# This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at https://mozilla.org/MPL/2.0/. apiVersion: apps/v1 kind: Deployment metadata: name: xgl spec: replicas: 1 selector: matchLabels: app: xgl template: metadata: labels: app: xgl spec: hostname: xgl # Uncomment the below line to disable network isolation for WebRTC connectivity, display `:20` and `:21` should not be used in the host, may show an error if disallowed by the cluster # hostNetwork: true containers: - name: xgl # Change tag `latest` to Ubuntu versions such as `24.04`, use a persistent tag such as `24.04-20210101010101` to persist a certain container version image: ghcr.io/selkies-project/nvidia-glx-desktop:latest env: - name: TZ value: "UTC" - name: DISPLAY_SIZEW value: "1920" - name: DISPLAY_SIZEH value: "1080" - name: DISPLAY_REFRESH value: "60" - name: DISPLAY_DPI value: "96" - name: DISPLAY_CDEPTH value: "24" # With driver versions lower than 550, change to `DP-0` or any other `DP-*` port for larger resolution support if NOT using datacenter GPUs - name: VIDEO_PORT value: "DFP" # Choose either `value:` or `secretKeyRef:` but not both at the same time - name: PASSWD value: "mypasswd" # valueFrom: # secretKeyRef: # name: my-pass # key: my-pass # Uncomment to enable KasmVNC instead of Selkies-GStreamer, `SELKIES_BASIC_AUTH_PASSWORD` is used for authentication with KasmVNC, defaulting to `PASSWD` if not provided # Uses: `SELKIES_ENABLE_BASIC_AUTH`, `SELKIES_BASIC_AUTH_USER`, `SELKIES_BASIC_AUTH_PASSWORD`, `SELKIES_ENABLE_RESIZE`, `SELKIES_ENABLE_HTTPS`, `SELKIES_HTTPS_CERT`, `SELKIES_HTTPS_KEY` # - name: KASMVNC_ENABLE # value: "true" # Number of threads for encoding frames with KasmVNC, default value is all threads # - name: KASMVNC_THREADS # value: "0" ### # Selkies-GStreamer parameters, for additional configurations see `selkies-gstreamer --help` ### # Change `SELKIES_ENCODER` to `x264enc`, `vp8enc`, or `vp9enc` if your GPU does not support `H.264 (AVCHD)` under the `NVENC - Encoding` section in https://developer.nvidia.com/video-encode-and-decode-gpu-support-matrix-new - name: SELKIES_ENCODER value: "nvh264enc" # Do NOT set to `true` if physical monitor is connected to video port - name: SELKIES_ENABLE_RESIZE value: "false" # Initial video bitrate in kilobits per second, may be changed later within web interface - name: SELKIES_VIDEO_BITRATE value: "8000" # Initial frames per second, may be changed later within web interface - name: SELKIES_FRAMERATE value: "60" # Initial audio bitrate in bits per second, may be changed later within web interface - name: SELKIES_AUDIO_BITRATE value: "128000" # Uncomment if network conditions rapidly fluctuate # - name: SELKIES_CONGESTION_CONTROL # value: "true" # Enable basic authentication with the web interface - name: SELKIES_ENABLE_BASIC_AUTH value: "true" # Defaults to `PASSWD` if unspecified, choose either `value:` or `secretKeyRef:` but not both at the same time # - name: SELKIES_BASIC_AUTH_PASSWORD # value: "mypasswd" # valueFrom: # secretKeyRef: # name: my-pass # key: my-pass # Enable HTTPS web interface from inside the container - name: SELKIES_ENABLE_HTTPS value: "false" # Volume mount trusted HTTPS certificate to new path for no web browser warnings # - name: SELKIES_HTTPS_CERT # value: /etc/ssl/certs/ssl-cert-snakeoil.pem # - name: SELKIES_HTTPS_KEY # value: /etc/ssl/private/ssl-cert-snakeoil.key ### # Uncomment below to use a TURN server for improved network compatibility ### # - name: SELKIES_TURN_HOST # value: "turn.example.com" # - name: SELKIES_TURN_PORT # value: "3478" # Change to `tcp` if the UDP protocol is throttled or blocked in your client network, or when the TURN server does not support UDP # - name: SELKIES_TURN_PROTOCOL # value: "udp" # You need a valid hostname and a certificate from authorities such as ZeroSSL or Let's Encrypt with your TURN server to enable TURN over TLS # - name: SELKIES_TURN_TLS # value: "false" # Internal TURN server settings, do not uncomment other TURN server settings below this when using an internal TURN server # - name: TURN_MIN_PORT # value: "65534" # - name: TURN_MAX_PORT # value: "65535" # Provide only `SELKIES_TURN_SHARED_SECRET` for time-limited shared secret authentication or both `SELKIES_TURN_USERNAME` and `SELKIES_TURN_PASSWORD` for legacy long-term authentication, but do not provide both authentication methods at the same time # - name: SELKIES_TURN_SHARED_SECRET # valueFrom: # secretKeyRef: # name: turn-shared-secret # key: turn-shared-secret # - name: SELKIES_TURN_USERNAME # value: "username" # Choose either `value:` or `secretKeyRef:` but not both at the same time # - name: SELKIES_TURN_PASSWORD # value: "mypasswd" # valueFrom: # secretKeyRef: # name: turn-password # key: turn-password # TURN REST URI authentication, all TURN server settings above are ignored if enabled # - name: SELKIES_TURN_REST_URI # value: "http://localhost:8008" stdin: true tty: true ports: - name: http containerPort: 8080 protocol: TCP # Internal TURN server settings # - containerPort: 3478 # protocol: TCP # - containerPort: 65534 # protocol: TCP # - containerPort: 65535 # protocol: TCP # - containerPort: 3478 # protocol: UDP # - containerPort: 65534 # protocol: UDP # - containerPort: 65535 # protocol: UDP resources: limits: memory: 64Gi cpu: "16" nvidia.com/gpu: 1 requests: memory: 100Mi cpu: 100m volumeMounts: - mountPath: /dev/shm name: dshm - mountPath: /cache name: xgl-cache-vol - mountPath: /home/ubuntu name: xgl-root-vol volumes: - name: dshm emptyDir: medium: Memory - name: xgl-cache-vol emptyDir: {} # persistentVolumeClaim: # claimName: xgl-cache-vol - name: xgl-root-vol emptyDir: {} # persistentVolumeClaim: # claimName: xgl-root-vol