mirror of
https://github.com/JamesTurland/JimsGarage.git
synced 2024-11-21 23:40:19 +00:00
add Kubernetes files
This commit is contained in:
parent
2f5ddd6822
commit
2e3dc1aed2
5 changed files with 246 additions and 0 deletions
14
Unifi-Controller/kubernetes/README.md
Normal file
14
Unifi-Controller/kubernetes/README.md
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
# Deployment
|
||||||
|
|
||||||
|
You can't just deploy the whole folder. You have to apply the files in the following order:
|
||||||
|
|
||||||
|
1. Create the namespace and the secrets using ´kubectl apply -f namespaceAndSecret.yaml ´
|
||||||
|
2. Apply the init-script using ´kubectl create configmap create-db-configmap --from-file=init-mongo.js --namespace unifi-controller´
|
||||||
|
3. Create two persistent volumes and two persistent volume claims in Longhorn
|
||||||
|
|
||||||
|
- unifi-db
|
||||||
|
- unifi-config
|
||||||
|
|
||||||
|
4. Deploy the pod and the service using ´kubectl apply -f deployment.yaml ´
|
||||||
|
5. If you want to access the GUI via Traefik you can add an ingress using ´kubectl apply -f ingress.yaml ´
|
||||||
|
6. Check if the MongoDB Container is running and delete the configmap ´create-db-configmap´ for security reasons
|
164
Unifi-Controller/kubernetes/deployment.yaml
Normal file
164
Unifi-Controller/kubernetes/deployment.yaml
Normal file
|
@ -0,0 +1,164 @@
|
||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: unifi-controller
|
||||||
|
app.kubernetes.io/instance: unifi-controller
|
||||||
|
name: unifi-controller
|
||||||
|
namespace: unifi-controller
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
type: RollingUpdate
|
||||||
|
rollingUpdate:
|
||||||
|
maxSurge: 1
|
||||||
|
maxUnavailable: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: unifi-controller
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: unifi-controller
|
||||||
|
spec:
|
||||||
|
nodeSelector:
|
||||||
|
worker: "true"
|
||||||
|
containers:
|
||||||
|
- image: docker.io/mongo:7.0
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
name: unifi-db
|
||||||
|
args: ["--dbpath", "/data/db"]
|
||||||
|
livenessProbe:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- mongo
|
||||||
|
- --disableImplicitSessions
|
||||||
|
- --eval
|
||||||
|
- "db.adminCommand('ping')"
|
||||||
|
initialDelaySeconds: 30
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 5
|
||||||
|
successThreshold: 1
|
||||||
|
failureThreshold: 6
|
||||||
|
readinessProbe:
|
||||||
|
exec:
|
||||||
|
command:
|
||||||
|
- mongo
|
||||||
|
- --disableImplicitSessions
|
||||||
|
- --eval
|
||||||
|
- "db.adminCommand('ping')"
|
||||||
|
initialDelaySeconds: 30
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 5
|
||||||
|
successThreshold: 1
|
||||||
|
failureThreshold: 6
|
||||||
|
ports:
|
||||||
|
- containerPort: 27017
|
||||||
|
name: mongo
|
||||||
|
protocol: TCP
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /data/db
|
||||||
|
name: unifi-db
|
||||||
|
- name: "init-database"
|
||||||
|
mountPath: "/docker-entrypoint-initdb.d/"
|
||||||
|
- image: lscr.io/linuxserver/unifi-network-application:8.1.113-ls36
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
name: unifi-controller
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: unifi-env
|
||||||
|
env:
|
||||||
|
- name: MONGO_HOST
|
||||||
|
value: "localhost"
|
||||||
|
- name: MONGO_PORT
|
||||||
|
value: "27017"
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /config
|
||||||
|
name: unifi-config
|
||||||
|
ports:
|
||||||
|
- containerPort: 8443
|
||||||
|
name: web
|
||||||
|
protocol: TCP
|
||||||
|
- containerPort: 3478
|
||||||
|
name: stun
|
||||||
|
protocol: UDP
|
||||||
|
- containerPort: 1001
|
||||||
|
name: discovery
|
||||||
|
protocol: UDP
|
||||||
|
- containerPort: 8080
|
||||||
|
name: communication
|
||||||
|
protocol: TCP
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 2
|
||||||
|
memory: 1Gi
|
||||||
|
requests:
|
||||||
|
cpu: 200m
|
||||||
|
memory: 256Mi
|
||||||
|
livenessProbe:
|
||||||
|
tcpSocket:
|
||||||
|
port: communication
|
||||||
|
initialDelaySeconds: 60
|
||||||
|
periodSeconds: 10
|
||||||
|
readinessProbe:
|
||||||
|
httpGet:
|
||||||
|
scheme: HTTPS
|
||||||
|
path: /
|
||||||
|
port: web
|
||||||
|
initialDelaySeconds: 30
|
||||||
|
periodSeconds: 10
|
||||||
|
volumes:
|
||||||
|
- name: unifi-db
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: unifi-db
|
||||||
|
- name: unifi-config
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: unifi-config
|
||||||
|
- name: "init-database"
|
||||||
|
configMap:
|
||||||
|
name: create-db-configmap
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: unifi-tcp
|
||||||
|
namespace: unifi-controller
|
||||||
|
annotations:
|
||||||
|
metallb.universe.tf/allow-shared-ip: unifi-controller
|
||||||
|
spec:
|
||||||
|
type: LoadBalancer
|
||||||
|
loadBalancerIP: 10.122.0.65 # MUST match loadBalancerIP of the other service. Choose a availible IP in your MetalLB Range
|
||||||
|
ports:
|
||||||
|
- name: web
|
||||||
|
protocol: TCP
|
||||||
|
port: 8443
|
||||||
|
targetPort: 8443
|
||||||
|
- name: communication
|
||||||
|
protocol: TCP
|
||||||
|
port: 8080
|
||||||
|
targetPort: 8080
|
||||||
|
selector:
|
||||||
|
app: unifi-controller
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: unifi-udp
|
||||||
|
namespace: unifi-controller
|
||||||
|
annotations:
|
||||||
|
metallb.universe.tf/allow-shared-ip: unifi-controller
|
||||||
|
spec:
|
||||||
|
type: LoadBalancer
|
||||||
|
loadBalancerIP: 10.122.0.65 # MUST match loadBalancerIP of the other service. Choose a availible IP in your MetalLB Range
|
||||||
|
ports:
|
||||||
|
- name: stun
|
||||||
|
protocol: UDP
|
||||||
|
port: 3478
|
||||||
|
targetPort: 3478
|
||||||
|
- name: discovery
|
||||||
|
protocol: UDP
|
||||||
|
port: 10001
|
||||||
|
targetPort: 10001
|
||||||
|
selector:
|
||||||
|
app: unifi-controller
|
39
Unifi-Controller/kubernetes/ingress.yaml
Normal file
39
Unifi-Controller/kubernetes/ingress.yaml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: default-headers
|
||||||
|
namespace: unifi-controller
|
||||||
|
spec:
|
||||||
|
headers:
|
||||||
|
browserXssFilter: true
|
||||||
|
contentTypeNosniff: true
|
||||||
|
forceSTSHeader: true
|
||||||
|
stsIncludeSubdomains: true
|
||||||
|
stsPreload: true
|
||||||
|
stsSeconds: 15552000
|
||||||
|
customFrameOptionsValue: SAMEORIGIN
|
||||||
|
customRequestHeaders:
|
||||||
|
X-Forwarded-Proto: https
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: IngressRoute
|
||||||
|
metadata:
|
||||||
|
name: unifi-controller
|
||||||
|
namespace: unifi-controller
|
||||||
|
annotations:
|
||||||
|
kubernetes.io/ingress.class: traefik-external
|
||||||
|
spec:
|
||||||
|
entryPoints:
|
||||||
|
- websecure
|
||||||
|
routes:
|
||||||
|
- match: Host(`unifi.yourdomain.com`) # change to your domain
|
||||||
|
kind: Rule
|
||||||
|
services:
|
||||||
|
- name: unifi-tcp
|
||||||
|
port: 8443
|
||||||
|
scheme: https
|
||||||
|
middlewares:
|
||||||
|
- name: default-headers
|
||||||
|
tls:
|
||||||
|
secretName: ffth-tls # change to your cert name
|
10
Unifi-Controller/kubernetes/init-mongo.js
Normal file
10
Unifi-Controller/kubernetes/init-mongo.js
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
db.getSiblingDB("unifi").createUser({
|
||||||
|
user: "unifi",
|
||||||
|
pwd: "5nHgg3G0cH9d",
|
||||||
|
roles: [{ role: "dbOwner", db: "unifi" }],
|
||||||
|
});
|
||||||
|
db.getSiblingDB("unifi_stat").createUser({
|
||||||
|
user: "unifi",
|
||||||
|
pwd: "5nHgg3G0cH9d",
|
||||||
|
roles: [{ role: "dbOwner", db: "unifi_stat" }],
|
||||||
|
});
|
19
Unifi-Controller/kubernetes/namespaceAndSecret.yaml
Normal file
19
Unifi-Controller/kubernetes/namespaceAndSecret.yaml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Namespace
|
||||||
|
metadata:
|
||||||
|
name: unifi-controller
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: unifi-env
|
||||||
|
namespace: unifi-controller
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
PUID: "1000"
|
||||||
|
PGID: "1000"
|
||||||
|
TZ: "Europe/London"
|
||||||
|
MONGO_USER: "unifi"
|
||||||
|
MONGO_PASS: "5nHgg3G0cH9d"
|
||||||
|
MONGO_DBNAME: unifi
|
Loading…
Reference in a new issue