From 1cfc82c049b25e101852a79c84213ee619ac396d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Mon, 29 Aug 2022 00:00:46 +0300 Subject: [PATCH] Switch cameras to meta-operator --- camtiler/application.yml | 362 +++++++++++++++++++++++++--------- meta-operator/application.yml | 1 + 2 files changed, 274 insertions(+), 89 deletions(-) diff --git a/camtiler/application.yml b/camtiler/application.yml index decf8ab..f40e777 100644 --- a/camtiler/application.yml +++ b/camtiler/application.yml @@ -7,7 +7,7 @@ metadata: keel.sh/trigger: poll spec: revisionHistoryLimit: 0 - replicas: 1 + replicas: 2 selector: matchLabels: app: camtiler @@ -232,94 +232,6 @@ spec: - cams.k-space.ee secretName: camtiler-tls --- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: camera-operator - annotations: - keel.sh/policy: force - keel.sh/trigger: poll -spec: - revisionHistoryLimit: 0 - replicas: 1 - serviceName: camera-operator - selector: - matchLabels: - app: camera-operator - template: - metadata: - labels: - app: camera-operator - spec: - serviceAccount: camera-operator - containers: - - name: camera-operator - image: harbor.k-space.ee/k-space/camera-operator:latest - securityContext: - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: camera-operator -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - list - - update -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - list - - update -- apiGroups: - - k-space.ee - resources: - - cams - verbs: - - get - - list - - watch ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camera-operator -subjects: -- kind: ServiceAccount - name: camera-operator -roleRef: - kind: Role - name: camera-operator - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: camera-operator ---- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: @@ -472,3 +384,275 @@ spec: - hosts: - cams-s3.k-space.ee secretName: cams-s3-tls +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cams.k-space.ee +spec: + group: k-space.ee + names: + plural: cams + singular: cam + kind: Camera + shortNames: + - cam + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + roi: + type: object + description: Region of interest for this camera + properties: + threshold: + type: integer + description: Percentage of pixels changed within ROI to + consider whole frame to have motion detected. + Defaults to 5. + enabled: + type: boolean + description: Whether motion detection is enabled for this + camera. Defaults to false. + left: + type: integer + description: Left boundary of ROI as + percentage of the width of a frame. + By default 0. + right: + type: integer + description: Right boundary of ROI as + percentage of the width of a frame. + By default 100. + top: + type: integer + description: Top boundary of ROI as + percentage of the height of a frame + By deafault 0. + bottom: + type: integer + description: Bottom boundary of ROI as + percentage of the height of a frame. + By default 100. + secretRef: + type: string + description: Secret that contains authentication credentials + target: + type: string + description: URL of the video feed stream + replicas: + type: integer + minimum: 1 + maximum: 2 + description: For highly available deployment set this to 2 or + higher. Make sure you also run Mongo and Minio in HA + configurations + required: ["target"] + required: ["spec"] +--- +--- +apiVersion: codemowers.io/v1alpha1 +kind: ClusterOperator +metadata: + name: camera +spec: + resource: + group: k-space.ee + version: v1alpha1 + plural: cams + secret: + enabled: false + services: + - apiVersion: v1 + kind: Service + metadata: + name: foobar + labels: + component: camdetect + spec: + type: ClusterIP + selector: + app: foobar + component: camdetect + ports: + - protocol: TCP + port: 80 + targetPort: 5000 + deployments: + - apiVersion: apps/v1 + kind: Deployment + metadata: + name: camera-foobar + # Make sure keel.sh pulls updates for this deployment + annotations: + keel.sh/policy: force + keel.sh/trigger: poll + spec: + replicas: 1 + + # Make sure we do not congest the network during rollout + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + selector: + matchLabels: + app: foobar + template: + metadata: + annotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '5000' + labels: + app: foobar + component: camdetect + spec: + containers: + - name: camdetect + image: harbor.k-space.ee/k-space/camera-motion-detect:latest + readinessProbe: + httpGet: + path: /readyz + port: 5000 + initialDelaySeconds: 10 + periodSeconds: 180 + timeoutSeconds: 60 + ports: + - containerPort: 5000 + name: "http" + resources: + requests: + memory: "64Mi" + cpu: "200m" + limits: + memory: "128Mi" + cpu: "1" + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + command: + - /app/camdetect.py + - http://user@foobar.cam.k-space.ee:8080/?action=stream + env: + - name: SOURCE_NAME + value: foobar + - name: S3_BUCKET_NAME + value: application + - name: S3_ENDPOINT_URL + value: http://minio + - name: BASIC_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: camera-secrets + key: password + - name: MONGO_URI + valueFrom: + secretKeyRef: + name: mongodb-application-readwrite + key: connectionString.standard + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: minio-secret + key: secretkey + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: minio-secret + key: accesskey + + # Make sure 2+ pods of same camera are scheduled on different hosts + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - foobar + topologyKey: kubernetes.io/hostname + + # Make sure camera deployments are spread over workers + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app: foobar + component: camdetect +--- +apiVersion: k-space.ee/v1alpha1 +kind: Camera +metadata: + name: workshop +spec: + target: http://user@workshop.cam.k-space.ee:8080/?action=stream + secretRef: camera-secrets +--- +apiVersion: k-space.ee/v1alpha1 +kind: Camera +metadata: + name: server-room +spec: + target: http://user@server-room.cam.k-space.ee:8080/?action=stream + secretRef: camera-secrets +--- +apiVersion: k-space.ee/v1alpha1 +kind: Camera +metadata: + name: printer +spec: + target: http://user@printer.cam.k-space.ee:8080/?action=stream + secretRef: camera-secrets +--- +apiVersion: k-space.ee/v1alpha1 +kind: Camera +metadata: + name: chaos +spec: + target: http://user@chaos.cam.k-space.ee:8080/?action=stream + secretRef: camera-secrets +--- +apiVersion: k-space.ee/v1alpha1 +kind: Camera +metadata: + name: cyber +spec: + target: http://user@cyber.cam.k-space.ee:8080/?action=stream + secretRef: camera-secrets +--- +apiVersion: k-space.ee/v1alpha1 +kind: Camera +metadata: + name: kitchen +spec: + target: http://user@kitchen.cam.k-space.ee:8080/?action=stream + secretRef: camera-secrets +--- +apiVersion: k-space.ee/v1alpha1 +kind: Camera +metadata: + name: back-door +spec: + target: http://user@back-door.cam.k-space.ee:8080/?action=stream + secretRef: camera-secrets +--- +apiVersion: k-space.ee/v1alpha1 +kind: Camera +metadata: + name: ground-door +spec: + target: http://user@ground-door.cam.k-space.ee:8080/?action=stream + secretRef: camera-secrets diff --git a/meta-operator/application.yml b/meta-operator/application.yml index a27a1fc..e3f2099 100644 --- a/meta-operator/application.yml +++ b/meta-operator/application.yml @@ -174,6 +174,7 @@ rules: - delete - list - update + - patch - apiGroups: - codemowers.io resources: