auricom-home-cluster/kubernetes/apps/default/unifi/app/helmrelease.yaml

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: &app unifi
spec:
  interval: 1h
  chartRef:
    kind: OCIRepository
    name: app-template
  install:
    remediation:
      retries: 3
  upgrade:
    cleanupOnFail: true
    remediation:
      strategy: rollback
      retries: 3
  values:
    controllers:
      unifi:
        annotations:
          reloader.stakater.com/auto: "true"
        containers:
          app:
            image:
              repository: jacobalberty/unifi
              tag: v9.4.19@sha256:ef032346e2ebdcadaadeb27e38be55f97e6b5ed6cea333d5d82ae9b58ae4068b
              pullPolicy: IfNotPresent
            env:
              RUNAS_UID0: "false"
              UNIFI_UID: "999"
              UNIFI_GID: "999"
              UNIFI_STDOUT: "true"
              JVM_INIT_HEAP_SIZE:
              JVM_MAX_HEAP_SIZE: 1024M
            resources:
              requests:
                memory: 2Gi
                cpu: 50m
    service:
      app:
        controller: *app
        type: LoadBalancer
        externalTrafficPolicy: Local
        loadBalancerIP: 192.168.169.103
        ports:
          https:
            port: &port 8443
            protocol: HTTPS
          controller:
            enabled: true
            port: 8080
            protocol: TCP
          portal-http:
            enabled: false
            port: 8880
            protocol: HTTP
          portal-https:
            enabled: false
            port: 8843
            protocol: HTTPS
          speedtest:
            enabled: true
            port: 6789
            protocol: TCP
          stun:
            enabled: true
            port: 3478
            protocol: UDP
          syslog:
            enabled: true
            port: 5514
            protocol: UDP
          discovery:
            enabled: true
            port: 10001
            protocol: UDP
    route:
      app:
        hostnames: ["{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"]
        parentRefs:
          - name: internal
            namespace: network
            sectionName: https
        rules:
          - backendRefs:
              - name: *app
                port: *port
            timeouts:
              request: 0s # websocket, never time out
              backendRequest: 0s # websocket, never time out
    persistence:
      config:
        enabled: true
        existingClaim: *app
        globalMounts:
          - path: /unifi
      cert:
        type: secret
        name: '${SECRET_EXTERNAL_DOMAIN/./-}-unifi'
        advancedMounts:
          unifi:
            app:
              - path: /unifi/cert/cert.pem
                subPath: tls.crt
                readOnly: true
              - path: /unifi/cert/privkey.pem
                subPath: tls.key
                readOnly: true
              - path: /unifi/data/keystore
                subPath: keystore.jks
                readOnly: false