From 6e0e7f4349c9c08144356fd6477286ad7804864c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Thu, 15 Sep 2022 10:09:21 +0300 Subject: [PATCH] camtiler: Formatting, networkpolicy and labeling fixes --- camtiler/application.yml | 472 ++++++++++++++++++++------------------- 1 file changed, 242 insertions(+), 230 deletions(-) diff --git a/camtiler/application.yml b/camtiler/application.yml index a68478d..7f2a1ae 100644 --- a/camtiler/application.yml +++ b/camtiler/application.yml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -114,8 +115,8 @@ spec: selector: app.kubernetes.io/name: log-viewer-frontend ports: - - protocol: TCP - port: 3003 + - protocol: TCP + port: 3003 --- apiVersion: v1 kind: Service @@ -126,8 +127,8 @@ spec: selector: app.kubernetes.io/name: log-viewer-backend ports: - - protocol: TCP - port: 3002 + - protocol: TCP + port: 3002 --- apiVersion: v1 kind: Service @@ -141,8 +142,8 @@ spec: app.kubernetes.io/name: camtiler component: camtiler ports: - - protocol: TCP - port: 5001 + - protocol: TCP + port: 5001 --- apiVersion: v1 kind: ServiceAccount @@ -154,18 +155,21 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: camtiler rules: -- apiGroups: [""] - resources: ["services"] - verbs: ["list"] + - apiGroups: + - "" + resources: + - services + verbs: + - list --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: camtiler subjects: -- kind: ServiceAccount - name: camtiler - apiGroup: "" + - kind: ServiceAccount + name: camtiler + apiGroup: "" roleRef: kind: Role name: camtiler @@ -204,34 +208,34 @@ metadata: external-dns.alpha.kubernetes.io/target: traefik.k-space.ee spec: rules: - - host: cams.k-space.ee - http: - paths: - - pathType: Prefix - path: "/tiled" - backend: - service: - name: camtiler - port: - number: 5001 - - pathType: Prefix - path: "/events" - backend: - service: - name: log-viewer-backend - port: - number: 3002 - - pathType: Prefix - path: "/" - backend: - service: - name: log-viewer-frontend - port: - number: 3003 + - host: cams.k-space.ee + http: + paths: + - pathType: Prefix + path: "/tiled" + backend: + service: + name: camtiler + port: + number: 5001 + - pathType: Prefix + path: "/events" + backend: + service: + name: log-viewer-backend + port: + number: 3002 + - pathType: Prefix + path: "/" + backend: + service: + name: log-viewer-frontend + port: + number: 3003 tls: - - hosts: - - cams.k-space.ee - secretName: camtiler-tls + - hosts: + - cams.k-space.ee + secretName: camtiler-tls --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy @@ -242,37 +246,37 @@ spec: matchLabels: component: camdetect policyTypes: - - Ingress - - Egress + - Ingress + - Egress ingress: - - from: - - podSelector: - matchLabels: - component: camtiler - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: prometheus-operator - podSelector: - matchLabels: - app.kubernetes.io/name: prometheus + - from: + - podSelector: + matchLabels: + component: camtiler + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: prometheus-operator + podSelector: + matchLabels: + app.kubernetes.io/name: prometheus egress: - to: - ipBlock: # Permit access to cameras outside the cluster cidr: 100.102.0.0/16 - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: mongodb-svc + - podSelector: + matchLabels: + app: mongodb-svc ports: - - port: 27017 + - port: 27017 - to: - - podSelector: - matchLabels: - v1.min.io/tenant: minio + - podSelector: + matchLabels: + v1.min.io/tenant: minio ports: - - port: 9000 + - port: 9000 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy @@ -283,30 +287,30 @@ spec: matchLabels: component: camtiler policyTypes: - - Ingress - - Egress + - Ingress + - Egress egress: - - to: - - podSelector: - matchLabels: - component: camdetect - ports: - - port: 5000 + - to: + - podSelector: + matchLabels: + component: camdetect + ports: + - port: 5000 ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: prometheus-operator - podSelector: - matchLabels: - app.kubernetes.io/name: prometheus - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: traefik - podSelector: - matchLabels: - app.kubernetes.io/name: traefik + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: prometheus-operator + podSelector: + matchLabels: + app.kubernetes.io/name: prometheus + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: traefik + podSelector: + matchLabels: + app.kubernetes.io/name: traefik --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy @@ -317,25 +321,29 @@ spec: matchLabels: app.kubernetes.io/name: log-viewer-backend policyTypes: - - Ingress - - Egress + - Ingress + - Egress egress: - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: mongodb-svc + - podSelector: + matchLabels: + app: mongodb-svc - to: - - ipBlock: - # Minio is accessed thru public endpoint via Traefik - cidr: 193.40.103.0/24 + # Minio access via Traefik's public endpoint + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: traefik + podSelector: + matchLabels: + app.kubernetes.io/name: traefik ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: traefik - podSelector: - matchLabels: - app.kubernetes.io/name: traefik + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: traefik + podSelector: + matchLabels: + app.kubernetes.io/name: traefik --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy @@ -346,16 +354,16 @@ spec: matchLabels: app.kubernetes.io/name: log-viewer-frontend policyTypes: - - Ingress - - Egress + - Ingress + - Egress ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: traefik - podSelector: - matchLabels: - app.kubernetes.io/name: traefik + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: traefik + podSelector: + matchLabels: + app.kubernetes.io/name: traefik --- apiVersion: networking.k8s.io/v1 kind: Ingress @@ -369,93 +377,93 @@ metadata: external-dns.alpha.kubernetes.io/target: traefik.k-space.ee spec: rules: - - host: cams-s3.k-space.ee - http: - paths: - - pathType: Prefix - path: "/" - backend: - service: - name: minio - port: - number: 80 + - host: cams-s3.k-space.ee + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: minio + port: + number: 80 tls: - - hosts: - - cams-s3.k-space.ee - secretName: cams-s3-tls + - hosts: + - cams-s3.k-space.ee + secretName: cams-s3-tls --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: cams.k-space.ee + name: cams.k-space.ee spec: - group: k-space.ee - names: - plural: cams - singular: cam - kind: Camera - shortNames: - - cam - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - roi: - type: object - description: Region of interest for this camera - properties: - threshold: - type: integer - description: Percentage of pixels changed within ROI to - consider whole frame to have motion detected. - Defaults to 5. - enabled: - type: boolean - description: Whether motion detection is enabled for this - camera. Defaults to false. - left: - type: integer - description: Left boundary of ROI as - percentage of the width of a frame. - By default 0. - right: - type: integer - description: Right boundary of ROI as - percentage of the width of a frame. - By default 100. - top: - type: integer - description: Top boundary of ROI as - percentage of the height of a frame - By deafault 0. - bottom: - type: integer - description: Bottom boundary of ROI as - percentage of the height of a frame. - By default 100. - secretRef: - type: string - description: Secret that contains authentication credentials - target: - type: string - description: URL of the video feed stream - replicas: - type: integer - minimum: 1 - maximum: 2 - description: For highly available deployment set this to 2 or - higher. Make sure you also run Mongo and Minio in HA - configurations - required: ["target"] - required: ["spec"] + group: k-space.ee + names: + plural: cams + singular: cam + kind: Camera + shortNames: + - cam + scope: Namespaced + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + roi: + type: object + description: Region of interest for this camera + properties: + threshold: + type: integer + description: Percentage of pixels changed within ROI to + consider whole frame to have motion detected. + Defaults to 5. + enabled: + type: boolean + description: Whether motion detection is enabled for this + camera. Defaults to false. + left: + type: integer + description: Left boundary of ROI as + percentage of the width of a frame. + By default 0. + right: + type: integer + description: Right boundary of ROI as + percentage of the width of a frame. + By default 100. + top: + type: integer + description: Top boundary of ROI as + percentage of the height of a frame + By deafault 0. + bottom: + type: integer + description: Bottom boundary of ROI as + percentage of the height of a frame. + By default 100. + secretRef: + type: string + description: Secret that contains authentication credentials + target: + type: string + description: URL of the video feed stream + replicas: + type: integer + minimum: 1 + maximum: 2 + description: For highly available deployment set this to 2 or + higher. Make sure you also run Mongo and Minio in HA + configurations + required: ["target"] + required: ["spec"] --- apiVersion: codemowers.io/v1alpha1 kind: ClusterOperator @@ -481,9 +489,9 @@ spec: app.kubernetes.io/name: foobar component: camdetect ports: - - protocol: TCP - port: 80 - targetPort: 5000 + - protocol: TCP + port: 80 + targetPort: 5000 deployments: - apiVersion: apps/v1 kind: Deployment @@ -522,14 +530,14 @@ spec: periodSeconds: 180 timeoutSeconds: 60 ports: - - containerPort: 5000 - name: "http" + - containerPort: 5000 + name: "http" resources: requests: memory: "64Mi" cpu: "200m" limits: - memory: "128Mi" + memory: "256Mi" cpu: "1" securityContext: readOnlyRootFilesystem: true @@ -580,13 +588,13 @@ spec: # Make sure camera deployments are spread over workers topologySpreadConstraints: - - maxSkew: 1 - topologyKey: kubernetes.io/hostname - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: foobar - component: camdetect + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/name: foobar + component: camdetect --- apiVersion: monitoring.coreos.com/v1 kind: PodMonitor @@ -595,44 +603,48 @@ metadata: spec: selector: {} podMetricsEndpoints: - - port: http + - port: http + podTargetLabels: + - app.kubernetes.io/name --- apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: cameras spec: - groups: + groups: - name: cameras rules: - - alert: CameraLost - expr: rate(camdetect_rx_frames_total[2m]) < 1 - for: 2m - labels: - severity: warning - annotations: - summary: Camera feed stopped - - alert: CameraServerRoomMotion - expr: camdetect_event_active {app="camdetect-server-room"} > 0 - for: 1m - labels: - severity: warning - annotations: - summary: Motion was detected in server room - - alert: CameraSlowUploads - expr: rate(camdetect_upload_dropped_frames_total[2m]) > 1 - for: 5m - labels: - severity: warning - annotations: - summary: Motion detect snapshots are piling up and not getting uploaded to S3 - - alert: CameraSlowProcessing - expr: rate(camdetect_download_dropped_frames_total[2m]) > 1 - for: 5m - labels: - severity: warning - annotations: - summary: Motion detection processing pipeline is not keeping up with incoming frames + - alert: CameraLost + expr: rate(camdetect_rx_frames_total[2m]) < 1 + for: 2m + labels: + severity: warning + annotations: + summary: Camera feed stopped + - alert: CameraServerRoomMotion + expr: camdetect_event_active {app="camdetect-server-room"} > 0 + for: 1m + labels: + severity: warning + annotations: + summary: Motion was detected in server room + - alert: CameraSlowUploads + expr: rate(camdetect_upload_dropped_frames_total[2m]) > 1 + for: 5m + labels: + severity: warning + annotations: + summary: Motion detect snapshots are piling up and + not getting uploaded to S3 + - alert: CameraSlowProcessing + expr: rate(camdetect_download_dropped_frames_total[2m]) > 1 + for: 5m + labels: + severity: warning + annotations: + summary: Motion detection processing pipeline is not keeping up + with incoming frames --- apiVersion: k-space.ee/v1alpha1 kind: Camera