update unifi

unifi/config/rbac/kustomization.yaml

@@ -0,0 +1,7 @@
+resources:
+- role.yaml
+- role_binding.yaml
+- service_account.yaml
+- service_account_database.yaml
+- role_binding_database.yaml
+- role_database.yaml

unifi/config/rbac/role.yaml

@@ -0,0 +1,46 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: mongodb-kubernetes-operator
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  - configmaps
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - mongodbcommunity.mongodb.com
+  resources:
+  - mongodbcommunity
+  - mongodbcommunity/status
+  - mongodbcommunity/spec
+  - mongodbcommunity/finalizers
+  verbs:
+  - get
+  - patch
+  - list
+  - update
+  - watch

unifi/config/rbac/role_binding.yaml

@@ -0,0 +1,11 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-kubernetes-operator
+subjects:
+- kind: ServiceAccount
+  name: mongodb-kubernetes-operator
+roleRef:
+  kind: Role
+  name: mongodb-kubernetes-operator
+  apiGroup: rbac.authorization.k8s.io

unifi/config/rbac/role_binding_database.yaml

@@ -0,0 +1,11 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-database
+subjects:
+- kind: ServiceAccount
+  name: mongodb-database
+roleRef:
+  kind: Role
+  name: mongodb-database
+  apiGroup: rbac.authorization.k8s.io

unifi/config/rbac/role_database.yaml

@@ -0,0 +1,19 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-database
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - patch
+      - delete
+      - get

unifi/config/rbac/service_account.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mongodb-kubernetes-operator

unifi/config/rbac/service_account_database.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mongodb-database

unifi/kustomization.yaml

@@ -6,7 +6,7 @@ resources:
   - service.yaml
   - ingress-route.yaml
 images:
-  - name: linuxserver/unifi-controller
+  - name: linuxserver/unifi-network-application
     newTag: latest 
 patches:
   # Set Service to LoadBalancer and Specify IP Address to use

unifi/mongo.yaml

@@ -0,0 +1,77 @@
+---
+apiVersion: mongodbcommunity.mongodb.com/v1
+kind: MongoDBCommunity
+metadata:
+  name: unifi-mongodb
+spec:
+#  containers:
+#    volumeMounts:
+#    - name: mongo-ps
+#      mountPath: /data/db
+  members: 1 
+  type: ReplicaSet
+  version: "6.0.19"
+  security:
+    authentication:
+      modes: ["SCRAM-SHA-1"]
+  users:
+    - name: unifi
+      db: admin
+      passwordSecretRef: # a reference to the secret that will be used to generate the user's password
+        name: unifi-user
+      roles:
+        - name: clusterAdmin
+          db: admin
+        - name: readWriteAnyDatabase
+          db: admin
+        - name: dbAdminAnyDatabase
+          db: admin 
+      scramCredentialsSecretName: my-scram 
+  additionalMongodConfig:
+    storage.wiredTiger.engineConfig.journalCompressor: zlib
+ # volumes:
+ # - name: mongo-ps
+ #   persistentVolumeClaim:
+ #     claimName: unifi-data-pvc
+# the user credentials will be generated from this secret
+# once the credentials are generated, this secret is no longer required
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: unifi-user
+type: Opaque
+stringData:
+  password: unifi
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: unifi-mongo-ca
+spec:
+  secretName: unifi-mongodb-ca
+  commonName: "*.unifi-mongodb-svc.unifi-service.cluster.local"
+  dnsNames:
+    - "*.unifi-mongodb-svc.unifi-service.cluster.local"
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  isCA: true
+  issuerRef:
+    name: ca-issuer
+    kind: ClusterIssuer
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: unifi-mongodb-tls
+spec:
+  secretName: unifi-mongodb-tls
+  commonName: "*.unifi-mongodb-svc.unifi-service.cluster.local"
+  dnsNames:
+    - unifi-mongodb-svc.unifi-service.celestium.life
+    - unifi-mongodb-svc.unifi-service
+    - unifi-mongodb-0.celestium.life
+  issuerRef:
+    name: ca-issuer
+    kind: ClusterIssuer

unifi/nfs-pv.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: unifi-data
+spec:
+  persistentVolumeReclaimPolicy: Delete
+  capacity:
+    storage: 5Gi
+  accessModes:
+    - ReadWriteOnce
+    - ReadWriteMany
+  storageClassName: ""
+  nfs:
+    path: /volume1/Kubernetes/mongodb/data/unifi     # The path to your media
+    server: 192.168.42.8     # Your NFS server with Media
+  mountOptions:
+    - vers=4
+    - minorversion=1
+    - noac

unifi/nfs-pvc.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: unifi-data-pvc 
+spec:
+  volumeName: unifi-data
+  storageClassName: ""
+  accessModes:
+    - ReadWriteMany
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi

unifi/runmefirst.sh

@@ -1,3 +1,7 @@
 #!/usr/bin/env bash
 kubectl create namespace unifi-service
+kubectl apply -k config/rbac/  --namespace unifi-service
+kubectl apply -f mongo.yaml -n unifi-service 
+echo "Creating mongodb"
+sleep 60
 kubectl kustomize . | kubectl create -n unifi-service -f -

unifi/statefulset.yaml

@@ -10,8 +10,27 @@ spec:
     spec:
       containers:
       - name: unifi-controller
-        image: linuxserver/unifi-controller
+        image: linuxserver/unifi-network-application
         imagePullPolicy: IfNotPresent
+        env:
+        - name: PUID
+          value: "1000"
+        - name: PGID
+          value: "1000"
+        - name: TZ
+          value: Etc/UTC
+        - name: MONGO_USER
+          value: unifi
+        - name: MONGO_PASS
+          value: unifi
+        - name: MONGO_HOST
+          value: unifi-mongodb-svc.unifi-service
+        - name: MONGO_PORT
+          value: "27017"
+        - name: MONGO_DBNAME
+          value: unifi-db
+        - name: MONGO_AUTHSOURCE
+          value: admin
         ports:
         - name: device-comm
           containerPort: 8080