Update renovate/renovate Docker tag to v41.16.2

Configure frigate webrtc
enable ingress to frigate
2025-06-29 06:00:31 +00:00 · 2025-06-29 02:10:41 +02:00 · 2025-06-29 01:14:26 +02:00 · 2025-06-29 00:34:01 +02:00
7 changed files with 131 additions and 4 deletions
--- a/apps/frigate/kustomization.yaml
+++ b/apps/frigate/kustomization.yaml
@@ -2,4 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - namespace.yaml
+  - secret.yaml
  - release.yaml
+  - webrtc-svc.yaml
--- a/apps/frigate/release.yaml
+++ b/apps/frigate/release.yaml
@@ -27,14 +27,49 @@ spec:
    config: |
      mqtt:
        enabled: False
+
+      tls:
+        enabled: False
+
+      auth:
+        enabled: True
+        cookie_secure: True
+
+      record:
+        enabled: True
+        retain:
+          days: 90
+          mode: motion
+
      cameras:
-        dummy_camera:
-          enabled: False
+        dom:
+          enabled: True
          ffmpeg:
            inputs:
-              - path: rtsp://127.0.0.1:554/rtsp
+              - path: rtsp://{FRIGATE_RTSP_DOM_USER}:{FRIGATE_RTSP_DOM_PASSWORD}@192.168.3.10:554/Streaming/Channels/101
                roles:
+                  - audio
                  - detect
+                  - record
+        garaz:
+          enabled: True
+          ffmpeg:
+            inputs:
+              - path: rtsp://{FRIGATE_RTSP_GARAZ_USER}:{FRIGATE_RTSP_GARAZ_PASSWORD}@192.168.3.11:554/Streaming/Channels/101
+                roles:
+                  - audio
+                  - detect
+                  - record
+
+      go2rtc:
+        streams:
+          dom:
+            - rtsp://{FRIGATE_RTSP_DOM_USER}:{FRIGATE_RTSP_DOM_PASSWORD_URLENCODED}@192.168.3.10:554/Streaming/Channels/101
+          garaz:
+            - rtsp://{FRIGATE_RTSP_GARAZ_USER}:{FRIGATE_RTSP_GARAZ_PASSWORD_URLENCODED}@192.168.3.11:554/Streaming/Channels/101
+        webrtc:
+          candidates:
+            - frigate-rtc.lumpiasty.xyz:8555
    persistence:
      media:
        enabled: true
@@ -46,3 +81,20 @@ spec:
        size: 100Mi
        storageClass: mayastor-single-hdd
        skipuninstall: true
+    envFromSecrets:
+      - frigate-camera-rtsp
+
+    ingress:
+      enabled: true
+      annotations:
+        cert-manager.io/cluster-issuer: letsencrypt
+        nginx.org/websocket-services: frigate
+      hosts:
+        - host: frigate.lumpiasty.xyz
+          paths:
+            - path: /
+              portName: http-auth
+      tls:
+        - hosts:
+            - frigate.lumpiasty.xyz
+          secretName: frigate-ingress
--- a/apps/frigate/secret.yaml
+++ b/apps/frigate/secret.yaml
@@ -0,0 +1,43 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: camera
+  namespace: frigate
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultAuth
+metadata:
+  name: camera
+  namespace: frigate
+spec:
+  method: kubernetes
+  mount: kubernetes
+  kubernetes:
+    role: frigate-camera
+    serviceAccount: camera
+---
+apiVersion: secrets.hashicorp.com/v1beta1
+kind: VaultStaticSecret
+metadata:
+  name: frigate-camera-rtsp
+  namespace: frigate
+spec:
+  type: kv-v2
+
+  mount: secret
+  path: cameras
+
+  destination:
+    create: true
+    name: frigate-camera-rtsp
+    type: Opaque
+    transformation:
+      excludeRaw: true
+      templates:
+        FRIGATE_RTSP_DOM_PASSWORD_URLENCODED:
+          text: '{{ urlquery (get .Secrets "FRIGATE_RTSP_DOM_PASSWORD") }}'
+        FRIGATE_RTSP_GARAZ_PASSWORD_URLENCODED:
+          text: '{{ urlquery (get .Secrets "FRIGATE_RTSP_GARAZ_PASSWORD") }}'
+
+  vaultAuthRef: camera
--- a/apps/frigate/webrtc-svc.yaml
+++ b/apps/frigate/webrtc-svc.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: go2rtc
+  namespace: frigate
+spec:
+  type: LoadBalancer
+  selector:
+    app.kubernetes.io/instance: frigate
+    app.kubernetes.io/name: frigate
+  ipFamilyPolicy: RequireDualStack
+  ports:
+    - name: webrtc-tcp
+      protocol: TCP
+      port: 8555
+      targetPort: webrtc-tcp
+    - name: webrtc-udp
+      protocol: UDP
+      port: 8555
+      targetPort: webrtc-udp
--- a/apps/renovate/cronjob.yaml
+++ b/apps/renovate/cronjob.yaml
@@ -15,7 +15,7 @@ spec:
            - name: renovate
              # Update this to the latest available and then enable Renovate on
              # the manifest
-              image: renovate/renovate:41.16.1-full
+              image: renovate/renovate:41.16.2-full
              envFrom:
                - secretRef:
                    name: renovate-gitea-token
--- a/vault/kubernetes-roles/frigate-camera.yaml
+++ b/vault/kubernetes-roles/frigate-camera.yaml
@@ -0,0 +1,6 @@
+bound_service_account_names:
+  - camera
+bound_service_account_namespaces:
+  - frigate
+token_policies:
+  - frigate
--- a/vault/policy/frigate.hcl
+++ b/vault/policy/frigate.hcl
@@ -0,0 +1,4 @@
+
+path "secret/data/cameras" {
+    capabilities = ["read"]
+}
Author	SHA1	Message	Date
Renovate Bot	5fe2d257ba	Update renovate/renovate Docker tag to v41.16.2	2025-06-29 06:00:31 +00:00
Lumpiasty	d95eb6f4ab	Configure frigate webrtc	2025-06-29 02:10:41 +02:00
Lumpiasty	5252f209f5	enable ingress to frigate	2025-06-29 01:14:26 +02:00
Lumpiasty	e7348b2718	add cameras to frigate	2025-06-29 00:34:01 +02:00