Containers
/
monkeybox_kubernetes


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209
							apiVersion: v1
kind: Service
metadata:
  name: unifi-tcp
  labels:
    run: unifi
  annotations:
    metallb.universe.tf/allow-shared-ip: "unifi"
spec:
  ports:
    - name: unifi-device-communication
      protocol: TCP
      port: 8080
      targetPort: 8080
    - name: unifi-management
      protocol: TCP
      port: 8443
      targetPort: 8443
    - name: unifi-guest-https
      protocol: TCP
      port: 8843
      targetPort: 8843
    - name: unifi-guest-http
      protocol: TCP
      port: 8880
      targetPort: 8880
    - name: unifi-mobile-throughput
      protocol: TCP
      port: 6789
      targetPort: 6789
  selector:
    run: unifi
  type: LoadBalancer
  loadBalancerIP: 10.42.42.240
---
apiVersion: v1
kind: Service
metadata:
  name: unifi-udp
  labels:
    run: unifi
  annotations:
    metallb.universe.tf/allow-shared-ip: "unifi"
spec:
  ports:
    - name: stun
      protocol: UDP
      port: 3478
      targetPort: 3478
    - name: ap-discovery
      protocol: UDP
      port: 10001
      targetPort: 10001
    - name: unifi-make-controller-discoverable
      protocol: UDP
      port: 1900
      targetPort: 1900
    - name: unifi-syslog
      protocol: UDP
      port: 5514
      targetPort: 5514
  selector:
    run: unifi
  type: LoadBalancer
  loadBalancerIP: 10.42.42.240
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: unifi
spec:
  capacity:
    storage: 5Mi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain # Keep 4eva
  storageClassName: default
  mountOptions:
    - hard
    - nfsvers=3
  nfs:
    path: /mnt/DroboFS/Shares/Kubernetes/volumes/static/unifi
    server: 10.42.42.10
  claimRef:
    name: unifi
    namespace: default
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: unifi
  annotations:
    nfs.io/storage-path: "unifi"
spec:
  storageClassName: default
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Mi
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: unifi
spec:
  replicas: 1
  selector:
    matchLabels:
      run: unifi
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        run: unifi
    spec:
      terminationGracePeriodSeconds: 30
      containers:
        - image: linuxserver/unifi-controller
          imagePullPolicy: "Always"
          name: unifi
          env:
            - name: TZ
              value: US/Michigan
# PUID and PGID are for volume permissions
#            - name: PUID
#              value: "1000"
#            - name: PGID
#              value: "1000"
            - name: MEM_LIMIT
              value: "1024"
          ports:
            - containerPort: 3478
              protocol: UDP
            - containerPort: 10001
              protocol: UDP
            - containerPort: 8080
              protocol: TCP
            - containerPort: 8443
              protocol: TCP
            - containerPort: 1900
              protocol: UDP
            - containerPort: 8843
              protocol: TCP
            - containerPort: 8880
              protocol: TCP
            - containerPort: 6789
              protocol: TCP
            - containerPort: 5514
              protocol: UDP
          resources: 
            limits:
              memory: "2Gi"
              cpu: "1500m"
            requests:
              memory: "500Mi"
              cpu: "500m"
          volumeMounts:
            - mountPath: /config
              name: unifi
      restartPolicy: Always
      volumes:
        - name: unifi
          persistentVolumeClaim:
            claimName: unifi
      dnsPolicy: "None"
      dnsConfig:
        nameservers:
          - 10.42.42.239
          - 10.42.42.1
        searches:
          - default.svc.cluster.local
          - svc.cluster.local 
          - cluster.local
        options:
          - name: ndots
            value: "2"
          - name: edns0
          - name: trust-ad
status: {}
---
# Hosting
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: unifi-management
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginx.ingress.kubernetes.io/proxy-ssl-verify: "off"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - unifi.monkeybox.org
    secretName: unifi-tls
  rules:
  - host: unifi.monkeybox.org
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: unifi-tcp
            port:
              number: 8443