initial commit

lp/coturn/catalog-info.yaml

@@ -0,0 +1,11 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: lp-coturn
+  title: Coturn (lp)
+spec:
+  type: service
+  lifecycle: production
+  owner: platform-team
+  partOf:
+    - ../catalog-info.yaml

lp/coturn/lp/README.md

@@ -0,0 +1,33 @@
+#configuratie:
+
+Ik heb: hostNetwork: true — so ports 3478 (UDP/TCP) and 5349 (TCP) are bound directly on the node network interface.
+
+#ACHTERGRONFINFO
+
+#ICE server (Interactive Connectivity Establishment server) 
+is a network component used in 
+#WebRTC (Web Real-Time Communication) 
+and other peer-to-peer communication protocols to facilitate the establishment of a direct connection 
+between two devices (peers) over the internet.
+
+ICE is a framework used to handle the complexities of establishing these connections, 
+especially when peers are behind firewalls or NATs (Network Address Translators). 
+The main role of an ICE server is to help peers find the best possible path for direct communication.
+
+Here are some key components of ICE:
+
+#STUN (Session Traversal Utilities for NAT): 
+
+A STUN server helps clients discover their public-facing IP address and port, which is needed when 
+they are behind a NAT or firewall. It assists in detecting if the peer is behind a NAT and helps with 
+establishing connectivity.
+
+#TURN (Traversal Using Relays around NAT): 
+A TURN server is used when a direct connection cannot be established between peers due to network 
+restrictions like strict NATs or firewalls. 
+In this case, the TURN server acts as a relay to route traffic between the peers.
+ICE servers (STUN and TURN) work together to ensure the peers can communicate by testing various 
+potential connection paths and selecting the best one.
+
+In WebRTC, developers often configure ICE servers to make sure the communication is as efficient 
+as possible, even when the devices are on different networks with possible connectivity barriers

lp/coturn/lp/coturn-cert.yaml

@@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: coturn-cert
+  namespace: matrix
+spec:
+  secretName: coturn-cert
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  dnsNames:
+    - "coturn-lp.allarddcs.nl"

lp/coturn/lp/coturn.yaml

@@ -0,0 +1,105 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: coturn
+  namespace: matrix
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: coturn
+  template:
+    metadata:
+      labels:
+        app: coturn
+    spec:
+#      hostNetwork: true
+      containers:
+        - name: coturn
+          image: coturn/coturn:latest
+          env:
+            - name: DETECT_EXTERNAL_IP
+              value: "yes"
+            - name: DETECT_RELAY_IP
+              value: "yes"
+          ports:
+            - name: turn-udp
+              containerPort: 3478
+              protocol: UDP
+            - name: turn-tcp
+              containerPort: 3478
+              protocol: TCP
+            - name: turns-tcp
+              containerPort: 5349
+              protocol: TCP
+          volumeMounts:
+            - name: coturn-cert
+              mountPath: /etc/coturn/certs
+              readOnly: true
+            - name: coturn-data
+              mountPath: /etc/coturn/turnserver.conf
+              subPath: config/turnserver.conf
+            - name: coturn-data
+              mountPath: /var/log
+              subPath: logs
+      volumes:
+        - name: coturn-data
+          persistentVolumeClaim:
+            claimName: coturn-pvc
+        - name: coturn-cert
+          secret:
+            secretName: coturn-cert
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: coturn
+  namespace: matrix
+spec:
+  type: LoadBalancer
+  ports:
+    - name: turn-udp
+      port: 3478
+      protocol: UDP
+      targetPort: 3478
+    - name: turn-tcp
+      port: 3478
+      protocol: TCP
+      targetPort: 3478
+    - name: turns-tcp
+      port: 5349
+      protocol: TCP
+      targetPort: 5349
+  selector:
+    app: coturn
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: coturn-pvc
+  namespace: matrix
+spec:
+  storageClassName: ""
+  volumeName: coturn-pv
+  accessModes:
+    - ReadWriteMany
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: coturn-pv
+spec:
+  storageClassName: ""
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  volumeMode: Filesystem
+  hostPath:
+    path: /mnt/nfs_share/coturn/lp
+    type: Directory

lp/coturn/lp/generate-user-password.py

@@ -0,0 +1,18 @@
+import hmac
+import hashlib
+import base64
+import time
+
+# Replace with your actual secret and realm
+secret = b'heleenvanderpol'
+realm = 'coturn-lp.allarddcs.nl'
+
+# Step 1: Generate a timestamp-based username valid for ~24 hours
+username = str(int(time.time()) + 3600 * 24)
+
+# Step 2: Create password using HMAC-SHA1
+key = hmac.new(secret, username.encode('utf-8'), hashlib.sha1)
+password = base64.b64encode(key.digest()).decode('utf-8')
+
+print("Username:", username)
+print("Password:", password)