sa-mw-dach / podium Goto Github PK

JavaScript 38.08% Dockerfile 9.57% Shell 18.61% HTML 33.74%

podium's Introduction

Podium

Communication is the key to any high performing team. Podium is a containerized deployment of a set of leading opensource communication and collaboration tools that allow teams interact more effectively in a remote (post COVID-19) world. Podium brings tools together in a way that that allows not only a team to interact better but even more importantly attempts to re-create the incidental interactions so lacking in a virtual-only world. All those watercooler, breakroom encounters we thought were a waste of time, were critical to our productivity. Podium not only promotes incidental interactions virtually but also allows team stakeholders or external members to better interact with teams. Podium takes a team approach to collaboration instead of an organizational approach. Podium currently provides the following components:

Podium Introduction Video and Demo

An instance of podium will deploy all components and configure a dashboard so all team and non-team members can interact immediately as well as effectively. Onboarding a new team member is self explanatory.

Feature requests

If you would like to see a feature or addition please open a issue and feel welcome to contribute.

Pre-requisites

OpenShift environment
Block storage
Public or routable IP exists on node running the jvb (jitsi video bridge) pod.
Port 3478 TCP/UDP ingress must be open on the node running the jvb pod.
Port 30000 TCP/UDP ingress must be open on the node running the jvb pod.
Port 3478 TCP/UDP egress must be open for from jvb node to STUN server.
Ports 5347 TCP, 5222 TCP and 5280 TCP ingress must be open on all nodes running jitsi pods jvb, jicofo, prosody and web.
TLS certificate solution like Let's Encrypt.

How to configure AWS to use floating ips

Lets Encrypt Certificate

Podium requires proper TLS certificates. For lets encrypt solution, TLS should be terminated on the edge of the OpenShift route or kubermetes ingres. Podium will automatically deploy OpenShift routes with edge termination and dynamically configure certificates using lets encrypt. You can of course configure your own routes or ingres.

Setup Lets Encrypt on OpenShift

Deployment

You can deploy Podium using Podium Operator for OpenShift 4 via OperatorHub or manual Operator installation for OpenShift 3/4.

podium's People

Contributors

Stargazers

Watchers

Forkers

eformat karstengresch gandhiano asirxing asirxp jwmatthews marcusne pixeljonas roddiekieley cip-core-mirrors

podium's Issues

Still maintained?

Hi,

is this project still maintained/currently working?

Podium Hybrid Cloud Scaling Architecture Idea

We would like to consider an architecture that would allow podium components to be scaled across a hybrid cloud environment, multi-cloud. For example if resources are tight be able to move entire podium instance or even certain components to another cloud seamlessly.

Initialize Jitsi Shared Document

Currently, the Jitsi Shared Document is created on the fly with a random document ID. This document can be identified and shared with the URL provided via the Settings Button. The document can also be imported or exported using the Export/Import Button.
Since the Document ID is random it is not possible to initialize the document nor is it possible to link it into the Mozaik Dashboard Widget.

We may regard this as a feature and leave the initialization to the user or moderator as a cut and paste action.

In order to foster collaboration continuity I would rather prefer to have the option to create the Jistsi Shared Document with a predictable name, like the name of the conference room. That would enable preparation for the meeting with an agenda and alike using a link from the Dashboard Widget. It would also prevent the notes from getting lost after ending the meeting due to inability to recover the random document ID.

There exist funtions to set document url in Jisti, but it is not clear if and how these functions are available via API.

Customize Dashboard

Investigate creating dynamic Mozaik plugins for the various components to expose more capabilities in the dashboard. Possible investigate creating our own dashboard or UI layer to leverage the APIs of the various components.

Podium fails to build

Hello,

I'm running OKD 3.11 and I ran into an issue when deploying Podium.

Cloning "https://github.com/sa-mw-dach/podium.git " ...
Commit: 87118ba (updated mozaik party template)
Author: ktenzer [email protected]
Date: Fri Oct 2 22:16:22 2020 +0000
npm ERR!
npm ERR! Failed at the podium-dashboard@ postinstall script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR! /opt/app-root/src/.npm/_logs/2020-10-06T15_30_26_356Z-debug.log
error: build error: non-zero (13) exit code from docker-registry.default.svc:5000/openshift/nodejs@sha256:1175006938852dff3ac21cdcab0939b65e0499a6ba0c4d1586869b3f31465f3f

Jitsi JVB container fails to deploy

@ktenzer So far, so good!

I'm having trouble deploying Jitsi, and I'm wondering if it's related to Jitsi running as root? The JVB image won't deploy, but all the other components do deploy successfully.

Since I'm not running Podman on my instance of OKD, should I use @shetze 's patch and create my own my non-root Jitsi Docker image on Quay?

Screen shot:
https://drive.google.com/file/d/1x2DRpk9sf8Q18jc1qQdPc_Bydc5BNmW0/view?usp=sharing

Operator projects using the removed APIs in k8s 1.22 requires changes.

Problem Description

Kubernetes has been deprecating API(s), which will be removed and are no longer available in 1.22. Operators projects using these APIs versions will not work on Kubernetes 1.22 or any cluster vendor using this Kubernetes version(1.22), such as OpenShift 4.9+. Following the APIs that are most likely your projects to be affected by:

apiextensions.k8s.io/v1beta1: (Used for CRDs and available since v1.16)
rbac.authorization.k8s.io/v1beta1: (Used for RBAC/rules and available since v1.8)
admissionregistration.k8s.io/v1beta1 (Used for Webhooks and available since v1.16)

Therefore, looks like this project distributes solutions in the repository and does not contain any version compatible with k8s 1.22/OCP 4.9. (More info). Following some findings by checking the distributions published:

podium-operator.v1.0.3: this distribution is using APIs which were deprecated and removed in v1.22. More info: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22. Migrate the API(s) for CRD: (["podia.podium.com"])
podium-operator.v1.0.4: this distribution is using APIs which were deprecated and removed in v1.22. More info: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22. Migrate the API(s) for CRD: (["podia.podium.com"])
podium-operator.v1.0.5: this distribution is using APIs which were deprecated and removed in v1.22. More info: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22. Migrate the API(s) for CRD: (["podia.podium.com"])
podium-operator.v1.0.6: this distribution is using APIs which were deprecated and removed in v1.22. More info: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22. Migrate the API(s) for CRD: (["podia.podium.com"])
podium-operator.v1.0.2: this distribution is using APIs which were deprecated and removed in v1.22. More info: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-22. Migrate the API(s) for CRD: (["podia.podium.com"])

NOTE: The above findings are only about the manifests shipped inside of the distribution. It is not checking the codebase.

How to solve

It would be very nice to see new distributions of this project that are no longer using these APIs and so they can work on Kubernetes 1.22 and newer and published in the community-operators collection. OpenShift 4.9, for example, will not ship operators anymore that do still use v1beta1 extension APIs.

Due to the number of options available to build Operators, it is hard to provide direct guidance on updating your operator to support Kubernetes 1.22. Recent versions of the OperatorSDK greater than 1.0.0 and Kubebuilder greater than 3.0.0 scaffold your project with the latest versions of these APIs (all that is generated by tools only). See the guides to upgrade your projects with OperatorSDK Golang, Ansible, Helm or the Kubebuilder one. For APIs other than the ones mentioned above, you will have to check your code for usage of removed API versions and upgrade to newer APIs. The details of this depend on your codebase.

If this projects only need to migrate the API for CRDs and it was built with OperatorSDK versions lower than 1.0.0 then, you maybe able to solve it with an OperatorSDK version >= v0.18.x < 1.0.0:

$ operator-sdk generate crds --crd-version=v1
INFO[0000] Running CRD generator.
INFO[0000] CRD generation complete.

Alternatively, you can try to upgrade your manifests with controller-gen (version >= v0.4.1) :

If this project does not use Webhooks:

$ controller-gen crd:trivialVersions=true,preserveUnknownFields=false rbac:roleName=manager-role paths="./..."

If this project is using Webhooks:

Add the markers sideEffects and admissionReviewVersions to your webhook (Example with sideEffects=None and admissionReviewVersions={v1,v1beta1}: memcached-operator/api/v1alpha1/memcached_webhook.go):
Run the command:

$ controller-gen crd:trivialVersions=true,preserveUnknownFields=false rbac:roleName=manager-role webhook paths="./..."

For further information and tips see the comment.

Add "Declarative Dynamic UI"

What do you think about moving away from YAML and using the "form view" instead? I can't find the docs right now.

Liveliness and readiness probes fail on jicofo and jvb

The liveliness probes for jicofo and jvb aren't correct. They point to /health/about which is the default path.

Investigate Keycloak (RH SSO)

Various components require a user and it would be really helpful to have user management happen in one place. Look into keycloak being able to authorize and manage user accounts between components.

What about matrix?

You could have jitsi integrated with the riot chat client [1] and also bridges to other chat services that companies may use like slack and irc.
[1] : https://medium.com/@RiotChat/riot-im-web-0-12-7c4ea84b180a
[2] https://matrix.org/bridges/

mozaik mixed content websocket

If the mozaik route is secured [1] the mozaik.min.js attempts to attach to websocket over ws:// resulting in mixed content and a blank page. Is there a workaround for this?

[1]

oc expose svc/mozaik --hostname shorterhostname --name=podium
oc annotate route/podium kubernetes.io/tls-acme="true"

Jitsi JVB container fails to deploy

@ktenzer So far, so good!

I'm having trouble deploying Jitsi, and I'm wondering if it's related to Jitsi running as root? The JVB image won't deploy, but all the other components do deploy successfully.

Since I'm not running Podman on my instance of OKD, should I use @shetze 's patch and create my own my non-root Jitsi Docker image on Quay?

Screen shot:
https://drive.google.com/file/d/1x2DRpk9sf8Q18jc1qQdPc_Bydc5BNmW0/view?usp=sharing

RBAC error for Jitsi

@ktenzer

Hi Keith,

It looks like a non-cluster-admin can't label the node in which I want to run Jitsi. Is it possible to do this without being an admin?

oc label nodes openshift app=jitsi
Error from server (Forbidden): nodes "openshift" is forbidden: User "[email protected]" cannot get nodes at the cluster scope: no RBAC policy matched

Everything else seems to work, I just can't get the JVB pod to deploy. https://meet-jitsi.apps.cloudapps.northwestern.edu

Operator fails setting up route on plain k8s

After following the instructions for the manual operator setup on a plain k8s and applying the reference podium.yaml only the etherpad gets deployed, all other components are missing.

The operator logs show that it fails while trying to setup the route (which is openshift specific):


 TASK [Deploy etherpad route] ********************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to find exact match for route.openshift.io/v1.Route by [kind, name, singularName, shortNames]"}

-------------------------------------------------------------------------------
{"level":"error","ts":1588277195.5856867,"logger":"runner","msg":"ansible-playbook 2.9.6\r\n  config file = /etc/ansible/ansible.cfg\r\n  configured module search path = ['/usr/share/ansible/openshift']\r\n  ansible python module location = /usr/local/lib/python3.6/site-packages/ansible\r\n  executable location = /usr/local/bin/ansible-playbook\r\n  python version = 3.6.8 (default, Oct 11 2019, 15:04:54) [GCC 8.3.1 20190507 (Red Hat 8.3.1-4)]\r\nUsing /etc/ansible/ansible.cfg as config file\r\n\r\nPLAYBOOK: 6e49006f865047a48e654be8f911f1be *************************************\r\n\r\nPLAYBOOK: 6e49006f865047a48e654be8f911f1be *************************************\n1 plays in /tmp/ansible-operator/runner/podium.com/v1alpha1/Podium/podium/mypodium/project/6e49006f865047a48e654be8f911f1be\n\r\nPLAY [localhost] ***************************************************************\n\r\nTASK [Gathering Facts] *********************************************************\nok: [localhost]\nMETA: ran handlers\n\r\nTASK [podium : debug] **********************************************************\r\ntask path: /opt/ansible/roles/podium/tasks/main.yml:2\nok: [localhost] => {\r\n    \"msg\": \"Deploy Etherpad (Real-time editor) set to True\"\r\n}\n\r\nTASK [Deploy etherpad] *********************************************************\r\ntask path: /opt/ansible/roles/podium/tasks/main.yml:4\n\r\nTASK [etherpad : Deploy etherpad] **********************************************\r\ntask path: /opt/ansible/roles/etherpad/tasks/main.yml:2\r\n\r\nTASK [etherpad : Deploy etherpad] **********************************************\r\ntask path: /opt/ansible/roles/etherpad/tasks/main.yml:2\n: [{\"lastTransitionTime\": \"2020-04-30T18:38:52Z\", \"lastUpdateTime\": \"2020-04-30T18:38:52Z\", \"message\": \"Deployment has minimum availability.\", \"reason\": \"MinimumReplicasAvailable\", \"status\": \"True\", \"type\": \"Available\"}, {\"lastTransitionTime\": \"2020-04-30T18:37:33Z\", \"lastUpdateTime\": \"2020-04-30T18:38:52Z\", \"message\": \"ReplicaSet \\\"etherpad-6f7544c667\\\" has successfully progressed.\", \"reason\": \"NewReplicaSetAvailable\", \"status\": \"True\", \"type\": \"Progressing\"}], \"observedGeneration\": 1, \"readyReplicas\": 1, \"replicas\": 1, \"updatedReplicas\": 1}}}\r\nok: [localhost] => {\"changed\": false, \"method\": \"patch\", \"result\": {\"apiVersion\": \"apps/v1\", \"kind\": \"Deployment\", \"metadata\": {\"annotations\": {\"deployment.kubernetes.io/revision\": \"1\", \"operator-sdk/primary-resource\": \"/mypodium\", \"operator-sdk/primary-resource-type\": \"Podium.podium.com\"}, \"creationTimestamp\": \"2020-04-30T18:37:33Z\", \"generation\": 1, \"labels\": {\"app\": \"etherpad\"}, \"name\": \"etherpad\", \"namespace\": \"podium\", \"resourceVersion\": \"10340661\", \"selfLink\": \"/apis/apps/v1/namespaces/podium/deployments/etherpad\", \"uid\": \"dc9a50c6-aac2-4e97-9627-d88b9975f441\"}, \"spec\": {\"progressDeadlineSeconds\": 600, \"replicas\": 1, \"revisionHistoryLimit\": 10, \"selector\": {\"matchLabels\": {\"app\": \"etherpad\"}}, \"strategy\": {\"rollingUpdate\": {\"maxSurge\": \"25%\", \"maxUnavailable\": \"25%\"}, \"type\": \"RollingUpdate\"}, \"template\": {\"metadata\": {\"creationTimestamp\": null, \"labels\": {\"app\": \"etherpad\", \"name\": \"etherpad\"}}, \"spec\": {\"containers\": [{\"env\": [{\"name\": \"TITLE\", \"value\": \"Etherpad is a real-time text editor\"}, {\"name\": \"DEFAULT_PAD_TEXT\", \"value\": \"Etherpad is a real-time text editor\"}], \"image\": \"etherpad/etherpad\", \"imagePullPolicy\": \"Always\", \"livenessProbe\": {\"failureThreshold\": 3, \"httpGet\": {\"path\": \"/\", \"port\": 9001, \"scheme\": \"HTTP\"}, \"initialDelaySeconds\": 120, \"periodSeconds\": 10, \"successThreshold\": 1, \"timeoutSeconds\": 1}, \"name\": \"etherpad\", \"ports\": [{\"containerPort\": 9001, \"protocol\": \"TCP\"}], \"readinessProbe\": {\"failureThreshold\": 3, \"httpGet\": {\"path\": \"/\", \"port\": 9001, \"scheme\": \"HTTP\"}, \"initialDelaySeconds\": 60, \"periodSeconds\": 10, \"successThreshold\": 1, \"timeoutSeconds\": 60}, \"resources\": {}, \"terminationMessagePath\": \"/dev/termination-log\", \"terminationMessagePolicy\": \"File\"}], \"dnsPolicy\": \"ClusterFirst\", \"restartPolicy\": \"Always\", \"schedulerName\": \"default-scheduler\", \"securityContext\": {}, \"terminationGracePeriodSeconds\": 30}}}, \"status\": {\"availableReplicas\": 1, \"conditions\": [{\"lastTransitionTime\": \"2020-04-30T18:38:52Z\", \"lastUpdateTime\": \"2020-04-30T18:38:52Z\", \"message\": \"Deployment has minimum availability.\", \"reason\": \"MinimumReplicasAvailable\", \"status\": \"True\", \"type\": \"Available\"}, {\"lastTransitionTime\": \"2020-04-30T18:37:33Z\", \"lastUpdateTime\": \"2020-04-30T18:38:52Z\", \"message\": \"ReplicaSet \\\"etherpad-6f7544c667\\\" has successfully progressed.\", \"reason\": \"NewReplicaSetAvailable\", \"status\": \"True\", \"type\": \"Progressing\"}], \"observedGeneration\": 1, \"readyReplicas\": 1, \"replicas\": 1, \"updatedReplicas\": 1}}}\n\r\nTASK [etherpad : Deploy etherpad service] **************************************\r\n\r\nTASK [etherpad : Deploy etherpad service] **************************************\r\ntask path: /opt/ansible/roles/etherpad/tasks/main.yml:52\n\r\nok: [localhost] => {\"changed\": false, \"method\": \"patch\", \"result\": {\"apiVersion\": \"v1\", \"kind\": \"Service\", \"metadata\": {\"annotations\": {\"operator-sdk/primary-resource\": \"/mypodium\", \"operator-sdk/primary-resource-type\": \"Podium.podium.com\"}, \"creationTimestamp\": \"2020-04-30T18:37:35Z\", \"labels\": {\"app\": \"etherpad\"}, \"name\": \"etherpad\", \"namespace\": \"podium\", \"resourceVersion\": \"10340380\", \"selfLink\": \"/api/v1/namespaces/podium/services/etherpad\", \"uid\": \"1027b060-8e43-4c63-8cc5-3aad15140b5a\"}, \"spec\": {\"clusterIP\": \"10.233.9.196\", \"ports\": [{\"port\": 9001, \"protocol\": \"TCP\", \"targetPort\": 9001}], \"selector\": {\"app\": \"etherpad\", \"name\": \"etherpad\"}, \"sessionAffinity\": \"None\", \"type\": \"ClusterIP\"}, \"status\": {\"loadBalancer\": {}}}}\n\r\nTASK [etherpad : Deploy etherpad route] ****************************************\r\n\r\nTASK [etherpad : Deploy etherpad route] ****************************************\r\ntask path: /opt/ansible/roles/etherpad/tasks/main.yml:71\n\r\nfatal: [localhost]: FAILED! => {\"changed\": false, \"msg\": \"Failed to find exact match for route.openshift.io/v1.Route by [kind, name, singularName, shortNames]\"}\n\r\nPLAY RECAP *********************************************************************\r\nlocalhost                  : ok=4    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   \r\nPLAY RECAP *********************************************************************\r\nlocalhost                  : ok=4    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   \r\n\n","job":"545291762129038907","name":"mypodium","namespace":"podium","error":"exit status 2","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tpkg/mod/github.com/go-logr/[email protected]/zapr.go:128\ngithub.com/operator-framework/operator-sdk/pkg/ansible/runner.(*runner).Run.func1\n\tsrc/github.com/operator-framework/operator-sdk/pkg/ansible/runner/runner.go:239"}

--------------------------- Ansible Task Status Event StdOut  -----------------

PLAY RECAP *********************************************************************
localhost                  : ok=4    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0


-------------------------------------------------------------------------------
{"level":"error","ts":1588277195.6352737,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"podium-controller","request":"podium/mypodium","error":"event runner on failed","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tpkg/mod/github.com/go-logr/[email protected]/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\tpkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\tpkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\tpkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\tpkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:152\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\tpkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:153\nk8s.io/apimachinery/pkg/util/wait.Until\n\tpkg/mod/k8s.io/[email protected]/pkg/util/wait/wait.go:88"}```

Namespace name on exemplary setup of namespace-based operator

The operator.yaml and role_binding.yaml under podium-operator/deploy/namespace points to podium-operator leading to failure in deploying the operator in case the deployment is done on a custom namespace.

[RFE] Add a tamte SSH Server

So, I love tmate, and It would be grate to have a dedicated tmate ssh server deployed among with the other collaboration tools.

I mean, tmate just works fine, but it relies on tmate.io, so to have a private tmate ssh server would make us independent from a 3rd party, giving us more freedom and avoiding any security/data leak concern.