1
0
forked from k-space/kube

camtiler: Dozen updates

This commit is contained in:
Lauri Võsandi 2022-12-12 20:37:03 +02:00
parent b5ee891c97
commit ea9b63b7cc
4 changed files with 317 additions and 134 deletions

View File

@ -1,7 +1,7 @@
To apply changes: To apply changes:
``` ```
kubectl apply -n camtiler -f application.yml -f persistence.yml -f mongoexpress.yml -f mongodb-support.yml -f networkpolicy-base.yml -f minio-support.yml kubectl apply -n camtiler -f application.yml -f persistence.yml -f mongoexpress.yml -f mongodb-support.yml -f networkpolicy-base.yml
``` ```
To deploy changes: To deploy changes:
@ -15,14 +15,9 @@ To initialize secrets:
``` ```
kubectl create secret generic -n camtiler mongodb-application-readwrite-password --from-literal="password=$(cat /dev/urandom | base64 | head -c 30)" kubectl create secret generic -n camtiler mongodb-application-readwrite-password --from-literal="password=$(cat /dev/urandom | base64 | head -c 30)"
kubectl create secret generic -n camtiler mongodb-application-readonly-password --from-literal="password=$(cat /dev/urandom | base64 | head -c 30)" kubectl create secret generic -n camtiler mongodb-application-readonly-password --from-literal="password=$(cat /dev/urandom | base64 | head -c 30)"
kubectl create secret generic -n camtiler minio-secret \ kubectl create secret generic -n camtiler minio-secrets \
--from-literal=accesskey=application \
--from-literal=secretkey=$(cat /dev/urandom | base64 | head -c 30)
kubectl create secret generic -n camtiler minio-env-configuration \
--from-literal="MINIO_BROWSER=off" \
--from-literal="MINIO_ROOT_USER=root" \ --from-literal="MINIO_ROOT_USER=root" \
--from-literal="MINIO_ROOT_PASSWORD=$(cat /dev/urandom | base64 | head -c 30)" \ --from-literal="MINIO_ROOT_PASSWORD=$(cat /dev/urandom | base64 | head -c 30)"
--from-literal="MINIO_STORAGE_CLASS_STANDARD=EC:4"
kubectl -n camtiler create secret generic camera-secrets \ kubectl -n camtiler create secret generic camera-secrets \
--from-literal=username=... \ --from-literal=username=... \
--from-literal=password=... --from-literal=password=...

View File

@ -2,7 +2,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: camtiler name: camera-tiler
annotations: annotations:
keel.sh/policy: force keel.sh/policy: force
keel.sh/trigger: poll keel.sh/trigger: poll
@ -10,17 +10,16 @@ spec:
revisionHistoryLimit: 0 revisionHistoryLimit: 0
replicas: 2 replicas: 2
selector: selector:
matchLabels: matchLabels: &selectorLabels
app.kubernetes.io/name: camtiler app.kubernetes.io/name: camtiler
component: camera-tiler
template: template:
metadata: metadata:
labels: labels: *selectorLabels
app.kubernetes.io/name: camtiler
component: camtiler
spec: spec:
serviceAccountName: camtiler serviceAccountName: camera-tiler
containers: containers:
- name: camtiler - name: camera-tiler
image: harbor.k-space.ee/k-space/camera-tiler:latest image: harbor.k-space.ee/k-space/camera-tiler:latest
securityContext: securityContext:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
@ -29,6 +28,13 @@ spec:
ports: ports:
- containerPort: 5001 - containerPort: 5001
name: "http" name: "http"
resources:
requests:
memory: "200Mi"
cpu: "100m"
limits:
memory: "500Mi"
cpu: "1"
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
@ -41,20 +47,40 @@ spec:
revisionHistoryLimit: 0 revisionHistoryLimit: 0
replicas: 2 replicas: 2
selector: selector:
matchLabels: matchLabels: &selectorLabels
app.kubernetes.io/name: log-viewer-frontend app.kubernetes.io/name: camtiler
component: log-viewer-frontend
template: template:
metadata: metadata:
labels: labels: *selectorLabels
app.kubernetes.io/name: log-viewer-frontend
spec: spec:
containers: containers:
- name: log-viewer-frontend - name: log-viewer-frontend
image: harbor.k-space.ee/k-space/log-viewer-frontend:latest image: harbor.k-space.ee/k-space/log-viewer-frontend:latest
# securityContext: securityContext:
# readOnlyRootFilesystem: true readOnlyRootFilesystem: true
# runAsNonRoot: true runAsNonRoot: true
# runAsUser: 1000 runAsUser: 1000
resources:
limits:
memory: 50Mi
requests:
cpu: 1m
memory: 20Mi
volumeMounts:
- name : nginx-cache
mountPath: /var/cache/nginx/
- name : nginx-config
mountPath: /var/config/nginx/
- name: var-run
mountPath: /var/run/
volumes:
- emptyDir: {}
name: nginx-cache
- emptyDir: {}
name: nginx-config
- emptyDir: {}
name: var-run
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
@ -65,14 +91,14 @@ metadata:
keel.sh/trigger: poll keel.sh/trigger: poll
spec: spec:
revisionHistoryLimit: 0 revisionHistoryLimit: 0
replicas: 3 replicas: 2
selector: selector:
matchLabels: matchLabels: &selectorLabels
app.kubernetes.io/name: log-viewer-backend app.kubernetes.io/name: camtiler
component: log-viewer-backend
template: template:
metadata: metadata:
labels: labels: *selectorLabels
app.kubernetes.io/name: log-viewer-backend
spec: spec:
containers: containers:
- name: log-backend-backend - name: log-backend-backend
@ -98,13 +124,13 @@ spec:
- name: MINIO_SECRET_KEY - name: MINIO_SECRET_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: minio-secret name: minio-secrets
key: secretkey key: MINIO_ROOT_PASSWORD
- name: MINIO_ACCESS_KEY - name: MINIO_ACCESS_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: minio-secret name: minio-secrets
key: accesskey key: MINIO_ROOT_USER
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -113,7 +139,8 @@ metadata:
spec: spec:
type: ClusterIP type: ClusterIP
selector: selector:
app.kubernetes.io/name: log-viewer-frontend app.kubernetes.io/name: camtiler
component: log-viewer-frontend
ports: ports:
- protocol: TCP - protocol: TCP
port: 3003 port: 3003
@ -125,7 +152,8 @@ metadata:
spec: spec:
type: ClusterIP type: ClusterIP
selector: selector:
app.kubernetes.io/name: log-viewer-backend app.kubernetes.io/name: camtiler
component: log-viewer-backend
ports: ports:
- protocol: TCP - protocol: TCP
port: 3002 port: 3002
@ -133,14 +161,15 @@ spec:
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: camtiler name: camera-tiler
labels: labels:
component: camtiler app.kubernetes.io/name: camtiler
component: camera-tiler
spec: spec:
type: ClusterIP type: ClusterIP
selector: selector:
app.kubernetes.io/name: camtiler app.kubernetes.io/name: camtiler
component: camtiler component: camera-tiler
ports: ports:
- protocol: TCP - protocol: TCP
port: 5001 port: 5001
@ -148,12 +177,12 @@ spec:
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: camtiler name: camera-tiler
--- ---
kind: Role kind: Role
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: camtiler name: camera-tiler
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
@ -165,14 +194,14 @@ rules:
kind: RoleBinding kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: camtiler name: camera-tiler
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: camtiler name: camera-tiler
apiGroup: "" apiGroup: ""
roleRef: roleRef:
kind: Role kind: Role
name: camtiler name: camera-tiler
apiGroup: "" apiGroup: ""
--- ---
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
@ -209,7 +238,7 @@ spec:
path: "/tiled" path: "/tiled"
backend: backend:
service: service:
name: camtiler name: camera-tiler
port: port:
number: 5001 number: 5001
- pathType: Prefix - pathType: Prefix
@ -237,7 +266,7 @@ metadata:
spec: spec:
podSelector: podSelector:
matchLabels: matchLabels:
component: camdetect component: camera-motion-detect
policyTypes: policyTypes:
- Ingress - Ingress
- Egress - Egress
@ -245,7 +274,8 @@ spec:
- from: - from:
- podSelector: - podSelector:
matchLabels: matchLabels:
component: camtiler app.kubernetes.io/name: camtiler
component: camera-tiler
- from: - from:
- namespaceSelector: - namespaceSelector:
matchLabels: matchLabels:
@ -267,7 +297,7 @@ spec:
- to: - to:
- podSelector: - podSelector:
matchLabels: matchLabels:
v1.min.io/tenant: minio app.kubernetes.io/name: minio
ports: ports:
- port: 9000 - port: 9000
--- ---
@ -278,7 +308,8 @@ metadata:
spec: spec:
podSelector: podSelector:
matchLabels: matchLabels:
component: camtiler app.kubernetes.io/name: camtiler
component: camera-tiler
policyTypes: policyTypes:
- Ingress - Ingress
- Egress - Egress
@ -286,7 +317,7 @@ spec:
- to: - to:
- podSelector: - podSelector:
matchLabels: matchLabels:
component: camdetect component: camera-motion-detect
ports: ports:
- port: 5000 - port: 5000
ingress: ingress:
@ -312,7 +343,8 @@ metadata:
spec: spec:
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: log-viewer-backend app.kubernetes.io/name: camtiler
component: log-viewer-backend
policyTypes: policyTypes:
- Ingress - Ingress
- Egress - Egress
@ -345,7 +377,8 @@ metadata:
spec: spec:
podSelector: podSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: log-viewer-frontend app.kubernetes.io/name: camtiler
component: log-viewer-frontend
policyTypes: policyTypes:
- Ingress - Ingress
- Egress - Egress
@ -358,31 +391,6 @@ spec:
matchLabels: matchLabels:
app.kubernetes.io/name: traefik app.kubernetes.io/name: traefik
--- ---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minio
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec:
rules:
- host: cams-s3.k-space.ee
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: minio
port:
number: 80
tls:
- hosts:
- "*.k-space.ee"
---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
@ -473,12 +481,13 @@ spec:
metadata: metadata:
name: foobar name: foobar
labels: labels:
component: camdetect app.kubernetes.io/name: foobar
component: camera-motion-detect
spec: spec:
type: ClusterIP type: ClusterIP
selector: selector:
app.kubernetes.io/name: foobar app.kubernetes.io/name: foobar
component: camdetect component: camera-motion-detect
ports: ports:
- protocol: TCP - protocol: TCP
port: 80 port: 80
@ -508,18 +517,25 @@ spec:
metadata: metadata:
labels: labels:
app.kubernetes.io/name: foobar app.kubernetes.io/name: foobar
component: camdetect component: camera-motion-detect
spec: spec:
containers: containers:
- name: camdetect - name: camera-motion-detect
image: harbor.k-space.ee/k-space/camera-motion-detect:latest image: harbor.k-space.ee/k-space/camera-motion-detect:latest
starupProbe:
httpGet:
path: /healthz
port: 5000
initialDelaySeconds: 2
periodSeconds: 180
timeoutSeconds: 60
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /readyz path: /readyz
port: 5000 port: 5000
initialDelaySeconds: 10 initialDelaySeconds: 60
periodSeconds: 180 periodSeconds: 60
timeoutSeconds: 60 timeoutSeconds: 5
ports: ports:
- containerPort: 5000 - containerPort: 5000
name: "http" name: "http"
@ -557,13 +573,13 @@ spec:
- name: AWS_SECRET_ACCESS_KEY - name: AWS_SECRET_ACCESS_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: minio-secret name: minio-secrets
key: secretkey key: MINIO_ROOT_PASSWORD
- name: AWS_ACCESS_KEY_ID - name: AWS_ACCESS_KEY_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: minio-secret name: minio-secrets
key: accesskey key: MINIO_ROOT_USER
# Make sure 2+ pods of same camera are scheduled on different hosts # Make sure 2+ pods of same camera are scheduled on different hosts
affinity: affinity:
@ -585,7 +601,7 @@ spec:
labelSelector: labelSelector:
matchLabels: matchLabels:
app.kubernetes.io/name: foobar app.kubernetes.io/name: foobar
component: camdetect component: camera-motion-detect
--- ---
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: PodMonitor kind: PodMonitor
@ -597,6 +613,7 @@ spec:
- port: http - port: http
podTargetLabels: podTargetLabels:
- app.kubernetes.io/name - app.kubernetes.io/name
- component
--- ---
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule kind: PrometheusRule
@ -607,21 +624,21 @@ spec:
- name: cameras - name: cameras
rules: rules:
- alert: CameraLost - alert: CameraLost
expr: rate(camdetect_rx_frames_total[2m]) < 1 expr: rate(camtiler_frames_total{stage="downloaded"}[1m]) < 1
for: 2m for: 2m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: Camera feed stopped summary: Camera feed stopped
- alert: CameraServerRoomMotion - alert: CameraServerRoomMotion
expr: camdetect_event_active {app="camdetect-server-room"} > 0 expr: rate(camtiler_events_total{app_kubernetes_io_name="server-room"}[30m]) > 0
for: 1m for: 1m
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: Motion was detected in server room summary: Motion was detected in server room
- alert: CameraSlowUploads - alert: CameraSlowUploads
expr: rate(camdetect_upload_dropped_frames_total[2m]) > 1 expr: camtiler_queue_frames{stage="upload"} > 10
for: 5m for: 5m
labels: labels:
severity: warning severity: warning
@ -629,7 +646,7 @@ spec:
summary: Motion detect snapshots are piling up and summary: Motion detect snapshots are piling up and
not getting uploaded to S3 not getting uploaded to S3
- alert: CameraSlowProcessing - alert: CameraSlowProcessing
expr: rate(camdetect_download_dropped_frames_total[2m]) > 1 expr: camtiler_queue_frames{stage="download"} > 10
for: 5m for: 5m
labels: labels:
severity: warning severity: warning
@ -644,6 +661,7 @@ metadata:
spec: spec:
target: http://user@workshop.cam.k-space.ee:8080/?action=stream target: http://user@workshop.cam.k-space.ee:8080/?action=stream
secretRef: camera-secrets secretRef: camera-secrets
replicas: 2
--- ---
apiVersion: k-space.ee/v1alpha1 apiVersion: k-space.ee/v1alpha1
kind: Camera kind: Camera
@ -652,6 +670,7 @@ metadata:
spec: spec:
target: http://user@server-room.cam.k-space.ee:8080/?action=stream target: http://user@server-room.cam.k-space.ee:8080/?action=stream
secretRef: camera-secrets secretRef: camera-secrets
replicas: 2
--- ---
apiVersion: k-space.ee/v1alpha1 apiVersion: k-space.ee/v1alpha1
kind: Camera kind: Camera
@ -660,6 +679,7 @@ metadata:
spec: spec:
target: http://user@printer.cam.k-space.ee:8080/?action=stream target: http://user@printer.cam.k-space.ee:8080/?action=stream
secretRef: camera-secrets secretRef: camera-secrets
replicas: 2
--- ---
apiVersion: k-space.ee/v1alpha1 apiVersion: k-space.ee/v1alpha1
kind: Camera kind: Camera
@ -668,6 +688,7 @@ metadata:
spec: spec:
target: http://user@chaos.cam.k-space.ee:8080/?action=stream target: http://user@chaos.cam.k-space.ee:8080/?action=stream
secretRef: camera-secrets secretRef: camera-secrets
replicas: 2
--- ---
apiVersion: k-space.ee/v1alpha1 apiVersion: k-space.ee/v1alpha1
kind: Camera kind: Camera
@ -676,6 +697,7 @@ metadata:
spec: spec:
target: http://user@cyber.cam.k-space.ee:8080/?action=stream target: http://user@cyber.cam.k-space.ee:8080/?action=stream
secretRef: camera-secrets secretRef: camera-secrets
replicas: 2
--- ---
apiVersion: k-space.ee/v1alpha1 apiVersion: k-space.ee/v1alpha1
kind: Camera kind: Camera
@ -684,6 +706,7 @@ metadata:
spec: spec:
target: http://user@kitchen.cam.k-space.ee:8080/?action=stream target: http://user@kitchen.cam.k-space.ee:8080/?action=stream
secretRef: camera-secrets secretRef: camera-secrets
replicas: 2
--- ---
apiVersion: k-space.ee/v1alpha1 apiVersion: k-space.ee/v1alpha1
kind: Camera kind: Camera
@ -692,6 +715,7 @@ metadata:
spec: spec:
target: http://user@back-door.cam.k-space.ee:8080/?action=stream target: http://user@back-door.cam.k-space.ee:8080/?action=stream
secretRef: camera-secrets secretRef: camera-secrets
replicas: 2
--- ---
apiVersion: k-space.ee/v1alpha1 apiVersion: k-space.ee/v1alpha1
kind: Camera kind: Camera
@ -700,3 +724,4 @@ metadata:
spec: spec:
target: http://user@ground-door.cam.k-space.ee:8080/?action=stream target: http://user@ground-door.cam.k-space.ee:8080/?action=stream
secretRef: camera-secrets secretRef: camera-secrets
replicas: 2

View File

@ -1 +0,0 @@
../shared/minio-support.yml

View File

@ -7,9 +7,10 @@ spec:
additionalMongodConfig: additionalMongodConfig:
systemLog: systemLog:
quiet: true quiet: true
members: 3 members: 2
arbiters: 1
type: ReplicaSet type: ReplicaSet
version: "5.0.9" version: "6.0.3"
security: security:
authentication: authentication:
modes: ["SCRAM"] modes: ["SCRAM"]
@ -27,7 +28,7 @@ spec:
passwordSecretRef: passwordSecretRef:
name: mongodb-application-readonly-password name: mongodb-application-readonly-password
roles: roles:
- name: readOnly - name: read
db: application db: application
scramCredentialsSecretName: mongodb-application-readonly scramCredentialsSecretName: mongodb-application-readonly
statefulSet: statefulSet:
@ -35,6 +36,24 @@ spec:
logLevel: WARN logLevel: WARN
template: template:
spec: spec:
containers:
- name: mongod
resources:
requests:
cpu: 100m
memory: 512Mi
limits:
cpu: 500m
memory: 1Gi
volumeMounts:
- name: journal-volume
mountPath: /data/journal
- name: mongodb-agent
resources:
requests:
cpu: 1m
memory: 100Mi
limits: {}
affinity: affinity:
podAntiAffinity: podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
@ -55,8 +74,21 @@ spec:
volumeClaimTemplates: volumeClaimTemplates:
- metadata: - metadata:
name: logs-volume name: logs-volume
labels:
usecase: logs
spec: spec:
storageClassName: local-path storageClassName: mongo
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi
- metadata:
name: journal-volume
labels:
usecase: journal
spec:
storageClassName: mongo
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
@ -64,63 +96,44 @@ spec:
storage: 512Mi storage: 512Mi
- metadata: - metadata:
name: data-volume name: data-volume
labels:
usecase: data
spec: spec:
storageClassName: local-path storageClassName: mongo
accessModes: accessModes:
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: 2Gi storage: 2Gi
--- ---
apiVersion: minio.min.io/v2 apiVersion: apps/v1
kind: Tenant kind: StatefulSet
metadata: metadata:
name: minio name: minio
annotations: labels:
prometheus.io/path: /minio/prometheus/metrics app.kubernetes.io/name: minio
prometheus.io/port: "9000"
prometheus.io/scrape: "true"
spec: spec:
credsSecret: selector:
name: minio-secret matchLabels:
buckets: app.kubernetes.io/name: minio
- name: application serviceName: minio-svc
requestAutoCert: false replicas: 4
users: podManagementPolicy: Parallel
- name: minio-user-0 template:
pools: metadata:
- name: pool-0 labels:
app.kubernetes.io/name: minio
spec:
affinity: affinity:
podAntiAffinity: podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector: - labelSelector:
matchExpressions: matchExpressions:
- key: v1.min.io/tenant - key: app
operator: In operator: In
values: values:
- minio - minio
- key: v1.min.io/pool
operator: In
values:
- pool-0
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname
resources:
requests:
cpu: '1'
memory: 512Mi
servers: 4
volumesPerServer: 1
volumeClaimTemplate:
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: '30Gi'
storageClassName: local-path
status: {}
nodeSelector: nodeSelector:
dedicated: storage dedicated: storage
tolerations: tolerations:
@ -128,3 +141,154 @@ spec:
operator: Equal operator: Equal
value: storage value: storage
effect: NoSchedule effect: NoSchedule
containers:
- name: minio
env:
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: public
envFrom:
- secretRef:
name: minio-secrets
image: minio/minio:latest
args:
- server
- http://minio-{0...3}.minio-svc.camtiler.svc.cluster.local/data
- --address
- 0.0.0.0:9000
- --console-address
- 0.0.0.0:9001
ports:
- containerPort: 9000
name: http
- containerPort: 9001
name: console
livenessProbe:
httpGet:
path: /minio/health/live
port: 9000
initialDelaySeconds: 10
periodSeconds: 20
resources:
requests:
cpu: 1m
memory: 512Mi
limits:
cpu: 1000m
memory: 1Gi
volumeMounts:
- name: minio-data
mountPath: /data
volumeClaimTemplates:
- metadata:
name: minio-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: '30Gi'
storageClassName: minio
---
apiVersion: v1
kind: Service
metadata:
name: minio
spec:
type: ClusterIP
ports:
- port: 80
targetPort: 9000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: minio
---
kind: Service
apiVersion: v1
metadata:
name: minio-svc
spec:
selector:
app.kubernetes.io/name: minio
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: http
port: 9000
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: minio
spec:
selector:
matchLabels:
app.kubernetes.io/name: minio
podMetricsEndpoints:
- port: http
path: /minio/v2/metrics/node
podTargetLabels:
- app.kubernetes.io/name
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: minio
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: minio
policyTypes:
- Ingress
- Egress
egress:
- ports:
- port: http
to:
- podSelector:
matchLabels:
app.kubernetes.io/name: minio
ingress:
- ports:
- port: http
from:
- podSelector: {}
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: traefik
podSelector:
matchLabels:
app.kubernetes.io/name: traefik
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: prometheus-operator
podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: minio
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
spec:
rules:
- host: cams-s3.k-space.ee
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: minio-svc
port:
number: 9000
tls:
- hosts:
- "*.k-space.ee"