Unifi@K8S
Page content
Run Unifi Controller in K8S
Install MicroK8S
sudo apt update
sudo apt install snapd
sudo snap install core
sudo snap install snapd
sudo snap install microk8s --classic
sudo usermod -a -G microk8s $USER
sudo chown -f -R $USER ~/.kube
Install Traefik
helm repo add traefik https://helm.traefik.io/traefik
helm repo update
helm install traefik traefik/traefik -n traefik --create-namespace
Configuration
traefik-values.yaml
ports:
traefik:
httpalt:
port: 8080
expose: true
protocol: TCP
# It will persist TLS certificates.
persistence:
enabled: true
name: traefik-pv
existingClaim: pv-traefik
accessMode: ReadWriteOnce
size: 1Gi
storageClass: ""
path: /opt/k8s/pv-traefik
annotations: {}
certResolvers:
letsencrypt:
email: ruesch.t@bluewin.ch
tlsChallenge: true
httpChallenge:
entryPoint: "web"
storage: /opt/k8s/pv-traefik/acme.json
microk8s.helm upgrade --install traefik traefik/traefik --values traefik-values.yaml -n traefik
traefik-dash.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: traefik-pv
labels:
type: local
spec:
storageClassName: ""
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/opt/k8s/pv-traefik"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pv-traefik
namespace: traefik
spec:
storageClassName: ""
volumeName: traefik-pv
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: dashboard
spec:
entryPoints:
- websecure
routes:
- match: Host(`raspberrypi.kitetrail.net`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
tls:
certResolver: letsencrypt
kubectl apply -f traefik-dash.yaml
Run Unifi Controller
unifi-controller-deployment.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-unifi-config
labels:
type: local
spec:
storageClassName: ""
claimRef:
namespace: default
name: pvc-unifi-config
capacity:
storage: 2Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/opt/k8s/pv-unifi-config"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-unifi-config
spec:
storageClassName: ""
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
---
apiVersion: v1
kind: Pod
metadata:
name: unifi-controller
labels:
component: controller
app: unifi-controller
spec:
volumes:
- name: volume-config
persistentVolumeClaim:
claimName: pvc-unifi-config
containers:
- name: unifi-controller
image: lscr.io/linuxserver/unifi-controller:latest
ports:
- containerPort: 8443
- containerPort: 3478
protocol: UDP
- containerPort: 10001
protocol: UDP
- containerPort: 8080
- containerPort: 1900
protocol: UDP
volumeMounts:
- mountPath: "/config"
name: volume-config
---
apiVersion: v1
kind: Service
metadata:
name: unifi-controller-api-svc
spec:
ports:
- port: 3478
targetPort: 3478
protocol: UDP
name: stunport
- port: 10001
targetPort: 10001
protocol: UDP
name: ap-discovery
- port: 8080
targetPort: 8080
name: dev-comm
- port: 8443
targetPort: 8443
name: web-gui
selector:
app: unifi-controller
component: controller
type: ClusterIP
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: unifi-dev-comm
namespace: default
spec:
entryPoints:
- httpalt
routes:
- match: HostSNI(`*`)
services:
- name: unifi-controller-api-svc
port: 8080
---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
namespace: default
spec:
serverName: unifi.kitetrail.net
insecureSkipVerify: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: unifi-webbui
namespace: default
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`unifi.kitetrail.net`)
services:
- name: unifi-controller-api-svc
port: 8443
serversTransport: mytransport
scheme: https
tls:
certResolver: letsencrypt
kubectl apply -f unifi-controller-deployment.yaml