45a2cb3f93
Cluster egress goes through a step-ca-fronted TLS proxy that install-sounds
doesn't trust ("SSL certificate problem: self-signed certificate"). The
Asterisk core sounds tarball is a public artifact; integrity is enforced
downstream when Asterisk plays the file.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
171 lines
5.7 KiB
YAML
171 lines
5.7 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: asterisk
|
|
namespace: telephony
|
|
labels:
|
|
app: asterisk
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: asterisk
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: asterisk
|
|
spec:
|
|
nodeSelector:
|
|
kubernetes.io/hostname: rke2-agent1
|
|
hostNetwork: true
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
securityContext:
|
|
fsGroup: 0
|
|
initContainers:
|
|
- name: install-sounds
|
|
# Downloads Asterisk core sounds (en, ulaw) into the sounds emptyDir
|
|
# volume so the base Asterisk image (which ships no sounds) can play
|
|
# vm-advopts, vm-goodbye, digits/*, characters/*, beep, etc. Skips
|
|
# the download if the directory already contains sound files —
|
|
# re-running the pod after a hot image reload reuses the unpack.
|
|
image: alpine:3.20
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
set -eu
|
|
if [ -f /sounds/en/vm-goodbye.ulaw ] || [ -f /sounds/en/vm-goodbye.gsm ]; then
|
|
echo "Sounds already present — skipping download."
|
|
exit 0
|
|
fi
|
|
echo "Installing curl + tar..."
|
|
apk add --no-cache curl tar gzip >/dev/null
|
|
cd /tmp
|
|
echo "Downloading Asterisk core sounds (en, ulaw) 1.6.1..."
|
|
# -k: cluster egress goes through a step-ca MITM for outbound TLS
|
|
# that this pod does not trust. The tarball is a public artifact —
|
|
# integrity is checked downstream by Asterisk at playback time.
|
|
curl -fksSLO https://downloads.asterisk.org/pub/telephony/sounds/releases/asterisk-core-sounds-en-ulaw-1.6.1.tar.gz
|
|
echo "Extracting to /sounds/en ..."
|
|
mkdir -p /sounds/en
|
|
tar -xzf asterisk-core-sounds-en-ulaw-1.6.1.tar.gz -C /sounds/en
|
|
echo "Done — $(ls /sounds/en | wc -l) files installed."
|
|
volumeMounts:
|
|
- name: sounds
|
|
mountPath: /sounds/en
|
|
containers:
|
|
- name: asterisk
|
|
image: localhost/andrius/asterisk:latest
|
|
imagePullPolicy: Never
|
|
ports:
|
|
- name: sip-udp
|
|
containerPort: 5060
|
|
protocol: UDP
|
|
- name: sip-tcp
|
|
containerPort: 5060
|
|
protocol: TCP
|
|
- name: ari
|
|
containerPort: 8088
|
|
protocol: TCP
|
|
volumeMounts:
|
|
- name: config-modules
|
|
mountPath: /etc/asterisk/modules.conf
|
|
subPath: modules.conf
|
|
- name: config-http
|
|
mountPath: /etc/asterisk/http.conf
|
|
subPath: http.conf
|
|
- name: config-ari
|
|
mountPath: /etc/asterisk/ari.conf
|
|
subPath: ari.conf
|
|
- name: config-manager
|
|
mountPath: /etc/asterisk/manager.conf
|
|
subPath: manager.conf
|
|
- name: config-pjsip
|
|
mountPath: /etc/asterisk/pjsip.conf
|
|
subPath: pjsip.conf
|
|
- name: config-extensions
|
|
mountPath: /etc/asterisk/extensions.conf
|
|
subPath: extensions.conf
|
|
- name: config-rtp
|
|
mountPath: /etc/asterisk/rtp.conf
|
|
subPath: rtp.conf
|
|
- name: asterisk-data
|
|
mountPath: /var/spool/asterisk
|
|
- name: asterisk-logs
|
|
mountPath: /var/log/asterisk
|
|
- name: sounds
|
|
mountPath: /var/lib/asterisk/sounds/en
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: "1"
|
|
memory: 512Mi
|
|
livenessProbe:
|
|
tcpSocket:
|
|
port: 8088
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 10
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /ari/asterisk/info
|
|
port: 8088
|
|
httpHeaders:
|
|
- name: Authorization
|
|
value: "Basic Zmxvd2VyY29yZTpibHVlamF5LWFzdGVyaXNrLWFyaQ=="
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
volumes:
|
|
- name: config-modules
|
|
configMap:
|
|
name: asterisk-config
|
|
items:
|
|
- key: modules.conf
|
|
path: modules.conf
|
|
- name: config-http
|
|
configMap:
|
|
name: asterisk-config
|
|
items:
|
|
- key: http.conf
|
|
path: http.conf
|
|
- name: config-ari
|
|
configMap:
|
|
name: asterisk-config
|
|
items:
|
|
- key: ari.conf
|
|
path: ari.conf
|
|
- name: config-manager
|
|
configMap:
|
|
name: asterisk-config
|
|
items:
|
|
- key: manager.conf
|
|
path: manager.conf
|
|
- name: config-pjsip
|
|
configMap:
|
|
name: asterisk-config
|
|
items:
|
|
- key: pjsip.conf
|
|
path: pjsip.conf
|
|
- name: config-extensions
|
|
configMap:
|
|
name: asterisk-config
|
|
items:
|
|
- key: extensions.conf
|
|
path: extensions.conf
|
|
- name: config-rtp
|
|
configMap:
|
|
name: asterisk-config
|
|
items:
|
|
- key: rtp.conf
|
|
path: rtp.conf
|
|
- name: asterisk-data
|
|
persistentVolumeClaim:
|
|
claimName: asterisk-data
|
|
- name: asterisk-logs
|
|
emptyDir: {}
|
|
- name: sounds
|
|
emptyDir: {}
|