forked from k-space/kube
		
	Switch cameras to meta-operator
This commit is contained in:
		| @@ -7,7 +7,7 @@ metadata: | ||||
|     keel.sh/trigger: poll | ||||
| spec: | ||||
|   revisionHistoryLimit: 0 | ||||
|   replicas: 1 | ||||
|   replicas: 2 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: camtiler | ||||
| @@ -232,94 +232,6 @@ spec: | ||||
|     - cams.k-space.ee | ||||
|     secretName: camtiler-tls | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: StatefulSet | ||||
| metadata: | ||||
|   name: camera-operator | ||||
|   annotations: | ||||
|     keel.sh/policy: force | ||||
|     keel.sh/trigger: poll | ||||
| spec: | ||||
|   revisionHistoryLimit: 0 | ||||
|   replicas: 1 | ||||
|   serviceName: camera-operator | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: camera-operator | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: camera-operator | ||||
|     spec: | ||||
|       serviceAccount: camera-operator | ||||
|       containers: | ||||
|         - name: camera-operator | ||||
|           image: harbor.k-space.ee/k-space/camera-operator:latest | ||||
|           securityContext: | ||||
|             readOnlyRootFilesystem: true | ||||
|             runAsNonRoot: true | ||||
|             runAsUser: 1000 | ||||
|           env: | ||||
|             - name: MY_POD_NAMESPACE | ||||
|               valueFrom: | ||||
|                 fieldRef: | ||||
|                   fieldPath: metadata.namespace | ||||
| --- | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| kind: Role | ||||
| metadata: | ||||
|   name: camera-operator | ||||
| rules: | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - secrets | ||||
|   verbs: | ||||
|   - get | ||||
| - apiGroups: | ||||
|   - "" | ||||
|   resources: | ||||
|   - services | ||||
|   verbs: | ||||
|   - create | ||||
|   - delete | ||||
|   - list | ||||
|   - update | ||||
| - apiGroups: | ||||
|   - apps | ||||
|   resources: | ||||
|   - deployments | ||||
|   verbs: | ||||
|   - create | ||||
|   - delete | ||||
|   - list | ||||
|   - update | ||||
| - apiGroups: | ||||
|   - k-space.ee | ||||
|   resources: | ||||
|   - cams | ||||
|   verbs: | ||||
|   - get | ||||
|   - list | ||||
|   - watch | ||||
| --- | ||||
| kind: RoleBinding | ||||
| apiVersion: rbac.authorization.k8s.io/v1 | ||||
| metadata: | ||||
|   name: camera-operator | ||||
| subjects: | ||||
| - kind: ServiceAccount | ||||
|   name: camera-operator | ||||
| roleRef: | ||||
|   kind: Role | ||||
|   name: camera-operator | ||||
|   apiGroup: rbac.authorization.k8s.io | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ServiceAccount | ||||
| metadata: | ||||
|   name: camera-operator | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: NetworkPolicy | ||||
| metadata: | ||||
| @@ -472,3 +384,275 @@ spec: | ||||
|   - hosts: | ||||
|     - cams-s3.k-space.ee | ||||
|     secretName: cams-s3-tls | ||||
| --- | ||||
| apiVersion: apiextensions.k8s.io/v1 | ||||
| kind: CustomResourceDefinition | ||||
| metadata: | ||||
|  name: cams.k-space.ee | ||||
| spec: | ||||
|  group: k-space.ee | ||||
|  names: | ||||
|    plural: cams | ||||
|    singular: cam | ||||
|    kind: Camera | ||||
|    shortNames: | ||||
|    - cam | ||||
|  scope: Namespaced | ||||
|  versions: | ||||
|    - name: v1alpha1 | ||||
|      served: true | ||||
|      storage: true | ||||
|      schema: | ||||
|        openAPIV3Schema: | ||||
|          type: object | ||||
|          properties: | ||||
|            spec: | ||||
|              type: object | ||||
|              properties: | ||||
|                roi: | ||||
|                  type: object | ||||
|                  description: Region of interest for this camera | ||||
|                  properties: | ||||
|                    threshold: | ||||
|                      type: integer | ||||
|                      description: Percentage of pixels changed within ROI to | ||||
|                        consider whole frame to have motion detected. | ||||
|                        Defaults to 5. | ||||
|                    enabled: | ||||
|                      type: boolean | ||||
|                      description: Whether motion detection is enabled for this | ||||
|                        camera. Defaults to false. | ||||
|                    left: | ||||
|                      type: integer | ||||
|                      description: Left boundary of ROI as | ||||
|                        percentage of the width of a frame. | ||||
|                        By default 0. | ||||
|                    right: | ||||
|                      type: integer | ||||
|                      description: Right boundary of ROI as | ||||
|                        percentage of the width of a frame. | ||||
|                        By default 100. | ||||
|                    top: | ||||
|                      type: integer | ||||
|                      description: Top boundary of ROI as | ||||
|                        percentage of the height of a frame | ||||
|                        By deafault 0. | ||||
|                    bottom: | ||||
|                      type: integer | ||||
|                      description: Bottom boundary of ROI as | ||||
|                        percentage of the height of a frame. | ||||
|                        By default 100. | ||||
|                secretRef: | ||||
|                  type: string | ||||
|                  description: Secret that contains authentication credentials | ||||
|                target: | ||||
|                  type: string | ||||
|                  description: URL of the video feed stream | ||||
|                replicas: | ||||
|                  type: integer | ||||
|                  minimum: 1 | ||||
|                  maximum: 2 | ||||
|                  description: For highly available deployment set this to 2 or | ||||
|                    higher. Make sure you also run Mongo and Minio in HA | ||||
|                    configurations | ||||
|              required: ["target"] | ||||
|          required: ["spec"] | ||||
| --- | ||||
| --- | ||||
| apiVersion: codemowers.io/v1alpha1 | ||||
| kind: ClusterOperator | ||||
| metadata: | ||||
|   name: camera | ||||
| spec: | ||||
|   resource: | ||||
|     group: k-space.ee | ||||
|     version: v1alpha1 | ||||
|     plural: cams | ||||
|   secret: | ||||
|     enabled: false | ||||
|   services: | ||||
|     - apiVersion: v1 | ||||
|       kind: Service | ||||
|       metadata: | ||||
|         name: foobar | ||||
|         labels: | ||||
|           component: camdetect | ||||
|       spec: | ||||
|         type: ClusterIP | ||||
|         selector: | ||||
|           app: foobar | ||||
|           component: camdetect | ||||
|         ports: | ||||
|         - protocol: TCP | ||||
|           port: 80 | ||||
|           targetPort: 5000 | ||||
|   deployments: | ||||
|     - apiVersion: apps/v1 | ||||
|       kind: Deployment | ||||
|       metadata: | ||||
|         name: camera-foobar | ||||
|         # Make sure keel.sh pulls updates for this deployment | ||||
|         annotations: | ||||
|           keel.sh/policy: force | ||||
|           keel.sh/trigger: poll | ||||
|       spec: | ||||
|         replicas: 1 | ||||
|  | ||||
|         # Make sure we do not congest the network during rollout | ||||
|         strategy: | ||||
|           type: RollingUpdate | ||||
|           rollingUpdate: | ||||
|             maxSurge: 0 | ||||
|             maxUnavailable: 1 | ||||
|         selector: | ||||
|           matchLabels: | ||||
|             app: foobar | ||||
|         template: | ||||
|           metadata: | ||||
|             annotations: | ||||
|               prometheus.io/scrape: 'true' | ||||
|               prometheus.io/port: '5000' | ||||
|             labels: | ||||
|               app: foobar | ||||
|               component: camdetect | ||||
|           spec: | ||||
|             containers: | ||||
|               - name: camdetect | ||||
|                 image: harbor.k-space.ee/k-space/camera-motion-detect:latest | ||||
|                 readinessProbe: | ||||
|                   httpGet: | ||||
|                     path: /readyz | ||||
|                     port: 5000 | ||||
|                   initialDelaySeconds: 10 | ||||
|                   periodSeconds: 180 | ||||
|                   timeoutSeconds: 60 | ||||
|                 ports: | ||||
|                 - containerPort: 5000 | ||||
|                   name: "http" | ||||
|                 resources: | ||||
|                   requests: | ||||
|                     memory: "64Mi" | ||||
|                     cpu: "200m" | ||||
|                   limits: | ||||
|                     memory: "128Mi" | ||||
|                     cpu: "1" | ||||
|                 securityContext: | ||||
|                   readOnlyRootFilesystem: true | ||||
|                   runAsNonRoot: true | ||||
|                   runAsUser: 1000 | ||||
|                 command: | ||||
|                   - /app/camdetect.py | ||||
|                   - http://user@foobar.cam.k-space.ee:8080/?action=stream | ||||
|                 env: | ||||
|                   - name: SOURCE_NAME | ||||
|                     value: foobar | ||||
|                   - name: S3_BUCKET_NAME | ||||
|                     value: application | ||||
|                   - name: S3_ENDPOINT_URL | ||||
|                     value: http://minio | ||||
|                   - name: BASIC_AUTH_PASSWORD | ||||
|                     valueFrom: | ||||
|                       secretKeyRef: | ||||
|                         name: camera-secrets | ||||
|                         key: password | ||||
|                   - name: MONGO_URI | ||||
|                     valueFrom: | ||||
|                       secretKeyRef: | ||||
|                         name: mongodb-application-readwrite | ||||
|                         key: connectionString.standard | ||||
|                   - name: AWS_SECRET_ACCESS_KEY | ||||
|                     valueFrom: | ||||
|                       secretKeyRef: | ||||
|                         name: minio-secret | ||||
|                         key: secretkey | ||||
|                   - name: AWS_ACCESS_KEY_ID | ||||
|                     valueFrom: | ||||
|                       secretKeyRef: | ||||
|                         name: minio-secret | ||||
|                         key: accesskey | ||||
|  | ||||
|             # Make sure 2+ pods of same camera are scheduled on different hosts | ||||
|             affinity: | ||||
|               podAntiAffinity: | ||||
|                 requiredDuringSchedulingIgnoredDuringExecution: | ||||
|                   - labelSelector: | ||||
|                       matchExpressions: | ||||
|                         - key: app | ||||
|                           operator: In | ||||
|                           values: | ||||
|                             - foobar | ||||
|                     topologyKey: kubernetes.io/hostname | ||||
|  | ||||
|             # Make sure camera deployments are spread over workers | ||||
|             topologySpreadConstraints: | ||||
|             - maxSkew: 1 | ||||
|               topologyKey: kubernetes.io/hostname | ||||
|               whenUnsatisfiable: DoNotSchedule | ||||
|               labelSelector: | ||||
|                 matchLabels: | ||||
|                   app: foobar | ||||
|                   component: camdetect | ||||
| --- | ||||
| apiVersion: k-space.ee/v1alpha1 | ||||
| kind: Camera | ||||
| metadata: | ||||
|   name: workshop | ||||
| spec: | ||||
|   target: http://user@workshop.cam.k-space.ee:8080/?action=stream | ||||
|   secretRef: camera-secrets | ||||
| --- | ||||
| apiVersion: k-space.ee/v1alpha1 | ||||
| kind: Camera | ||||
| metadata: | ||||
|   name: server-room | ||||
| spec: | ||||
|   target: http://user@server-room.cam.k-space.ee:8080/?action=stream | ||||
|   secretRef: camera-secrets | ||||
| --- | ||||
| apiVersion: k-space.ee/v1alpha1 | ||||
| kind: Camera | ||||
| metadata: | ||||
|   name: printer | ||||
| spec: | ||||
|   target: http://user@printer.cam.k-space.ee:8080/?action=stream | ||||
|   secretRef: camera-secrets | ||||
| --- | ||||
| apiVersion: k-space.ee/v1alpha1 | ||||
| kind: Camera | ||||
| metadata: | ||||
|   name: chaos | ||||
| spec: | ||||
|   target: http://user@chaos.cam.k-space.ee:8080/?action=stream | ||||
|   secretRef: camera-secrets | ||||
| --- | ||||
| apiVersion: k-space.ee/v1alpha1 | ||||
| kind: Camera | ||||
| metadata: | ||||
|   name: cyber | ||||
| spec: | ||||
|   target: http://user@cyber.cam.k-space.ee:8080/?action=stream | ||||
|   secretRef: camera-secrets | ||||
| --- | ||||
| apiVersion: k-space.ee/v1alpha1 | ||||
| kind: Camera | ||||
| metadata: | ||||
|   name: kitchen | ||||
| spec: | ||||
|   target: http://user@kitchen.cam.k-space.ee:8080/?action=stream | ||||
|   secretRef: camera-secrets | ||||
| --- | ||||
| apiVersion: k-space.ee/v1alpha1 | ||||
| kind: Camera | ||||
| metadata: | ||||
|   name: back-door | ||||
| spec: | ||||
|   target: http://user@back-door.cam.k-space.ee:8080/?action=stream | ||||
|   secretRef: camera-secrets | ||||
| --- | ||||
| apiVersion: k-space.ee/v1alpha1 | ||||
| kind: Camera | ||||
| metadata: | ||||
|   name: ground-door | ||||
| spec: | ||||
|   target: http://user@ground-door.cam.k-space.ee:8080/?action=stream | ||||
|   secretRef: camera-secrets | ||||
|   | ||||
		Reference in New Issue
	
	Block a user