Containers
/
monkeybox_kubernetes


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163
							apiVersion: v1
kind: Service
metadata:
  name: unifi-tcp
  labels:
    run: unifi
  annotations:
    metallb.universe.tf/allow-shared-ip: "unifi"
spec:
  ports:
    - name: unifi-device-communication
      protocol: TCP
      port: 8080
      targetPort: 8080
    - name: unifi-management
      protocol: TCP
      port: 8443
      targetPort: 8443
    - name: unifi-guest-https
      protocol: TCP
      port: 8843
      targetPort: 8843
    - name: unifi-guest-http
      protocol: TCP
      port: 8880
      targetPort: 8880
    - name: unifi-mobile-throughput
      protocol: TCP
      port: 6789
      targetPort: 6789
  selector:
    run: unifi
  type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
  name: unifi-udp
  labels:
    run: unifi
  annotations:
    metallb.universe.tf/allow-shared-ip: "unifi"
spec:
  ports:
    - name: stun
      protocol: UDP
      port: 3478
      targetPort: 3478
    - name: ap-discovery
      protocol: UDP
      port: 10001
      targetPort: 10001
    - name: unifi-make-controller-discoverable
      protocol: UDP
      port: 1900
      targetPort: 1900
    - name: unifi-syslog
      protocol: UDP
      port: 5514
      targetPort: 5514
  selector:
    run: unifi
  type: LoadBalancer
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: unifi
  annotations:
    nfs.io/storage-path: "unifi"
spec:
  storageClassName: managed-nfs-storage
  accessModes:
    - ReadOnlyMany
  resources:
    requests:
      storage: 5Mi
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: unifi
spec:
  replicas: 1
  selector:
    matchLabels:
      run: unifi
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        run: unifi
    spec:
      containers:
        - image: linuxserver/unifi-controller
          name: unifi
          env:
            - name: TZ
              value: US/Michigan
# PUID and PGID are for volume permissions
#            - name: PUID
#              value: "1000"
#            - name: PGID
#              value: "1000"
            - name: MEM_LIMIT
              value: "1024M"
          ports:
            - containerPort: 3478
              protocol: UDP
            - containerPort: 10001
              protocol: UDP
            - containerPort: 8080
              protocol: TCP
            - containerPort: 8443
              protocol: TCP
            - containerPort: 1900
              protocol: UDP
            - containerPort: 8843
              protocol: TCP
            - containerPort: 8880
              protocol: TCP
            - containerPort: 6789
              protocol: TCP
            - containerPort: 5514
              protocol: UDP
          resources: {}
          volumeMounts:
            - mountPath: /config
              name: unifi
      restartPolicy: Always
      volumes:
        - name: unifi
          persistentVolumeClaim:
            claimName: unifi
status: {}
---
# Hosting
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: unifi-management
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/proxy-ssl-verify: "off"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - unifi.monkeybox.org
    secretName: unifi-tls
  rules:
  - host: unifi.monkeybox.org
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: unifi-tcp
            port:
              number: 8443