mirror of
https://github.com/k8s-at-home/charts.git
synced 2025-01-23 23:49:12 +00:00
Merge pull request #32 from k8s-at-home/unifi
[unifi] adding unifi chart
This commit is contained in:
commit
f4855955cf
23
charts/unifi/.helmignore
Normal file
23
charts/unifi/.helmignore
Normal file
@ -0,0 +1,23 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
# OWNERS file for Kubernetes
|
||||
OWNERS
|
18
charts/unifi/Chart.yaml
Normal file
18
charts/unifi/Chart.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: v2
|
||||
appVersion: 5.12.35
|
||||
description: Ubiquiti Network's Unifi Controller
|
||||
name: unifi
|
||||
version: 1.0.0
|
||||
keywords:
|
||||
- ubiquiti
|
||||
- unifi
|
||||
- mongodb
|
||||
home: https://github.com/k8s-at-home/charts/tree/master/charts/unifi
|
||||
icon: https://blog.ubnt.com/wp-content/uploads/2016/10/unifi-app-logo.png
|
||||
sources:
|
||||
- https://github.com/jacobalberty/unifi-docker
|
||||
maintainers:
|
||||
- name: billimek
|
||||
email: jeff@billimek.com
|
||||
- name: mcronce
|
||||
email: mike@quadra-tec.net
|
6
charts/unifi/OWNERS
Normal file
6
charts/unifi/OWNERS
Normal file
@ -0,0 +1,6 @@
|
||||
approvers:
|
||||
- billimek
|
||||
- mcronce
|
||||
reviewers:
|
||||
- billimek
|
||||
- mcronce
|
187
charts/unifi/README.md
Normal file
187
charts/unifi/README.md
Normal file
@ -0,0 +1,187 @@
|
||||
# Ubiquiti Network's Unifi Controller
|
||||
|
||||
This is a helm chart for [Ubiquiti Network's][ubnt] [Unifi Controller][ubnt 2].
|
||||
|
||||
## TL;DR;
|
||||
|
||||
```shell
|
||||
helm repo add k8s-at-home https://k8s-at-home.com/charts/
|
||||
helm install k8s-at-home/unifi
|
||||
```
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install the chart with the release name `my-release`:
|
||||
|
||||
```console
|
||||
helm install --name my-release stable/unifi
|
||||
```
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To uninstall/delete the `my-release` deployment:
|
||||
|
||||
```console
|
||||
helm delete my-release --purge
|
||||
```
|
||||
|
||||
The command removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
## Configuration
|
||||
|
||||
The following tables lists the configurable parameters of the Unifi chart and their default values.
|
||||
|
||||
| Parameter | Default | Description |
|
||||
|-------------------------------------------------|------------------------------|------------------------------------------------------------------------------------------------------------------------|
|
||||
| `image.repository` | `jacobalberty/unifi` | Image repository |
|
||||
| `image.tag` | `5.12.35` | Image tag. Possible values listed [here][docker]. |
|
||||
| `image.pullPolicy` | `IfNotPresent` | Image pull policy |
|
||||
| `strategyType` | `Recreate` | Specifies the strategy used to replace old Pods by new ones |
|
||||
| `guiService.type` | `ClusterIP` | Kubernetes service type for the Unifi GUI |
|
||||
| `guiService.port` | `8443` | Kubernetes port where the Unifi GUI is exposed |
|
||||
| `guiService.annotations` | `{}` | Service annotations for the Unifi GUI |
|
||||
| `guiService.labels` | `{}` | Custom labels |
|
||||
| `guiService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi GUI |
|
||||
| `guiService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) |
|
||||
| `guiService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local |
|
||||
| `captivePortalService.enabled` | `false` | Install the captive portal service (needed if you want guest captive portal) |
|
||||
| `captivePortalService.type` | `ClusterIP` | Kubernetes service type for the captive portal |
|
||||
| `captivePortalService.http` | `8880` | Kubernetes port where the captive portal is exposed |
|
||||
| `captivePortalService.https` | `8843` | Kubernetes port where the captive portal is exposed (with SSL) |
|
||||
| `captivePortalService.annotations` | `{}` | Service annotations for the captive portal |
|
||||
| `captivePortalService.labels` | `{}` | Custom labels |
|
||||
| `captivePortalService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi GUI |
|
||||
| `captivePortalService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) |
|
||||
| `captivePortalService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local |
|
||||
| `captivePortalService.ingress.enabled` | `false` | Enables Ingress (for the captive portal, the main ingress needs to be enabled for the controller to be accessible) |
|
||||
| `captivePortalService.ingress.annotations` | `{}` | Ingress annotations for the captive portal |
|
||||
| `captivePortalService.ingress.labels` | `{}` | Custom labels for the captive portal |
|
||||
| `captivePortalService.ingress.path` | `/` | Ingress path for the captive portal |
|
||||
| `captivePortalService.ingress.hosts` | `chart-example.local` | Ingress accepted hostnames for the captive portal |
|
||||
| `captivePortalService.ingress.tls` | `[]` | Ingress TLS configuration for the captive portal |
|
||||
| `controllerService.type` | `NodePort` | Kubernetes service type for the Unifi Controller communication |
|
||||
| `controllerService.port` | `8080` | Kubernetes port where the Unifi Controller is exposed - this needs to be reachable by the unifi devices on the network |
|
||||
| `controllerService.annotations` | `{}` | Service annotations for the Unifi Controller |
|
||||
| `controllerService.labels` | `{}` | Custom labels |
|
||||
| `controllerService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi Controller |
|
||||
| `controllerService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) |
|
||||
| `controllerService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local |
|
||||
| `controllerService.ingress.enabled` | `false` | Enables Ingress for the controller |
|
||||
| `controllerService.ingress.annotations` | `{}` | Ingress annotations for the controller |
|
||||
| `controllerService.ingress.labels` | `{}` | Custom labels for the controller |
|
||||
| `controllerService.ingress.path` | `/` | Ingress path for the controller |
|
||||
| `controllerService.ingress.hosts` | `chart-example.local` | Ingress accepted hostnames for the controller |
|
||||
| `controllerService.ingress.tls` | `[]` | Ingress TLS configuration for the controller |
|
||||
| `stunService.type` | `NodePort` | Kubernetes service type for the Unifi STUN |
|
||||
| `stunService.port` | `3478` | Kubernetes UDP port where the Unifi STUN is exposed |
|
||||
| `stunService.annotations` | `{}` | Service annotations for the Unifi STUN |
|
||||
| `stunService.labels` | `{}` | Custom labels |
|
||||
| `stunService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi STUN |
|
||||
| `stunService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) |
|
||||
| `stunService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local |
|
||||
| `discoveryService.type` | `NodePort` | Kubernetes service type for AP discovery |
|
||||
| `discoveryService.port` | `10001` | Kubernetes UDP port for AP discovery |
|
||||
| `discoveryService.annotations` | `{}` | Service annotations for AP discovery |
|
||||
| `discoveryService.labels` | `{}` | Custom labels |
|
||||
| `discoveryService.loadBalancerIP` | `{}` | Loadbalance IP for AP discovery |
|
||||
| `discoveryService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) |
|
||||
| `discoveryService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local |
|
||||
| `unifiedService.enabled` | `false` | Use a single service for GUI, controller, STUN, and discovery |
|
||||
| `unifiedService.type` | `ClusterIP` | Kubernetes service type for the unified service |
|
||||
| `unifiedService.annotations` | `{}` | Annotations for the unified service |
|
||||
| `unifiedService.labels` | `{}` | Custom labels for the unified service |
|
||||
| `unifiedService.loadBalancerIP` | None | Load balancer IP for the unified service |
|
||||
| `unifiedService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to the load balancer (if supported) |
|
||||
| `unifiedService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the service to either Cluster or Local |
|
||||
| `ingress.enabled` | `false` | Enables Ingress |
|
||||
| `ingress.annotations` | `{}` | Ingress annotations |
|
||||
| `ingress.labels` | `{}` | Custom labels |
|
||||
| `ingress.path` | `/` | Ingress path |
|
||||
| `ingress.hosts` | `chart-example.local` | Ingress accepted hostnames |
|
||||
| `ingress.tls` | `[]` | Ingress TLS configuration |
|
||||
| `timezone` | `UTC` | Timezone the Unifi controller should run as, e.g. 'America/New York' |
|
||||
| `runAsRoot` | `false` | Run the controller as UID0 (root user); if set to false, will give container SETFCAP instead |
|
||||
| `UID` | `999` | Run the controller as user UID |
|
||||
| `GID` | `999` | Run the controller as group GID |
|
||||
| `customCert.enabled` | `false` | Define whether you are using s custom certificate |
|
||||
| `customCert.isChain` | `false` | If you are using a Let's Encrypt certificate which already includes the full chain set this to `true` |
|
||||
| `customCert.certName` | `tls.crt` | Name of the the certificate file in `<unifi-data>/cert` |
|
||||
| `customCert.keyName` | `tls.key` | Name of the the private key file in `<unifi-data>/cert` |
|
||||
| `customCert.certSecret` | `nil` | Name of the the k8s tls secret where the certificate and its key are stored. |
|
||||
| `mongodb.enabled` | `false` | Use external MongoDB for data storage |
|
||||
| `mongodb.dbUri` | `mongodb://mongo/unifi` | external MongoDB URI |
|
||||
| `mongodb.statDbUri` | `mongodb://mongo/unifi_stat` | external MongoDB statdb URI |
|
||||
| `mongodb.databaseName` | `unifi` | external MongoDB database name |
|
||||
| `persistence.enabled` | `true` | Use persistent volume to store data |
|
||||
| `persistence.size` | `5Gi` | Size of persistent volume claim |
|
||||
| `persistence.existingClaim` | `nil` | Use an existing PVC to persist data |
|
||||
| `persistence.subPath` | `` | Store data in a subdirectory of PV instead of at the root directory |
|
||||
| `persistence.storageClass` | `-` | Type of persistent volume claim |
|
||||
| `extraVolumes` | `[]` | Additional volumes to be used by extraVolumeMounts |
|
||||
| `extraVolumeMounts` | `[]` | Additional volume mounts to be mounted in unifi container |
|
||||
| `persistence.accessModes` | `[]` | Persistence access modes |
|
||||
| `extraConfigFiles` | `{}` | Dictionary containing files mounted to `/configmap` inside the pod (See [values.yaml](values.yaml) for examples) |
|
||||
| `extraJvmOpts` | `[]` | List of additional JVM options, e.g. `["-Dlog4j.configurationFile=file:/configmap/log4j2.xml"]` |
|
||||
| `resources` | `{}` | CPU/Memory resource requests/limits |
|
||||
| `nodeSelector` | `{}` | Node labels for pod assignment |
|
||||
| `tolerations` | `[]` | Toleration labels for pod assignment |
|
||||
| `affinity` | `{}` | Affinity settings for pod assignment |
|
||||
| `podAnnotations` | `{}` | Key-value pairs to add as pod annotations |
|
||||
| `deploymentAnnotations` | `{}` | Key-value pairs to add as deployment annotations |
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
||||
|
||||
```console
|
||||
helm install --name my-release \
|
||||
--set timezone="America/New York" \
|
||||
stable/unifi
|
||||
```
|
||||
|
||||
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
|
||||
|
||||
```console
|
||||
helm install --name my-release -f values.yaml stable/unifi
|
||||
```
|
||||
|
||||
Read through the [values.yaml](values.yaml) file. It has several commented out suggested values.
|
||||
|
||||
## Regarding the services
|
||||
|
||||
- `guiService`: Represents the main web UI and is what one would normally point
|
||||
the ingress to.
|
||||
- `captivePortalService`: This service is used to allow the captive portal webpage
|
||||
to be accessible. It needs to be reachable by the clients connecting to your guest
|
||||
network.
|
||||
- `controllerService`: This is needed in order for the unifi devices to talk to
|
||||
the controller and must be otherwise exposed to the network where the unifi
|
||||
devices run. If you run this as a `NodePort` (the default setting), make sure
|
||||
that there is an external load balancer that is directing traffic from port
|
||||
8080 to the `NodePort` for this service.
|
||||
- `discoveryService`: This needs to be reachable by the unifi devices on the
|
||||
network similar to the controller `Service` but only during the discovery
|
||||
phase. This is a UDP service.
|
||||
- `stunService`: Also used periodically by the unifi devices to communicate
|
||||
with the controller using UDP. See [this article][ubnt 3] and [this other
|
||||
article][ubnt 4] for more information.
|
||||
|
||||
## Ingress and HTTPS
|
||||
|
||||
Unifi does [not support HTTP][unifi] so if you wish to use the guiService, you
|
||||
need to ensure that you use a backend transport of HTTPS.
|
||||
|
||||
An example entry in `values.yaml` to achieve this is as follows:
|
||||
|
||||
```
|
||||
ingress:
|
||||
enabled: true
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||||
```
|
||||
|
||||
[docker]: https://hub.docker.com/r/jacobalberty/unifi/tags/
|
||||
[github]: https://github.com/jacobalberty/unifi-docker
|
||||
[ubnt]: https://www.ubnt.com/
|
||||
[ubnt 2]: https://unifi-sdn.ubnt.com/
|
||||
[ubnt 3]: https://help.ubnt.com/hc/en-us/articles/204976094-UniFi-What-protocol-does-the-controller-use-to-communicate-with-the-UAP-
|
||||
[ubnt 4]: https://help.ubnt.com/hc/en-us/articles/115015457668-UniFi-Troubleshooting-STUN-Communication-Errors
|
||||
[unifi]: https://community.ui.com/questions/Controller-how-to-deactivate-http-to-https/c5e247d8-b5b9-4c84-a3bb-28a90fd65668
|
19
charts/unifi/templates/NOTES.txt
Normal file
19
charts/unifi/templates/NOTES.txt
Normal file
@ -0,0 +1,19 @@
|
||||
1. Get the application URL by running these commands:
|
||||
{{- if .Values.ingress.enabled }}
|
||||
{{- range .Values.ingress.hosts }}
|
||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
|
||||
{{- end }}
|
||||
{{- else if contains "NodePort" .Values.guiService.type }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "unifi.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.guiService.type }}
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "unifi.fullname" . }}-gui'
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "unifi.fullname" . }}-gui -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
||||
echo http://$SERVICE_IP:{{ .Values.guiService.port }}
|
||||
{{- else if contains "ClusterIP" .Values.guiService.type }}
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "unifi.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8443:{.Values.guiService.port}
|
||||
Visit https://127.0.0.1:8443 to use your application
|
||||
{{- end }}
|
32
charts/unifi/templates/_helpers.tpl
Normal file
32
charts/unifi/templates/_helpers.tpl
Normal file
@ -0,0 +1,32 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "unifi.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "unifi.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "unifi.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
39
charts/unifi/templates/captive-ingress.yaml
Normal file
39
charts/unifi/templates/captive-ingress.yaml
Normal file
@ -0,0 +1,39 @@
|
||||
{{- if (and .Values.captivePortalService.ingress.enabled (not .Values.unifiedService.enabled)) }}
|
||||
{{- $fullName := include "unifi.fullname" . -}}
|
||||
{{- $ingressPath := .Values.captivePortalService.ingress.path -}}
|
||||
{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullName }}-captive
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
helm.sh/chart: {{ include "unifi.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- with .Values.captivePortalService.ingress.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.captivePortalService.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.captivePortalService.ingress.tls }}
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.captivePortalService.ingress.hosts }}
|
||||
- host: {{ . }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ $ingressPath }}
|
||||
backend:
|
||||
serviceName: {{ $fullName }}-captiveportalservice
|
||||
servicePort: captive-http
|
||||
{{- end }}
|
||||
{{- end }}
|
61
charts/unifi/templates/captive-svc.yaml
Normal file
61
charts/unifi/templates/captive-svc.yaml
Normal file
@ -0,0 +1,61 @@
|
||||
{{ if (and .Values.captivePortalService.enabled (not .Values.unifiedService.enabled)) }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "unifi.fullname" . }}-captiveportalservice
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
helm.sh/chart: {{ include "unifi.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- if .Values.captivePortalService.labels }}
|
||||
{{ toYaml .Values.captivePortalService.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.captivePortalService.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if (or (eq .Values.captivePortalService.type "ClusterIP") (empty .Values.captivePortalService.type)) }}
|
||||
type: ClusterIP
|
||||
{{- if .Values.captivePortalService.clusterIP }}
|
||||
clusterIP: {{ .Values.captivePortalService.clusterIP }}
|
||||
{{end}}
|
||||
{{- else if eq .Values.captivePortalService.type "LoadBalancer" }}
|
||||
type: {{ .Values.captivePortalService.type }}
|
||||
{{- if .Values.captivePortalService.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.captivePortalService.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.captivePortalService.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{ toYaml .Values.captivePortalService.loadBalancerSourceRanges | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
type: {{ .Values.captivePortalService.type }}
|
||||
{{- end }}
|
||||
{{- if .Values.captivePortalService.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.captivePortalService.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.captivePortalService.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ .Values.captivePortalService.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.captivePortalService.http }}
|
||||
targetPort: captive-http
|
||||
protocol: TCP
|
||||
name: captive-http
|
||||
{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.http))) }}
|
||||
nodePort: {{.Values.captivePortalService.http}}
|
||||
{{ end }}
|
||||
- port: {{ .Values.captivePortalService.https }}
|
||||
targetPort: captive-https
|
||||
protocol: TCP
|
||||
name: captive-https
|
||||
{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.https))) }}
|
||||
nodePort: {{.Values.captivePortalService.https}}
|
||||
{{ end }}
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{ end }}
|
13
charts/unifi/templates/configmap.yaml
Normal file
13
charts/unifi/templates/configmap.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
{{- if .Values.extraConfigFiles }}
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ template "unifi.fullname" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
helm.sh/chart: {{ include "unifi.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
data:
|
||||
{{ toYaml .Values.extraConfigFiles | indent 2 }}
|
||||
{{- end }}
|
39
charts/unifi/templates/controller-ingress.yaml
Normal file
39
charts/unifi/templates/controller-ingress.yaml
Normal file
@ -0,0 +1,39 @@
|
||||
{{- if (and .Values.controllerService.ingress.enabled (not .Values.unifiedService.enabled)) }}
|
||||
{{- $fullName := include "unifi.fullname" . -}}
|
||||
{{- $ingressPath := .Values.controllerService.ingress.path -}}
|
||||
{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullName }}-controller
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
helm.sh/chart: {{ include "unifi.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- with .Values.controllerService.ingress.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.controllerService.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.controllerService.ingress.tls }}
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.controllerService.ingress.hosts }}
|
||||
- host: {{ . }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ $ingressPath }}
|
||||
backend:
|
||||
serviceName: {{ $fullName }}-controller
|
||||
servicePort: controller
|
||||
{{- end }}
|
||||
{{- end }}
|
54
charts/unifi/templates/controller-svc.yaml
Normal file
54
charts/unifi/templates/controller-svc.yaml
Normal file
@ -0,0 +1,54 @@
|
||||
{{ if not .Values.unifiedService.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "unifi.fullname" . }}-controller
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
helm.sh/chart: {{ include "unifi.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- if .Values.controllerService.labels }}
|
||||
{{ toYaml .Values.controllerService.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controllerService.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if (or (eq .Values.controllerService.type "ClusterIP") (empty .Values.controllerService.type)) }}
|
||||
type: ClusterIP
|
||||
{{- if .Values.controllerService.clusterIP }}
|
||||
clusterIP: {{ .Values.controllerService.clusterIP }}
|
||||
{{end}}
|
||||
{{- else if eq .Values.controllerService.type "LoadBalancer" }}
|
||||
type: {{ .Values.controllerService.type }}
|
||||
{{- if .Values.controllerService.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.controllerService.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.controllerService.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{ toYaml .Values.controllerService.loadBalancerSourceRanges | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
type: {{ .Values.controllerService.type }}
|
||||
{{- end }}
|
||||
{{- if .Values.controllerService.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.controllerService.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controllerService.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ .Values.controllerService.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.controllerService.port }}
|
||||
targetPort: controller
|
||||
protocol: TCP
|
||||
name: controller
|
||||
{{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.nodePort))) }}
|
||||
nodePort: {{.Values.controllerService.nodePort}}
|
||||
{{ end }}
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{ end }}
|
166
charts/unifi/templates/deployment.yaml
Normal file
166
charts/unifi/templates/deployment.yaml
Normal file
@ -0,0 +1,166 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "unifi.fullname" . }}
|
||||
{{- if .Values.deploymentAnnotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.deploymentAnnotations }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
helm.sh/chart: {{ include "unifi.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
type: {{ .Values.strategyType }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- if .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- range $key, $value := .Values.podAnnotations }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
ports:
|
||||
- name: https-gui
|
||||
containerPort: {{ .Values.guiService.port }}
|
||||
protocol: TCP
|
||||
- name: controller
|
||||
containerPort: {{ .Values.controllerService.port }}
|
||||
protocol: TCP
|
||||
- name: discovery
|
||||
containerPort: 10001
|
||||
protocol: UDP
|
||||
- name: stun
|
||||
containerPort: 3478
|
||||
protocol: UDP
|
||||
{{ if .Values.captivePortalService.enabled }}
|
||||
- name: captive-http
|
||||
containerPort: 8880
|
||||
protocol: TCP
|
||||
- name: captive-https
|
||||
containerPort: 8843
|
||||
protocol: TCP
|
||||
{{ end }}
|
||||
{{- if not .Values.runAsRoot }}
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- SETFCAP
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /status
|
||||
port: https-gui
|
||||
scheme: HTTPS
|
||||
initialDelaySeconds: 30
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /status
|
||||
port: https-gui
|
||||
scheme: HTTPS
|
||||
initialDelaySeconds: 15
|
||||
env:
|
||||
- name: UNIFI_HTTP_PORT
|
||||
value: "{{ .Values.controllerService.port }}"
|
||||
- name: UNIFI_HTTPS_PORT
|
||||
value: "{{ .Values.guiService.port }}"
|
||||
- name: TZ
|
||||
value: "{{ .Values.timezone }}"
|
||||
- name: RUNAS_UID0
|
||||
value: "{{ .Values.runAsRoot }}"
|
||||
- name: UNIFI_UID
|
||||
value: "{{ .Values.UID }}"
|
||||
- name: UNIFI_GID
|
||||
value: "{{ .Values.GID }}"
|
||||
{{- if .Values.extraJvmOpts }}
|
||||
- name: JVM_EXTRA_OPTS
|
||||
value: "{{- join " " .Values.extraJvmOpts }}"
|
||||
{{- end }}
|
||||
{{- if .Values.mongodb.enabled }}
|
||||
- name: DB_URI
|
||||
value: "{{ .Values.mongodb.dbUri }}"
|
||||
- name: STATDB_URI
|
||||
value: "{{ .Values.mongodb.statDbUri }}"
|
||||
- name: DB_NAME
|
||||
value: "{{ .Values.mongodb.databaseName }}"
|
||||
{{- end }}
|
||||
{{- if and .Values.customCert .Values.customCert.enabled }}
|
||||
- name: CERT_IS_CHAIN
|
||||
value: "{{ .Values.customCert.isChain }}"
|
||||
- name: CERTNAME
|
||||
value: "{{ .Values.customCert.certName }}"
|
||||
- name: CERT_PRIVATE_NAME
|
||||
value: "{{ .Values.customCert.keyName }}"
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- mountPath: /unifi/data
|
||||
name: unifi-data
|
||||
subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.subPath "data") (empty .Values.persistence.subPath) }}
|
||||
- mountPath: /unifi/log
|
||||
name: unifi-data
|
||||
subPath: {{ ternary "log" (printf "%s/%s" .Values.persistence.subPath "log") (empty .Values.persistence.subPath) }}
|
||||
- mountPath: /unifi/cert
|
||||
{{- if and .Values.customCert .Values.customCert.enabled .Values.customCert.certSecret }}
|
||||
name: unifi-cert-secret
|
||||
{{- else }}
|
||||
name: unifi-data
|
||||
subPath: {{ ternary "cert" (printf "%s/%s" .Values.persistence.subPath "cert") (empty .Values.persistence.subPath) }}
|
||||
{{- end }}
|
||||
- mountPath: /unifi/init.d
|
||||
name: unifi-data
|
||||
subPath: {{ ternary "init.d" (printf "%s/%s" .Values.persistence.subPath "init.d") (empty .Values.persistence.subPath) }}
|
||||
{{- if .Values.extraConfigFiles }}
|
||||
- name: extra-config
|
||||
mountPath: /configmap
|
||||
{{- end }}
|
||||
{{- if .Values.extraVolumeMounts }}{{ toYaml .Values.extraVolumeMounts | trim | nindent 12 }}{{ end }}
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 12 }}
|
||||
volumes:
|
||||
- name: unifi-data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "unifi.fullname" . }}{{- end }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{ end }}
|
||||
{{- if .Values.extraConfigFiles }}
|
||||
- name: extra-config
|
||||
configMap:
|
||||
name: {{ template "unifi.fullname" . }}
|
||||
{{- end }}
|
||||
{{- if and .Values.customCert .Values.customCert.enabled .Values.customCert.certSecret }}
|
||||
- name: unifi-cert-secret
|
||||
secret:
|
||||
secretName: "{{ .Values.customCert.certSecret }}"
|
||||
{{- end }}
|
||||
{{- if .Values.extraVolumes }}{{ toYaml .Values.extraVolumes | trim | nindent 8 }}{{ end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
54
charts/unifi/templates/discovery-svc.yaml
Normal file
54
charts/unifi/templates/discovery-svc.yaml
Normal file
@ -0,0 +1,54 @@
|
||||
{{ if not .Values.unifiedService.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "unifi.fullname" . }}-discovery
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
helm.sh/chart: {{ include "unifi.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- if .Values.discoveryService.labels }}
|
||||
{{ toYaml .Values.discoveryService.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.discoveryService.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if (or (eq .Values.discoveryService.type "ClusterIP") (empty .Values.discoveryService.type)) }}
|
||||
type: ClusterIP
|
||||
{{- if .Values.discoveryService.clusterIP }}
|
||||
clusterIP: {{ .Values.discoveryService.clusterIP }}
|
||||
{{end}}
|
||||
{{- else if eq .Values.discoveryService.type "LoadBalancer" }}
|
||||
type: {{ .Values.discoveryService.type }}
|
||||
{{- if .Values.discoveryService.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.discoveryService.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.discoveryService.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{ toYaml .Values.discoveryService.loadBalancerSourceRanges | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
type: {{ .Values.discoveryService.type }}
|
||||
{{- end }}
|
||||
{{- if .Values.discoveryService.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.discoveryService.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.discoveryService.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ .Values.discoveryService.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.discoveryService.port }}
|
||||
targetPort: discovery
|
||||
protocol: UDP
|
||||
name: discovery
|
||||
{{ if (and (eq .Values.discoveryService.type "NodePort") (not (empty .Values.discoveryService.nodePort))) }}
|
||||
nodePort: {{.Values.discoveryService.nodePort}}
|
||||
{{ end }}
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{ end }}
|
54
charts/unifi/templates/gui-svc.yaml
Normal file
54
charts/unifi/templates/gui-svc.yaml
Normal file
@ -0,0 +1,54 @@
|
||||
{{ if not .Values.unifiedService.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "unifi.fullname" . }}-gui
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
helm.sh/chart: {{ include "unifi.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- if .Values.guiService.labels }}
|
||||
{{ toYaml .Values.guiService.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.guiService.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if (or (eq .Values.guiService.type "ClusterIP") (empty .Values.guiService.type)) }}
|
||||
type: ClusterIP
|
||||
{{- if .Values.guiService.clusterIP }}
|
||||
clusterIP: {{ .Values.guiService.clusterIP }}
|
||||
{{end}}
|
||||
{{- else if eq .Values.guiService.type "LoadBalancer" }}
|
||||
type: {{ .Values.guiService.type }}
|
||||
{{- if .Values.guiService.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.guiService.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.guiService.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{ toYaml .Values.guiService.loadBalancerSourceRanges | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
type: {{ .Values.guiService.type }}
|
||||
{{- end }}
|
||||
{{- if .Values.guiService.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.guiService.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.guiService.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ .Values.guiService.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: https-gui
|
||||
port: {{ .Values.guiService.port }}
|
||||
protocol: TCP
|
||||
targetPort: https-gui
|
||||
{{ if (and (eq .Values.guiService.type "NodePort") (not (empty .Values.guiService.nodePort))) }}
|
||||
nodePort: {{.Values.guiService.nodePort}}
|
||||
{{ end }}
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{ end }}
|
43
charts/unifi/templates/ingress.yaml
Normal file
43
charts/unifi/templates/ingress.yaml
Normal file
@ -0,0 +1,43 @@
|
||||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $fullName := include "unifi.fullname" . -}}
|
||||
{{- $ingressPath := .Values.ingress.path -}}
|
||||
{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
helm.sh/chart: {{ include "unifi.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.ingress.tls }}
|
||||
- hosts:
|
||||
{{- range .hosts }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
secretName: {{ .secretName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
{{- range .Values.ingress.hosts }}
|
||||
- host: {{ . }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ $ingressPath }}
|
||||
backend:
|
||||
{{- if $unifiedServiceEnabled }}
|
||||
serviceName: {{ $fullName }}
|
||||
{{- else }}
|
||||
serviceName: {{ $fullName }}-gui
|
||||
{{- end }}
|
||||
servicePort: https-gui
|
||||
{{- end }}
|
||||
{{- end }}
|
24
charts/unifi/templates/pvc.yaml
Normal file
24
charts/unifi/templates/pvc.yaml
Normal file
@ -0,0 +1,24 @@
|
||||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ template "unifi.fullname" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
helm.sh/chart: {{ include "unifi.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
spec:
|
||||
accessModes:
|
||||
- {{ .Values.persistence.accessMode | quote }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
{{- if .Values.persistence.storageClass }}
|
||||
{{- if (eq "-" .Values.persistence.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: "{{ .Values.persistence.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
54
charts/unifi/templates/stun-svc.yaml
Normal file
54
charts/unifi/templates/stun-svc.yaml
Normal file
@ -0,0 +1,54 @@
|
||||
{{ if not .Values.unifiedService.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "unifi.fullname" . }}-stun
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
helm.sh/chart: {{ include "unifi.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- if .Values.stunService.labels }}
|
||||
{{ toYaml .Values.stunService.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.stunService.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if (or (eq .Values.stunService.type "ClusterIP") (empty .Values.stunService.type)) }}
|
||||
type: ClusterIP
|
||||
{{- if .Values.stunService.clusterIP }}
|
||||
clusterIP: {{ .Values.stunService.clusterIP }}
|
||||
{{end}}
|
||||
{{- else if eq .Values.stunService.type "LoadBalancer" }}
|
||||
type: {{ .Values.stunService.type }}
|
||||
{{- if .Values.stunService.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.stunService.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.stunService.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{ toYaml .Values.stunService.loadBalancerSourceRanges | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
type: {{ .Values.stunService.type }}
|
||||
{{- end }}
|
||||
{{- if .Values.stunService.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.stunService.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.stunService.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ .Values.stunService.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.stunService.port }}
|
||||
targetPort: stun
|
||||
protocol: UDP
|
||||
name: stun
|
||||
{{ if (and (eq .Values.stunService.type "NodePort") (not (empty .Values.stunService.nodePort))) }}
|
||||
nodePort: {{.Values.stunService.nodePort}}
|
||||
{{ end }}
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{ end }}
|
93
charts/unifi/templates/unified-svc.yaml
Normal file
93
charts/unifi/templates/unified-svc.yaml
Normal file
@ -0,0 +1,93 @@
|
||||
{{ if .Values.unifiedService.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "unifi.fullname" . }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
helm.sh/chart: {{ include "unifi.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- if .Values.unifiedService.labels }}
|
||||
{{ toYaml .Values.unifiedService.labels | indent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.unifiedService.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if (or (eq .Values.unifiedService.type "ClusterIP") (empty .Values.unifiedService.type)) }}
|
||||
type: ClusterIP
|
||||
{{- if .Values.unifiedService.clusterIP }}
|
||||
clusterIP: {{ .Values.unifiedService.clusterIP }}
|
||||
{{end}}
|
||||
{{- else if eq .Values.unifiedService.type "LoadBalancer" }}
|
||||
type: {{ .Values.unifiedService.type }}
|
||||
{{- if .Values.unifiedService.loadBalancerIP }}
|
||||
loadBalancerIP: {{ .Values.unifiedService.loadBalancerIP }}
|
||||
{{- end }}
|
||||
{{- if .Values.unifiedService.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges:
|
||||
{{ toYaml .Values.unifiedService.loadBalancerSourceRanges | indent 4 }}
|
||||
{{- end -}}
|
||||
{{- else }}
|
||||
type: {{ .Values.unifiedService.type }}
|
||||
{{- end }}
|
||||
{{- if .Values.unifiedService.externalIPs }}
|
||||
externalIPs:
|
||||
{{ toYaml .Values.unifiedService.externalIPs | indent 4 }}
|
||||
{{- end }}
|
||||
{{- if .Values.unifiedService.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ .Values.unifiedService.externalTrafficPolicy }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: {{ .Values.controllerService.port }}
|
||||
targetPort: controller
|
||||
protocol: TCP
|
||||
name: controller
|
||||
{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.controllerService.nodePort))) }}
|
||||
nodePort: {{.Values.controllerService.nodePort}}
|
||||
{{ end }}
|
||||
- port: {{ .Values.discoveryService.port }}
|
||||
targetPort: discovery
|
||||
protocol: UDP
|
||||
name: discovery
|
||||
{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.discoveryService.nodePort))) }}
|
||||
nodePort: {{.Values.discoveryService.nodePort}}
|
||||
{{ end }}
|
||||
- port: {{ .Values.stunService.port }}
|
||||
targetPort: stun
|
||||
protocol: UDP
|
||||
name: stun
|
||||
{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.stunService.nodePort))) }}
|
||||
nodePort: {{.Values.stunService.nodePort}}
|
||||
{{ end }}
|
||||
- name: https-gui
|
||||
port: {{ .Values.guiService.port }}
|
||||
protocol: TCP
|
||||
targetPort: https-gui
|
||||
{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.guiService.nodePort))) }}
|
||||
nodePort: {{.Values.guiService.nodePort}}
|
||||
{{ end }}
|
||||
{{ if .Values.captivePortalService.enabled }}
|
||||
- name: captive-http
|
||||
port: {{ .Values.captivePortalService.http }}
|
||||
protocol: TCP
|
||||
targetPort: captive-http
|
||||
{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.captivePortalService.http))) }}
|
||||
nodePort: {{.Values.captivePortalService.http}}
|
||||
{{ end }}
|
||||
- name: captive-https
|
||||
port: {{ .Values.captivePortalService.https }}
|
||||
protocol: TCP
|
||||
targetPort: captive-https
|
||||
{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.captivePortalService.https))) }}
|
||||
nodePort: {{.Values.captivePortalService.https}}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ include "unifi.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{ end }}
|
||||
|
299
charts/unifi/values.yaml
Normal file
299
charts/unifi/values.yaml
Normal file
@ -0,0 +1,299 @@
|
||||
# Default values for unifi.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
|
||||
# upgrade strategy type (e.g. Recreate or RollingUpdate)
|
||||
strategyType: Recreate
|
||||
|
||||
image:
|
||||
repository: jacobalberty/unifi
|
||||
tag: 5.12.35
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# If enabled, the controller, discovery, GUI, and STUN services will not be
|
||||
# created.
|
||||
# Instead, one service will be created with the port and nodePort settings from
|
||||
# controllerService, discoveryService, guiService, and stunService.
|
||||
# This is useful if, for example, the ClusterIP network is routable and being
|
||||
# accessed directly by access points, and the APs don't have a way to discern
|
||||
# different services on different IPs.
|
||||
unifiedService:
|
||||
enabled: false
|
||||
type: ClusterIP
|
||||
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
||||
##
|
||||
# nodePort:
|
||||
## Provide any additional annotations which may be required. This can be used to
|
||||
## set the LoadBalancer service type to internal only.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
||||
##
|
||||
annotations: {}
|
||||
labels: {}
|
||||
## Use loadBalancerIP to request a specific static IP,
|
||||
## otherwise leave blank
|
||||
##
|
||||
loadBalancerIP:
|
||||
# loadBalancerSourceRanges: []
|
||||
## Set the externalTrafficPolicy in the Service to either Cluster or Local
|
||||
# externalTrafficPolicy: Cluster
|
||||
|
||||
guiService:
|
||||
type: ClusterIP
|
||||
port: 8443
|
||||
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
||||
##
|
||||
# nodePort:
|
||||
## Provide any additional annotations which may be required. This can be used to
|
||||
## set the LoadBalancer service type to internal only.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
||||
##
|
||||
annotations: {}
|
||||
labels: {}
|
||||
## Use loadBalancerIP to request a specific static IP,
|
||||
## otherwise leave blank
|
||||
##
|
||||
loadBalancerIP:
|
||||
# loadBalancerSourceRanges: []
|
||||
## Set the externalTrafficPolicy in the Service to either Cluster or Local
|
||||
# externalTrafficPolicy: Cluster
|
||||
|
||||
captivePortalService:
|
||||
enabled: false
|
||||
type: ClusterIP
|
||||
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
||||
##
|
||||
http: 8880
|
||||
https: 8843
|
||||
## Provide any additional annotations which may be required. This can be used to
|
||||
## set the LoadBalancer service type to internal only.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
||||
##
|
||||
annotations: {}
|
||||
labels: {}
|
||||
## Use loadBalancerIP to request a specific static IP,
|
||||
## otherwise leave blank
|
||||
##
|
||||
loadBalancerIP:
|
||||
# loadBalancerSourceRanges: []
|
||||
## Set the externalTrafficPolicy in the Service to either Cluster or Local
|
||||
# externalTrafficPolicy: Cluster
|
||||
|
||||
|
||||
# Ingress settings only for the captive portal
|
||||
ingress:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
path: /
|
||||
hosts:
|
||||
- chart-example.local
|
||||
tls: []
|
||||
# - secretName: chart-example-tls
|
||||
# hosts:
|
||||
# - chart-example.local
|
||||
|
||||
controllerService:
|
||||
type: NodePort
|
||||
port: 8080
|
||||
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
||||
##
|
||||
# nodePort:
|
||||
## Provide any additional annotations which may be required. This can be used to
|
||||
## set the LoadBalancer service type to internal only.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
||||
##
|
||||
annotations: {}
|
||||
labels: {}
|
||||
## Use loadBalancerIP to request a specific static IP,
|
||||
## otherwise leave blank
|
||||
##
|
||||
loadBalancerIP:
|
||||
# loadBalancerSourceRanges: []
|
||||
## Set the externalTrafficPolicy in the Service to either Cluster or Local
|
||||
# externalTrafficPolicy: Cluster
|
||||
##
|
||||
# Ingress settings only for the controller
|
||||
ingress:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
path: /
|
||||
hosts:
|
||||
- chart-example.local
|
||||
tls: []
|
||||
|
||||
stunService:
|
||||
type: NodePort
|
||||
port: 3478 # udp
|
||||
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
||||
##
|
||||
# nodePort:
|
||||
## Provide any additional annotations which may be required. This can be used to
|
||||
## set the LoadBalancer service type to internal only.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
||||
##
|
||||
annotations: {}
|
||||
labels: {}
|
||||
## Use loadBalancerIP to request a specific static IP,
|
||||
## otherwise leave blank
|
||||
##
|
||||
loadBalancerIP:
|
||||
# loadBalancerSourceRanges: []
|
||||
## Set the externalTrafficPolicy in the Service to either Cluster or Local
|
||||
# externalTrafficPolicy: Cluster
|
||||
|
||||
discoveryService:
|
||||
type: NodePort
|
||||
port: 10001 # udp
|
||||
## Specify the nodePort value for the LoadBalancer and NodePort service types.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
|
||||
##
|
||||
# nodePort:
|
||||
## Provide any additional annotations which may be required. This can be used to
|
||||
## set the LoadBalancer service type to internal only.
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
||||
##
|
||||
annotations: {}
|
||||
labels: {}
|
||||
## Use loadBalancerIP to request a specific static IP,
|
||||
## otherwise leave blank
|
||||
##
|
||||
loadBalancerIP:
|
||||
# loadBalancerSourceRanges: []
|
||||
## Set the externalTrafficPolicy in the Service to either Cluster or Local
|
||||
# externalTrafficPolicy: Cluster
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
annotations: {}
|
||||
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
path: /
|
||||
hosts:
|
||||
- chart-example.local
|
||||
tls: []
|
||||
# - secretName: chart-example-tls
|
||||
# hosts:
|
||||
# - chart-example.local
|
||||
|
||||
timezone: UTC
|
||||
|
||||
runAsRoot: false
|
||||
UID: 999
|
||||
GID: 999
|
||||
|
||||
## If you provide your own custom certificate in <unifi-data>/cert
|
||||
## you can define the following parameters to configure the controller
|
||||
customCert:
|
||||
enabled: false
|
||||
isChain: false
|
||||
certName: tls.crt
|
||||
keyName: tls.key
|
||||
# If you want to store certificate and its key as a Kubernetes tls secret
|
||||
# you can pass the name of that secret using certSecret variable
|
||||
# certSecret: unifi-tls
|
||||
|
||||
# define an external mongoDB instead of using the built-in mongodb
|
||||
mongodb:
|
||||
enabled: false
|
||||
dbUri: mongodb://mongo/unifi
|
||||
statDbUri: mongodb://mongo/unifi_stat
|
||||
databaseName: unifi
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
## unifi data Persistent Volume Storage Class
|
||||
## If defined, storageClassName: <storageClass>
|
||||
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
||||
## If undefined (the default) or set to null, no storageClassName spec is
|
||||
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
||||
## GKE, AWS & OpenStack)
|
||||
##
|
||||
# storageClass: "-"
|
||||
##
|
||||
## If you want to reuse an existing claim, you can pass the name of the PVC using
|
||||
## the existingClaim variable
|
||||
# existingClaim: your-claim
|
||||
#
|
||||
## Applies a prefix to the directories created by the unifi container
|
||||
# subPath: unifi
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
|
||||
extraVolumes: []
|
||||
## specify additional volume to be used by extraVolumeMounts inside unifi container
|
||||
# - name: additional-volume
|
||||
# hostPath:
|
||||
# path: /path/on/host
|
||||
# type: DirectoryOrCreate
|
||||
|
||||
extraVolumeMounts: []
|
||||
## specify additional VolumeMount to be mounted inside unifi container
|
||||
# - name: additional-volume
|
||||
# mountPath: /path/in/container
|
||||
|
||||
extraJvmOpts: []
|
||||
## Extra java options
|
||||
## Here are some examples of valid JVM options:
|
||||
##
|
||||
# - "-XX:MaxMetaspaceSize=256m"
|
||||
# - "-Dlog4j.configurationFile=file:/configmap/log4j2.xml"
|
||||
# - "-Dsystem_ip=1.2.3.4"
|
||||
|
||||
extraConfigFiles: {}
|
||||
## Specify additional config files which are mounted to /configmap
|
||||
## Here is an example for a custom log4j config:
|
||||
##
|
||||
# log4j2.xml: |-
|
||||
# <?xml version="1.0" encoding="UTF-8"?>
|
||||
# <Configuration>
|
||||
# <Appenders>
|
||||
# <InMemoryAppender name="InMemoryAppender" activatedLogging="false">
|
||||
# <PatternLayout pattern="[%d{ISO8601}] <%t> %-5p %-6c{1} - %m%n" />
|
||||
# </InMemoryAppender>
|
||||
# <RollingFile name="server_log" fileName="logs/server.log" filePattern="logs/server.log.%i">
|
||||
# <PatternLayout pattern="[%d{ISO8601}] <%t> %-5p %-6c{1} - %m%n" />
|
||||
# <SizeBasedTriggeringPolicy size="10 MB"/>
|
||||
# <DefaultRolloverStrategy max="3" fileIndex="min" />
|
||||
# </RollingFile>
|
||||
# <Console name="STDOUT" target="SYSTEM_OUT">
|
||||
# <PatternLayout pattern="<%t> %-5p %-6c{1} - %m%n"/>
|
||||
# </Console>
|
||||
# </Appenders>
|
||||
# <Loggers>
|
||||
# <Root level="INFO">
|
||||
# <AppenderRef ref="InMemoryAppender" />
|
||||
# <AppenderRef ref="server_log" />
|
||||
# <AppenderRef ref="STDOUT" />
|
||||
# </Root>
|
||||
# </Loggers>
|
||||
# </Configuration>
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
|
||||
nodeSelector: {}
|
||||
|
||||
tolerations: []
|
||||
|
||||
affinity: {}
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
deploymentAnnotations: {}
|
Loading…
Reference in New Issue
Block a user