--- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: unifi-app namespace: unifi spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: unifi --- kind: StatefulSet apiVersion: apps/v1 metadata: name: unifi namespace: unifi spec: serviceName: "unifi" replicas: 1 selector: matchLabels: name: unifi template: metadata: name: unifi labels: name: unifi spec: containers: - name: unifi image: lscr.io/linuxserver/unifi-network-application:latest env: - name: PUID value: '1000' - name: GUID value: '1000' - name: TZ value: Etc/UTC envFrom: - secretRef: name: unifi ports: - containerPort: 3478 protocol: UDP - containerPort: 10001 protocol: UDP - containerPort: 8080 protocol: TCP - containerPort: 8443 protocol: TCP - containerPort: 1900 protocol: UDP - containerPort: 8843 protocol: TCP - containerPort: 8880 protocol: TCP - containerPort: 6789 protocol: TCP - containerPort: 5514 protocol: UDP volumeMounts: - name: unifi-persistent-storage mountPath: /config volumes: - name: unifi-persistent-storage persistentVolumeClaim: claimName: unifi-app --- kind: Service apiVersion: v1 metadata: name: lb-unifi namespace: unifi annotations: metallb.io/allow-shared-ip: 'true' traefik.ingress.kubernetes.io/service.serverstransport: unifi-unifi@kubernetescrd spec: type: LoadBalancer externalTrafficPolicy: Local loadBalancerIP: 172.21.102.1 selector: name: unifi ports: - name: '8080' protocol: TCP port: 8080 targetPort: 8080 - name: '8443' protocol: TCP port: 8443 targetPort: 8443 - name: '1900' protocol: TCP port: 1900 targetPort: 1900 - name: '8843' protocol: TCP port: 8843 targetPort: 8843 - name: '8880' protocol: TCP port: 8880 targetPort: 8880 - name: '6789' protocol: TCP port: 6789 targetPort: 6789 --- kind: Service apiVersion: v1 metadata: name: lb-unifi-udp namespace: unifi annotations: metallb.io/allow-shared-ip: 'true' spec: type: LoadBalancer externalTrafficPolicy: Local loadBalancerIP: 172.21.102.1 selector: name: unifi ports: - name: '3478' protocol: UDP port: 3478 targetPort: 3478 - name: '10001' protocol: UDP port: 10001 targetPort: 10001 - name: '5514' protocol: UDP port: 5514 targetPort: 5514 --- apiVersion: traefik.io/v1alpha1 kind: ServersTransport metadata: name: unifi namespace: unifi spec: insecureSkipVerify: true --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: unifi namespace: unifi annotations: traefik.ingress.kubernetes.io/router.tls: "true" kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure external-dns.alpha.kubernetes.io/target: traefik.k-space.ee spec: rules: - host: "unifi.k-space.ee" http: paths: - pathType: Prefix path: / backend: service: name: lb-unifi port: number: 8443 --- apiVersion: codemowers.cloud/v1beta1 kind: OIDCMiddlewareClient metadata: name: unifi namespace: unifi spec: uri: 'https://unifi.k-space.ee/'