master-group/charts
2
0
Fork 0
mirror of https://github.com/k8s-at-home/charts.git synced 2025-01-24 07:59:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #32 from k8s-at-home/unifi

Browse Source 
[unifi] adding unifi chart
This commit is contained in:
Jeff Billimek 2020-09-05 11:20:11 -04:00 committed by GitHub
commit f4855955cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 1278 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
charts/unifi/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# OWNERS file for Kubernetes
OWNERS

18
charts/unifi/Chart.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: v2
appVersion: 5.12.35
description: Ubiquiti Network's Unifi Controller
name: unifi
version: 1.0.0
keywords:
- ubiquiti
- unifi
- mongodb
home: https://github.com/k8s-at-home/charts/tree/master/charts/unifi
icon: https://blog.ubnt.com/wp-content/uploads/2016/10/unifi-app-logo.png
sources:
- https://github.com/jacobalberty/unifi-docker
maintainers:
- name: billimek
email: jeff@billimek.com
- name: mcronce
email: mike@quadra-tec.net

6
charts/unifi/OWNERS Normal file
View File

@ -0,0 +1,6 @@
approvers:
- billimek
- mcronce
reviewers:
- billimek
- mcronce

187
charts/unifi/README.md Normal file
View File

@ -0,0 +1,187 @@
# Ubiquiti Network's Unifi Controller
This is a helm chart for [Ubiquiti Network's][ubnt] [Unifi Controller][ubnt 2].
## TL;DR;
```shell
helm repo add k8s-at-home https://k8s-at-home.com/charts/
helm install k8s-at-home/unifi
```
## Installing the Chart
To install the chart with the release name `my-release`:
```console
helm install --name my-release stable/unifi
```
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
helm delete my-release --purge
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following tables lists the configurable parameters of the Unifi chart and their default values.
| Parameter | Default | Description |
|-------------------------------------------------|------------------------------|------------------------------------------------------------------------------------------------------------------------|
| `image.repository` | `jacobalberty/unifi` | Image repository |
| `image.tag` | `5.12.35` | Image tag. Possible values listed [here][docker]. |
| `image.pullPolicy` | `IfNotPresent` | Image pull policy |
| `strategyType` | `Recreate` | Specifies the strategy used to replace old Pods by new ones |
| `guiService.type` | `ClusterIP` | Kubernetes service type for the Unifi GUI |
| `guiService.port` | `8443` | Kubernetes port where the Unifi GUI is exposed |
| `guiService.annotations` | `{}` | Service annotations for the Unifi GUI |
| `guiService.labels` | `{}` | Custom labels |
| `guiService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi GUI |
| `guiService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) |
| `guiService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local |
| `captivePortalService.enabled` | `false` | Install the captive portal service (needed if you want guest captive portal) |
| `captivePortalService.type` | `ClusterIP` | Kubernetes service type for the captive portal |
| `captivePortalService.http` | `8880` | Kubernetes port where the captive portal is exposed |
| `captivePortalService.https` | `8843` | Kubernetes port where the captive portal is exposed (with SSL) |
| `captivePortalService.annotations` | `{}` | Service annotations for the captive portal |
| `captivePortalService.labels` | `{}` | Custom labels |
| `captivePortalService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi GUI |
| `captivePortalService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) |
| `captivePortalService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local |
| `captivePortalService.ingress.enabled` | `false` | Enables Ingress (for the captive portal, the main ingress needs to be enabled for the controller to be accessible) |
| `captivePortalService.ingress.annotations` | `{}` | Ingress annotations for the captive portal |
| `captivePortalService.ingress.labels` | `{}` | Custom labels for the captive portal |
| `captivePortalService.ingress.path` | `/` | Ingress path for the captive portal |
| `captivePortalService.ingress.hosts` | `chart-example.local` | Ingress accepted hostnames for the captive portal |
| `captivePortalService.ingress.tls` | `[]` | Ingress TLS configuration for the captive portal |
| `controllerService.type` | `NodePort` | Kubernetes service type for the Unifi Controller communication |
| `controllerService.port` | `8080` | Kubernetes port where the Unifi Controller is exposed - this needs to be reachable by the unifi devices on the network |
| `controllerService.annotations` | `{}` | Service annotations for the Unifi Controller |
| `controllerService.labels` | `{}` | Custom labels |
| `controllerService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi Controller |
| `controllerService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) |
| `controllerService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local |
| `controllerService.ingress.enabled` | `false` | Enables Ingress for the controller |
| `controllerService.ingress.annotations` | `{}` | Ingress annotations for the controller |
| `controllerService.ingress.labels` | `{}` | Custom labels for the controller |
| `controllerService.ingress.path` | `/` | Ingress path for the controller |
| `controllerService.ingress.hosts` | `chart-example.local` | Ingress accepted hostnames for the controller |
| `controllerService.ingress.tls` | `[]` | Ingress TLS configuration for the controller |
| `stunService.type` | `NodePort` | Kubernetes service type for the Unifi STUN |
| `stunService.port` | `3478` | Kubernetes UDP port where the Unifi STUN is exposed |
| `stunService.annotations` | `{}` | Service annotations for the Unifi STUN |
| `stunService.labels` | `{}` | Custom labels |
| `stunService.loadBalancerIP` | `{}` | Loadbalance IP for the Unifi STUN |
| `stunService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) |
| `stunService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local |
| `discoveryService.type` | `NodePort` | Kubernetes service type for AP discovery |
| `discoveryService.port` | `10001` | Kubernetes UDP port for AP discovery |
| `discoveryService.annotations` | `{}` | Service annotations for AP discovery |
| `discoveryService.labels` | `{}` | Custom labels |
| `discoveryService.loadBalancerIP` | `{}` | Loadbalance IP for AP discovery |
| `discoveryService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to load balancer (if supported) |
| `discoveryService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the Service to either Cluster or Local |
| `unifiedService.enabled` | `false` | Use a single service for GUI, controller, STUN, and discovery |
| `unifiedService.type` | `ClusterIP` | Kubernetes service type for the unified service |
| `unifiedService.annotations` | `{}` | Annotations for the unified service |
| `unifiedService.labels` | `{}` | Custom labels for the unified service |
| `unifiedService.loadBalancerIP` | None | Load balancer IP for the unified service |
| `unifiedService.loadBalancerSourceRanges` | None | List of IP CIDRs allowed access to the load balancer (if supported) |
| `unifiedService.externalTrafficPolicy` | `Cluster` | Set the externalTrafficPolicy in the service to either Cluster or Local |
| `ingress.enabled` | `false` | Enables Ingress |
| `ingress.annotations` | `{}` | Ingress annotations |
| `ingress.labels` | `{}` | Custom labels |
| `ingress.path` | `/` | Ingress path |
| `ingress.hosts` | `chart-example.local` | Ingress accepted hostnames |
| `ingress.tls` | `[]` | Ingress TLS configuration |
| `timezone` | `UTC` | Timezone the Unifi controller should run as, e.g. 'America/New York' |
| `runAsRoot` | `false` | Run the controller as UID0 (root user); if set to false, will give container SETFCAP instead |
| `UID` | `999` | Run the controller as user UID |
| `GID` | `999` | Run the controller as group GID |
| `customCert.enabled` | `false` | Define whether you are using s custom certificate |
| `customCert.isChain` | `false` | If you are using a Let's Encrypt certificate which already includes the full chain set this to `true` |
| `customCert.certName` | `tls.crt` | Name of the the certificate file in `<unifi-data>/cert` |
| `customCert.keyName` | `tls.key` | Name of the the private key file in `<unifi-data>/cert` |
| `customCert.certSecret` | `nil` | Name of the the k8s tls secret where the certificate and its key are stored. |
| `mongodb.enabled` | `false` | Use external MongoDB for data storage |
| `mongodb.dbUri` | `mongodb://mongo/unifi` | external MongoDB URI |
| `mongodb.statDbUri` | `mongodb://mongo/unifi_stat` | external MongoDB statdb URI |
| `mongodb.databaseName` | `unifi` | external MongoDB database name |
| `persistence.enabled` | `true` | Use persistent volume to store data |
| `persistence.size` | `5Gi` | Size of persistent volume claim |
| `persistence.existingClaim` | `nil` | Use an existing PVC to persist data |
| `persistence.subPath` | `` | Store data in a subdirectory of PV instead of at the root directory |
| `persistence.storageClass` | `-` | Type of persistent volume claim |
| `extraVolumes` | `[]` | Additional volumes to be used by extraVolumeMounts |
| `extraVolumeMounts` | `[]` | Additional volume mounts to be mounted in unifi container |
| `persistence.accessModes` | `[]` | Persistence access modes |
| `extraConfigFiles` | `{}` | Dictionary containing files mounted to `/configmap` inside the pod (See [values.yaml](values.yaml) for examples) |
| `extraJvmOpts` | `[]` | List of additional JVM options, e.g. `["-Dlog4j.configurationFile=file:/configmap/log4j2.xml"]` |
| `resources` | `{}` | CPU/Memory resource requests/limits |
| `nodeSelector` | `{}` | Node labels for pod assignment |
| `tolerations` | `[]` | Toleration labels for pod assignment |
| `affinity` | `{}` | Affinity settings for pod assignment |
| `podAnnotations` | `{}` | Key-value pairs to add as pod annotations |
| `deploymentAnnotations` | `{}` | Key-value pairs to add as deployment annotations |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install --name my-release \
--set timezone="America/New York" \
stable/unifi
```
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
helm install --name my-release -f values.yaml stable/unifi
```
Read through the [values.yaml](values.yaml) file. It has several commented out suggested values.
## Regarding the services
- `guiService`: Represents the main web UI and is what one would normally point
the ingress to.
- `captivePortalService`: This service is used to allow the captive portal webpage
to be accessible. It needs to be reachable by the clients connecting to your guest
network.
- `controllerService`: This is needed in order for the unifi devices to talk to
the controller and must be otherwise exposed to the network where the unifi
devices run. If you run this as a `NodePort` (the default setting), make sure
that there is an external load balancer that is directing traffic from port
8080 to the `NodePort` for this service.
- `discoveryService`: This needs to be reachable by the unifi devices on the
network similar to the controller `Service` but only during the discovery
phase. This is a UDP service.
- `stunService`: Also used periodically by the unifi devices to communicate
with the controller using UDP. See [this article][ubnt 3] and [this other
article][ubnt 4] for more information.
## Ingress and HTTPS
Unifi does [not support HTTP][unifi] so if you wish to use the guiService, you
need to ensure that you use a backend transport of HTTPS.
An example entry in `values.yaml` to achieve this is as follows:
```
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
```
[docker]: https://hub.docker.com/r/jacobalberty/unifi/tags/
[github]: https://github.com/jacobalberty/unifi-docker
[ubnt]: https://www.ubnt.com/
[ubnt 2]: https://unifi-sdn.ubnt.com/
[ubnt 3]: https://help.ubnt.com/hc/en-us/articles/204976094-UniFi-What-protocol-does-the-controller-use-to-communicate-with-the-UAP-
[ubnt 4]: https://help.ubnt.com/hc/en-us/articles/115015457668-UniFi-Troubleshooting-STUN-Communication-Errors
[unifi]: https://community.ui.com/questions/Controller-how-to-deactivate-http-to-https/c5e247d8-b5b9-4c84-a3bb-28a90fd65668

19
charts/unifi/templates/NOTES.txt Normal file
View File

@ -0,0 +1,19 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
{{- end }}
{{- else if contains "NodePort" .Values.guiService.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "unifi.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.guiService.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "unifi.fullname" . }}-gui'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "unifi.fullname" . }}-gui -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.guiService.port }}
{{- else if contains "ClusterIP" .Values.guiService.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "unifi.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8443:{.Values.guiService.port}
Visit https://127.0.0.1:8443 to use your application
{{- end }}

32
charts/unifi/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "unifi.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "unifi.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "unifi.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

39
charts/unifi/templates/captive-ingress.yaml Normal file
View File

@ -0,0 +1,39 @@
{{- if (and .Values.captivePortalService.ingress.enabled (not .Values.unifiedService.enabled)) }}
{{- $fullName := include "unifi.fullname" . -}}
{{- $ingressPath := .Values.captivePortalService.ingress.path -}}
{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}-captive
labels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
helm.sh/chart: {{ include "unifi.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.captivePortalService.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.captivePortalService.ingress.tls }}
tls:
{{- range .Values.captivePortalService.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.captivePortalService.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}-captiveportalservice
servicePort: captive-http
{{- end }}
{{- end }}

61
charts/unifi/templates/captive-svc.yaml Normal file
View File

@ -0,0 +1,61 @@
{{ if (and .Values.captivePortalService.enabled (not .Values.unifiedService.enabled)) }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "unifi.fullname" . }}-captiveportalservice
labels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
helm.sh/chart: {{ include "unifi.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.captivePortalService.labels }}
{{ toYaml .Values.captivePortalService.labels | indent 4 }}
{{- end }}
{{- with .Values.captivePortalService.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.captivePortalService.type "ClusterIP") (empty .Values.captivePortalService.type)) }}
type: ClusterIP
{{- if .Values.captivePortalService.clusterIP }}
clusterIP: {{ .Values.captivePortalService.clusterIP }}
{{end}}
{{- else if eq .Values.captivePortalService.type "LoadBalancer" }}
type: {{ .Values.captivePortalService.type }}
{{- if .Values.captivePortalService.loadBalancerIP }}
loadBalancerIP: {{ .Values.captivePortalService.loadBalancerIP }}
{{- end }}
{{- if .Values.captivePortalService.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.captivePortalService.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- else }}
type: {{ .Values.captivePortalService.type }}
{{- end }}
{{- if .Values.captivePortalService.externalIPs }}
externalIPs:
{{ toYaml .Values.captivePortalService.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.captivePortalService.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.captivePortalService.externalTrafficPolicy }}
{{- end }}
ports:
- port: {{ .Values.captivePortalService.http }}
targetPort: captive-http
protocol: TCP
name: captive-http
{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.http))) }}
nodePort: {{.Values.captivePortalService.http}}
{{ end }}
- port: {{ .Values.captivePortalService.https }}
targetPort: captive-https
protocol: TCP
name: captive-https
{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.https))) }}
nodePort: {{.Values.captivePortalService.https}}
{{ end }}
selector:
app.kubernetes.io/name: {{ include "unifi.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{ end }}

13
charts/unifi/templates/configmap.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- if .Values.extraConfigFiles }}
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ template "unifi.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
helm.sh/chart: {{ include "unifi.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
{{ toYaml .Values.extraConfigFiles | indent 2 }}
{{- end }}

39
charts/unifi/templates/controller-ingress.yaml Normal file
View File

@ -0,0 +1,39 @@
{{- if (and .Values.controllerService.ingress.enabled (not .Values.unifiedService.enabled)) }}
{{- $fullName := include "unifi.fullname" . -}}
{{- $ingressPath := .Values.controllerService.ingress.path -}}
{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}-controller
labels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
helm.sh/chart: {{ include "unifi.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.controllerService.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.controllerService.ingress.tls }}
tls:
{{- range .Values.controllerService.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.controllerService.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}-controller
servicePort: controller
{{- end }}
{{- end }}

54
charts/unifi/templates/controller-svc.yaml Normal file
View File

@ -0,0 +1,54 @@
{{ if not .Values.unifiedService.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "unifi.fullname" . }}-controller
labels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
helm.sh/chart: {{ include "unifi.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.controllerService.labels }}
{{ toYaml .Values.controllerService.labels | indent 4 }}
{{- end }}
{{- with .Values.controllerService.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.controllerService.type "ClusterIP") (empty .Values.controllerService.type)) }}
type: ClusterIP
{{- if .Values.controllerService.clusterIP }}
clusterIP: {{ .Values.controllerService.clusterIP }}
{{end}}
{{- else if eq .Values.controllerService.type "LoadBalancer" }}
type: {{ .Values.controllerService.type }}
{{- if .Values.controllerService.loadBalancerIP }}
loadBalancerIP: {{ .Values.controllerService.loadBalancerIP }}
{{- end }}
{{- if .Values.controllerService.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.controllerService.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- else }}
type: {{ .Values.controllerService.type }}
{{- end }}
{{- if .Values.controllerService.externalIPs }}
externalIPs:
{{ toYaml .Values.controllerService.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.controllerService.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.controllerService.externalTrafficPolicy }}
{{- end }}
ports:
- port: {{ .Values.controllerService.port }}
targetPort: controller
protocol: TCP
name: controller
{{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.nodePort))) }}
nodePort: {{.Values.controllerService.nodePort}}
{{ end }}
selector:
app.kubernetes.io/name: {{ include "unifi.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{ end }}

166
charts/unifi/templates/deployment.yaml Normal file
View File

@ -0,0 +1,166 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "unifi.fullname" . }}
{{- if .Values.deploymentAnnotations }}
annotations:
{{- range $key, $value := .Values.deploymentAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
helm.sh/chart: {{ include "unifi.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
replicas: 1
strategy:
type: {{ .Values.strategyType }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.podAnnotations }}
annotations:
{{- range $key, $value := .Values.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: https-gui
containerPort: {{ .Values.guiService.port }}
protocol: TCP
- name: controller
containerPort: {{ .Values.controllerService.port }}
protocol: TCP
- name: discovery
containerPort: 10001
protocol: UDP
- name: stun
containerPort: 3478
protocol: UDP
{{ if .Values.captivePortalService.enabled }}
- name: captive-http
containerPort: 8880
protocol: TCP
- name: captive-https
containerPort: 8843
protocol: TCP
{{ end }}
{{- if not .Values.runAsRoot }}
securityContext:
capabilities:
add:
- SETFCAP
{{- end }}
livenessProbe:
httpGet:
path: /status
port: https-gui
scheme: HTTPS
initialDelaySeconds: 30
readinessProbe:
httpGet:
path: /status
port: https-gui
scheme: HTTPS
initialDelaySeconds: 15
env:
- name: UNIFI_HTTP_PORT
value: "{{ .Values.controllerService.port }}"
- name: UNIFI_HTTPS_PORT
value: "{{ .Values.guiService.port }}"
- name: TZ
value: "{{ .Values.timezone }}"
- name: RUNAS_UID0
value: "{{ .Values.runAsRoot }}"
- name: UNIFI_UID
value: "{{ .Values.UID }}"
- name: UNIFI_GID
value: "{{ .Values.GID }}"
{{- if .Values.extraJvmOpts }}
- name: JVM_EXTRA_OPTS
value: "{{- join " " .Values.extraJvmOpts }}"
{{- end }}
{{- if .Values.mongodb.enabled }}
- name: DB_URI
value: "{{ .Values.mongodb.dbUri }}"
- name: STATDB_URI
value: "{{ .Values.mongodb.statDbUri }}"
- name: DB_NAME
value: "{{ .Values.mongodb.databaseName }}"
{{- end }}
{{- if and .Values.customCert .Values.customCert.enabled }}
- name: CERT_IS_CHAIN
value: "{{ .Values.customCert.isChain }}"
- name: CERTNAME
value: "{{ .Values.customCert.certName }}"
- name: CERT_PRIVATE_NAME
value: "{{ .Values.customCert.keyName }}"
{{- end }}
volumeMounts:
- mountPath: /unifi/data
name: unifi-data
subPath: {{ ternary "data" (printf "%s/%s" .Values.persistence.subPath "data") (empty .Values.persistence.subPath) }}
- mountPath: /unifi/log
name: unifi-data
subPath: {{ ternary "log" (printf "%s/%s" .Values.persistence.subPath "log") (empty .Values.persistence.subPath) }}
- mountPath: /unifi/cert
{{- if and .Values.customCert .Values.customCert.enabled .Values.customCert.certSecret }}
name: unifi-cert-secret
{{- else }}
name: unifi-data
subPath: {{ ternary "cert" (printf "%s/%s" .Values.persistence.subPath "cert") (empty .Values.persistence.subPath) }}
{{- end }}
- mountPath: /unifi/init.d
name: unifi-data
subPath: {{ ternary "init.d" (printf "%s/%s" .Values.persistence.subPath "init.d") (empty .Values.persistence.subPath) }}
{{- if .Values.extraConfigFiles }}
- name: extra-config
mountPath: /configmap
{{- end }}
{{- if .Values.extraVolumeMounts }}{{ toYaml .Values.extraVolumeMounts | trim | nindent 12 }}{{ end }}
resources:
{{ toYaml .Values.resources | indent 12 }}
volumes:
- name: unifi-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "unifi.fullname" . }}{{- end }}
{{- else }}
emptyDir: {}
{{ end }}
{{- if .Values.extraConfigFiles }}
- name: extra-config
configMap:
name: {{ template "unifi.fullname" . }}
{{- end }}
{{- if and .Values.customCert .Values.customCert.enabled .Values.customCert.certSecret }}
- name: unifi-cert-secret
secret:
secretName: "{{ .Values.customCert.certSecret }}"
{{- end }}
{{- if .Values.extraVolumes }}{{ toYaml .Values.extraVolumes | trim | nindent 8 }}{{ end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}

54
charts/unifi/templates/discovery-svc.yaml Normal file
View File

@ -0,0 +1,54 @@
{{ if not .Values.unifiedService.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "unifi.fullname" . }}-discovery
labels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
helm.sh/chart: {{ include "unifi.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.discoveryService.labels }}
{{ toYaml .Values.discoveryService.labels | indent 4 }}
{{- end }}
{{- with .Values.discoveryService.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.discoveryService.type "ClusterIP") (empty .Values.discoveryService.type)) }}
type: ClusterIP
{{- if .Values.discoveryService.clusterIP }}
clusterIP: {{ .Values.discoveryService.clusterIP }}
{{end}}
{{- else if eq .Values.discoveryService.type "LoadBalancer" }}
type: {{ .Values.discoveryService.type }}
{{- if .Values.discoveryService.loadBalancerIP }}
loadBalancerIP: {{ .Values.discoveryService.loadBalancerIP }}
{{- end }}
{{- if .Values.discoveryService.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.discoveryService.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- else }}
type: {{ .Values.discoveryService.type }}
{{- end }}
{{- if .Values.discoveryService.externalIPs }}
externalIPs:
{{ toYaml .Values.discoveryService.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.discoveryService.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.discoveryService.externalTrafficPolicy }}
{{- end }}
ports:
- port: {{ .Values.discoveryService.port }}
targetPort: discovery
protocol: UDP
name: discovery
{{ if (and (eq .Values.discoveryService.type "NodePort") (not (empty .Values.discoveryService.nodePort))) }}
nodePort: {{.Values.discoveryService.nodePort}}
{{ end }}
selector:
app.kubernetes.io/name: {{ include "unifi.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{ end }}

54
charts/unifi/templates/gui-svc.yaml Normal file
View File

@ -0,0 +1,54 @@
{{ if not .Values.unifiedService.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "unifi.fullname" . }}-gui
labels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
helm.sh/chart: {{ include "unifi.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.guiService.labels }}
{{ toYaml .Values.guiService.labels | indent 4 }}
{{- end }}
{{- with .Values.guiService.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.guiService.type "ClusterIP") (empty .Values.guiService.type)) }}
type: ClusterIP
{{- if .Values.guiService.clusterIP }}
clusterIP: {{ .Values.guiService.clusterIP }}
{{end}}
{{- else if eq .Values.guiService.type "LoadBalancer" }}
type: {{ .Values.guiService.type }}
{{- if .Values.guiService.loadBalancerIP }}
loadBalancerIP: {{ .Values.guiService.loadBalancerIP }}
{{- end }}
{{- if .Values.guiService.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.guiService.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- else }}
type: {{ .Values.guiService.type }}
{{- end }}
{{- if .Values.guiService.externalIPs }}
externalIPs:
{{ toYaml .Values.guiService.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.guiService.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.guiService.externalTrafficPolicy }}
{{- end }}
ports:
- name: https-gui
port: {{ .Values.guiService.port }}
protocol: TCP
targetPort: https-gui
{{ if (and (eq .Values.guiService.type "NodePort") (not (empty .Values.guiService.nodePort))) }}
nodePort: {{.Values.guiService.nodePort}}
{{ end }}
selector:
app.kubernetes.io/name: {{ include "unifi.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{ end }}

43
charts/unifi/templates/ingress.yaml Normal file
View File

@ -0,0 +1,43 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "unifi.fullname" . -}}
{{- $ingressPath := .Values.ingress.path -}}
{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
helm.sh/chart: {{ include "unifi.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: {{ $ingressPath }}
backend:
{{- if $unifiedServiceEnabled }}
serviceName: {{ $fullName }}
{{- else }}
serviceName: {{ $fullName }}-gui
{{- end }}
servicePort: https-gui
{{- end }}
{{- end }}

24
charts/unifi/templates/pvc.yaml Normal file
View File

@ -0,0 +1,24 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "unifi.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
helm.sh/chart: {{ include "unifi.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end -}}

54
charts/unifi/templates/stun-svc.yaml Normal file
View File

@ -0,0 +1,54 @@
{{ if not .Values.unifiedService.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "unifi.fullname" . }}-stun
labels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
helm.sh/chart: {{ include "unifi.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.stunService.labels }}
{{ toYaml .Values.stunService.labels | indent 4 }}
{{- end }}
{{- with .Values.stunService.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.stunService.type "ClusterIP") (empty .Values.stunService.type)) }}
type: ClusterIP
{{- if .Values.stunService.clusterIP }}
clusterIP: {{ .Values.stunService.clusterIP }}
{{end}}
{{- else if eq .Values.stunService.type "LoadBalancer" }}
type: {{ .Values.stunService.type }}
{{- if .Values.stunService.loadBalancerIP }}
loadBalancerIP: {{ .Values.stunService.loadBalancerIP }}
{{- end }}
{{- if .Values.stunService.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.stunService.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- else }}
type: {{ .Values.stunService.type }}
{{- end }}
{{- if .Values.stunService.externalIPs }}
externalIPs:
{{ toYaml .Values.stunService.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.stunService.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.stunService.externalTrafficPolicy }}
{{- end }}
ports:
- port: {{ .Values.stunService.port }}
targetPort: stun
protocol: UDP
name: stun
{{ if (and (eq .Values.stunService.type "NodePort") (not (empty .Values.stunService.nodePort))) }}
nodePort: {{.Values.stunService.nodePort}}
{{ end }}
selector:
app.kubernetes.io/name: {{ include "unifi.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{ end }}

93
charts/unifi/templates/unified-svc.yaml Normal file
View File

@ -0,0 +1,93 @@
{{ if .Values.unifiedService.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "unifi.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "unifi.name" . }}
helm.sh/chart: {{ include "unifi.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.unifiedService.labels }}
{{ toYaml .Values.unifiedService.labels | indent 4 }}
{{- end }}
{{- with .Values.unifiedService.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.unifiedService.type "ClusterIP") (empty .Values.unifiedService.type)) }}
type: ClusterIP
{{- if .Values.unifiedService.clusterIP }}
clusterIP: {{ .Values.unifiedService.clusterIP }}
{{end}}
{{- else if eq .Values.unifiedService.type "LoadBalancer" }}
type: {{ .Values.unifiedService.type }}
{{- if .Values.unifiedService.loadBalancerIP }}
loadBalancerIP: {{ .Values.unifiedService.loadBalancerIP }}
{{- end }}
{{- if .Values.unifiedService.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.unifiedService.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- else }}
type: {{ .Values.unifiedService.type }}
{{- end }}
{{- if .Values.unifiedService.externalIPs }}
externalIPs:
{{ toYaml .Values.unifiedService.externalIPs | indent 4 }}
{{- end }}
{{- if .Values.unifiedService.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.unifiedService.externalTrafficPolicy }}
{{- end }}
ports:
- port: {{ .Values.controllerService.port }}
targetPort: controller
protocol: TCP
name: controller
{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.controllerService.nodePort))) }}
nodePort: {{.Values.controllerService.nodePort}}
{{ end }}
- port: {{ .Values.discoveryService.port }}
targetPort: discovery
protocol: UDP
name: discovery
{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.discoveryService.nodePort))) }}
nodePort: {{.Values.discoveryService.nodePort}}
{{ end }}
- port: {{ .Values.stunService.port }}
targetPort: stun
protocol: UDP
name: stun
{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.stunService.nodePort))) }}
nodePort: {{.Values.stunService.nodePort}}
{{ end }}
- name: https-gui
port: {{ .Values.guiService.port }}
protocol: TCP
targetPort: https-gui
{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.guiService.nodePort))) }}
nodePort: {{.Values.guiService.nodePort}}
{{ end }}
{{ if .Values.captivePortalService.enabled }}
- name: captive-http
port: {{ .Values.captivePortalService.http }}
protocol: TCP
targetPort: captive-http
{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.captivePortalService.http))) }}
nodePort: {{.Values.captivePortalService.http}}
{{ end }}
- name: captive-https
port: {{ .Values.captivePortalService.https }}
protocol: TCP
targetPort: captive-https
{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.captivePortalService.https))) }}
nodePort: {{.Values.captivePortalService.https}}
{{ end }}
{{ end }}
selector:
app.kubernetes.io/name: {{ include "unifi.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{ end }}

299
charts/unifi/values.yaml Normal file
View File

@ -0,0 +1,299 @@
# Default values for unifi.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# upgrade strategy type (e.g. Recreate or RollingUpdate)
strategyType: Recreate
image:
repository: jacobalberty/unifi
tag: 5.12.35
pullPolicy: IfNotPresent
# If enabled, the controller, discovery, GUI, and STUN services will not be
# created.
# Instead, one service will be created with the port and nodePort settings from
# controllerService, discoveryService, guiService, and stunService.
# This is useful if, for example, the ClusterIP network is routable and being
# accessed directly by access points, and the APs don't have a way to discern
# different services on different IPs.
unifiedService:
enabled: false
type: ClusterIP
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
labels: {}
## Use loadBalancerIP to request a specific static IP,
## otherwise leave blank
##
loadBalancerIP:
# loadBalancerSourceRanges: []
## Set the externalTrafficPolicy in the Service to either Cluster or Local
# externalTrafficPolicy: Cluster
guiService:
type: ClusterIP
port: 8443
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
labels: {}
## Use loadBalancerIP to request a specific static IP,
## otherwise leave blank
##
loadBalancerIP:
# loadBalancerSourceRanges: []
## Set the externalTrafficPolicy in the Service to either Cluster or Local
# externalTrafficPolicy: Cluster
captivePortalService:
enabled: false
type: ClusterIP
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
http: 8880
https: 8843
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
labels: {}
## Use loadBalancerIP to request a specific static IP,
## otherwise leave blank
##
loadBalancerIP:
# loadBalancerSourceRanges: []
## Set the externalTrafficPolicy in the Service to either Cluster or Local
# externalTrafficPolicy: Cluster
# Ingress settings only for the captive portal
ingress:
enabled: false
annotations: {}
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
hosts:
- chart-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
controllerService:
type: NodePort
port: 8080
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
labels: {}
## Use loadBalancerIP to request a specific static IP,
## otherwise leave blank
##
loadBalancerIP:
# loadBalancerSourceRanges: []
## Set the externalTrafficPolicy in the Service to either Cluster or Local
# externalTrafficPolicy: Cluster
##
# Ingress settings only for the controller
ingress:
enabled: false
annotations: {}
path: /
hosts:
- chart-example.local
tls: []
stunService:
type: NodePort
port: 3478 # udp
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
labels: {}
## Use loadBalancerIP to request a specific static IP,
## otherwise leave blank
##
loadBalancerIP:
# loadBalancerSourceRanges: []
## Set the externalTrafficPolicy in the Service to either Cluster or Local
# externalTrafficPolicy: Cluster
discoveryService:
type: NodePort
port: 10001 # udp
## Specify the nodePort value for the LoadBalancer and NodePort service types.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
# nodePort:
## Provide any additional annotations which may be required. This can be used to
## set the LoadBalancer service type to internal only.
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
##
annotations: {}
labels: {}
## Use loadBalancerIP to request a specific static IP,
## otherwise leave blank
##
loadBalancerIP:
# loadBalancerSourceRanges: []
## Set the externalTrafficPolicy in the Service to either Cluster or Local
# externalTrafficPolicy: Cluster
ingress:
enabled: false
annotations: {}
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
hosts:
- chart-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
timezone: UTC
runAsRoot: false
UID: 999
GID: 999
## If you provide your own custom certificate in <unifi-data>/cert
## you can define the following parameters to configure the controller
customCert:
enabled: false
isChain: false
certName: tls.crt
keyName: tls.key
# If you want to store certificate and its key as a Kubernetes tls secret
# you can pass the name of that secret using certSecret variable
# certSecret: unifi-tls
# define an external mongoDB instead of using the built-in mongodb
mongodb:
enabled: false
dbUri: mongodb://mongo/unifi
statDbUri: mongodb://mongo/unifi_stat
databaseName: unifi
persistence:
enabled: true
## unifi data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
##
## If you want to reuse an existing claim, you can pass the name of the PVC using
## the existingClaim variable
# existingClaim: your-claim
#
## Applies a prefix to the directories created by the unifi container
# subPath: unifi
accessMode: ReadWriteOnce
size: 5Gi
extraVolumes: []
## specify additional volume to be used by extraVolumeMounts inside unifi container
# - name: additional-volume
# hostPath:
# path: /path/on/host
# type: DirectoryOrCreate
extraVolumeMounts: []
## specify additional VolumeMount to be mounted inside unifi container
# - name: additional-volume
# mountPath: /path/in/container
extraJvmOpts: []
## Extra java options
## Here are some examples of valid JVM options:
##
# - "-XX:MaxMetaspaceSize=256m"
# - "-Dlog4j.configurationFile=file:/configmap/log4j2.xml"
# - "-Dsystem_ip=1.2.3.4"
extraConfigFiles: {}
## Specify additional config files which are mounted to /configmap
## Here is an example for a custom log4j config:
##
# log4j2.xml: |-
# <?xml version="1.0" encoding="UTF-8"?>
# <Configuration>
# <Appenders>
# <InMemoryAppender name="InMemoryAppender" activatedLogging="false">
# <PatternLayout pattern="[%d{ISO8601}] &lt;%t&gt; %-5p %-6c{1} - %m%n" />
# </InMemoryAppender>
# <RollingFile name="server_log" fileName="logs/server.log" filePattern="logs/server.log.%i">
# <PatternLayout pattern="[%d{ISO8601}] &lt;%t&gt; %-5p %-6c{1} - %m%n" />
# <SizeBasedTriggeringPolicy size="10 MB"/>
# <DefaultRolloverStrategy max="3" fileIndex="min" />
# </RollingFile>
# <Console name="STDOUT" target="SYSTEM_OUT">
# <PatternLayout pattern="&lt;%t&gt; %-5p %-6c{1} - %m%n"/>
# </Console>
# </Appenders>
# <Loggers>
# <Root level="INFO">
# <AppenderRef ref="InMemoryAppender" />
# <AppenderRef ref="server_log" />
# <AppenderRef ref="STDOUT" />
# </Root>
# </Loggers>
# </Configuration>
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
deploymentAnnotations: {}