forked from k-space/kube
Switch cameras to meta-operator
This commit is contained in:
parent
b87d780e55
commit
1cfc82c049
@ -7,7 +7,7 @@ metadata:
|
||||
keel.sh/trigger: poll
|
||||
spec:
|
||||
revisionHistoryLimit: 0
|
||||
replicas: 1
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: camtiler
|
||||
@ -232,94 +232,6 @@ spec:
|
||||
- cams.k-space.ee
|
||||
secretName: camtiler-tls
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
name: camera-operator
|
||||
annotations:
|
||||
keel.sh/policy: force
|
||||
keel.sh/trigger: poll
|
||||
spec:
|
||||
revisionHistoryLimit: 0
|
||||
replicas: 1
|
||||
serviceName: camera-operator
|
||||
selector:
|
||||
matchLabels:
|
||||
app: camera-operator
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: camera-operator
|
||||
spec:
|
||||
serviceAccount: camera-operator
|
||||
containers:
|
||||
- name: camera-operator
|
||||
image: harbor.k-space.ee/k-space/camera-operator:latest
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
env:
|
||||
- name: MY_POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: camera-operator
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- list
|
||||
- update
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- deployments
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- list
|
||||
- update
|
||||
- apiGroups:
|
||||
- k-space.ee
|
||||
resources:
|
||||
- cams
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: camera-operator
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: camera-operator
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: camera-operator
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: camera-operator
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
@ -472,3 +384,275 @@ spec:
|
||||
- hosts:
|
||||
- cams-s3.k-space.ee
|
||||
secretName: cams-s3-tls
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: cams.k-space.ee
|
||||
spec:
|
||||
group: k-space.ee
|
||||
names:
|
||||
plural: cams
|
||||
singular: cam
|
||||
kind: Camera
|
||||
shortNames:
|
||||
- cam
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
served: true
|
||||
storage: true
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
type: object
|
||||
properties:
|
||||
spec:
|
||||
type: object
|
||||
properties:
|
||||
roi:
|
||||
type: object
|
||||
description: Region of interest for this camera
|
||||
properties:
|
||||
threshold:
|
||||
type: integer
|
||||
description: Percentage of pixels changed within ROI to
|
||||
consider whole frame to have motion detected.
|
||||
Defaults to 5.
|
||||
enabled:
|
||||
type: boolean
|
||||
description: Whether motion detection is enabled for this
|
||||
camera. Defaults to false.
|
||||
left:
|
||||
type: integer
|
||||
description: Left boundary of ROI as
|
||||
percentage of the width of a frame.
|
||||
By default 0.
|
||||
right:
|
||||
type: integer
|
||||
description: Right boundary of ROI as
|
||||
percentage of the width of a frame.
|
||||
By default 100.
|
||||
top:
|
||||
type: integer
|
||||
description: Top boundary of ROI as
|
||||
percentage of the height of a frame
|
||||
By deafault 0.
|
||||
bottom:
|
||||
type: integer
|
||||
description: Bottom boundary of ROI as
|
||||
percentage of the height of a frame.
|
||||
By default 100.
|
||||
secretRef:
|
||||
type: string
|
||||
description: Secret that contains authentication credentials
|
||||
target:
|
||||
type: string
|
||||
description: URL of the video feed stream
|
||||
replicas:
|
||||
type: integer
|
||||
minimum: 1
|
||||
maximum: 2
|
||||
description: For highly available deployment set this to 2 or
|
||||
higher. Make sure you also run Mongo and Minio in HA
|
||||
configurations
|
||||
required: ["target"]
|
||||
required: ["spec"]
|
||||
---
|
||||
---
|
||||
apiVersion: codemowers.io/v1alpha1
|
||||
kind: ClusterOperator
|
||||
metadata:
|
||||
name: camera
|
||||
spec:
|
||||
resource:
|
||||
group: k-space.ee
|
||||
version: v1alpha1
|
||||
plural: cams
|
||||
secret:
|
||||
enabled: false
|
||||
services:
|
||||
- apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: foobar
|
||||
labels:
|
||||
component: camdetect
|
||||
spec:
|
||||
type: ClusterIP
|
||||
selector:
|
||||
app: foobar
|
||||
component: camdetect
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 5000
|
||||
deployments:
|
||||
- apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: camera-foobar
|
||||
# Make sure keel.sh pulls updates for this deployment
|
||||
annotations:
|
||||
keel.sh/policy: force
|
||||
keel.sh/trigger: poll
|
||||
spec:
|
||||
replicas: 1
|
||||
|
||||
# Make sure we do not congest the network during rollout
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxSurge: 0
|
||||
maxUnavailable: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: foobar
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
prometheus.io/scrape: 'true'
|
||||
prometheus.io/port: '5000'
|
||||
labels:
|
||||
app: foobar
|
||||
component: camdetect
|
||||
spec:
|
||||
containers:
|
||||
- name: camdetect
|
||||
image: harbor.k-space.ee/k-space/camera-motion-detect:latest
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /readyz
|
||||
port: 5000
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 180
|
||||
timeoutSeconds: 60
|
||||
ports:
|
||||
- containerPort: 5000
|
||||
name: "http"
|
||||
resources:
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "200m"
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "1"
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
command:
|
||||
- /app/camdetect.py
|
||||
- http://user@foobar.cam.k-space.ee:8080/?action=stream
|
||||
env:
|
||||
- name: SOURCE_NAME
|
||||
value: foobar
|
||||
- name: S3_BUCKET_NAME
|
||||
value: application
|
||||
- name: S3_ENDPOINT_URL
|
||||
value: http://minio
|
||||
- name: BASIC_AUTH_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: camera-secrets
|
||||
key: password
|
||||
- name: MONGO_URI
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: mongodb-application-readwrite
|
||||
key: connectionString.standard
|
||||
- name: AWS_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: minio-secret
|
||||
key: secretkey
|
||||
- name: AWS_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: minio-secret
|
||||
key: accesskey
|
||||
|
||||
# Make sure 2+ pods of same camera are scheduled on different hosts
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app
|
||||
operator: In
|
||||
values:
|
||||
- foobar
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
# Make sure camera deployments are spread over workers
|
||||
topologySpreadConstraints:
|
||||
- maxSkew: 1
|
||||
topologyKey: kubernetes.io/hostname
|
||||
whenUnsatisfiable: DoNotSchedule
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
app: foobar
|
||||
component: camdetect
|
||||
---
|
||||
apiVersion: k-space.ee/v1alpha1
|
||||
kind: Camera
|
||||
metadata:
|
||||
name: workshop
|
||||
spec:
|
||||
target: http://user@workshop.cam.k-space.ee:8080/?action=stream
|
||||
secretRef: camera-secrets
|
||||
---
|
||||
apiVersion: k-space.ee/v1alpha1
|
||||
kind: Camera
|
||||
metadata:
|
||||
name: server-room
|
||||
spec:
|
||||
target: http://user@server-room.cam.k-space.ee:8080/?action=stream
|
||||
secretRef: camera-secrets
|
||||
---
|
||||
apiVersion: k-space.ee/v1alpha1
|
||||
kind: Camera
|
||||
metadata:
|
||||
name: printer
|
||||
spec:
|
||||
target: http://user@printer.cam.k-space.ee:8080/?action=stream
|
||||
secretRef: camera-secrets
|
||||
---
|
||||
apiVersion: k-space.ee/v1alpha1
|
||||
kind: Camera
|
||||
metadata:
|
||||
name: chaos
|
||||
spec:
|
||||
target: http://user@chaos.cam.k-space.ee:8080/?action=stream
|
||||
secretRef: camera-secrets
|
||||
---
|
||||
apiVersion: k-space.ee/v1alpha1
|
||||
kind: Camera
|
||||
metadata:
|
||||
name: cyber
|
||||
spec:
|
||||
target: http://user@cyber.cam.k-space.ee:8080/?action=stream
|
||||
secretRef: camera-secrets
|
||||
---
|
||||
apiVersion: k-space.ee/v1alpha1
|
||||
kind: Camera
|
||||
metadata:
|
||||
name: kitchen
|
||||
spec:
|
||||
target: http://user@kitchen.cam.k-space.ee:8080/?action=stream
|
||||
secretRef: camera-secrets
|
||||
---
|
||||
apiVersion: k-space.ee/v1alpha1
|
||||
kind: Camera
|
||||
metadata:
|
||||
name: back-door
|
||||
spec:
|
||||
target: http://user@back-door.cam.k-space.ee:8080/?action=stream
|
||||
secretRef: camera-secrets
|
||||
---
|
||||
apiVersion: k-space.ee/v1alpha1
|
||||
kind: Camera
|
||||
metadata:
|
||||
name: ground-door
|
||||
spec:
|
||||
target: http://user@ground-door.cam.k-space.ee:8080/?action=stream
|
||||
secretRef: camera-secrets
|
||||
|
@ -174,6 +174,7 @@ rules:
|
||||
- delete
|
||||
- list
|
||||
- update
|
||||
- patch
|
||||
- apiGroups:
|
||||
- codemowers.io
|
||||
resources:
|
||||
|
Loading…
Reference in New Issue
Block a user