-
Notifications
You must be signed in to change notification settings - Fork 1
/
values.yaml
539 lines (505 loc) · 16.9 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
# Default values for kerberoshub.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
###########################################################################
# LICENSING information: you will a license to run Kerberos Hub.
# ----
# Get your license from [email protected]
license: "---ENTER-YOUR-LICENSE-HERE---"
licenseServer:
url: "https://license.kerberos.io/verify"
token: "214%ˆ#ddfsf@#3rfdsgl_)23sffeqasSwefDSFNBM" # do not change otherwise Kerberos Hub will not work.
# Private Docker Registry: The registry secret is required if you have your Docker images behind a private registry.
# By default it will pull from Docker hub (https://hub.docker.com/r/kerberos).
#imagePullSecrets:
# - name: regcred
# Environment: set to 'production', 'develop', 'demo', 'staging' or 'acceptance'.
# Set to 'true' if this is a private deployment.
environment: "production"
# Set to 'true' if this is a private deployment.
isPrivate: true
# If you plan a migration or doing maintenance, you can enable readonly.
# This will stop any write process to mongodb or any processing done in the Kerberos Hub pipeline.
readOnly: false
# Which network ingress you are using in your Kubernetes Cluster
ingress: "nginx" # or "traefik"
# A mongodb instance is required to store all the relevant metadata (this can be standalone or in a cluster).
mongodb:
# MongoDB URI (for example for a SaaS service like MongoDB Atlas)
# If uri is set, the below properties are not used (host, adminDatabase, username, password)
#uri: "mongodb+srv://xx:[email protected]/?retryWrites=true&w=majority&appName=xxx"
# Self-hosted mongodb, you could also use the uri property above.
host: mongodb.mongodb
adminDatabase: admin
username: yourusername
password: "yourpassword"
# A MQTT broker (vernemq or other like mosquitto) is used to have a bi-directional
# communication between Kerberos Agents and Kerberos Hub.
# we recommend to use vernemq (as part of this installation), but a stand-alone mosquitto broker is also possible.
mqtt:
host: "mqtt.yourdomain.com" # this needs to be a public accessible DNS name (it's used to communicate between Kerberos Agents and Kerberos Hub)
port: "8443"
protocol: "wss"
username: "yourusername"
password: "yourpassword"
legacy:
host: ""
port: ""
# We are using a pipeline that is orchestrated through Kafka topics or RabbitMQ queues
# Events are send back and forth until the processing is done.
queueProvider: "RABBITMQ" # or "KAFKA"
queueName: "kcloud-event-queue" # This is the topic to which all events are send.
# RabbitMQ can be installed in the same cluster using a helm chart, or you can
# use a service on cloud provider like AWS, GCP, Azure, etc.
rabbitmq:
host: "rabbitmq.rabbitmq:5672" # can be internal dns name or external
#host: "amqps://b-xxx-xxx-xxx-xxx-xxx.mq.eu-central-1.amazonaws.com:5671"
username: "yourusername"
password: "yourpassword"
exchange: ""
# If you already have a Kafka cluster you might use this instead of RabbitMQ.
kafka:
broker: "kafka1.yourdomain.com:9094" # can be internal dns name or external
username: "yourusername"
password: "yourpassword"
mechanism: "PLAIN"
security: "SASL_PLAINTEXT"
# For allowing WEBRTC a STUN and TURN server is required.
# You might want to install coturn in a seperate VM.
# -> https://help.hcltechsw.com/sametime/11.6/admin/turnserver_ubuntu.html
turn:
host: "turn:turn.yourdomain.com:8443" # this needs to be a public accessible DNS name.
username: "username1"
password: "password1"
# (optional) OpenAI integration, used for semantic search
# Langchain is used to translate text to a filter on the media page
openai:
enabled: false
apikey: "xxx"
# We have a kerberos vault component installed which contains all the
# recordings. Kerberos vault is queried to retrieve the recordings
# from the appropriate provider.
kerberosvault:
uri: "https://api.vault.yourdomain.com" # this needs to be a public accessible DNS name.
provider: "a-provider"
accesskey: "xxx"
secretkey: "xxx"
# Archiving is used when creating a task. The underlying recording of the task will be copied from its
# existing provider to the below archived provider. Seperate credentials are used, as it makes possible to
# specify another retention period.
archive:
provider: "an-archive-provider"
accesskey: "xxx"
secretkey: "xxx"
thumbnail:
provider: "a-thumbnail-provider"
accessKey: "xxx"
secretKey: "xxx"
sprite:
provider: "a-sprite-provider"
accessKey: "xxx"
secretKey: "xxx"
email:
provider: "mailgun"
from: "[email protected]"
displayName: "yourdomain.com"
mailgun:
domain: "mg.yourdomain.com"
apikey: "xxxx"
smtp:
server: "smtp.yourdomain.com"
port: "465"
username: "yourusername"
password: "yourpassword"
templates:
welcome: "welcome"
welcomeTitle: "Welcome to Kerberos Hub"
activate: "activate"
activateTitle: "Wonderful! Your Kerberos Hub is now active"
forgot: "forgot"
forgotTitle: "Password reset Kerberos Hub. You forgot your password"
share: "share"
shareTitle: "[Action] You received a recording from Kerberos Hub"
detection: "detection"
disabled: "disabled"
highupload: "highupload"
device: "device"
alertTitle: "[Alert] Kerberos Hub detected something an event"
deviceTitle: "[Device] A Kerberos Agent's status has been changed"
# Following are all the different deployments needed to make
# Kerberos hub properly working.
kerberoshub:
api:
repository: kerberos/hub-api
pullPolicy: IfNotPresent
tag: "1.0.1384326925"
replicas: 2
jwtSecret: "this-is-a-secret-please-change-to-random-string" # change to a random value, this is for generating JWT tokens.
schema: "https"
url: "api.yourdomain.com"
resources:
requests:
memory: 100Mi
cpu: 250m
# E-mail templates
#volumeMounts:
# - name: custom-email-templates
# mountPath: /mail
#volumes:
# - name: custom-email-templates
# persistentVolumeClaim:
# claimName: custom-layout-claim
# When migrating to another url, this might help migrating.
#legacyUrl: "api.legacy.yourdomain.com"
# MFA issuer name
mfaIssuer: "Kerberos.io"
# Admin API's are made available for automation of Kerberos Hub.
# To access those API's (e.g. creation of owner users), an API key needs to be provided.
apiKey: "a-random-admin-api-key"
## Certificates
tls:
- hosts:
- "api.yourdomain.com"
secretName: kerberoshub-api
#- hosts:
# - "api.legacy.yourdomain.com"
# secretName: kerberoshub-api-legacy
- hosts:
- "admin.api.yourdomain.com"
secretName: kerberoshub-admin
language: "english"
fallbackLanguage: "english"
# Legacy (reseller) it is possible to link to AWS S3 and IAM (however Kerberos Vault is now the recommended option).
# This is primarily used for creation of subscriptions, and not needed if you are using mainly Kerberos Vault.
aws:
region: "xxx"
bucket: "xxx"
accessKey: "xxx"
secretKey: "xxx"
stripe: # We use stripe for billing, so it's possible to resell Kerberos Hub if agreed.
privateKey: "xxx"
slack: # Slack is used in the api, to send logs to a specific Slack channel.
enabled: "true"
hook: "yourslackhook" # https://hooks.slack.com/services/T08Q2Q9V5/xxKT/JALxxAk26bHtuqTfZ
username: "Kerberos Hub" # The slack username
elasticsearch: # Logs of the kerberos hub will be send to an elastic search cluster.
enabled: "false"
protocol: "http"
host: "yourelasticsearchinstance.com"
port: "9200"
index: "kerberos-cloud"
username: ""
password: ""
sso: # OIDC settings for allowing SSO.
- domain: "uug.ai"
redirectUrl: "https://api.cloud.kerberos.io/sso/callback/uug.ai"
forceSSO: "false"
issuer: "https://xxx.eu.auth0.com/"
claimId: "email" # claim which is used to identify the user
clientId: "xxx"
clientSecret: "xxx"
clientVerificationId: "" # This is only required for SSO chaining.
- domain: "kerberos.io"
redirectUrl: "https://api.cloud.kerberos.io/sso/callback/kerberos.io"
forceSSO: "false"
issuer: "https://accounts.google.com"
claimId: "email" # claim which is used to identify the user
clientId: "xxx"
clientSecret: "xxx"
clientVerificationId: "" # This is only required for SSO chaining.
frontend:
repository: kerberos/hub-frontend
pullPolicy: IfNotPresent
tag: "1.0.1384325093"
replicas: 2
schema: "https"
url: "yourdomain.com"
resources:
requests:
memory: 50Mi
cpu: 50m
# The front-end but in read-only mode
#demoUrl: "demo.yourdomain.com"
# When migrating to another url, this might help migrating.
#legacyUrl: "legacy.yourdomain.com"
tls:
- hosts:
- "yourdomain.com"
secretName: kerberoshub
#- hosts:
# - "legacy.yourdomain.com"
# secretName: kerberoshub-legacy
#demoTls:
# - hosts:
# - "demo.yourdomain.com"
# secretName: kerberoshub-demo
mixpanel: # We can keep track logging in Mixpanel as well
apikey: "xxx"
sentry: # We can trace errors in Sentry
url: "https://[email protected]/xxx"
stripe: # We use stripe for billing, so it's possible to resell Kerberos Hub if agreed.
publicKey: ""
googlemaps: # Google maps is used inside the application to visualise cameras and sites.
apikey: "xxxx"
zendesk: # We can use different support tools, for now we use Zendesk but others can be integrated
url: "yourdomain.zendesk.com"
posthog: # Posthog is used for auditing and user interaction logging
key: "xxx"
url: "https://posthog.domain.com"
# You can disable the Kerberos agent buttons, this make sense
# in a white-label setup, or where you are managing the Kerberos Agents for your customers.
hideAddAgent: "false"
# Multi tenancy (domains)
# By default the Kerberos Hub allows multi-tenancy through the concept
# of accounts and subaccounts. However through the concept of domains, you
# take it a step further. Within a domain, user accounts are unique, and are prefixed by a (domain\).
#multiTenant: true
#tenantBaseDomain: "yourdomain.com" # this would resolve in following sub domain "https://domain.kerberos.io"
# Page title (browser)
title: "Kerberos Hub - Video surveillance as it should be"
# You can style Kerberos hub as you wish.
# 1. we do the styling on our side and bake it in the Docker image (change the logo attribute to your company name)
# 2. you bring your own logo (set logo to 'custom'), and mount the css file and favicons.
# we will need to include your logo in the Docker image, so please reach out to us.
logo: "custom"
# Custom layout: override css
# By providing a style.css file in the custom folder
# this file will override any css styling.
#volumeMounts:
# - name: custom-layout
# mountPath: /usr/share/nginx/html/assets/custom
# - name: custom-favicon
# mountPath: /usr/share/nginx/html/assets/favicon
#volumes:
# - name: custom-layout
# persistentVolumeClaim:
# claimName: custom-layout-claim
# - name: custom-favicon
# persistentVolumeClaim:
# claimName: custom-favicon-claim
# By specifying the below environments variables, you can tweak the
# headings and paragraphs of Kerberos Hub front-end.
# Login page
loginDescription: ""
loginCopyright: ""
# Dashboard page
dashboardTitle: ""
dashboardSubTitle: ""
# Latest events page
latestEventsTitle: ""
latestEventsSubTitle: ""
# Livestream/view page
livestreamTitle: ""
livestreamSubTitle: ""
# Media page
mediaTitle: ""
mediaSubTitle: ""
# Optional - for custom page.
cpuUsageDescription: ""
framesPerSecondDescription: ""
mlaUtilizationDescription: ""
objectsDetectedDescription: ""
# You can add custom links to the navigation bar.
navigationLinkTitle1: ""
navigationLinkUrl1: ""
navigationLinkTitle2: ""
navigationLinkUrl2: ""
navigationLinkTitle3: ""
navigationLinkUrl3: ""
navigationLinkTitle4: ""
navigationLinkUrl4: ""
navigationLinkTitle5: ""
navigationLinkUrl5: ""
cleanup:
repository: kerberos/hub-cleanup
pullPolicy: IfNotPresent
tag: "1.0.6436406806"
resources:
requests:
memory: 10Mi
cpu: 10m
monitordevice:
repository: kerberos/hub-monitor-device
pullPolicy: IfNotPresent
tag: "1.0.6256190978"
resources:
requests:
memory: 10Mi
cpu: 10m
# E-mail templates
#volumeMounts:
# - name: custom-email-templates
# mountPath: /mail
#volumes:
# - name: custom-email-templates
# persistentVolumeClaim:
# claimName: custom-layout-claim
reactivate:
repository: kerberos/hub-reactivate
pullPolicy: IfNotPresent
tag: "1.0.6256184527"
resources:
requests:
memory: 10Mi
cpu: 10m
forwarder:
enabled: false
#repository: kerberos/vault-forwarder
#pullPolicy: IfNotPresent
#tag: "1.0.2732389692"
#resources:
# requests:
# memory: 10Mi
# cpu: 10m
# This proxy is legacy for the old agent, will be migrated in the new Hub API.
proxy:
repository: kerberos/vault-proxy
pullPolicy: IfNotPresent
tag: "1.0.2733724812"
resources:
requests:
memory: 10Mi
cpu: 10m
kerberospipeline:
event:
repository: kerberos/pipe-event
pullPolicy: IfNotPresent
tag: "1.0.6256042211"
replicas: 1
resources:
requests:
memory: 10Mi
cpu: 10m
monitor:
repository: kerberos/pipe-monitor
pullPolicy: IfNotPresent
tag: "1.0.6256044005"
replicas: 1
resources:
requests:
memory: 10Mi
cpu: 10m
sequence:
repository: kerberos/pipe-sequence
pullPolicy: IfNotPresent
tag: "1.0.6256054139"
replicas: 1
resources:
requests:
memory: 10Mi
cpu: 10m
throttler:
repository: kerberos/pipe-throttler
pullPolicy: IfNotPresent
tag: "1.0.6256059962"
replicas: 1
resources:
requests:
memory: 10Mi
cpu: 10m
notify:
repository: kerberos/pipe-notify
pullPolicy: IfNotPresent
tag: "1.0.7225931612"
replicas: 1
resources:
requests:
memory: 10Mi
cpu: 10m
# E-mail templates
#volumeMounts:
# - name: custom-email-templates
# mountPath: /mail
#volumes:
# - name: custom-email-templates
# persistentVolumeClaim:
# claimName: custom-layout-claim
notifyTest:
repository: kerberos/pipe-notify-test
pullPolicy: IfNotPresent
tag: "1.0.6256094666"
replicas: 1
resources:
requests:
memory: 10Mi
cpu: 10m
# E-mail templates
#volumeMounts:
# - name: custom-email-templates
# mountPath: /mail
#volumes:
# - name: custom-email-templates
# persistentVolumeClaim:
# claimName: custom-layout-claim
analysis:
repository: kerberos/pipe-analysis
pullPolicy: IfNotPresent
tag: "1.0.6897439184"
replicas: 1
resources:
requests:
memory: 10Mi
cpu: 10m
dominantColor:
repository: kerberos/pipe-dominantcolor
pullPolicy: IfNotPresent
tag: "1.0.6971463620"
replicas: 3
resources:
requests:
memory: 512Mi
cpu: 500m
limits:
memory: 2Gi
cpu: 1000m
thumbnail:
repository: kerberos/pipe-thumbnail
pullPolicy: IfNotPresent
tag: "1.0.6962799851"
replicas: 2
quality: "1" # 1 (best) - 31 (worst)
width: "600"
height: "-1"
kerberosvault:
enabled: false # If you want to use Kerberos Vault to store the thumbnails
resources:
requests:
memory: 512Mi
cpu: 500m
limits:
memory: 2Gi
cpu: 1000m
counting:
repository: kerberos/pipe-counting
pullPolicy: IfNotPresent
tag: "1.0.6251572994"
replicas: 1
resources:
requests:
memory: 10Mi
cpu: 10m
sprite:
enabled: false # Enable or disable the sprite generation 'true' or 'false
repository: kerberos/pipe-sprite
pullPolicy: IfNotPresent
tag: "1.0.7190736361"
replicas: 5
interval: "1" # Number of secondes between each thumbnail in the sprite
width: "240" # Should not be changed for the moment (hard coded in UI)
height: "135" # Should not be changed for the moment (hard coded in UI)
resources:
requests:
memory: 512Mi
cpu: 500m
limits:
memory: 2Gi
cpu: 1000m
export:
repository: kerberos/pipe-export
pullPolicy: IfNotPresent
tag: "1.0.6437127898"
replicas: 2
resources:
requests:
memory: 10Mi
cpu: 10m