diff --git a/charts/unifi/.helmignore b/charts/unifi/.helmignore new file mode 100644 index 00000000..a9fe7278 --- /dev/null +++ b/charts/unifi/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# OWNERS file for Kubernetes +OWNERS \ No newline at end of file diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml new file mode 100644 index 00000000..bc6c5b4a --- /dev/null +++ b/charts/unifi/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +appVersion: 5.12.35 +description: Ubiquiti Network's Unifi Controller +name: unifi +version: 1.0.0 +keywords: + - ubiquiti + - unifi + - mongodb +home: https://github.com/k8s-at-home/charts/tree/master/charts/unifi +icon: https://blog.ubnt.com/wp-content/uploads/2016/10/unifi-app-logo.png +sources: + - https://github.com/jacobalberty/unifi-docker +maintainers: + - name: billimek + email: jeff@billimek.com + - name: mcronce + email: mike@quadra-tec.net diff --git a/charts/unifi/OWNERS b/charts/unifi/OWNERS new file mode 100644 index 00000000..9425e000 --- /dev/null +++ b/charts/unifi/OWNERS @@ -0,0 +1,6 @@ +approvers: +- billimek +- mcronce +reviewers: +- billimek +- mcronce diff --git a/charts/unifi/README.md b/charts/unifi/README.md new file mode 100644 index 00000000..40fa345d --- /dev/null +++ b/charts/unifi/README.md @@ -0,0 +1,187 @@ +# Ubiquiti Network's Unifi Controller + +This is a helm chart for [Ubiquiti Network's][ubnt] [Unifi Controller][ubnt 2]. + +## TL;DR; + +```shell +helm repo add k8s-at-home https://k8s-at-home.com/charts/ +helm install k8s-at-home/unifi +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install --name my-release stable/unifi +``` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release --purge +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the Unifi chart and their default values. + +| Parameter | Default | Description | +|-------------------------------------------------|------------------------------|------------------------------------------------------------------------------------------------------------------------| +| `image.repository` | `jacobalberty/unifi` | Image repository | +| `image.tag` | `5.12.35` | Image tag. Possible values listed [here][docker]. | +| `image.pullPolicy` | `IfNotPresent` | Image pull policy | +| `strategyType` | `Recreate` | Specifies the strategy used to replace old Pods by new ones | +| `guiService.type` | `ClusterIP` | Kubernetes service type for the Unifi GUI | +| `guiService.port` | `8443` | Kubernetes port where the Unifi GUI is exposed | +| `guiService.annotations` | `{}` | Service annotations for the Unifi GUI | +| `guiService.labels` | `{}` | Custom labels | +| `guiService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi GUI | +| `guiService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) | +| `guiService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local | +| `captivePortalService.enabled` | `false` | Install the captive portal service (needed if you want guest captive portal) | +| `captivePortalService.type` | `ClusterIP` | Kubernetes service type for the captive portal | +| `captivePortalService.http` | `8880` | Kubernetes port where the captive portal is exposed | +| `captivePortalService.https` | `8843` | Kubernetes port where the captive portal is exposed (with SSL) | +| `captivePortalService.annotations` | `{}` | Service annotations for the captive portal | +| `captivePortalService.labels` | `{}` | Custom labels | +| `captivePortalService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi GUI | +| `captivePortalService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) | +| `captivePortalService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local | +| `captivePortalService.ingress.enabled` | `false` | Enables Ingress (for the captive portal, the main ingress needs to be enabled for the controller to be accessible) | +| `captivePortalService.ingress.annotations` | `{}` | Ingress annotations for the captive portal | +| `captivePortalService.ingress.labels` | `{}` | Custom labels for the captive portal | +| `captivePortalService.ingress.path` | `/` | Ingress path for the captive portal | +| `captivePortalService.ingress.hosts` | `chart-example.local` | Ingress accepted hostnames for the captive portal | +| `captivePortalService.ingress.tls` | `[]` | Ingress TLS configuration for the captive portal | +| `controllerService.type` | `NodePort` | Kubernetes service type for the Unifi Controller communication | +| `controllerService.port` | `8080` | Kubernetes port where the Unifi Controller is exposed - this needs to be reachable by the unifi devices on the network | +| `controllerService.annotations` | `{}` | Service annotations for the Unifi Controller | +| `controllerService.labels` | `{}` | Custom labels | +| `controllerService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi Controller | +| `controllerService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) | +| `controllerService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local | +| `controllerService.ingress.enabled` | `false` | Enables Ingress for the controller | +| `controllerService.ingress.annotations` | `{}` | Ingress annotations for the controller | +| `controllerService.ingress.labels` | `{}` | Custom labels for the controller | +| `controllerService.ingress.path` | `/` | Ingress path for the controller | +| `controllerService.ingress.hosts` | `chart-example.local` | Ingress accepted hostnames for the controller | +| `controllerService.ingress.tls` | `[]` | Ingress TLS configuration for the controller | +| `stunService.type` | `NodePort` | Kubernetes service type for the Unifi STUN | +| `stunService.port` | `3478` | Kubernetes UDP port where the Unifi STUN is exposed | +| `stunService.annotations` | `{}` | Service annotations for the Unifi STUN | +| `stunService.labels` | `{}` | Custom labels | +| `stunService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi STUN | +| `stunService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) | +| `stunService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local | +| `discoveryService.type` | `NodePort` | Kubernetes service type for AP discovery | +| `discoveryService.port` | `10001` | Kubernetes UDP port for AP discovery | +| `discoveryService.annotations` | `{}` | Service annotations for AP discovery | +| `discoveryService.labels` | `{}` | Custom labels | +| `discoveryService.loadBalancerIP` | `{}` | Loadbalance IP for AP discovery | +| `discoveryService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) | +| `discoveryService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local | +| `unifiedService.enabled` | `false` | Use a single service for GUI, controller, STUN, and discovery | +| `unifiedService.type` | `ClusterIP` | Kubernetes service type for the unified service | +| `unifiedService.annotations` | `{}` | Annotations for the unified service | +| `unifiedService.labels` | `{}` | Custom labels for the unified service | +| `unifiedService.loadBalancerIP` | None | Load balancer IP for the unified service | +| `unifiedService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to the load balancer (if supported) | +| `unifiedService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the service to either Cluster or Local | +| `ingress.enabled` | `false` | Enables Ingress | +| `ingress.annotations` | `{}` | Ingress annotations | +| `ingress.labels` | `{}` | Custom labels | +| `ingress.path` | `/` | Ingress path | +| `ingress.hosts` | `chart-example.local` | Ingress accepted hostnames | +| `ingress.tls` | `[]` | Ingress TLS configuration | +| `timezone` | `UTC` | Timezone the Unifi controller should run as, e.g. 'America/New York' | +| `runAsRoot` | `false` | Run the controller as UID0 (root user); if set to false, will give container SETFCAP instead | +| `UID` | `999` | Run the controller as user UID | +| `GID` | `999` | Run the controller as group GID | +| `customCert.enabled` | `false` | Define whether you are using s custom certificate | +| `customCert.isChain` | `false` | If you are using a Let's Encrypt certificate which already includes the full chain set this to `true` | +| `customCert.certName` | `tls.crt` | Name of the the certificate file in `/cert` | +| `customCert.keyName` | `tls.key` | Name of the the private key file in `/cert` | +| `customCert.certSecret` | `nil` | Name of the the k8s tls secret where the certificate and its key are stored. | +| `mongodb.enabled` | `false` | Use external MongoDB for data storage | +| `mongodb.dbUri` | `mongodb://mongo/unifi` | external MongoDB URI | +| `mongodb.statDbUri` | `mongodb://mongo/unifi_stat` | external MongoDB statdb URI | +| `mongodb.databaseName` | `unifi` | external MongoDB database name | +| `persistence.enabled` | `true` | Use persistent volume to store data | +| `persistence.size` | `5Gi` | Size of persistent volume claim | +| `persistence.existingClaim` | `nil` | Use an existing PVC to persist data | +| `persistence.subPath` | `` | Store data in a subdirectory of PV instead of at the root directory | +| `persistence.storageClass` | `-` | Type of persistent volume claim | +| `extraVolumes` | `[]` | Additional volumes to be used by extraVolumeMounts | +| `extraVolumeMounts` | `[]` | Additional volume mounts to be mounted in unifi container | +| `persistence.accessModes` | `[]` | Persistence access modes | +| `extraConfigFiles` | `{}` | Dictionary containing files mounted to `/configmap` inside the pod (See [values.yaml](values.yaml) for examples) | +| `extraJvmOpts` | `[]` | List of additional JVM options, e.g. `["-Dlog4j.configurationFile=file:/configmap/log4j2.xml"]` | +| `resources` | `{}` | CPU/Memory resource requests/limits | +| `nodeSelector` | `{}` | Node labels for pod assignment | +| `tolerations` | `[]` | Toleration labels for pod assignment | +| `affinity` | `{}` | Affinity settings for pod assignment | +| `podAnnotations` | `{}` | Key-value pairs to add as pod annotations | +| `deploymentAnnotations` | `{}` | Key-value pairs to add as deployment annotations | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install --name my-release \ + --set timezone="America/New York" \ + stable/unifi +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install --name my-release -f values.yaml stable/unifi +``` + +Read through the [values.yaml](values.yaml) file. It has several commented out suggested values. + +## Regarding the services + +- `guiService`: Represents the main web UI and is what one would normally point + the ingress to. +- `captivePortalService`: This service is used to allow the captive portal webpage + to be accessible. It needs to be reachable by the clients connecting to your guest + network. +- `controllerService`: This is needed in order for the unifi devices to talk to + the controller and must be otherwise exposed to the network where the unifi + devices run. If you run this as a `NodePort` (the default setting), make sure + that there is an external load balancer that is directing traffic from port + 8080 to the `NodePort` for this service. +- `discoveryService`: This needs to be reachable by the unifi devices on the + network similar to the controller `Service` but only during the discovery + phase. This is a UDP service. +- `stunService`: Also used periodically by the unifi devices to communicate + with the controller using UDP. See [this article][ubnt 3] and [this other + article][ubnt 4] for more information. + +## Ingress and HTTPS + +Unifi does [not support HTTP][unifi] so if you wish to use the guiService, you +need to ensure that you use a backend transport of HTTPS. + +An example entry in `values.yaml` to achieve this is as follows: + +``` +ingress: + enabled: true + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" +``` + +[docker]: https://hub.docker.com/r/jacobalberty/unifi/tags/ +[github]: https://github.com/jacobalberty/unifi-docker +[ubnt]: https://www.ubnt.com/ +[ubnt 2]: https://unifi-sdn.ubnt.com/ +[ubnt 3]: https://help.ubnt.com/hc/en-us/articles/204976094-UniFi-What-protocol-does-the-controller-use-to-communicate-with-the-UAP- +[ubnt 4]: https://help.ubnt.com/hc/en-us/articles/115015457668-UniFi-Troubleshooting-STUN-Communication-Errors +[unifi]: https://community.ui.com/questions/Controller-how-to-deactivate-http-to-https/c5e247d8-b5b9-4c84-a3bb-28a90fd65668 diff --git a/charts/unifi/templates/NOTES.txt b/charts/unifi/templates/NOTES.txt new file mode 100644 index 00000000..1a1ca017 --- /dev/null +++ b/charts/unifi/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} +{{- end }} +{{- else if contains "NodePort" .Values.guiService.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "unifi.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.guiService.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "unifi.fullname" . }}-gui' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "unifi.fullname" . }}-gui -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.guiService.port }} +{{- else if contains "ClusterIP" .Values.guiService.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "unifi.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8443:{.Values.guiService.port} + Visit https://127.0.0.1:8443 to use your application +{{- end }} diff --git a/charts/unifi/templates/_helpers.tpl b/charts/unifi/templates/_helpers.tpl new file mode 100644 index 00000000..1c11a45f --- /dev/null +++ b/charts/unifi/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "unifi.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "unifi.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "unifi.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/unifi/templates/captive-ingress.yaml b/charts/unifi/templates/captive-ingress.yaml new file mode 100644 index 00000000..fda55d57 --- /dev/null +++ b/charts/unifi/templates/captive-ingress.yaml @@ -0,0 +1,39 @@ +{{- if (and .Values.captivePortalService.ingress.enabled (not .Values.unifiedService.enabled)) }} +{{- $fullName := include "unifi.fullname" . -}} +{{- $ingressPath := .Values.captivePortalService.ingress.path -}} +{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }}-captive + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.captivePortalService.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.captivePortalService.ingress.tls }} + tls: + {{- range .Values.captivePortalService.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.captivePortalService.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }}-captiveportalservice + servicePort: captive-http + {{- end }} +{{- end }} diff --git a/charts/unifi/templates/captive-svc.yaml b/charts/unifi/templates/captive-svc.yaml new file mode 100644 index 00000000..9f651d6a --- /dev/null +++ b/charts/unifi/templates/captive-svc.yaml @@ -0,0 +1,61 @@ +{{ if (and .Values.captivePortalService.enabled (not .Values.unifiedService.enabled)) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-captiveportalservice + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.captivePortalService.labels }} +{{ toYaml .Values.captivePortalService.labels | indent 4 }} +{{- end }} +{{- with .Values.captivePortalService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.captivePortalService.type "ClusterIP") (empty .Values.captivePortalService.type)) }} + type: ClusterIP + {{- if .Values.captivePortalService.clusterIP }} + clusterIP: {{ .Values.captivePortalService.clusterIP }} + {{end}} +{{- else if eq .Values.captivePortalService.type "LoadBalancer" }} + type: {{ .Values.captivePortalService.type }} + {{- if .Values.captivePortalService.loadBalancerIP }} + loadBalancerIP: {{ .Values.captivePortalService.loadBalancerIP }} + {{- end }} + {{- if .Values.captivePortalService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.captivePortalService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.captivePortalService.type }} +{{- end }} +{{- if .Values.captivePortalService.externalIPs }} + externalIPs: +{{ toYaml .Values.captivePortalService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.captivePortalService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.captivePortalService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.captivePortalService.http }} + targetPort: captive-http + protocol: TCP + name: captive-http +{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.http))) }} + nodePort: {{.Values.captivePortalService.http}} +{{ end }} + - port: {{ .Values.captivePortalService.https }} + targetPort: captive-https + protocol: TCP + name: captive-https +{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.https))) }} + nodePort: {{.Values.captivePortalService.https}} +{{ end }} + selector: + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{ end }} diff --git a/charts/unifi/templates/configmap.yaml b/charts/unifi/templates/configmap.yaml new file mode 100644 index 00000000..463abb10 --- /dev/null +++ b/charts/unifi/templates/configmap.yaml @@ -0,0 +1,13 @@ +{{- if .Values.extraConfigFiles }} +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "unifi.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: +{{ toYaml .Values.extraConfigFiles | indent 2 }} +{{- end }} diff --git a/charts/unifi/templates/controller-ingress.yaml b/charts/unifi/templates/controller-ingress.yaml new file mode 100644 index 00000000..a0234af0 --- /dev/null +++ b/charts/unifi/templates/controller-ingress.yaml @@ -0,0 +1,39 @@ +{{- if (and .Values.controllerService.ingress.enabled (not .Values.unifiedService.enabled)) }} +{{- $fullName := include "unifi.fullname" . -}} +{{- $ingressPath := .Values.controllerService.ingress.path -}} +{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }}-controller + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.controllerService.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.controllerService.ingress.tls }} + tls: + {{- range .Values.controllerService.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.controllerService.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }}-controller + servicePort: controller + {{- end }} +{{- end }} diff --git a/charts/unifi/templates/controller-svc.yaml b/charts/unifi/templates/controller-svc.yaml new file mode 100644 index 00000000..2fe7076a --- /dev/null +++ b/charts/unifi/templates/controller-svc.yaml @@ -0,0 +1,54 @@ +{{ if not .Values.unifiedService.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-controller + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.controllerService.labels }} +{{ toYaml .Values.controllerService.labels | indent 4 }} +{{- end }} +{{- with .Values.controllerService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.controllerService.type "ClusterIP") (empty .Values.controllerService.type)) }} + type: ClusterIP + {{- if .Values.controllerService.clusterIP }} + clusterIP: {{ .Values.controllerService.clusterIP }} + {{end}} +{{- else if eq .Values.controllerService.type "LoadBalancer" }} + type: {{ .Values.controllerService.type }} + {{- if .Values.controllerService.loadBalancerIP }} + loadBalancerIP: {{ .Values.controllerService.loadBalancerIP }} + {{- end }} + {{- if .Values.controllerService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.controllerService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.controllerService.type }} +{{- end }} +{{- if .Values.controllerService.externalIPs }} + externalIPs: +{{ toYaml .Values.controllerService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.controllerService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.controllerService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.controllerService.port }} + targetPort: controller + protocol: TCP + name: controller +{{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.nodePort))) }} + nodePort: {{.Values.controllerService.nodePort}} +{{ end }} + selector: + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{ end }} diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml new file mode 100644 index 00000000..4f7753d8 --- /dev/null +++ b/charts/unifi/templates/deployment.yaml @@ -0,0 +1,166 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "unifi.fullname" . }} + {{- if .Values.deploymentAnnotations }} + annotations: + {{- range $key, $value := .Values.deploymentAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: 1 + strategy: + type: {{ .Values.strategyType }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.podAnnotations }} + annotations: + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: https-gui + containerPort: {{ .Values.guiService.port }} + protocol: TCP + - name: controller + containerPort: {{ .Values.controllerService.port }} + protocol: TCP + - name: discovery + containerPort: 10001 + protocol: UDP + - name: stun + containerPort: 3478 + protocol: UDP + {{ if .Values.captivePortalService.enabled }} + - name: captive-http + containerPort: 8880 + protocol: TCP + - name: captive-https + containerPort: 8843 + protocol: TCP + {{ end }} + {{- if not .Values.runAsRoot }} + securityContext: + capabilities: + add: + - SETFCAP + {{- end }} + livenessProbe: + httpGet: + path: /status + port: https-gui + scheme: HTTPS + initialDelaySeconds: 30 + readinessProbe: + httpGet: + path: /status + port: https-gui + scheme: HTTPS + initialDelaySeconds: 15 + env: + - name: UNIFI_HTTP_PORT + value: "{{ .Values.controllerService.port }}" + - name: UNIFI_HTTPS_PORT + value: "{{ .Values.guiService.port }}" + - name: TZ + value: "{{ .Values.timezone }}" + - name: RUNAS_UID0 + value: "{{ .Values.runAsRoot }}" + - name: UNIFI_UID + value: "{{ .Values.UID }}" + - name: UNIFI_GID + value: "{{ .Values.GID }}" + {{- if .Values.extraJvmOpts }} + - name: JVM_EXTRA_OPTS + value: "{{- join " " .Values.extraJvmOpts }}" + {{- end }} + {{- if .Values.mongodb.enabled }} + - name: DB_URI + value: "{{ .Values.mongodb.dbUri }}" + - name: STATDB_URI + value: "{{ .Values.mongodb.statDbUri }}" + - name: DB_NAME + value: "{{ .Values.mongodb.databaseName }}" + {{- end }} + {{- if and .Values.customCert .Values.customCert.enabled }} + - name: CERT_IS_CHAIN + value: "{{ .Values.customCert.isChain }}" + - name: CERTNAME + value: "{{ .Values.customCert.certName }}" + - name: CERT_PRIVATE_NAME + value: "{{ .Values.customCert.keyName }}" + {{- end }} + volumeMounts: + - mountPath: /unifi/data + name: unifi-data + subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.subPath "data") (empty .Values.persistence.subPath) }} + - mountPath: /unifi/log + name: unifi-data + subPath: {{ ternary "log" (printf "%s/%s" .Values.persistence.subPath "log") (empty .Values.persistence.subPath) }} + - mountPath: /unifi/cert + {{- if and .Values.customCert .Values.customCert.enabled .Values.customCert.certSecret }} + name: unifi-cert-secret + {{- else }} + name: unifi-data + subPath: {{ ternary "cert" (printf "%s/%s" .Values.persistence.subPath "cert") (empty .Values.persistence.subPath) }} + {{- end }} + - mountPath: /unifi/init.d + name: unifi-data + subPath: {{ ternary "init.d" (printf "%s/%s" .Values.persistence.subPath "init.d") (empty .Values.persistence.subPath) }} + {{- if .Values.extraConfigFiles }} + - name: extra-config + mountPath: /configmap + {{- end }} + {{- if .Values.extraVolumeMounts }}{{ toYaml .Values.extraVolumeMounts | trim | nindent 12 }}{{ end }} + resources: +{{ toYaml .Values.resources | indent 12 }} + volumes: + - name: unifi-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "unifi.fullname" . }}{{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- if .Values.extraConfigFiles }} + - name: extra-config + configMap: + name: {{ template "unifi.fullname" . }} + {{- end }} + {{- if and .Values.customCert .Values.customCert.enabled .Values.customCert.certSecret }} + - name: unifi-cert-secret + secret: + secretName: "{{ .Values.customCert.certSecret }}" + {{- end }} + {{- if .Values.extraVolumes }}{{ toYaml .Values.extraVolumes | trim | nindent 8 }}{{ end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/unifi/templates/discovery-svc.yaml b/charts/unifi/templates/discovery-svc.yaml new file mode 100644 index 00000000..870748cd --- /dev/null +++ b/charts/unifi/templates/discovery-svc.yaml @@ -0,0 +1,54 @@ +{{ if not .Values.unifiedService.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-discovery + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.discoveryService.labels }} +{{ toYaml .Values.discoveryService.labels | indent 4 }} +{{- end }} +{{- with .Values.discoveryService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.discoveryService.type "ClusterIP") (empty .Values.discoveryService.type)) }} + type: ClusterIP + {{- if .Values.discoveryService.clusterIP }} + clusterIP: {{ .Values.discoveryService.clusterIP }} + {{end}} +{{- else if eq .Values.discoveryService.type "LoadBalancer" }} + type: {{ .Values.discoveryService.type }} + {{- if .Values.discoveryService.loadBalancerIP }} + loadBalancerIP: {{ .Values.discoveryService.loadBalancerIP }} + {{- end }} + {{- if .Values.discoveryService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.discoveryService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.discoveryService.type }} +{{- end }} +{{- if .Values.discoveryService.externalIPs }} + externalIPs: +{{ toYaml .Values.discoveryService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.discoveryService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.discoveryService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.discoveryService.port }} + targetPort: discovery + protocol: UDP + name: discovery +{{ if (and (eq .Values.discoveryService.type "NodePort") (not (empty .Values.discoveryService.nodePort))) }} + nodePort: {{.Values.discoveryService.nodePort}} +{{ end }} + selector: + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{ end }} diff --git a/charts/unifi/templates/gui-svc.yaml b/charts/unifi/templates/gui-svc.yaml new file mode 100644 index 00000000..9f145318 --- /dev/null +++ b/charts/unifi/templates/gui-svc.yaml @@ -0,0 +1,54 @@ +{{ if not .Values.unifiedService.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-gui + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.guiService.labels }} +{{ toYaml .Values.guiService.labels | indent 4 }} +{{- end }} +{{- with .Values.guiService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.guiService.type "ClusterIP") (empty .Values.guiService.type)) }} + type: ClusterIP + {{- if .Values.guiService.clusterIP }} + clusterIP: {{ .Values.guiService.clusterIP }} + {{end}} +{{- else if eq .Values.guiService.type "LoadBalancer" }} + type: {{ .Values.guiService.type }} + {{- if .Values.guiService.loadBalancerIP }} + loadBalancerIP: {{ .Values.guiService.loadBalancerIP }} + {{- end }} + {{- if .Values.guiService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.guiService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.guiService.type }} +{{- end }} +{{- if .Values.guiService.externalIPs }} + externalIPs: +{{ toYaml .Values.guiService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.guiService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.guiService.externalTrafficPolicy }} + {{- end }} + ports: + - name: https-gui + port: {{ .Values.guiService.port }} + protocol: TCP + targetPort: https-gui +{{ if (and (eq .Values.guiService.type "NodePort") (not (empty .Values.guiService.nodePort))) }} + nodePort: {{.Values.guiService.nodePort}} +{{ end }} + selector: + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{ end }} diff --git a/charts/unifi/templates/ingress.yaml b/charts/unifi/templates/ingress.yaml new file mode 100644 index 00000000..b079cb3b --- /dev/null +++ b/charts/unifi/templates/ingress.yaml @@ -0,0 +1,43 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "unifi.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + {{- if $unifiedServiceEnabled }} + serviceName: {{ $fullName }} + {{- else }} + serviceName: {{ $fullName }}-gui + {{- end }} + servicePort: https-gui + {{- end }} +{{- end }} diff --git a/charts/unifi/templates/pvc.yaml b/charts/unifi/templates/pvc.yaml new file mode 100644 index 00000000..041ca563 --- /dev/null +++ b/charts/unifi/templates/pvc.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "unifi.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/charts/unifi/templates/stun-svc.yaml b/charts/unifi/templates/stun-svc.yaml new file mode 100644 index 00000000..45819bc3 --- /dev/null +++ b/charts/unifi/templates/stun-svc.yaml @@ -0,0 +1,54 @@ +{{ if not .Values.unifiedService.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-stun + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.stunService.labels }} +{{ toYaml .Values.stunService.labels | indent 4 }} +{{- end }} +{{- with .Values.stunService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.stunService.type "ClusterIP") (empty .Values.stunService.type)) }} + type: ClusterIP + {{- if .Values.stunService.clusterIP }} + clusterIP: {{ .Values.stunService.clusterIP }} + {{end}} +{{- else if eq .Values.stunService.type "LoadBalancer" }} + type: {{ .Values.stunService.type }} + {{- if .Values.stunService.loadBalancerIP }} + loadBalancerIP: {{ .Values.stunService.loadBalancerIP }} + {{- end }} + {{- if .Values.stunService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.stunService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.stunService.type }} +{{- end }} +{{- if .Values.stunService.externalIPs }} + externalIPs: +{{ toYaml .Values.stunService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.stunService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.stunService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.stunService.port }} + targetPort: stun + protocol: UDP + name: stun +{{ if (and (eq .Values.stunService.type "NodePort") (not (empty .Values.stunService.nodePort))) }} + nodePort: {{.Values.stunService.nodePort}} +{{ end }} + selector: + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{ end }} diff --git a/charts/unifi/templates/unified-svc.yaml b/charts/unifi/templates/unified-svc.yaml new file mode 100644 index 00000000..0b2bf72e --- /dev/null +++ b/charts/unifi/templates/unified-svc.yaml @@ -0,0 +1,93 @@ +{{ if .Values.unifiedService.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.unifiedService.labels }} +{{ toYaml .Values.unifiedService.labels | indent 4 }} +{{- end }} +{{- with .Values.unifiedService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.unifiedService.type "ClusterIP") (empty .Values.unifiedService.type)) }} + type: ClusterIP + {{- if .Values.unifiedService.clusterIP }} + clusterIP: {{ .Values.unifiedService.clusterIP }} + {{end}} +{{- else if eq .Values.unifiedService.type "LoadBalancer" }} + type: {{ .Values.unifiedService.type }} + {{- if .Values.unifiedService.loadBalancerIP }} + loadBalancerIP: {{ .Values.unifiedService.loadBalancerIP }} + {{- end }} + {{- if .Values.unifiedService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.unifiedService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.unifiedService.type }} +{{- end }} +{{- if .Values.unifiedService.externalIPs }} + externalIPs: +{{ toYaml .Values.unifiedService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.unifiedService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.unifiedService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.controllerService.port }} + targetPort: controller + protocol: TCP + name: controller +{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.controllerService.nodePort))) }} + nodePort: {{.Values.controllerService.nodePort}} +{{ end }} + - port: {{ .Values.discoveryService.port }} + targetPort: discovery + protocol: UDP + name: discovery +{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.discoveryService.nodePort))) }} + nodePort: {{.Values.discoveryService.nodePort}} +{{ end }} + - port: {{ .Values.stunService.port }} + targetPort: stun + protocol: UDP + name: stun +{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.stunService.nodePort))) }} + nodePort: {{.Values.stunService.nodePort}} +{{ end }} + - name: https-gui + port: {{ .Values.guiService.port }} + protocol: TCP + targetPort: https-gui +{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.guiService.nodePort))) }} + nodePort: {{.Values.guiService.nodePort}} +{{ end }} +{{ if .Values.captivePortalService.enabled }} + - name: captive-http + port: {{ .Values.captivePortalService.http }} + protocol: TCP + targetPort: captive-http +{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.captivePortalService.http))) }} + nodePort: {{.Values.captivePortalService.http}} +{{ end }} + - name: captive-https + port: {{ .Values.captivePortalService.https }} + protocol: TCP + targetPort: captive-https +{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.captivePortalService.https))) }} + nodePort: {{.Values.captivePortalService.https}} +{{ end }} +{{ end }} + + selector: + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{ end }} + diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml new file mode 100644 index 00000000..0b4e2678 --- /dev/null +++ b/charts/unifi/values.yaml @@ -0,0 +1,299 @@ +# Default values for unifi. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# upgrade strategy type (e.g. Recreate or RollingUpdate) +strategyType: Recreate + +image: + repository: jacobalberty/unifi + tag: 5.12.35 + pullPolicy: IfNotPresent + +# If enabled, the controller, discovery, GUI, and STUN services will not be +# created. +# Instead, one service will be created with the port and nodePort settings from +# controllerService, discoveryService, guiService, and stunService. +# This is useful if, for example, the ClusterIP network is routable and being +# accessed directly by access points, and the APs don't have a way to discern +# different services on different IPs. +unifiedService: + enabled: false + type: ClusterIP + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +guiService: + type: ClusterIP + port: 8443 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +captivePortalService: + enabled: false + type: ClusterIP + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + http: 8880 + https: 8843 + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + + + # Ingress settings only for the captive portal + ingress: + enabled: false + annotations: {} + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +controllerService: + type: NodePort + port: 8080 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + ## + # Ingress settings only for the controller + ingress: + enabled: false + annotations: {} + path: / + hosts: + - chart-example.local + tls: [] + +stunService: + type: NodePort + port: 3478 # udp + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +discoveryService: + type: NodePort + port: 10001 # udp + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +ingress: + enabled: false + annotations: {} + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +timezone: UTC + +runAsRoot: false +UID: 999 +GID: 999 + +## If you provide your own custom certificate in /cert +## you can define the following parameters to configure the controller +customCert: + enabled: false + isChain: false + certName: tls.crt + keyName: tls.key + # If you want to store certificate and its key as a Kubernetes tls secret + # you can pass the name of that secret using certSecret variable + # certSecret: unifi-tls + +# define an external mongoDB instead of using the built-in mongodb +mongodb: + enabled: false + dbUri: mongodb://mongo/unifi + statDbUri: mongodb://mongo/unifi_stat + databaseName: unifi + +persistence: + enabled: true + ## unifi data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + # + ## Applies a prefix to the directories created by the unifi container + # subPath: unifi + accessMode: ReadWriteOnce + size: 5Gi + +extraVolumes: [] + ## specify additional volume to be used by extraVolumeMounts inside unifi container + # - name: additional-volume + # hostPath: + # path: /path/on/host + # type: DirectoryOrCreate + +extraVolumeMounts: [] + ## specify additional VolumeMount to be mounted inside unifi container + # - name: additional-volume + # mountPath: /path/in/container + +extraJvmOpts: [] + ## Extra java options + ## Here are some examples of valid JVM options: + ## + # - "-XX:MaxMetaspaceSize=256m" + # - "-Dlog4j.configurationFile=file:/configmap/log4j2.xml" + # - "-Dsystem_ip=1.2.3.4" + +extraConfigFiles: {} + ## Specify additional config files which are mounted to /configmap + ## Here is an example for a custom log4j config: + ## + # log4j2.xml: |- + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +podAnnotations: {} + +deploymentAnnotations: {}