Migrate Unifi Controller to K3s

README.md

@@ -83,7 +83,7 @@ Expose Longhorn's dashboard through  `IngressRoute`:
 ```
 kubectl apply -f storage/Longhorn/ingressRoute-Longhorn.yml
 ```
-Add additional `storageClass` with backup schedule:
+Add additional `storageClass` with backup schedule:  
 ***After** specifying a NFS backup target (syntax: `nfs://servername:/path/to/share`) through Longhorn's dashboard*
 ```
 kind: StorageClass
@@ -282,6 +282,11 @@ kubectl apply -f services/PVR/deploy-NZBHydra.yml
 ```
 kubectl apply -f services/PVR/deploy-Plex.yml
 ```
+After deploying, Plex server needs to be *claimed* (=assigned to Plex-account):
+```
+kubectl get endpoints Plex -n PVR
+```
+Browse to the respective IP address (http://<nodeipaddress>:32400/web) and follow instructions.
 ###### 4.9.3) [Radarr](https://radarr.video/)    <small>(movie management)</small>
 ```
 kubectl apply -f services/PVR/deploy-Radarr.yml

ingress/Traefik2.x/chart-values.yml

@@ -1,6 +1,6 @@
 image:
   name: traefik
-#  tag: 2.2.11
+  tag: 2.3.2
 
 ports:
   rtmp:

ingress/Traefik2.x/configMap-Traefik.yml

@@ -70,6 +70,8 @@ data:
             - 1.0.0.1:53
     pilot:
       token: "45bfb48a-9c35-4fb1-97c8-e9ec3303c697"
+    serversTransport:
+      insecureSkipVerify: true
   dynamic.yml: |
     http:
       middlewares:

services/PVR/deploy-Lidarr.yml

@@ -0,0 +1,115 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: lidarr
+  namespace: pvr
+spec:
+  ports:
+    - protocol: TCP
+      name: web
+      port: 8686
+  selector:
+    app: lidarr
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: lidarr
+  namespace: pvr
+  labels:
+    app: lidarr
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: lidarr
+  template:
+    metadata:
+      labels:
+        app: lidarr
+    spec:
+      containers:
+      - name: lidarr
+#        image: registry.spamasaurus.com/proxy/linuxserver/lidarr:nightly
+        image: linuxserver/lidarr:nightly
+        ports:
+          - name: web
+            containerPort: 8686
+        volumeMounts:
+        - mountPath: /config
+          name: flexvolsmb-lidarr-config
+        - mountPath: /songs
+          name: flexvolsmb-pvr-songs
+        - mountPath: /downloads
+          name: smb-pvr-volatile
+          subPath: downloads
+      volumes:
+      - name: flexvolsmb-lidarr-config
+        persistentVolumeClaim:
+          claimName: flexvolsmb-lidarr-config
+      - name: flexvolsmb-pvr-songs
+        persistentVolumeClaim:
+          claimName: flexvolsmb-pvr-songs
+      - name: smb-pvr-volatile
+        persistentVolumeClaim:
+          claimName: smb-pvr-volatile
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: lidarr
+  namespace: pvr
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`songs.pvr.spamasaurus.com`)
+    kind: Rule
+    services:
+    - name: lidarr
+      port: 8686
+    middlewares:
+      - name: 2fa-authentication@file
+      - name: security-headers@file
+      - name: compression@file
+  tls:
+    options:
+      name: defaults@file
+    certResolver: default
+    domains:
+    - main: '*.pvr.spamasaurus.com'
+      sans:
+        - 'pvr.spamasaurus.com'
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-lidarr-config
+  namespace: pvr
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-lidarr-config
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: smb-secret
+    options:
+      opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
+      server: 192.168.11.225
+      share: /K3s.Volumes/lidarr/config
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-lidarr-config
+  namespace: pvr
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-lidarr-config
+  resources:
+    requests:
+      storage: 1Gi

services/PVR/persistentVolumeClaim-PVR.yml

@@ -14,7 +14,7 @@ spec:
     secretRef:
       name: smb-secret
     options:
-      opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,cache=none
+      opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
       server: 192.168.11.225
       share: /Public/Video's/Films
 ---
@@ -47,7 +47,7 @@ spec:
     secretRef:
       name: smb-secret
     options:
-      opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,cache=none
+      opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,uid=911,gid=911,iocharset=utf8,cache=none
       server: 192.168.11.225
       share: /Public/Video's/Series
 ---
@@ -96,4 +96,36 @@ spec:
   resources:
     requests:
       storage: 1Gi
-
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-pvr-songs
+  namespace: pvr
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pvr-songs
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: smb-secret
+    options:
+      opts: domain=bessems.eu,file_mode=0777,dir_mode=0777,iocharset=utf8,cache=none
+      server: 192.168.11.225
+      share: /Public/Audio/temp
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-pvr-songs
+  namespace: pvr
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pvr-songs
+  resources:
+    requests:
+      storage: 1Gi

services/Unifi/deploy-Unifi.yml

@@ -0,0 +1,118 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: unifi
+spec:
+  ports:
+    - protocol: TCP
+      name: web
+      port: 8443
+  selector:
+    app: unifi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: unifi-tcp
+spec:
+  type: LoadBalancer
+  ports:
+    - protocol: TCP
+      name: comm
+      port: 8080
+    - protocol: TCP
+      name: bandwidth
+      port: 6789
+    - protocol: TCP
+      name: syslog
+      port: 5514
+  selector:
+    app: unifi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: unifi-udp
+spec:
+  type: LoadBalancer
+  ports:
+    - protocol: UDP
+      name: stun
+      port: 3478
+    - protocol: UDP
+      name: discovery
+      port: 10001
+  selector:
+    app: unifi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: unifi
+  labels:
+    app: unifi
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: unifi
+  template:
+    metadata:
+      labels:
+        app: unifi
+    spec:
+      containers:
+      - name: unifi
+        image: linuxserver/unifi-controller
+        ports:
+          - name: web
+            containerPort: 8443
+          - name: comm
+            containerPort: 8080
+          - name: bandwidth
+            containerPort: 6789
+          - name: syslog
+            containerPort: 5514
+          - name: stun
+            containerPort: 3478
+            protocol: UDP
+          - name: discovery
+            containerPort: 10001
+            protocol: UDP
+        volumeMounts:
+        - mountPath: /config
+          name: longhorn-unifi-config
+      volumes:
+      - name: longhorn-unifi-config
+        persistentVolumeClaim:
+          claimName: longhorn-unifi-config
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: unifi
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`wifi.spamasaurus.com`)
+    kind: Rule
+    services:
+    - name: unifi
+      port: 8443
+      scheme: https
+#    middlewares:
+#    - name: security-headers@file
+#    - name: compression@file
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: longhorn-unifi-config
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 1Gi

storage/Longhorn/ingressRoute-Longhorn.yml

@@ -17,11 +17,3 @@ spec:
         - name: 2fa-authentication@file
         - name: security-headers@file
         - name: compression@file
-  tls:
-    options:
-      name: default
-    certResolver: default
-    domains:
-    - main: '*.spamasaurus.com'
-      sans:
-      - 'spamasaurus.com'