Jitsi deployment on Kubernetes and Rancher

Hi,

I’m trying to deploy the latest version of jitsi (stable-8252) by following the guide at GitHub - jitsi-contrib/jitsi-helm: A helm chart to deploy Jitsi to Kubernetes using Helm Chart on a Kubernetes cluster which has Rancher on top of it. Since deploying it as a Rancher app seemed not to work, I’ve decided to bypass Rancher and directly use helm pointed directly to the kubernetes cluster.

In the values yaml I did setup the public url and I’ve tested the options:

• service of type LoadBalancer
• NodePort and node with Public IP or external loadbalancer

and setting the public ip of the cluster (which I already know).

I’ve then deployed the yaml and an ingress resource to expose the jitsi-web interface.

Unfortunately neither of the two options work; when the JVB pod starts I always get a “address discovery through STUN failed” error and the pod goes into crashloopbackerror.

Am I missing something in the deployment?

[s6-init] making user provided files available at /var/run/s6/etc…exited 0.
[s6-init] ensuring user provided files have correct perms…exited 0.
[fix-attrs.d] applying ownership & permissions fixes…
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts…
[cont-init.d] 01-set-timezone: executing…
[cont-init.d] 01-set-timezone: exited 0.
[cont-init.d] 10-config: executing…
[cont-init.d] 10-config: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
JVB 2023-02-23 12:13:42.266 INFO: [1] JitsiConfig.#47: Initialized newConfig: merge of /config/jvb.conf: 1,application.conf @ jar:file:/usr/share/jitsi-videobridge/jitsi-videobridge.jar!/application.conf: 1,system properties,reference.conf @ jar:file:/usr/share/jitsi-videobridge/jitsi-videobridge.jar!/reference.conf: 1,reference.conf @ jar:file:/usr/share/jitsi-videobridge/lib/jitsi-media-transform-2.2-69-gad606ca2.jar!/reference.conf: 1,reference.conf @ jar:file:/usr/share/jitsi-videobridge/lib/ice4j-3.0-58-gf41542d.jar!/reference.conf: 1
JVB 2023-02-23 12:13:42.285 INFO: [1] ReadOnlyConfigurationService.reloadConfiguration#51: loading config file at path /config/sip-communicator.properties
JVB 2023-02-23 12:13:42.286 INFO: [1] ReadOnlyConfigurationService.reloadConfiguration#56: Error loading config file: java.io.FileNotFoundException: /config/sip-communicator.properties (No such file or directory)
JVB 2023-02-23 12:13:42.288 INFO: [1] JitsiConfig.#68: Initialized legacyConfig: sip communicator props (no description provided)
JVB 2023-02-23 12:13:42.294 INFO: [1] JitsiConfig$Companion.reloadNewConfig#94: Reloading the Typesafe config source (previously reloaded 0 times).
JVB 2023-02-23 12:13:42.320 INFO: [1] MainKt.main#69: Starting jitsi-videobridge version 2.2.69-gad606ca2
JVB 2023-02-23 12:13:42.643 INFO: [13] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Adding a static mapping: StaticMapping(localAddress=10.42.0.97, publicAddress=MY-PUBLIC-IP, localPort=null, publicPort=null, name=ip-0)
JVB 2023-02-23 12:13:42.651 INFO: [13] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Using AwsCandidateHarvester.
JVB 2023-02-23 12:13:42.676 INFO: [13] org.ice4j.ice.harvest.MappingCandidateHarvesters.createStunHarvesters: Using 152.67.134.217:443/udp for StunMappingCandidateHarvester (localAddress=10.42.0.97:0/udp).
JVB 2023-02-23 12:13:42.863 INFO: [19] [hostname=jitsi-conference-rios-prosody.conference-rios-net-it.svc.cluster.local id=shard0] MucClient.initializeConnectAndJoin#288: Initializing a new MucClient for [ org.jitsi.xmpp.mucclient.MucClientConfiguration id=shard0 domain=auth.meet.jitsi hostname=jitsi-conference-rios-prosody.conference-rios-net-it.svc.cluster.local port=5222 username=jvb mucs=[jvbbrewery@internal-muc.meet.jitsi] mucNickname=jitsi-conference-rios-jitsi-meet-jvb-7785495c7c-6b4gj disableCertificateVerification=true]
JVB 2023-02-23 12:13:42.881 INFO: [1] LastNReducer.#65: LastNReducer with reductionScale: 0.75 recoverScale: 1.25 impactTime: PT1M minLastN: 1 maxEnforcedLastN: 40
JVB 2023-02-23 12:13:42.883 INFO: [1] TaskPools.#87: TaskPools detected 12 processors, creating the CPU pool with that many threads
JVB 2023-02-23 12:13:42.886 WARNING: [19] MucClient.createXMPPTCPConnectionConfiguration#117: Disabling certificate verification!
JVB 2023-02-23 12:13:42.895 INFO: [1] HealthChecker.start#117: Started with interval=60000, timeout=PT1M30S, maxDuration=PT3S, stickyFailures=false.
JVB 2023-02-23 12:13:42.910 INFO: [1] UlimitCheck.printUlimits#109: Running with open files limit 1048576 (hard 1048576), thread limit unlimited (hard unlimited).
JVB 2023-02-23 12:13:42.916 INFO: [1] VideobridgeExpireThread.start#88: Starting with 60 second interval.
JVB 2023-02-23 12:13:42.967 INFO: [1] MainKt.main#93: Starting public http server
JVB 2023-02-23 12:13:42.972 INFO: [19] [hostname=jitsi-conference-rios-prosody.conference-rios-net-it.svc.cluster.local id=shard0] MucClient.initializeConnectAndJoin#350: Dispatching a thread to connect and login.
JVB 2023-02-23 12:13:43.015 INFO: [1] ColibriWebSocketService.#48: WebSockets are not enabled
JVB 2023-02-23 12:13:43.093 INFO: [1] ColibriWebSocketService.registerServlet#95: Disabled, not registering servlet
JVB 2023-02-23 12:13:43.096 INFO: [1] org.eclipse.jetty.server.Server.doStart: jetty-11.0.10; built: 2022-06-16T20:42:17.891Z; git: d21dded5817960ec3c753a7ba02ef86f7c9ed89e; jvm 11.0.18+10-post-Debian-1deb11u1
JVB 2023-02-23 12:13:43.129 INFO: [19] [hostname=jitsi-conference-rios-prosody.conference-rios-net-it.svc.cluster.local id=shard0] MucClient$2.connected#321: Connected.
JVB 2023-02-23 12:13:43.129 INFO: [19] [hostname=jitsi-conference-rios-prosody.conference-rios-net-it.svc.cluster.local id=shard0] MucClient.lambda$getConnectAndLoginCallable$9#646: Logging in.
JVB 2023-02-23 12:13:43.154 INFO: [1] org.eclipse.jetty.server.handler.ContextHandler.doStart: Started o.e.j.s.ServletContextHandler@aa5455e{/,null,AVAILABLE}
JVB 2023-02-23 12:13:43.163 INFO: [1] org.eclipse.jetty.server.AbstractConnector.doStart: Started ServerConnector@1c25b8a7{HTTP/1.1, (http/1.1)}{0.0.0.0:9090}
JVB 2023-02-23 12:13:43.173 INFO: [1] org.eclipse.jetty.server.Server.doStart: Started Server@251f7d26{STARTING}[11.0.10,sto=0] @1250ms
JVB 2023-02-23 12:13:43.174 INFO: [1] MainKt.main#111: Starting private http server
JVB 2023-02-23 12:13:43.218 INFO: [19] [hostname=jitsi-conference-rios-prosody.conference-rios-net-it.svc.cluster.local id=shard0] MucClient$2.authenticated#327: Authenticated, b=false
JVB 2023-02-23 12:13:43.225 INFO: [1] org.eclipse.jetty.server.Server.doStart: jetty-11.0.10; built: 2022-06-16T20:42:17.891Z; git: d21dded5817960ec3c753a7ba02ef86f7c9ed89e; jvm 11.0.18+10-post-Debian-1deb11u1
JVB 2023-02-23 12:13:43.245 INFO: [19] [hostname=jitsi-conference-rios-prosody.conference-rios-net-it.svc.cluster.local id=shard0] MucClient$MucWrapper.join#771: Joined MUC: jvbbrewery@internal-muc.meet.jitsi
JVB 2023-02-23 12:13:43.482 WARNING: [1] org.glassfish.jersey.server.wadl.WadlFeature.configure: JAXBContext implementation could not be found. WADL feature is disabled.
JVB 2023-02-23 12:13:43.571 WARNING: [1] org.glassfish.jersey.internal.inject.Providers.checkProviderRuntime: A provider org.jitsi.rest.Health registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.rest.Health will be ignored.
JVB 2023-02-23 12:13:43.571 WARNING: [1] org.glassfish.jersey.internal.inject.Providers.checkProviderRuntime: A provider org.jitsi.rest.Version registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.rest.Version will be ignored.
JVB 2023-02-23 12:13:43.572 WARNING: [1] org.glassfish.jersey.internal.inject.Providers.checkProviderRuntime: A provider org.jitsi.rest.prometheus.Prometheus registered in SERVER runtime does not implement any provider interfaces applicable in the SERVER runtime. Due to constraint configuration problems the provider org.jitsi.rest.prometheus.Prometheus will be ignored.
JVB 2023-02-23 12:13:43.801 INFO: [1] org.eclipse.jetty.server.handler.ContextHandler.doStart: Started o.e.j.s.ServletContextHandler@45aca496{/,null,AVAILABLE}
JVB 2023-02-23 12:13:43.802 INFO: [1] org.eclipse.jetty.server.AbstractConnector.doStart: Started ServerConnector@48b0e701{HTTP/1.1, (http/1.1)}{0.0.0.0:8080}
JVB 2023-02-23 12:13:43.802 INFO: [1] org.eclipse.jetty.server.Server.doStart: Started Server@28486680{STARTING}[11.0.10,sto=0] @1879ms
JVB 2023-02-23 12:13:49.563 INFO: [13] org.ice4j.ice.harvest.MappingCandidateHarvesters.maybeAdd: Discarding a mapping harvester: org.ice4j.ice.harvest.AwsCandidateHarvester@764cabba
JVB 2023-02-23 12:13:49.564 INFO: [13] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Using org.ice4j.ice.harvest.StaticMappingCandidateHarvester(face=10.42.0.97:9/udp, mask=178.33.239.64:9/udp)
JVB 2023-02-23 12:13:49.565 INFO: [13] org.ice4j.ice.harvest.MappingCandidateHarvesters.initialize: Initialized mapping harvesters (delay=7236ms). stunDiscoveryFailed=true
JVB 2023-02-23 12:14:42.853 SEVERE: [22] HealthChecker.run#175: Health check failed in PT0.000166S:
java.lang.Exception: Address discovery through STUN failed
at org.jitsi.videobridge.health.JvbHealthChecker.check(JvbHealthChecker.kt:39)
at org.jitsi.videobridge.health.JvbHealthChecker.access$check(JvbHealthChecker.kt:25)
at org.jitsi.videobridge.health.JvbHealthChecker$healthChecker$1.invoke(JvbHealthChecker.kt:31)
at org.jitsi.videobridge.health.JvbHealthChecker$healthChecker$1.invoke(JvbHealthChecker.kt:31)
at org.jitsi.health.HealthChecker.run(HealthChecker.kt:144)
at org.jitsi.utils.concurrent.RecurringRunnableExecutor.run(RecurringRunnableExecutor.java:216)
at org.jitsi.utils.concurrent.RecurringRunnableExecutor.runInThread(RecurringRunnableExecutor.java:292)
at org.jitsi.utils.concurrent.RecurringRunnableExecutor$1.run(RecurringRunnableExecutor.java:328)
[cont-finish.d] executing container finish scripts…
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

I’m not faimiliar with such a setup, but you can always disable the STUN address discovery and just set JVB_ADVERTISED_IPS.

Thanks for your reply.
From what I can see from the ENV_VARIABLES of the jvb deployment, the JVB_ADVERTISED_IPS is already present and correctly set.
What is the variable for disabling the STUN address discovery?

JVB_DISABLE_STUN is the one.

Thanks Saghul, now at least it doesn’t crash and the pod starts and keep running. Now I’m facing other problems though: Audio and video stops working in some cases:

• two users from the same LAN: video and audio ok
• two users from the same LAN + another from another network joins: video and audio stop
• two users from different networks (example two mobile phones): video and audio don’t work

So it seems it works properly only when using a P2P connections between users in the same LAN network.
Arfe there more parameters that have to be set to make this work?

Thanks,

Gianluca

There should be port forwarding of udp 10000 from JVB_ADVERTISED_IPS(the public one) in a way so packets reach the jvb process. You are missing this port forward.