diff --git a/cluster/data/unifi.yaml b/cluster/data/unifi.yaml new file mode 100644 index 000000000..10830a258 --- /dev/null +++ b/cluster/data/unifi.yaml @@ -0,0 +1,84 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: unifi + namespace: data +spec: + interval: 5m + chart: + spec: + # renovate: registryUrl=https://k8s-at-home.com/charts/ + chart: unifi + version: 1.3.1 + sourceRef: + kind: HelmRepository + name: k8s-at-home-charts + namespace: flux-system + interval: 5m + values: + controllerType: deployment + strategy: + type: Recreate + image: + repository: jacobalberty/unifi + tag: 6.0.41 + pullPolicy: IfNotPresent + persistence: + enabled: true + existingClaim: unifi-config + timezone: "Europe/Paris" + runAsRoot: false + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + nginx.ingress.kubernetes.io/proxy-body-size: 10m + guiService: + type: LoadBalancer + loadBalancerIP: 192.168.9.201 + annotations: + metallb.universe.tf/allow-shared-ip: unifi + prometheus.io/probe: "true" + prometheus.io/protocol: http + controllerService: + type: LoadBalancer + loadBalancerIP: 192.168.9.201 + annotations: + metallb.universe.tf/allow-shared-ip: unifi + prometheus.io/probe: "true" + prometheus.io/protocol: tcp + stunService: + type: LoadBalancer + loadBalancerIP: 192.168.9.201 + annotations: + metallb.universe.tf/allow-shared-ip: unifi + discoveryService: + type: LoadBalancer + loadBalancerIP: 192.168.9.201 + annotations: + metallb.universe.tf/allow-shared-ip: unifi + resources: + requests: + memory: 2Gi + cpu: 100m + #limits: + # memory: 2Gi + # cpu: 100m + valuesFrom: + - kind: ConfigMap + name: helmrelease-data-unifi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: unifi-config + namespace: data +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn-backups + resources: + requests: + storage: 10Gi diff --git a/secrets/helmrelease-data-unifi.yaml b/secrets/helmrelease-data-unifi.yaml new file mode 100644 index 000000000..c5cecd91f --- /dev/null +++ b/secrets/helmrelease-data-unifi.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +data: + values.yaml: ENC[AES256_GCM,data:30f5/5rS3AiUA/vn+Yt/HdHF5HRgCq2sl1D09BB7GwPJjwB+W4Bw84JawlD7RBRycyLSQAvtuo18li9cmQT6Bd7kwNcce0FGN82alCzgBAHz50lF19Ec3cAL,iv:n3frgTtS9LuABQRP7ttg+YgTTCv3tG0OJRK/9iAgZR4=,tag:DlOVOE8bsRIjiLWptkbm7Q==,type:str] +kind: ConfigMap +metadata: + creationTimestamp: null + name: helmrelease-data-unifi + namespace: data +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + lastmodified: '2020-12-12T19:18:32Z' + mac: ENC[AES256_GCM,data:MkdBqJLLdClhF5DZG2meMTiZKetEa1i9ikPmdU+nH5xYuNmQqnJ8e7ckGcPsy9IOVKm5/CHfKs8NOGDQs8TVbbqG+528CQMlhDZOJJE3uk/7FzVR7FRoZ6KxD5nSyS99ZGhKlKJgEeIXZZTKtBQaobt/qdxGo+aOxUZ94E+jxa8=,iv:wSQoxkvUzhPEUnFkFEWj3kEzGhP01ERoszEZDxfRW0k=,tag:fVjDPjrJnmpyi1zTM5CvSQ==,type:str] + pgp: + - created_at: '2020-12-12T19:18:31Z' + enc: | + -----BEGIN PGP MESSAGE----- + + hQGMA/JorPHm1g9XAQv+JiugX6dqGRsVwwtv/MhpFdu9nnJSXxLBwz+9Kg53qABd + mvvI0f+EsmSva1K/AegXpYrs24DtpsSfIiOG6+j/Dlrp2+2EndbA+Mett4WtGxix + Q97z4bpCO6eOQ1lJVikCJwGUcKKUgaAB1X2jKhyYfq6scLzjFp2LTKTMgh/K5vLN + 8+KrLlgkQKtQO+olxBH8aiyypP6gZTh/bVORZr2KP9RILm/9Ej6LtEA3OZjjs2Xw + NP6GRnz+/GQLK/siFCO0VcWJVC++7LDREFDWwgGgIfp/KLxG0c58BdO2ZIxeMqVJ + j+Z86qmovVsXsLYpGuaP59/f23r4lRB3FjqE1lfY9OwzNXdk3/v+6pClzhYfkgt2 + 687psv6GInB65n2P93YF2YSb3A/SMK/FCqQB8kxP1AvDtRtMsfAVbe5qPFev/gri + Jd1JeAhLy3HXn5ku8pnvNcWz+/NncxXxAtt4R1VOoOWE7CUojeI8pmXhbf11qff/ + szSuj73wVvsUowO2fNtK0l4Ba0LtX+AUI+IIjrPykPCG0myf/eTWCx6BSkP9C1Rs + iUjACAIPuU4mnPytS2y1JPVwCdWPGBzZCsV4V7gZkAe9d/0ED/9nb86lAB2GzYQc + SGDz7qhTOJlEqin6SNJu + =XBz2 + -----END PGP MESSAGE----- + fp: C8F8A49D04A1AB639F8EA21CDBA4B1DCB1FA5BDD + encrypted_regex: ^(data|stringData)$ + version: 3.6.1