diff --git a/_disabled/camtiler/.gitignore b/_disabled/camtiler/.gitignore deleted file mode 100644 index c5435e3..0000000 --- a/_disabled/camtiler/.gitignore +++ /dev/null @@ -1 +0,0 @@ -deployments/ diff --git a/_disabled/camtiler/README.md b/_disabled/camtiler/README.md deleted file mode 100644 index a81b2eb..0000000 --- a/_disabled/camtiler/README.md +++ /dev/null @@ -1,87 +0,0 @@ -# Cameras -Camtiler is the umbrella name for our homegrown camera surveilance system. - -Everything besides [Camera](#camera)s is deployed with Kubernetes. - -## Components -![cameras.graphviz.svg](cameras.graphviz.svg) - - -### 📸 Camera -Cameras are listed in [application.yml](application.yml) as `kind: Camera`. - -Two types of camera hosts: -- GL-AR150 with [openwrt-camera-images](https://git.k-space.ee/k-space/openwrt-camera-image). -- [Doors](https://wiki.k-space.ee/e/en/hosting/doors) (Raspberry Pi) with mjpg-streamer. - -### camera-tiler (cam.k-space.ee/tiled) -Out-of-bound, connects to cameras and streams to web browser. - -One instance per every camera - -#### camera-operator -Functionally the same as a kubernetes deployment for camera-tiler. - -Operator/deployer for camera-tiler. - -### camera-motion-detect -Connects to cameras, on motion writes events to Mongo and frames to S3. - -### cam.k-space.ee (logmower) -Fetches motion-detect events from mongo. Fetches referenced images from S3 (minio). - -#### camtiler-event-broker -MitM between motion-detect -> mongo. Appends S3 URLs to the response. - -## Kubernetes commands -Apply changes: -``` -kubectl apply -n camtiler \ - -f application.yml \ - -f minio.yml \ - -f mongoexpress.yml \ - -f mongodb-support.yml \ - -f camera-tiler.yml \ - -f logmower.yml \ - -f ingress.yml \ - -f network-policies.yml \ - -f networkpolicy-base.yml -``` - -Deploy changes: -``` -kubectl -n camtiler rollout restart deployment.apps/camtiler -``` - -Initialize secrets: -``` -kubectl create secret generic -n camtiler mongodb-application-readwrite-password --from-literal="password=$(cat /dev/urandom | base64 | head -c 30)" -kubectl create secret generic -n camtiler mongodb-application-readonly-password --from-literal="password=$(cat /dev/urandom | base64 | head -c 30)" -kubectl create secret generic -n camtiler minio-secrets \ - --from-literal="MINIO_ROOT_USER=root" \ - --from-literal="MINIO_ROOT_PASSWORD=$(cat /dev/urandom | base64 | head -c 30)" -kubectl -n camtiler create secret generic camera-secrets \ - --from-literal=username=... \ - --from-literal=password=... -``` - -Restart all deployments: -``` -for j in $(kubectl get deployments -n camtiler -o name); do kubectl rollout restart -n camtiler $j; done -``` diff --git a/_disabled/camtiler/application.yml b/_disabled/camtiler/application.yml deleted file mode 100644 index a665300..0000000 --- a/_disabled/camtiler/application.yml +++ /dev/null @@ -1,356 +0,0 @@ ---- -apiVersion: codemowers.cloud/v1beta1 -kind: MinioBucketClaim -metadata: - name: camtiler -spec: - capacity: 150Gi - class: dedicated ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: cams.k-space.ee -spec: - group: k-space.ee - names: - plural: cams - singular: cam - kind: Camera - shortNames: - - cam - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - roi: - type: object - description: Region of interest for this camera - properties: - threshold: - type: integer - description: Percentage of pixels changed within ROI to - consider whole frame to have motion detected. - Defaults to 5. - enabled: - type: boolean - description: Whether motion detection is enabled for this - camera. Defaults to false. - left: - type: integer - description: Left boundary of ROI as - percentage of the width of a frame. - By default 0. - right: - type: integer - description: Right boundary of ROI as - percentage of the width of a frame. - By default 100. - top: - type: integer - description: Top boundary of ROI as - percentage of the height of a frame - By deafault 0. - bottom: - type: integer - description: Bottom boundary of ROI as - percentage of the height of a frame. - By default 100. - secretRef: - type: string - description: Secret that contains authentication credentials - target: - type: string - description: URL of the video feed stream - replicas: - type: integer - minimum: 1 - maximum: 2 - description: For highly available deployment set this to 2 or - higher. Make sure you also run Mongo and Minio in HA - configurations - required: ["target"] - required: ["spec"] ---- -apiVersion: codemowers.io/v1alpha1 -kind: ClusterOperator -metadata: - name: camera -spec: - resource: - group: k-space.ee - version: v1alpha1 - plural: cams - secret: - enabled: false - services: - - apiVersion: v1 - kind: Service - metadata: - name: foobar - labels: - app.kubernetes.io/name: foobar - component: camera-motion-detect - spec: - type: ClusterIP - selector: - app.kubernetes.io/name: foobar - component: camera-motion-detect - ports: - - protocol: TCP - port: 80 - targetPort: 5000 - deployments: - - apiVersion: apps/v1 - kind: Deployment - metadata: - name: camera-foobar - spec: - revisionHistoryLimit: 0 - replicas: 1 - - strategy: - type: RollingUpdate - rollingUpdate: - # Swap following two with replicas: 2 - maxSurge: 1 - maxUnavailable: 0 - selector: - matchLabels: - app.kubernetes.io/name: foobar - template: - metadata: - labels: - app.kubernetes.io/name: foobar - component: camera-motion-detect - spec: - containers: - - name: camera-motion-detect - image: harbor.k-space.ee/k-space/camera-motion-detect:latest - starupProbe: - httpGet: - path: /healthz - port: 5000 - initialDelaySeconds: 2 - periodSeconds: 180 - timeoutSeconds: 60 - readinessProbe: - httpGet: - path: /readyz - port: 5000 - initialDelaySeconds: 60 - periodSeconds: 60 - timeoutSeconds: 5 - ports: - - containerPort: 5000 - name: "http" - resources: - requests: - memory: "64Mi" - cpu: "200m" - limits: - memory: "256Mi" - cpu: "4000m" - securityContext: - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - command: - - /app/camdetect.py - - http://user@foobar.cam.k-space.ee:8080/?action=stream - env: - - name: SOURCE_NAME - value: foobar - - name: S3_BUCKET_NAME - valueFrom: - secretKeyRef: - name: miniobucket-camtiler-owner-secrets - key: BUCKET_NAME - - name: S3_ENDPOINT_URL - valueFrom: - secretKeyRef: - name: miniobucket-camtiler-owner-secrets - key: AWS_S3_ENDPOINT_URL - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: miniobucket-camtiler-owner-secrets - key: AWS_SECRET_ACCESS_KEY - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: miniobucket-camtiler-owner-secrets - key: AWS_ACCESS_KEY_ID - - name: BASIC_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: camera-secrets - key: password - - name: MONGO_URI - valueFrom: - secretKeyRef: - name: mongodb-application-readwrite - key: connectionString.standard - - # Make sure 2+ pods of same camera are scheduled on different hosts - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - foobar - topologyKey: topology.kubernetes.io/zone - - # Make sure camera deployments are spread over workers - topologySpreadConstraints: - - maxSkew: 1 - topologyKey: topology.kubernetes.io/zone - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - app.kubernetes.io/name: foobar - component: camera-motion-detect ---- -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: cameras -spec: - groups: - - name: cameras - rules: - - alert: CameraLost - expr: rate(camtiler_frames_total{stage="downloaded"}[1m]) < 1 - for: 2m - labels: - severity: warning - annotations: - summary: Camera feed stopped - - alert: CameraServerRoomMotion - expr: rate(camtiler_events_total{app_kubernetes_io_name="server-room"}[30m]) > 0 - for: 1m - labels: - severity: warning - annotations: - summary: Motion was detected in server room - - alert: CameraSlowUploads - expr: camtiler_queue_frames{stage="upload"} > 10 - for: 5m - labels: - severity: warning - annotations: - summary: Motion detect snapshots are piling up and - not getting uploaded to S3 - - alert: CameraSlowProcessing - expr: camtiler_queue_frames{stage="download"} > 10 - for: 5m - labels: - severity: warning - annotations: - summary: Motion detection processing pipeline is not keeping up - with incoming frames - - alert: CameraResourcesThrottled - expr: sum by (pod) (rate(container_cpu_cfs_throttled_periods_total{namespace="camtiler"}[1m])) > 0 - for: 5m - labels: - severity: warning - annotations: - summary: CPU limits are bottleneck ---- -# Referenced/linked by README.md -apiVersion: k-space.ee/v1alpha1 -kind: Camera -metadata: - name: workshop -spec: - target: http://user@workshop.cam.k-space.ee:8080/?action=stream - secretRef: camera-secrets - replicas: 1 ---- -apiVersion: k-space.ee/v1alpha1 -kind: Camera -metadata: - name: server-room -spec: - target: http://user@server-room.cam.k-space.ee:8080/?action=stream - secretRef: camera-secrets - replicas: 2 ---- -apiVersion: k-space.ee/v1alpha1 -kind: Camera -metadata: - name: printer -spec: - target: http://user@printer.cam.k-space.ee:8080/?action=stream - secretRef: camera-secrets - replicas: 1 ---- -apiVersion: k-space.ee/v1alpha1 -kind: Camera -metadata: - name: chaos -spec: - target: http://user@chaos.cam.k-space.ee:8080/?action=stream - secretRef: camera-secrets - replicas: 1 ---- -apiVersion: k-space.ee/v1alpha1 -kind: Camera -metadata: - name: cyber -spec: - target: http://user@cyber.cam.k-space.ee:8080/?action=stream - secretRef: camera-secrets - replicas: 1 ---- -apiVersion: k-space.ee/v1alpha1 -kind: Camera -metadata: - name: kitchen -spec: - target: http://user@kitchen.cam.k-space.ee:8080/?action=stream - secretRef: camera-secrets - replicas: 1 ---- -apiVersion: k-space.ee/v1alpha1 -kind: Camera -metadata: - name: back-door -spec: - target: http://user@100.102.3.3:8080/?action=stream - secretRef: camera-secrets - replicas: 1 ---- -apiVersion: k-space.ee/v1alpha1 -kind: Camera -metadata: - name: ground-door -spec: - target: http://user@100.102.3.1:8080/?action=stream - secretRef: camera-secrets - replicas: 1 ---- -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: camera-motion-detect -spec: - selector: - matchLabels: - component: camera-motion-detect - podMetricsEndpoints: - - port: http - podTargetLabels: - - app.kubernetes.io/name - - component diff --git a/_disabled/camtiler/argo_applications_camtiler.yaml b/_disabled/camtiler/argo_applications_camtiler.yaml deleted file mode 100644 index 208d193..0000000 --- a/_disabled/camtiler/argo_applications_camtiler.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: camtiler - namespace: argocd -spec: - project: k-space.ee - source: - repoURL: 'git@git.k-space.ee:k-space/kube.git' - path: camtiler - targetRevision: HEAD - destination: - server: 'https://kubernetes.default.svc' - namespace: camtiler diff --git a/_disabled/camtiler/camera-tiler.yml b/_disabled/camtiler/camera-tiler.yml deleted file mode 100644 index 6bb5b49..0000000 --- a/_disabled/camtiler/camera-tiler.yml +++ /dev/null @@ -1,98 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: camera-tiler - annotations: - keel.sh/policy: force - keel.sh/trigger: poll -spec: - revisionHistoryLimit: 0 - replicas: 2 - selector: - matchLabels: &selectorLabels - app.kubernetes.io/name: camtiler - component: camera-tiler - template: - metadata: - labels: *selectorLabels - spec: - serviceAccountName: camera-tiler - containers: - - name: camera-tiler - image: harbor.k-space.ee/k-space/camera-tiler:latest - securityContext: - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - ports: - - containerPort: 5001 - name: "http" - resources: - requests: - memory: "200Mi" - cpu: "100m" - limits: - memory: "500Mi" - cpu: "4000m" ---- -apiVersion: v1 -kind: Service -metadata: - name: camera-tiler - labels: - app.kubernetes.io/name: camtiler - component: camera-tiler -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: camtiler - component: camera-tiler - ports: - - protocol: TCP - port: 5001 ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: camera-tiler ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camera-tiler -rules: - - apiGroups: - - "" - resources: - - services - verbs: - - list ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camera-tiler -subjects: - - kind: ServiceAccount - name: camera-tiler - apiGroup: "" -roleRef: - kind: Role - name: camera-tiler - apiGroup: "" ---- -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: camtiler -spec: - selector: - matchLabels: - app.kubernetes.io/name: camtiler - component: camera-tiler - podMetricsEndpoints: - - port: http - podTargetLabels: - - app.kubernetes.io/name - - component diff --git a/_disabled/camtiler/cameras.graphviz.svg b/_disabled/camtiler/cameras.graphviz.svg deleted file mode 100644 index ce939e2..0000000 --- a/_disabled/camtiler/cameras.graphviz.svg +++ /dev/null @@ -1,131 +0,0 @@ - - - - - - -G - - - -camera-operator - -camera-operator - - - -camera-motion-detect - -camera-motion-detect - - - -camera-operator->camera-motion-detect - - -deploys - - - -mongo - -mongo - - - -camera-motion-detect->mongo - - - - - -Minio S3 - -Minio S3 - - - -camera-motion-detect->Minio S3 - - - - - -camera-tiler - -camera-tiler - - - -cam.k-space.ee/tiled - -cam.k-space.ee/tiled - - - -camera-tiler->cam.k-space.ee/tiled - - - - - -camera - -📸 camera - - - -camera->camera-motion-detect - - - - - -camera->camera-tiler - - - - - -camtiler-event-broker - -camtiler-event-broker - - - -mongo->camtiler-event-broker - - -transforms object to add (signed) URL to S3 - - - -cam.k-space.ee - -cam.k-space.ee - - - -Minio S3->cam.k-space.ee - - -using signed URL from camtiler-event-broker - - - - -cam.k-space.ee->mongo - - -queries events - - - - -camtiler-event-broker->cam.k-space.ee - - - - - \ No newline at end of file diff --git a/_disabled/camtiler/ingress.yml b/_disabled/camtiler/ingress.yml deleted file mode 100644 index cf192d6..0000000 --- a/_disabled/camtiler/ingress.yml +++ /dev/null @@ -1,85 +0,0 @@ ---- -apiVersion: codemowers.cloud/v1beta1 -kind: OIDCMiddlewareClient -metadata: - name: sso -spec: - displayName: Cameras - uri: 'https://cam.k-space.ee/tiled' - allowedGroups: - - k-space:floor - - k-space:friends ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: camtiler - annotations: - kubernetes.io/ingress.class: traefik - traefik.ingress.kubernetes.io/router.entrypoints: websecure - traefik.ingress.kubernetes.io/router.middlewares: camtiler-sso@kubernetescrd - traefik.ingress.kubernetes.io/router.tls: "true" - external-dns.alpha.kubernetes.io/target: traefik.k-space.ee - external-dns.alpha.kubernetes.io/hostname: cams.k-space.ee,cam.k-space.ee -spec: - rules: - - host: cam.k-space.ee - http: - paths: - - pathType: Prefix - path: "/tiled" - backend: - service: - name: camera-tiler - port: - number: 5001 - - pathType: Prefix - path: "/m" - backend: - service: - name: camera-tiler - port: - number: 5001 - - pathType: Prefix - path: "/events" - backend: - service: - name: logmower-eventsource - port: - number: 3002 - - pathType: Prefix - path: "/" - backend: - service: - name: logmower-frontend - port: - number: 8080 - tls: - - hosts: - - "*.k-space.ee" ---- -apiVersion: traefik.io/v1alpha1 -kind: Middleware -metadata: - name: cams-redirect -spec: - redirectRegex: - regex: ^https://cams.k-space.ee/(.*)$ - replacement: https://cam.k-space.ee/$1 - permanent: true ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: cams -spec: - entryPoints: - - websecure - routes: - - match: Host(`cams.k-space.ee`) - kind: Rule - middlewares: - - name: cams-redirect - services: - - kind: TraefikService - name: api@internal diff --git a/_disabled/camtiler/logmower.yml b/_disabled/camtiler/logmower.yml deleted file mode 100644 index d0d6b1f..0000000 --- a/_disabled/camtiler/logmower.yml +++ /dev/null @@ -1,182 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: logmower-eventsource -spec: - revisionHistoryLimit: 0 - replicas: 2 - selector: - matchLabels: &selectorLabels - app.kubernetes.io/name: camtiler - component: logmower-eventsource - template: - metadata: - labels: *selectorLabels - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - camtiler - - key: component - operator: In - values: - - logmower-eventsource - topologyKey: topology.kubernetes.io/zone - nodeSelector: - dedicated: storage - tolerations: - - key: dedicated - operator: Equal - value: storage - effect: NoSchedule - containers: - - name: logmower-eventsource - image: harbor.k-space.ee/k-space/logmower-eventsource - ports: - - containerPort: 3002 - name: nodejs - env: - - name: MONGO_COLLECTION - value: eventlog - - name: MONGODB_HOST - valueFrom: - secretKeyRef: - name: mongodb-application-readonly - key: connectionString.standard - - name: BACKEND - value: 'camtiler' - - name: BACKEND_BROKER_URL - value: 'http://logmower-event-broker' ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: logmower-event-broker -spec: - revisionHistoryLimit: 0 - replicas: 2 - selector: - matchLabels: &selectorLabels - app.kubernetes.io/name: camtiler - component: logmower-event-broker - template: - metadata: - labels: *selectorLabels - spec: - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - camtiler - - key: component - operator: In - values: - - logmower-event-broker - topologyKey: topology.kubernetes.io/zone - nodeSelector: - dedicated: storage - tolerations: - - key: dedicated - operator: Equal - value: storage - effect: NoSchedule - containers: - - name: logmower-event-broker - image: harbor.k-space.ee/k-space/camera-event-broker - ports: - - containerPort: 3000 - env: - - name: MINIO_BUCKET - valueFrom: - secretKeyRef: - name: miniobucket-camtiler-owner-secrets - key: BUCKET_NAME - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: miniobucket-camtiler-owner-secrets - key: AWS_SECRET_ACCESS_KEY - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: miniobucket-camtiler-owner-secrets - key: AWS_ACCESS_KEY_ID - - name: MINIO_HOSTNAME - value: 'dedicated-5ee6428f-4cb5-4c2e-90b5-364668f515c2.minio-clusters.k-space.ee' - - name: MINIO_PORT - value: '443' - - name: MINIO_SCHEMA - value: 'https' ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: logmower-frontend -spec: - revisionHistoryLimit: 0 - replicas: 2 - selector: - matchLabels: &selectorLabels - app.kubernetes.io/name: camtiler - component: logmower-frontend - template: - metadata: - labels: *selectorLabels - spec: - containers: - - name: logmower-frontend - image: harbor.k-space.ee/k-space/logmower-frontend - ports: - - containerPort: 8080 - name: http - ---- -apiVersion: v1 -kind: Service -metadata: - name: logmower-frontend -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: camtiler - component: logmower-frontend - ports: - - protocol: TCP - port: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - name: logmower-eventsource -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: camtiler - component: logmower-eventsource - ports: - - protocol: TCP - port: 3002 ---- -apiVersion: v1 -kind: Service -metadata: - name: logmower-event-broker -spec: - type: ClusterIP - selector: - app.kubernetes.io/name: camtiler - component: logmower-event-broker - ports: - - protocol: TCP - port: 80 - targetPort: 3000 diff --git a/_disabled/camtiler/mongodb-support.yml b/_disabled/camtiler/mongodb-support.yml deleted file mode 120000 index e834dd2..0000000 --- a/_disabled/camtiler/mongodb-support.yml +++ /dev/null @@ -1 +0,0 @@ -../mongodb-operator/mongodb-support.yml \ No newline at end of file diff --git a/_disabled/camtiler/mongodb.yml b/_disabled/camtiler/mongodb.yml deleted file mode 100644 index 591ed13..0000000 --- a/_disabled/camtiler/mongodb.yml +++ /dev/null @@ -1,110 +0,0 @@ ---- -apiVersion: mongodbcommunity.mongodb.com/v1 -kind: MongoDBCommunity -metadata: - name: mongodb -spec: - agent: - logLevel: ERROR - maxLogFileDurationHours: 1 - additionalMongodConfig: - systemLog: - quiet: true - members: 2 - arbiters: 1 - type: ReplicaSet - version: "6.0.3" - security: - authentication: - modes: ["SCRAM"] - users: - - name: readwrite - db: application - passwordSecretRef: - name: mongodb-application-readwrite-password - roles: - - name: readWrite - db: application - scramCredentialsSecretName: mongodb-application-readwrite - - name: readonly - db: application - passwordSecretRef: - name: mongodb-application-readonly-password - roles: - - name: read - db: application - scramCredentialsSecretName: mongodb-application-readonly - statefulSet: - spec: - logLevel: WARN - template: - spec: - containers: - - name: mongod - resources: - requests: - cpu: 100m - memory: 512Mi - limits: - cpu: 500m - memory: 1Gi - volumeMounts: - - name: journal-volume - mountPath: /data/journal - - name: mongodb-agent - resources: - requests: - cpu: 1m - memory: 100Mi - limits: {} - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - mongodb-svc - topologyKey: topology.kubernetes.io/zone - nodeSelector: - dedicated: storage - tolerations: - - key: dedicated - operator: Equal - value: storage - effect: NoSchedule - volumeClaimTemplates: - - metadata: - name: logs-volume - labels: - usecase: logs - spec: - storageClassName: mongo - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi - - metadata: - name: journal-volume - labels: - usecase: journal - spec: - storageClassName: mongo - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - - metadata: - name: data-volume - labels: - usecase: data - spec: - storageClassName: mongo - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi diff --git a/_disabled/camtiler/mongoexpress.yml b/_disabled/camtiler/mongoexpress.yml deleted file mode 120000 index ebf5773..0000000 --- a/_disabled/camtiler/mongoexpress.yml +++ /dev/null @@ -1 +0,0 @@ -../shared/mongoexpress.yml \ No newline at end of file diff --git a/_disabled/camtiler/network-policies.yml b/_disabled/camtiler/network-policies.yml deleted file mode 100644 index 1bae6c7..0000000 --- a/_disabled/camtiler/network-policies.yml +++ /dev/null @@ -1,195 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: camera-motion-detect -spec: - podSelector: - matchLabels: - component: camera-motion-detect - policyTypes: - - Ingress -# - Egress # Something wrong with using minio-clusters as namespaceSelector. - ingress: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: camtiler - component: camera-tiler - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: monitoring - podSelector: - matchLabels: - app.kubernetes.io/name: prometheus - egress: - - to: - - ipBlock: - # Permit access to cameras outside the cluster - cidr: 100.102.0.0/16 - - to: - - podSelector: - matchLabels: - app: mongodb-svc - ports: - - port: 27017 - - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: minio - ports: - - port: 9000 ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: camera-tiler -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: camtiler - component: camera-tiler - policyTypes: - - Ingress - - Egress - egress: - - to: - - podSelector: - matchLabels: - component: camera-motion-detect - ports: - - port: 5000 - ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: monitoring - podSelector: - matchLabels: - app.kubernetes.io/name: prometheus - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: traefik - podSelector: - matchLabels: - app.kubernetes.io/name: traefik ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: logmower-eventsource -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: camtiler - component: logmower-eventsource - policyTypes: - - Ingress -# - Egress # Something wrong with using mongodb-svc as podSelector. - egress: - - to: - - podSelector: - matchLabels: - app: mongodb-svc - - podSelector: - matchLabels: - component: logmower-event-broker - ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: traefik - podSelector: - matchLabels: - app.kubernetes.io/name: traefik ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: logmower-event-broker -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: camtiler - component: logmower-event-broker - policyTypes: - - Ingress - - Egress - egress: - - to: - # Minio access via Traefik's public endpoint - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: traefik - podSelector: - matchLabels: - app.kubernetes.io/name: traefik - ingress: - - from: - - podSelector: - matchLabels: - component: logmower-eventsource ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: logmower-frontend -spec: - podSelector: - matchLabels: - app.kubernetes.io/name: camtiler - component: logmower-frontend - policyTypes: - - Ingress - - Egress - ingress: - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: traefik - podSelector: - matchLabels: - app.kubernetes.io/name: traefik ---- -# Config drift: Added by ArgoCD -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: minio -spec: - egress: - - ports: - - port: http - protocol: TCP - to: - - podSelector: - matchLabels: - app.kubernetes.io/name: minio - ingress: - - from: - - podSelector: {} - ports: - - port: http - protocol: TCP - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: traefik - podSelector: - matchLabels: - app.kubernetes.io/name: traefik - - from: - - namespaceSelector: - matchLabels: - kubernetes.io/metadata.name: monitoring - podSelector: - matchLabels: - app.kubernetes.io/name: prometheus - podSelector: - matchLabels: - app.kubernetes.io/name: minio - policyTypes: - - Ingress - - Egress diff --git a/_disabled/camtiler/networkpolicy-base.yml b/_disabled/camtiler/networkpolicy-base.yml deleted file mode 120000 index e84a698..0000000 --- a/_disabled/camtiler/networkpolicy-base.yml +++ /dev/null @@ -1 +0,0 @@ -../shared/networkpolicy-base.yml \ No newline at end of file diff --git a/frigate/README.md b/frigate/README.md index 8553c20..b71ad22 100644 --- a/frigate/README.md +++ b/frigate/README.md @@ -1,10 +1,16 @@ # Frigate -# Deployment +## Deployment With ArgoCD. Render it locally: ```sh kustomize build . --enable-helm ``` +## Cameras + +- GL-AR150 with [openwrt-camera-images](https://git.k-space.ee/k-space/openwrt-camera-image) (USB cameras). +- [Doors](https://wiki.k-space.ee/e/en/hosting/doors) (Raspberry Pi) with mjpg-streamer (USB cameras). +- Amcrest 5MP Turret PoE Outdoor IP Camera with Mic/Audio, 98ft NightVision, 132° FOV, MicroSD (256GB) IP5M-T1179EW-AI-V3 white + Cameras are enumerated (with credentials) in secretspace.