Configuring Milestone AI Bridge (Kubernetes)
After you have installed Milestone AI Bridge and its required resources, you must configure the Milestone AI Bridge to integrate both with your XProtect VMS and with your IVA application.
Default configuration settings
The default settings of the Milestone AI Bridge are specified in the values.yaml file inside the Helm chart.
The values.yaml file
The values.yaml file in the Helm chart contains default settings of the Milestone AI Bridge.
These settings can be overridden on the command line when installing the Helm chart by using the -- set option or you can edit the settings in the values.yaml file in the Helm chart directly.
The contents of a sample values.yaml file
vms:
url: "http://my-management-server"
# Define these variables if your vms is not in the network domain
# ip: "<my-management-server-ip>"
# hostname: "<my-management-server-hostname>"
bridge:
id: "12355b21-5a25-4a1d-b6d2-f6e02c9b95b4"
name: "Milestone AI Bridge Cluster"
description: "Kubernetes cluster running Milestone AI Bridge"
webpage: ""
gateway:
id: "1b80eaa0-203d-4dc0-ae3b-9bf4b85ec992"
version: "1.0.0"
replicas:
health: 1
connector: 1
streaming: 1
broker: 1
proxy: 1
webservice: 1
general:
tag: 2.0.0
debug: false
externalIP: "<kubernetes-cluster-ip-address>"
externalHostname: "kubernetes-cluster-hostname>" # In a multi-node cluster, the externalHostname must be given a hostname that does not exist in the system. This fake hostname must then be resolved to the IP address of the load balancer in the DNS or in the host machine's configuration file.
masterKey: "encryption key example"
externalRootPath: "/processing-server" # Path used to segmentate endpoints exposed outside of the AI Bridge running cluster.
gpuEnabled: false
kafka:
logRetentionMs: 300000 # AI Bridge's Kafka topics retention time in ms
ingress-nginx:
enabled: true
controller:
service:
externalIPs:
- "<kubernetes-cluster-ip-address>" # In a multi-node cluster, it must be the ip address of the load balancer.
annotations: # Define this variable only in a multi-node cluster setup with metallb loadbalancer.
metallb.universe.tf/loadBalancerIPs: "<kubernetes-cluster-ip-address>" # Defines the ip address of the load balancer.
The vms section
| Parameter | Description |
|---|---|
| url | Displays the URL of the XProtect management server. |
| ip | The IP address of your VMS machine. |
| hostname | The hostname of your VMS machine. |
If you use a separate VMS to test your Milestone AI Bridge solutions, your test VMS can placed in the network domain or outside the network domain.
If your test VMS is placed in the network domain, Milestone AI Bridge supports domain networks where the hostnames of the involved machines can be resolved by pointing to the DNS.
If your test VMS is placed outside the network domain, you can enable Milestone AI Bridge to resolve your VMS hostname by adapting the VMS network configurations in the values.yaml file for Kubernetes installations or the .env file for docker compose installations.
If you are using Kubernetes, you can set the ip and hostname variables in the values.yaml file with the IP address and hostnme of your test VMS.
The ip and hostname variables are contained in the values.yaml but are not active. Remove the # comment marker to activate them.
The bridge section
| Parameter | Description |
|---|---|
| id |
The unique identifier of the Milestone AI Bridge. The id value identifies Milestone AI Bridge when connecting to the XProtect VMS. Unless you want to run multiple AI bridges, you should not change this value. If you register multiple AI bridges in the same VMS, each VMS must be assigned a different ID. |
|
name |
Displays the name of the Milestone AI Bridge as it appears in the XProtect Management Client |
| description |
Displays the description of the Milestone AI Bridge as it appears in the XProtect Management Client. |
The replicas section
The replicas section contains parameters that enable you to scale the number of pods running for each micro service in the cluster. By default just one pod of each service is run.
If a bottleneck occurs as the workload of the Milestone AI Bridge is increased, you can scale the Milestone AI Bridge to overcome this bottleneck by adjusting these numbers.
This is mostly relevant if you are running a cluster with more than one node.
The general section
| Parameter | Description |
|---|---|
| externalHostname |
The external facing hostname of the cluster running the Milestone AI Bridge. In a multi-node cluster, the externalHostname must be given a hostname that does not exist in the system. This fake hostname must then be resolved to the IP address of the load balancer in the DNS or in the host machine's configuration file. |
|
debug |
Enables or disables running the Milestone AI Bridge in debug mode. The default value is false. Set the parameter to true to run Milestone AI Bridge in debug mode. When running in debug mode, your IVA application will run outside the cluster, for example on a developer machine which makes testing and additional debugging easier. In debug mode, all API's of the Milestone AI Bridge will be exposed to the external network directly through the IP address specified in the externalIP parameter. The API's will be available through different ports, including 2181, 9092, 3030, 4000, 4001, 8554, 8555, 9898, 8382 and 8383. These port must not be occupied by other applications or the Milestone AI Bridge will not function as expected. For a production environment, the debug parameter should always be set to false. |
| externalIP | The IP address of the Milestone AI Bridge when running in debug mode. |
| masterKey |
Used to encrypt the XProtect VMS basic user credentials. For security reasons, you should encrypt the credentials of the Milestone XProtect basic user that is used by the Milestone AI Bridge to log in to the XProtect VMS. If you enter a value for the masterKey parameter directly in the values.yaml file, the credentials will be encrypted at rest. You can define any value to the masterKey parameter any value as there no set requirements for the number or types of characters. Additionally, you can define a new masterKey parameter value if you forget the current one. |
| gpuEnabled |
Used to ensure the aibridge-streaming pod is deployed in a node that contains an Nvidia GPU. If set to true, at least one node must have an Nvidia GPU installed for the aibridge-streaming pod to be deployed. The default value is false. The Nvidia GPU Operator must be installed on the control plane node. |
The ingress-nginx section
The Milestone AI Bridge employs an ingress controller and by default the Helm chart is set up to automatically deploy an NGINX ingress controller during Milestone AI Bridge deployment.
| Parameter | Description |
|---|---|
| ingress-nginx.enabled |
Enable or disable the ingress controller for the Milestone AI Bridge. You must configure the controller with the external IP address of the cluster. The controller will only accept incoming network requests sent to this address. If you already have an ingress controller running, you can disable the dependency by setting ingress-nginx.enabled parameter to false. |
| externalIPs |
The external IP address of your Kubernetes cluster or the IP address of the load balancer if Milestone AI Bridge is deployed on a multi-node Kubernetes cluster. |
The MetalLB Loadbalancer
When configuring a multi-node Kubernetes cluster, you can use MetalLB as a load-balancer provider if you have installed it during the initial set up and configuration of your multi-node Kubernetes cluster. MetalLB is one of many other potential load-balancer providers that you can use and has only been used by Milestone as a proof-of-concept.
You are of course free to select other load-balancer providers. If you select other load-balancers, you must adapt your helm charts to configure your selected load balancer provider.
The MetalLB configuration is located in the values.yaml file under ingress-nginx.controller.service.annotations.
The metallb.universe.tf/loadBalancerIPs variable must be defined as the specific IP address of the MetalLB load balancer.
The MetalLB documentation defines this IP address as optional, but for Milestone AI Bridge, it is mandatory as the XProtect VMS connects to the Milestone AI Bridge using the known values defined in the general.externalHostname and general.externalIP variables.
The same IP address defined for the metallb.universe.tf/loadBalancerIPs must also be defined for the general.externalIP variable.
The hostname that you want to use for Milestone AI Bridge services, must be set using a hostname that does not exist in the system, effectively creating a fake hostname.
DNS or local machines
If you are using a Domain Name System (DNS), you must configure the DNS to resolve the fake hostname to the value of the metallb.universe.tf/loadBalancerIPs (ie. the IP address of the load balancer)
If you are not using a DNS, you must configure the XProtect VMS windows machine hosting the management server (and all other machines that host the Management Client) to resolve the fake hostname to the value of the metallb.universe.tf/loadBalancerIPs (ie. the IP address of the load balancer).
For more information, see MetalLB Concepts and MetalLB Usage. (external links)