Using Neko with STUNner

This guide shows how you can use Neko inside a Kubernetes cluster, using STUNner as a WebRTC gateway.

Neko uses WebRTC to stream a desktop inside of a docker container to your browser. However, integrating Neko into Kubernetes is far from trivial.

In this demo you will learn the following steps to:

  • integrate a typical WebRTC application server to be used with STUNner,
  • deploy Neko into Kubernetes behind STUNner,

Installation

Prerequisites

To run this example, you need: * a Kubernetes cluster, * a deployed STUNner (presumably the latest stable version), * optionally, an Ingress controller to ingest traffic into the cluster.

Quick installation

The simplest way to deploy the demo is to clone the STUNner git repository and deploy the manifest packaged with STUNner.

Configure STUNner to act as a STUN server towards clients, and to let media reach the media server.

git clone https://github.com/l7mp/stunner
cd stunner/docs/examples/neko
kubectl apply -f stunner.yaml

This will expose STUNner on a public IP on UDP port 3478. A Kubernetes LoadBalancer assigns an ephemeral public IP address to the service, so first we need to learn the external IP.

kubectl get service udp-gateway -n default -o jsonpath='{.status.loadBalancer.ingress[0].ip}'
STUNNERIP=$(kubectl get service udp-gateway -n default -o jsonpath='{.status.loadBalancer.ingress[0].ip}')

Note

This IP should be accessible from your browser. If that "public IP" is behind a NAT, you can overwrite it with the actual public IP that routes to the service by hand (e.g. STUNNERIP=<your public IP>).

We need to give this public IP the Neko configuration in the NEKO_ICESERVERS environment variable, inside the json content (basically this will tell you browser to use STUNner as a STUN/TURN server). You can do that by hand, or by this fancy sed command:

sed -i "s/turn:[\.0-9]*:3478/turn:$STUNNERIP:3478/g" neko.yaml

Now apply the Neko manifests and wait for the neko deployment to be available (should take a couple of seconds):

kubectl apply -f neko.yaml
kubectl wait --for=condition=Available deployment neko --timeout 5m

In this setup we use ingress to expose the Neko UI. Feel free to customize the ingress resource to your setup. If you don't have an ingress controller, you can use the neko-tcp service with a LoadBalancer type.

Ideally, by opening your ingress controller in your browser, you should see the Neko UI. You can log in with the admin:admin credentials. The WebRTC stream then should be relayed through STUNner.

Note

Tested with Chromium/Google Chrome.

Help

STUNner development is coordinated in Discord, feel free to join.