add frigate

frigate/README.md

@@ -0,0 +1,4 @@
+```
+helm repo add blakeblackshear https://blakeblackshear.github.io/blakeshome-charts/
+helm template -n frigate --release-name frigate blakeblackshear/frigate --include-crds -f values.yaml > application.yml
+```

frigate/application.yml

@@ -0,0 +1,283 @@
+---
+# Source: frigate/templates/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: frigate
+  namespace: frigate
+  labels:
+    app.kubernetes.io/name: frigate
+    helm.sh/chart: frigate-7.6.0
+    app.kubernetes.io/instance: frigate
+    app.kubernetes.io/managed-by: Helm
+data:
+  config.yml: |
+    mqtt:
+      host: frigate-mqtt
+      port: 1883
+      topic_prefix: frigate
+      client_id: frigate
+      user: '{FRIGATE_MQTT_USERNAME}'
+      password: '{FRIGATE_MQTT_PASSWORD}'
+      stats_interval: 60
+    
+    detectors:
+      # coral:
+      #   type: edgetpu
+      #   device: usb
+      cpu1:
+        type: cpu
+    
+    go2rtc:
+      streams:
+        server_room: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.2:8080/?action=stream#video=h264"
+        chaos: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.3:8080/?action=stream#video=h264"
+        cyber: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.8:8080/?action=stream#video=h264"
+        workshop: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.10:8080/?action=stream#video=h264"                  
+    
+    cameras:
+       server_room: 
+         ffmpeg:
+           inputs:
+             - path: rtsp://127.0.0.1:8554/server_room
+               roles:
+                 - detect
+                 - rtmp
+                 - record
+       chaos: 
+         ffmpeg:
+           inputs:
+             - path: rtsp://127.0.0.1:8554/chaos
+               roles:
+                 - detect
+                 - rtmp
+                 - record
+       cyber: 
+         ffmpeg:
+           inputs:
+             - path: rtsp://127.0.0.1:8554/cyber
+               roles:
+                 - detect
+                 - rtmp
+                 - record
+       workshop: 
+         ffmpeg:
+           inputs:
+             - path: rtsp://127.0.0.1:8554/workshop
+               roles:
+                 - detect
+                 - rtmp
+                 - record
+---
+# Source: frigate/templates/config-pvc.yaml
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: frigate-config
+  labels:
+    app.kubernetes.io/name: frigate
+    helm.sh/chart: frigate-7.6.0
+    app.kubernetes.io/instance: frigate
+    app.kubernetes.io/managed-by: Helm
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  resources:
+    requests:
+      storage: "100Mi"
+  storageClassName: "frigate-config"
+---
+# Source: frigate/templates/media-pvc.yaml
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: frigate-media
+  labels:
+    app.kubernetes.io/name: frigate
+    helm.sh/chart: frigate-7.6.0
+    app.kubernetes.io/instance: frigate
+    app.kubernetes.io/managed-by: Helm
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  resources:
+    requests:
+      storage: "100Gi"
+  storageClassName: "frigate-data"
+---
+# Source: frigate/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: frigate
+  labels:
+    app.kubernetes.io/name: frigate
+    helm.sh/chart: frigate-7.6.0
+    app.kubernetes.io/instance: frigate
+    app.kubernetes.io/version: "0.14.0"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ipFamilyPolicy: SingleStack
+  ports:
+    - name: http
+      port: 5000
+      protocol: TCP
+      targetPort: http
+
+    - name: http-auth
+      port: 8971
+      protocol: TCP
+      targetPort: http-auth
+    - name: rtmp
+      port: 1935
+      protocol: TCP
+      targetPort: rtmp
+
+    - name: rtsp
+      port: 8554
+      protocol: TCP
+      targetPort: rtsp
+      
+  selector:
+    app.kubernetes.io/name: frigate
+    app.kubernetes.io/instance: frigate
+---
+# Source: frigate/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frigate
+  labels:
+    app.kubernetes.io/name: frigate
+    helm.sh/chart: frigate-7.6.0
+    app.kubernetes.io/instance: frigate
+    app.kubernetes.io/version: "0.14.0"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  replicas: 1
+  revisionHistoryLimit: 3
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: frigate
+      app.kubernetes.io/instance: frigate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: frigate
+        app.kubernetes.io/instance: frigate
+      annotations:
+        checksum/configmap: 80913561aaed42918e40c6c5e154c53747edaec0aa33f1cca2b3a43115815cb4
+    spec:
+      containers:
+        - name: frigate
+          image: "ghcr.io/blakeblackshear/frigate:0.14.0"
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            {}
+          ports:
+            - name: http
+              containerPort: 5000
+              protocol: TCP
+            - name: http-auth 
+              containerPort: 8971
+              protocol: TCP
+            - name: rtmp
+              containerPort: 1935
+              protocol: TCP
+            - name: rtsp
+              containerPort: 8554
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+              scheme: HTTP
+            initialDelaySeconds: 30
+            failureThreshold: 5
+            timeoutSeconds: 10
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+              scheme: HTTP
+            initialDelaySeconds: 30
+            failureThreshold: 5
+            timeoutSeconds: 10
+          env:
+          envFrom:
+            - secretRef:
+                name: frigate-rstp-credentials
+            - secretRef:
+                name: frigate-mqtt-credentials
+          volumeMounts:
+            - mountPath: /config/config.yml
+              subPath: config.yml
+              name: configmap
+            - mountPath: /config
+              name: config
+            - mountPath: /data
+              name: data
+            - mountPath: /media
+              name: media
+            - name: dshm
+              mountPath: /dev/shm
+            - name: tmp
+              mountPath: /tmp
+          resources:
+            {}
+      volumes:
+        - name: configmap
+          configMap:
+            name: frigate
+        - name: config
+          persistentVolumeClaim:
+            claimName: frigate-config
+        - name: data
+          emptyDir: {}
+        - name: media
+          persistentVolumeClaim:
+            claimName: frigate-media
+        - name: dshm
+          emptyDir:
+            medium: Memory
+            sizeLimit: 4Gi
+        - name: tmp
+          emptyDir:
+            medium: Memory
+            sizeLimit: 4Gi
+---
+# Source: frigate/templates/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: frigate
+  labels:
+    app.kubernetes.io/name: frigate
+    helm.sh/chart: frigate-7.6.0
+    app.kubernetes.io/instance: frigate
+    app.kubernetes.io/version: "0.14.0"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.middlewares: frigate-frigate@kubernetescrd
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  tls:
+    - hosts:
+        - "*.k-space.ee"
+      secretName: 
+  rules:
+    - host: "frigate.k-space.ee"
+      http:
+        paths:
+          - path: /
+            pathType: "ImplementationSpecific"
+            backend:
+              service:
+                name: frigate
+                port:
+                  name: http

frigate/auth.yml

@@ -0,0 +1,10 @@
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: OIDCMiddlewareClient
+metadata:
+  name: frigate
+spec:
+  displayName: Frigate
+  uri: 'https://frigate.k-space.ee/'
+  allowedGroups:
+    - k-space:legalmember

frigate/rabbitmq.yml

@@ -0,0 +1,12 @@
+apiVersion: rabbitmq.com/v1beta1
+kind: RabbitmqCluster
+metadata:
+  name: frigate-mqtt
+spec:  
+  replicas: 3
+  persistence:
+    storageClassName: rabbitmq
+    storage: 10Gi  
+  rabbitmq:
+    additionalPlugins:
+      - rabbitmq_mqtt

frigate/storage-class.yml

@@ -0,0 +1,28 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: frigate-config
+provisioner: csi.proxmox.sinextra.dev
+parameters:
+  cache: none
+  csi.storage.k8s.io/fstype: xfs
+  ssd: 'true'
+  storage: ks-pvs
+reclaimPolicy: Retain
+allowVolumeExpansion: true
+volumeBindingMode: WaitForFirstConsumer
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: frigate-data
+provisioner: csi.proxmox.sinextra.dev
+parameters:
+  cache: none
+  csi.storage.k8s.io/fstype: xfs
+  shared: 'true'
+  ssd: 'false'
+  storage: ks-pvs-nas
+reclaimPolicy: Delete
+allowVolumeExpansion: true
+volumeBindingMode: WaitForFirstConsumer

frigate/values.yaml

@@ -0,0 +1,166 @@
+# Default values for frigate.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# -- upgrade strategy type (e.g. Recreate or RollingUpdate)
+strategyType: Recreate
+
+image:
+  # -- Docker registry/repository to pull the image from
+  repository: ghcr.io/blakeblackshear/frigate
+  # -- Overrides the default tag (appVersion) used in Chart.yaml ([Docker Hub](https://hub.docker.com/r/blakeblackshear/frigate/tags?page=1))
+  tag:
+  # -- Docker image pull policy
+  pullPolicy: IfNotPresent
+
+# -- Docker image pull policy
+imagePullSecrets: []
+
+# -- additional ENV variables to set. Prefix with FRIGATE_ to target Frigate configuration values
+env: {}
+  # TZ: UTC
+
+# -- set environment variables from Secret(s)
+envFromSecrets:
+  # secrets are required before `helm install`
+  - frigate-rstp-credentials
+  - frigate-mqtt-credentials
+
+coral:
+  # -- enables the use of a Coral device
+  enabled: false
+  # -- path on the host to which to mount the Coral device
+  hostPath: /dev/bus/usb
+
+gpu:
+  nvidia:
+    # -- Enables NVIDIA GPU compatibility. Must also use the "amd64nvidia" tagged image
+    enabled: false
+
+    # -- Overrides the default runtimeClassName
+    runtimeClassName:
+
+# -- amount of shared memory to use for caching
+shmSize: 4Gi
+
+# -- use memory for tmpfs (mounted to /tmp)
+tmpfs:
+  enabled: true
+  sizeLimit: 4Gi
+
+# -- frigate configuration - see [Docs](https://docs.frigate.video/configuration/index) for more info
+config: |
+  mqtt:
+    host: frigate-mqtt
+    port: 1883
+    topic_prefix: frigate
+    client_id: frigate
+    user: '{FRIGATE_MQTT_USERNAME}'
+    password: '{FRIGATE_MQTT_PASSWORD}'
+    stats_interval: 60
+
+  detectors:
+    # coral:
+    #   type: edgetpu
+    #   device: usb
+    cpu1:
+      type: cpu
+
+  go2rtc:
+    streams:
+      server_room: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.2:8080/?action=stream#video=h264"
+      chaos: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.3:8080/?action=stream#video=h264"
+      cyber: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.8:8080/?action=stream#video=h264"
+      workshop: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.10:8080/?action=stream#video=h264"                  
+
+  cameras:
+     server_room: 
+       ffmpeg:
+         inputs:
+           - path: rtsp://127.0.0.1:8554/server_room
+             roles:
+               - detect
+               - rtmp
+               - record
+     chaos: 
+       ffmpeg:
+         inputs:
+           - path: rtsp://127.0.0.1:8554/chaos
+             roles:
+               - detect
+               - rtmp
+               - record
+     cyber: 
+       ffmpeg:
+         inputs:
+           - path: rtsp://127.0.0.1:8554/cyber
+             roles:
+               - detect
+               - rtmp
+               - record
+     workshop: 
+       ffmpeg:
+         inputs:
+           - path: rtsp://127.0.0.1:8554/workshop
+             roles:
+               - detect
+               - rtmp
+               - record                              
+
+# Probes configuration
+probes:
+  liveness:
+    enabled: true
+    initialDelaySeconds: 30
+    failureThreshold: 5
+    timeoutSeconds: 10
+  readiness:
+    enabled: true
+    initialDelaySeconds: 30
+    failureThreshold: 5
+    timeoutSeconds: 10
+  startup:
+    enabled: false
+    failureThreshold: 30
+    periodSeconds: 10
+
+service:
+  type: ClusterIP
+  port: 5000
+  annotations: {}
+  labels: {}
+  loadBalancerIP:
+  ipFamilyPolicy: SingleStack
+  ipFamilies: []
+
+
+ingress:
+  enabled: true
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
+    traefik.ingress.kubernetes.io/router.middlewares: frigate-frigate@kubernetescrd
+  hosts:
+    - host: frigate.k-space.ee
+      paths:
+        - path: '/'
+          portName: http
+  tls:
+    - hosts:
+      - "*.k-space.ee"  
+
+persistence:
+  config:
+    enabled: true
+    storageClass: "frigate-config"
+    accessMode: ReadWriteOnce
+    size: 100Mi
+    skipuninstall: false
+
+  media:
+    enabled: true
+    storageClass: "frigate-data"
+    accessMode: ReadWriteOnce
+    size: 100Gi
+    skipuninstall: false