mirror of
https://github.com/JamesTurland/JimsGarage.git
synced 2024-11-25 01:10:22 +00:00
Merge pull request #77 from pgumpoldsberger/Unifi
add Kubernetes files for Unifi Network Application
This commit is contained in:
commit
81a4b6e8ff
5 changed files with 246 additions and 0 deletions
14
Unifi-Controller/kubernetes/README.md
Normal file
14
Unifi-Controller/kubernetes/README.md
Normal file
|
@ -0,0 +1,14 @@
|
|||
# Deployment
|
||||
|
||||
You can't just deploy the whole folder. You have to apply the files in the following order:
|
||||
|
||||
1. Create the namespace and the secrets using ´kubectl apply -f namespaceAndSecret.yaml ´
|
||||
2. Apply the init-script using ´kubectl create configmap create-db-configmap --from-file=init-mongo.js --namespace unifi-controller´
|
||||
3. Create two persistent volumes and two persistent volume claims in Longhorn
|
||||
|
||||
- unifi-db
|
||||
- unifi-config
|
||||
|
||||
4. Deploy the pod and the service using ´kubectl apply -f deployment.yaml ´
|
||||
5. If you want to access the GUI via Traefik you can add an ingress using ´kubectl apply -f ingress.yaml ´
|
||||
6. Check if the MongoDB Container is running and delete the configmap ´create-db-configmap´ for security reasons
|
164
Unifi-Controller/kubernetes/deployment.yaml
Normal file
164
Unifi-Controller/kubernetes/deployment.yaml
Normal file
|
@ -0,0 +1,164 @@
|
|||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: unifi-controller
|
||||
app.kubernetes.io/instance: unifi-controller
|
||||
name: unifi-controller
|
||||
namespace: unifi-controller
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxSurge: 1
|
||||
maxUnavailable: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: unifi-controller
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: unifi-controller
|
||||
spec:
|
||||
nodeSelector:
|
||||
worker: "true"
|
||||
containers:
|
||||
- image: docker.io/mongo:7.0
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: unifi-db
|
||||
args: ["--dbpath", "/data/db"]
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- mongo
|
||||
- --disableImplicitSessions
|
||||
- --eval
|
||||
- "db.adminCommand('ping')"
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 6
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- mongo
|
||||
- --disableImplicitSessions
|
||||
- --eval
|
||||
- "db.adminCommand('ping')"
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
successThreshold: 1
|
||||
failureThreshold: 6
|
||||
ports:
|
||||
- containerPort: 27017
|
||||
name: mongo
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- mountPath: /data/db
|
||||
name: unifi-db
|
||||
- name: "init-database"
|
||||
mountPath: "/docker-entrypoint-initdb.d/"
|
||||
- image: lscr.io/linuxserver/unifi-network-application:8.1.113-ls36
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: unifi-controller
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: unifi-env
|
||||
env:
|
||||
- name: MONGO_HOST
|
||||
value: "localhost"
|
||||
- name: MONGO_PORT
|
||||
value: "27017"
|
||||
volumeMounts:
|
||||
- mountPath: /config
|
||||
name: unifi-config
|
||||
ports:
|
||||
- containerPort: 8443
|
||||
name: web
|
||||
protocol: TCP
|
||||
- containerPort: 3478
|
||||
name: stun
|
||||
protocol: UDP
|
||||
- containerPort: 1001
|
||||
name: discovery
|
||||
protocol: UDP
|
||||
- containerPort: 8080
|
||||
name: communication
|
||||
protocol: TCP
|
||||
resources:
|
||||
limits:
|
||||
cpu: 2
|
||||
memory: 1Gi
|
||||
requests:
|
||||
cpu: 200m
|
||||
memory: 256Mi
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: communication
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 10
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
scheme: HTTPS
|
||||
path: /
|
||||
port: web
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
volumes:
|
||||
- name: unifi-db
|
||||
persistentVolumeClaim:
|
||||
claimName: unifi-db
|
||||
- name: unifi-config
|
||||
persistentVolumeClaim:
|
||||
claimName: unifi-config
|
||||
- name: "init-database"
|
||||
configMap:
|
||||
name: create-db-configmap
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: unifi-tcp
|
||||
namespace: unifi-controller
|
||||
annotations:
|
||||
metallb.universe.tf/allow-shared-ip: unifi-controller
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
loadBalancerIP: 10.122.0.65 # MUST match loadBalancerIP of the other service. Choose a availible IP in your MetalLB Range
|
||||
ports:
|
||||
- name: web
|
||||
protocol: TCP
|
||||
port: 8443
|
||||
targetPort: 8443
|
||||
- name: communication
|
||||
protocol: TCP
|
||||
port: 8080
|
||||
targetPort: 8080
|
||||
selector:
|
||||
app: unifi-controller
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: unifi-udp
|
||||
namespace: unifi-controller
|
||||
annotations:
|
||||
metallb.universe.tf/allow-shared-ip: unifi-controller
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
loadBalancerIP: 10.122.0.65 # MUST match loadBalancerIP of the other service. Choose a availible IP in your MetalLB Range
|
||||
ports:
|
||||
- name: stun
|
||||
protocol: UDP
|
||||
port: 3478
|
||||
targetPort: 3478
|
||||
- name: discovery
|
||||
protocol: UDP
|
||||
port: 10001
|
||||
targetPort: 10001
|
||||
selector:
|
||||
app: unifi-controller
|
39
Unifi-Controller/kubernetes/ingress.yaml
Normal file
39
Unifi-Controller/kubernetes/ingress.yaml
Normal file
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: default-headers
|
||||
namespace: unifi-controller
|
||||
spec:
|
||||
headers:
|
||||
browserXssFilter: true
|
||||
contentTypeNosniff: true
|
||||
forceSTSHeader: true
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
stsSeconds: 15552000
|
||||
customFrameOptionsValue: SAMEORIGIN
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: https
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: unifi-controller
|
||||
namespace: unifi-controller
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik-external
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`unifi.yourdomain.com`) # change to your domain
|
||||
kind: Rule
|
||||
services:
|
||||
- name: unifi-tcp
|
||||
port: 8443
|
||||
scheme: https
|
||||
middlewares:
|
||||
- name: default-headers
|
||||
tls:
|
||||
secretName: ffth-tls # change to your cert name
|
10
Unifi-Controller/kubernetes/init-mongo.js
Normal file
10
Unifi-Controller/kubernetes/init-mongo.js
Normal file
|
@ -0,0 +1,10 @@
|
|||
db.getSiblingDB("unifi").createUser({
|
||||
user: "unifi",
|
||||
pwd: "5nHgg3G0cH9d",
|
||||
roles: [{ role: "dbOwner", db: "unifi" }],
|
||||
});
|
||||
db.getSiblingDB("unifi_stat").createUser({
|
||||
user: "unifi",
|
||||
pwd: "5nHgg3G0cH9d",
|
||||
roles: [{ role: "dbOwner", db: "unifi_stat" }],
|
||||
});
|
19
Unifi-Controller/kubernetes/namespaceAndSecret.yaml
Normal file
19
Unifi-Controller/kubernetes/namespaceAndSecret.yaml
Normal file
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: unifi-controller
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: unifi-env
|
||||
namespace: unifi-controller
|
||||
type: Opaque
|
||||
stringData:
|
||||
PUID: "1000"
|
||||
PGID: "1000"
|
||||
TZ: "Europe/London"
|
||||
MONGO_USER: "unifi"
|
||||
MONGO_PASS: "5nHgg3G0cH9d"
|
||||
MONGO_DBNAME: unifi
|
Loading…
Reference in a new issue