scottk/deployment
1
0
Fork 0
mirror of https://github.com/outbackdingo/deployment.git synced 2026-04-05 10:06:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1 from kerberos-io/public-release-1728491349

Browse Source 
A new public release - 1728491349
This commit is contained in:
Cédric Verstraeten
2024-10-09 18:32:54 +02:00
committed by GitHub
parent 13ff4a20c0 fc792314de
commit bcc3cbd2ad
2 changed files with 98 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
kerberos-hub-values.yaml
View File

@@ -12,7 +12,6 @@ license: "L/+FAwEBB2xpY2Vuc2UB/4YAAQIBB1BheWxvYWQBCgABCVNpZ25hdHVyZQEKAAAA/gMv/4
licenseServer:
url: "https://license.kerberos.io/verify"
token: "214%ˆ#ddfsf@#3rfdsgl_)23sffeqasSwefDSFNBM" # do not change otherwise Kerberos Hub will not work.
# Private Docker Registry: The registry secret is required if you have your Docker images behind a private registry.
# By default it will pull from Docker hub (https://hub.docker.com/r/kerberos).
#imagePullSecrets:
@@ -21,17 +20,13 @@ licenseServer:
# Environment: set to 'production', 'develop', 'demo', 'staging' or 'acceptance'.
# Set to 'true' if this is a private deployment.
environment: "production"
# Set to 'true' if this is a private deployment.
isPrivate: true
# If you plan a migration or doing maintenance, you can enable readonly.
# This will stop any write process to mongodb or any processing done in the Kerberos Hub pipeline.
readOnly: false
# Which network ingress you are using in your Kubernetes Cluster
ingress: "nginx" # or "traefik"
# A mongodb instance is required to store all the relevant metadata (this can be standalone or in a cluster).
mongodb:
# MongoDB URI (for example for a SaaS service like MongoDB Atlas)
@@ -43,7 +38,6 @@ mongodb:
adminDatabase: admin
username: "root"
password: "yourpassword"
# A MQTT broker (vernemq or other like mosquitto) is used to have a bi-directional
# communication between Kerberos Agents and Kerberos Hub.
# we recommend to use vernemq (as part of this installation), but a stand-alone mosquitto broker is also possible.
@@ -56,12 +50,10 @@ mqtt:
legacy:
host: ""
port: ""
# We are using a pipeline that is orchestrated through Kafka topics or RabbitMQ queues
# Events are send back and forth until the processing is done.
queueProvider: "RABBITMQ" # or "KAFKA"
queueName: "kcloud-event-queue" # This is the topic to which all events are send.
# RabbitMQ can be installed in the same cluster using a helm chart, or you can
# use a service on cloud provider like AWS, GCP, Azure, etc.
rabbitmq:
@@ -70,7 +62,6 @@ rabbitmq:
username: "yourusername"
password: "yourpassword"
exchange: ""
# If you already have a Kafka cluster you might use this instead of RabbitMQ.
kafka:
broker: "kafka1.yourdomain.com:9094" # can be internal dns name or external
@@ -78,7 +69,6 @@ kafka:
password: "yourpassword"
mechanism: "PLAIN"
security: "SASL_PLAINTEXT"
# For allowing WEBRTC a STUN and TURN server is required.
# You might want to install coturn in a seperate VM.
# -> https://help.hcltechsw.com/sametime/11.6/admin/turnserver_ubuntu.html
@@ -86,13 +76,11 @@ turn:
host: "turn:turn.yourdomain.com:8443" # this needs to be a public accessible DNS name.
username: "username1"
password: "password1"
# (optional) OpenAI integration, used for semantic search
# Langchain is used to translate text to a filter on the media page
openai:
enabled: false
apikey: "xxx"
# We have a kerberos vault component installed which contains all the
# recordings. Kerberos vault is queried to retrieve the recordings
# from the appropriate provider.
@@ -101,7 +89,6 @@ kerberosvault:
provider: "mybucket"
accesskey: "XJoi2@bgSOvOYBy#"
secretkey: " OGGqat4lXRpL@9XBYc8FUaId@5"
# Archiving is used when creating a task. The underlying recording of the task will be copied from its
# existing provider to the below archived provider. Seperate credentials are used, as it makes possible to
# specify another retention period.
@@ -117,7 +104,6 @@ kerberosvault:
provider: "a-sprite-provider"
accessKey: "xxx"
secretKey: "xxx"
email:
provider: "mailgun"
from: "support@yourdomain.com"
@@ -145,15 +131,13 @@ email:
device: "device"
alertTitle: "[Alert] Kerberos Hub detected something an event"
deviceTitle: "[Device] A Kerberos Agent's status has been changed"
# Following are all the different deployments needed to make
# Kerberos hub properly working.
kerberoshub:
api:
repository: kerberos/hub-api
repository: uugai/hub-api
pullPolicy: IfNotPresent
tag: "1.0.1384326925"
tag: "v1.0.4"
replicas: 2
jwtSecret: "I1JcwzW3A0tWJK9jnPkipbnVTpf0efMy" # change to a random value, this is for generating JWT tokens.
schema: "https"
@@ -162,7 +146,6 @@ kerberoshub:
requests:
memory: 100Mi
cpu: 250m
# E-mail templates
#volumeMounts:
# - name: custom-email-templates
@@ -177,11 +160,9 @@ kerberoshub:
# MFA issuer name
mfaIssuer: "Kerberos.io"
# Admin API's are made available for automation of Kerberos Hub.
# To access those API's (e.g. creation of owner users), an API key needs to be provided.
apiKey: "Z6GPfDdYj8mxLyy6iUJVf9yBlri9lhsW"
## Certificates
tls:
- hosts:
@@ -234,9 +215,9 @@ kerberoshub:
clientSecret: "xxx"
clientVerificationId: "" # This is only required for SSO chaining.
frontend:
repository: kerberos/hub-frontend
repository: uugai/hub-frontend
pullPolicy: IfNotPresent
tag: "1.0.1384325093"
tag: "v1.0.15"
replicas: 2
schema: "https"
url: "yourdomain.com"
@@ -244,12 +225,10 @@ kerberoshub:
requests:
memory: 50Mi
cpu: 50m
# The front-end but in read-only mode
#demoUrl: "demo.yourdomain.com"
# When migrating to another url, this might help migrating.
#legacyUrl: "legacy.yourdomain.com"
tls:
- hosts:
- "yourdomain.com"
@@ -274,11 +253,9 @@ kerberoshub:
posthog: # Posthog is used for auditing and user interaction logging
key: "xxx"
url: "https://posthog.domain.com"
# You can disable the Kerberos agent buttons, this make sense
# in a white-label setup, or where you are managing the Kerberos Agents for your customers.
hideAddAgent: "false"
# Multi tenancy (domains)
# By default the Kerberos Hub allows multi-tenancy through the concept
# of accounts and subaccounts. However through the concept of domains, you
@@ -288,7 +265,6 @@ kerberoshub:
# Page title (browser)
title: "Kerberos Hub - Video surveillance as it should be"
# You can style Kerberos hub as you wish.
# 1. we do the styling on our side and bake it in the Docker image (change the logo attribute to your company name)
# 2. you bring your own logo (set logo to 'custom'), and mount the css file and favicons.
@@ -332,7 +308,6 @@ kerberoshub:
framesPerSecondDescription: ""
mlaUtilizationDescription: ""
objectsDetectedDescription: ""
# You can add custom links to the navigation bar.
navigationLinkTitle1: ""
navigationLinkUrl1: ""
@@ -344,7 +319,6 @@ kerberoshub:
navigationLinkUrl4: ""
navigationLinkTitle5: ""
navigationLinkUrl5: ""
cleanup:
repository: kerberos/hub-cleanup
pullPolicy: IfNotPresent
@@ -361,14 +335,14 @@ kerberoshub:
requests:
memory: 10Mi
cpu: 10m
# E-mail templates
#volumeMounts:
# - name: custom-email-templates
# mountPath: /mail
#volumes:
# - name: custom-email-templates
# persistentVolumeClaim:
# claimName: custom-layout-claim
# E-mail templates
#volumeMounts:
# - name: custom-email-templates
# mountPath: /mail
#volumes:
# - name: custom-email-templates
# persistentVolumeClaim:
# claimName: custom-layout-claim
reactivate:
repository: kerberos/hub-reactivate
pullPolicy: IfNotPresent
@@ -395,7 +369,6 @@ kerberoshub:
requests:
memory: 10Mi
cpu: 10m
kerberospipeline:
event:
repository: kerberos/pipe-event
@@ -436,20 +409,20 @@ kerberospipeline:
notify:
repository: kerberos/pipe-notify
pullPolicy: IfNotPresent
tag: "1.0.7225931612"
tag: "1.0.7688338979"
replicas: 1
resources:
requests:
memory: 10Mi
cpu: 10m
# E-mail templates
#volumeMounts:
# - name: custom-email-templates
# mountPath: /mail
#volumes:
# - name: custom-email-templates
# persistentVolumeClaim:
# claimName: custom-layout-claim
# E-mail templates
#volumeMounts:
# - name: custom-email-templates
# mountPath: /mail
#volumes:
# - name: custom-email-templates
# persistentVolumeClaim:
# claimName: custom-layout-claim
notifyTest:
repository: kerberos/pipe-notify-test
pullPolicy: IfNotPresent
@@ -459,14 +432,14 @@ kerberospipeline:
requests:
memory: 10Mi
cpu: 10m
# E-mail templates
#volumeMounts:
# - name: custom-email-templates
# mountPath: /mail
#volumes:
# - name: custom-email-templates
# persistentVolumeClaim:
# claimName: custom-layout-claim
# E-mail templates
#volumeMounts:
# - name: custom-email-templates
# mountPath: /mail
#volumes:
# - name: custom-email-templates
# persistentVolumeClaim:
# claimName: custom-layout-claim
analysis:
repository: kerberos/pipe-analysis
pullPolicy: IfNotPresent

132
kerberos-vault-deployment.yaml
View File

@@ -5,16 +5,20 @@ metadata:
data:
# This is the mongodb database where data will be stored, you might use a different name if you want.
MONGODB_DATABASE_STORAGE: "KerberosStorage"
# MongoDB URI (for example for a SaaS service like MongoDB Atlas)
# If uri is set, the below properties are not used (host, adminDatabase, username, password)
#MONGODB_URI: "mongodb+srv://xx:xx@kerberos-hub.xxx.mongodb.net/?retryWrites=true&w=majority&appName=xxx"
# If you do not wish to use the URI, you can specify the individual values.
MONGODB_HOST: "mongodb.mongodb"
MONGODB_DATABASE_CREDENTIALS: "admin"
MONGODB_USERNAME: "root"
MONGODB_PASSWORD: "yourpassword"
spec:
template:
spec:
containers:
- image: uugai/vault:v1.0.3
---
# You might use a LoadBalancer service instead of a NodePort service.
# If so uncomment the LoadBalancer service below and comment the NodePort service.
@@ -27,13 +31,17 @@ metadata:
spec:
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30080 # You can specify a port in the range 30000-32767 or let Kubernetes assign one automatically
name: frontend
protocol: TCP
- port: 80
targetPort: 80
nodePort: 30080 # You can specify a port in the range 30000-32767 or let Kubernetes assign one automatically
name: frontend
protocol: TCP
selector:
app: vault
template:
spec:
containers:
- image: uugai/vault:v1.0.3
# ---
# apiVersion: v1
# kind: Service
@@ -72,62 +80,60 @@ spec:
app: vault
spec:
containers:
- name: vault
image: kerberos/vault:1.0.1398121865
#imagePullPolicy: Always
resources:
limits:
memory: 512Mi
cpu: 256m
ports:
- containerPort: 80
envFrom:
- configMapRef:
name: mongodb
# Injecting the ca-certificates inside the container.
#volumeMounts:
#- name: rootcerts
# mountPath: /etc/ssl/certs/ca-certificates.crt
# subPath: ca-certificates.crt
env:
- name: GIN_MODE
value: release
- name: KERBEROS_LOGIN_USERNAME
value: "root"
- name: KERBEROS_LOGIN_PASSWORD
value: "kerberos"
- name: vault
image: uugai/vault:v1.0.3
#imagePullPolicy: Always
resources:
limits:
memory: 512Mi
cpu: 256m
ports:
- containerPort: 80
envFrom:
- configMapRef:
name: mongodb
# Injecting the ca-certificates inside the container.
#volumeMounts:
#- name: rootcerts
# mountPath: /etc/ssl/certs/ca-certificates.crt
# subPath: ca-certificates.crt
env:
- name: GIN_MODE
value: release
- name: KERBEROS_LOGIN_USERNAME
value: "root"
- name: KERBEROS_LOGIN_PASSWORD
value: "kerberos"
# Mongodb configuration (if you are not using the configmap)
# This is the mongodb database where data will be stored, you might use a different name if you want.
#- name: MONGODB_DATABASE_STORAGE
# value : "KerberosStorage"
# Mongodb configuration (if you are not using the configmap)
# This is the mongodb database where data will be stored, you might use a different name if you want.
#- name: MONGODB_DATABASE_STORAGE
# value : "KerberosStorage"
# MongoDB URI (for example for a SaaS service like MongoDB Atlas)
# If uri is set, the below properties are not used (host, adminDatabase, username, password)
#MONGODB_URI: "mongodb+srv://xx:xx@kerberos-hub.xxx.mongodb.net/?retryWrites=true&w=majority&appName=xxx"
# MongoDB URI (for example for a SaaS service like MongoDB Atlas)
# If uri is set, the below properties are not used (host, adminDatabase, username, password)
#MONGODB_URI: "mongodb+srv://xx:xx@kerberos-hub.xxx.mongodb.net/?retryWrites=true&w=majority&appName=xxx"
# If you do not wish to use the URI, you can specify the individual values.
#- name: MONGODB_HOST
# value: "mongodb.mongodb"
#- name: MONGODB_DATABASE_CREDENTIALS
# value: "admin"
#- name: MONGODB_USERNAME
# value: "root"
#- name: MONGODB_PASSWORD
# value: "yourmongodbpassword"
# If you do not wish to use the URI, you can specify the individual values.
#- name: MONGODB_HOST
# value: "mongodb.mongodb"
#- name: MONGODB_DATABASE_CREDENTIALS
# value: "admin"
#- name: MONGODB_USERNAME
# value: "root"
#- name: MONGODB_PASSWORD
# value: "yourmongodbpassword"
# MQTT broker to be used for on-demand forwarding.
- name : MQTTURI
value: "tcp://mqtt.kerberos.io:1883"
- name : MQTT_USERNAME
value: ""
- name : MQTT_PASSWORD
value: ""
# If you have a chained vault setup, enable this.
- name: CONTINUOUS_FORWARDING
value: "false"
#volumes:
#- name: rootcerts
# configMap:
# name: rootcerts
# MQTT broker to be used for on-demand forwarding.
- name: MQTTURI
value: "tcp://mqtt.kerberos.io:1883"
- name: MQTT_USERNAME
value: ""
- name: MQTT_PASSWORD
value: ""
# If you have a chained vault setup, enable this.
- name: CONTINUOUS_FORWARDING
value: "false"
#volumes:
#- name: rootcerts
# configMap:
# name: rootcerts