-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a new Unifi Network Application Component (#134)
Closes #55
- Loading branch information
Showing
9 changed files
with
347 additions
and
0 deletions.
There are no files selected for viewing
66 changes: 66 additions & 0 deletions
66
kustomization/components/unifi-network-application/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
# Unifi Controller Component | ||
|
||
This will deploy the [Unifi Network Application](https://github.com/linuxserver/docker-unifi-network-application), and | ||
assumes you are using [Traefik Proxy](https://traefik.io/traefik). | ||
|
||
This also requires our PriorityClass component. | ||
|
||
# Example Usage | ||
|
||
```yaml | ||
--- | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
|
||
components: | ||
- https://github.com/marinatedconcrete/config/kustomization/components/unifi-network-application | ||
``` | ||
See below for additionally required patches and secrets. | ||
## Required Patches | ||
### Add ServersTransport to Service | ||
#### `kustomization.yml` | ||
|
||
```yaml | ||
patches: | ||
- path: patches/add_una_svc_serverstransport.yml | ||
target: | ||
kind: Service | ||
name: unifi-network-application-svc | ||
``` | ||
|
||
#### `patches/add_una_svc_serverstransport.yml` | ||
|
||
The format of the annotation value is: `<deployed-namespace>-unifi-network-application-serverstransport@kubernetescrd`. | ||
|
||
```yaml | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
annotations: | ||
traefik.ingress.kubernetes.io/service.serverstransport: unifi-unifi-network-application-serverstransport@kubernetescrd | ||
name: this-is-ignored-but-is-required | ||
``` | ||
|
||
## Required Secrets | ||
|
||
### `una-secret` | ||
|
||
This needs to have the following keys defined: | ||
|
||
- `MONGO_PASS` | ||
|
||
You can include additional keys as well for further configuration. | ||
|
||
```yaml | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: una-secret | ||
stringData: | ||
MONGO_PASS: ... | ||
``` |
23 changes: 23 additions & 0 deletions
23
kustomization/components/unifi-network-application/configmap/generate-init-mongo.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
#!/bin/sh | ||
|
||
if [ -z "${MONGO_PASS}" ]; then | ||
echo "MONGO_PASS must be set!" | ||
exit 1 | ||
fi | ||
|
||
echo "db.getSiblingDB(\"unifi\") | ||
.createUser({ | ||
user: \"unifi\", | ||
pwd: \"${MONGO_PASS}\", | ||
roles: [ | ||
{role: \"dbOwner\", db: \"unifi\"} | ||
] | ||
}); | ||
db.getSiblingDB(\"unifi_stat\") | ||
.createUser({ | ||
user: \"unifi\", | ||
pwd: \"${MONGO_PASS}\", | ||
roles: [ | ||
{role: \"dbOwner\", db: \"unifi_stat\"} | ||
] | ||
});" > /docker-entrypoint-initdb.d/init-mongo.js |
3 changes: 3 additions & 0 deletions
3
kustomization/components/unifi-network-application/configmap/shutdown-mongo.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
db.adminCommand({ | ||
shutdown: 1 | ||
}) |
20 changes: 20 additions & 0 deletions
20
kustomization/components/unifi-network-application/kustomization.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
--- | ||
apiVersion: kustomize.config.k8s.io/v1alpha1 | ||
kind: Component | ||
|
||
configMapGenerator: | ||
- name: una-mongodb-scripts-configmap | ||
files: | ||
- configmap/generate-init-mongo.sh | ||
- configmap/shutdown-mongo.js | ||
images: | ||
- name: busybox | ||
newTag: 1.36.1 | ||
- name: lscr.io/linuxserver/unifi-network-application | ||
newTag: 8.1.113 | ||
- name: mongo | ||
newTag: 7.0.7 | ||
resources: | ||
- statefulset.yml | ||
- serverstransport.yml | ||
- service.yml |
7 changes: 7 additions & 0 deletions
7
kustomization/components/unifi-network-application/serverstransport.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
--- | ||
apiVersion: traefik.io/v1alpha1 | ||
kind: ServersTransport | ||
metadata: | ||
name: unifi-network-application-serverstransport | ||
spec: | ||
insecureSkipVerify: true |
25 changes: 25 additions & 0 deletions
25
kustomization/components/unifi-network-application/service.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
annotations: | ||
traefik.ingress.kubernetes.io/service.serversscheme: https | ||
name: unifi-network-application-svc | ||
spec: | ||
ports: | ||
- name: una-web | ||
port: 443 | ||
protocol: TCP | ||
targetPort: una-web | ||
- name: device-api | ||
port: 8080 | ||
protocol: TCP | ||
- name: device-discover | ||
port: 10001 | ||
protocol: UDP | ||
- name: device-stun | ||
port: 3478 | ||
protocol: UDP | ||
selector: | ||
app.kubernetes.io/name: unifi-network-application | ||
type: LoadBalancer |
175 changes: 175 additions & 0 deletions
175
kustomization/components/unifi-network-application/statefulset.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,175 @@ | ||
--- | ||
apiVersion: apps/v1 | ||
kind: StatefulSet | ||
metadata: | ||
name: unifi-network-application-statefulset | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/name: unifi-network-application | ||
serviceName: una-unifi-svc | ||
template: | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: unifi-network-application | ||
spec: | ||
containers: | ||
- image: mongo | ||
lifecycle: | ||
preStop: | ||
exec: | ||
command: | ||
- /bin/sh | ||
- -c | ||
- mongo admin /scripts/shutdown-mongo.js | ||
livenessProbe: | ||
tcpSocket: | ||
port: 27017 | ||
initialDelaySeconds: 10 | ||
periodSeconds: 15 | ||
name: mongodb | ||
readinessProbe: | ||
tcpSocket: | ||
port: 27017 | ||
initialDelaySeconds: 10 | ||
periodSeconds: 15 | ||
resources: | ||
limits: | ||
cpu: 2000m | ||
memory: 2Gi | ||
requests: | ||
cpu: 500m | ||
memory: 1Gi | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
seccompProfile: | ||
type: RuntimeDefault | ||
volumeMounts: | ||
- mountPath: /data/db | ||
name: mongodb-data | ||
- mountPath: /docker-entrypoint-initdb.d/init-mongo.js | ||
name: init-mongodb | ||
readOnly: true | ||
subPath: init-mongo.js | ||
- mountPath: /scripts | ||
name: mongodb-scripts | ||
- env: | ||
- name: MEM_LIMIT | ||
value: "1024" | ||
- name: MEM_STARTUP | ||
value: "1024" | ||
- name: MONGO_DBNAME | ||
value: unifi | ||
- name: MONGO_HOST | ||
value: 127.0.0.1 | ||
- name: MONGO_PASS | ||
valueFrom: | ||
secretKeyRef: | ||
name: una-secret | ||
key: MONGO_PASS | ||
- name: MONGO_PORT | ||
value: "27017" | ||
- name: MONGO_USER | ||
value: unifi | ||
- name: TZ | ||
value: America/Los_Angeles | ||
image: lscr.io/linuxserver/unifi-network-application | ||
livenessProbe: | ||
httpGet: | ||
port: una-web | ||
scheme: HTTPS | ||
initialDelaySeconds: 15 | ||
periodSeconds: 15 | ||
name: unifi | ||
# https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference | ||
ports: | ||
- name: una-web | ||
containerPort: 8443 | ||
protocol: TCP | ||
- name: device-api | ||
containerPort: 8080 | ||
protocol: TCP | ||
- name: device-discover | ||
containerPort: 10001 | ||
protocol: UDP | ||
- name: device-stun | ||
containerPort: 3478 | ||
protocol: UDP | ||
readinessProbe: | ||
httpGet: | ||
port: una-web | ||
scheme: HTTPS | ||
initialDelaySeconds: 15 | ||
periodSeconds: 15 | ||
resources: | ||
limits: | ||
cpu: 2000m | ||
memory: 2Gi | ||
requests: | ||
cpu: 500m | ||
memory: 1Gi | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
seccompProfile: | ||
type: RuntimeDefault | ||
volumeMounts: | ||
- name: unifi-config | ||
mountPath: /config | ||
initContainers: | ||
- env: | ||
- name: MONGO_PASS | ||
valueFrom: | ||
secretKeyRef: | ||
name: una-secret | ||
key: MONGO_PASS | ||
command: | ||
- sh | ||
- -c | ||
- /scripts/generate-init-mongo.sh | ||
image: busybox | ||
name: init-mongodb | ||
resources: | ||
limits: | ||
cpu: 100m | ||
memory: 200Mi | ||
requests: | ||
cpu: 30m | ||
memory: 100Mi | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
seccompProfile: | ||
type: RuntimeDefault | ||
volumeMounts: | ||
- mountPath: /docker-entrypoint-initdb.d | ||
name: init-mongodb | ||
- mountPath: /scripts | ||
name: mongodb-scripts | ||
priorityClassName: critical-application | ||
volumes: | ||
- emptyDir: | ||
medium: Memory | ||
name: init-mongodb | ||
- configMap: | ||
defaultMode: 0777 | ||
name: una-mongodb-scripts-configmap | ||
name: mongodb-scripts | ||
volumeClaimTemplates: | ||
- metadata: | ||
name: mongodb-data | ||
spec: | ||
accessModes: | ||
- ReadWriteOnce | ||
resources: | ||
requests: | ||
storage: 1Gi | ||
storageClassName: longhorn-encrypted | ||
- metadata: | ||
name: unifi-config | ||
spec: | ||
accessModes: | ||
- ReadWriteOnce | ||
resources: | ||
requests: | ||
storage: 1Gi | ||
storageClassName: longhorn-encrypted |
20 changes: 20 additions & 0 deletions
20
kustomization/tests/unifi-network-application/kustomization.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
--- | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
|
||
components: | ||
- ../../components/priorityclass | ||
- ../../components/unifi-network-application | ||
namespace: unifi-network-application-test | ||
patches: | ||
# TODO(https://github.com/marinatedconcrete/config/issues/56): we can allow this to exist once we have traefik | ||
- patch: |- | ||
$patch: delete | ||
apiVersion: traefik.io/v1alpha1 | ||
kind: ServersTransport | ||
metadata: | ||
name: this-is-ignored-but-is-required | ||
target: | ||
kind: ServersTransport | ||
resources: | ||
- namespace.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
--- | ||
apiVersion: v1 | ||
kind: Namespace | ||
metadata: | ||
labels: | ||
pod-security.kubernetes.io/enforce: baseline | ||
pod-security.kubernetes.io/enforce-version: latest | ||
name: unifi-network-application-test |