forked from k-space/kube
camtiler: Dozen updates
This commit is contained in:
parent
b5ee891c97
commit
ea9b63b7cc
@ -1,7 +1,7 @@
|
|||||||
To apply changes:
|
To apply changes:
|
||||||
|
|
||||||
```
|
```
|
||||||
kubectl apply -n camtiler -f application.yml -f persistence.yml -f mongoexpress.yml -f mongodb-support.yml -f networkpolicy-base.yml -f minio-support.yml
|
kubectl apply -n camtiler -f application.yml -f persistence.yml -f mongoexpress.yml -f mongodb-support.yml -f networkpolicy-base.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
To deploy changes:
|
To deploy changes:
|
||||||
@ -15,14 +15,9 @@ To initialize secrets:
|
|||||||
```
|
```
|
||||||
kubectl create secret generic -n camtiler mongodb-application-readwrite-password --from-literal="password=$(cat /dev/urandom | base64 | head -c 30)"
|
kubectl create secret generic -n camtiler mongodb-application-readwrite-password --from-literal="password=$(cat /dev/urandom | base64 | head -c 30)"
|
||||||
kubectl create secret generic -n camtiler mongodb-application-readonly-password --from-literal="password=$(cat /dev/urandom | base64 | head -c 30)"
|
kubectl create secret generic -n camtiler mongodb-application-readonly-password --from-literal="password=$(cat /dev/urandom | base64 | head -c 30)"
|
||||||
kubectl create secret generic -n camtiler minio-secret \
|
kubectl create secret generic -n camtiler minio-secrets \
|
||||||
--from-literal=accesskey=application \
|
|
||||||
--from-literal=secretkey=$(cat /dev/urandom | base64 | head -c 30)
|
|
||||||
kubectl create secret generic -n camtiler minio-env-configuration \
|
|
||||||
--from-literal="MINIO_BROWSER=off" \
|
|
||||||
--from-literal="MINIO_ROOT_USER=root" \
|
--from-literal="MINIO_ROOT_USER=root" \
|
||||||
--from-literal="MINIO_ROOT_PASSWORD=$(cat /dev/urandom | base64 | head -c 30)" \
|
--from-literal="MINIO_ROOT_PASSWORD=$(cat /dev/urandom | base64 | head -c 30)"
|
||||||
--from-literal="MINIO_STORAGE_CLASS_STANDARD=EC:4"
|
|
||||||
kubectl -n camtiler create secret generic camera-secrets \
|
kubectl -n camtiler create secret generic camera-secrets \
|
||||||
--from-literal=username=... \
|
--from-literal=username=... \
|
||||||
--from-literal=password=...
|
--from-literal=password=...
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
name: camtiler
|
name: camera-tiler
|
||||||
annotations:
|
annotations:
|
||||||
keel.sh/policy: force
|
keel.sh/policy: force
|
||||||
keel.sh/trigger: poll
|
keel.sh/trigger: poll
|
||||||
@ -10,17 +10,16 @@ spec:
|
|||||||
revisionHistoryLimit: 0
|
revisionHistoryLimit: 0
|
||||||
replicas: 2
|
replicas: 2
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels: &selectorLabels
|
||||||
app.kubernetes.io/name: camtiler
|
app.kubernetes.io/name: camtiler
|
||||||
|
component: camera-tiler
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels: *selectorLabels
|
||||||
app.kubernetes.io/name: camtiler
|
|
||||||
component: camtiler
|
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: camtiler
|
serviceAccountName: camera-tiler
|
||||||
containers:
|
containers:
|
||||||
- name: camtiler
|
- name: camera-tiler
|
||||||
image: harbor.k-space.ee/k-space/camera-tiler:latest
|
image: harbor.k-space.ee/k-space/camera-tiler:latest
|
||||||
securityContext:
|
securityContext:
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
@ -29,6 +28,13 @@ spec:
|
|||||||
ports:
|
ports:
|
||||||
- containerPort: 5001
|
- containerPort: 5001
|
||||||
name: "http"
|
name: "http"
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
memory: "200Mi"
|
||||||
|
cpu: "100m"
|
||||||
|
limits:
|
||||||
|
memory: "500Mi"
|
||||||
|
cpu: "1"
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
@ -41,20 +47,40 @@ spec:
|
|||||||
revisionHistoryLimit: 0
|
revisionHistoryLimit: 0
|
||||||
replicas: 2
|
replicas: 2
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels: &selectorLabels
|
||||||
app.kubernetes.io/name: log-viewer-frontend
|
app.kubernetes.io/name: camtiler
|
||||||
|
component: log-viewer-frontend
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels: *selectorLabels
|
||||||
app.kubernetes.io/name: log-viewer-frontend
|
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: log-viewer-frontend
|
- name: log-viewer-frontend
|
||||||
image: harbor.k-space.ee/k-space/log-viewer-frontend:latest
|
image: harbor.k-space.ee/k-space/log-viewer-frontend:latest
|
||||||
# securityContext:
|
securityContext:
|
||||||
# readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
# runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
# runAsUser: 1000
|
runAsUser: 1000
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
memory: 50Mi
|
||||||
|
requests:
|
||||||
|
cpu: 1m
|
||||||
|
memory: 20Mi
|
||||||
|
volumeMounts:
|
||||||
|
- name : nginx-cache
|
||||||
|
mountPath: /var/cache/nginx/
|
||||||
|
- name : nginx-config
|
||||||
|
mountPath: /var/config/nginx/
|
||||||
|
- name: var-run
|
||||||
|
mountPath: /var/run/
|
||||||
|
volumes:
|
||||||
|
- emptyDir: {}
|
||||||
|
name: nginx-cache
|
||||||
|
- emptyDir: {}
|
||||||
|
name: nginx-config
|
||||||
|
- emptyDir: {}
|
||||||
|
name: var-run
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
@ -65,14 +91,14 @@ metadata:
|
|||||||
keel.sh/trigger: poll
|
keel.sh/trigger: poll
|
||||||
spec:
|
spec:
|
||||||
revisionHistoryLimit: 0
|
revisionHistoryLimit: 0
|
||||||
replicas: 3
|
replicas: 2
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels: &selectorLabels
|
||||||
app.kubernetes.io/name: log-viewer-backend
|
app.kubernetes.io/name: camtiler
|
||||||
|
component: log-viewer-backend
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels: *selectorLabels
|
||||||
app.kubernetes.io/name: log-viewer-backend
|
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: log-backend-backend
|
- name: log-backend-backend
|
||||||
@ -98,13 +124,13 @@ spec:
|
|||||||
- name: MINIO_SECRET_KEY
|
- name: MINIO_SECRET_KEY
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: minio-secret
|
name: minio-secrets
|
||||||
key: secretkey
|
key: MINIO_ROOT_PASSWORD
|
||||||
- name: MINIO_ACCESS_KEY
|
- name: MINIO_ACCESS_KEY
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: minio-secret
|
name: minio-secrets
|
||||||
key: accesskey
|
key: MINIO_ROOT_USER
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
@ -113,7 +139,8 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
selector:
|
selector:
|
||||||
app.kubernetes.io/name: log-viewer-frontend
|
app.kubernetes.io/name: camtiler
|
||||||
|
component: log-viewer-frontend
|
||||||
ports:
|
ports:
|
||||||
- protocol: TCP
|
- protocol: TCP
|
||||||
port: 3003
|
port: 3003
|
||||||
@ -125,7 +152,8 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
selector:
|
selector:
|
||||||
app.kubernetes.io/name: log-viewer-backend
|
app.kubernetes.io/name: camtiler
|
||||||
|
component: log-viewer-backend
|
||||||
ports:
|
ports:
|
||||||
- protocol: TCP
|
- protocol: TCP
|
||||||
port: 3002
|
port: 3002
|
||||||
@ -133,14 +161,15 @@ spec:
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
name: camtiler
|
name: camera-tiler
|
||||||
labels:
|
labels:
|
||||||
component: camtiler
|
app.kubernetes.io/name: camtiler
|
||||||
|
component: camera-tiler
|
||||||
spec:
|
spec:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
selector:
|
selector:
|
||||||
app.kubernetes.io/name: camtiler
|
app.kubernetes.io/name: camtiler
|
||||||
component: camtiler
|
component: camera-tiler
|
||||||
ports:
|
ports:
|
||||||
- protocol: TCP
|
- protocol: TCP
|
||||||
port: 5001
|
port: 5001
|
||||||
@ -148,12 +177,12 @@ spec:
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
metadata:
|
metadata:
|
||||||
name: camtiler
|
name: camera-tiler
|
||||||
---
|
---
|
||||||
kind: Role
|
kind: Role
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
metadata:
|
metadata:
|
||||||
name: camtiler
|
name: camera-tiler
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ""
|
- ""
|
||||||
@ -165,14 +194,14 @@ rules:
|
|||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
metadata:
|
metadata:
|
||||||
name: camtiler
|
name: camera-tiler
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: camtiler
|
name: camera-tiler
|
||||||
apiGroup: ""
|
apiGroup: ""
|
||||||
roleRef:
|
roleRef:
|
||||||
kind: Role
|
kind: Role
|
||||||
name: camtiler
|
name: camera-tiler
|
||||||
apiGroup: ""
|
apiGroup: ""
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
@ -209,7 +238,7 @@ spec:
|
|||||||
path: "/tiled"
|
path: "/tiled"
|
||||||
backend:
|
backend:
|
||||||
service:
|
service:
|
||||||
name: camtiler
|
name: camera-tiler
|
||||||
port:
|
port:
|
||||||
number: 5001
|
number: 5001
|
||||||
- pathType: Prefix
|
- pathType: Prefix
|
||||||
@ -237,7 +266,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
podSelector:
|
podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
component: camdetect
|
component: camera-motion-detect
|
||||||
policyTypes:
|
policyTypes:
|
||||||
- Ingress
|
- Ingress
|
||||||
- Egress
|
- Egress
|
||||||
@ -245,7 +274,8 @@ spec:
|
|||||||
- from:
|
- from:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
component: camtiler
|
app.kubernetes.io/name: camtiler
|
||||||
|
component: camera-tiler
|
||||||
- from:
|
- from:
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
@ -267,7 +297,7 @@ spec:
|
|||||||
- to:
|
- to:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
v1.min.io/tenant: minio
|
app.kubernetes.io/name: minio
|
||||||
ports:
|
ports:
|
||||||
- port: 9000
|
- port: 9000
|
||||||
---
|
---
|
||||||
@ -278,7 +308,8 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
podSelector:
|
podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
component: camtiler
|
app.kubernetes.io/name: camtiler
|
||||||
|
component: camera-tiler
|
||||||
policyTypes:
|
policyTypes:
|
||||||
- Ingress
|
- Ingress
|
||||||
- Egress
|
- Egress
|
||||||
@ -286,7 +317,7 @@ spec:
|
|||||||
- to:
|
- to:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
component: camdetect
|
component: camera-motion-detect
|
||||||
ports:
|
ports:
|
||||||
- port: 5000
|
- port: 5000
|
||||||
ingress:
|
ingress:
|
||||||
@ -312,7 +343,8 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
podSelector:
|
podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: log-viewer-backend
|
app.kubernetes.io/name: camtiler
|
||||||
|
component: log-viewer-backend
|
||||||
policyTypes:
|
policyTypes:
|
||||||
- Ingress
|
- Ingress
|
||||||
- Egress
|
- Egress
|
||||||
@ -345,7 +377,8 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
podSelector:
|
podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: log-viewer-frontend
|
app.kubernetes.io/name: camtiler
|
||||||
|
component: log-viewer-frontend
|
||||||
policyTypes:
|
policyTypes:
|
||||||
- Ingress
|
- Ingress
|
||||||
- Egress
|
- Egress
|
||||||
@ -358,31 +391,6 @@ spec:
|
|||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: traefik
|
app.kubernetes.io/name: traefik
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: minio
|
|
||||||
annotations:
|
|
||||||
kubernetes.io/ingress.class: traefik
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
||||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- host: cams-s3.k-space.ee
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- pathType: Prefix
|
|
||||||
path: "/"
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: minio
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- "*.k-space.ee"
|
|
||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
@ -473,12 +481,13 @@ spec:
|
|||||||
metadata:
|
metadata:
|
||||||
name: foobar
|
name: foobar
|
||||||
labels:
|
labels:
|
||||||
component: camdetect
|
app.kubernetes.io/name: foobar
|
||||||
|
component: camera-motion-detect
|
||||||
spec:
|
spec:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
selector:
|
selector:
|
||||||
app.kubernetes.io/name: foobar
|
app.kubernetes.io/name: foobar
|
||||||
component: camdetect
|
component: camera-motion-detect
|
||||||
ports:
|
ports:
|
||||||
- protocol: TCP
|
- protocol: TCP
|
||||||
port: 80
|
port: 80
|
||||||
@ -508,18 +517,25 @@ spec:
|
|||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/name: foobar
|
app.kubernetes.io/name: foobar
|
||||||
component: camdetect
|
component: camera-motion-detect
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: camdetect
|
- name: camera-motion-detect
|
||||||
image: harbor.k-space.ee/k-space/camera-motion-detect:latest
|
image: harbor.k-space.ee/k-space/camera-motion-detect:latest
|
||||||
|
starupProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: 5000
|
||||||
|
initialDelaySeconds: 2
|
||||||
|
periodSeconds: 180
|
||||||
|
timeoutSeconds: 60
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /readyz
|
path: /readyz
|
||||||
port: 5000
|
port: 5000
|
||||||
initialDelaySeconds: 10
|
initialDelaySeconds: 60
|
||||||
periodSeconds: 180
|
periodSeconds: 60
|
||||||
timeoutSeconds: 60
|
timeoutSeconds: 5
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 5000
|
- containerPort: 5000
|
||||||
name: "http"
|
name: "http"
|
||||||
@ -557,13 +573,13 @@ spec:
|
|||||||
- name: AWS_SECRET_ACCESS_KEY
|
- name: AWS_SECRET_ACCESS_KEY
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: minio-secret
|
name: minio-secrets
|
||||||
key: secretkey
|
key: MINIO_ROOT_PASSWORD
|
||||||
- name: AWS_ACCESS_KEY_ID
|
- name: AWS_ACCESS_KEY_ID
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: minio-secret
|
name: minio-secrets
|
||||||
key: accesskey
|
key: MINIO_ROOT_USER
|
||||||
|
|
||||||
# Make sure 2+ pods of same camera are scheduled on different hosts
|
# Make sure 2+ pods of same camera are scheduled on different hosts
|
||||||
affinity:
|
affinity:
|
||||||
@ -585,7 +601,7 @@ spec:
|
|||||||
labelSelector:
|
labelSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: foobar
|
app.kubernetes.io/name: foobar
|
||||||
component: camdetect
|
component: camera-motion-detect
|
||||||
---
|
---
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: PodMonitor
|
kind: PodMonitor
|
||||||
@ -597,6 +613,7 @@ spec:
|
|||||||
- port: http
|
- port: http
|
||||||
podTargetLabels:
|
podTargetLabels:
|
||||||
- app.kubernetes.io/name
|
- app.kubernetes.io/name
|
||||||
|
- component
|
||||||
---
|
---
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: PrometheusRule
|
kind: PrometheusRule
|
||||||
@ -607,21 +624,21 @@ spec:
|
|||||||
- name: cameras
|
- name: cameras
|
||||||
rules:
|
rules:
|
||||||
- alert: CameraLost
|
- alert: CameraLost
|
||||||
expr: rate(camdetect_rx_frames_total[2m]) < 1
|
expr: rate(camtiler_frames_total{stage="downloaded"}[1m]) < 1
|
||||||
for: 2m
|
for: 2m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: Camera feed stopped
|
summary: Camera feed stopped
|
||||||
- alert: CameraServerRoomMotion
|
- alert: CameraServerRoomMotion
|
||||||
expr: camdetect_event_active {app="camdetect-server-room"} > 0
|
expr: rate(camtiler_events_total{app_kubernetes_io_name="server-room"}[30m]) > 0
|
||||||
for: 1m
|
for: 1m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: Motion was detected in server room
|
summary: Motion was detected in server room
|
||||||
- alert: CameraSlowUploads
|
- alert: CameraSlowUploads
|
||||||
expr: rate(camdetect_upload_dropped_frames_total[2m]) > 1
|
expr: camtiler_queue_frames{stage="upload"} > 10
|
||||||
for: 5m
|
for: 5m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
@ -629,7 +646,7 @@ spec:
|
|||||||
summary: Motion detect snapshots are piling up and
|
summary: Motion detect snapshots are piling up and
|
||||||
not getting uploaded to S3
|
not getting uploaded to S3
|
||||||
- alert: CameraSlowProcessing
|
- alert: CameraSlowProcessing
|
||||||
expr: rate(camdetect_download_dropped_frames_total[2m]) > 1
|
expr: camtiler_queue_frames{stage="download"} > 10
|
||||||
for: 5m
|
for: 5m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
@ -644,6 +661,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
target: http://user@workshop.cam.k-space.ee:8080/?action=stream
|
target: http://user@workshop.cam.k-space.ee:8080/?action=stream
|
||||||
secretRef: camera-secrets
|
secretRef: camera-secrets
|
||||||
|
replicas: 2
|
||||||
---
|
---
|
||||||
apiVersion: k-space.ee/v1alpha1
|
apiVersion: k-space.ee/v1alpha1
|
||||||
kind: Camera
|
kind: Camera
|
||||||
@ -652,6 +670,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
target: http://user@server-room.cam.k-space.ee:8080/?action=stream
|
target: http://user@server-room.cam.k-space.ee:8080/?action=stream
|
||||||
secretRef: camera-secrets
|
secretRef: camera-secrets
|
||||||
|
replicas: 2
|
||||||
---
|
---
|
||||||
apiVersion: k-space.ee/v1alpha1
|
apiVersion: k-space.ee/v1alpha1
|
||||||
kind: Camera
|
kind: Camera
|
||||||
@ -660,6 +679,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
target: http://user@printer.cam.k-space.ee:8080/?action=stream
|
target: http://user@printer.cam.k-space.ee:8080/?action=stream
|
||||||
secretRef: camera-secrets
|
secretRef: camera-secrets
|
||||||
|
replicas: 2
|
||||||
---
|
---
|
||||||
apiVersion: k-space.ee/v1alpha1
|
apiVersion: k-space.ee/v1alpha1
|
||||||
kind: Camera
|
kind: Camera
|
||||||
@ -668,6 +688,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
target: http://user@chaos.cam.k-space.ee:8080/?action=stream
|
target: http://user@chaos.cam.k-space.ee:8080/?action=stream
|
||||||
secretRef: camera-secrets
|
secretRef: camera-secrets
|
||||||
|
replicas: 2
|
||||||
---
|
---
|
||||||
apiVersion: k-space.ee/v1alpha1
|
apiVersion: k-space.ee/v1alpha1
|
||||||
kind: Camera
|
kind: Camera
|
||||||
@ -676,6 +697,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
target: http://user@cyber.cam.k-space.ee:8080/?action=stream
|
target: http://user@cyber.cam.k-space.ee:8080/?action=stream
|
||||||
secretRef: camera-secrets
|
secretRef: camera-secrets
|
||||||
|
replicas: 2
|
||||||
---
|
---
|
||||||
apiVersion: k-space.ee/v1alpha1
|
apiVersion: k-space.ee/v1alpha1
|
||||||
kind: Camera
|
kind: Camera
|
||||||
@ -684,6 +706,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
target: http://user@kitchen.cam.k-space.ee:8080/?action=stream
|
target: http://user@kitchen.cam.k-space.ee:8080/?action=stream
|
||||||
secretRef: camera-secrets
|
secretRef: camera-secrets
|
||||||
|
replicas: 2
|
||||||
---
|
---
|
||||||
apiVersion: k-space.ee/v1alpha1
|
apiVersion: k-space.ee/v1alpha1
|
||||||
kind: Camera
|
kind: Camera
|
||||||
@ -692,6 +715,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
target: http://user@back-door.cam.k-space.ee:8080/?action=stream
|
target: http://user@back-door.cam.k-space.ee:8080/?action=stream
|
||||||
secretRef: camera-secrets
|
secretRef: camera-secrets
|
||||||
|
replicas: 2
|
||||||
---
|
---
|
||||||
apiVersion: k-space.ee/v1alpha1
|
apiVersion: k-space.ee/v1alpha1
|
||||||
kind: Camera
|
kind: Camera
|
||||||
@ -700,3 +724,4 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
target: http://user@ground-door.cam.k-space.ee:8080/?action=stream
|
target: http://user@ground-door.cam.k-space.ee:8080/?action=stream
|
||||||
secretRef: camera-secrets
|
secretRef: camera-secrets
|
||||||
|
replicas: 2
|
||||||
|
@ -1 +0,0 @@
|
|||||||
../shared/minio-support.yml
|
|
@ -7,9 +7,10 @@ spec:
|
|||||||
additionalMongodConfig:
|
additionalMongodConfig:
|
||||||
systemLog:
|
systemLog:
|
||||||
quiet: true
|
quiet: true
|
||||||
members: 3
|
members: 2
|
||||||
|
arbiters: 1
|
||||||
type: ReplicaSet
|
type: ReplicaSet
|
||||||
version: "5.0.9"
|
version: "6.0.3"
|
||||||
security:
|
security:
|
||||||
authentication:
|
authentication:
|
||||||
modes: ["SCRAM"]
|
modes: ["SCRAM"]
|
||||||
@ -27,7 +28,7 @@ spec:
|
|||||||
passwordSecretRef:
|
passwordSecretRef:
|
||||||
name: mongodb-application-readonly-password
|
name: mongodb-application-readonly-password
|
||||||
roles:
|
roles:
|
||||||
- name: readOnly
|
- name: read
|
||||||
db: application
|
db: application
|
||||||
scramCredentialsSecretName: mongodb-application-readonly
|
scramCredentialsSecretName: mongodb-application-readonly
|
||||||
statefulSet:
|
statefulSet:
|
||||||
@ -35,6 +36,24 @@ spec:
|
|||||||
logLevel: WARN
|
logLevel: WARN
|
||||||
template:
|
template:
|
||||||
spec:
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: mongod
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 100m
|
||||||
|
memory: 512Mi
|
||||||
|
limits:
|
||||||
|
cpu: 500m
|
||||||
|
memory: 1Gi
|
||||||
|
volumeMounts:
|
||||||
|
- name: journal-volume
|
||||||
|
mountPath: /data/journal
|
||||||
|
- name: mongodb-agent
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 1m
|
||||||
|
memory: 100Mi
|
||||||
|
limits: {}
|
||||||
affinity:
|
affinity:
|
||||||
podAntiAffinity:
|
podAntiAffinity:
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
@ -55,8 +74,21 @@ spec:
|
|||||||
volumeClaimTemplates:
|
volumeClaimTemplates:
|
||||||
- metadata:
|
- metadata:
|
||||||
name: logs-volume
|
name: logs-volume
|
||||||
|
labels:
|
||||||
|
usecase: logs
|
||||||
spec:
|
spec:
|
||||||
storageClassName: local-path
|
storageClassName: mongo
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 100Mi
|
||||||
|
- metadata:
|
||||||
|
name: journal-volume
|
||||||
|
labels:
|
||||||
|
usecase: journal
|
||||||
|
spec:
|
||||||
|
storageClassName: mongo
|
||||||
accessModes:
|
accessModes:
|
||||||
- ReadWriteOnce
|
- ReadWriteOnce
|
||||||
resources:
|
resources:
|
||||||
@ -64,63 +96,44 @@ spec:
|
|||||||
storage: 512Mi
|
storage: 512Mi
|
||||||
- metadata:
|
- metadata:
|
||||||
name: data-volume
|
name: data-volume
|
||||||
|
labels:
|
||||||
|
usecase: data
|
||||||
spec:
|
spec:
|
||||||
storageClassName: local-path
|
storageClassName: mongo
|
||||||
accessModes:
|
accessModes:
|
||||||
- ReadWriteOnce
|
- ReadWriteOnce
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: 2Gi
|
storage: 2Gi
|
||||||
---
|
---
|
||||||
apiVersion: minio.min.io/v2
|
apiVersion: apps/v1
|
||||||
kind: Tenant
|
kind: StatefulSet
|
||||||
metadata:
|
metadata:
|
||||||
name: minio
|
name: minio
|
||||||
annotations:
|
labels:
|
||||||
prometheus.io/path: /minio/prometheus/metrics
|
app.kubernetes.io/name: minio
|
||||||
prometheus.io/port: "9000"
|
|
||||||
prometheus.io/scrape: "true"
|
|
||||||
spec:
|
spec:
|
||||||
credsSecret:
|
selector:
|
||||||
name: minio-secret
|
matchLabels:
|
||||||
buckets:
|
app.kubernetes.io/name: minio
|
||||||
- name: application
|
serviceName: minio-svc
|
||||||
requestAutoCert: false
|
replicas: 4
|
||||||
users:
|
podManagementPolicy: Parallel
|
||||||
- name: minio-user-0
|
template:
|
||||||
pools:
|
metadata:
|
||||||
- name: pool-0
|
labels:
|
||||||
|
app.kubernetes.io/name: minio
|
||||||
|
spec:
|
||||||
affinity:
|
affinity:
|
||||||
podAntiAffinity:
|
podAntiAffinity:
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
- labelSelector:
|
- labelSelector:
|
||||||
matchExpressions:
|
matchExpressions:
|
||||||
- key: v1.min.io/tenant
|
- key: app
|
||||||
operator: In
|
operator: In
|
||||||
values:
|
values:
|
||||||
- minio
|
- minio
|
||||||
- key: v1.min.io/pool
|
|
||||||
operator: In
|
|
||||||
values:
|
|
||||||
- pool-0
|
|
||||||
topologyKey: kubernetes.io/hostname
|
topologyKey: kubernetes.io/hostname
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: '1'
|
|
||||||
memory: 512Mi
|
|
||||||
servers: 4
|
|
||||||
volumesPerServer: 1
|
|
||||||
volumeClaimTemplate:
|
|
||||||
metadata:
|
|
||||||
name: data
|
|
||||||
spec:
|
|
||||||
accessModes:
|
|
||||||
- ReadWriteOnce
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: '30Gi'
|
|
||||||
storageClassName: local-path
|
|
||||||
status: {}
|
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
dedicated: storage
|
dedicated: storage
|
||||||
tolerations:
|
tolerations:
|
||||||
@ -128,3 +141,154 @@ spec:
|
|||||||
operator: Equal
|
operator: Equal
|
||||||
value: storage
|
value: storage
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
|
containers:
|
||||||
|
- name: minio
|
||||||
|
env:
|
||||||
|
- name: MINIO_PROMETHEUS_AUTH_TYPE
|
||||||
|
value: public
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: minio-secrets
|
||||||
|
image: minio/minio:latest
|
||||||
|
args:
|
||||||
|
- server
|
||||||
|
- http://minio-{0...3}.minio-svc.camtiler.svc.cluster.local/data
|
||||||
|
- --address
|
||||||
|
- 0.0.0.0:9000
|
||||||
|
- --console-address
|
||||||
|
- 0.0.0.0:9001
|
||||||
|
ports:
|
||||||
|
- containerPort: 9000
|
||||||
|
name: http
|
||||||
|
- containerPort: 9001
|
||||||
|
name: console
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /minio/health/live
|
||||||
|
port: 9000
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
periodSeconds: 20
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 1m
|
||||||
|
memory: 512Mi
|
||||||
|
limits:
|
||||||
|
cpu: 1000m
|
||||||
|
memory: 1Gi
|
||||||
|
volumeMounts:
|
||||||
|
- name: minio-data
|
||||||
|
mountPath: /data
|
||||||
|
volumeClaimTemplates:
|
||||||
|
- metadata:
|
||||||
|
name: minio-data
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: '30Gi'
|
||||||
|
storageClassName: minio
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: minio
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- port: 80
|
||||||
|
targetPort: 9000
|
||||||
|
protocol: TCP
|
||||||
|
name: http
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: minio
|
||||||
|
---
|
||||||
|
kind: Service
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: minio-svc
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: minio
|
||||||
|
clusterIP: None
|
||||||
|
publishNotReadyAddresses: true
|
||||||
|
ports:
|
||||||
|
- name: http
|
||||||
|
port: 9000
|
||||||
|
---
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: PodMonitor
|
||||||
|
metadata:
|
||||||
|
name: minio
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: minio
|
||||||
|
podMetricsEndpoints:
|
||||||
|
- port: http
|
||||||
|
path: /minio/v2/metrics/node
|
||||||
|
podTargetLabels:
|
||||||
|
- app.kubernetes.io/name
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: NetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: minio
|
||||||
|
spec:
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: minio
|
||||||
|
policyTypes:
|
||||||
|
- Ingress
|
||||||
|
- Egress
|
||||||
|
egress:
|
||||||
|
- ports:
|
||||||
|
- port: http
|
||||||
|
to:
|
||||||
|
- podSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: minio
|
||||||
|
ingress:
|
||||||
|
- ports:
|
||||||
|
- port: http
|
||||||
|
from:
|
||||||
|
- podSelector: {}
|
||||||
|
- from:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: traefik
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: traefik
|
||||||
|
- from:
|
||||||
|
- namespaceSelector:
|
||||||
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: prometheus-operator
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: prometheus
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: minio
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
|
spec:
|
||||||
|
rules:
|
||||||
|
- host: cams-s3.k-space.ee
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- pathType: Prefix
|
||||||
|
path: "/"
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: minio-svc
|
||||||
|
port:
|
||||||
|
number: 9000
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- "*.k-space.ee"
|
||||||
|
Loading…
Reference in New Issue
Block a user