feat: Lab moved to new hardware (#17)

homecentr · Nov 6, 2023 · 84bf068 · 84bf068
1 parent 4d8c08b
commit 84bf068
Show file tree

Hide file tree

Showing 11 changed files with 128 additions and 14 deletions.
diff --git a/apps/_index/templates/application.yaml b/apps/_index/templates/application.yaml
@@ -50,7 +50,7 @@ spec:
 
  syncPolicy:
  automated:
- selfHeal: true
+ selfHeal: {{ .selfHeal | default true }}
  prune: true
  syncOptions:
  - CreateNamespace=true

diff --git a/apps/frigate/secrets.lab.yml b/apps/frigate/secrets.lab.yml
@@ -24,8 +24,8 @@ sops:
  UmczekVFUFFUcW1EdGgxS0hYZUU3UnMKnUFWnnLE6oj09eSfbwB4okfUX8a8Pacu
  79qITPaYn54x1NbrC56jI7nAQPsiBfvITxH+zrg+vWHILkjzX0wHiQ==
  -----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-07-25T19:28:10Z"
- mac: ENC[AES256_GCM,data:hVlDc1AvhLUIyk3X9pF7OUQ4cXXL4xf2LMY7EAVQR0H2Iyih0O7j06ddUK4Z59e/wVpCYMAlvsOAogH5RUp4WrDON9PQYNjG4EZHVimy2Y+evo/JL1CW9Ll5ETlCUs+yKxcDHjVOP52FtlruMGfJeV/Ke9yq/TX5guE6Ey+qls0=,iv:VvEX3dXLH3bn4cNNR0jdVv9RGaTOrpeXWj+AENX4CMQ=,tag:PKXTSVIAx7i3qdKzpfLZXA==,type:str]
+ lastmodified: "2023-08-17T13:02:18Z"
+ mac: ENC[AES256_GCM,data:vrLEqYgcZkeSHliAaOwzL6nuC+4WDbzsBebg02Eube4ZM4bzt4JghVRJwz/U+dFDJp4KcS920LiXO2ebnfhrpnvWLStUEaXsRzmoLfVcMrlmyBExfdcT6s+7mHO1REvhsye+qLVV+YG+hSQKPJINovphg5tpiV4MgJHDpAf/JCw=,iv:1VvDaYMi8jZaCUcYx9pYmBiDysL3nc3ogWSa95I0xk4=,tag:iV05huS9X5bG13+v+V3uvA==,type:str]
  pgp:
  - created_at: "2023-07-24T15:31:55Z"
  enc: "-----BEGIN PGP MESSAGE-----\r\n\r\nhQIMA7Pg+ndCcR5CAQ//fVGKdSGAfNw70aGtih14vO7Xydkthu13SlNsPxR2p8MK\r\nu1JwbkYQq1NWrZ5/R7/v9xzKTSq52mqZZwB8AlXuSJdIUfR/PY1MgA1GHQ1xlVDf\r\nAk05DLVVUiHh092UTtFWGL5hSP6N8NxM0vuIgNPKRZ94KTlBF+DQH5OFl0sWrVc8\r\nudTBd/H6+ZS4fa+GwBuNB5UJHxkFHTnocb7k8O25b9CyuvQVgAxteKVn7EbWHvkr\r\nEZSormt7r26y1rcsbqJdyqWjjsynz11Dvel4mxD4/f5swTIiSpbBMoea+0N14ytV\r\nrEXGUf/jwo+HcI2O7brkVQa0VpXsr+kKexHZuEWL7f5+xAfYNaf6ldmjm5WpRsNv\r\n0eq7gEYNRVk9s4q23nO+Mt8sDPhtDkRUT35+VYJq53E3Rpr0AOuTnH8lEOb6syRr\r\nQY9OWpLbYv9YLF4/hUuvvROhIDfONfN/rgrFuV6IdOCL93PObdIJszFwbVNewhDp\r\nnbixqVgybeyc4ZZpflBKpzKAe8I9TO115Iw47GDnWwPFN6jbC4lX7A5jZIJlSBia\r\n2TBJ6CtSZ15stvKpEOZ7KUzJKNxK2vnlh26tYzEjaQcv0STcgjqjthjDy3xgtZa0\r\n5Iwh8FpsLPIjh9mhWjZoy4r6CXewwHptN+Ipcpya4w+3+78fIGCeQsC0+DynMxbS\r\nXgG9L7whnfELpqIeKrc/vz94eQ3SaAn+sKWTFIOmgMuCYOTh0nWGp1lyss+idO++\r\ncpc+07UF3CnCRBXEOvenFRxWSG7j3NdXg5T/Yym74RzZp0l3TocuzVTsjHdJsqs=\r\n=rQE4\r\n-----END PGP MESSAGE-----\r\n"

diff --git a/apps/frigate/templates/deployment-simulator.yml b/apps/frigate/templates/deployment-simulator.yml
@@ -0,0 +1,64 @@
+{{- if .Values.simulator.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Release.Name }}-simulator
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "common.resource-labels" . | indent 4 }}
+spec:
+ replicas: 1
+ revisionHistoryLimit: 3
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ $.Chart.Name }}
+ app.kubernetes.io/instance: {{ $.Release.Name }}-simulator
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ $.Chart.Name }}
+ app.kubernetes.io/instance: {{ $.Release.Name }}-simulator
+ spec:
+ securityContext:
+ # runAsNonRoot: false
+ # fsGroupChangePolicy: Always
+ # seccompProfile:
+ # type: RuntimeDefault
+ # seLinuxOptions:
+ # user: system_u
+ # role: system_r
+ # type: container_t
+ # level: s0:c829,c861
+ automountServiceAccountToken: false
+ containers:
+ - name: rstp
+ image: 'bluenviron/mediamtx:latest-ffmpeg'
+ imagePullPolicy: null
+ ports:
+ - name: rtsp
+ protocol: TCP
+ containerPort: 8554
+ environment:
+ - name: RTSP_PROTOCOLS
+ value: tcp
+ securityContext:
+ privileged: true # To allow using Coral USB
+ runAsNonRoot: false
+ readOnlyRootFilesystem : true
+ procMount: Default
+ # allowPrivilegeEscalation: false
+ # capabilities:
+ # drop:
+ # - ALL
+ # seccompProfile:
+ # type: RuntimeDefault
+ # seLinuxOptions:
+ # user: system_u
+ # role: system_r
+ # type: container_t
+ # level: s0:c829,c861
+ resources: {{ .Values.resources | toYaml | nindent 14 }}
+ dnsPolicy: ClusterFirst
+{{- end }}
diff --git a/apps/frigate/templates/deployment.yml b/apps/frigate/templates/deployment.yml
@@ -18,7 +18,9 @@ spec:
  labels:
  {{- include "common.pod-labels" . | indent 8 }}
  spec:
- # TODO: runtimeClassName: {{ .Values.gpu.nvidia.runtimeClassName }}
+ {{- if .Values.runtimeClassName }}
+ runtimeClassName: {{ .Values.runtimeClassName }}
+ {{- end }}
  affinity:
  nodeAffinity:
  preferredDuringSchedulingIgnoredDuringExecution:
@@ -29,7 +31,7 @@ spec:
  operator: In
  values:
  - "true"
- - key: homecentr.one/gpu
+ - key: nvidia.com/gpu.present
  operator: In
  values:
  - "true"

diff --git a/apps/frigate/templates/network-policy-simulator.yml b/apps/frigate/templates/network-policy-simulator.yml
@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ .Release.Name }}-simulator
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "common.resource-labels" . | indent 4 }}
+spec:
+ podSelector:
+ matchLabels:
+ app.kubernetes.io/name: {{ $.Chart.Name }}
+ app.kubernetes.io/instance: {{ $.Release.Name }}-simulator
+ policyTypes:
+ - Ingress
+ - Egress
+ ingress:
+ - from:
+ - ports:
+ - protocol: TCP
+ port: 8554
+ podSelector:
+ matchLabels:
+ {{- include "common.pod-labels" . | indent 14 }}
diff --git a/apps/frigate/templates/service-simulator.yml b/apps/frigate/templates/service-simulator.yml
@@ -0,0 +1,20 @@
+{{- if .Values.simulator.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Release.Name }}-simulator
+ namespace: {{ $.Release.Namespace }}
+ labels:
+ {{- include "common.resource-labels" . | indent 4 }}
+ annotations:
+ metallb.universe.tf/address-pool: cluster-ad-hoc
+spec:
+ ports:
+ - name: rtsp
+ protocol: TCP
+ port: 8554
+ selector:
+ app.kubernetes.io/name: {{ $.Chart.Name }}
+ app.kubernetes.io/instance: {{ $.Release.Name }}-simulator
+ type: ClusterIP
+{{- end }}
diff --git a/apps/frigate/values.lab.yml b/apps/frigate/values.lab.yml
@@ -9,6 +9,10 @@ resources:
 
 cameras:
  - name: cam1
- url: rtsp:https://{FRIGATE_RTSP_USER}:{FRIGATE_RTSP_PASSWORD}@10.1.6.11:554/h265Preview_01_main
- detectWidth: 1920
- detectHeight: 1080
+ url: rtsp:https://frigate-simulator.apps.svc.cluster.local:8554/mystream
+ detectWidth: 320
+ detectHeight: 240
+
+simulator:
+ enabled: true
+
diff --git a/apps/frigate/values.prod.yml b/apps/frigate/values.prod.yml
@@ -1,4 +1,7 @@
 hostname: nvr.homecentr.one
+
+runtimeClassName: nvidia
+
 resources:
  requests:
  cpu: 1000m

diff --git a/apps/haraka-relay/values.lab.yml b/apps/haraka-relay/values.lab.yml
@@ -2,8 +2,7 @@ hostname: smtp-lab.homecentr.one
 loadBalancerIp: 10.1.8.130
 
 allowedClients:
- - 10.1.3.250/32 # GitHub runner
- - 10.1.3.0/24 # TODO: Remove
+ - 10.1.8.224/27 # GitHub runners
 
 resources:
  limits:

diff --git a/apps/nvidia-device-plugin/templates/network-policy-master.yml b/apps/nvidia-device-plugin/templates/network-policy-master.yml
@@ -15,7 +15,7 @@ spec:
  - from:
  - namespaceSelector:
  matchLabels:
- kubernetes.io/metadata.name: nvidia
+ kubernetes.io/metadata.name: {{ $.Release.Namespace }}
  podSelector:
  matchLabels:
  app.kubernetes.io/name: node-feature-discovery

diff --git a/apps/nvidia-device-plugin/templates/network-policy-worker.yml b/apps/nvidia-device-plugin/templates/network-policy-worker.yml
@@ -15,10 +15,9 @@ spec:
  - from:
  - namespaceSelector:
  matchLabels:
- kubernetes.io/metadata.name: nvidia
+ kubernetes.io/metadata.name: {{ $.Release.Namespace }}
  podSelector:
  matchLabels:
  app.kubernetes.io/name: node-feature-discovery
-
  policyTypes:
- - Ingress
+ - Ingress