forked from k-space/kube
camtiler: Formatting, networkpolicy and labeling fixes
This commit is contained in:
parent
7ae75f2f1c
commit
6e0e7f4349
@ -1,3 +1,4 @@
|
|||||||
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
metadata:
|
metadata:
|
||||||
@ -114,8 +115,8 @@ spec:
|
|||||||
selector:
|
selector:
|
||||||
app.kubernetes.io/name: log-viewer-frontend
|
app.kubernetes.io/name: log-viewer-frontend
|
||||||
ports:
|
ports:
|
||||||
- protocol: TCP
|
- protocol: TCP
|
||||||
port: 3003
|
port: 3003
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
@ -126,8 +127,8 @@ spec:
|
|||||||
selector:
|
selector:
|
||||||
app.kubernetes.io/name: log-viewer-backend
|
app.kubernetes.io/name: log-viewer-backend
|
||||||
ports:
|
ports:
|
||||||
- protocol: TCP
|
- protocol: TCP
|
||||||
port: 3002
|
port: 3002
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
@ -141,8 +142,8 @@ spec:
|
|||||||
app.kubernetes.io/name: camtiler
|
app.kubernetes.io/name: camtiler
|
||||||
component: camtiler
|
component: camtiler
|
||||||
ports:
|
ports:
|
||||||
- protocol: TCP
|
- protocol: TCP
|
||||||
port: 5001
|
port: 5001
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ServiceAccount
|
kind: ServiceAccount
|
||||||
@ -154,18 +155,21 @@ apiVersion: rbac.authorization.k8s.io/v1
|
|||||||
metadata:
|
metadata:
|
||||||
name: camtiler
|
name: camtiler
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: [""]
|
- apiGroups:
|
||||||
resources: ["services"]
|
- ""
|
||||||
verbs: ["list"]
|
resources:
|
||||||
|
- services
|
||||||
|
verbs:
|
||||||
|
- list
|
||||||
---
|
---
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
metadata:
|
metadata:
|
||||||
name: camtiler
|
name: camtiler
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: camtiler
|
name: camtiler
|
||||||
apiGroup: ""
|
apiGroup: ""
|
||||||
roleRef:
|
roleRef:
|
||||||
kind: Role
|
kind: Role
|
||||||
name: camtiler
|
name: camtiler
|
||||||
@ -204,34 +208,34 @@ metadata:
|
|||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: cams.k-space.ee
|
- host: cams.k-space.ee
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- pathType: Prefix
|
- pathType: Prefix
|
||||||
path: "/tiled"
|
path: "/tiled"
|
||||||
backend:
|
backend:
|
||||||
service:
|
service:
|
||||||
name: camtiler
|
name: camtiler
|
||||||
port:
|
port:
|
||||||
number: 5001
|
number: 5001
|
||||||
- pathType: Prefix
|
- pathType: Prefix
|
||||||
path: "/events"
|
path: "/events"
|
||||||
backend:
|
backend:
|
||||||
service:
|
service:
|
||||||
name: log-viewer-backend
|
name: log-viewer-backend
|
||||||
port:
|
port:
|
||||||
number: 3002
|
number: 3002
|
||||||
- pathType: Prefix
|
- pathType: Prefix
|
||||||
path: "/"
|
path: "/"
|
||||||
backend:
|
backend:
|
||||||
service:
|
service:
|
||||||
name: log-viewer-frontend
|
name: log-viewer-frontend
|
||||||
port:
|
port:
|
||||||
number: 3003
|
number: 3003
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- cams.k-space.ee
|
- cams.k-space.ee
|
||||||
secretName: camtiler-tls
|
secretName: camtiler-tls
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: NetworkPolicy
|
kind: NetworkPolicy
|
||||||
@ -242,37 +246,37 @@ spec:
|
|||||||
matchLabels:
|
matchLabels:
|
||||||
component: camdetect
|
component: camdetect
|
||||||
policyTypes:
|
policyTypes:
|
||||||
- Ingress
|
- Ingress
|
||||||
- Egress
|
- Egress
|
||||||
ingress:
|
ingress:
|
||||||
- from:
|
- from:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
component: camtiler
|
component: camtiler
|
||||||
- from:
|
- from:
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/metadata.name: prometheus-operator
|
kubernetes.io/metadata.name: prometheus-operator
|
||||||
podSelector:
|
podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: prometheus
|
app.kubernetes.io/name: prometheus
|
||||||
egress:
|
egress:
|
||||||
- to:
|
- to:
|
||||||
- ipBlock:
|
- ipBlock:
|
||||||
# Permit access to cameras outside the cluster
|
# Permit access to cameras outside the cluster
|
||||||
cidr: 100.102.0.0/16
|
cidr: 100.102.0.0/16
|
||||||
- to:
|
- to:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: mongodb-svc
|
app: mongodb-svc
|
||||||
ports:
|
ports:
|
||||||
- port: 27017
|
- port: 27017
|
||||||
- to:
|
- to:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
v1.min.io/tenant: minio
|
v1.min.io/tenant: minio
|
||||||
ports:
|
ports:
|
||||||
- port: 9000
|
- port: 9000
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: NetworkPolicy
|
kind: NetworkPolicy
|
||||||
@ -283,30 +287,30 @@ spec:
|
|||||||
matchLabels:
|
matchLabels:
|
||||||
component: camtiler
|
component: camtiler
|
||||||
policyTypes:
|
policyTypes:
|
||||||
- Ingress
|
- Ingress
|
||||||
- Egress
|
- Egress
|
||||||
egress:
|
egress:
|
||||||
- to:
|
- to:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
component: camdetect
|
component: camdetect
|
||||||
ports:
|
ports:
|
||||||
- port: 5000
|
- port: 5000
|
||||||
ingress:
|
ingress:
|
||||||
- from:
|
- from:
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/metadata.name: prometheus-operator
|
kubernetes.io/metadata.name: prometheus-operator
|
||||||
podSelector:
|
podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: prometheus
|
app.kubernetes.io/name: prometheus
|
||||||
- from:
|
- from:
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/metadata.name: traefik
|
kubernetes.io/metadata.name: traefik
|
||||||
podSelector:
|
podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: traefik
|
app.kubernetes.io/name: traefik
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: NetworkPolicy
|
kind: NetworkPolicy
|
||||||
@ -317,25 +321,29 @@ spec:
|
|||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: log-viewer-backend
|
app.kubernetes.io/name: log-viewer-backend
|
||||||
policyTypes:
|
policyTypes:
|
||||||
- Ingress
|
- Ingress
|
||||||
- Egress
|
- Egress
|
||||||
egress:
|
egress:
|
||||||
- to:
|
- to:
|
||||||
- podSelector:
|
- podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: mongodb-svc
|
app: mongodb-svc
|
||||||
- to:
|
- to:
|
||||||
- ipBlock:
|
# Minio access via Traefik's public endpoint
|
||||||
# Minio is accessed thru public endpoint via Traefik
|
- namespaceSelector:
|
||||||
cidr: 193.40.103.0/24
|
matchLabels:
|
||||||
|
kubernetes.io/metadata.name: traefik
|
||||||
|
podSelector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: traefik
|
||||||
ingress:
|
ingress:
|
||||||
- from:
|
- from:
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/metadata.name: traefik
|
kubernetes.io/metadata.name: traefik
|
||||||
podSelector:
|
podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: traefik
|
app.kubernetes.io/name: traefik
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: NetworkPolicy
|
kind: NetworkPolicy
|
||||||
@ -346,16 +354,16 @@ spec:
|
|||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: log-viewer-frontend
|
app.kubernetes.io/name: log-viewer-frontend
|
||||||
policyTypes:
|
policyTypes:
|
||||||
- Ingress
|
- Ingress
|
||||||
- Egress
|
- Egress
|
||||||
ingress:
|
ingress:
|
||||||
- from:
|
- from:
|
||||||
- namespaceSelector:
|
- namespaceSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
kubernetes.io/metadata.name: traefik
|
kubernetes.io/metadata.name: traefik
|
||||||
podSelector:
|
podSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: traefik
|
app.kubernetes.io/name: traefik
|
||||||
---
|
---
|
||||||
apiVersion: networking.k8s.io/v1
|
apiVersion: networking.k8s.io/v1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
@ -369,93 +377,93 @@ metadata:
|
|||||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: cams-s3.k-space.ee
|
- host: cams-s3.k-space.ee
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- pathType: Prefix
|
- pathType: Prefix
|
||||||
path: "/"
|
path: "/"
|
||||||
backend:
|
backend:
|
||||||
service:
|
service:
|
||||||
name: minio
|
name: minio
|
||||||
port:
|
port:
|
||||||
number: 80
|
number: 80
|
||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- cams-s3.k-space.ee
|
- cams-s3.k-space.ee
|
||||||
secretName: cams-s3-tls
|
secretName: cams-s3-tls
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
name: cams.k-space.ee
|
name: cams.k-space.ee
|
||||||
spec:
|
spec:
|
||||||
group: k-space.ee
|
group: k-space.ee
|
||||||
names:
|
names:
|
||||||
plural: cams
|
plural: cams
|
||||||
singular: cam
|
singular: cam
|
||||||
kind: Camera
|
kind: Camera
|
||||||
shortNames:
|
shortNames:
|
||||||
- cam
|
- cam
|
||||||
scope: Namespaced
|
scope: Namespaced
|
||||||
versions:
|
versions:
|
||||||
- name: v1alpha1
|
- name: v1alpha1
|
||||||
served: true
|
served: true
|
||||||
storage: true
|
storage: true
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
type: object
|
type: object
|
||||||
properties:
|
properties:
|
||||||
spec:
|
spec:
|
||||||
type: object
|
type: object
|
||||||
properties:
|
properties:
|
||||||
roi:
|
roi:
|
||||||
type: object
|
type: object
|
||||||
description: Region of interest for this camera
|
description: Region of interest for this camera
|
||||||
properties:
|
properties:
|
||||||
threshold:
|
threshold:
|
||||||
type: integer
|
type: integer
|
||||||
description: Percentage of pixels changed within ROI to
|
description: Percentage of pixels changed within ROI to
|
||||||
consider whole frame to have motion detected.
|
consider whole frame to have motion detected.
|
||||||
Defaults to 5.
|
Defaults to 5.
|
||||||
enabled:
|
enabled:
|
||||||
type: boolean
|
type: boolean
|
||||||
description: Whether motion detection is enabled for this
|
description: Whether motion detection is enabled for this
|
||||||
camera. Defaults to false.
|
camera. Defaults to false.
|
||||||
left:
|
left:
|
||||||
type: integer
|
type: integer
|
||||||
description: Left boundary of ROI as
|
description: Left boundary of ROI as
|
||||||
percentage of the width of a frame.
|
percentage of the width of a frame.
|
||||||
By default 0.
|
By default 0.
|
||||||
right:
|
right:
|
||||||
type: integer
|
type: integer
|
||||||
description: Right boundary of ROI as
|
description: Right boundary of ROI as
|
||||||
percentage of the width of a frame.
|
percentage of the width of a frame.
|
||||||
By default 100.
|
By default 100.
|
||||||
top:
|
top:
|
||||||
type: integer
|
type: integer
|
||||||
description: Top boundary of ROI as
|
description: Top boundary of ROI as
|
||||||
percentage of the height of a frame
|
percentage of the height of a frame
|
||||||
By deafault 0.
|
By deafault 0.
|
||||||
bottom:
|
bottom:
|
||||||
type: integer
|
type: integer
|
||||||
description: Bottom boundary of ROI as
|
description: Bottom boundary of ROI as
|
||||||
percentage of the height of a frame.
|
percentage of the height of a frame.
|
||||||
By default 100.
|
By default 100.
|
||||||
secretRef:
|
secretRef:
|
||||||
type: string
|
type: string
|
||||||
description: Secret that contains authentication credentials
|
description: Secret that contains authentication credentials
|
||||||
target:
|
target:
|
||||||
type: string
|
type: string
|
||||||
description: URL of the video feed stream
|
description: URL of the video feed stream
|
||||||
replicas:
|
replicas:
|
||||||
type: integer
|
type: integer
|
||||||
minimum: 1
|
minimum: 1
|
||||||
maximum: 2
|
maximum: 2
|
||||||
description: For highly available deployment set this to 2 or
|
description: For highly available deployment set this to 2 or
|
||||||
higher. Make sure you also run Mongo and Minio in HA
|
higher. Make sure you also run Mongo and Minio in HA
|
||||||
configurations
|
configurations
|
||||||
required: ["target"]
|
required: ["target"]
|
||||||
required: ["spec"]
|
required: ["spec"]
|
||||||
---
|
---
|
||||||
apiVersion: codemowers.io/v1alpha1
|
apiVersion: codemowers.io/v1alpha1
|
||||||
kind: ClusterOperator
|
kind: ClusterOperator
|
||||||
@ -481,9 +489,9 @@ spec:
|
|||||||
app.kubernetes.io/name: foobar
|
app.kubernetes.io/name: foobar
|
||||||
component: camdetect
|
component: camdetect
|
||||||
ports:
|
ports:
|
||||||
- protocol: TCP
|
- protocol: TCP
|
||||||
port: 80
|
port: 80
|
||||||
targetPort: 5000
|
targetPort: 5000
|
||||||
deployments:
|
deployments:
|
||||||
- apiVersion: apps/v1
|
- apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
@ -522,14 +530,14 @@ spec:
|
|||||||
periodSeconds: 180
|
periodSeconds: 180
|
||||||
timeoutSeconds: 60
|
timeoutSeconds: 60
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 5000
|
- containerPort: 5000
|
||||||
name: "http"
|
name: "http"
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: "64Mi"
|
memory: "64Mi"
|
||||||
cpu: "200m"
|
cpu: "200m"
|
||||||
limits:
|
limits:
|
||||||
memory: "128Mi"
|
memory: "256Mi"
|
||||||
cpu: "1"
|
cpu: "1"
|
||||||
securityContext:
|
securityContext:
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
@ -580,13 +588,13 @@ spec:
|
|||||||
|
|
||||||
# Make sure camera deployments are spread over workers
|
# Make sure camera deployments are spread over workers
|
||||||
topologySpreadConstraints:
|
topologySpreadConstraints:
|
||||||
- maxSkew: 1
|
- maxSkew: 1
|
||||||
topologyKey: kubernetes.io/hostname
|
topologyKey: kubernetes.io/hostname
|
||||||
whenUnsatisfiable: DoNotSchedule
|
whenUnsatisfiable: DoNotSchedule
|
||||||
labelSelector:
|
labelSelector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: foobar
|
app.kubernetes.io/name: foobar
|
||||||
component: camdetect
|
component: camdetect
|
||||||
---
|
---
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: PodMonitor
|
kind: PodMonitor
|
||||||
@ -595,44 +603,48 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
selector: {}
|
selector: {}
|
||||||
podMetricsEndpoints:
|
podMetricsEndpoints:
|
||||||
- port: http
|
- port: http
|
||||||
|
podTargetLabels:
|
||||||
|
- app.kubernetes.io/name
|
||||||
---
|
---
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: PrometheusRule
|
kind: PrometheusRule
|
||||||
metadata:
|
metadata:
|
||||||
name: cameras
|
name: cameras
|
||||||
spec:
|
spec:
|
||||||
groups:
|
groups:
|
||||||
- name: cameras
|
- name: cameras
|
||||||
rules:
|
rules:
|
||||||
- alert: CameraLost
|
- alert: CameraLost
|
||||||
expr: rate(camdetect_rx_frames_total[2m]) < 1
|
expr: rate(camdetect_rx_frames_total[2m]) < 1
|
||||||
for: 2m
|
for: 2m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: Camera feed stopped
|
summary: Camera feed stopped
|
||||||
- alert: CameraServerRoomMotion
|
- alert: CameraServerRoomMotion
|
||||||
expr: camdetect_event_active {app="camdetect-server-room"} > 0
|
expr: camdetect_event_active {app="camdetect-server-room"} > 0
|
||||||
for: 1m
|
for: 1m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: Motion was detected in server room
|
summary: Motion was detected in server room
|
||||||
- alert: CameraSlowUploads
|
- alert: CameraSlowUploads
|
||||||
expr: rate(camdetect_upload_dropped_frames_total[2m]) > 1
|
expr: rate(camdetect_upload_dropped_frames_total[2m]) > 1
|
||||||
for: 5m
|
for: 5m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
summary: Motion detect snapshots are piling up and not getting uploaded to S3
|
summary: Motion detect snapshots are piling up and
|
||||||
- alert: CameraSlowProcessing
|
not getting uploaded to S3
|
||||||
expr: rate(camdetect_download_dropped_frames_total[2m]) > 1
|
- alert: CameraSlowProcessing
|
||||||
for: 5m
|
expr: rate(camdetect_download_dropped_frames_total[2m]) > 1
|
||||||
labels:
|
for: 5m
|
||||||
severity: warning
|
labels:
|
||||||
annotations:
|
severity: warning
|
||||||
summary: Motion detection processing pipeline is not keeping up with incoming frames
|
annotations:
|
||||||
|
summary: Motion detection processing pipeline is not keeping up
|
||||||
|
with incoming frames
|
||||||
---
|
---
|
||||||
apiVersion: k-space.ee/v1alpha1
|
apiVersion: k-space.ee/v1alpha1
|
||||||
kind: Camera
|
kind: Camera
|
||||||
|
Loading…
Reference in New Issue
Block a user