1
0
forked from k-space/kube

camtiler: Formatting, networkpolicy and labeling fixes

This commit is contained in:
Lauri Võsandi 2022-09-15 10:09:21 +03:00
parent 7ae75f2f1c
commit 6e0e7f4349

View File

@ -1,3 +1,4 @@
---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
@ -114,8 +115,8 @@ spec:
selector: selector:
app.kubernetes.io/name: log-viewer-frontend app.kubernetes.io/name: log-viewer-frontend
ports: ports:
- protocol: TCP - protocol: TCP
port: 3003 port: 3003
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -126,8 +127,8 @@ spec:
selector: selector:
app.kubernetes.io/name: log-viewer-backend app.kubernetes.io/name: log-viewer-backend
ports: ports:
- protocol: TCP - protocol: TCP
port: 3002 port: 3002
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -141,8 +142,8 @@ spec:
app.kubernetes.io/name: camtiler app.kubernetes.io/name: camtiler
component: camtiler component: camtiler
ports: ports:
- protocol: TCP - protocol: TCP
port: 5001 port: 5001
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@ -154,18 +155,21 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: camtiler name: camtiler
rules: rules:
- apiGroups: [""] - apiGroups:
resources: ["services"] - ""
verbs: ["list"] resources:
- services
verbs:
- list
--- ---
kind: RoleBinding kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: camtiler name: camtiler
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: camtiler name: camtiler
apiGroup: "" apiGroup: ""
roleRef: roleRef:
kind: Role kind: Role
name: camtiler name: camtiler
@ -204,34 +208,34 @@ metadata:
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec: spec:
rules: rules:
- host: cams.k-space.ee - host: cams.k-space.ee
http: http:
paths: paths:
- pathType: Prefix - pathType: Prefix
path: "/tiled" path: "/tiled"
backend: backend:
service: service:
name: camtiler name: camtiler
port: port:
number: 5001 number: 5001
- pathType: Prefix - pathType: Prefix
path: "/events" path: "/events"
backend: backend:
service: service:
name: log-viewer-backend name: log-viewer-backend
port: port:
number: 3002 number: 3002
- pathType: Prefix - pathType: Prefix
path: "/" path: "/"
backend: backend:
service: service:
name: log-viewer-frontend name: log-viewer-frontend
port: port:
number: 3003 number: 3003
tls: tls:
- hosts: - hosts:
- cams.k-space.ee - cams.k-space.ee
secretName: camtiler-tls secretName: camtiler-tls
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
@ -242,37 +246,37 @@ spec:
matchLabels: matchLabels:
component: camdetect component: camdetect
policyTypes: policyTypes:
- Ingress - Ingress
- Egress - Egress
ingress: ingress:
- from: - from:
- podSelector: - podSelector:
matchLabels: matchLabels:
component: camtiler component: camtiler
- from: - from:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
kubernetes.io/metadata.name: prometheus-operator kubernetes.io/metadata.name: prometheus-operator
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: prometheus app.kubernetes.io/name: prometheus
egress: egress:
- to: - to:
- ipBlock: - ipBlock:
# Permit access to cameras outside the cluster # Permit access to cameras outside the cluster
cidr: 100.102.0.0/16 cidr: 100.102.0.0/16
- to: - to:
- podSelector: - podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: mongodb-svc app: mongodb-svc
ports: ports:
- port: 27017 - port: 27017
- to: - to:
- podSelector: - podSelector:
matchLabels: matchLabels:
v1.min.io/tenant: minio v1.min.io/tenant: minio
ports: ports:
- port: 9000 - port: 9000
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
@ -283,30 +287,30 @@ spec:
matchLabels: matchLabels:
component: camtiler component: camtiler
policyTypes: policyTypes:
- Ingress - Ingress
- Egress - Egress
egress: egress:
- to: - to:
- podSelector: - podSelector:
matchLabels: matchLabels:
component: camdetect component: camdetect
ports: ports:
- port: 5000 - port: 5000
ingress: ingress:
- from: - from:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
kubernetes.io/metadata.name: prometheus-operator kubernetes.io/metadata.name: prometheus-operator
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: prometheus app.kubernetes.io/name: prometheus
- from: - from:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
kubernetes.io/metadata.name: traefik kubernetes.io/metadata.name: traefik
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: traefik app.kubernetes.io/name: traefik
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
@ -317,25 +321,29 @@ spec:
matchLabels: matchLabels:
app.kubernetes.io/name: log-viewer-backend app.kubernetes.io/name: log-viewer-backend
policyTypes: policyTypes:
- Ingress - Ingress
- Egress - Egress
egress: egress:
- to: - to:
- podSelector: - podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: mongodb-svc app: mongodb-svc
- to: - to:
- ipBlock: # Minio access via Traefik's public endpoint
# Minio is accessed thru public endpoint via Traefik - namespaceSelector:
cidr: 193.40.103.0/24 matchLabels:
kubernetes.io/metadata.name: traefik
podSelector:
matchLabels:
app.kubernetes.io/name: traefik
ingress: ingress:
- from: - from:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
kubernetes.io/metadata.name: traefik kubernetes.io/metadata.name: traefik
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: traefik app.kubernetes.io/name: traefik
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
@ -346,16 +354,16 @@ spec:
matchLabels: matchLabels:
app.kubernetes.io/name: log-viewer-frontend app.kubernetes.io/name: log-viewer-frontend
policyTypes: policyTypes:
- Ingress - Ingress
- Egress - Egress
ingress: ingress:
- from: - from:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
kubernetes.io/metadata.name: traefik kubernetes.io/metadata.name: traefik
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: traefik app.kubernetes.io/name: traefik
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
@ -369,93 +377,93 @@ metadata:
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec: spec:
rules: rules:
- host: cams-s3.k-space.ee - host: cams-s3.k-space.ee
http: http:
paths: paths:
- pathType: Prefix - pathType: Prefix
path: "/" path: "/"
backend: backend:
service: service:
name: minio name: minio
port: port:
number: 80 number: 80
tls: tls:
- hosts: - hosts:
- cams-s3.k-space.ee - cams-s3.k-space.ee
secretName: cams-s3-tls secretName: cams-s3-tls
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
name: cams.k-space.ee name: cams.k-space.ee
spec: spec:
group: k-space.ee group: k-space.ee
names: names:
plural: cams plural: cams
singular: cam singular: cam
kind: Camera kind: Camera
shortNames: shortNames:
- cam - cam
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - name: v1alpha1
served: true served: true
storage: true storage: true
schema: schema:
openAPIV3Schema: openAPIV3Schema:
type: object type: object
properties: properties:
spec: spec:
type: object type: object
properties: properties:
roi: roi:
type: object type: object
description: Region of interest for this camera description: Region of interest for this camera
properties: properties:
threshold: threshold:
type: integer type: integer
description: Percentage of pixels changed within ROI to description: Percentage of pixels changed within ROI to
consider whole frame to have motion detected. consider whole frame to have motion detected.
Defaults to 5. Defaults to 5.
enabled: enabled:
type: boolean type: boolean
description: Whether motion detection is enabled for this description: Whether motion detection is enabled for this
camera. Defaults to false. camera. Defaults to false.
left: left:
type: integer type: integer
description: Left boundary of ROI as description: Left boundary of ROI as
percentage of the width of a frame. percentage of the width of a frame.
By default 0. By default 0.
right: right:
type: integer type: integer
description: Right boundary of ROI as description: Right boundary of ROI as
percentage of the width of a frame. percentage of the width of a frame.
By default 100. By default 100.
top: top:
type: integer type: integer
description: Top boundary of ROI as description: Top boundary of ROI as
percentage of the height of a frame percentage of the height of a frame
By deafault 0. By deafault 0.
bottom: bottom:
type: integer type: integer
description: Bottom boundary of ROI as description: Bottom boundary of ROI as
percentage of the height of a frame. percentage of the height of a frame.
By default 100. By default 100.
secretRef: secretRef:
type: string type: string
description: Secret that contains authentication credentials description: Secret that contains authentication credentials
target: target:
type: string type: string
description: URL of the video feed stream description: URL of the video feed stream
replicas: replicas:
type: integer type: integer
minimum: 1 minimum: 1
maximum: 2 maximum: 2
description: For highly available deployment set this to 2 or description: For highly available deployment set this to 2 or
higher. Make sure you also run Mongo and Minio in HA higher. Make sure you also run Mongo and Minio in HA
configurations configurations
required: ["target"] required: ["target"]
required: ["spec"] required: ["spec"]
--- ---
apiVersion: codemowers.io/v1alpha1 apiVersion: codemowers.io/v1alpha1
kind: ClusterOperator kind: ClusterOperator
@ -481,9 +489,9 @@ spec:
app.kubernetes.io/name: foobar app.kubernetes.io/name: foobar
component: camdetect component: camdetect
ports: ports:
- protocol: TCP - protocol: TCP
port: 80 port: 80
targetPort: 5000 targetPort: 5000
deployments: deployments:
- apiVersion: apps/v1 - apiVersion: apps/v1
kind: Deployment kind: Deployment
@ -522,14 +530,14 @@ spec:
periodSeconds: 180 periodSeconds: 180
timeoutSeconds: 60 timeoutSeconds: 60
ports: ports:
- containerPort: 5000 - containerPort: 5000
name: "http" name: "http"
resources: resources:
requests: requests:
memory: "64Mi" memory: "64Mi"
cpu: "200m" cpu: "200m"
limits: limits:
memory: "128Mi" memory: "256Mi"
cpu: "1" cpu: "1"
securityContext: securityContext:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
@ -580,13 +588,13 @@ spec:
# Make sure camera deployments are spread over workers # Make sure camera deployments are spread over workers
topologySpreadConstraints: topologySpreadConstraints:
- maxSkew: 1 - maxSkew: 1
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule whenUnsatisfiable: DoNotSchedule
labelSelector: labelSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: foobar app.kubernetes.io/name: foobar
component: camdetect component: camdetect
--- ---
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: PodMonitor kind: PodMonitor
@ -595,44 +603,48 @@ metadata:
spec: spec:
selector: {} selector: {}
podMetricsEndpoints: podMetricsEndpoints:
- port: http - port: http
podTargetLabels:
- app.kubernetes.io/name
--- ---
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule kind: PrometheusRule
metadata: metadata:
name: cameras name: cameras
spec: spec:
groups: groups:
- name: cameras - name: cameras
rules: rules:
- alert: CameraLost - alert: CameraLost
expr: rate(camdetect_rx_frames_total[2m]) < 1 expr: rate(camdetect_rx_frames_total[2m]) < 1
for: 2m for: 2m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: Camera feed stopped summary: Camera feed stopped
- alert: CameraServerRoomMotion - alert: CameraServerRoomMotion
expr: camdetect_event_active {app="camdetect-server-room"} > 0 expr: camdetect_event_active {app="camdetect-server-room"} > 0
for: 1m for: 1m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: Motion was detected in server room summary: Motion was detected in server room
- alert: CameraSlowUploads - alert: CameraSlowUploads
expr: rate(camdetect_upload_dropped_frames_total[2m]) > 1 expr: rate(camdetect_upload_dropped_frames_total[2m]) > 1
for: 5m for: 5m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: Motion detect snapshots are piling up and not getting uploaded to S3 summary: Motion detect snapshots are piling up and
- alert: CameraSlowProcessing not getting uploaded to S3
expr: rate(camdetect_download_dropped_frames_total[2m]) > 1 - alert: CameraSlowProcessing
for: 5m expr: rate(camdetect_download_dropped_frames_total[2m]) > 1
labels: for: 5m
severity: warning labels:
annotations: severity: warning
summary: Motion detection processing pipeline is not keeping up with incoming frames annotations:
summary: Motion detection processing pipeline is not keeping up
with incoming frames
--- ---
apiVersion: k-space.ee/v1alpha1 apiVersion: k-space.ee/v1alpha1
kind: Camera kind: Camera