.com/backend-config: '{"ports": {"{{ .Values.loadBalancer.servicePort }}":"{{ include "livekit-server.fullname" . }}"}}'
{{- else if eq .Values.loadBalancer.type "gclb" }}
cloud.google.com/backend-config: '{"ports": {"{{ .Values.loadBalancer.servicePort }}":"{{ include "livekit-server.fullname" . }}"}}'
cloud.google.com/neg: '{"exposed_ports": {"{{ .Values.loadBalancer.servicePort }}":{}}}'
{{- end }}
{{- if eq .Values.loadBalancer.type "gke-vpc-native" }}
cloud.google.com/neg: '{"ingress": true}'
{{- end }}
spec:
{{- if or (eq .Values.loadBalancer.type "alb") (eq .Values.loadBalancer.type "gke") (eq .Values.loadBalancer.type "gke-managed-cert") (eq .Values.loadBalancer.type "do") }}
{{- if or (eq .Values.loadBalancer.type "alb") (eq .Values.loadBalancer.type "gke") (eq .Values.loadBalancer.type "gke-managed-cert") (eq .Values.loadBalancer.type "do") (eq .Values.loadBalancer.type "gclb")}}
type: NodePort
{{- else if eq .Values.loadBalancer.type "aws" }}
type: LoadBalancer
Expand All @@ -25,13 +28,13 @@ spec:
targetPort: http
protocol: TCP
name: http
{{- if and (eq .Values.loadBalancer.type "disable") .Values.livekit.rtc.tcp_port }}
{{- if and (or (eq .Values.loadBalancer.type "disable") (eq .Values.loadBalancer.type "gclb")) .Values.livekit.rtc.tcp_port }}
- name: rtc-tcp
port: {{ .Values.livekit.rtc.tcp_port }}
protocol: TCP
targetPort: rtc-tcp
{{- end }}
{{- if and (eq .Values.loadBalancer.type "disable") .Values.livekit.rtc.udp_port }}
{{- if and (or (eq .Values.loadBalancer.type "disable") (eq .Values.loadBalancer.type "gclb")) .Values.livekit.rtc.udp_port }}
- name: rtc-udp
port: {{ .Values.livekit.rtc.udp_port }}
protocol: UDP
Expand Down

0 comments on commit 3257561

Please sign in to comment.