From 062db282ed7faf2340be995e7e4183236e3819df Mon Sep 17 00:00:00 2001 From: Jeff Billimek Date: Sat, 6 Oct 2018 15:31:52 -0400 Subject: [PATCH 01/35] [stable/unifi] unifi controller chart (New chart) (#6426) * initial commit - unifi controller chart Signed-off-by: Jeff Billimek * enabling persistence by default, per guidelines Signed-off-by: Jeff Billimek * enabling persistence by default, per guidelines Signed-off-by: Jeff Billimek * changes requested in PR * Pegging to a certain version for the chart (0.1.0) until otherwise directed * Using consistent indentation for lists * Using camelCase * updating app version to current (5.8.28) Signed-off-by: Jeff Billimek * correcting linting failures Signed-off-by: Jeff Billimek * adding OWNERS for more timely merges in the future Signed-off-by: Jeff Billimek * Correcting inconsistent service definitions * fixing inconsistencies with service port & name definitions as described in PR * bumping app version to current * correcting typo in Charts.yaml Signed-off-by: Jeff Billimek * correcting ingress servicePort definition Signed-off-by: Jeff Billimek * correcting ingress servicePort definition Signed-off-by: Jeff Billimek Signed-off-by: Jeff Billimek * adding missing NodePort settings Signed-off-by: Jeff Billimek * Expanding service definitions * The values and readme reflect that the various services (deployment, stun, gui, controller) can handle annotations, but there is no use of those in the templates. This is now fixed * Added externalTrafficPolicy to all services * Some of these changes were requested via https://github.com/billimek/billimek-charts/issues/3 Signed-off-by: Jeff Billimek * switching to apps/v1 Signed-off-by: Jeff Billimek --- charts/unifi/.helmignore | 23 ++++ charts/unifi/Chart.yaml | 17 +++ charts/unifi/OWNERS | 4 + charts/unifi/README.md | 113 +++++++++++++++ charts/unifi/templates/NOTES.txt | 19 +++ charts/unifi/templates/_helpers.tpl | 32 +++++ charts/unifi/templates/controller-svc.yaml | 52 +++++++ charts/unifi/templates/deployment.yaml | 98 +++++++++++++ charts/unifi/templates/discovery-svc.yaml | 52 +++++++ charts/unifi/templates/gui-svc.yaml | 52 +++++++ charts/unifi/templates/ingress.yaml | 38 +++++ charts/unifi/templates/pvc.yaml | 24 ++++ charts/unifi/templates/stun-svc.yaml | 52 +++++++ charts/unifi/values.yaml | 153 +++++++++++++++++++++ 14 files changed, 729 insertions(+) create mode 100644 charts/unifi/.helmignore create mode 100644 charts/unifi/Chart.yaml create mode 100644 charts/unifi/OWNERS create mode 100644 charts/unifi/README.md create mode 100644 charts/unifi/templates/NOTES.txt create mode 100644 charts/unifi/templates/_helpers.tpl create mode 100644 charts/unifi/templates/controller-svc.yaml create mode 100644 charts/unifi/templates/deployment.yaml create mode 100644 charts/unifi/templates/discovery-svc.yaml create mode 100644 charts/unifi/templates/gui-svc.yaml create mode 100644 charts/unifi/templates/ingress.yaml create mode 100644 charts/unifi/templates/pvc.yaml create mode 100644 charts/unifi/templates/stun-svc.yaml create mode 100644 charts/unifi/values.yaml diff --git a/charts/unifi/.helmignore b/charts/unifi/.helmignore new file mode 100644 index 00000000..a9fe7278 --- /dev/null +++ b/charts/unifi/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# OWNERS file for Kubernetes +OWNERS \ No newline at end of file diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml new file mode 100644 index 00000000..4382022e --- /dev/null +++ b/charts/unifi/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +appVersion: 5.8.30 +description: Ubiquiti Network's Unifi Controller +name: unifi +version: 0.1.10 +keywords: + - ubiquiti + - unifi + - mongodb +home: https://github.com/jacobalberty/unifi-docker +icon: https://blog.ubnt.com/wp-content/uploads/2016/10/unifi-app-logo.png +sources: + - https://github.com/jacobalberty/unifi-docker + - https://github.com/kubernetes/charts/stable/unifi +maintainers: + - name: billimek + email: jeff@billimek.com diff --git a/charts/unifi/OWNERS b/charts/unifi/OWNERS new file mode 100644 index 00000000..b90909f4 --- /dev/null +++ b/charts/unifi/OWNERS @@ -0,0 +1,4 @@ +approvers: +- billimek +reviewers: +- billimek diff --git a/charts/unifi/README.md b/charts/unifi/README.md new file mode 100644 index 00000000..c25d05a8 --- /dev/null +++ b/charts/unifi/README.md @@ -0,0 +1,113 @@ +# Ubiqiti Network's Unifi Controller + +This is a helm chart for [Ubiqiti Network's](https://www.ubnt.com/) [Unifi Controller](https://unifi-sdn.ubnt.com/) + +## TL;DR; + +```console +helm install stable/unifi +``` + +## Introduction + +This code is adopted from [this original repo](https://github.com/jacobalberty/unifi-docker) + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install --name my-release stable/unifi +``` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release --purge +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the Sentry chart and their default values. + +| Parameter | Description | Default | +|----------------------------|-------------------------------------|---------------------------------------------------------| +| `image.repository` | Image repository | `jacobalberty/unifi` | +| `image.tag` | Image tag. Possible values listed [here](https://hub.docker.com/r/jacobalberty/unifi/tags/).| `5.8.23`| +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `guiService.type` | Kubernetes service type for the Unifi GUI | `ClusterIP` | +| `guiService.port` | Kubernetes port where the Unifi GUI is exposed| `8443` | +| `guiService.annotations` | Service annotations for the Unifi GUI | `{}` | +| `guiService.labels` | Custom labels | `{}` | +| `guiService.loadBalancerIP` | Loadbalance IP for the Unifi GUI | `{}` | +| `guiService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None +| `guiService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` +| `controllerService.type` | Kubernetes service type for the Unifi Controller communication | `NodePort` | +| `controllerService.port` | Kubernetes port where the Unifi Controller is exposed - this needs to be reachable by the unifi devices on the network | `8080` | +| `controllerService.annotations` | Service annotations for the Unifi Controller | `{}` | +| `controllerService.labels` | Custom labels | `{}` | +| `controllerService.loadBalancerIP` | Loadbalance IP for the Unifi Controller | `{}` | +| `controllerService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None +| `controllerService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` +| `stunService.type` | Kubernetes service type for the Unifi STUN | `NodePort` | +| `stunService.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | +| `stunService.annotations` | Service annotations for the Unifi STUN | `{}` | +| `stunService.labels` | Custom labels | `{}` | +| `stunService.loadBalancerIP` | Loadbalance IP for the Unifi STUN | `{}` | +| `stunService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None +| `stunService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` +| `discoveryService.type` | Kubernetes service type for AP discovery | `NodePort` | +| `discoveryService.port` | Kubernetes UDP port for AP discovery | `10001` | +| `discoveryService.annotations` | Service annotations for AP discovery | `{}` | +| `discoveryService.labels` | Custom labels | `{}` | +| `discoveryService.loadBalancerIP` | Loadbalance IP for AP discovery | `{}` | +| `discoveryService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None +| `discoveryService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.labels` | Custom labels | `{}` +| `ingress.path` | Ingress path | `/` | +| `ingress.hosts` | Ingress accepted hostnames | `chart-example.local` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | +| `runAsRoot` | Run the controller as UID0 (root user) | `false` | +| `mongodb.enabled` | Use external MongoDB for data storage | `false` | +| `mongodb.dbUri` | external MongoDB URI | `mongodb://mongo/unifi` | +| `mongodb.statDbUri` | external MongoDB statdb URI | `mongodb://mongo/unifi_stat` | +| `mongodb.databaseName` | external MongoDB database name | `unifi` | +| `persistence.enabled` | Use persistent volume to store data | `true` | +| `persistence.size` | Size of persistent volume claim | `5Gi` | +| `persistence.existingClaim`| Use an existing PVC to persist data | `nil` | +| `persistence.storageClass` | Type of persistent volume claim | `-` | +| `persistence.accessModes` | Persistence access modes | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install --name my-release \ + --set timezone="America/New York" \ + stable/unifi +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install --name my-release -f values.yaml stable/unifi +``` + +Read through the [values.yaml](values.yaml) file. It has several commented out suggested values. + +## Regarding the services + +* `guiService`: represents the main web UI and is what one would normally point the ingress to +* `controllerService`: This is needed in order for the unifi devices to talk to the controller and must be otherwise exposed to the network where the unifi devices run. If you run this as a NodePort (the default setting), make sure that there is an external loadbalancer that is directing traffic from port 8080 to the NodePort for this service +* `discoveryService`: This needs to be reachable by the unifi devices on the network similar to the controllerService but only during the discovery phase. This is a UDP service +* `stunService`: Also used periodically by the unifi devices to communicate with the controller using UDP. See [this article](https://help.ubnt.com/hc/en-us/articles/204976094-UniFi-What-protocol-does-the-controller-use-to-communicate-with-the-UAP-) and [this other article](https://help.ubnt.com/hc/en-us/articles/115015457668-UniFi-Troubleshooting-STUN-Communication-Errors) for more information diff --git a/charts/unifi/templates/NOTES.txt b/charts/unifi/templates/NOTES.txt new file mode 100644 index 00000000..1c2fe943 --- /dev/null +++ b/charts/unifi/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} +{{- end }} +{{- else if contains "NodePort" .Values.guiService.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "unifi.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.guiService.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "unifi.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "unifi.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.guiService.port }} +{{- else if contains "ClusterIP" .Values.guiService.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "unifi.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/charts/unifi/templates/_helpers.tpl b/charts/unifi/templates/_helpers.tpl new file mode 100644 index 00000000..1c11a45f --- /dev/null +++ b/charts/unifi/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "unifi.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "unifi.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "unifi.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/unifi/templates/controller-svc.yaml b/charts/unifi/templates/controller-svc.yaml new file mode 100644 index 00000000..7cac96a6 --- /dev/null +++ b/charts/unifi/templates/controller-svc.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-controller + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.controllerService.labels }} +{{ toYaml .Values.controllerService.labels | indent 4 }} +{{- end }} +{{- with .Values.controllerService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.controllerService.type "ClusterIP") (empty .Values.controllerService.type)) }} + type: ClusterIP + {{- if .Values.controllerService.clusterIP }} + clusterIP: {{ .Values.controllerService.clusterIP }} + {{end}} +{{- else if eq .Values.controllerService.type "LoadBalancer" }} + type: {{ .Values.controllerService.type }} + {{- if .Values.controllerService.loadBalancerIP }} + loadBalancerIP: {{ .Values.controllerService.loadBalancerIP }} + {{- end }} + {{- if .Values.controllerService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.controllerService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.controllerService.type }} +{{- end }} +{{- if .Values.controllerService.externalIPs }} + externalIPs: +{{ toYaml .Values.controllerService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.controllerService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.controllerService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.controllerService.port }} + targetPort: controller + protocol: TCP + name: controller +{{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.nodePort))) }} + nodePort: {{.Values.controllerService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml new file mode 100644 index 00000000..ab433ef2 --- /dev/null +++ b/charts/unifi/templates/deployment.yaml @@ -0,0 +1,98 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "unifi.fullname" . }} + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: https-gui + containerPort: 8443 + protocol: TCP + - name: controller + containerPort: 8080 + protocol: TCP + - name: discovery + containerPort: 10001 + protocol: UDP + - name: stun + containerPort: 3478 + protocol: UDP + livenessProbe: + httpGet: + path: /status + port: https-gui + scheme: HTTPS + initialDelaySeconds: 30 + readinessProbe: + httpGet: + path: /status + port: https-gui + scheme: HTTPS + initialDelaySeconds: 15 + env: + - name: TZ + value: "{{ .Values.timezone }}" + - name: RUNAS_UID0 + value: "{{ .Values.runAsRoot }}" + {{- if .Values.mongodb.enabled }} + - name: DB_URI + value: "{{ .Values.mongodb.dbUri }}" + - name: STATDB_URI + value: "{{ .Values.mongodb.statDbUri }}" + - name: DB_NAME + value: "{{ .Values.mongodb.databaseName }}" + {{- end }} + volumeMounts: + - mountPath: /unifi/data + name: unifi-data + subPath: data + - mountPath: /unifi/log + name: unifi-data + subPath: log + - mountPath: /unifi/cert + name: unifi-data + subPath: cert + - mountPath: /unifi/init.d + name: unifi-data + subPath: init.d + resources: +{{ toYaml .Values.resources | indent 12 }} + volumes: + - name: unifi-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "unifi.fullname" . }}{{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/unifi/templates/discovery-svc.yaml b/charts/unifi/templates/discovery-svc.yaml new file mode 100644 index 00000000..b3f7b685 --- /dev/null +++ b/charts/unifi/templates/discovery-svc.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-discovery + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.discoveryService.labels }} +{{ toYaml .Values.discoveryService.labels | indent 4 }} +{{- end }} +{{- with .Values.discoveryService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.discoveryService.type "ClusterIP") (empty .Values.discoveryService.type)) }} + type: ClusterIP + {{- if .Values.discoveryService.clusterIP }} + clusterIP: {{ .Values.discoveryService.clusterIP }} + {{end}} +{{- else if eq .Values.discoveryService.type "LoadBalancer" }} + type: {{ .Values.discoveryService.type }} + {{- if .Values.discoveryService.loadBalancerIP }} + loadBalancerIP: {{ .Values.discoveryService.loadBalancerIP }} + {{- end }} + {{- if .Values.discoveryService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.discoveryService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.discoveryService.type }} +{{- end }} +{{- if .Values.discoveryService.externalIPs }} + externalIPs: +{{ toYaml .Values.discoveryService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.discoveryService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.discoveryService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.discoveryService.port }} + targetPort: discovery + protocol: UDP + name: discovery +{{ if (and (eq .Values.discoveryService.type "NodePort") (not (empty .Values.discoveryService.nodePort))) }} + nodePort: {{.Values.discoveryService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} diff --git a/charts/unifi/templates/gui-svc.yaml b/charts/unifi/templates/gui-svc.yaml new file mode 100644 index 00000000..4f0c9b42 --- /dev/null +++ b/charts/unifi/templates/gui-svc.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-gui + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.guiService.labels }} +{{ toYaml .Values.guiService.labels | indent 4 }} +{{- end }} +{{- with .Values.guiService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.guiService.type "ClusterIP") (empty .Values.guiService.type)) }} + type: ClusterIP + {{- if .Values.guiService.clusterIP }} + clusterIP: {{ .Values.guiService.clusterIP }} + {{end}} +{{- else if eq .Values.guiService.type "LoadBalancer" }} + type: {{ .Values.guiService.type }} + {{- if .Values.guiService.loadBalancerIP }} + loadBalancerIP: {{ .Values.guiService.loadBalancerIP }} + {{- end }} + {{- if .Values.guiService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.guiService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.guiService.type }} +{{- end }} +{{- if .Values.guiService.externalIPs }} + externalIPs: +{{ toYaml .Values.guiService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.guiService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.guiService.externalTrafficPolicy }} + {{- end }} + ports: + - name: https-gui + port: {{ .Values.guiService.port }} + protocol: TCP + targetPort: https-gui +{{ if (and (eq .Values.guiService.type "NodePort") (not (empty .Values.guiService.nodePort))) }} + nodePort: {{.Values.guiService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/unifi/templates/ingress.yaml b/charts/unifi/templates/ingress.yaml new file mode 100644 index 00000000..e94c3bcf --- /dev/null +++ b/charts/unifi/templates/ingress.yaml @@ -0,0 +1,38 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "unifi.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }}-gui + servicePort: https-gui + {{- end }} +{{- end }} diff --git a/charts/unifi/templates/pvc.yaml b/charts/unifi/templates/pvc.yaml new file mode 100644 index 00000000..5ad2ff76 --- /dev/null +++ b/charts/unifi/templates/pvc.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "unifi.fullname" . }} + labels: + app: {{ template "unifi.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/charts/unifi/templates/stun-svc.yaml b/charts/unifi/templates/stun-svc.yaml new file mode 100644 index 00000000..335e0c9b --- /dev/null +++ b/charts/unifi/templates/stun-svc.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-stun + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.stunService.labels }} +{{ toYaml .Values.stunService.labels | indent 4 }} +{{- end }} +{{- with .Values.stunService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.stunService.type "ClusterIP") (empty .Values.stunService.type)) }} + type: ClusterIP + {{- if .Values.stunService.clusterIP }} + clusterIP: {{ .Values.stunService.clusterIP }} + {{end}} +{{- else if eq .Values.stunService.type "LoadBalancer" }} + type: {{ .Values.stunService.type }} + {{- if .Values.stunService.loadBalancerIP }} + loadBalancerIP: {{ .Values.stunService.loadBalancerIP }} + {{- end }} + {{- if .Values.stunService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.stunService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.stunService.type }} +{{- end }} +{{- if .Values.stunService.externalIPs }} + externalIPs: +{{ toYaml .Values.stunService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.stunService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.stunService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.stunService.port }} + targetPort: stun + protocol: UDP + name: stun +{{ if (and (eq .Values.stunService.type "NodePort") (not (empty .Values.stunService.nodePort))) }} + nodePort: {{.Values.stunService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml new file mode 100644 index 00000000..7309c59d --- /dev/null +++ b/charts/unifi/values.yaml @@ -0,0 +1,153 @@ +# Default values for unifi. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: jacobalberty/unifi + tag: 5.8.30 + pullPolicy: IfNotPresent + +guiService: + type: ClusterIP + port: 8443 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +controllerService: + type: NodePort + port: 8080 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +stunService: + type: NodePort + port: 3478 # udp + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +discoveryService: + type: NodePort + port: 10001 # udp + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +timezone: UTC + +runAsRoot: false + + # define an external mongoDB instead of using the built-in mongodb +mongodb: + enabled: false + dbUri: mongodb://mongo/unifi + statDbUri: mongodb://mongo/unifi_stat + databaseName: unifi + +persistence: + enabled: true + ## unifi data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## + ## If you want to reuse an existing claim, you can pass the name of the PVC using + ## the existingClaim variable + # existingClaim: your-claim + accessMode: ReadWriteOnce + size: 5Gi + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 10348d1c0b2b6170e197da1ab8a7f3a87f6b803d Mon Sep 17 00:00:00 2001 From: Jonathan Herlin Date: Tue, 23 Oct 2018 00:01:55 +0200 Subject: [PATCH 02/35] [stable/unifi] Invalid link in chart sources (#8639) * Invalid link in chart sources There was a invalid link in sources, this commit fixes the link Signed-off-by: Jonathan Herlin * stable/unifi bump version Signed-off-by: Jonathan Herlin --- charts/unifi/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 4382022e..bc446fee 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.8.30 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.1.10 +version: 0.1.11 keywords: - ubiquiti - unifi @@ -11,7 +11,7 @@ home: https://github.com/jacobalberty/unifi-docker icon: https://blog.ubnt.com/wp-content/uploads/2016/10/unifi-app-logo.png sources: - https://github.com/jacobalberty/unifi-docker - - https://github.com/kubernetes/charts/stable/unifi + - https://github.com/helm/charts/tree/master/stable/unifi maintainers: - name: billimek email: jeff@billimek.com From 3f50bc7f610df418ba1ac8fc7c5917da134b9d24 Mon Sep 17 00:00:00 2001 From: Jeff Billimek Date: Wed, 31 Oct 2018 14:07:28 -0400 Subject: [PATCH 03/35] upgrading to unifi v5.9.29 (#8887) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * upgrading to unifi v5.9.29 Signed-off-by: Jeff Billimek * Update Chart.yaml Signed-off-by: Reinhard Nägele --- charts/unifi/Chart.yaml | 4 ++-- charts/unifi/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index bc446fee..a937169c 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 5.8.30 +appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.1.11 +version: 0.2.0 keywords: - ubiquiti - unifi diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 7309c59d..b57e819f 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 image: repository: jacobalberty/unifi - tag: 5.8.30 + tag: 5.9.29 pullPolicy: IfNotPresent guiService: From 214dd6eaac24b49f64986e929d6f930383a7b489 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lucas=20Serv=C3=A9n=20Mar=C3=ADn?= Date: Mon, 12 Nov 2018 01:30:56 +0100 Subject: [PATCH 04/35] stable/unifi/templates/deployment.yaml: fix probes (#9180) * stable/unifi/templates/deployment.yaml: fix probes The `livenessProbe` and `readinessProbe` are incorrectly defined. The `initialDelaySeconds` field should not be nested withing the `httpGet` field. Signed-off-by: Lucas Serven * stable/unifi: bump patch version Signed-off-by: Lucas Serven --- charts/unifi/Chart.yaml | 2 +- charts/unifi/templates/deployment.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index a937169c..345480d2 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.0 +version: 0.2.1 keywords: - ubiquiti - unifi diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index ab433ef2..3b253e2f 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -41,13 +41,13 @@ spec: path: /status port: https-gui scheme: HTTPS - initialDelaySeconds: 30 + initialDelaySeconds: 30 readinessProbe: httpGet: path: /status port: https-gui scheme: HTTPS - initialDelaySeconds: 15 + initialDelaySeconds: 15 env: - name: TZ value: "{{ .Values.timezone }}" From d1fbb477096d6ecf8a87edbe9ec4646fc0e8a68d Mon Sep 17 00:00:00 2001 From: Lyle Franklin Date: Mon, 10 Dec 2018 15:54:40 -0800 Subject: [PATCH 05/35] Add configurable `podAnnotations` to unifi chart (#9833) Use case is using `ark` + `restic` to take backups which requires pods with persistent data to be annotated like: ``` kubectl annotate pod unifi-55f6dcc44c-khbrk backup.ark.heptio.com/backup-volumes=unifi-data ``` Signed-off-by: Lyle Franklin --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 1 + charts/unifi/templates/deployment.yaml | 6 ++++++ charts/unifi/values.yaml | 2 ++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 345480d2..a34a8bd2 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.1 +version: 0.2.2 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index c25d05a8..5800af5f 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -88,6 +88,7 @@ The following tables lists the configurable parameters of the Sentry chart and t | `nodeSelector` | Node labels for pod assignment | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | | `affinity` | Affinity settings for pod assignment | `{}` | +| `podAnnotations` | Key-value pairs to add as pod annotations | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index 3b253e2f..f631c259 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -18,6 +18,12 @@ spec: labels: app: {{ template "unifi.name" . }} release: {{ .Release.Name }} + {{- if .Values.podAnnotations }} + annotations: + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: containers: - name: {{ .Chart.Name }} diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index b57e819f..a4def1c9 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -151,3 +151,5 @@ nodeSelector: {} tolerations: [] affinity: {} + +podAnnotations: {} From be82a0fccbf0bd8fb7be86260bca3cb0d754c475 Mon Sep 17 00:00:00 2001 From: Mike Cronce Date: Wed, 19 Dec 2018 14:12:47 -0500 Subject: [PATCH 06/35] stable/unifi: Add "addSetfcap" option to give the SETFCAP capability to the Unifi container (#10143) Signed-off-by: Mike Cronce --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 1 + charts/unifi/templates/deployment.yaml | 6 ++++++ charts/unifi/values.yaml | 1 + 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index a34a8bd2..0d923822 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.2 +version: 0.2.3 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 5800af5f..599ff38e 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -75,6 +75,7 @@ The following tables lists the configurable parameters of the Sentry chart and t | `ingress.tls` | Ingress TLS configuration | `[]` | | `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | | `runAsRoot` | Run the controller as UID0 (root user) | `false` | +| `addSetfcap` | Give the controller container the SETFCAP capability; this is necessary when not running as root | `true` | | `mongodb.enabled` | Use external MongoDB for data storage | `false` | | `mongodb.dbUri` | external MongoDB URI | `mongodb://mongo/unifi` | | `mongodb.statDbUri` | external MongoDB statdb URI | `mongodb://mongo/unifi_stat` | diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index f631c259..35485938 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -42,6 +42,12 @@ spec: - name: stun containerPort: 3478 protocol: UDP + {{- if .Values.addSetfcap }} + securityContext: + capabilities: + add: + - SETFCAP + {{- end }} livenessProbe: httpGet: path: /status diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index a4def1c9..51f00c89 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -109,6 +109,7 @@ ingress: timezone: UTC runAsRoot: false +addSetfcap: true # define an external mongoDB instead of using the built-in mongodb mongodb: From 4cbe828448d7852406601764663f694e19929519 Mon Sep 17 00:00:00 2001 From: Jacob Block Date: Sat, 22 Dec 2018 08:18:27 -0600 Subject: [PATCH 07/35] [stable/unifi] Add UID and GID options. (#10218) Signed-off-by: Jacob Block --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 2 ++ charts/unifi/templates/deployment.yaml | 4 ++++ charts/unifi/values.yaml | 2 ++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 0d923822..1fbc059f 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.3 +version: 0.2.4 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 599ff38e..90b09bfb 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -75,6 +75,8 @@ The following tables lists the configurable parameters of the Sentry chart and t | `ingress.tls` | Ingress TLS configuration | `[]` | | `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | | `runAsRoot` | Run the controller as UID0 (root user) | `false` | +| `UID` | Run the controller as user UID | `999` | +| `GID` | Run the controller as group GID | `999` | | `addSetfcap` | Give the controller container the SETFCAP capability; this is necessary when not running as root | `true` | | `mongodb.enabled` | Use external MongoDB for data storage | `false` | | `mongodb.dbUri` | external MongoDB URI | `mongodb://mongo/unifi` | diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index 35485938..33dc6ed8 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -65,6 +65,10 @@ spec: value: "{{ .Values.timezone }}" - name: RUNAS_UID0 value: "{{ .Values.runAsRoot }}" + - name: UNIFI_UID + value: "{{ .Values.UID }}" + - name: UNIFI_GID + value: "{{ .Values.GID }}" {{- if .Values.mongodb.enabled }} - name: DB_URI value: "{{ .Values.mongodb.dbUri }}" diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 51f00c89..a6bd34f6 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -110,6 +110,8 @@ timezone: UTC runAsRoot: false addSetfcap: true +UID: 999 +GID: 999 # define an external mongoDB instead of using the built-in mongodb mongodb: From 1a67cf907088c6b13a5e442fd0d4dcc8aefd8881 Mon Sep 17 00:00:00 2001 From: Jesse Stuart Date: Sat, 29 Dec 2018 15:52:26 -0500 Subject: [PATCH 08/35] [stable/unifi] Fix typos/formatting in README. (#10277) Signed-off-by: Jesse Stuart --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 148 ++++++++++++++++++++++------------------ 2 files changed, 83 insertions(+), 67 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 1fbc059f..2b1a2772 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.4 +version: 0.2.5 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 90b09bfb..72ce24ee 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -1,6 +1,6 @@ -# Ubiqiti Network's Unifi Controller +# Ubiquiti Network's Unifi Controller -This is a helm chart for [Ubiqiti Network's](https://www.ubnt.com/) [Unifi Controller](https://unifi-sdn.ubnt.com/) +This is a helm chart for [Ubiquiti Network's][ubnt] [Unifi Controller][ubnt 2]. ## TL;DR; @@ -10,7 +10,7 @@ helm install stable/unifi ## Introduction -This code is adopted from [this original repo](https://github.com/jacobalberty/unifi-docker) +This code is adopted from [this original repo][github]. ## Installing the Chart @@ -32,66 +32,66 @@ The command removes all the Kubernetes components associated with the chart and ## Configuration -The following tables lists the configurable parameters of the Sentry chart and their default values. +The following tables lists the configurable parameters of the Unifi chart and their default values. -| Parameter | Description | Default | -|----------------------------|-------------------------------------|---------------------------------------------------------| -| `image.repository` | Image repository | `jacobalberty/unifi` | -| `image.tag` | Image tag. Possible values listed [here](https://hub.docker.com/r/jacobalberty/unifi/tags/).| `5.8.23`| -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `guiService.type` | Kubernetes service type for the Unifi GUI | `ClusterIP` | -| `guiService.port` | Kubernetes port where the Unifi GUI is exposed| `8443` | -| `guiService.annotations` | Service annotations for the Unifi GUI | `{}` | -| `guiService.labels` | Custom labels | `{}` | -| `guiService.loadBalancerIP` | Loadbalance IP for the Unifi GUI | `{}` | -| `guiService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None -| `guiService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` -| `controllerService.type` | Kubernetes service type for the Unifi Controller communication | `NodePort` | -| `controllerService.port` | Kubernetes port where the Unifi Controller is exposed - this needs to be reachable by the unifi devices on the network | `8080` | -| `controllerService.annotations` | Service annotations for the Unifi Controller | `{}` | -| `controllerService.labels` | Custom labels | `{}` | -| `controllerService.loadBalancerIP` | Loadbalance IP for the Unifi Controller | `{}` | -| `controllerService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None -| `controllerService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` -| `stunService.type` | Kubernetes service type for the Unifi STUN | `NodePort` | -| `stunService.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | -| `stunService.annotations` | Service annotations for the Unifi STUN | `{}` | -| `stunService.labels` | Custom labels | `{}` | -| `stunService.loadBalancerIP` | Loadbalance IP for the Unifi STUN | `{}` | -| `stunService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None -| `stunService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` -| `discoveryService.type` | Kubernetes service type for AP discovery | `NodePort` | -| `discoveryService.port` | Kubernetes UDP port for AP discovery | `10001` | -| `discoveryService.annotations` | Service annotations for AP discovery | `{}` | -| `discoveryService.labels` | Custom labels | `{}` | -| `discoveryService.loadBalancerIP` | Loadbalance IP for AP discovery | `{}` | -| `discoveryService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None -| `discoveryService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` -| `ingress.enabled` | Enables Ingress | `false` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.labels` | Custom labels | `{}` -| `ingress.path` | Ingress path | `/` | -| `ingress.hosts` | Ingress accepted hostnames | `chart-example.local` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | -| `runAsRoot` | Run the controller as UID0 (root user) | `false` | -| `UID` | Run the controller as user UID | `999` | -| `GID` | Run the controller as group GID | `999` | -| `addSetfcap` | Give the controller container the SETFCAP capability; this is necessary when not running as root | `true` | -| `mongodb.enabled` | Use external MongoDB for data storage | `false` | -| `mongodb.dbUri` | external MongoDB URI | `mongodb://mongo/unifi` | -| `mongodb.statDbUri` | external MongoDB statdb URI | `mongodb://mongo/unifi_stat` | -| `mongodb.databaseName` | external MongoDB database name | `unifi` | -| `persistence.enabled` | Use persistent volume to store data | `true` | -| `persistence.size` | Size of persistent volume claim | `5Gi` | -| `persistence.existingClaim`| Use an existing PVC to persist data | `nil` | -| `persistence.storageClass` | Type of persistent volume claim | `-` | -| `persistence.accessModes` | Persistence access modes | `[]` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `affinity` | Affinity settings for pod assignment | `{}` | -| `podAnnotations` | Key-value pairs to add as pod annotations | `{}` | +| Parameter | Description | Default | +| -------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ---------------------------- | +| `image.repository` | Image repository | `jacobalberty/unifi` | +| `image.tag` | Image tag. Possible values listed [here][docker]. | `5.8.23` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `guiService.type` | Kubernetes service type for the Unifi GUI | `ClusterIP` | +| `guiService.port` | Kubernetes port where the Unifi GUI is exposed | `8443` | +| `guiService.annotations` | Service annotations for the Unifi GUI | `{}` | +| `guiService.labels` | Custom labels | `{}` | +| `guiService.loadBalancerIP` | Loadbalance IP for the Unifi GUI | `{}` | +| `guiService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | +| `guiService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | +| `controllerService.type` | Kubernetes service type for the Unifi Controller communication | `NodePort` | +| `controllerService.port` | Kubernetes port where the Unifi Controller is exposed - this needs to be reachable by the unifi devices on the network | `8080` | +| `controllerService.annotations` | Service annotations for the Unifi Controller | `{}` | +| `controllerService.labels` | Custom labels | `{}` | +| `controllerService.loadBalancerIP` | Loadbalance IP for the Unifi Controller | `{}` | +| `controllerService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | +| `controllerService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | +| `stunService.type` | Kubernetes service type for the Unifi STUN | `NodePort` | +| `stunService.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | +| `stunService.annotations` | Service annotations for the Unifi STUN | `{}` | +| `stunService.labels` | Custom labels | `{}` | +| `stunService.loadBalancerIP` | Loadbalance IP for the Unifi STUN | `{}` | +| `stunService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | +| `stunService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | +| `discoveryService.type` | Kubernetes service type for AP discovery | `NodePort` | +| `discoveryService.port` | Kubernetes UDP port for AP discovery | `10001` | +| `discoveryService.annotations` | Service annotations for AP discovery | `{}` | +| `discoveryService.labels` | Custom labels | `{}` | +| `discoveryService.loadBalancerIP` | Loadbalance IP for AP discovery | `{}` | +| `discoveryService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | +| `discoveryService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.labels` | Custom labels | `{}` | +| `ingress.path` | Ingress path | `/` | +| `ingress.hosts` | Ingress accepted hostnames | `chart-example.local` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | +| `runAsRoot` | Run the controller as UID0 (root user) | `false` | +| `UID` | Run the controller as user UID | `999` | +| `GID` | Run the controller as group GID | `999` | +| `addSetfcap` | Give the controller container the SETFCAP capability; this is necessary when not running as root | `true` | +| `mongodb.enabled` | Use external MongoDB for data storage | `false` | +| `mongodb.dbUri` | external MongoDB URI | `mongodb://mongo/unifi` | +| `mongodb.statDbUri` | external MongoDB statdb URI | `mongodb://mongo/unifi_stat` | +| `mongodb.databaseName` | external MongoDB database name | `unifi` | +| `persistence.enabled` | Use persistent volume to store data | `true` | +| `persistence.size` | Size of persistent volume claim | `5Gi` | +| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.storageClass` | Type of persistent volume claim | `-` | +| `persistence.accessModes` | Persistence access modes | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `podAnnotations` | Key-value pairs to add as pod annotations | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -111,7 +111,23 @@ Read through the [values.yaml](values.yaml) file. It has several commented out s ## Regarding the services -* `guiService`: represents the main web UI and is what one would normally point the ingress to -* `controllerService`: This is needed in order for the unifi devices to talk to the controller and must be otherwise exposed to the network where the unifi devices run. If you run this as a NodePort (the default setting), make sure that there is an external loadbalancer that is directing traffic from port 8080 to the NodePort for this service -* `discoveryService`: This needs to be reachable by the unifi devices on the network similar to the controllerService but only during the discovery phase. This is a UDP service -* `stunService`: Also used periodically by the unifi devices to communicate with the controller using UDP. See [this article](https://help.ubnt.com/hc/en-us/articles/204976094-UniFi-What-protocol-does-the-controller-use-to-communicate-with-the-UAP-) and [this other article](https://help.ubnt.com/hc/en-us/articles/115015457668-UniFi-Troubleshooting-STUN-Communication-Errors) for more information +- `guiService`: Represents the main web UI and is what one would normally point + the ingress to. +- `controllerService`: This is needed in order for the unifi devices to talk to + the controller and must be otherwise exposed to the network where the unifi + devices run. If you run this as a `NodePort` (the default setting), make sure + that there is an external load balancer that is directing traffic from port + 8080 to the `NodePort` for this service. +- `discoveryService`: This needs to be reachable by the unifi devices on the + network similar to the controller `Service` but only during the discovery + phase. This is a UDP service. +- `stunService`: Also used periodically by the unifi devices to communicate + with the controller using UDP. See [this article][ubnt 3] and [this other + article][ubnt 4] for more information. + +[docker]: https://hub.docker.com/r/jacobalberty/unifi/tags/ +[github]: https://github.com/jacobalberty/unifi-docker +[ubnt]: https://www.ubnt.com/ +[ubnt 2]: https://unifi-sdn.ubnt.com/ +[ubnt 3]: https://help.ubnt.com/hc/en-us/articles/204976094-UniFi-What-protocol-does-the-controller-use-to-communicate-with-the-UAP- +[ubnt 4]: https://help.ubnt.com/hc/en-us/articles/115015457668-UniFi-Troubleshooting-STUN-Communication-Errors From ac0202a0c457bc401bfb31a212a03e4eb8e7065d Mon Sep 17 00:00:00 2001 From: Mike Cronce Date: Thu, 3 Jan 2019 14:52:03 -0500 Subject: [PATCH 09/35] stable/unifi: Replace "addSetfcap" option with simply adding that capability when "runAsRoot" is not set to true (#10359) Signed-off-by: Mike Cronce --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 3 +-- charts/unifi/templates/deployment.yaml | 2 +- charts/unifi/values.yaml | 1 - 4 files changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 2b1a2772..60da052c 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.5 +version: 0.2.6 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 72ce24ee..dda6bd06 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -74,10 +74,9 @@ The following tables lists the configurable parameters of the Unifi chart and th | `ingress.hosts` | Ingress accepted hostnames | `chart-example.local` | | `ingress.tls` | Ingress TLS configuration | `[]` | | `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | -| `runAsRoot` | Run the controller as UID0 (root user) | `false` | +| `runAsRoot` | Run the controller as UID0 (root user); if set to false, will give container SETFCAP instead | `false` | | `UID` | Run the controller as user UID | `999` | | `GID` | Run the controller as group GID | `999` | -| `addSetfcap` | Give the controller container the SETFCAP capability; this is necessary when not running as root | `true` | | `mongodb.enabled` | Use external MongoDB for data storage | `false` | | `mongodb.dbUri` | external MongoDB URI | `mongodb://mongo/unifi` | | `mongodb.statDbUri` | external MongoDB statdb URI | `mongodb://mongo/unifi_stat` | diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index 33dc6ed8..1b1fc2eb 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -42,7 +42,7 @@ spec: - name: stun containerPort: 3478 protocol: UDP - {{- if .Values.addSetfcap }} + {{- if not .Values.runAsRoot }} securityContext: capabilities: add: diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index a6bd34f6..817b99b1 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -109,7 +109,6 @@ ingress: timezone: UTC runAsRoot: false -addSetfcap: true UID: 999 GID: 999 From 609b2dbe31060ec8e6e838236c864a911d4b1625 Mon Sep 17 00:00:00 2001 From: Christian Erhardt Date: Fri, 11 Jan 2019 22:19:59 +0100 Subject: [PATCH 10/35] Port forward in NOTES.txt is wrong (#10200) If you do a port-forward to 8080, the unifi controller tries to forward you to a secure TLS connection on port 8443. This fails because the port 8443 is not forwarded. If you do a direct forward to 8443, everything works as expected. Signed-off-by: Christian Erhardt --- charts/unifi/Chart.yaml | 2 +- charts/unifi/templates/NOTES.txt | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 60da052c..71aa03f3 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.6 +version: 0.2.7 keywords: - ubiquiti - unifi diff --git a/charts/unifi/templates/NOTES.txt b/charts/unifi/templates/NOTES.txt index 1c2fe943..afa05b5b 100644 --- a/charts/unifi/templates/NOTES.txt +++ b/charts/unifi/templates/NOTES.txt @@ -14,6 +14,6 @@ echo http://$SERVICE_IP:{{ .Values.guiService.port }} {{- else if contains "ClusterIP" .Values.guiService.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "unifi.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:80 + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8443:{.Values.guiService.port} + Visit https://127.0.0.1:8443 to use your application {{- end }} From 73956c3eed1d67e0b75e3429db1f940a793501d8 Mon Sep 17 00:00:00 2001 From: nreisbeck <10735102+nreisbeck@users.noreply.github.com> Date: Sat, 19 Jan 2019 20:25:53 -0800 Subject: [PATCH 11/35] stable/unifi/README.md: fix current version (#10784) Signed-off-by: Nolan Reisbeck --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 71aa03f3..f32a92e2 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.7 +version: 0.2.8 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index dda6bd06..097d8386 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -37,7 +37,7 @@ The following tables lists the configurable parameters of the Unifi chart and th | Parameter | Description | Default | | -------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ---------------------------- | | `image.repository` | Image repository | `jacobalberty/unifi` | -| `image.tag` | Image tag. Possible values listed [here][docker]. | `5.8.23` | +| `image.tag` | Image tag. Possible values listed [here][docker]. | `5.9.29` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `guiService.type` | Kubernetes service type for the Unifi GUI | `ClusterIP` | | `guiService.port` | Kubernetes port where the Unifi GUI is exposed | `8443` | From 08f9adbd73ece752ae531855b8c462092531f2d0 Mon Sep 17 00:00:00 2001 From: Werner Buck Date: Fri, 8 Feb 2019 12:49:44 +0100 Subject: [PATCH 12/35] Simplify for unifi (#10789) The discovery and stun ports are part of the same service. Unifi depends on them to be on the same hostname. Signed-off-by: Werner Buck --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 28 ++++-------- charts/unifi/templates/controller-svc.yaml | 14 ++++++ charts/unifi/templates/discovery-svc.yaml | 52 ---------------------- charts/unifi/templates/stun-svc.yaml | 52 ---------------------- charts/unifi/values.yaml | 48 +++----------------- 6 files changed, 29 insertions(+), 167 deletions(-) delete mode 100644 charts/unifi/templates/discovery-svc.yaml delete mode 100644 charts/unifi/templates/stun-svc.yaml diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index f32a92e2..a7b53925 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.8 +version: 0.3.0 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 097d8386..961105f6 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -53,20 +53,8 @@ The following tables lists the configurable parameters of the Unifi chart and th | `controllerService.loadBalancerIP` | Loadbalance IP for the Unifi Controller | `{}` | | `controllerService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | | `controllerService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | -| `stunService.type` | Kubernetes service type for the Unifi STUN | `NodePort` | -| `stunService.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | -| `stunService.annotations` | Service annotations for the Unifi STUN | `{}` | -| `stunService.labels` | Custom labels | `{}` | -| `stunService.loadBalancerIP` | Loadbalance IP for the Unifi STUN | `{}` | -| `stunService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | -| `stunService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | -| `discoveryService.type` | Kubernetes service type for AP discovery | `NodePort` | -| `discoveryService.port` | Kubernetes UDP port for AP discovery | `10001` | -| `discoveryService.annotations` | Service annotations for AP discovery | `{}` | -| `discoveryService.labels` | Custom labels | `{}` | -| `discoveryService.loadBalancerIP` | Loadbalance IP for AP discovery | `{}` | -| `discoveryService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | -| `discoveryService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | +| `controllerService.stun.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | +| `controllerService.discovery.port` | Kubernetes UDP port for AP discovery | `10001` | | `ingress.enabled` | Enables Ingress | `false` | | `ingress.annotations` | Ingress annotations | `{}` | | `ingress.labels` | Custom labels | `{}` | @@ -117,12 +105,12 @@ Read through the [values.yaml](values.yaml) file. It has several commented out s devices run. If you run this as a `NodePort` (the default setting), make sure that there is an external load balancer that is directing traffic from port 8080 to the `NodePort` for this service. -- `discoveryService`: This needs to be reachable by the unifi devices on the - network similar to the controller `Service` but only during the discovery - phase. This is a UDP service. -- `stunService`: Also used periodically by the unifi devices to communicate - with the controller using UDP. See [this article][ubnt 3] and [this other - article][ubnt 4] for more information. + + the `controllerService` exposes two additional ports: + - `discovery`: This needs to be reachable by the unifi devices on network but only during the discovery + phase. This is a UDP service. + - `stun`: Also used periodically by the unifi devices to communicate + with the controller using UDP. See [this article][ubnt 3] and [this other article][ubnt 4] for more information. [docker]: https://hub.docker.com/r/jacobalberty/unifi/tags/ [github]: https://github.com/jacobalberty/unifi-docker diff --git a/charts/unifi/templates/controller-svc.yaml b/charts/unifi/templates/controller-svc.yaml index 7cac96a6..3e6fea91 100644 --- a/charts/unifi/templates/controller-svc.yaml +++ b/charts/unifi/templates/controller-svc.yaml @@ -46,6 +46,20 @@ spec: name: controller {{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.nodePort))) }} nodePort: {{.Values.controllerService.nodePort}} +{{ end }} + - port: {{ .Values.controllerService.stun.port }} + targetPort: stun + protocol: UDP + name: stun +{{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.stun.nodePort))) }} + nodePort: {{.Values.controllerService.stun.nodePort}} +{{ end }} + - port: {{ .Values.controllerService.discovery.port }} + targetPort: discovery + protocol: UDP + name: discovery +{{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.discovery.nodePort))) }} + nodePort: {{.Values.controllerService.discovery.nodePort}} {{ end }} selector: app: {{ template "unifi.name" . }} diff --git a/charts/unifi/templates/discovery-svc.yaml b/charts/unifi/templates/discovery-svc.yaml deleted file mode 100644 index b3f7b685..00000000 --- a/charts/unifi/templates/discovery-svc.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "unifi.fullname" . }}-discovery - labels: - app: {{ template "unifi.name" . }} - chart: {{ template "unifi.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.discoveryService.labels }} -{{ toYaml .Values.discoveryService.labels | indent 4 }} -{{- end }} -{{- with .Values.discoveryService.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.discoveryService.type "ClusterIP") (empty .Values.discoveryService.type)) }} - type: ClusterIP - {{- if .Values.discoveryService.clusterIP }} - clusterIP: {{ .Values.discoveryService.clusterIP }} - {{end}} -{{- else if eq .Values.discoveryService.type "LoadBalancer" }} - type: {{ .Values.discoveryService.type }} - {{- if .Values.discoveryService.loadBalancerIP }} - loadBalancerIP: {{ .Values.discoveryService.loadBalancerIP }} - {{- end }} - {{- if .Values.discoveryService.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.discoveryService.loadBalancerSourceRanges | indent 4 }} - {{- end -}} -{{- else }} - type: {{ .Values.discoveryService.type }} -{{- end }} -{{- if .Values.discoveryService.externalIPs }} - externalIPs: -{{ toYaml .Values.discoveryService.externalIPs | indent 4 }} -{{- end }} - {{- if .Values.discoveryService.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.discoveryService.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.discoveryService.port }} - targetPort: discovery - protocol: UDP - name: discovery -{{ if (and (eq .Values.discoveryService.type "NodePort") (not (empty .Values.discoveryService.nodePort))) }} - nodePort: {{.Values.discoveryService.nodePort}} -{{ end }} - selector: - app: {{ template "unifi.name" . }} - release: {{ .Release.Name }} diff --git a/charts/unifi/templates/stun-svc.yaml b/charts/unifi/templates/stun-svc.yaml deleted file mode 100644 index 335e0c9b..00000000 --- a/charts/unifi/templates/stun-svc.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "unifi.fullname" . }}-stun - labels: - app: {{ template "unifi.name" . }} - chart: {{ template "unifi.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.stunService.labels }} -{{ toYaml .Values.stunService.labels | indent 4 }} -{{- end }} -{{- with .Values.stunService.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.stunService.type "ClusterIP") (empty .Values.stunService.type)) }} - type: ClusterIP - {{- if .Values.stunService.clusterIP }} - clusterIP: {{ .Values.stunService.clusterIP }} - {{end}} -{{- else if eq .Values.stunService.type "LoadBalancer" }} - type: {{ .Values.stunService.type }} - {{- if .Values.stunService.loadBalancerIP }} - loadBalancerIP: {{ .Values.stunService.loadBalancerIP }} - {{- end }} - {{- if .Values.stunService.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.stunService.loadBalancerSourceRanges | indent 4 }} - {{- end -}} -{{- else }} - type: {{ .Values.stunService.type }} -{{- end }} -{{- if .Values.stunService.externalIPs }} - externalIPs: -{{ toYaml .Values.stunService.externalIPs | indent 4 }} -{{- end }} - {{- if .Values.stunService.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.stunService.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.stunService.port }} - targetPort: stun - protocol: UDP - name: stun -{{ if (and (eq .Values.stunService.type "NodePort") (not (empty .Values.stunService.nodePort))) }} - nodePort: {{.Values.stunService.nodePort}} -{{ end }} - selector: - app: {{ template "unifi.name" . }} - release: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 817b99b1..b04bb508 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -50,48 +50,12 @@ controllerService: # loadBalancerSourceRanges: [] ## Set the externalTrafficPolicy in the Service to either Cluster or Local # externalTrafficPolicy: Cluster - -stunService: - type: NodePort - port: 3478 # udp - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - ## Provide any additional annotations which may be required. This can be used to - ## set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - labels: {} - ## Use loadBalancerIP to request a specific static IP, - ## otherwise leave blank - ## - loadBalancerIP: - # loadBalancerSourceRanges: [] - ## Set the externalTrafficPolicy in the Service to either Cluster or Local - # externalTrafficPolicy: Cluster - -discoveryService: - type: NodePort - port: 10001 # udp - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - ## Provide any additional annotations which may be required. This can be used to - ## set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - labels: {} - ## Use loadBalancerIP to request a specific static IP, - ## otherwise leave blank - ## - loadBalancerIP: - # loadBalancerSourceRanges: [] - ## Set the externalTrafficPolicy in the Service to either Cluster or Local - # externalTrafficPolicy: Cluster + stun: + port: 3478 + # nodePort: + discovery: + port: 10001 + # nodePort: ingress: enabled: false From 93addda234c67bc05f34e1462326c9d0f066b1ed Mon Sep 17 00:00:00 2001 From: Jeff Billimek Date: Mon, 11 Feb 2019 09:35:30 -0500 Subject: [PATCH 13/35] [stable/unifi] Revert #10789 (#11278) * Revert "Simplify for unifi (#10789)" This reverts commit b09535dfb4bd7f2547e1f36ec7f0b4fb3d468d75. Signed-off-by: Jeff Billimek * bumping chart version as part of reversion Signed-off-by: Jeff Billimek --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 28 ++++++++---- charts/unifi/templates/controller-svc.yaml | 14 ------ charts/unifi/templates/discovery-svc.yaml | 52 ++++++++++++++++++++++ charts/unifi/templates/stun-svc.yaml | 52 ++++++++++++++++++++++ charts/unifi/values.yaml | 48 +++++++++++++++++--- 6 files changed, 167 insertions(+), 29 deletions(-) create mode 100644 charts/unifi/templates/discovery-svc.yaml create mode 100644 charts/unifi/templates/stun-svc.yaml diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index a7b53925..b06d19d2 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.3.0 +version: 0.3.1 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 961105f6..097d8386 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -53,8 +53,20 @@ The following tables lists the configurable parameters of the Unifi chart and th | `controllerService.loadBalancerIP` | Loadbalance IP for the Unifi Controller | `{}` | | `controllerService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | | `controllerService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | -| `controllerService.stun.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | -| `controllerService.discovery.port` | Kubernetes UDP port for AP discovery | `10001` | +| `stunService.type` | Kubernetes service type for the Unifi STUN | `NodePort` | +| `stunService.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | +| `stunService.annotations` | Service annotations for the Unifi STUN | `{}` | +| `stunService.labels` | Custom labels | `{}` | +| `stunService.loadBalancerIP` | Loadbalance IP for the Unifi STUN | `{}` | +| `stunService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | +| `stunService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | +| `discoveryService.type` | Kubernetes service type for AP discovery | `NodePort` | +| `discoveryService.port` | Kubernetes UDP port for AP discovery | `10001` | +| `discoveryService.annotations` | Service annotations for AP discovery | `{}` | +| `discoveryService.labels` | Custom labels | `{}` | +| `discoveryService.loadBalancerIP` | Loadbalance IP for AP discovery | `{}` | +| `discoveryService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | +| `discoveryService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | | `ingress.enabled` | Enables Ingress | `false` | | `ingress.annotations` | Ingress annotations | `{}` | | `ingress.labels` | Custom labels | `{}` | @@ -105,12 +117,12 @@ Read through the [values.yaml](values.yaml) file. It has several commented out s devices run. If you run this as a `NodePort` (the default setting), make sure that there is an external load balancer that is directing traffic from port 8080 to the `NodePort` for this service. - - the `controllerService` exposes two additional ports: - - `discovery`: This needs to be reachable by the unifi devices on network but only during the discovery - phase. This is a UDP service. - - `stun`: Also used periodically by the unifi devices to communicate - with the controller using UDP. See [this article][ubnt 3] and [this other article][ubnt 4] for more information. +- `discoveryService`: This needs to be reachable by the unifi devices on the + network similar to the controller `Service` but only during the discovery + phase. This is a UDP service. +- `stunService`: Also used periodically by the unifi devices to communicate + with the controller using UDP. See [this article][ubnt 3] and [this other + article][ubnt 4] for more information. [docker]: https://hub.docker.com/r/jacobalberty/unifi/tags/ [github]: https://github.com/jacobalberty/unifi-docker diff --git a/charts/unifi/templates/controller-svc.yaml b/charts/unifi/templates/controller-svc.yaml index 3e6fea91..7cac96a6 100644 --- a/charts/unifi/templates/controller-svc.yaml +++ b/charts/unifi/templates/controller-svc.yaml @@ -46,20 +46,6 @@ spec: name: controller {{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.nodePort))) }} nodePort: {{.Values.controllerService.nodePort}} -{{ end }} - - port: {{ .Values.controllerService.stun.port }} - targetPort: stun - protocol: UDP - name: stun -{{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.stun.nodePort))) }} - nodePort: {{.Values.controllerService.stun.nodePort}} -{{ end }} - - port: {{ .Values.controllerService.discovery.port }} - targetPort: discovery - protocol: UDP - name: discovery -{{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.discovery.nodePort))) }} - nodePort: {{.Values.controllerService.discovery.nodePort}} {{ end }} selector: app: {{ template "unifi.name" . }} diff --git a/charts/unifi/templates/discovery-svc.yaml b/charts/unifi/templates/discovery-svc.yaml new file mode 100644 index 00000000..b3f7b685 --- /dev/null +++ b/charts/unifi/templates/discovery-svc.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-discovery + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.discoveryService.labels }} +{{ toYaml .Values.discoveryService.labels | indent 4 }} +{{- end }} +{{- with .Values.discoveryService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.discoveryService.type "ClusterIP") (empty .Values.discoveryService.type)) }} + type: ClusterIP + {{- if .Values.discoveryService.clusterIP }} + clusterIP: {{ .Values.discoveryService.clusterIP }} + {{end}} +{{- else if eq .Values.discoveryService.type "LoadBalancer" }} + type: {{ .Values.discoveryService.type }} + {{- if .Values.discoveryService.loadBalancerIP }} + loadBalancerIP: {{ .Values.discoveryService.loadBalancerIP }} + {{- end }} + {{- if .Values.discoveryService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.discoveryService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.discoveryService.type }} +{{- end }} +{{- if .Values.discoveryService.externalIPs }} + externalIPs: +{{ toYaml .Values.discoveryService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.discoveryService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.discoveryService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.discoveryService.port }} + targetPort: discovery + protocol: UDP + name: discovery +{{ if (and (eq .Values.discoveryService.type "NodePort") (not (empty .Values.discoveryService.nodePort))) }} + nodePort: {{.Values.discoveryService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} diff --git a/charts/unifi/templates/stun-svc.yaml b/charts/unifi/templates/stun-svc.yaml new file mode 100644 index 00000000..335e0c9b --- /dev/null +++ b/charts/unifi/templates/stun-svc.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-stun + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.stunService.labels }} +{{ toYaml .Values.stunService.labels | indent 4 }} +{{- end }} +{{- with .Values.stunService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.stunService.type "ClusterIP") (empty .Values.stunService.type)) }} + type: ClusterIP + {{- if .Values.stunService.clusterIP }} + clusterIP: {{ .Values.stunService.clusterIP }} + {{end}} +{{- else if eq .Values.stunService.type "LoadBalancer" }} + type: {{ .Values.stunService.type }} + {{- if .Values.stunService.loadBalancerIP }} + loadBalancerIP: {{ .Values.stunService.loadBalancerIP }} + {{- end }} + {{- if .Values.stunService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.stunService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.stunService.type }} +{{- end }} +{{- if .Values.stunService.externalIPs }} + externalIPs: +{{ toYaml .Values.stunService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.stunService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.stunService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.stunService.port }} + targetPort: stun + protocol: UDP + name: stun +{{ if (and (eq .Values.stunService.type "NodePort") (not (empty .Values.stunService.nodePort))) }} + nodePort: {{.Values.stunService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index b04bb508..817b99b1 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -50,12 +50,48 @@ controllerService: # loadBalancerSourceRanges: [] ## Set the externalTrafficPolicy in the Service to either Cluster or Local # externalTrafficPolicy: Cluster - stun: - port: 3478 - # nodePort: - discovery: - port: 10001 - # nodePort: + +stunService: + type: NodePort + port: 3478 # udp + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +discoveryService: + type: NodePort + port: 10001 # udp + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster ingress: enabled: false From 652612e76b86778539a505ed7e3e1c661b41dc1c Mon Sep 17 00:00:00 2001 From: Mike Cronce Date: Sun, 3 Mar 2019 08:31:08 -0500 Subject: [PATCH 14/35] stable/unifi: Added "unified service" option to place everything under one service (#11550) Signed-off-by: Mike Cronce --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 7 ++ charts/unifi/templates/controller-svc.yaml | 2 + charts/unifi/templates/discovery-svc.yaml | 2 + charts/unifi/templates/gui-svc.yaml | 4 +- charts/unifi/templates/ingress.yaml | 4 ++ charts/unifi/templates/stun-svc.yaml | 4 +- charts/unifi/templates/unified-svc.yaml | 76 ++++++++++++++++++++++ charts/unifi/values.yaml | 28 ++++++++ 9 files changed, 126 insertions(+), 3 deletions(-) create mode 100644 charts/unifi/templates/unified-svc.yaml diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index b06d19d2..f4a93cdb 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.3.1 +version: 0.3.2 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 097d8386..d86eb431 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -67,6 +67,13 @@ The following tables lists the configurable parameters of the Unifi chart and th | `discoveryService.loadBalancerIP` | Loadbalance IP for AP discovery | `{}` | | `discoveryService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | | `discoveryService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | +| `unifiedService.enabled` | Use a single service for GUI, controller, STUN, and discovery | `false` | +| `unifiedService.type` | Kubernetes service type for the unified service | `ClusterIP` | +| `unifiedService.annotations` | Annotations for the unified service | `{}` | +| `unifiedService.labels` | Custom labels for the unified service | `{}` | +| `unifiedService.loadBalancerIP` | Load balancer IP for the unified service | None | +| `unifiedService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to the load balancer (if supported) | None | +| `unifiedService.externalTrafficPolicy` | Set the externalTrafficPolicy in the service to either Cluster or Local | `Cluster` | | `ingress.enabled` | Enables Ingress | `false` | | `ingress.annotations` | Ingress annotations | `{}` | | `ingress.labels` | Custom labels | `{}` | diff --git a/charts/unifi/templates/controller-svc.yaml b/charts/unifi/templates/controller-svc.yaml index 7cac96a6..37333fb2 100644 --- a/charts/unifi/templates/controller-svc.yaml +++ b/charts/unifi/templates/controller-svc.yaml @@ -1,3 +1,4 @@ +{{ if not .Values.unifiedService.enabled }} apiVersion: v1 kind: Service metadata: @@ -50,3 +51,4 @@ spec: selector: app: {{ template "unifi.name" . }} release: {{ .Release.Name }} +{{ end }} diff --git a/charts/unifi/templates/discovery-svc.yaml b/charts/unifi/templates/discovery-svc.yaml index b3f7b685..953b74b6 100644 --- a/charts/unifi/templates/discovery-svc.yaml +++ b/charts/unifi/templates/discovery-svc.yaml @@ -1,3 +1,4 @@ +{{ if not .Values.unifiedService.enabled }} apiVersion: v1 kind: Service metadata: @@ -50,3 +51,4 @@ spec: selector: app: {{ template "unifi.name" . }} release: {{ .Release.Name }} +{{ end }} diff --git a/charts/unifi/templates/gui-svc.yaml b/charts/unifi/templates/gui-svc.yaml index 4f0c9b42..e57415c3 100644 --- a/charts/unifi/templates/gui-svc.yaml +++ b/charts/unifi/templates/gui-svc.yaml @@ -1,3 +1,4 @@ +{{ if not .Values.unifiedService.enabled }} apiVersion: v1 kind: Service metadata: @@ -49,4 +50,5 @@ spec: {{ end }} selector: app: {{ template "unifi.name" . }} - release: {{ .Release.Name }} \ No newline at end of file + release: {{ .Release.Name }} +{{ end }} diff --git a/charts/unifi/templates/ingress.yaml b/charts/unifi/templates/ingress.yaml index e94c3bcf..075e0470 100644 --- a/charts/unifi/templates/ingress.yaml +++ b/charts/unifi/templates/ingress.yaml @@ -32,7 +32,11 @@ spec: paths: - path: {{ $ingressPath }} backend: + {{- if .Values.unifiedService.enabled }} + serviceName: {{ $fullName }} + {{- else }} serviceName: {{ $fullName }}-gui + {{- end }} servicePort: https-gui {{- end }} {{- end }} diff --git a/charts/unifi/templates/stun-svc.yaml b/charts/unifi/templates/stun-svc.yaml index 335e0c9b..6cff1746 100644 --- a/charts/unifi/templates/stun-svc.yaml +++ b/charts/unifi/templates/stun-svc.yaml @@ -1,3 +1,4 @@ +{{ if not .Values.unifiedService.enabled }} apiVersion: v1 kind: Service metadata: @@ -49,4 +50,5 @@ spec: {{ end }} selector: app: {{ template "unifi.name" . }} - release: {{ .Release.Name }} \ No newline at end of file + release: {{ .Release.Name }} +{{ end }} diff --git a/charts/unifi/templates/unified-svc.yaml b/charts/unifi/templates/unified-svc.yaml new file mode 100644 index 00000000..82a69511 --- /dev/null +++ b/charts/unifi/templates/unified-svc.yaml @@ -0,0 +1,76 @@ +{{ if .Values.unifiedService.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }} + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.unifiedService.labels }} +{{ toYaml .Values.unifiedService.labels | indent 4 }} +{{- end }} +{{- with .Values.unifiedService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.unifiedService.type "ClusterIP") (empty .Values.unifiedService.type)) }} + type: ClusterIP + {{- if .Values.unifiedService.clusterIP }} + clusterIP: {{ .Values.unifiedService.clusterIP }} + {{end}} +{{- else if eq .Values.unifiedService.type "LoadBalancer" }} + type: {{ .Values.unifiedService.type }} + {{- if .Values.unifiedService.loadBalancerIP }} + loadBalancerIP: {{ .Values.unifiedService.loadBalancerIP }} + {{- end }} + {{- if .Values.unifiedService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.unifiedService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.unifiedService.type }} +{{- end }} +{{- if .Values.unifiedService.externalIPs }} + externalIPs: +{{ toYaml .Values.unifiedService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.unifiedService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.unifiedService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.controllerService.port }} + targetPort: controller + protocol: TCP + name: controller +{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.controllerService.nodePort))) }} + nodePort: {{.Values.controllerService.nodePort}} +{{ end }} + - port: {{ .Values.discoveryService.port }} + targetPort: discovery + protocol: UDP + name: discovery +{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.discoveryService.nodePort))) }} + nodePort: {{.Values.discoveryService.nodePort}} +{{ end }} + - port: {{ .Values.stunService.port }} + targetPort: stun + protocol: UDP + name: stun +{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.stunService.nodePort))) }} + nodePort: {{.Values.stunService.nodePort}} +{{ end }} + - name: https-gui + port: {{ .Values.guiService.port }} + protocol: TCP + targetPort: https-gui +{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.guiService.nodePort))) }} + nodePort: {{.Values.guiService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} +{{ end }} + diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 817b99b1..64e69390 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -9,6 +9,34 @@ image: tag: 5.9.29 pullPolicy: IfNotPresent +# If enabled, the controller, discovery, GUI, and STUN services will not be +# created. +# Instead, one service will be created with the port and nodePort settings from +# controllerService, discoveryService, guiService, and stunService. +# This is useful if, for example, the ClusterIP network is routable and being +# accessed directly by access points, and the APs don't have a way to discern +# different services on different IPs. +unifiedService: + enabled: false + type: ClusterIP + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + guiService: type: ClusterIP port: 8443 From 7f3bc53d1229d69ea136a13b4cba764a1cb6feb6 Mon Sep 17 00:00:00 2001 From: Thiemo Date: Sun, 24 Mar 2019 21:57:06 +0100 Subject: [PATCH 15/35] fix(stable/unifi ingress): fix scoping issue (#12482) .Values was out of scope for hosts block, since its in a range statement Moved the failing access to unifiedService.enabled to a variable Signed-off-by: Thiemo Krause --- charts/unifi/Chart.yaml | 2 +- charts/unifi/templates/ingress.yaml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index f4a93cdb..cc41de54 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.3.2 +version: 0.3.3 keywords: - ubiquiti - unifi diff --git a/charts/unifi/templates/ingress.yaml b/charts/unifi/templates/ingress.yaml index 075e0470..6adc28dc 100644 --- a/charts/unifi/templates/ingress.yaml +++ b/charts/unifi/templates/ingress.yaml @@ -1,6 +1,7 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "unifi.fullname" . -}} {{- $ingressPath := .Values.ingress.path -}} +{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}} apiVersion: extensions/v1beta1 kind: Ingress metadata: @@ -32,7 +33,7 @@ spec: paths: - path: {{ $ingressPath }} backend: - {{- if .Values.unifiedService.enabled }} + {{- if $unifiedServiceEnabled }} serviceName: {{ $fullName }} {{- else }} serviceName: {{ $fullName }}-gui From d28bf3fecfc01e7d3bfe580dfb418adc4dae7217 Mon Sep 17 00:00:00 2001 From: Jeff Billimek Date: Thu, 28 Mar 2019 12:32:42 -0400 Subject: [PATCH 16/35] [stable/unifi] unifi chart enhancements (#12047) * switching unifi chart to SatefulSet * based on the persistent nature of this chart as well as [this discussion](https://github.com/helm/charts/issues/1863), migrating the chart to a StatefulSet instead of a deployment. As a result bumping the major version * bumping unifi controller to the latest stable version (5.10.19) * adding @mcronce to the OWNERS file Signed-off-by: Jeff Billimek * using volumeClaimTemplates for statefulSet * also updating label syntax to current helm standards (e.g. `app.kubernetes.io/name`) Signed-off-by: Jeff Billimek * fixing indenting Signed-off-by: Jeff Billimek * using Parallel podManagementPolicy Signed-off-by: Jeff Billimek * revert to Deployment and leverage strategy types Signed-off-by: Jeff Billimek * include readme entry for strategyType Signed-off-by: Jeff Billimek * hard-code replica count and add mcronce to Chart maintainers Signed-off-by: Jeff Billimek * fixing linting error Signed-off-by: Jeff Billimek --- charts/unifi/Chart.yaml | 6 ++++-- charts/unifi/OWNERS | 2 ++ charts/unifi/README.md | 1 + charts/unifi/templates/controller-svc.yaml | 12 ++++++------ charts/unifi/templates/deployment.yaml | 20 +++++++++++--------- charts/unifi/templates/discovery-svc.yaml | 12 ++++++------ charts/unifi/templates/gui-svc.yaml | 12 ++++++------ charts/unifi/templates/ingress.yaml | 8 ++++---- charts/unifi/templates/stun-svc.yaml | 12 ++++++------ charts/unifi/templates/unified-svc.yaml | 12 ++++++------ charts/unifi/values.yaml | 5 +++-- 11 files changed, 55 insertions(+), 47 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index cc41de54..9c288992 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 5.9.29 +appVersion: 5.10.19 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.3.3 +version: 0.4.0 keywords: - ubiquiti - unifi @@ -15,3 +15,5 @@ sources: maintainers: - name: billimek email: jeff@billimek.com + - name: mcronce + email: mike@quadra-tec.net diff --git a/charts/unifi/OWNERS b/charts/unifi/OWNERS index b90909f4..023d223b 100644 --- a/charts/unifi/OWNERS +++ b/charts/unifi/OWNERS @@ -1,4 +1,6 @@ approvers: - billimek +- mcronce reviewers: - billimek +- mcronce \ No newline at end of file diff --git a/charts/unifi/README.md b/charts/unifi/README.md index d86eb431..b9034be4 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -39,6 +39,7 @@ The following tables lists the configurable parameters of the Unifi chart and th | `image.repository` | Image repository | `jacobalberty/unifi` | | `image.tag` | Image tag. Possible values listed [here][docker]. | `5.9.29` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `strategyType` | Specifies the strategy used to replace old Pods by new ones | `Recreate` | | `guiService.type` | Kubernetes service type for the Unifi GUI | `ClusterIP` | | `guiService.port` | Kubernetes port where the Unifi GUI is exposed | `8443` | | `guiService.annotations` | Service annotations for the Unifi GUI | `{}` | diff --git a/charts/unifi/templates/controller-svc.yaml b/charts/unifi/templates/controller-svc.yaml index 37333fb2..2fe7076a 100644 --- a/charts/unifi/templates/controller-svc.yaml +++ b/charts/unifi/templates/controller-svc.yaml @@ -4,10 +4,10 @@ kind: Service metadata: name: {{ template "unifi.fullname" . }}-controller labels: - app: {{ template "unifi.name" . }} - chart: {{ template "unifi.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} {{- if .Values.controllerService.labels }} {{ toYaml .Values.controllerService.labels | indent 4 }} {{- end }} @@ -49,6 +49,6 @@ spec: nodePort: {{.Values.controllerService.nodePort}} {{ end }} selector: - app: {{ template "unifi.name" . }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} {{ end }} diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index 1b1fc2eb..ca84fd01 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -3,21 +3,23 @@ kind: Deployment metadata: name: {{ template "unifi.fullname" . }} labels: - app: {{ template "unifi.name" . }} - chart: {{ template "unifi.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} spec: - replicas: {{ .Values.replicaCount }} + replicas: 1 + strategy: + type: {{ .Values.strategyType }} selector: matchLabels: - app: {{ template "unifi.name" . }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: - app: {{ template "unifi.name" . }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Values.podAnnotations }} annotations: {{- range $key, $value := .Values.podAnnotations }} diff --git a/charts/unifi/templates/discovery-svc.yaml b/charts/unifi/templates/discovery-svc.yaml index 953b74b6..870748cd 100644 --- a/charts/unifi/templates/discovery-svc.yaml +++ b/charts/unifi/templates/discovery-svc.yaml @@ -4,10 +4,10 @@ kind: Service metadata: name: {{ template "unifi.fullname" . }}-discovery labels: - app: {{ template "unifi.name" . }} - chart: {{ template "unifi.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} {{- if .Values.discoveryService.labels }} {{ toYaml .Values.discoveryService.labels | indent 4 }} {{- end }} @@ -49,6 +49,6 @@ spec: nodePort: {{.Values.discoveryService.nodePort}} {{ end }} selector: - app: {{ template "unifi.name" . }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} {{ end }} diff --git a/charts/unifi/templates/gui-svc.yaml b/charts/unifi/templates/gui-svc.yaml index e57415c3..9f145318 100644 --- a/charts/unifi/templates/gui-svc.yaml +++ b/charts/unifi/templates/gui-svc.yaml @@ -4,10 +4,10 @@ kind: Service metadata: name: {{ template "unifi.fullname" . }}-gui labels: - app: {{ template "unifi.name" . }} - chart: {{ template "unifi.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} {{- if .Values.guiService.labels }} {{ toYaml .Values.guiService.labels | indent 4 }} {{- end }} @@ -49,6 +49,6 @@ spec: nodePort: {{.Values.guiService.nodePort}} {{ end }} selector: - app: {{ template "unifi.name" . }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} {{ end }} diff --git a/charts/unifi/templates/ingress.yaml b/charts/unifi/templates/ingress.yaml index 6adc28dc..43a1d64f 100644 --- a/charts/unifi/templates/ingress.yaml +++ b/charts/unifi/templates/ingress.yaml @@ -7,10 +7,10 @@ kind: Ingress metadata: name: {{ $fullName }} labels: - app: {{ template "unifi.name" . }} - chart: {{ template "unifi.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} {{- with .Values.ingress.annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/charts/unifi/templates/stun-svc.yaml b/charts/unifi/templates/stun-svc.yaml index 6cff1746..45819bc3 100644 --- a/charts/unifi/templates/stun-svc.yaml +++ b/charts/unifi/templates/stun-svc.yaml @@ -4,10 +4,10 @@ kind: Service metadata: name: {{ template "unifi.fullname" . }}-stun labels: - app: {{ template "unifi.name" . }} - chart: {{ template "unifi.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} {{- if .Values.stunService.labels }} {{ toYaml .Values.stunService.labels | indent 4 }} {{- end }} @@ -49,6 +49,6 @@ spec: nodePort: {{.Values.stunService.nodePort}} {{ end }} selector: - app: {{ template "unifi.name" . }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} {{ end }} diff --git a/charts/unifi/templates/unified-svc.yaml b/charts/unifi/templates/unified-svc.yaml index 82a69511..125c3580 100644 --- a/charts/unifi/templates/unified-svc.yaml +++ b/charts/unifi/templates/unified-svc.yaml @@ -4,10 +4,10 @@ kind: Service metadata: name: {{ template "unifi.fullname" . }} labels: - app: {{ template "unifi.name" . }} - chart: {{ template "unifi.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} {{- if .Values.unifiedService.labels }} {{ toYaml .Values.unifiedService.labels | indent 4 }} {{- end }} @@ -70,7 +70,7 @@ spec: nodePort: {{.Values.guiService.nodePort}} {{ end }} selector: - app: {{ template "unifi.name" . }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} {{ end }} diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 64e69390..64adda2c 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -2,11 +2,12 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -replicaCount: 1 +# upgrade strategy type (e.g. Recreate or RollingUpdate) +strategyType: Recreate image: repository: jacobalberty/unifi - tag: 5.9.29 + tag: 5.10.19 pullPolicy: IfNotPresent # If enabled, the controller, discovery, GUI, and STUN services will not be From c2df150921cd87b9e0750df164f767efc5232fa9 Mon Sep 17 00:00:00 2001 From: Jeff Billimek Date: Mon, 22 Apr 2019 11:01:44 -0400 Subject: [PATCH 17/35] fixing label-name migration (#12691) Signed-off-by: Jeff Billimek --- charts/unifi/Chart.yaml | 2 +- charts/unifi/templates/pvc.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 9c288992..94affea0 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.10.19 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.4.0 +version: 0.4.1 keywords: - ubiquiti - unifi diff --git a/charts/unifi/templates/pvc.yaml b/charts/unifi/templates/pvc.yaml index 5ad2ff76..041ca563 100644 --- a/charts/unifi/templates/pvc.yaml +++ b/charts/unifi/templates/pvc.yaml @@ -4,10 +4,10 @@ apiVersion: v1 metadata: name: {{ template "unifi.fullname" . }} labels: - app: {{ template "unifi.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} spec: accessModes: - {{ .Values.persistence.accessMode | quote }} From a078da5499da1fdf5e0bf8e582e182b09a14cbd3 Mon Sep 17 00:00:00 2001 From: sherbang Date: Sun, 5 May 2019 16:29:36 -0400 Subject: [PATCH 18/35] Fix unifi NOTES to find correct service (#13252) * Fix unifi NOTES to find correct service Unifi installs the gui service as unifi-gui, but the command in the notes points to a non-existent 'unifi' service. Use unifi.name + '-gui' to construct the service name here which duplicates the logic in gui-svc.yaml. Signed-off-by: Brian Johnson * Increment unifi version to 0.4.2 Signed-off-by: Brian Johnson --- charts/unifi/Chart.yaml | 2 +- charts/unifi/templates/NOTES.txt | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 94affea0..2c6c66a2 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.10.19 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.4.1 +version: 0.4.2 keywords: - ubiquiti - unifi diff --git a/charts/unifi/templates/NOTES.txt b/charts/unifi/templates/NOTES.txt index afa05b5b..1a1ca017 100644 --- a/charts/unifi/templates/NOTES.txt +++ b/charts/unifi/templates/NOTES.txt @@ -9,8 +9,8 @@ echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.guiService.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ template "unifi.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "unifi.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "unifi.fullname" . }}-gui' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "unifi.fullname" . }}-gui -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{ .Values.guiService.port }} {{- else if contains "ClusterIP" .Values.guiService.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "unifi.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") From ab941ae48d659f76c4c507abe0493f67dd006471 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Per=20Otterstr=C3=B6m?= Date: Wed, 16 Oct 2019 21:59:55 +0200 Subject: [PATCH 19/35] [stable/unifi] Make web interface ports configurable (#18052) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * bump the unifi docker image to version 5.11.50 * forward port values to unifi docker environment variables Closes #18051 Signed-off-by: Per Otterström --- charts/unifi/Chart.yaml | 4 ++-- charts/unifi/README.md | 2 +- charts/unifi/templates/deployment.yaml | 8 ++++++-- charts/unifi/values.yaml | 2 +- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 2c6c66a2..e896541a 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 5.10.19 +appVersion: 5.11.50 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.4.2 +version: 0.5.0 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index b9034be4..e8d98232 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -37,7 +37,7 @@ The following tables lists the configurable parameters of the Unifi chart and th | Parameter | Description | Default | | -------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ---------------------------- | | `image.repository` | Image repository | `jacobalberty/unifi` | -| `image.tag` | Image tag. Possible values listed [here][docker]. | `5.9.29` | +| `image.tag` | Image tag. Possible values listed [here][docker]. | `5.11.50` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `strategyType` | Specifies the strategy used to replace old Pods by new ones | `Recreate` | | `guiService.type` | Kubernetes service type for the Unifi GUI | `ClusterIP` | diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index ca84fd01..96f1b0d6 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -33,10 +33,10 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: https-gui - containerPort: 8443 + containerPort: {{ .Values.guiService.port }} protocol: TCP - name: controller - containerPort: 8080 + containerPort: {{ .Values.controllerService.port }} protocol: TCP - name: discovery containerPort: 10001 @@ -63,6 +63,10 @@ spec: scheme: HTTPS initialDelaySeconds: 15 env: + - name: UNIFI_HTTP_PORT + value: "{{ .Values.controllerService.port }}" + - name: UNIFI_HTTPS_PORT + value: "{{ .Values.guiService.port }}" - name: TZ value: "{{ .Values.timezone }}" - name: RUNAS_UID0 diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 64adda2c..92069bcc 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -7,7 +7,7 @@ strategyType: Recreate image: repository: jacobalberty/unifi - tag: 5.10.19 + tag: 5.11.50 pullPolicy: IfNotPresent # If enabled, the controller, discovery, GUI, and STUN services will not be From 0a221f5297ebacaf5b75c175412e2e62e38ed65a Mon Sep 17 00:00:00 2001 From: lnattrass Date: Fri, 25 Oct 2019 11:23:39 -0400 Subject: [PATCH 20/35] [stable/unifi] Allow wildcard ingress certificates (#18356) * [stable/unifi] Allow wildcard ingress certificates Signed-off-by: Liam Nattrass * [stable/unifi] Bump version Signed-off-by: Liam Nattrass --- charts/unifi/Chart.yaml | 2 +- charts/unifi/templates/ingress.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index e896541a..0910bf8a 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.11.50 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.5.0 +version: 0.5.1 keywords: - ubiquiti - unifi diff --git a/charts/unifi/templates/ingress.yaml b/charts/unifi/templates/ingress.yaml index 43a1d64f..b079cb3b 100644 --- a/charts/unifi/templates/ingress.yaml +++ b/charts/unifi/templates/ingress.yaml @@ -21,7 +21,7 @@ spec: {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - - {{ . }} + - {{ . | quote }} {{- end }} secretName: {{ .secretName }} {{- end }} From 0322acc6fe75c952fea5ab0833df202d12c57c86 Mon Sep 17 00:00:00 2001 From: WTPascoe <58910271+WTPascoe@users.noreply.github.com> Date: Sun, 15 Dec 2019 16:17:37 +0000 Subject: [PATCH 21/35] HTTPS is required for unifi gui (#19612) * HTTPS is required for unifi gui Signed-off-by: Wayne Pascoe * Removed new annotation in values.yaml Added instructions in README Signed-off-by: Wayne Pascoe --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 13 +++++++++++++ charts/unifi/values.yaml | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 0910bf8a..ed15f431 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.11.50 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.5.1 +version: 0.5.2 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index e8d98232..260dd6ef 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -132,9 +132,22 @@ Read through the [values.yaml](values.yaml) file. It has several commented out s with the controller using UDP. See [this article][ubnt 3] and [this other article][ubnt 4] for more information. +## Ingress and HTTPS +Unifi does [not support HTTP][unifi] so if you wish to use the guiService, you +need to ensure that you use a backend transport of HTTPS. + +An example entry in `values.yaml` to achieve this is as follows: +``` +ingress: + enabled: true + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" +``` + [docker]: https://hub.docker.com/r/jacobalberty/unifi/tags/ [github]: https://github.com/jacobalberty/unifi-docker [ubnt]: https://www.ubnt.com/ [ubnt 2]: https://unifi-sdn.ubnt.com/ [ubnt 3]: https://help.ubnt.com/hc/en-us/articles/204976094-UniFi-What-protocol-does-the-controller-use-to-communicate-with-the-UAP- [ubnt 4]: https://help.ubnt.com/hc/en-us/articles/115015457668-UniFi-Troubleshooting-STUN-Communication-Errors +[unifi]: https://community.ui.com/questions/Controller-how-to-deactivate-http-to-https/c5e247d8-b5b9-4c84-a3bb-28a90fd65668 diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 92069bcc..eab78e15 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -125,6 +125,7 @@ discoveryService: ingress: enabled: false annotations: {} + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" path: / From 9798bb82cc1852f9f52163573612ebbff3bdc344 Mon Sep 17 00:00:00 2001 From: Marco Kilchhofer Date: Wed, 15 Jan 2020 13:51:31 +0100 Subject: [PATCH 22/35] Add ability to specify additional jvm options and config files (#20163) I use this to override the log4j config to see the logs also on stdout. Signed-off-by: Marco Kilchhofer --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 2 ++ charts/unifi/templates/configmap.yaml | 13 +++++++++ charts/unifi/templates/deployment.yaml | 13 +++++++++ charts/unifi/values.yaml | 37 ++++++++++++++++++++++++++ 5 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 charts/unifi/templates/configmap.yaml diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index ed15f431..6f732c06 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.11.50 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.5.2 +version: 0.6.0 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 260dd6ef..e58015c6 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -94,6 +94,8 @@ The following tables lists the configurable parameters of the Unifi chart and th | `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | | `persistence.storageClass` | Type of persistent volume claim | `-` | | `persistence.accessModes` | Persistence access modes | `[]` | +| `extraConfigFiles` | Dictionary containing files mounted to `/configmap` inside the pod (See [values.yaml](values.yaml) for examples) | `{}` | +| `extraJvmOpts` | List of additional JVM options, e.g. `["-Dlog4j.configurationFile=file:/configmap/log4j2.xml"]` | `[]` | | `resources` | CPU/Memory resource requests/limits | `{}` | | `nodeSelector` | Node labels for pod assignment | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | diff --git a/charts/unifi/templates/configmap.yaml b/charts/unifi/templates/configmap.yaml new file mode 100644 index 00000000..463abb10 --- /dev/null +++ b/charts/unifi/templates/configmap.yaml @@ -0,0 +1,13 @@ +{{- if .Values.extraConfigFiles }} +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "unifi.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: +{{ toYaml .Values.extraConfigFiles | indent 2 }} +{{- end }} diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index 96f1b0d6..890fe5d4 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -75,6 +75,10 @@ spec: value: "{{ .Values.UID }}" - name: UNIFI_GID value: "{{ .Values.GID }}" + {{- if .Values.extraJvmOpts }} + - name: JVM_EXTRA_OPTS + value: "{{- join " " .Values.extraJvmOpts }}" + {{- end }} {{- if .Values.mongodb.enabled }} - name: DB_URI value: "{{ .Values.mongodb.dbUri }}" @@ -96,6 +100,10 @@ spec: - mountPath: /unifi/init.d name: unifi-data subPath: init.d + {{- if .Values.extraConfigFiles }} + - name: extra-config + mountPath: /configmap + {{- end }} resources: {{ toYaml .Values.resources | indent 12 }} volumes: @@ -106,6 +114,11 @@ spec: {{- else }} emptyDir: {} {{ end }} + {{- if .Values.extraConfigFiles }} + - name: extra-config + configMap: + name: {{ template "unifi.fullname" . }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index eab78e15..88f64985 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -166,6 +166,43 @@ persistence: accessMode: ReadWriteOnce size: 5Gi +extraJvmOpts: [] + ## Extra java options + ## Here are some examples of valid JVM options: + ## + # - "-XX:MaxMetaspaceSize=256m" + # - "-Dlog4j.configurationFile=file:/configmap/log4j2.xml" + # - "-Dsystem_ip=1.2.3.4" + +extraConfigFiles: {} + ## Specify additional config files which are mounted to /configmap + ## Here is an example for a custom log4j config: + ## + # log4j2.xml: |- + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + # + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little From 6c8d01add376ea193daeadcd0527a19f7bbbd912 Mon Sep 17 00:00:00 2001 From: Ryan Holt Date: Fri, 14 Feb 2020 15:21:28 -0500 Subject: [PATCH 23/35] add deploymentannotations, bump chart version (#20763) Signed-off-by: Ryan Holt --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 1 + charts/unifi/templates/deployment.yaml | 6 ++++++ charts/unifi/values.yaml | 2 ++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 6f732c06..03418128 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.11.50 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.6.0 +version: 0.6.1 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index e58015c6..87fdecb8 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -101,6 +101,7 @@ The following tables lists the configurable parameters of the Unifi chart and th | `tolerations` | Toleration labels for pod assignment | `[]` | | `affinity` | Affinity settings for pod assignment | `{}` | | `podAnnotations` | Key-value pairs to add as pod annotations | `{}` | +| `deploymentAnnotations` | Key-value pairs to add as deployment annotations | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index 890fe5d4..fa66e72b 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -2,6 +2,12 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "unifi.fullname" . }} + {{- if .Values.deploymentAnnotations }} + annotations: + {{- range $key, $value := .Values.deploymentAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} labels: app.kubernetes.io/name: {{ include "unifi.name" . }} helm.sh/chart: {{ include "unifi.chart" . }} diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 88f64985..910b28df 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -222,3 +222,5 @@ tolerations: [] affinity: {} podAnnotations: {} + +deploymentAnnotations: {} From 6a3b129a4bf164b0bc8c93beb672cd1c101e7186 Mon Sep 17 00:00:00 2001 From: Arno DUBOIS Date: Fri, 6 Mar 2020 22:35:35 +0100 Subject: [PATCH 24/35] [stable/unifi] Adding captive portal service (#21241) * [stable/unifi] Adding captive portal service Signed-off-by: Arno Dubois Signed-off-by: Arno DUBOIS * [stable/unifi] Annnd bumping version Signed-off-by: Arno Dubois Signed-off-by: Arno DUBOIS * Added an enabled switch Signed-off-by: Arno DUBOIS * [stable/unifi] Fixing feedbacks Signed-off-by: Arno DUBOIS * [stable/unifi] Adding captive portal ingress Signed-off-by: Arno DUBOIS * [stable/unifi] Better table formatting Signed-off-by: Arno DUBOIS * [stable/unifi] Fixed ingress Signed-off-by: Arno DUBOIS Co-authored-by: Arno DUBOIS --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 156 +++++++++++--------- charts/unifi/templates/captive-ingress.yaml | 39 +++++ charts/unifi/templates/captive-svc.yaml | 61 ++++++++ charts/unifi/templates/deployment.yaml | 8 + charts/unifi/templates/unified-svc.yaml | 17 +++ charts/unifi/values.yaml | 41 +++++ 7 files changed, 255 insertions(+), 69 deletions(-) create mode 100644 charts/unifi/templates/captive-ingress.yaml create mode 100644 charts/unifi/templates/captive-svc.yaml diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 03418128..abd0a472 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.11.50 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.6.1 +version: 0.6.2 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 87fdecb8..e8ac1e82 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -34,74 +34,89 @@ The command removes all the Kubernetes components associated with the chart and The following tables lists the configurable parameters of the Unifi chart and their default values. -| Parameter | Description | Default | -| -------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ---------------------------- | -| `image.repository` | Image repository | `jacobalberty/unifi` | -| `image.tag` | Image tag. Possible values listed [here][docker]. | `5.11.50` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `strategyType` | Specifies the strategy used to replace old Pods by new ones | `Recreate` | -| `guiService.type` | Kubernetes service type for the Unifi GUI | `ClusterIP` | -| `guiService.port` | Kubernetes port where the Unifi GUI is exposed | `8443` | -| `guiService.annotations` | Service annotations for the Unifi GUI | `{}` | -| `guiService.labels` | Custom labels | `{}` | -| `guiService.loadBalancerIP` | Loadbalance IP for the Unifi GUI | `{}` | -| `guiService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | -| `guiService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | -| `controllerService.type` | Kubernetes service type for the Unifi Controller communication | `NodePort` | -| `controllerService.port` | Kubernetes port where the Unifi Controller is exposed - this needs to be reachable by the unifi devices on the network | `8080` | -| `controllerService.annotations` | Service annotations for the Unifi Controller | `{}` | -| `controllerService.labels` | Custom labels | `{}` | -| `controllerService.loadBalancerIP` | Loadbalance IP for the Unifi Controller | `{}` | -| `controllerService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | -| `controllerService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | -| `stunService.type` | Kubernetes service type for the Unifi STUN | `NodePort` | -| `stunService.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | -| `stunService.annotations` | Service annotations for the Unifi STUN | `{}` | -| `stunService.labels` | Custom labels | `{}` | -| `stunService.loadBalancerIP` | Loadbalance IP for the Unifi STUN | `{}` | -| `stunService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | -| `stunService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | -| `discoveryService.type` | Kubernetes service type for AP discovery | `NodePort` | -| `discoveryService.port` | Kubernetes UDP port for AP discovery | `10001` | -| `discoveryService.annotations` | Service annotations for AP discovery | `{}` | -| `discoveryService.labels` | Custom labels | `{}` | -| `discoveryService.loadBalancerIP` | Loadbalance IP for AP discovery | `{}` | -| `discoveryService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | -| `discoveryService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | -| `unifiedService.enabled` | Use a single service for GUI, controller, STUN, and discovery | `false` | -| `unifiedService.type` | Kubernetes service type for the unified service | `ClusterIP` | -| `unifiedService.annotations` | Annotations for the unified service | `{}` | -| `unifiedService.labels` | Custom labels for the unified service | `{}` | -| `unifiedService.loadBalancerIP` | Load balancer IP for the unified service | None | -| `unifiedService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to the load balancer (if supported) | None | -| `unifiedService.externalTrafficPolicy` | Set the externalTrafficPolicy in the service to either Cluster or Local | `Cluster` | -| `ingress.enabled` | Enables Ingress | `false` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.labels` | Custom labels | `{}` | -| `ingress.path` | Ingress path | `/` | -| `ingress.hosts` | Ingress accepted hostnames | `chart-example.local` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | -| `runAsRoot` | Run the controller as UID0 (root user); if set to false, will give container SETFCAP instead | `false` | -| `UID` | Run the controller as user UID | `999` | -| `GID` | Run the controller as group GID | `999` | -| `mongodb.enabled` | Use external MongoDB for data storage | `false` | -| `mongodb.dbUri` | external MongoDB URI | `mongodb://mongo/unifi` | -| `mongodb.statDbUri` | external MongoDB statdb URI | `mongodb://mongo/unifi_stat` | -| `mongodb.databaseName` | external MongoDB database name | `unifi` | -| `persistence.enabled` | Use persistent volume to store data | `true` | -| `persistence.size` | Size of persistent volume claim | `5Gi` | -| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | -| `persistence.storageClass` | Type of persistent volume claim | `-` | -| `persistence.accessModes` | Persistence access modes | `[]` | -| `extraConfigFiles` | Dictionary containing files mounted to `/configmap` inside the pod (See [values.yaml](values.yaml) for examples) | `{}` | -| `extraJvmOpts` | List of additional JVM options, e.g. `["-Dlog4j.configurationFile=file:/configmap/log4j2.xml"]` | `[]` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `affinity` | Affinity settings for pod assignment | `{}` | -| `podAnnotations` | Key-value pairs to add as pod annotations | `{}` | -| `deploymentAnnotations` | Key-value pairs to add as deployment annotations | `{}` | +| Parameter | Default | Description | +|-------------------------------------------------|------------------------------|------------------------------------------------------------------------------------------------------------------------| +| `image.repository` | `jacobalberty/unifi` | Image repository | +| `image.tag` | `5.11.50` | Image tag. Possible values listed [here][docker]. | +| `image.pullPolicy` | `IfNotPresent` | Image pull policy | +| `strategyType` | `Recreate` | Specifies the strategy used to replace old Pods by new ones | +| `guiService.type` | `ClusterIP` | Kubernetes service type for the Unifi GUI | +| `guiService.port` | `8443` | Kubernetes port where the Unifi GUI is exposed | +| `guiService.annotations` | `{}` | Service annotations for the Unifi GUI | +| `guiService.labels` | `{}` | Custom labels | +| `guiService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi GUI | +| `guiService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) | +| `guiService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local | +| `captivePortalService.enabled` | `false` | Install the captive portal service (needed if you want guest captive portal) | +| `captivePortalService.type` | `ClusterIP` | Kubernetes service type for the captive portal | +| `captivePortalService.http` | `8880` | Kubernetes port where the captive portal is exposed | +| `captivePortalService.https` | `8843` | Kubernetes port where the captive portal is exposed (with SSL) | +| `captivePortalService.annotations` | `{}` | Service annotations for the captive portal | +| `captivePortalService.labels` | `{}` | Custom labels | +| `captivePortalService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi GUI | +| `captivePortalService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) | +| `captivePortalService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local | +| `captivePortalService.ingress.enabled` | `false` | Enables Ingress (for the captive portal, the main ingress needs to be enabled for the controller to be accessible) | +| `captivePortalService.ingress.annotations` | `{}` | Ingress annotations for the captive portal | +| `captivePortalService.ingress.labels` | `{}` | Custom labels for the captive portal | +| `captivePortalService.ingress.path` | `/` | Ingress path for the captive portal | +| `captivePortalService.ingress.hosts` | `chart-example.local` | Ingress accepted hostnames for the captive portal | +| `captivePortalService.ingress.tls` | `[]` | Ingress TLS configuration for the captive portal | +| `controllerService.type` | `NodePort` | Kubernetes service type for the Unifi Controller communication | +| `controllerService.port` | `8080` | Kubernetes port where the Unifi Controller is exposed - this needs to be reachable by the unifi devices on the network | +| `controllerService.annotations` | `{}` | Service annotations for the Unifi Controller | +| `controllerService.labels` | `{}` | Custom labels | +| `controllerService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi Controller | +| `controllerService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) | +| `controllerService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local | +| `stunService.type` | `NodePort` | Kubernetes service type for the Unifi STUN | +| `stunService.port` | `3478` | Kubernetes UDP port where the Unifi STUN is exposed | +| `stunService.annotations` | `{}` | Service annotations for the Unifi STUN | +| `stunService.labels` | `{}` | Custom labels | +| `stunService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi STUN | +| `stunService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) | +| `stunService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local | +| `discoveryService.type` | `NodePort` | Kubernetes service type for AP discovery | +| `discoveryService.port` | `10001` | Kubernetes UDP port for AP discovery | +| `discoveryService.annotations` | `{}` | Service annotations for AP discovery | +| `discoveryService.labels` | `{}` | Custom labels | +| `discoveryService.loadBalancerIP` | `{}` | Loadbalance IP for AP discovery | +| `discoveryService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) | +| `discoveryService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local | +| `unifiedService.enabled` | `false` | Use a single service for GUI, controller, STUN, and discovery | +| `unifiedService.type` | `ClusterIP` | Kubernetes service type for the unified service | +| `unifiedService.annotations` | `{}` | Annotations for the unified service | +| `unifiedService.labels` | `{}` | Custom labels for the unified service | +| `unifiedService.loadBalancerIP` | None | Load balancer IP for the unified service | +| `unifiedService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to the load balancer (if supported) | +| `unifiedService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the service to either Cluster or Local | +| `ingress.enabled` | `false` | Enables Ingress | +| `ingress.annotations` | `{}` | Ingress annotations | +| `ingress.labels` | `{}` | Custom labels | +| `ingress.path` | `/` | Ingress path | +| `ingress.hosts` | `chart-example.local` | Ingress accepted hostnames | +| `ingress.tls` | `[]` | Ingress TLS configuration | +| `timezone` | `UTC` | Timezone the Unifi controller should run as, e.g. 'America/New York' | +| `runAsRoot` | `false` | Run the controller as UID0 (root user); if set to false, will give container SETFCAP instead | +| `UID` | `999` | Run the controller as user UID | +| `GID` | `999` | Run the controller as group GID | +| `mongodb.enabled` | `false` | Use external MongoDB for data storage | +| `mongodb.dbUri` | `mongodb://mongo/unifi` | external MongoDB URI | +| `mongodb.statDbUri` | `mongodb://mongo/unifi_stat` | external MongoDB statdb URI | +| `mongodb.databaseName` | `unifi` | external MongoDB database name | +| `persistence.enabled` | `true` | Use persistent volume to store data | +| `persistence.size` | `5Gi` | Size of persistent volume claim | +| `persistence.existingClaim` | `nil` | Use an existing PVC to persist data | +| `persistence.storageClass` | `-` | Type of persistent volume claim | +| `persistence.accessModes` | `[]` | Persistence access modes | +| `extraConfigFiles` | `{}` | Dictionary containing files mounted to `/configmap` inside the pod (See [values.yaml](values.yaml) for examples) | +| `extraJvmOpts` | `[]` | List of additional JVM options, e.g. `["-Dlog4j.configurationFile=file:/configmap/log4j2.xml"]` | +| `resources` | `{}` | CPU/Memory resource requests/limits | +| `nodeSelector` | `{}` | Node labels for pod assignment | +| `tolerations` | `[]` | Toleration labels for pod assignment | +| `affinity` | `{}` | Affinity settings for pod assignment | +| `podAnnotations` | `{}` | Key-value pairs to add as pod annotations | +| `deploymentAnnotations` | `{}` | Key-value pairs to add as deployment annotations | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -123,6 +138,9 @@ Read through the [values.yaml](values.yaml) file. It has several commented out s - `guiService`: Represents the main web UI and is what one would normally point the ingress to. +- `captivePortalService`: This service is used to allow the captive portal webpage + to be accessible. It needs to be reachable by the clients connecting to your guest + network. - `controllerService`: This is needed in order for the unifi devices to talk to the controller and must be otherwise exposed to the network where the unifi devices run. If you run this as a `NodePort` (the default setting), make sure @@ -136,10 +154,12 @@ Read through the [values.yaml](values.yaml) file. It has several commented out s article][ubnt 4] for more information. ## Ingress and HTTPS + Unifi does [not support HTTP][unifi] so if you wish to use the guiService, you need to ensure that you use a backend transport of HTTPS. An example entry in `values.yaml` to achieve this is as follows: + ``` ingress: enabled: true diff --git a/charts/unifi/templates/captive-ingress.yaml b/charts/unifi/templates/captive-ingress.yaml new file mode 100644 index 00000000..0ae9dbbb --- /dev/null +++ b/charts/unifi/templates/captive-ingress.yaml @@ -0,0 +1,39 @@ +{{- if (and .Values.captivePortalService.ingress.enabled (not .Values.unifiedService.enabled)) }} +{{- $fullName := include "unifi.fullname" . -}} +{{- $ingressPath := .Values.captivePortalService.ingress.path -}} +{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }}-captive + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.captivePortalService.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.captivePortalService.ingress.tls }} + tls: + {{- range .Values.captivePortalService.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.captivePortalService.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }}-captivePortalService + servicePort: captive-http + {{- end }} +{{- end }} diff --git a/charts/unifi/templates/captive-svc.yaml b/charts/unifi/templates/captive-svc.yaml new file mode 100644 index 00000000..43853cf8 --- /dev/null +++ b/charts/unifi/templates/captive-svc.yaml @@ -0,0 +1,61 @@ +{{ if (and .Values.captivePortalService.enabled (not .Values.unifiedService.enabled)) }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-captivePortalService + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.captivePortalService.labels }} +{{ toYaml .Values.captivePortalService.labels | indent 4 }} +{{- end }} +{{- with .Values.captivePortalService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.captivePortalService.type "ClusterIP") (empty .Values.captivePortalService.type)) }} + type: ClusterIP + {{- if .Values.captivePortalService.clusterIP }} + clusterIP: {{ .Values.captivePortalService.clusterIP }} + {{end}} +{{- else if eq .Values.captivePortalService.type "LoadBalancer" }} + type: {{ .Values.captivePortalService.type }} + {{- if .Values.captivePortalService.loadBalancerIP }} + loadBalancerIP: {{ .Values.captivePortalService.loadBalancerIP }} + {{- end }} + {{- if .Values.captivePortalService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.captivePortalService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.captivePortalService.type }} +{{- end }} +{{- if .Values.captivePortalService.externalIPs }} + externalIPs: +{{ toYaml .Values.captivePortalService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.captivePortalService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.captivePortalService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.captivePortalService.http }} + targetPort: captive-http + protocol: TCP + name: captive-http +{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.nodePorts.http))) }} + nodePort: {{.Values.captivePortalService.nodePorts.http}} +{{ end }} + - port: {{ .Values.captivePortalService.https }} + targetPort: captive-https + protocol: TCP + name: captive-https +{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.nodePorts.https))) }} + nodePort: {{.Values.captivePortalService.nodePorts.https}} +{{ end }} + selector: + app.kubernetes.io/name: {{ include "unifi.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{ end }} diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index fa66e72b..c93d4448 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -50,6 +50,14 @@ spec: - name: stun containerPort: 3478 protocol: UDP + {{ if .Values.captivePortalService.enabled }} + - name: captive-http + containerPort: 8880 + protocol: TCP + - name: captive-https + containerPort: 8843 + protocol: TCP + {{ end }} {{- if not .Values.runAsRoot }} securityContext: capabilities: diff --git a/charts/unifi/templates/unified-svc.yaml b/charts/unifi/templates/unified-svc.yaml index 125c3580..05ba0f39 100644 --- a/charts/unifi/templates/unified-svc.yaml +++ b/charts/unifi/templates/unified-svc.yaml @@ -69,6 +69,23 @@ spec: {{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.guiService.nodePort))) }} nodePort: {{.Values.guiService.nodePort}} {{ end }} +{{ if .Values.captivePortalService.enabled }} + - name: captive-http + port: {{ .Values.captivePortalService.http }} + protocol: TCP + targetPort: captive-http +{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.captivePortalService.http))) }} + nodePort: {{.Values.captivePortalService.nodePorts.http}} +{{ end }} + - name: captive-https + port: {{ .Values.captivePortalService.https }} + protocol: TCP + targetPort: captive-https +{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.captivePortalService.https))) }} + nodePort: {{.Values.captivePortalService.nodePorts.https}} +{{ end }} +{{ end }} + selector: app.kubernetes.io/name: {{ include "unifi.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 910b28df..4609dbda 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -59,6 +59,47 @@ guiService: ## Set the externalTrafficPolicy in the Service to either Cluster or Local # externalTrafficPolicy: Cluster +captivePortalService: + enabled: false + type: ClusterIP + http: 8880 + https: 8843 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + # http: 8880 + # https: 8843 + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + + + # Ingress settings only for the captive portal + ingress: + enabled: false + annotations: {} + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - chart-example.local + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + controllerService: type: NodePort port: 8080 From 995ef7ef2bc1e41ce0557269636ee1c1846bf16c Mon Sep 17 00:00:00 2001 From: Arno DUBOIS Date: Sat, 7 Mar 2020 18:59:34 +0100 Subject: [PATCH 25/35] [stable/unifi] Fixed some mistakes with nodePort (#21320) Signed-off-by: Arno --- charts/unifi/Chart.yaml | 2 +- charts/unifi/templates/captive-svc.yaml | 10 +++++----- charts/unifi/templates/unified-svc.yaml | 4 ++-- charts/unifi/values.yaml | 7 ++----- 4 files changed, 10 insertions(+), 13 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index abd0a472..161d7cb2 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.11.50 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.6.2 +version: 0.6.3 keywords: - ubiquiti - unifi diff --git a/charts/unifi/templates/captive-svc.yaml b/charts/unifi/templates/captive-svc.yaml index 43853cf8..9f651d6a 100644 --- a/charts/unifi/templates/captive-svc.yaml +++ b/charts/unifi/templates/captive-svc.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ template "unifi.fullname" . }}-captivePortalService + name: {{ template "unifi.fullname" . }}-captiveportalservice labels: app.kubernetes.io/name: {{ include "unifi.name" . }} helm.sh/chart: {{ include "unifi.chart" . }} @@ -45,15 +45,15 @@ spec: targetPort: captive-http protocol: TCP name: captive-http -{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.nodePorts.http))) }} - nodePort: {{.Values.captivePortalService.nodePorts.http}} +{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.http))) }} + nodePort: {{.Values.captivePortalService.http}} {{ end }} - port: {{ .Values.captivePortalService.https }} targetPort: captive-https protocol: TCP name: captive-https -{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.nodePorts.https))) }} - nodePort: {{.Values.captivePortalService.nodePorts.https}} +{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.https))) }} + nodePort: {{.Values.captivePortalService.https}} {{ end }} selector: app.kubernetes.io/name: {{ include "unifi.name" . }} diff --git a/charts/unifi/templates/unified-svc.yaml b/charts/unifi/templates/unified-svc.yaml index 05ba0f39..0b2bf72e 100644 --- a/charts/unifi/templates/unified-svc.yaml +++ b/charts/unifi/templates/unified-svc.yaml @@ -75,14 +75,14 @@ spec: protocol: TCP targetPort: captive-http {{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.captivePortalService.http))) }} - nodePort: {{.Values.captivePortalService.nodePorts.http}} + nodePort: {{.Values.captivePortalService.http}} {{ end }} - name: captive-https port: {{ .Values.captivePortalService.https }} protocol: TCP targetPort: captive-https {{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.captivePortalService.https))) }} - nodePort: {{.Values.captivePortalService.nodePorts.https}} + nodePort: {{.Values.captivePortalService.https}} {{ end }} {{ end }} diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 4609dbda..e98ee599 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -62,14 +62,11 @@ guiService: captivePortalService: enabled: false type: ClusterIP - http: 8880 - https: 8843 ## Specify the nodePort value for the LoadBalancer and NodePort service types. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## - # nodePort: - # http: 8880 - # https: 8843 + http: 8880 + https: 8843 ## Provide any additional annotations which may be required. This can be used to ## set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer From c69cc6751ff41680d53d449427f426e54de7ada1 Mon Sep 17 00:00:00 2001 From: Arno DUBOIS Date: Sun, 8 Mar 2020 01:21:34 +0100 Subject: [PATCH 26/35] [stable/unifi] Ingress was not referring to the good service (#21321) Signed-off-by: Arno --- charts/unifi/Chart.yaml | 2 +- charts/unifi/templates/captive-ingress.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 161d7cb2..8ab8fe3a 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.11.50 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.6.3 +version: 0.6.4 keywords: - ubiquiti - unifi diff --git a/charts/unifi/templates/captive-ingress.yaml b/charts/unifi/templates/captive-ingress.yaml index 0ae9dbbb..fda55d57 100644 --- a/charts/unifi/templates/captive-ingress.yaml +++ b/charts/unifi/templates/captive-ingress.yaml @@ -33,7 +33,7 @@ spec: paths: - path: {{ $ingressPath }} backend: - serviceName: {{ $fullName }}-captivePortalService + serviceName: {{ $fullName }}-captiveportalservice servicePort: captive-http {{- end }} {{- end }} From 50ce4d6bde80d1486d0335d641c2e16fc7ce3bd6 Mon Sep 17 00:00:00 2001 From: Jeff Billimek Date: Wed, 18 Mar 2020 10:28:48 -0400 Subject: [PATCH 27/35] Bumping the container version to 5.12.35 (#21492) Signed-off-by: Jeff Billimek --- charts/unifi/Chart.yaml | 4 ++-- charts/unifi/README.md | 2 +- charts/unifi/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 8ab8fe3a..c76ab439 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 5.11.50 +appVersion: 5.12.35 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.6.4 +version: 0.6.5 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index e8ac1e82..44f4da61 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -37,7 +37,7 @@ The following tables lists the configurable parameters of the Unifi chart and th | Parameter | Default | Description | |-------------------------------------------------|------------------------------|------------------------------------------------------------------------------------------------------------------------| | `image.repository` | `jacobalberty/unifi` | Image repository | -| `image.tag` | `5.11.50` | Image tag. Possible values listed [here][docker]. | +| `image.tag` | `5.12.35` | Image tag. Possible values listed [here][docker]. | | `image.pullPolicy` | `IfNotPresent` | Image pull policy | | `strategyType` | `Recreate` | Specifies the strategy used to replace old Pods by new ones | | `guiService.type` | `ClusterIP` | Kubernetes service type for the Unifi GUI | diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index e98ee599..8c69656b 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -7,7 +7,7 @@ strategyType: Recreate image: repository: jacobalberty/unifi - tag: 5.11.50 + tag: 5.12.35 pullPolicy: IfNotPresent # If enabled, the controller, discovery, GUI, and STUN services will not be From 65abab892e9f855c65c64156c00cb70a04ded9b9 Mon Sep 17 00:00:00 2001 From: Jonas Janz Date: Fri, 10 Apr 2020 21:07:47 +0200 Subject: [PATCH 28/35] [stable/unifi] add custom cert options (#21863) * feat(unifi): add custom cert options Signed-off-by: PixelJonas * feat(unifi): bump version to 0.7.0 Signed-off-by: PixelJonas --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 4 ++++ charts/unifi/templates/deployment.yaml | 8 ++++++++ charts/unifi/values.yaml | 10 +++++++++- 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index c76ab439..4e359b0e 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.12.35 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.6.5 +version: 0.7.0 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 44f4da61..a0a573fc 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -100,6 +100,10 @@ The following tables lists the configurable parameters of the Unifi chart and th | `runAsRoot` | `false` | Run the controller as UID0 (root user); if set to false, will give container SETFCAP instead | | `UID` | `999` | Run the controller as user UID | | `GID` | `999` | Run the controller as group GID | +| `customCert.enabled` | `false` | Define whether you are using s custom certificate | +| `customCert.isChain` | `false` | If you are using a Let's Encrypt certificate which already includes the full chain set this to `true` | +| `customCert.certName` | `cert.pem` | Name of the the certificate file in `/cert` | +| `customCert.keyName` | `privkey.pem` | Name of the the private key file in `/cert` | | `mongodb.enabled` | `false` | Use external MongoDB for data storage | | `mongodb.dbUri` | `mongodb://mongo/unifi` | external MongoDB URI | | `mongodb.statDbUri` | `mongodb://mongo/unifi_stat` | external MongoDB statdb URI | diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index c93d4448..067d6596 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -118,6 +118,14 @@ spec: - name: extra-config mountPath: /configmap {{- end }} + {{- if and .Values.customCert .Values.customCert.enabled }} + - name: CERT_IS_CHAIN + value: "{{ .Values.customCert.isChain }}" + - name: CERTNAME + value: "{{ .Values.customCert.certName }}" + - name: CERT_PRIVATE_NAME + value: "{{ .Values.customCert.keyName }}" + {{- end }} resources: {{ toYaml .Values.resources | indent 12 }} volumes: diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 8c69656b..7f79a97f 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -180,7 +180,15 @@ runAsRoot: false UID: 999 GID: 999 - # define an external mongoDB instead of using the built-in mongodb +## If you provide your own custom certificate in /cert +## you can define the following parameters to configure the controller +customCert: + enabled: false + isChain: false + certName: cert.pem + keyName: privkey.pem + +# define an external mongoDB instead of using the built-in mongodb mongodb: enabled: false dbUri: mongodb://mongo/unifi From 576ff487df68b6605dd8cfb76ff5ccef3af4cedf Mon Sep 17 00:00:00 2001 From: James Choncholas <34432426+james-choncholas@users.noreply.github.com> Date: Sun, 17 May 2020 22:07:35 -0400 Subject: [PATCH 29/35] stable/unifi implements subPath functionality (#22432) * unifi chart supports subPath for existing PVCs Signed-off-by: James Choncholas * bump version number Signed-off-by: James Choncholas --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 1 + charts/unifi/templates/deployment.yaml | 8 ++++---- charts/unifi/values.yaml | 3 +++ 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 4e359b0e..a3384c87 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.12.35 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.7.0 +version: 0.8.0 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index a0a573fc..804fb605 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -111,6 +111,7 @@ The following tables lists the configurable parameters of the Unifi chart and th | `persistence.enabled` | `true` | Use persistent volume to store data | | `persistence.size` | `5Gi` | Size of persistent volume claim | | `persistence.existingClaim` | `nil` | Use an existing PVC to persist data | +| `persistence.subPath` | `` | Store data in a subdirectory of PV instead of at the root directory | | `persistence.storageClass` | `-` | Type of persistent volume claim | | `persistence.accessModes` | `[]` | Persistence access modes | | `extraConfigFiles` | `{}` | Dictionary containing files mounted to `/configmap` inside the pod (See [values.yaml](values.yaml) for examples) | diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index 067d6596..496624fc 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -104,16 +104,16 @@ spec: volumeMounts: - mountPath: /unifi/data name: unifi-data - subPath: data + subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.subPath "data") (empty .Values.persistence.subPath) }} - mountPath: /unifi/log name: unifi-data - subPath: log + subPath: {{ ternary "log" (printf "%s/%s" .Values.persistence.subPath "log") (empty .Values.persistence.subPath) }} - mountPath: /unifi/cert name: unifi-data - subPath: cert + subPath: {{ ternary "cert" (printf "%s/%s" .Values.persistence.subPath "cert") (empty .Values.persistence.subPath) }} - mountPath: /unifi/init.d name: unifi-data - subPath: init.d + subPath: {{ ternary "init.d" (printf "%s/%s" .Values.persistence.subPath "init.d") (empty .Values.persistence.subPath) }} {{- if .Values.extraConfigFiles }} - name: extra-config mountPath: /configmap diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 7f79a97f..9edb427a 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -209,6 +209,9 @@ persistence: ## If you want to reuse an existing claim, you can pass the name of the PVC using ## the existingClaim variable # existingClaim: your-claim + # + ## Applies a prefix to the directories created by the unifi container + # subPath: unifi accessMode: ReadWriteOnce size: 5Gi From ca6493faf3d3f8c15ef73b94dd7632d58efbc29f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Iwi=C5=84ski?= Date: Wed, 20 May 2020 13:20:18 +0200 Subject: [PATCH 30/35] Adding secretName variable to customCert (#22453) Adding possibility to expose certificate and its key via k8s secret/tls. Since secret/tls keeps cert under tls.crt and key under tls.key modified default values for customCert.certName and customCert.keyName to be more compatible with k8s native way of storing certificates. Signed-off-by: Marcin Iwinski --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 5 +++-- charts/unifi/templates/deployment.yaml | 25 +++++++++++++++++-------- charts/unifi/values.yaml | 7 +++++-- 4 files changed, 26 insertions(+), 13 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index a3384c87..3bbc68b1 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.12.35 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.8.0 +version: 0.8.1 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 804fb605..45a6bf0f 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -102,8 +102,9 @@ The following tables lists the configurable parameters of the Unifi chart and th | `GID` | `999` | Run the controller as group GID | | `customCert.enabled` | `false` | Define whether you are using s custom certificate | | `customCert.isChain` | `false` | If you are using a Let's Encrypt certificate which already includes the full chain set this to `true` | -| `customCert.certName` | `cert.pem` | Name of the the certificate file in `/cert` | -| `customCert.keyName` | `privkey.pem` | Name of the the private key file in `/cert` | +| `customCert.certName` | `tls.crt` | Name of the the certificate file in `/cert` | +| `customCert.keyName` | `tls.key` | Name of the the private key file in `/cert` | +| `customCert.secretName` | `unifi-tls` | Name of the the k8s tls secret where the certificate and its key are stored. | | `mongodb.enabled` | `false` | Use external MongoDB for data storage | | `mongodb.dbUri` | `mongodb://mongo/unifi` | external MongoDB URI | | `mongodb.statDbUri` | `mongodb://mongo/unifi_stat` | external MongoDB statdb URI | diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index 496624fc..37727c42 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -101,6 +101,14 @@ spec: - name: DB_NAME value: "{{ .Values.mongodb.databaseName }}" {{- end }} + {{- if and .Values.customCert .Values.customCert.enabled }} + - name: CERT_IS_CHAIN + value: "{{ .Values.customCert.isChain }}" + - name: CERTNAME + value: "{{ .Values.customCert.certName }}" + - name: CERT_PRIVATE_NAME + value: "{{ .Values.customCert.keyName }}" + {{- end }} volumeMounts: - mountPath: /unifi/data name: unifi-data @@ -109,8 +117,12 @@ spec: name: unifi-data subPath: {{ ternary "log" (printf "%s/%s" .Values.persistence.subPath "log") (empty .Values.persistence.subPath) }} - mountPath: /unifi/cert + {{- if and .Values.customCert .Values.customCert.enabled .Values.customCert.certSecret }} + name: unifi-cert-secret + {{- else }} name: unifi-data subPath: {{ ternary "cert" (printf "%s/%s" .Values.persistence.subPath "cert") (empty .Values.persistence.subPath) }} + {{- end }} - mountPath: /unifi/init.d name: unifi-data subPath: {{ ternary "init.d" (printf "%s/%s" .Values.persistence.subPath "init.d") (empty .Values.persistence.subPath) }} @@ -118,14 +130,6 @@ spec: - name: extra-config mountPath: /configmap {{- end }} - {{- if and .Values.customCert .Values.customCert.enabled }} - - name: CERT_IS_CHAIN - value: "{{ .Values.customCert.isChain }}" - - name: CERTNAME - value: "{{ .Values.customCert.certName }}" - - name: CERT_PRIVATE_NAME - value: "{{ .Values.customCert.keyName }}" - {{- end }} resources: {{ toYaml .Values.resources | indent 12 }} volumes: @@ -141,6 +145,11 @@ spec: configMap: name: {{ template "unifi.fullname" . }} {{- end }} + {{- if and .Values.customCert .Values.customCert.enabled .Values.customCert.certSecret }} + - name: unifi-cert-secret + secret: + secretName: "{{ .Values.customCert.certSecret }}" + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 9edb427a..6813e604 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -185,8 +185,11 @@ GID: 999 customCert: enabled: false isChain: false - certName: cert.pem - keyName: privkey.pem + certName: tls.crt + keyName: tls.key + # If you want to store certificate and its key as a Kubernetes tls secret + # you can pass the name of that secret using certSecret variable + # certSecret: unifi-tls # define an external mongoDB instead of using the built-in mongodb mongodb: From 8a7fe72ea69815f9ca651dfe6f92fdade29b8988 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20Iwi=C5=84ski?= Date: Mon, 8 Jun 2020 14:09:48 +0200 Subject: [PATCH 31/35] [stable/unifi] adding functionality to mount extra volumes (#22702) * [stable/unifi] adding functionality to mount extra volumes This change adds possibility to specify additional volumes when deploying Unifi controller. Signed-off-by: Marcin Iwinski * fixing defaults in README.md Signed-off-by: Marcin Iwinski * [stable/unifi] bumping version to 0.9.0 Signed-off-by: Marcin Iwinski --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 2 ++ charts/unifi/templates/deployment.yaml | 2 ++ charts/unifi/values.yaml | 12 ++++++++++++ 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index 3bbc68b1..de7ba11a 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.12.35 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.8.1 +version: 0.9.0 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 45a6bf0f..5d6eaa2d 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -114,6 +114,8 @@ The following tables lists the configurable parameters of the Unifi chart and th | `persistence.existingClaim` | `nil` | Use an existing PVC to persist data | | `persistence.subPath` | `` | Store data in a subdirectory of PV instead of at the root directory | | `persistence.storageClass` | `-` | Type of persistent volume claim | +| `extraVolumes` | `[]` | Additional volumes to be used by extraVolumeMounts | +| `extraVolumeMounts` | `[]` | Additional volume mounts to be mounted in unifi container | | `persistence.accessModes` | `[]` | Persistence access modes | | `extraConfigFiles` | `{}` | Dictionary containing files mounted to `/configmap` inside the pod (See [values.yaml](values.yaml) for examples) | | `extraJvmOpts` | `[]` | List of additional JVM options, e.g. `["-Dlog4j.configurationFile=file:/configmap/log4j2.xml"]` | diff --git a/charts/unifi/templates/deployment.yaml b/charts/unifi/templates/deployment.yaml index 37727c42..4f7753d8 100644 --- a/charts/unifi/templates/deployment.yaml +++ b/charts/unifi/templates/deployment.yaml @@ -130,6 +130,7 @@ spec: - name: extra-config mountPath: /configmap {{- end }} + {{- if .Values.extraVolumeMounts }}{{ toYaml .Values.extraVolumeMounts | trim | nindent 12 }}{{ end }} resources: {{ toYaml .Values.resources | indent 12 }} volumes: @@ -150,6 +151,7 @@ spec: secret: secretName: "{{ .Values.customCert.certSecret }}" {{- end }} + {{- if .Values.extraVolumes }}{{ toYaml .Values.extraVolumes | trim | nindent 8 }}{{ end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 6813e604..722977f5 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -218,6 +218,18 @@ persistence: accessMode: ReadWriteOnce size: 5Gi +extraVolumes: [] + ## specify additional volume to be used by extraVolumeMounts inside unifi container + # - name: additional-volume + # hostPath: + # path: /path/on/host + # type: DirectoryOrCreate + +extraVolumeMounts: [] + ## specify additional VolumeMount to be mounted inside unifi container + # - name: additional-volume + # mountPath: /path/in/container + extraJvmOpts: [] ## Extra java options ## Here are some examples of valid JVM options: From 153620272eecdd2ec7902096ee865dad359ebda5 Mon Sep 17 00:00:00 2001 From: Stephen Liang Date: Tue, 9 Jun 2020 20:02:04 -0700 Subject: [PATCH 32/35] Add ingress for Unifi controller sevice when not using the unified service. (#22703) Fixes #21887 Bump version to 0.10.0 Signed-off-by: Stephen Liang --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 6 +++ .../unifi/templates/controller-ingress.yaml | 39 +++++++++++++++++++ charts/unifi/values.yaml | 9 +++++ 4 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 charts/unifi/templates/controller-ingress.yaml diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index de7ba11a..b6349ab4 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.12.35 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.9.0 +version: 0.10.0 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 5d6eaa2d..4e15a611 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -69,6 +69,12 @@ The following tables lists the configurable parameters of the Unifi chart and th | `controllerService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi Controller | | `controllerService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) | | `controllerService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local | +| `controllerService.ingress.enabled` | `false` | Enables Ingress for the controller | +| `controllerService.ingress.annotations` | `{}` | Ingress annotations for the controller | +| `controllerService.ingress.labels` | `{}` | Custom labels for the controller | +| `controllerService.ingress.path` | `/` | Ingress path for the controller | +| `controllerService.ingress.hosts` | `chart-example.local` | Ingress accepted hostnames for the controller | +| `controllerService.ingress.tls` | `[]` | Ingress TLS configuration for the controller | | `stunService.type` | `NodePort` | Kubernetes service type for the Unifi STUN | | `stunService.port` | `3478` | Kubernetes UDP port where the Unifi STUN is exposed | | `stunService.annotations` | `{}` | Service annotations for the Unifi STUN | diff --git a/charts/unifi/templates/controller-ingress.yaml b/charts/unifi/templates/controller-ingress.yaml new file mode 100644 index 00000000..a0234af0 --- /dev/null +++ b/charts/unifi/templates/controller-ingress.yaml @@ -0,0 +1,39 @@ +{{- if (and .Values.controllerService.ingress.enabled (not .Values.unifiedService.enabled)) }} +{{- $fullName := include "unifi.fullname" . -}} +{{- $ingressPath := .Values.controllerService.ingress.path -}} +{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }}-controller + labels: + app.kubernetes.io/name: {{ include "unifi.name" . }} + helm.sh/chart: {{ include "unifi.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.controllerService.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.controllerService.ingress.tls }} + tls: + {{- range .Values.controllerService.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.controllerService.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }}-controller + servicePort: controller + {{- end }} +{{- end }} diff --git a/charts/unifi/values.yaml b/charts/unifi/values.yaml index 722977f5..0b4e2678 100644 --- a/charts/unifi/values.yaml +++ b/charts/unifi/values.yaml @@ -117,6 +117,15 @@ controllerService: # loadBalancerSourceRanges: [] ## Set the externalTrafficPolicy in the Service to either Cluster or Local # externalTrafficPolicy: Cluster + ## + # Ingress settings only for the controller + ingress: + enabled: false + annotations: {} + path: / + hosts: + - chart-example.local + tls: [] stunService: type: NodePort From 55313d0be27f391964bdb30b5ccaa9785c774038 Mon Sep 17 00:00:00 2001 From: Matt Farmer Date: Wed, 26 Aug 2020 20:45:02 -0400 Subject: [PATCH 33/35] [stable/unifi] Docs: Fix name of cert secret (#23379) * Fix name of cert secret The original name in the documentation is incorrect. Signed-off-by: Matt Farmer * Increment patch number Signed-off-by: Matt Farmer * Correctly bump unifi chart version Signed-off-by: Matt Farmer --- charts/unifi/Chart.yaml | 2 +- charts/unifi/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index b6349ab4..a2557207 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.12.35 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.10.0 +version: 0.10.1 keywords: - ubiquiti - unifi diff --git a/charts/unifi/README.md b/charts/unifi/README.md index 4e15a611..e8bafa84 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -110,7 +110,7 @@ The following tables lists the configurable parameters of the Unifi chart and th | `customCert.isChain` | `false` | If you are using a Let's Encrypt certificate which already includes the full chain set this to `true` | | `customCert.certName` | `tls.crt` | Name of the the certificate file in `/cert` | | `customCert.keyName` | `tls.key` | Name of the the private key file in `/cert` | -| `customCert.secretName` | `unifi-tls` | Name of the the k8s tls secret where the certificate and its key are stored. | +| `customCert.certSecret` | `nil` | Name of the the k8s tls secret where the certificate and its key are stored. | | `mongodb.enabled` | `false` | Use external MongoDB for data storage | | `mongodb.dbUri` | `mongodb://mongo/unifi` | external MongoDB URI | | `mongodb.statDbUri` | `mongodb://mongo/unifi_stat` | external MongoDB statdb URI | From 17462700447a5a599a2abf47cbdaad1f06f21141 Mon Sep 17 00:00:00 2001 From: Jeff Billimek Date: Fri, 4 Sep 2020 23:49:37 -0400 Subject: [PATCH 34/35] changes to migrate chart to new repo Signed-off-by: Jeff Billimek --- charts/unifi/Chart.yaml | 7 +++---- charts/unifi/README.md | 9 +++------ 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/charts/unifi/Chart.yaml b/charts/unifi/Chart.yaml index a2557207..bc6c5b4a 100644 --- a/charts/unifi/Chart.yaml +++ b/charts/unifi/Chart.yaml @@ -1,17 +1,16 @@ -apiVersion: v1 +apiVersion: v2 appVersion: 5.12.35 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.10.1 +version: 1.0.0 keywords: - ubiquiti - unifi - mongodb -home: https://github.com/jacobalberty/unifi-docker +home: https://github.com/k8s-at-home/charts/tree/master/charts/unifi icon: https://blog.ubnt.com/wp-content/uploads/2016/10/unifi-app-logo.png sources: - https://github.com/jacobalberty/unifi-docker - - https://github.com/helm/charts/tree/master/stable/unifi maintainers: - name: billimek email: jeff@billimek.com diff --git a/charts/unifi/README.md b/charts/unifi/README.md index e8bafa84..40fa345d 100644 --- a/charts/unifi/README.md +++ b/charts/unifi/README.md @@ -4,14 +4,11 @@ This is a helm chart for [Ubiquiti Network's][ubnt] [Unifi Controller][ubnt 2]. ## TL;DR; -```console -helm install stable/unifi +```shell +helm repo add k8s-at-home https://k8s-at-home.com/charts/ +helm install k8s-at-home/unifi ``` -## Introduction - -This code is adopted from [this original repo][github]. - ## Installing the Chart To install the chart with the release name `my-release`: From cf4c0ba99718fed19b4f27d983a4a5edc25ac888 Mon Sep 17 00:00:00 2001 From: Ryan Holt Date: Sat, 5 Sep 2020 11:06:08 -0400 Subject: [PATCH 35/35] added newline to end of file --- charts/unifi/OWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/unifi/OWNERS b/charts/unifi/OWNERS index 023d223b..9425e000 100644 --- a/charts/unifi/OWNERS +++ b/charts/unifi/OWNERS @@ -3,4 +3,4 @@ approvers: - mcronce reviewers: - billimek -- mcronce \ No newline at end of file +- mcronce