Merge branch 'main' of https://github.com/JamesTurland/JimsGarage
This commit is contained in:
		
						commit
						cac5d0df8a
					
				|  | @ -4,7 +4,7 @@ metadata: | |||
|   creationTimestamp: null | ||||
|   labels: | ||||
|     app.kubernetes.io/name: kube-vip-ds | ||||
|     app.kubernetes.io/version: v0.6.3 | ||||
|     app.kubernetes.io/version: v0.7.2 | ||||
|   name: kube-vip-ds | ||||
|   namespace: kube-system | ||||
| spec: | ||||
|  | @ -16,7 +16,7 @@ spec: | |||
|       creationTimestamp: null | ||||
|       labels: | ||||
|         app.kubernetes.io/name: kube-vip-ds | ||||
|         app.kubernetes.io/version: v0.6.3 | ||||
|         app.kubernetes.io/version: v0.7.2 | ||||
|     spec: | ||||
|       affinity: | ||||
|         nodeAffinity: | ||||
|  |  | |||
|  | @ -0,0 +1,14 @@ | |||
| # Deployment | ||||
| 
 | ||||
| You can't just deploy the whole folder. You have to apply the files in the following order: | ||||
| 
 | ||||
| 1. Create the namespace and the secrets using ´kubectl apply -f namespaceAndSecret.yaml ´ | ||||
| 2. Apply the init-script using ´kubectl create configmap create-db-configmap --from-file=init-mongo.js --namespace unifi-controller´ | ||||
| 3. Create two persistent volumes and two persistent volume claims in Longhorn | ||||
| 
 | ||||
| - unifi-db | ||||
| - unifi-config | ||||
| 
 | ||||
| 4. Deploy the pod and the service using ´kubectl apply -f deployment.yaml ´ | ||||
| 5. If you want to access the GUI via Traefik you can add an ingress using ´kubectl apply -f ingress.yaml ´ | ||||
| 6. Check if the MongoDB Container is running and delete the configmap ´create-db-configmap´ for security reasons | ||||
|  | @ -0,0 +1,164 @@ | |||
| --- | ||||
| apiVersion: apps/v1 | ||||
| kind: Deployment | ||||
| metadata: | ||||
|   labels: | ||||
|     app: unifi-controller | ||||
|     app.kubernetes.io/instance: unifi-controller | ||||
|   name: unifi-controller | ||||
|   namespace: unifi-controller | ||||
| spec: | ||||
|   replicas: 1 | ||||
|   strategy: | ||||
|     type: RollingUpdate | ||||
|     rollingUpdate: | ||||
|       maxSurge: 1 | ||||
|       maxUnavailable: 1 | ||||
|   selector: | ||||
|     matchLabels: | ||||
|       app: unifi-controller | ||||
|   template: | ||||
|     metadata: | ||||
|       labels: | ||||
|         app: unifi-controller | ||||
|     spec: | ||||
|       nodeSelector: | ||||
|         worker: "true" | ||||
|       containers: | ||||
|         - image: docker.io/mongo:7.0 | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           name: unifi-db | ||||
|           args: ["--dbpath", "/data/db"] | ||||
|           livenessProbe: | ||||
|             exec: | ||||
|               command: | ||||
|                 - mongo | ||||
|                 - --disableImplicitSessions | ||||
|                 - --eval | ||||
|                 - "db.adminCommand('ping')" | ||||
|             initialDelaySeconds: 30 | ||||
|             periodSeconds: 10 | ||||
|             timeoutSeconds: 5 | ||||
|             successThreshold: 1 | ||||
|             failureThreshold: 6 | ||||
|           readinessProbe: | ||||
|             exec: | ||||
|               command: | ||||
|                 - mongo | ||||
|                 - --disableImplicitSessions | ||||
|                 - --eval | ||||
|                 - "db.adminCommand('ping')" | ||||
|             initialDelaySeconds: 30 | ||||
|             periodSeconds: 10 | ||||
|             timeoutSeconds: 5 | ||||
|             successThreshold: 1 | ||||
|             failureThreshold: 6 | ||||
|           ports: | ||||
|             - containerPort: 27017 | ||||
|               name: mongo | ||||
|               protocol: TCP | ||||
|           volumeMounts: | ||||
|             - mountPath: /data/db | ||||
|               name: unifi-db | ||||
|             - name: "init-database" | ||||
|               mountPath: "/docker-entrypoint-initdb.d/" | ||||
|         - image: lscr.io/linuxserver/unifi-network-application:8.1.113-ls36 | ||||
|           imagePullPolicy: IfNotPresent | ||||
|           name: unifi-controller | ||||
|           envFrom: | ||||
|             - secretRef: | ||||
|                 name: unifi-env | ||||
|           env: | ||||
|             - name: MONGO_HOST | ||||
|               value: "localhost" | ||||
|             - name: MONGO_PORT | ||||
|               value: "27017" | ||||
|           volumeMounts: | ||||
|             - mountPath: /config | ||||
|               name: unifi-config | ||||
|           ports: | ||||
|             - containerPort: 8443 | ||||
|               name: web | ||||
|               protocol: TCP | ||||
|             - containerPort: 3478 | ||||
|               name: stun | ||||
|               protocol: UDP | ||||
|             - containerPort: 1001 | ||||
|               name: discovery | ||||
|               protocol: UDP | ||||
|             - containerPort: 8080 | ||||
|               name: communication | ||||
|               protocol: TCP | ||||
|           resources: | ||||
|             limits: | ||||
|               cpu: 2 | ||||
|               memory: 1Gi | ||||
|             requests: | ||||
|               cpu: 200m | ||||
|               memory: 256Mi | ||||
|           livenessProbe: | ||||
|             tcpSocket: | ||||
|               port: communication | ||||
|             initialDelaySeconds: 60 | ||||
|             periodSeconds: 10 | ||||
|           readinessProbe: | ||||
|             httpGet: | ||||
|               scheme: HTTPS | ||||
|               path: / | ||||
|               port: web | ||||
|             initialDelaySeconds: 30 | ||||
|             periodSeconds: 10 | ||||
|       volumes: | ||||
|         - name: unifi-db | ||||
|           persistentVolumeClaim: | ||||
|             claimName: unifi-db | ||||
|         - name: unifi-config | ||||
|           persistentVolumeClaim: | ||||
|             claimName: unifi-config | ||||
|         - name: "init-database" | ||||
|           configMap: | ||||
|             name: create-db-configmap | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: unifi-tcp | ||||
|   namespace: unifi-controller | ||||
|   annotations: | ||||
|     metallb.universe.tf/allow-shared-ip: unifi-controller | ||||
| spec: | ||||
|   type: LoadBalancer | ||||
|   loadBalancerIP: 10.122.0.65 # MUST match loadBalancerIP of the other service. Choose a availible IP in your MetalLB Range | ||||
|   ports: | ||||
|     - name: web | ||||
|       protocol: TCP | ||||
|       port: 8443 | ||||
|       targetPort: 8443 | ||||
|     - name: communication | ||||
|       protocol: TCP | ||||
|       port: 8080 | ||||
|       targetPort: 8080 | ||||
|   selector: | ||||
|     app: unifi-controller | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Service | ||||
| metadata: | ||||
|   name: unifi-udp | ||||
|   namespace: unifi-controller | ||||
|   annotations: | ||||
|     metallb.universe.tf/allow-shared-ip: unifi-controller | ||||
| spec: | ||||
|   type: LoadBalancer | ||||
|   loadBalancerIP: 10.122.0.65 # MUST match loadBalancerIP of the other service. Choose a availible IP in your MetalLB Range | ||||
|   ports: | ||||
|     - name: stun | ||||
|       protocol: UDP | ||||
|       port: 3478 | ||||
|       targetPort: 3478 | ||||
|     - name: discovery | ||||
|       protocol: UDP | ||||
|       port: 10001 | ||||
|       targetPort: 10001 | ||||
|   selector: | ||||
|     app: unifi-controller | ||||
|  | @ -0,0 +1,39 @@ | |||
| --- | ||||
| apiVersion: traefik.containo.us/v1alpha1 | ||||
| kind: Middleware | ||||
| metadata: | ||||
|   name: default-headers | ||||
|   namespace: unifi-controller | ||||
| spec: | ||||
|   headers: | ||||
|     browserXssFilter: true | ||||
|     contentTypeNosniff: true | ||||
|     forceSTSHeader: true | ||||
|     stsIncludeSubdomains: true | ||||
|     stsPreload: true | ||||
|     stsSeconds: 15552000 | ||||
|     customFrameOptionsValue: SAMEORIGIN | ||||
|     customRequestHeaders: | ||||
|       X-Forwarded-Proto: https | ||||
| --- | ||||
| apiVersion: traefik.containo.us/v1alpha1 | ||||
| kind: IngressRoute | ||||
| metadata: | ||||
|   name: unifi-controller | ||||
|   namespace: unifi-controller | ||||
|   annotations: | ||||
|     kubernetes.io/ingress.class: traefik-external | ||||
| spec: | ||||
|   entryPoints: | ||||
|     - websecure | ||||
|   routes: | ||||
|     - match: Host(`unifi.yourdomain.com`) # change to your domain | ||||
|       kind: Rule | ||||
|       services: | ||||
|         - name: unifi-tcp | ||||
|           port: 8443 | ||||
|           scheme: https | ||||
|       middlewares: | ||||
|         - name: default-headers | ||||
|   tls: | ||||
|     secretName: ffth-tls # change to your cert name | ||||
|  | @ -0,0 +1,10 @@ | |||
| db.getSiblingDB("unifi").createUser({ | ||||
|   user: "unifi", | ||||
|   pwd: "5nHgg3G0cH9d", | ||||
|   roles: [{ role: "dbOwner", db: "unifi" }], | ||||
| }); | ||||
| db.getSiblingDB("unifi_stat").createUser({ | ||||
|   user: "unifi", | ||||
|   pwd: "5nHgg3G0cH9d", | ||||
|   roles: [{ role: "dbOwner", db: "unifi_stat" }], | ||||
| }); | ||||
|  | @ -0,0 +1,19 @@ | |||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Namespace | ||||
| metadata: | ||||
|   name: unifi-controller | ||||
| --- | ||||
| apiVersion: v1 | ||||
| kind: Secret | ||||
| metadata: | ||||
|   name: unifi-env | ||||
|   namespace: unifi-controller | ||||
| type: Opaque | ||||
| stringData: | ||||
|   PUID: "1000" | ||||
|   PGID: "1000" | ||||
|   TZ: "Europe/London" | ||||
|   MONGO_USER: "unifi" | ||||
|   MONGO_PASS: "5nHgg3G0cH9d" | ||||
|   MONGO_DBNAME: unifi | ||||
		Loading…
	
		Reference in New Issue
	
	 James Turland
						James Turland