--- # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: &app unifi spec: interval: 1h chartRef: kind: OCIRepository name: app-template install: remediation: retries: 3 upgrade: cleanupOnFail: true remediation: strategy: rollback retries: 3 values: controllers: unifi: annotations: reloader.stakater.com/auto: "true" containers: app: image: repository: jacobalberty/unifi tag: v9.3.45@sha256:6f1cc8eeda6a2303a3939f8f6565d4e4ca963b18b2d5dfae7e1ed4799d102eeb pullPolicy: IfNotPresent env: RUNAS_UID0: "false" UNIFI_UID: "999" UNIFI_GID: "999" UNIFI_STDOUT: "true" JVM_INIT_HEAP_SIZE: JVM_MAX_HEAP_SIZE: 1024M resources: requests: memory: 2Gi cpu: 50m service: app: controller: *app type: LoadBalancer externalTrafficPolicy: Local loadBalancerIP: 192.168.169.103 ports: https: port: &port 8443 protocol: HTTPS controller: enabled: true port: 8080 protocol: TCP portal-http: enabled: false port: 8880 protocol: HTTP portal-https: enabled: false port: 8843 protocol: HTTPS speedtest: enabled: true port: 6789 protocol: TCP stun: enabled: true port: 3478 protocol: UDP syslog: enabled: true port: 5514 protocol: UDP discovery: enabled: true port: 10001 protocol: UDP route: app: hostnames: ["{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"] parentRefs: - name: internal namespace: network sectionName: https rules: - backendRefs: - name: *app port: *port timeouts: request: 0s # websocket, never time out backendRequest: 0s # websocket, never time out persistence: config: enabled: true existingClaim: *app globalMounts: - path: /unifi cert: type: secret name: '${SECRET_EXTERNAL_DOMAIN/./-}-unifi' advancedMounts: unifi: app: - path: /unifi/cert/cert.pem subPath: tls.crt readOnly: true - path: /unifi/cert/privkey.pem subPath: tls.key readOnly: true - path: /unifi/data/keystore subPath: keystore.jks readOnly: false