beenull/JG-mirror
1
0
Fork 0
mirror of https://github.com/JamesTurland/JimsGarage.git synced 2024-11-21 15:30:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add Kubernetes files

Browse source
This commit is contained in:
pgumpoldsberger 2024-04-06 18:21:04 +02:00
parent 2f5ddd6822
commit 2e3dc1aed2
5 changed files with 246 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
Unifi-Controller/kubernetes/README.md Normal file
View file

@ -0,0 +1,14 @@
# Deployment
You can't just deploy the whole folder. You have to apply the files in the following order:
1. Create the namespace and the secrets using ´kubectl apply -f namespaceAndSecret.yaml ´
2. Apply the init-script using ´kubectl create configmap create-db-configmap --from-file=init-mongo.js --namespace unifi-controller´
3. Create two persistent volumes and two persistent volume claims in Longhorn
- unifi-db
- unifi-config
4. Deploy the pod and the service using ´kubectl apply -f deployment.yaml ´
5. If you want to access the GUI via Traefik you can add an ingress using ´kubectl apply -f ingress.yaml ´
6. Check if the MongoDB Container is running and delete the configmap ´create-db-configmap´ for security reasons

164
Unifi-Controller/kubernetes/deployment.yaml Normal file
View file

@ -0,0 +1,164 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: unifi-controller
app.kubernetes.io/instance: unifi-controller
name: unifi-controller
namespace: unifi-controller
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
selector:
matchLabels:
app: unifi-controller
template:
metadata:
labels:
app: unifi-controller
spec:
nodeSelector:
worker: "true"
containers:
- image: docker.io/mongo:7.0
imagePullPolicy: IfNotPresent
name: unifi-db
args: ["--dbpath", "/data/db"]
livenessProbe:
exec:
command:
- mongo
- --disableImplicitSessions
- --eval
- "db.adminCommand('ping')"
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
readinessProbe:
exec:
command:
- mongo
- --disableImplicitSessions
- --eval
- "db.adminCommand('ping')"
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
ports:
- containerPort: 27017
name: mongo
protocol: TCP
volumeMounts:
- mountPath: /data/db
name: unifi-db
- name: "init-database"
mountPath: "/docker-entrypoint-initdb.d/"
- image: lscr.io/linuxserver/unifi-network-application:8.1.113-ls36
imagePullPolicy: IfNotPresent
name: unifi-controller
envFrom:
- secretRef:
name: unifi-env
env:
- name: MONGO_HOST
value: "localhost"
- name: MONGO_PORT
value: "27017"
volumeMounts:
- mountPath: /config
name: unifi-config
ports:
- containerPort: 8443
name: web
protocol: TCP
- containerPort: 3478
name: stun
protocol: UDP
- containerPort: 1001
name: discovery
protocol: UDP
- containerPort: 8080
name: communication
protocol: TCP
resources:
limits:
cpu: 2
memory: 1Gi
requests:
cpu: 200m
memory: 256Mi
livenessProbe:
tcpSocket:
port: communication
initialDelaySeconds: 60
periodSeconds: 10
readinessProbe:
httpGet:
scheme: HTTPS
path: /
port: web
initialDelaySeconds: 30
periodSeconds: 10
volumes:
- name: unifi-db
persistentVolumeClaim:
claimName: unifi-db
- name: unifi-config
persistentVolumeClaim:
claimName: unifi-config
- name: "init-database"
configMap:
name: create-db-configmap
---
apiVersion: v1
kind: Service
metadata:
name: unifi-tcp
namespace: unifi-controller
annotations:
metallb.universe.tf/allow-shared-ip: unifi-controller
spec:
type: LoadBalancer
loadBalancerIP: 10.122.0.65 # MUST match loadBalancerIP of the other service. Choose a availible IP in your MetalLB Range
ports:
- name: web
protocol: TCP
port: 8443
targetPort: 8443
- name: communication
protocol: TCP
port: 8080
targetPort: 8080
selector:
app: unifi-controller
---
apiVersion: v1
kind: Service
metadata:
name: unifi-udp
namespace: unifi-controller
annotations:
metallb.universe.tf/allow-shared-ip: unifi-controller
spec:
type: LoadBalancer
loadBalancerIP: 10.122.0.65 # MUST match loadBalancerIP of the other service. Choose a availible IP in your MetalLB Range
ports:
- name: stun
protocol: UDP
port: 3478
targetPort: 3478
- name: discovery
protocol: UDP
port: 10001
targetPort: 10001
selector:
app: unifi-controller

39
Unifi-Controller/kubernetes/ingress.yaml Normal file
View file

@ -0,0 +1,39 @@
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: default-headers
namespace: unifi-controller
spec:
headers:
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: unifi-controller
namespace: unifi-controller
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`unifi.yourdomain.com`) # change to your domain
kind: Rule
services:
- name: unifi-tcp
port: 8443
scheme: https
middlewares:
- name: default-headers
tls:
secretName: ffth-tls # change to your cert name

10
Unifi-Controller/kubernetes/init-mongo.js Normal file
View file

@ -0,0 +1,10 @@
db.getSiblingDB("unifi").createUser({
user: "unifi",
pwd: "5nHgg3G0cH9d",
roles: [{ role: "dbOwner", db: "unifi" }],
});
db.getSiblingDB("unifi_stat").createUser({
user: "unifi",
pwd: "5nHgg3G0cH9d",
roles: [{ role: "dbOwner", db: "unifi_stat" }],
});

19
Unifi-Controller/kubernetes/namespaceAndSecret.yaml Normal file
View file

@ -0,0 +1,19 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: unifi-controller
---
apiVersion: v1
kind: Secret
metadata:
name: unifi-env
namespace: unifi-controller
type: Opaque
stringData:
PUID: "1000"
PGID: "1000"
TZ: "Europe/London"
MONGO_USER: "unifi"
MONGO_PASS: "5nHgg3G0cH9d"
MONGO_DBNAME: unifi