From 541b50fc943284fe434ebf1f97bf8343bd4ace0a Mon Sep 17 00:00:00 2001 From: Jeff Billimek Date: Sat, 6 Oct 2018 15:31:52 -0400 Subject: [PATCH] [stable/unifi] unifi controller chart (New chart) (#6426) * initial commit - unifi controller chart Signed-off-by: Jeff Billimek * enabling persistence by default, per guidelines Signed-off-by: Jeff Billimek * enabling persistence by default, per guidelines Signed-off-by: Jeff Billimek * changes requested in PR * Pegging to a certain version for the chart (0.1.0) until otherwise directed * Using consistent indentation for lists * Using camelCase * updating app version to current (5.8.28) Signed-off-by: Jeff Billimek * correcting linting failures Signed-off-by: Jeff Billimek * adding OWNERS for more timely merges in the future Signed-off-by: Jeff Billimek * Correcting inconsistent service definitions * fixing inconsistencies with service port & name definitions as described in PR * bumping app version to current * correcting typo in Charts.yaml Signed-off-by: Jeff Billimek * correcting ingress servicePort definition Signed-off-by: Jeff Billimek * correcting ingress servicePort definition Signed-off-by: Jeff Billimek Signed-off-by: Jeff Billimek * adding missing NodePort settings Signed-off-by: Jeff Billimek * Expanding service definitions * The values and readme reflect that the various services (deployment, stun, gui, controller) can handle annotations, but there is no use of those in the templates. This is now fixed * Added externalTrafficPolicy to all services * Some of these changes were requested via https://github.com/billimek/billimek-charts/issues/3 Signed-off-by: Jeff Billimek * switching to apps/v1 Signed-off-by: Jeff Billimek --- charts/unifi/.helmignore | 23 ++++ charts/unifi/Chart.yaml | 17 +++ charts/unifi/OWNERS | 4 + charts/unifi/README.md | 113 +++++++++++++++ charts/unifi/templates/NOTES.txt | 19 +++ charts/unifi/templates/_helpers.tpl | 32 +++++ charts/unifi/templates/controller-svc.yaml | 52 +++++++ charts/unifi/templates/deployment.yaml | 98 +++++++++++++ charts/unifi/templates/discovery-svc.yaml | 52 +++++++ charts/unifi/templates/gui-svc.yaml | 52 +++++++ charts/unifi/templates/ingress.yaml | 38 +++++ charts/unifi/templates/pvc.yaml | 24 ++++ charts/unifi/templates/stun-svc.yaml | 52 +++++++ charts/unifi/values.yaml | 153 +++++++++++++++++++++ 14 files changed, 729 insertions(+) create mode 100644 charts/unifi/.helmignore create mode 100644 charts/unifi/Chart.yaml create mode 100644 charts/unifi/OWNERS create mode 100644 charts/unifi/README.md create mode 100644 charts/unifi/templates/NOTES.txt create mode 100644 charts/unifi/templates/_helpers.tpl create mode 100644 charts/unifi/templates/controller-svc.yaml create mode 100644 charts/unifi/templates/deployment.yaml create mode 100644 charts/unifi/templates/discovery-svc.yaml create mode 100644 charts/unifi/templates/gui-svc.yaml create mode 100644 charts/unifi/templates/ingress.yaml create mode 100644 charts/unifi/templates/pvc.yaml create mode 100644 charts/unifi/templates/stun-svc.yaml create mode 100644 charts/unifi/values.yaml diff --git a/charts/unifi/.helmignore b/charts/unifi/.helmignore new file mode 100644 index 00000000..a9fe7278 --- /dev/null +++ b/charts/unifi/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# OWNERS file for Kubernetes +OWNERS \ No newline at end of file diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml new file mode 100644 index 00000000..4382022e --- /dev/null +++ b/charts/unifi/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +appVersion: 5.8.30 +description: Ubiquiti Network's Unifi Controller +name: unifi +version: 0.1.10 +keywords: + - ubiquiti + - unifi + - mongodb +home: https://github.com/jacobalberty/unifi-docker +icon: https://blog.ubnt.com/wp-content/uploads/2016/10/unifi-app-logo.png +sources: + - https://github.com/jacobalberty/unifi-docker + - https://github.com/kubernetes/charts/stable/unifi +maintainers: + - name: billimek + email: jeff@billimek.com diff --git a/charts/unifi/OWNERS b/charts/unifi/OWNERS new file mode 100644 index 00000000..b90909f4 --- /dev/null +++ b/charts/unifi/OWNERS @@ -0,0 +1,4 @@ +approvers: +- billimek +reviewers: +- billimek diff --git a/charts/unifi/README.md b/charts/unifi/README.md new file mode 100644 index 00000000..c25d05a8 --- /dev/null +++ b/charts/unifi/README.md @@ -0,0 +1,113 @@ +# Ubiqiti Network's Unifi Controller + +This is a helm chart for [Ubiqiti Network's](https://www.ubnt.com/) [Unifi Controller](https://unifi-sdn.ubnt.com/) + +## TL;DR; + +```console +helm install stable/unifi +``` + +## Introduction + +This code is adopted from [this original repo](https://github.com/jacobalberty/unifi-docker) + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install --name my-release stable/unifi +``` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release --purge +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the Sentry chart and their default values. + +| Parameter | Description | Default | +|----------------------------|-------------------------------------|---------------------------------------------------------| +| `image.repository` | Image repository | `jacobalberty/unifi` | +| `image.tag` | Image tag. Possible values listed [here](https://hub.docker.com/r/jacobalberty/unifi/tags/).| `5.8.23`| +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `guiService.type` | Kubernetes service type for the Unifi GUI | `ClusterIP` | +| `guiService.port` | Kubernetes port where the Unifi GUI is exposed| `8443` | +| `guiService.annotations` | Service annotations for the Unifi GUI | `{}` | +| `guiService.labels` | Custom labels | `{}` | +| `guiService.loadBalancerIP` | Loadbalance IP for the Unifi GUI | `{}` | +| `guiService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None +| `guiService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` +| `controllerService.type` | Kubernetes service type for the Unifi Controller communication | `NodePort` | +| `controllerService.port` | Kubernetes port where the Unifi Controller is exposed - this needs to be reachable by the unifi devices on the network | `8080` | +| `controllerService.annotations` | Service annotations for the Unifi Controller | `{}` | +| `controllerService.labels` | Custom labels | `{}` | +| `controllerService.loadBalancerIP` | Loadbalance IP for the Unifi Controller | `{}` | +| `controllerService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None +| `controllerService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` +| `stunService.type` | Kubernetes service type for the Unifi STUN | `NodePort` | +| `stunService.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | +| `stunService.annotations` | Service annotations for the Unifi STUN | `{}` | +| `stunService.labels` | Custom labels | `{}` | +| `stunService.loadBalancerIP` | Loadbalance IP for the Unifi STUN | `{}` | +| `stunService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None +| `stunService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` +| `discoveryService.type` | Kubernetes service type for AP discovery | `NodePort` | +| `discoveryService.port` | Kubernetes UDP port for AP discovery | `10001` | +| `discoveryService.annotations` | Service annotations for AP discovery | `{}` | +| `discoveryService.labels` | Custom labels | `{}` | +| `discoveryService.loadBalancerIP` | Loadbalance IP for AP discovery | `{}` | +| `discoveryService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None +| `discoveryService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.labels` | Custom labels | `{}` +| `ingress.path` | Ingress path | `/` | +| `ingress.hosts` | Ingress accepted hostnames | `chart-example.local` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | +| `runAsRoot` | Run the controller as UID0 (root user) | `false` | +| `mongodb.enabled` | Use external MongoDB for data storage | `false` | +| `mongodb.dbUri` | external MongoDB URI | `mongodb://mongo/unifi` | +| `mongodb.statDbUri` | external MongoDB statdb URI | `mongodb://mongo/unifi_stat` | +| `mongodb.databaseName` | external MongoDB database name | `unifi` | +| `persistence.enabled` | Use persistent volume to store data | `true` | +| `persistence.size` | Size of persistent volume claim | `5Gi` | +| `persistence.existingClaim`| Use an existing PVC to persist data | `nil` | +| `persistence.storageClass` | Type of persistent volume claim | `-` | +| `persistence.accessModes` | Persistence access modes | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install --name my-release \ + --set timezone="America/New York" \ + stable/unifi +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install --name my-release -f values.yaml stable/unifi +``` + +Read through the [values.yaml](values.yaml) file. It has several commented out suggested values. + +## Regarding the services + +* `guiService`: represents the main web UI and is what one would normally point the ingress to +* `controllerService`: This is needed in order for the unifi devices to talk to the controller and must be otherwise exposed to the network where the unifi devices run. If you run this as a NodePort (the default setting), make sure that there is an external loadbalancer that is directing traffic from port 8080 to the NodePort for this service +* `discoveryService`: This needs to be reachable by the unifi devices on the network similar to the controllerService but only during the discovery phase. This is a UDP service +* `stunService`: Also used periodically by the unifi devices to communicate with the controller using UDP. See [this article](https://help.ubnt.com/hc/en-us/articles/204976094-UniFi-What-protocol-does-the-controller-use-to-communicate-with-the-UAP-) and [this other article](https://help.ubnt.com/hc/en-us/articles/115015457668-UniFi-Troubleshooting-STUN-Communication-Errors) for more information diff --git a/charts/unifi/templates/NOTES.txt b/charts/unifi/templates/NOTES.txt new file mode 100644 index 00000000..1c2fe943 --- /dev/null +++ b/charts/unifi/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} +{{- end }} +{{- else if contains "NodePort" .Values.guiService.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "unifi.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.guiService.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "unifi.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "unifi.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.guiService.port }} +{{- else if contains "ClusterIP" .Values.guiService.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "unifi.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/charts/unifi/templates/_helpers.tpl b/charts/unifi/templates/_helpers.tpl new file mode 100644 index 00000000..1c11a45f --- /dev/null +++ b/charts/unifi/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "unifi.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "unifi.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "unifi.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/unifi/templates/controller-svc.yaml b/charts/unifi/templates/controller-svc.yaml new file mode 100644 index 00000000..7cac96a6 --- /dev/null +++ b/charts/unifi/templates/controller-svc.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-controller + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.controllerService.labels }} +{{ toYaml .Values.controllerService.labels | indent 4 }} +{{- end }} +{{- with .Values.controllerService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.controllerService.type "ClusterIP") (empty .Values.controllerService.type)) }} + type: ClusterIP + {{- if .Values.controllerService.clusterIP }} + clusterIP: {{ .Values.controllerService.clusterIP }} + {{end}} +{{- else if eq .Values.controllerService.type "LoadBalancer" }} + type: {{ .Values.controllerService.type }} + {{- if .Values.controllerService.loadBalancerIP }} + loadBalancerIP: {{ .Values.controllerService.loadBalancerIP }} + {{- end }} + {{- if .Values.controllerService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.controllerService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.controllerService.type }} +{{- end }} +{{- if .Values.controllerService.externalIPs }} + externalIPs: +{{ toYaml .Values.controllerService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.controllerService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.controllerService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.controllerService.port }} + targetPort: controller + protocol: TCP + name: controller +{{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.nodePort))) }} + nodePort: {{.Values.controllerService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml new file mode 100644 index 00000000..ab433ef2 --- /dev/null +++ b/charts/unifi/templates/deployment.yaml @@ -0,0 +1,98 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "unifi.fullname" . }} + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: https-gui + containerPort: 8443 + protocol: TCP + - name: controller + containerPort: 8080 + protocol: TCP + - name: discovery + containerPort: 10001 + protocol: UDP + - name: stun + containerPort: 3478 + protocol: UDP + livenessProbe: + httpGet: + path: /status + port: https-gui + scheme: HTTPS + initialDelaySeconds: 30 + readinessProbe: + httpGet: + path: /status + port: https-gui + scheme: HTTPS + initialDelaySeconds: 15 + env: + - name: TZ + value: "{{ .Values.timezone }}" + - name: RUNAS_UID0 + value: "{{ .Values.runAsRoot }}" + {{- if .Values.mongodb.enabled }} + - name: DB_URI + value: "{{ .Values.mongodb.dbUri }}" + - name: STATDB_URI + value: "{{ .Values.mongodb.statDbUri }}" + - name: DB_NAME + value: "{{ .Values.mongodb.databaseName }}" + {{- end }} + volumeMounts: + - mountPath: /unifi/data + name: unifi-data + subPath: data + - mountPath: /unifi/log + name: unifi-data + subPath: log + - mountPath: /unifi/cert + name: unifi-data + subPath: cert + - mountPath: /unifi/init.d + name: unifi-data + subPath: init.d + resources: +{{ toYaml .Values.resources | indent 12 }} + volumes: + - name: unifi-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "unifi.fullname" . }}{{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/unifi/templates/discovery-svc.yaml b/charts/unifi/templates/discovery-svc.yaml new file mode 100644 index 00000000..b3f7b685 --- /dev/null +++ b/charts/unifi/templates/discovery-svc.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-discovery + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.discoveryService.labels }} +{{ toYaml .Values.discoveryService.labels | indent 4 }} +{{- end }} +{{- with .Values.discoveryService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.discoveryService.type "ClusterIP") (empty .Values.discoveryService.type)) }} + type: ClusterIP + {{- if .Values.discoveryService.clusterIP }} + clusterIP: {{ .Values.discoveryService.clusterIP }} + {{end}} +{{- else if eq .Values.discoveryService.type "LoadBalancer" }} + type: {{ .Values.discoveryService.type }} + {{- if .Values.discoveryService.loadBalancerIP }} + loadBalancerIP: {{ .Values.discoveryService.loadBalancerIP }} + {{- end }} + {{- if .Values.discoveryService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.discoveryService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.discoveryService.type }} +{{- end }} +{{- if .Values.discoveryService.externalIPs }} + externalIPs: +{{ toYaml .Values.discoveryService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.discoveryService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.discoveryService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.discoveryService.port }} + targetPort: discovery + protocol: UDP + name: discovery +{{ if (and (eq .Values.discoveryService.type "NodePort") (not (empty .Values.discoveryService.nodePort))) }} + nodePort: {{.Values.discoveryService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} diff --git a/charts/unifi/templates/gui-svc.yaml b/charts/unifi/templates/gui-svc.yaml new file mode 100644 index 00000000..4f0c9b42 --- /dev/null +++ b/charts/unifi/templates/gui-svc.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-gui + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.guiService.labels }} +{{ toYaml .Values.guiService.labels | indent 4 }} +{{- end }} +{{- with .Values.guiService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.guiService.type "ClusterIP") (empty .Values.guiService.type)) }} + type: ClusterIP + {{- if .Values.guiService.clusterIP }} + clusterIP: {{ .Values.guiService.clusterIP }} + {{end}} +{{- else if eq .Values.guiService.type "LoadBalancer" }} + type: {{ .Values.guiService.type }} + {{- if .Values.guiService.loadBalancerIP }} + loadBalancerIP: {{ .Values.guiService.loadBalancerIP }} + {{- end }} + {{- if .Values.guiService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.guiService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.guiService.type }} +{{- end }} +{{- if .Values.guiService.externalIPs }} + externalIPs: +{{ toYaml .Values.guiService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.guiService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.guiService.externalTrafficPolicy }} + {{- end }} + ports: + - name: https-gui + port: {{ .Values.guiService.port }} + protocol: TCP + targetPort: https-gui +{{ if (and (eq .Values.guiService.type "NodePort") (not (empty .Values.guiService.nodePort))) }} + nodePort: {{.Values.guiService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/unifi/templates/ingress.yaml b/charts/unifi/templates/ingress.yaml new file mode 100644 index 00000000..e94c3bcf --- /dev/null +++ b/charts/unifi/templates/ingress.yaml @@ -0,0 +1,38 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "unifi.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }}-gui + servicePort: https-gui + {{- end }} +{{- end }} diff --git a/charts/unifi/templates/pvc.yaml b/charts/unifi/templates/pvc.yaml new file mode 100644 index 00000000..5ad2ff76 --- /dev/null +++ b/charts/unifi/templates/pvc.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "unifi.fullname" . }} + labels: + app: {{ template "unifi.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/charts/unifi/templates/stun-svc.yaml b/charts/unifi/templates/stun-svc.yaml new file mode 100644 index 00000000..335e0c9b --- /dev/null +++ b/charts/unifi/templates/stun-svc.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-stun + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.stunService.labels }} +{{ toYaml .Values.stunService.labels | indent 4 }} +{{- end }} +{{- with .Values.stunService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.stunService.type "ClusterIP") (empty .Values.stunService.type)) }} + type: ClusterIP + {{- if .Values.stunService.clusterIP }} + clusterIP: {{ .Values.stunService.clusterIP }} + {{end}} +{{- else if eq .Values.stunService.type "LoadBalancer" }} + type: {{ .Values.stunService.type }} + {{- if .Values.stunService.loadBalancerIP }} + loadBalancerIP: {{ .Values.stunService.loadBalancerIP }} + {{- end }} + {{- if .Values.stunService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.stunService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.stunService.type }} +{{- end }} +{{- if .Values.stunService.externalIPs }} + externalIPs: +{{ toYaml .Values.stunService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.stunService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.stunService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.stunService.port }} + targetPort: stun + protocol: UDP + name: stun +{{ if (and (eq .Values.stunService.type "NodePort") (not (empty .Values.stunService.nodePort))) }} + nodePort: {{.Values.stunService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml new file mode 100644 index 00000000..7309c59d --- /dev/null +++ b/charts/unifi/values.yaml @@ -0,0 +1,153 @@ +# Default values for unifi. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: jacobalberty/unifi + tag: 5.8.30 + pullPolicy: IfNotPresent + +guiService: + type: ClusterIP + port: 8443 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +controllerService: + type: NodePort + port: 8080 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +stunService: + type: NodePort + port: 3478 # udp + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +discoveryService: + type: NodePort + port: 10001 # udp + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +timezone: UTC + +runAsRoot: false + + # define an external mongoDB instead of using the built-in mongodb +mongodb: + enabled: false + dbUri: mongodb://mongo/unifi + statDbUri: mongodb://mongo/unifi_stat + databaseName: unifi + +persistence: + enabled: true + ## unifi data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + accessMode: ReadWriteOnce + size: 5Gi + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {}