forked from k-space/kube
		
	Add unifi controller
This commit is contained in:
		
							
								
								
									
										18
									
								
								argocd/applications/unifi.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								argocd/applications/unifi.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | ||||
| --- | ||||
| apiVersion: argoproj.io/v1alpha1 | ||||
| kind: Application | ||||
| metadata: | ||||
|   name: unifi | ||||
|   namespace: unifi | ||||
| spec: | ||||
|   project: k-space.ee | ||||
|   source: | ||||
|     repoURL: 'git@git.k-space.ee:k-space/kube.git' | ||||
|     path: unifi | ||||
|     targetRevision: HEAD | ||||
|   destination: | ||||
|     server: 'https://kubernetes.default.svc' | ||||
|     namespace: unifi | ||||
|   syncPolicy: | ||||
|     automated: | ||||
|       prune: true | ||||
| @@ -156,6 +156,32 @@ volumeBindingMode: WaitForFirstConsumer | ||||
| --- | ||||
| apiVersion: storage.k8s.io/v1 | ||||
| kind: StorageClass | ||||
| metadata: | ||||
|   name: unifi | ||||
|   annotations: | ||||
|     kubernetes.io/description: | | ||||
|       Storage class for Unifi and similar applications | ||||
|       deployed in highly available fashion utilizing application level | ||||
|       replication needing persistent volume. | ||||
| provisioner: rook-ceph.rbd.csi.ceph.com | ||||
| parameters: | ||||
|   clusterID: rook-ceph | ||||
|   csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner | ||||
|   csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph | ||||
|   csi.storage.k8s.io/fstype: xfs | ||||
|   csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node | ||||
|   csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph | ||||
|   csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner | ||||
|   csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph | ||||
|   imageFeatures: layering | ||||
|   imageFormat: '2' | ||||
|   pool: ks-nvme | ||||
| reclaimPolicy: Retain | ||||
| allowVolumeExpansion: true | ||||
| volumeBindingMode: WaitForFirstConsumer | ||||
| --- | ||||
| apiVersion: storage.k8s.io/v1 | ||||
| kind: StorageClass | ||||
| metadata: | ||||
|   name: hdd-ceph | ||||
|   annotations: | ||||
|   | ||||
							
								
								
									
										8
									
								
								unifi/kustomization.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								unifi/kustomization.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| apiVersion: kustomize.config.k8s.io/v1beta1 | ||||
| kind: Kustomization | ||||
|  | ||||
| namespace: &ns unifi | ||||
|  | ||||
| resources: | ||||
| - unifi-mongo.yaml | ||||
| - unifi.yaml | ||||
							
								
								
									
										68
									
								
								unifi/unifi-mongo.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										68
									
								
								unifi/unifi-mongo.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,68 @@ | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: ConfigMap | ||||
| metadata: | ||||
|   name: unifi-mongo-init | ||||
|   namespace: unifi | ||||
| data: | ||||
|   init-mongo.js: | | ||||
|     db.getSiblingDB("unifi").createUser({user: "unifi", pwd: "unifipass", roles: [{role: "dbOwner", db: "unifi"}]}); | ||||
|     db.getSiblingDB("unifi_stat").createUser({user: "unifi",pwd: "unifipass",roles: [{role: "dbOwner", db: "unifi_stat"}]}); | ||||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: StatefulSet | ||||
| metadata: | ||||
|   name: unifi-db | ||||
|   namespace: unifi | ||||
| spec: | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: unifi-db | ||||
|   serviceName: "router-manager-db" | ||||
|   replicas: 1 | ||||
|   minReadySeconds: 10 | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: unifi-db | ||||
|     spec: | ||||
|       terminationGracePeriodSeconds: 10 | ||||
|       containers: | ||||
|         - name: mongodb | ||||
|           image: mongo:4 | ||||
|           ports: | ||||
|             - containerPort: 27017 | ||||
|               name: mongo | ||||
|           volumeMounts: | ||||
|             - name: data | ||||
|               mountPath: /data/db | ||||
|             - name: unifi-mongo-init | ||||
|               mountPath: /docker-entrypoint-initdb.d/init-mongo.js | ||||
|               subPath: init-mongo.js | ||||
|       volumes: | ||||
|         - name: unifi-mongo-init | ||||
|           configMap: | ||||
|             name: unifi-mongo-init | ||||
|   volumeClaimTemplates: | ||||
|     - metadata: | ||||
|         name: data | ||||
|       spec: | ||||
|         accessModes: [ "ReadWriteOnce" ] | ||||
|         storageClassName: unifi | ||||
|         resources: | ||||
|           requests: | ||||
|             storage: 10Gi | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: unifi-db | ||||
|   namespace: unifi | ||||
| spec: | ||||
|   ports: | ||||
|     - port: 27017 | ||||
|       name: mongo | ||||
|       targetPort: 27017 | ||||
|   selector: | ||||
|     app: unifi-db | ||||
|   type: ClusterIP | ||||
							
								
								
									
										186
									
								
								unifi/unifi.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										186
									
								
								unifi/unifi.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,186 @@ | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: PersistentVolumeClaim | ||||
| metadata: | ||||
|   name: unifi-app | ||||
|   namespace: unifi | ||||
| spec: | ||||
|   accessModes: | ||||
|     - ReadWriteOnce | ||||
|   resources: | ||||
|     requests: | ||||
|       storage: 10Gi | ||||
|   storageClassName: unifi | ||||
| --- | ||||
| kind: StatefulSet | ||||
| apiVersion: apps/v1 | ||||
| metadata: | ||||
|   name: unifi | ||||
|   namespace: unifi | ||||
| spec: | ||||
|   serviceName: "unifi" | ||||
|   replicas: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       name: unifi | ||||
|   template: | ||||
|     metadata: | ||||
|       name: unifi | ||||
|       labels: | ||||
|         name: unifi | ||||
|     spec: | ||||
|       containers: | ||||
|         - name: unifi | ||||
|           image: lscr.io/linuxserver/unifi-network-application:latest | ||||
|           env: | ||||
|             - name: PUID | ||||
|               value: '1000' | ||||
|             - name: GUID | ||||
|               value: '1000' | ||||
|             - name: TZ | ||||
|               value: Etc/UTC | ||||
|             - name: MONGO_USER | ||||
|               value: "unifi" | ||||
|             - name: MONGO_PASSWORD | ||||
|               value: "unifipass" | ||||
|             - name: MONGO_HOST | ||||
|               value: unifi-db | ||||
|             - name: MONGO_DBNAME | ||||
|               value: "unifi" | ||||
|             - name: MONGO_PORT | ||||
|               value: "27017" | ||||
|           ports: | ||||
|             - containerPort: 3478 | ||||
|               protocol: UDP | ||||
|             - containerPort: 10001 | ||||
|               protocol: UDP | ||||
|             - containerPort: 8080 | ||||
|               protocol: TCP | ||||
|             - containerPort: 8443 | ||||
|               protocol: TCP | ||||
|             - containerPort: 1900 | ||||
|               protocol: UDP | ||||
|             - containerPort: 8843 | ||||
|               protocol: TCP | ||||
|             - containerPort: 8880 | ||||
|               protocol: TCP | ||||
|             - containerPort: 6789 | ||||
|               protocol: TCP | ||||
|             - containerPort: 5514 | ||||
|               protocol: UDP | ||||
|           volumeMounts: | ||||
|             - name: unifi-persistent-storage | ||||
|               mountPath: /config | ||||
|       volumes: | ||||
|       - name: unifi-persistent-storage | ||||
|         persistentVolumeClaim: | ||||
|           claimName: unifi-app | ||||
| --- | ||||
| kind: Service | ||||
| apiVersion: v1 | ||||
| metadata: | ||||
|   name: lb-unifi | ||||
|   namespace: unifi | ||||
|   annotations: | ||||
|     metallb.universe.tf/allow-shared-ip: 'true' | ||||
| spec: | ||||
|   type: LoadBalancer | ||||
|   externalTrafficPolicy: Local | ||||
|   loadBalancerIP: 172.21.102.1 | ||||
|   selector: | ||||
|     name: unifi | ||||
|   ports: | ||||
|     - name: '8080' | ||||
|       protocol: TCP | ||||
|       port: 8080 | ||||
|       targetPort: 8080 | ||||
|     - name: '8443' | ||||
|       protocol: TCP | ||||
|       port: 8443 | ||||
|       targetPort: 8443 | ||||
|     - name: '1900' | ||||
|       protocol: TCP | ||||
|       port: 1900 | ||||
|       targetPort: 1900 | ||||
|     - name: '8843' | ||||
|       protocol: TCP | ||||
|       port: 8843 | ||||
|       targetPort: 8843 | ||||
|     - name: '8880' | ||||
|       protocol: TCP | ||||
|       port: 8880 | ||||
|       targetPort: 8880 | ||||
|     - name: '6789' | ||||
|       protocol: TCP | ||||
|       port: 6789 | ||||
|       targetPort: 6789 | ||||
| --- | ||||
| kind: Service | ||||
| apiVersion: v1 | ||||
| metadata: | ||||
|   name: lb-unifi-udp | ||||
|   namespace: unifi | ||||
|   annotations: | ||||
|     metallb.universe.tf/allow-shared-ip: 'true' | ||||
| spec: | ||||
|   type: LoadBalancer | ||||
|   externalTrafficPolicy: Local | ||||
|   loadBalancerIP: 172.21.102.1 | ||||
|   selector: | ||||
|     name: unifi | ||||
|   ports: | ||||
|     - name: '3478' | ||||
|       protocol: UDP | ||||
|       port: 3478 | ||||
|       targetPort: 3478 | ||||
|     - name: '10001' | ||||
|       protocol: UDP | ||||
|       port: 10001 | ||||
|       targetPort: 10001 | ||||
|     - name: '5514' | ||||
|       protocol: UDP | ||||
|       port: 5514 | ||||
|       targetPort: 5514 | ||||
|   selector: | ||||
|     name: unifi | ||||
|   type: LoadBalancer | ||||
|   externalTrafficPolicy: Local | ||||
| --- | ||||
| apiVersion: traefik.io/v1alpha1 | ||||
| kind: ServersTransport | ||||
| metadata: | ||||
|   name: unifi | ||||
|   namespace: unifi | ||||
| spec: | ||||
|   insecureSkipVerify: true | ||||
| --- | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| kind: Ingress | ||||
| metadata: | ||||
|   name: unifi | ||||
|   namespace: unifi | ||||
|   annotations: | ||||
|     traefik.ingress.kubernetes.io/router.tls: "true" | ||||
|     kubernetes.io/ingress.class: traefik | ||||
|     traefik.ingress.kubernetes.io/router.entrypoints: websecure | ||||
|     external-dns.alpha.kubernetes.io/target: traefik.k-space.ee | ||||
| spec: | ||||
|   rules: | ||||
|     - host: "unifi.k-space.ee" | ||||
|       http: | ||||
|         paths: | ||||
|           - pathType: Prefix | ||||
|             path: / | ||||
|             backend: | ||||
|               service: | ||||
|                 name: lb-unifi | ||||
|                 port: | ||||
|                   number: 8443 | ||||
| --- | ||||
| apiVersion: codemowers.cloud/v1beta1 | ||||
| kind: OIDCMiddlewareClient | ||||
| metadata: | ||||
|   name: unifi | ||||
|   namespace: unifi | ||||
| spec: | ||||
|   uri: 'https://unifi.k-space.ee/' | ||||
		Reference in New Issue
	
	Block a user