Istio With Envoy Load Balancer and TURN for K8s

Hello Jitsi Team & its great community,
I found Jitsi is the most mature open source video conference in the market. A lot of people has explored Jitsi with Kubernetes strength already. I believe soon or later someone will ask this no1 question below. My question are:

  1. Has someone ever been tried Istio with envoy as load balancer and ingress tool for Jitsi in Kubernetes? Envoy support for TCP & UDP protocol. Is it enough for Jitsi? BTW, What features that Nginx+HAproxy been fullfiled at the current architecture that any new proxy or load balancer candidate can be considered for Jitsi Meet?

  2. This is beginner question :slight_smile: Does https://jitsi.org/jitsi-meet/ uses internal or external TURN server operated at the back-end? Does ICE4J also has TURN lib internally that just need to be activated to operate?

  3. I know someone in this great community has deployed Jibri for Kubernates. Hope he/she can share with me the tips and its challenge here.

Cheers and super thanks.

Hi and welcome!

You need to be able to load balance based on url parameter. All requests that has the same value for url parameter room= should be forwarded to the same shard.

Jitsi-meet has two modes p2p and jvb(jitsi-videobridge) mode. P2P is when there are only two participants in the call, then it is advised to have a turn server configured, in order to fall back to it in this mode when direct connection is not possible. This is in order to offload the bridges.
If there are more than two participants or the p2p fails, we are in jvb mode. Jitsi-videobridge by itself is a relay server so you do not need any turn server.
There is just one case where we recommend using a TURN server is for just relaying the TCP connections over a secure channel (recommended is that the TURN server listens on port 443 for TCP connections) to the jvb server.

Hi Demencho,

Thank you for your awesome information,

For current architecture, does https://jitsi.org/jitsi-meet/ use NGINX Plus in production to get full support of UDP proxying and does it the main reason to choose NGINXs inside each shard? Does NGINX community (free) version :wink: do performed well too?

For container/docker architecture, do you think is it better to attach CoTURN (turn server) at the same application’s docker together with Prosody & JVB than seperated docker as there will a very small chance utilization of CoTURN in regular case (survey said it is only or even less than 0.5% of all connection. See the survey).? Similarly, how do you think best to put Jibri inside / outside docker of Prosody & JVB?

Super thanks again.

No UDP traffic goes through nginx. UDP traffic reaches jvb instances directly.
We use the free version, it is used mainly for some variables replacement and server side includes.

No experience at my side with docker, so others need to chime in on this topic. @saghul, maybe :wink:

I don’t think it will be that low since iit would be used almost always in the 1-to-1 call scenario.

As for how to attah it, there is an open PR which adds a new coturn container, so that’s the direction we are taking. Eah service is separate.

Awesome, man. Lifetime Free beer :beer:and pizza :pizza: for both Sahgul and Damencho when visiting Jakarta, Indonesia.

By the way, do you also containerized Nginx to support the Jitsi dockers/services? Is this the destiny usage of NGINX with ISTIO Istio-Nginx in near future with Jitsi?

Thanks man

:slight_smile:

This is our Docker setup: https://github.com/jitsi/docker-jitsi-meet I have never used Istio, what’s the advantage?