diff --git a/unifi/.helmignore b/unifi/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/unifi/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/unifi/Chart.yaml b/unifi/Chart.yaml new file mode 100644 index 00000000..a865a7ba --- /dev/null +++ b/unifi/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +appVersion: 5.8.24 +description: Ubiqiti Network's Unifi Controller +name: unifi +version: 0.1.10 +keywords: +- ubiqiti +- unifi +- mongodb +home: https://github.com/jacobalberty/unifi-docker +icon: https://blog.ubnt.com/wp-content/uploads/2016/10/unifi-app-logo.png +sources: +- https://github.com/jacobalberty/unifi-docker +- https://github.com/billimek/billimek-charts +maintainers: +- name: billimek + email: jeff@billimek.com \ No newline at end of file diff --git a/unifi/README.md b/unifi/README.md new file mode 100644 index 00000000..1f405e06 --- /dev/null +++ b/unifi/README.md @@ -0,0 +1,102 @@ +# Ubiqiti Network's Unifi Controller + +This is a helm chart for [Ubiqiti Network's](https://www.ubnt.com/) [Unifi Controller](https://unifi-sdn.ubnt.com/) + +## TL;DR; + +```console +$ helm repo add billimek https://raw.githubusercontent.com/billimek/helm-repo/master +$ helm install billimek/unifi +``` + +## Introduction + +This code is adopted from [this original repo](https://github.com/jacobalberty/unifi-docker) + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install --name my-release billimek/unifi +``` +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release --purge +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the Sentry chart and their default values. + +| Parameter | Description | Default | +|----------------------------|-------------------------------------|---------------------------------------------------------| +| `image.repository` | Image repository | `jacobalberty/unifi` | +| `image.tag` | Image tag. Possible values listed [here](https://hub.docker.com/r/jacobalberty/unifi/tags/).| `5.8.23`| +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `guiService.type` | Kubernetes service type for the Unifi GUI | `ClusterIP` | +| `guiService.port` | Kubernetes port where the Unifi GUI is exposed| `8443` | +| `guiService.annotations` | Service annotations for the Unifi GUI | `{}` | +| `guiService.loadBalancerIP` | Loadbalance IP for the Unifi GUI | `{}` | +| `controllerService.type` | Kubernetes service type for the Unifi Controller communication | `NodePort` | +| `controllerService.port` | Kubernetes port where the Unifi Controller is exposed - this needs to be reachable by the unifi devices on the network | `8080` | +| `controllerService.annotations` | Service annotations for the Unifi Controller | `{}` | +| `controllerService.loadBalancerIP` | Loadbalance IP for the Unifi Controller | `{}` | +| `stunService.type` | Kubernetes service type for the Unifi STUN | `NodePort` | +| `stunService.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | +| `stunService.annotations` | Service annotations for the Unifi STUN | `{}` | +| `stunService.loadBalancerIP` | Loadbalance IP for the Unifi STUN | `{}` | +| `discoveryService.type` | Kubernetes service type for AP discovery | `NodePort` | +| `discoveryService.port` | Kubernetes UDP port for AP discovery | `10001` | +| `discoveryService.annotations` | Service annotations for AP discovery | `{}` | +| `discoveryService.loadBalancerIP` | Loadbalance IP for AP discovery | `{}` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.labels` | Custom labels | `{}` +| `ingress.path` | Ingress path | `/` | +| `ingress.hosts` | Ingress accepted hostnames | `chart-example.local` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | +| `runas_root` | Run the controller as UID0 (root user) | `false` | +| `mongodb.enabled` | Use external MongoDB for data storage | `false` | +| `mongodb.db_uri` | external MongoDB URI | `mongodb://mongo/unifi` | +| `mongodb.statdb_uri` | external MongoDB statdb URI | `mongodb://mongo/unifi_stat` | +| `mongodb.database_name` | external MongoDB database name | `unifi` | +| `persistence.enabled` | Use persistent volume to store data | `false` | +| `persistence.size` | Size of persistent volume claim | `5Gi` | +| `persistence.existingClaim`| Use an existing PVC to persist data | `nil` | +| `persistence.storageClass` | Type of persistent volume claim | `-` | +| `persistence.accessModes` | Persistence access modes | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install --name my-release \ + --set config.digitalocean.token=thisismyapikey \ + billimek/unifi +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install --name my-release -f values.yaml billimek/unifi +``` + +Read through the [values.yaml](values.yaml) file. It has several commented out suggested values. + + +## Regarding the services + +* `guiService`: represents the main web UI and is what one would normally point the ingress to +* `controllerService`: This is needed in order for the unifi devices to talk to the controller and must be otherwise exposed to the network where the unifi devices run. If you run this as a NodePort (the default setting), make sure that there is an external loadbalancer that is directing traffic from port 8080 to the NodePort for this service +* `discoveryService`: This needs to be reachable by the unifi devices on the network similar to the controllerService but only during the discovery phase. This is a UDP service +* `stunService`: Also used periodically by the unifi devices to communicate with the controller using UDP. See [this article](https://help.ubnt.com/hc/en-us/articles/204976094-UniFi-What-protocol-does-the-controller-use-to-communicate-with-the-UAP-) and [this other article](https://help.ubnt.com/hc/en-us/articles/115015457668-UniFi-Troubleshooting-STUN-Communication-Errors) for more information \ No newline at end of file diff --git a/unifi/templates/NOTES.txt b/unifi/templates/NOTES.txt new file mode 100644 index 00000000..1c2fe943 --- /dev/null +++ b/unifi/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} +{{- end }} +{{- else if contains "NodePort" .Values.guiService.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "unifi.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.guiService.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "unifi.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "unifi.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.guiService.port }} +{{- else if contains "ClusterIP" .Values.guiService.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "unifi.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/unifi/templates/_helpers.tpl b/unifi/templates/_helpers.tpl new file mode 100644 index 00000000..1c11a45f --- /dev/null +++ b/unifi/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "unifi.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "unifi.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "unifi.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/unifi/templates/controller-svc.yaml b/unifi/templates/controller-svc.yaml new file mode 100644 index 00000000..3626ced6 --- /dev/null +++ b/unifi/templates/controller-svc.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-controller + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.controllerService.type }} + ports: + - port: {{ .Values.controllerService.port }} + targetPort: 8080 + protocol: TCP + name: controller + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} diff --git a/unifi/templates/deployment.yaml b/unifi/templates/deployment.yaml new file mode 100644 index 00000000..069b2b6e --- /dev/null +++ b/unifi/templates/deployment.yaml @@ -0,0 +1,94 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: {{ template "unifi.fullname" . }} + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: https + containerPort: {{ .Values.guiService.port }} + protocol: TCP + - name: controller + containerPort: {{ .Values.controllerService.port }} + protocol: TCP + - name: discovery + containerPort: {{ .Values.discoveryService.port }} + protocol: UDP + - name: stun + containerPort: {{ .Values.stunService.port }} + protocol: UDP + # livenessProbe: + # httpGet: + # path: / + # port: http + # readinessProbe: + # httpGet: + # path: / + # port: http + env: + - name: TZ + value: "{{ .Values.timezone }}" + - name: RUNAS_UID0 + value: "{{ .Values.runas_root }}" + {{- if .Values.mongodb.enabled }} + - name: DB_URI + value: "{{ .Values.mongodb.db_uri }}" + - name: STATDB_URI + value: "{{ .Values.mongodb.statdb_uri }}" + - name: DB_NAME + value: "{{ .Values.mongodb.database_name }}" + {{- end }} + volumeMounts: + - mountPath: /unifi/data + name: unifi-data + subPath: data + - mountPath: /unifi/log + name: unifi-data + subPath: log + - mountPath: /unifi/cert + name: unifi-data + subPath: cert + - mountPath: /unifi/init.d + name: unifi-data + subPath: init.d + resources: +{{ toYaml .Values.resources | indent 12 }} + volumes: + - name: unifi-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "unifi.fullname" . }}{{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/unifi/templates/discovery-svc.yaml b/unifi/templates/discovery-svc.yaml new file mode 100644 index 00000000..492f8ad2 --- /dev/null +++ b/unifi/templates/discovery-svc.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-discovery + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.discoveryService.type }} + ports: + - port: {{ .Values.discoveryService.port }} + targetPort: http + protocol: UDP + name: discovery + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} diff --git a/unifi/templates/gui-svc.yaml b/unifi/templates/gui-svc.yaml new file mode 100644 index 00000000..bf998727 --- /dev/null +++ b/unifi/templates/gui-svc.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-gui + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.guiService.labels }} +{{ toYaml .Values.guiService.labels | indent 4 }} +{{- end }} +{{- with .Values.guiService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.guiService.type "ClusterIP") (empty .Values.guiService.type)) }} + type: ClusterIP + {{- if .Values.guiService.clusterIP }} + clusterIP: {{ .Values.guiService.clusterIP }} + {{end}} +{{- else if eq .Values.guiService.type "LoadBalancer" }} + type: {{ .Values.guiService.type }} + {{- if .Values.guiService.loadBalancerIP }} + loadBalancerIP: {{ .Values.guiService.loadBalancerIP }} + {{- end }} + {{- if .Values.guiService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.guiService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.guiService.type }} +{{- end }} +{{- if .Values.guiService.externalIPs }} + externalIPs: +{{ toYaml .Values.guiService.externalIPs | indent 4 }} +{{- end }} + ports: + - name: https + port: {{ .Values.guiService.port }} + protocol: TCP + targetPort: 8443 +{{ if (and (eq .Values.guiService.type "NodePort") (not (empty .Values.guiService.nodePort))) }} + nodePort: {{.Values.guiService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} \ No newline at end of file diff --git a/unifi/templates/ingress.yaml b/unifi/templates/ingress.yaml new file mode 100644 index 00000000..9d892548 --- /dev/null +++ b/unifi/templates/ingress.yaml @@ -0,0 +1,39 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "unifi.fullname" . -}} +{{- $servicePort := .Values.guiService.port -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }}-gui + servicePort: {{ $servicePort }} + {{- end }} +{{- end }} diff --git a/unifi/templates/pvc.yaml b/unifi/templates/pvc.yaml new file mode 100644 index 00000000..5ad2ff76 --- /dev/null +++ b/unifi/templates/pvc.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "unifi.fullname" . }} + labels: + app: {{ template "unifi.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/unifi/templates/stun-svc.yaml b/unifi/templates/stun-svc.yaml new file mode 100644 index 00000000..0c5a5884 --- /dev/null +++ b/unifi/templates/stun-svc.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-stun + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.stunService.type }} + ports: + - port: {{ .Values.stunService.port }} + targetPort: 10001 + protocol: UDP + name: stun + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} \ No newline at end of file diff --git a/unifi/values.yaml b/unifi/values.yaml new file mode 100644 index 00000000..1b386d17 --- /dev/null +++ b/unifi/values.yaml @@ -0,0 +1,137 @@ +# Default values for unifi. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: jacobalberty/unifi + tag: 5.8.24 + pullPolicy: IfNotPresent + +guiService: + type: ClusterIP + port: 8443 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + +controllerService: + type: NodePort + port: 8080 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + +stunService: + type: NodePort + port: 3478 # udp + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + +discoveryService: + type: NodePort + port: 10001 # udp + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +timezone: UTC + +runas_root: false + + # define an external mongoDB instead of using the built-in mongodb +mongodb: + enabled: false + db_uri: mongodb://mongo/unifi + statdb_uri: mongodb://mongo/unifi_stat + database_name: unifi + +persistence: + enabled: false + ## unifi data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + accessMode: ReadWriteOnce + size: 5Gi + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {}