/coturn-chart

Coturn Helm Chart to provide a STUN/TURN Server on Kubernetes

Primary LanguageSmartyGNU General Public License v3.0GPL-3.0

coturn Helm Chart

An unofficial coturn helm chart using the official coturn docker image.

Usage

TLDR

Note that you still need to fill out the charts/coturn/values.yaml (Autogenerated Docs can be found in charts/coturn/README.md).

helm repo add coturn https://small-hack.github.io/coturn-chart/
helm install coturn coturn/coturn --values values.yaml

Basics

Coturn Realm

At very least, you'll need to configure a coturn realm which is like your hostname, and is used for authentication as well.

# most coturn config parameters that you really need
coturn:
  # --  hostname for the coturn server realm
  realm: "turn.example.com"

Adding a user declaritively

Pass in one set of credentials (username/password) directly either plaintext, or via an existing k8s secret, like this:

# most coturn config parameters that you really need
coturn:
  # --  hostname for the coturn server realm
  realm: "turn.example.com"

  auth:
    # -- username for the main user of the turn server; ignored if you existingSecret is not ""
    username: "coturn"
    # -- password for the main user of the turn server; ignored if you existingSecret is not ""
    password: "myverysecretpasswordthatimobviouslygoingtochangeright"
    # -- existing secret with keys username/password for coturn; if this is not "" then we will ignore coturn.auth.username/password
    existingSecret: ""
    secretKeys:
      # -- key in existing secret for turn server user
      username: username
      # -- key in existing secret for turn server user's password
      password: password

Currently only one user is supported, but we'd like to support adding more than that to match what is possible in the coturn/coturn:examples/etc/turnserver.conf

Databases

Internal SQLite database

If you would like to use the built-in sqlite database, set externalDatabse.enabled and postgresql.enabled to false in your values.yaml like this:

externalDatabse:
  enabled: false
postgresql:
  enabled: false

Bundled PostgreSQL subchart

We provide optional Bitnami Postgresql subchart to deploy an external database. You can use it like this:

externalDatabse:
  enabled: true
postgresql:
  enabled: false
  global:
    postgresql:
      # -- global.postgresql.auth overrides postgresql.auth
      auth:
        # -- username for database, ignored if existingSecret is passed in
        username: "coturn"
        # -- password for db, autogenerated if empty & existingSecret empty
        password: "mycoolpasswordthatisplaintextforsomereason"
        # -- database to create, ignored if existingSecret is passed in
        database: "coturn"
        # -- name of existing Secret to use for postgresql credentials
        existingSecret: ""
        # Names of the keys in existing secret to use for PostgreSQL credentials
        # all of these are ignored if existingSecret is empty
        secretKeys:
          # -- key in existingSecret for database to create
          hostname: "hostname"
          # -- key in existingSecret for database to create
          database: "database"
          # -- key in exsiting Secret to use for the coturn user
          username: "username"
          # -- key in existing Secret to use for postgres admin user's password
          adminPasswordKey: "postgresPassword"
          # -- key in existing Secret to use for coturn user's password
          userPasswordKey: "password"

You're free to use any other values you find in the Bitnami postgresql helm values under the postgresql parameter in your values.yaml for coturn.

External PostgreSQL database

If externalDatabase.enabled is set to true, and postgresql.enabled is set to false, you can pass in credentials from an existing postgresql database, like this:

externalDatabse:
  enabled: true
  # -- Currently only postgresql is supported. mariadb/mysql coming soon
  type: "postgresql"
  # -- required if externalDatabase.enabled: true and postgresql.enabled: false
  hostname: "mypostgresserver"
  # -- username for database, ignored if existingSecret is passed in
  username: "coturn"
  # -- password for database, ignored if existingSecret is passed in
  password: "coolpasswordfordogs"
  # -- database to create, ignored if existingSecret is passed in
  database: "coturn"
  # -- name of existing Secret to use for postgresql credentials
  existingSecret: ""
  # Names of the keys in existing secret to use for PostgreSQL credentials
  secretKeys:
    # -- key in existing Secret to use for the db user
    username: ""
    # -- key in existing Secret to use for db user's password
    password: ""
    # -- key in existing Secret to use for the database name
    database: ""
    # -- key in existing Secret to use for the db's hostname
    hostname: ""
postgresql:
  enabled: false

Bundled MySQL subchart

We provide optional Bitnami MySQL subchart to deploy an external database. You can use it like this:

mysql:
  enabled: true
  auth:
    # -- username for database, ignored if existingSecret is passed in
    username: "coturn"
    # -- password for db, autogenerated if empty & existingSecret empty
    password: "mycoolpasswordthatisplaintextforsomereason"
    # -- database to create, ignored if existingSecret is passed in
    database: "coturn"
    # -- Use existing secret for password details. 
    # The secret has to contain the keys mysql-root-password, mysql-replication-password and mysql-password
    existingSecret: ""
    # Names of the keys in existing secret to use for MySQL credentials
    secretKeys:
      # -- key in exsiting Secret to use for the coturn user
      username: "username"
      # -- key in existing Secret to use for coturn user's password
      password: "password"

You're free to use any other values you find in the Bitnami mysql helm values under the mysql parameter in your values.yaml for coturn.

External MySQL database

If externalDatabase.enabled is set to true, and mysql.enabled is set to false, you can pass in credentials from an existing mysql database, like this:

externalDatabse:
  enabled: true
  # -- Currently postgresql and mysql are supported.
  type: "mysql"
  # -- required if externalDatabase.enabled: true and mysql.enabled: false
  hostname: "mysqlserver"
  # -- username for database, ignored if existingSecret is passed in
  username: "coturn"
  # -- password for database, ignored if existingSecret is passed in
  password: "coolpasswordfordogs"
  # -- database to create, ignored if existingSecret is passed in
  database: "coturn"
  # -- name of existing Secret to use for mysql credentials
  existingSecret: ""
  # Names of the keys in existing secret to use for MySQL credentials
  secretKeys:
    # -- key in existing Secret to use for the db user
    username: ""
    # -- key in existing Secret to use for db user's password
    password: ""
    # -- key in existing Secret to use for the database name
    database: ""
    # -- key in existing Secret to use for the db's hostname
    hostname: ""
mysql:
  enabled: false

Testing

Source: Tutorial for turnutils_uclient and Coturn server

  1. Install coturn:

    brew install coturn
  2. Test the connection to the server. This is an example for LoadBalancer type services:

    turnutils_uclient -u $COTURN_USER \
      -w $COTURN_PASSWORD \
      -L $CLIENT_IP \
      -y $SERVER_UDP_IP

    A Successful test looks like this:

    0: (18446744073709551615): INFO: Total connect time is 0
    1: (18446744073709551615): INFO: start_mclient: msz=4, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0
    2: (18446744073709551615): INFO: start_mclient: msz=4, tot_send_msgs=0, tot_recv_msgs=0, tot_send_bytes ~ 0, tot_recv_bytes ~ 0
    3: (18446744073709551615): INFO: start_mclient: msz=4, tot_send_msgs=10, tot_recv_msgs=10, tot_send_bytes ~ 1000, tot_recv_bytes ~ 1000
    4: (18446744073709551615): INFO: start_mclient: msz=1, tot_send_msgs=20, tot_recv_msgs=20, tot_send_bytes ~ 2000, tot_recv_bytes ~ 2000
    4: (18446744073709551615): INFO: start_mclient: tot_send_msgs=20, tot_recv_msgs=20
    4: (18446744073709551615): INFO: start_mclient: tot_send_bytes ~ 2000, tot_recv_bytes ~ 2000
    4: (18446744073709551615): INFO: Total transmit time is 4
    4: (18446744073709551615): INFO: Total lost packets 0 (0.000000%), total send dropped 0 (0.000000%)
    4: (18446744073709551615): INFO: Average round trip delay 5.500000 ms; min = 4 ms, max = 13 ms
    4: (18446744073709551615): INFO: Average jitter 1.700000 ms; min = 0 ms, max = 9 ms

If you're developing the helm chart, note that we have GitHub Actions CI jobs to test the chart with sqllite, postgresql, and mysql. You can see an example here.

Status and Contributing

This is actively maintained by both live developers and renovateBot via a scheduled Github Action. If you'd like to contribute, please read the CONTRIBUTING.md feel free to open a PR :) If you'd like a feature or want to report a bug, please do that in the GitHub Issues. If you know coturn and k8s well enough, please also feel free to scan the issues and help others <3 We recently moved the repo from jessebot's account to the small-hack org where we maintain all our helm charts.

Thanks

This is a fork of the, now deprecated, iits-consulting/coturn chart. Thanks to them for getting this started.