Skip to content

Instantly share code, notes, and snippets.

@mnorrsken

mnorrsken/unifi.yaml

Created January 27, 2025 11:11
Show Gist options
  • Save mnorrsken/6ef80a0895528ccf3c6c94bf3418b2d9 to your computer and use it in GitHub Desktop.
Save mnorrsken/6ef80a0895528ccf3c6c94bf3418b2d9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
unifi.yaml
# Applied to namespace "unifi" with kustomize
apiVersion: v1
kind: ServiceAccount
metadata:
name: secret-creator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: secret-creator-role-binding
subjects:
- kind: ServiceAccount
name: secret-creator
roleRef:
kind: ClusterRole
name: admin
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
name: secret-creation-job
spec:
template:
metadata:
name: secret-creation-pod
spec:
serviceAccountName: secret-creator
containers:
- name: secret-creation-container
image: bitnami/kubectl:latest
command: ["/bin/sh"]
args:
- -c
- |
cd /tmp
MONGO_PASS=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13; echo)
MONGO_USER=root
MONGO_DBNAME=unifi
cat > init-mongo.js <<EOF
db.getSiblingDB("${MONGO_DBNAME}").createUser({user: "${MONGO_USER}", pwd: "${MONGO_PASS}", roles: [{role: "dbOwner", db: "${MONGO_DBNAME}"}]});
db.getSiblingDB("${MONGO_DBNAME}_stat").createUser({user: "${MONGO_USER}", pwd: "${MONGO_PASS}", roles: [{role: "dbOwner", db: "${MONGO_DBNAME}_stat"}]});
EOF
kubectl create secret generic unifi --from-literal=MONGO_PASS=$MONGO_PASS --from-literal=MONGO_USER=$MONGO_USER --from-literal=MONGO_DBNAME=$MONGO_DBNAME --from-file=init-mongo.js
env:
- name: KUBE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: Never
backoffLimit: 1
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb
namespace: unifi
spec:
replicas: 1
strategy:
type: Recreate
rollingUpdate: null
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
annotations:
diun.enable: "true"
spec:
containers:
- name: mongodb
image: mongo:4.4
imagePullPolicy: Always
ports:
- containerPort: 27017
volumeMounts:
- name: init-script
mountPath: /docker-entrypoint-initdb.d
- name: mongodb-data
mountPath: /data/db
resources:
requests:
memory: 333Mi
cpu: 10m
limits:
memory: 333Mi
volumes:
- name: init-script
secret:
secretName: unifi
items:
- key: init-mongo.js
path: init-mongo.js
- name: mongodb-data
persistentVolumeClaim:
claimName: mongodb-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mongodb-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Gi
---
apiVersion: v1
kind: Service
metadata:
name: mongodb
spec:
type: ClusterIP
selector:
app: mongodb
ports:
- protocol: TCP
port: 27017
targetPort: 27017
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: unifi
namespace: unifi
spec:
strategy:
type: Recreate
rollingUpdate: null
replicas: 1
selector:
matchLabels:
app: unifi
template:
metadata:
labels:
app: unifi
annotations:
diun.enable: "true"
backup.velero.io/backup-volumes: unifi-backups
spec:
containers:
- name: unifi-network-application
image: lscr.io/linuxserver/unifi-network-application:latest
imagePullPolicy: Always
resources:
requests:
memory: 1200Mi
cpu: 10m
limits:
memory: 1200Mi
env:
- name: PUID
value: '1000'
- name: PGID
value: '1000'
- name: TZ
value: Europe/Stockholm
- name: MONGO_USER
valueFrom:
secretKeyRef:
name: unifi
key: MONGO_USER
- name: MONGO_PASS
valueFrom:
secretKeyRef:
name: unifi
key: MONGO_PASS
- name: MONGO_DBNAME
valueFrom:
secretKeyRef:
name: unifi
key: MONGO_DBNAME
- name: MONGO_HOST
value: mongodb
- name: MONGO_PORT
value: '27017'
ports:
- containerPort: 3478
protocol: UDP
- containerPort: 10001
protocol: UDP
- containerPort: 8443
- containerPort: 8080
volumeMounts:
- name: unifi-data
mountPath: /config
- name: unifi-backups
mountPath: /config/data/backup/autobackup
volumes:
- name: unifi-data
persistentVolumeClaim:
claimName: unifi-pvc
- name: unifi-backups
persistentVolumeClaim:
claimName: unifi-backups-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: unifi-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: unifi-backups-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: unifi-http
namespace: unifi
annotations:
traefik.ingress.kubernetes.io/service.serversscheme: https
spec:
selector:
app: unifi
ports:
- protocol: TCP
port: 8443
targetPort: 8443
---
apiVersion: v1
kind: Service
metadata:
name: unifi-http-api
namespace: unifi
annotations:
external-dns.alpha.kubernetes.io/hostname: unifi.internal
metallb.io/loadBalancerIPs: 192.168.11.12
spec:
type: LoadBalancer
selector:
app: unifi
ports:
- protocol: UDP
port: 3478
targetPort: 3478
name: stun
- protocol: UDP
port: 10001
targetPort: 10001
name: udp10001
- protocol: TCP
port: 8080
targetPort: 8080
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: unifi-console
namespace: unifi
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
ingressClassName: traefik
rules:
- host: unifi.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: unifi-http
port:
number: 8443
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment