frigate: expose go2rtc on a dedicated MetalLB LB IP (RTSP 8554 + WebRTC 8555)
All checks were successful
ci/woodpecker/push/default Pipeline was successful
All checks were successful
ci/woodpecker/push/default Pipeline was successful
HA live video from the cluster Frigate hangs/fails because the only path to Frigate is the Traefik HTTP(S) ingress (frigate-lan -> 10.0.20.203), which cannot carry RTSP or WebRTC. The container already listens on 8554+8555 but only RTSP had a Service (NodePort), and WebRTC (8555) was never exposed. Convert frigate-rtsp to a LoadBalancer on a dedicated MetalLB IP (.204, ETP=Local, pod pinned to the GPU node) carrying RTSP 8554 + WebRTC 8555 (TCP+UDP), giving HA Sofia + LAN browsers a stable cross-VLAN endpoint for native HLS/WebRTC live (parity with the Hikvision NVR). Companion non-Terraform steps are in the PR body. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
parent
9ea9cae073
commit
469cdd7507
1 changed files with 37 additions and 3 deletions
|
|
@ -275,26 +275,60 @@ resource "kubernetes_service" "frigate-rtsp" {
|
||||||
labels = {
|
labels = {
|
||||||
"app" = "frigate"
|
"app" = "frigate"
|
||||||
}
|
}
|
||||||
|
annotations = {
|
||||||
|
# Dedicated MetalLB IP for go2rtc L4 traffic (RTSP restream + WebRTC).
|
||||||
|
# Pool 10.0.20.200-220; .200 shared, .201 Technitium, .202 KMS, .203
|
||||||
|
# Traefik -> .204 is the first free address (CONFIRM no conflict before
|
||||||
|
# merge). Gives HA Sofia (192.168.1.8) + LAN browsers a STABLE endpoint
|
||||||
|
# reachable cross-VLAN, instead of the Traefik HTTP(S) ingress which
|
||||||
|
# cannot carry RTSP/WebRTC. This is what unblocks native Frigate live in
|
||||||
|
# HA (today only go2rtc-MSE-over-Traefik works).
|
||||||
|
"metallb.io/loadBalancerIPs" = "10.0.20.204"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
spec {
|
spec {
|
||||||
type = "NodePort" # Should always live on node1 where the gpu is
|
# Was NodePort. ETP=Local: the Frigate pod is pinned to the GPU node, so
|
||||||
|
# MetalLB advertises .204 only from that node -> no SNAT, real client IP
|
||||||
|
# preserved (same pattern as Traefik .203 / KMS .202).
|
||||||
|
type = "LoadBalancer"
|
||||||
|
external_traffic_policy = "Local"
|
||||||
selector = {
|
selector = {
|
||||||
app = "frigate"
|
app = "frigate"
|
||||||
}
|
}
|
||||||
|
# item 2 - RTSP restream reachable from HA for native HLS. Companion (NOT
|
||||||
|
# Terraform): in HA -> Frigate integration set
|
||||||
|
# rtsp_url_template = rtsp://10.0.20.204:8554/{{ name }}
|
||||||
port {
|
port {
|
||||||
name = "rtsp-tcp"
|
name = "rtsp-tcp"
|
||||||
target_port = 8554
|
target_port = 8554
|
||||||
port = 8554
|
port = 8554
|
||||||
protocol = "TCP"
|
protocol = "TCP"
|
||||||
node_port = 30554
|
|
||||||
}
|
}
|
||||||
port {
|
port {
|
||||||
name = "rtsp-udp"
|
name = "rtsp-udp"
|
||||||
target_port = 8554
|
target_port = 8554
|
||||||
port = 8554
|
port = 8554
|
||||||
protocol = "UDP"
|
protocol = "UDP"
|
||||||
node_port = 30554
|
}
|
||||||
|
# item 1 - go2rtc WebRTC. Container already listens on 8555 TCP+UDP but no
|
||||||
|
# Service exposed it, so WebRTC live in HA could never connect. Companion
|
||||||
|
# (NOT Terraform; lives in config.yml on the frigate-config PVC):
|
||||||
|
# go2rtc:
|
||||||
|
# webrtc:
|
||||||
|
# candidates:
|
||||||
|
# - 10.0.20.204:8555
|
||||||
|
port {
|
||||||
|
name = "webrtc-tcp"
|
||||||
|
target_port = 8555
|
||||||
|
port = 8555
|
||||||
|
protocol = "TCP"
|
||||||
|
}
|
||||||
|
port {
|
||||||
|
name = "webrtc-udp"
|
||||||
|
target_port = 8555
|
||||||
|
port = 8555
|
||||||
|
protocol = "UDP"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue