frigate: expose go2rtc on a dedicated MetalLB LB IP (RTSP 8554 + WebRTC 8555) #17
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "emo/frigate-go2rtc-expose"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Why
HA (ha-sofia) live video from the cluster Frigate hangs or never starts. Root cause is purely network/transport: the only path to Frigate is the Traefik HTTP(S) ingress (
frigate-lan.viktorbarzin.lan→ 10.0.20.203), which carries only 80/443. So:enable_webrtc: truethe HA frontend tries WebRTC first, ICE never completes → hang.NodePort(30554), not at thefrigate-lanhost → HA's nativestream/HLS can't reach it either.The Hikvision NVR cameras work fine because
hikvision_nextconnects HA directly to a LAN RTSP and serves HLS through the HA proxy — no cluster ingress/port problem.What this PR changes (Terraform)
stacks/frigate/main.tf: convert thefrigate-rtspServiceNodePort → LoadBalanceron a dedicated MetalLB IP10.0.20.204(ETP=Local; the Frigate pod is pinned to the GPU node so the IP is advertised only from there — same pattern as Traefik .203 / KMS .202), exposing RTSP 8554 + WebRTC 8555 (TCP+UDP). Gives HA + LAN browsers a stable cross-VLAN L4 endpoint.⚠️ One decision for you
.204is the first free address in the MetalLB pool (10.0.20.200-220; .200 shared, .201 Technitium, .202 KMS, .203 Traefik). Please confirm no conflict before merge.Companion steps (NOT Terraform — won't work without these)
config.yml(on thefrigate-configPVC, via the Frigate UI config editor):rtsp_url_template = rtsp://10.0.20.204:8554/{{ name }}so native HLS (picture-entity more-info / native Frigate card) reaches the restream.
enable_webrtccan staytrueonce the candidate above is set.Optional follow-up (lighter live)
go2rtc currently restreams only the main 4MP stream for every camera (no sub-stream) → heavy live. Adding a low-res sub-stream (Hikvision
/Streaming/Channels/X02) with thelive/detectrole would make live much snappier, especially for thevalchedrymcameras (which come over WAN). This is also aconfig.ymlchange, not Terraform.Status
Dashboard "Видеонаблюдение" already works via the MSE workaround (Home tiles = picture-entity snapshots like the NVR ones; Frigate view = advanced-camera-card pinned to go2rtc MSE). This PR is the clean fix to also enable native WebRTC/HLS.
Companion changes (non-Terraform) — apply alongside the merge
These three live outside this PR (Frigate
config.ymlon thefrigate-configPVC + the HA integration), so they won't show in the diff. Copy-paste ready:1) go2rtc WebRTC candidate — Frigate
config.yml(Frigate UI → Config editor)Add a
webrtc:block as a sibling ofstreams:under the existinggo2rtc:key:Then reload/restart Frigate so go2rtc re-reads the candidate. (Single host candidate = LAN-only; remote/WAN WebRTC would need a public candidate + NAT, out of scope.)
2) HA Frigate integration —
rtsp_url_templateha-sofia → Settings → Devices & Services → Frigate → Configure:
Points HA's native
stream/HLS (picture-entity more-info + native Frigate card) at the reachable restream.{{ name }}→ the frigate camera name, e.g.vermont-10→rtsp://10.0.20.204:8554/vermont-10.enable_webrtccan staytrueonce step 1 is in.3) (optional) lighter live — sub-stream
Each camera currently restreams only the main 4MP (
/Streaming/Channels/X01/1). Add the Hikvision sub-stream (/Streaming/Channels/X02) as a second go2rtc stream and use it for thelive(and ideallydetect) role, keeping main forrecord. Makes live much snappier, especially the WAN-fedvalchedrymcameras. Exact 0.17 wiring is your call.Dashboard note: the "Видеонаблюдение" Frigate view is currently pinned to
go2rtc: { modes: [mse] }(the working workaround). Once.204+ the candidate are live, it can stay on MSE or be relaxed toautoto prefer WebRTC — ping me and I'll do that dashboard tweak.