From 3f119c515cfbb1f85caa40f855aec456968407e6 Mon Sep 17 00:00:00 2001 From: Lumpiasty Date: Sun, 29 Jun 2025 00:32:32 +0200 Subject: [PATCH] add cameras to frigate --- apps/frigate/kustomization.yaml | 1 + apps/frigate/release.yaml | 26 +++++++++++++-- apps/frigate/secret.yaml | 38 ++++++++++++++++++++++ vault/kubernetes-roles/frigate-camera.yaml | 6 ++++ vault/policy/frigate.hcl | 4 +++ 5 files changed, 72 insertions(+), 3 deletions(-) create mode 100644 apps/frigate/secret.yaml create mode 100644 vault/kubernetes-roles/frigate-camera.yaml create mode 100644 vault/policy/frigate.hcl diff --git a/apps/frigate/kustomization.yaml b/apps/frigate/kustomization.yaml index f5a4a20..1b71f03 100644 --- a/apps/frigate/kustomization.yaml +++ b/apps/frigate/kustomization.yaml @@ -2,4 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml + - secret.yaml - release.yaml diff --git a/apps/frigate/release.yaml b/apps/frigate/release.yaml index 126b51e..4833fa0 100644 --- a/apps/frigate/release.yaml +++ b/apps/frigate/release.yaml @@ -27,14 +27,32 @@ spec: config: | mqtt: enabled: False + + record: + enabled: True + retain: + days: 90 + mode: motion + cameras: - dummy_camera: - enabled: False + dom: + enabled: True ffmpeg: inputs: - - path: rtsp://127.0.0.1:554/rtsp + - path: rtsp://{FRIGATE_RTSP_DOM_USER}:{FRIGATE_RTSP_DOM_PASSWORD}@192.168.3.10:554/Streaming/Channels/101 roles: + - audio - detect + - record + garaz: + enabled: True + ffmpeg: + inputs: + - path: rtsp://{FRIGATE_RTSP_GARAZ_USER}:{FRIGATE_RTSP_GARAZ_PASSWORD}@192.168.3.11:554/Streaming/Channels/101 + roles: + - audio + - detect + - record persistence: media: enabled: true @@ -46,3 +64,5 @@ spec: size: 100Mi storageClass: mayastor-single-hdd skipuninstall: true + envFromSecrets: + - frigate-camera-rtsp diff --git a/apps/frigate/secret.yaml b/apps/frigate/secret.yaml new file mode 100644 index 0000000..b96d39d --- /dev/null +++ b/apps/frigate/secret.yaml @@ -0,0 +1,38 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: camera + namespace: frigate +--- +apiVersion: secrets.hashicorp.com/v1beta1 +kind: VaultAuth +metadata: + name: camera + namespace: frigate +spec: + method: kubernetes + mount: kubernetes + kubernetes: + role: frigate-camera + serviceAccount: camera +--- +apiVersion: secrets.hashicorp.com/v1beta1 +kind: VaultStaticSecret +metadata: + name: frigate-camera-rtsp + namespace: frigate +spec: + type: kv-v2 + + mount: secret + path: cameras + + destination: + create: true + name: frigate-camera-rtsp + type: Opaque + transformation: + excludeRaw: true + + vaultAuthRef: camera diff --git a/vault/kubernetes-roles/frigate-camera.yaml b/vault/kubernetes-roles/frigate-camera.yaml new file mode 100644 index 0000000..2a72d14 --- /dev/null +++ b/vault/kubernetes-roles/frigate-camera.yaml @@ -0,0 +1,6 @@ +bound_service_account_names: + - camera +bound_service_account_namespaces: + - frigate +token_policies: + - frigate diff --git a/vault/policy/frigate.hcl b/vault/policy/frigate.hcl new file mode 100644 index 0000000..ca9a9e2 --- /dev/null +++ b/vault/policy/frigate.hcl @@ -0,0 +1,4 @@ + +path "secret/data/cameras" { + capabilities = ["read"] +}