diff --git a/frigate/README.md b/frigate/README.md new file mode 100644 index 0000000..00ee145 --- /dev/null +++ b/frigate/README.md @@ -0,0 +1,4 @@ +``` +helm repo add blakeblackshear https://blakeblackshear.github.io/blakeshome-charts/ +helm template -n frigate --release-name frigate blakeblackshear/frigate --include-crds -f values.yaml > application.yml +``` \ No newline at end of file diff --git a/frigate/application.yml b/frigate/application.yml new file mode 100644 index 0000000..da37b5a --- /dev/null +++ b/frigate/application.yml @@ -0,0 +1,283 @@ +--- +# Source: frigate/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: frigate + namespace: frigate + labels: + app.kubernetes.io/name: frigate + helm.sh/chart: frigate-7.6.0 + app.kubernetes.io/instance: frigate + app.kubernetes.io/managed-by: Helm +data: + config.yml: | + mqtt: + host: frigate-mqtt + port: 1883 + topic_prefix: frigate + client_id: frigate + user: '{FRIGATE_MQTT_USERNAME}' + password: '{FRIGATE_MQTT_PASSWORD}' + stats_interval: 60 + + detectors: + # coral: + # type: edgetpu + # device: usb + cpu1: + type: cpu + + go2rtc: + streams: + server_room: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.2:8080/?action=stream#video=h264" + chaos: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.3:8080/?action=stream#video=h264" + cyber: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.8:8080/?action=stream#video=h264" + workshop: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.10:8080/?action=stream#video=h264" + + cameras: + server_room: + ffmpeg: + inputs: + - path: rtsp://127.0.0.1:8554/server_room + roles: + - detect + - rtmp + - record + chaos: + ffmpeg: + inputs: + - path: rtsp://127.0.0.1:8554/chaos + roles: + - detect + - rtmp + - record + cyber: + ffmpeg: + inputs: + - path: rtsp://127.0.0.1:8554/cyber + roles: + - detect + - rtmp + - record + workshop: + ffmpeg: + inputs: + - path: rtsp://127.0.0.1:8554/workshop + roles: + - detect + - rtmp + - record +--- +# Source: frigate/templates/config-pvc.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: frigate-config + labels: + app.kubernetes.io/name: frigate + helm.sh/chart: frigate-7.6.0 + app.kubernetes.io/instance: frigate + app.kubernetes.io/managed-by: Helm +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "100Mi" + storageClassName: "frigate-config" +--- +# Source: frigate/templates/media-pvc.yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: frigate-media + labels: + app.kubernetes.io/name: frigate + helm.sh/chart: frigate-7.6.0 + app.kubernetes.io/instance: frigate + app.kubernetes.io/managed-by: Helm +spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "100Gi" + storageClassName: "frigate-data" +--- +# Source: frigate/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: frigate + labels: + app.kubernetes.io/name: frigate + helm.sh/chart: frigate-7.6.0 + app.kubernetes.io/instance: frigate + app.kubernetes.io/version: "0.14.0" + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 5000 + protocol: TCP + targetPort: http + + - name: http-auth + port: 8971 + protocol: TCP + targetPort: http-auth + - name: rtmp + port: 1935 + protocol: TCP + targetPort: rtmp + + - name: rtsp + port: 8554 + protocol: TCP + targetPort: rtsp + + selector: + app.kubernetes.io/name: frigate + app.kubernetes.io/instance: frigate +--- +# Source: frigate/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: frigate + labels: + app.kubernetes.io/name: frigate + helm.sh/chart: frigate-7.6.0 + app.kubernetes.io/instance: frigate + app.kubernetes.io/version: "0.14.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + revisionHistoryLimit: 3 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: frigate + app.kubernetes.io/instance: frigate + template: + metadata: + labels: + app.kubernetes.io/name: frigate + app.kubernetes.io/instance: frigate + annotations: + checksum/configmap: 80913561aaed42918e40c6c5e154c53747edaec0aa33f1cca2b3a43115815cb4 + spec: + containers: + - name: frigate + image: "ghcr.io/blakeblackshear/frigate:0.14.0" + imagePullPolicy: IfNotPresent + securityContext: + {} + ports: + - name: http + containerPort: 5000 + protocol: TCP + - name: http-auth + containerPort: 8971 + protocol: TCP + - name: rtmp + containerPort: 1935 + protocol: TCP + - name: rtsp + containerPort: 8554 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + scheme: HTTP + initialDelaySeconds: 30 + failureThreshold: 5 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: / + port: http + scheme: HTTP + initialDelaySeconds: 30 + failureThreshold: 5 + timeoutSeconds: 10 + env: + envFrom: + - secretRef: + name: frigate-rstp-credentials + - secretRef: + name: frigate-mqtt-credentials + volumeMounts: + - mountPath: /config/config.yml + subPath: config.yml + name: configmap + - mountPath: /config + name: config + - mountPath: /data + name: data + - mountPath: /media + name: media + - name: dshm + mountPath: /dev/shm + - name: tmp + mountPath: /tmp + resources: + {} + volumes: + - name: configmap + configMap: + name: frigate + - name: config + persistentVolumeClaim: + claimName: frigate-config + - name: data + emptyDir: {} + - name: media + persistentVolumeClaim: + claimName: frigate-media + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 4Gi + - name: tmp + emptyDir: + medium: Memory + sizeLimit: 4Gi +--- +# Source: frigate/templates/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: frigate + labels: + app.kubernetes.io/name: frigate + helm.sh/chart: frigate-7.6.0 + app.kubernetes.io/instance: frigate + app.kubernetes.io/version: "0.14.0" + app.kubernetes.io/managed-by: Helm + annotations: + external-dns.alpha.kubernetes.io/target: traefik.k-space.ee + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.middlewares: frigate-frigate@kubernetescrd + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + tls: + - hosts: + - "*.k-space.ee" + secretName: + rules: + - host: "frigate.k-space.ee" + http: + paths: + - path: / + pathType: "ImplementationSpecific" + backend: + service: + name: frigate + port: + name: http diff --git a/frigate/auth.yml b/frigate/auth.yml new file mode 100644 index 0000000..2494ba0 --- /dev/null +++ b/frigate/auth.yml @@ -0,0 +1,10 @@ +--- +apiVersion: codemowers.cloud/v1beta1 +kind: OIDCMiddlewareClient +metadata: + name: frigate +spec: + displayName: Frigate + uri: 'https://frigate.k-space.ee/' + allowedGroups: + - k-space:legalmember diff --git a/frigate/rabbitmq.yml b/frigate/rabbitmq.yml new file mode 100644 index 0000000..075cdfb --- /dev/null +++ b/frigate/rabbitmq.yml @@ -0,0 +1,12 @@ +apiVersion: rabbitmq.com/v1beta1 +kind: RabbitmqCluster +metadata: + name: frigate-mqtt +spec: + replicas: 3 + persistence: + storageClassName: rabbitmq + storage: 10Gi + rabbitmq: + additionalPlugins: + - rabbitmq_mqtt diff --git a/frigate/storage-class.yml b/frigate/storage-class.yml new file mode 100644 index 0000000..336edd6 --- /dev/null +++ b/frigate/storage-class.yml @@ -0,0 +1,28 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: frigate-config +provisioner: csi.proxmox.sinextra.dev +parameters: + cache: none + csi.storage.k8s.io/fstype: xfs + ssd: 'true' + storage: ks-pvs +reclaimPolicy: Retain +allowVolumeExpansion: true +volumeBindingMode: WaitForFirstConsumer +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: frigate-data +provisioner: csi.proxmox.sinextra.dev +parameters: + cache: none + csi.storage.k8s.io/fstype: xfs + shared: 'true' + ssd: 'false' + storage: ks-pvs-nas +reclaimPolicy: Delete +allowVolumeExpansion: true +volumeBindingMode: WaitForFirstConsumer diff --git a/frigate/values.yaml b/frigate/values.yaml new file mode 100644 index 0000000..5fae1b0 --- /dev/null +++ b/frigate/values.yaml @@ -0,0 +1,166 @@ +# Default values for frigate. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- upgrade strategy type (e.g. Recreate or RollingUpdate) +strategyType: Recreate + +image: + # -- Docker registry/repository to pull the image from + repository: ghcr.io/blakeblackshear/frigate + # -- Overrides the default tag (appVersion) used in Chart.yaml ([Docker Hub](https://hub.docker.com/r/blakeblackshear/frigate/tags?page=1)) + tag: + # -- Docker image pull policy + pullPolicy: IfNotPresent + +# -- Docker image pull policy +imagePullSecrets: [] + +# -- additional ENV variables to set. Prefix with FRIGATE_ to target Frigate configuration values +env: {} + # TZ: UTC + +# -- set environment variables from Secret(s) +envFromSecrets: + # secrets are required before `helm install` + - frigate-rstp-credentials + - frigate-mqtt-credentials + +coral: + # -- enables the use of a Coral device + enabled: false + # -- path on the host to which to mount the Coral device + hostPath: /dev/bus/usb + +gpu: + nvidia: + # -- Enables NVIDIA GPU compatibility. Must also use the "amd64nvidia" tagged image + enabled: false + + # -- Overrides the default runtimeClassName + runtimeClassName: + +# -- amount of shared memory to use for caching +shmSize: 4Gi + +# -- use memory for tmpfs (mounted to /tmp) +tmpfs: + enabled: true + sizeLimit: 4Gi + +# -- frigate configuration - see [Docs](https://docs.frigate.video/configuration/index) for more info +config: | + mqtt: + host: frigate-mqtt + port: 1883 + topic_prefix: frigate + client_id: frigate + user: '{FRIGATE_MQTT_USERNAME}' + password: '{FRIGATE_MQTT_PASSWORD}' + stats_interval: 60 + + detectors: + # coral: + # type: edgetpu + # device: usb + cpu1: + type: cpu + + go2rtc: + streams: + server_room: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.2:8080/?action=stream#video=h264" + chaos: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.3:8080/?action=stream#video=h264" + cyber: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.8:8080/?action=stream#video=h264" + workshop: "ffmpeg:http://user:{FRIGATE_RTSP_PASSWORD}@100.102.2.10:8080/?action=stream#video=h264" + + cameras: + server_room: + ffmpeg: + inputs: + - path: rtsp://127.0.0.1:8554/server_room + roles: + - detect + - rtmp + - record + chaos: + ffmpeg: + inputs: + - path: rtsp://127.0.0.1:8554/chaos + roles: + - detect + - rtmp + - record + cyber: + ffmpeg: + inputs: + - path: rtsp://127.0.0.1:8554/cyber + roles: + - detect + - rtmp + - record + workshop: + ffmpeg: + inputs: + - path: rtsp://127.0.0.1:8554/workshop + roles: + - detect + - rtmp + - record + +# Probes configuration +probes: + liveness: + enabled: true + initialDelaySeconds: 30 + failureThreshold: 5 + timeoutSeconds: 10 + readiness: + enabled: true + initialDelaySeconds: 30 + failureThreshold: 5 + timeoutSeconds: 10 + startup: + enabled: false + failureThreshold: 30 + periodSeconds: 10 + +service: + type: ClusterIP + port: 5000 + annotations: {} + labels: {} + loadBalancerIP: + ipFamilyPolicy: SingleStack + ipFamilies: [] + + +ingress: + enabled: true + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: websecure + traefik.ingress.kubernetes.io/router.tls: "true" + external-dns.alpha.kubernetes.io/target: traefik.k-space.ee + traefik.ingress.kubernetes.io/router.middlewares: frigate-frigate@kubernetescrd + hosts: + - host: frigate.k-space.ee + paths: + - path: '/' + portName: http + tls: + - hosts: + - "*.k-space.ee" + +persistence: + config: + enabled: true + storageClass: "frigate-config" + accessMode: ReadWriteOnce + size: 100Mi + skipuninstall: false + + media: + enabled: true + storageClass: "frigate-data" + accessMode: ReadWriteOnce + size: 100Gi + skipuninstall: false