|
|
@@ -0,0 +1,163 @@
|
|
|
+apiVersion: v1
|
|
|
+kind: Service
|
|
|
+metadata:
|
|
|
+ name: unifi-tcp
|
|
|
+ labels:
|
|
|
+ run: unifi
|
|
|
+ annotations:
|
|
|
+ metallb.universe.tf/allow-shared-ip: "unifi"
|
|
|
+spec:
|
|
|
+ ports:
|
|
|
+ - name: unifi-device-communication
|
|
|
+ protocol: TCP
|
|
|
+ port: 8080
|
|
|
+ targetPort: 8080
|
|
|
+ - name: unifi-management
|
|
|
+ protocol: TCP
|
|
|
+ port: 8443
|
|
|
+ targetPort: 8443
|
|
|
+ - name: unifi-guest-https
|
|
|
+ protocol: TCP
|
|
|
+ port: 8843
|
|
|
+ targetPort: 8843
|
|
|
+ - name: unifi-guest-http
|
|
|
+ protocol: TCP
|
|
|
+ port: 8880
|
|
|
+ targetPort: 8880
|
|
|
+ - name: unifi-mobile-throughput
|
|
|
+ protocol: TCP
|
|
|
+ port: 6789
|
|
|
+ targetPort: 6789
|
|
|
+ selector:
|
|
|
+ run: unifi
|
|
|
+ type: LoadBalancer
|
|
|
+---
|
|
|
+apiVersion: v1
|
|
|
+kind: Service
|
|
|
+metadata:
|
|
|
+ name: unifi-udp
|
|
|
+ labels:
|
|
|
+ run: unifi
|
|
|
+ annotations:
|
|
|
+ metallb.universe.tf/allow-shared-ip: "unifi"
|
|
|
+spec:
|
|
|
+ ports:
|
|
|
+ - name: stun
|
|
|
+ protocol: UDP
|
|
|
+ port: 3478
|
|
|
+ targetPort: 3478
|
|
|
+ - name: ap-discovery
|
|
|
+ protocol: UDP
|
|
|
+ port: 10001
|
|
|
+ targetPort: 10001
|
|
|
+ - name: unifi-make-controller-discoverable
|
|
|
+ protocol: UDP
|
|
|
+ port: 1900
|
|
|
+ targetPort: 1900
|
|
|
+ - name: unifi-syslog
|
|
|
+ protocol: UDP
|
|
|
+ port: 5514
|
|
|
+ targetPort: 5514
|
|
|
+ selector:
|
|
|
+ run: unifi
|
|
|
+ type: LoadBalancer
|
|
|
+---
|
|
|
+apiVersion: v1
|
|
|
+kind: PersistentVolumeClaim
|
|
|
+metadata:
|
|
|
+ name: unifi
|
|
|
+ annotations:
|
|
|
+ nfs.io/storage-path: "unifi"
|
|
|
+spec:
|
|
|
+ storageClassName: managed-nfs-storage
|
|
|
+ accessModes:
|
|
|
+ - ReadOnlyMany
|
|
|
+ resources:
|
|
|
+ requests:
|
|
|
+ storage: 5Mi
|
|
|
+status: {}
|
|
|
+---
|
|
|
+apiVersion: apps/v1
|
|
|
+kind: Deployment
|
|
|
+metadata:
|
|
|
+ name: unifi
|
|
|
+spec:
|
|
|
+ replicas: 1
|
|
|
+ selector:
|
|
|
+ matchLabels:
|
|
|
+ run: unifi
|
|
|
+ strategy:
|
|
|
+ type: Recreate
|
|
|
+ template:
|
|
|
+ metadata:
|
|
|
+ labels:
|
|
|
+ run: unifi
|
|
|
+ spec:
|
|
|
+ containers:
|
|
|
+ - image: linuxserver/unifi-controller
|
|
|
+ name: unifi
|
|
|
+ env:
|
|
|
+ - name: TZ
|
|
|
+ value: US/Michigan
|
|
|
+# PUID and PGID are for volume permissions
|
|
|
+# - name: PUID
|
|
|
+# value: "1000"
|
|
|
+# - name: PGID
|
|
|
+# value: "1000"
|
|
|
+ - name: MEM_LIMIT
|
|
|
+ value: "1024M"
|
|
|
+ ports:
|
|
|
+ - containerPort: 3478
|
|
|
+ protocol: UDP
|
|
|
+ - containerPort: 10001
|
|
|
+ protocol: UDP
|
|
|
+ - containerPort: 8080
|
|
|
+ protocol: TCP
|
|
|
+ - containerPort: 8443
|
|
|
+ protocol: TCP
|
|
|
+ - containerPort: 1900
|
|
|
+ protocol: UDP
|
|
|
+ - containerPort: 8843
|
|
|
+ protocol: TCP
|
|
|
+ - containerPort: 8880
|
|
|
+ protocol: TCP
|
|
|
+ - containerPort: 6789
|
|
|
+ protocol: TCP
|
|
|
+ - containerPort: 5514
|
|
|
+ protocol: UDP
|
|
|
+ resources: {}
|
|
|
+ volumeMounts:
|
|
|
+ - mountPath: /config
|
|
|
+ name: unifi
|
|
|
+ restartPolicy: Always
|
|
|
+ volumes:
|
|
|
+ - name: unifi
|
|
|
+ persistentVolumeClaim:
|
|
|
+ claimName: unifi
|
|
|
+status: {}
|
|
|
+---
|
|
|
+# Hosting
|
|
|
+apiVersion: networking.k8s.io/v1
|
|
|
+kind: Ingress
|
|
|
+metadata:
|
|
|
+ name: unifi-management
|
|
|
+ annotations:
|
|
|
+ nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
|
|
+ nginx.ingress.kubernetes.io/proxy-ssl-verify: "off"
|
|
|
+ cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
|
+spec:
|
|
|
+ tls:
|
|
|
+ - hosts:
|
|
|
+ - unifi.monkeybox.org
|
|
|
+ secretName: unifi-tls
|
|
|
+ rules:
|
|
|
+ - host: unifi.monkeybox.org
|
|
|
+ http:
|
|
|
+ paths:
|
|
|
+ - path: /
|
|
|
+ pathType: Prefix
|
|
|
+ backend:
|
|
|
+ service:
|
|
|
+ name: unifi-tcp
|
|
|
+ port:
|
|
|
+ number: 8443
|
