|
|
@@ -0,0 +1,209 @@
|
|
|
+apiVersion: v1
|
|
|
+kind: Service
|
|
|
+metadata:
|
|
|
+ name: unifi-tcp
|
|
|
+ labels:
|
|
|
+ run: unifi
|
|
|
+ annotations:
|
|
|
+ metallb.universe.tf/allow-shared-ip: "unifi"
|
|
|
+spec:
|
|
|
+ ports:
|
|
|
+ - name: unifi-device-communication
|
|
|
+ protocol: TCP
|
|
|
+ port: 8080
|
|
|
+ targetPort: 8080
|
|
|
+ - name: unifi-management
|
|
|
+ protocol: TCP
|
|
|
+ port: 8443
|
|
|
+ targetPort: 8443
|
|
|
+ - name: unifi-guest-https
|
|
|
+ protocol: TCP
|
|
|
+ port: 8843
|
|
|
+ targetPort: 8843
|
|
|
+ - name: unifi-guest-http
|
|
|
+ protocol: TCP
|
|
|
+ port: 8880
|
|
|
+ targetPort: 8880
|
|
|
+ - name: unifi-mobile-throughput
|
|
|
+ protocol: TCP
|
|
|
+ port: 6789
|
|
|
+ targetPort: 6789
|
|
|
+ selector:
|
|
|
+ run: unifi
|
|
|
+ type: LoadBalancer
|
|
|
+ loadBalancerIP: 10.42.42.240
|
|
|
+---
|
|
|
+apiVersion: v1
|
|
|
+kind: Service
|
|
|
+metadata:
|
|
|
+ name: unifi-udp
|
|
|
+ labels:
|
|
|
+ run: unifi
|
|
|
+ annotations:
|
|
|
+ metallb.universe.tf/allow-shared-ip: "unifi"
|
|
|
+spec:
|
|
|
+ ports:
|
|
|
+ - name: stun
|
|
|
+ protocol: UDP
|
|
|
+ port: 3478
|
|
|
+ targetPort: 3478
|
|
|
+ - name: ap-discovery
|
|
|
+ protocol: UDP
|
|
|
+ port: 10001
|
|
|
+ targetPort: 10001
|
|
|
+ - name: unifi-make-controller-discoverable
|
|
|
+ protocol: UDP
|
|
|
+ port: 1900
|
|
|
+ targetPort: 1900
|
|
|
+ - name: unifi-syslog
|
|
|
+ protocol: UDP
|
|
|
+ port: 5514
|
|
|
+ targetPort: 5514
|
|
|
+ selector:
|
|
|
+ run: unifi
|
|
|
+ type: LoadBalancer
|
|
|
+ loadBalancerIP: 10.42.42.240
|
|
|
+---
|
|
|
+apiVersion: v1
|
|
|
+kind: PersistentVolume
|
|
|
+metadata:
|
|
|
+ name: unifi
|
|
|
+spec:
|
|
|
+ capacity:
|
|
|
+ storage: 5Mi
|
|
|
+ volumeMode: Filesystem
|
|
|
+ accessModes:
|
|
|
+ - ReadWriteMany
|
|
|
+ persistentVolumeReclaimPolicy: Retain # Keep 4eva
|
|
|
+ storageClassName: default
|
|
|
+ mountOptions:
|
|
|
+ - hard
|
|
|
+ - nfsvers=3
|
|
|
+ nfs:
|
|
|
+ path: /mnt/DroboFS/Shares/Kubernetes/volumes/static/unifi
|
|
|
+ server: 10.42.42.10
|
|
|
+ claimRef:
|
|
|
+ name: unifi
|
|
|
+ namespace: default
|
|
|
+---
|
|
|
+apiVersion: v1
|
|
|
+kind: PersistentVolumeClaim
|
|
|
+metadata:
|
|
|
+ name: unifi
|
|
|
+ annotations:
|
|
|
+ nfs.io/storage-path: "unifi"
|
|
|
+spec:
|
|
|
+ storageClassName: default
|
|
|
+ accessModes:
|
|
|
+ - ReadWriteMany
|
|
|
+ resources:
|
|
|
+ requests:
|
|
|
+ storage: 5Mi
|
|
|
+status: {}
|
|
|
+---
|
|
|
+apiVersion: apps/v1
|
|
|
+kind: Deployment
|
|
|
+metadata:
|
|
|
+ name: unifi
|
|
|
+spec:
|
|
|
+ replicas: 1
|
|
|
+ selector:
|
|
|
+ matchLabels:
|
|
|
+ run: unifi
|
|
|
+ strategy:
|
|
|
+ type: Recreate
|
|
|
+ template:
|
|
|
+ metadata:
|
|
|
+ labels:
|
|
|
+ run: unifi
|
|
|
+ spec:
|
|
|
+ terminationGracePeriodSeconds: 30
|
|
|
+ containers:
|
|
|
+ - image: linuxserver/unifi-controller
|
|
|
+ imagePullPolicy: "Always"
|
|
|
+ name: unifi
|
|
|
+ env:
|
|
|
+ - name: TZ
|
|
|
+ value: US/Michigan
|
|
|
+# PUID and PGID are for volume permissions
|
|
|
+# - name: PUID
|
|
|
+# value: "1000"
|
|
|
+# - name: PGID
|
|
|
+# value: "1000"
|
|
|
+ - name: MEM_LIMIT
|
|
|
+ value: "1024"
|
|
|
+ ports:
|
|
|
+ - containerPort: 3478
|
|
|
+ protocol: UDP
|
|
|
+ - containerPort: 10001
|
|
|
+ protocol: UDP
|
|
|
+ - containerPort: 8080
|
|
|
+ protocol: TCP
|
|
|
+ - containerPort: 8443
|
|
|
+ protocol: TCP
|
|
|
+ - containerPort: 1900
|
|
|
+ protocol: UDP
|
|
|
+ - containerPort: 8843
|
|
|
+ protocol: TCP
|
|
|
+ - containerPort: 8880
|
|
|
+ protocol: TCP
|
|
|
+ - containerPort: 6789
|
|
|
+ protocol: TCP
|
|
|
+ - containerPort: 5514
|
|
|
+ protocol: UDP
|
|
|
+ resources:
|
|
|
+ limits:
|
|
|
+ memory: "2Gi"
|
|
|
+ cpu: "1500m"
|
|
|
+ requests:
|
|
|
+ memory: "500Mi"
|
|
|
+ cpu: "500m"
|
|
|
+ volumeMounts:
|
|
|
+ - mountPath: /config
|
|
|
+ name: unifi
|
|
|
+ restartPolicy: Always
|
|
|
+ volumes:
|
|
|
+ - name: unifi
|
|
|
+ persistentVolumeClaim:
|
|
|
+ claimName: unifi
|
|
|
+ dnsPolicy: "None"
|
|
|
+ dnsConfig:
|
|
|
+ nameservers:
|
|
|
+ - 10.42.42.239
|
|
|
+ - 10.42.42.1
|
|
|
+ searches:
|
|
|
+ - default.svc.cluster.local
|
|
|
+ - svc.cluster.local
|
|
|
+ - cluster.local
|
|
|
+ options:
|
|
|
+ - name: ndots
|
|
|
+ value: "2"
|
|
|
+ - name: edns0
|
|
|
+ - name: trust-ad
|
|
|
+status: {}
|
|
|
+---
|
|
|
+# Hosting
|
|
|
+apiVersion: networking.k8s.io/v1
|
|
|
+kind: Ingress
|
|
|
+metadata:
|
|
|
+ name: unifi-management
|
|
|
+ annotations:
|
|
|
+ nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
|
|
+ nginx.ingress.kubernetes.io/proxy-ssl-verify: "off"
|
|
|
+ cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
|
+spec:
|
|
|
+ tls:
|
|
|
+ - hosts:
|
|
|
+ - unifi.monkeybox.org
|
|
|
+ secretName: unifi-tls
|
|
|
+ rules:
|
|
|
+ - host: unifi.monkeybox.org
|
|
|
+ http:
|
|
|
+ paths:
|
|
|
+ - path: /
|
|
|
+ pathType: Prefix
|
|
|
+ backend:
|
|
|
+ service:
|
|
|
+ name: unifi-tcp
|
|
|
+ port:
|
|
|
+ number: 8443
|
