xgl.yml

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at https://mozilla.org/MPL/2.0/.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: xgl
spec:
  replicas: 1
  selector:
    matchLabels:
      app: xgl
  template:
    metadata:
      labels:
        app: xgl
    spec:
      hostname: xgl
      # Uncomment the below line to disable network isolation for WebRTC connectivity, display `:20` and `:21` should not be used in the host, may show an error if disallowed by the cluster
#      hostNetwork: true
      containers:
      - name: xgl
        # Change tag `latest` to Ubuntu versions such as `24.04`, use a persistent tag such as `24.04-20210101010101` to persist a certain container version
        image: ghcr.io/selkies-project/nvidia-glx-desktop:latest
        env:
        - name: TZ
          value: "UTC"
        - name: DISPLAY_SIZEW
          value: "1920"
        - name: DISPLAY_SIZEH
          value: "1080"
        - name: DISPLAY_REFRESH
          value: "60"
        - name: DISPLAY_DPI
          value: "96"
        - name: DISPLAY_CDEPTH
          value: "24"
        # With driver versions lower than 550, change to `DP-0` or any other `DP-*` port for larger resolution support if NOT using datacenter GPUs
        - name: VIDEO_PORT
          value: "DFP"
        # Choose either `value:` or `secretKeyRef:` but not both at the same time
        - name: PASSWD
          value: "mypasswd"
#          valueFrom:
#            secretKeyRef:
#              name: my-pass
#              key: my-pass
        # Uncomment to enable KasmVNC instead of Selkies-GStreamer, `SELKIES_BASIC_AUTH_PASSWORD` is used for authentication with KasmVNC, defaulting to `PASSWD` if not provided
        # Uses: `SELKIES_ENABLE_BASIC_AUTH`, `SELKIES_BASIC_AUTH_USER`, `SELKIES_BASIC_AUTH_PASSWORD`, `SELKIES_ENABLE_RESIZE`, `SELKIES_ENABLE_HTTPS`, `SELKIES_HTTPS_CERT`, `SELKIES_HTTPS_KEY`
#        - name: KASMVNC_ENABLE
#          value: "true"
        # Number of threads for encoding frames with KasmVNC, default value is all threads
#        - name: KASMVNC_THREADS
#          value: "0"
        ###
        # Selkies-GStreamer parameters, for additional configurations see `selkies-gstreamer --help`
        ###
        # Change `SELKIES_ENCODER` to `x264enc`, `vp8enc`, or `vp9enc` if your GPU does not support `H.264 (AVCHD)` under the `NVENC - Encoding` section in https://developer.nvidia.com/video-encode-and-decode-gpu-support-matrix-new
        - name: SELKIES_ENCODER
          value: "nvh264enc"
        # Do NOT set to `true` if physical monitor is connected to video port
        - name: SELKIES_ENABLE_RESIZE
          value: "false"
        # Initial video bitrate in kilobits per second, may be changed later within web interface
        - name: SELKIES_VIDEO_BITRATE
          value: "8000"
        # Initial frames per second, may be changed later within web interface
        - name: SELKIES_FRAMERATE
          value: "60"
        # Initial audio bitrate in bits per second, may be changed later within web interface
        - name: SELKIES_AUDIO_BITRATE
          value: "128000"
        # Uncomment if network conditions rapidly fluctuate
#        - name: SELKIES_CONGESTION_CONTROL
#          value: "true"
        # Enable Basic Authentication from the web interface
        - name: SELKIES_ENABLE_BASIC_AUTH
          value: "true"
        # Defaults to `PASSWD` if unspecified, choose either `value:` or `secretKeyRef:` but not both at the same time
#        - name: SELKIES_BASIC_AUTH_PASSWORD
#          value: "mypasswd"
#          valueFrom:
#            secretKeyRef:
#              name: my-pass
#              key: my-pass
        # Enable HTTPS web interface from inside the container
        - name: SELKIES_ENABLE_HTTPS
          value: "false"
        # Volume mount trusted HTTPS certificate to new path for no web browser warnings
#        - name: SELKIES_HTTPS_CERT
#          value: /etc/ssl/certs/ssl-cert-snakeoil.pem
#        - name: SELKIES_HTTPS_KEY
#          value: /etc/ssl/private/ssl-cert-snakeoil.key
        ###
        # Uncomment below to use a TURN server for improved network compatibility
        ###
#        - name: SELKIES_TURN_HOST
#          value: "turn.example.com"
#        - name: SELKIES_TURN_PORT
#          value: "3478"
        # Change to `tcp` if the UDP protocol is throttled or blocked in your client network, or when the TURN server does not support UDP
#        - name: SELKIES_TURN_PROTOCOL
#          value: "udp"
        # You need a valid hostname and a certificate from authorities such as ZeroSSL or Let's Encrypt with your TURN server to enable TURN over TLS
#        - name: SELKIES_TURN_TLS
#          value: "false"
        # Internal TURN server settings, do not uncomment other TURN server settings below this when using an internal TURN server
#        - name: TURN_MIN_PORT
#          value: "65534"
#        - name: TURN_MAX_PORT
#          value: "65535"
        # Provide only `SELKIES_TURN_SHARED_SECRET` for time-limited shared secret authentication or both `SELKIES_TURN_USERNAME` and `SELKIES_TURN_PASSWORD` for legacy long-term authentication, but do not provide both authentication methods at the same time
#        - name: SELKIES_TURN_SHARED_SECRET
#          valueFrom:
#            secretKeyRef:
#              name: turn-shared-secret
#              key: turn-shared-secret
#        - name: SELKIES_TURN_USERNAME
#          value: "username"
        # Choose either `value:` or `secretKeyRef:` but not both at the same time
#        - name: SELKIES_TURN_PASSWORD
#          value: "mypasswd"
#          valueFrom:
#            secretKeyRef:
#              name: turn-password
#              key: turn-password
        # TURN REST URI authentication, all TURN server settings above are ignored if enabled
#        - name: SELKIES_TURN_REST_URI
#          value: "http://localhost:8008"
        stdin: true
        tty: true
        ports:
        - name: http
          containerPort: 8080
          protocol: TCP
        # Internal TURN server settings
#        - containerPort: 3478
#          protocol: TCP
#        - containerPort: 65534
#          protocol: TCP
#        - containerPort: 65535
#          protocol: TCP
#        - containerPort: 3478
#          protocol: UDP
#        - containerPort: 65534
#          protocol: UDP
#        - containerPort: 65535
#          protocol: UDP
        resources:
          limits:
            memory: 64Gi
            cpu: "16"
            nvidia.com/gpu: 1
          requests:
            memory: 100Mi
            cpu: 100m
        volumeMounts:
        - mountPath: /dev/shm
          name: dshm
        - mountPath: /cache
          name: xgl-cache-vol
        - mountPath: /home/ubuntu
          name: xgl-root-vol
      volumes:
      - name: dshm
        emptyDir:
          medium: Memory
      - name: xgl-cache-vol
        emptyDir: {}
#        persistentVolumeClaim:
#          claimName: xgl-cache-vol
      - name: xgl-root-vol
        emptyDir: {}
#        persistentVolumeClaim:
#          claimName: xgl-root-vol