From 770eb1a5dbd614a4140b99c2487719d296741457 Mon Sep 17 00:00:00 2001 From: sjenkins Date: Wed, 5 Mar 2025 16:15:22 -0600 Subject: [PATCH] work towards stable --- uisp/templates/configMap.yaml | 40 ++++++-------------------- uisp/templates/deployment.yaml | 51 ++++++++++++++++++++++++++-------- uisp/templates/secret.yaml | 5 ++-- 3 files changed, 52 insertions(+), 44 deletions(-) diff --git a/uisp/templates/configMap.yaml b/uisp/templates/configMap.yaml index b96bcfa..9dbbddf 100644 --- a/uisp/templates/configMap.yaml +++ b/uisp/templates/configMap.yaml @@ -107,34 +107,12 @@ kind: ConfigMap metadata: name: nginx-config data: - nginx.conf: | - # Configuration for nginx - user nginx; - worker_processes 1; - - error_log /var/log/nginx/error.log warn; - pid /var/run/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; - } \ No newline at end of file + NGINX_UID: "1001" + HTTP_PORT: "80" + HTTPS_PORT: "443" + SUSPEND_PORT: "81" + UNMS_HTTP_PORT: "8081" + UNMS_WS_PORT: "8082" + UNMS_WS_SHELL_PORT: "8083" + UNMS_WS_API_PORT: "8084" + PUBLIC_HTTPS_PORT: "443" diff --git a/uisp/templates/deployment.yaml b/uisp/templates/deployment.yaml index 97a7976..8008354 100644 --- a/uisp/templates/deployment.yaml +++ b/uisp/templates/deployment.yaml @@ -103,17 +103,17 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: db-secrets + name: uisp-secrets key: POSTGRES_PASSWORD - name: UNMS_POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: db-secrets + name: uisp-secrets key: UNMS_POSTGRES_PASSWORD - name: UCRM_POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: db-secrets + name: uisp-secrets key: UCRM_POSTGRES_PASSWORD volumes: - name: postgres-data @@ -167,6 +167,12 @@ spec: containers: - name: unms image: ubnt/unms:2.4.188 + ports: + - containerPort: 81 + - containerPort: 443 + - containerPort: 8081 + - containerPort: 8082 + - containerPort: 8083 volumeMounts: - name: unms-data mountPath: /home/app/unms/data @@ -177,8 +183,13 @@ spec: - name: UNMS_PG_PASSWORD valueFrom: secretKeyRef: - name: db-secrets + name: uisp-secrets key: UNMS_POSTGRES_PASSWORD + - name: SECURE_LINK_SECRET + valueFrom: + configMapKeyRef: + name: unms-config + key: SECURE_LINK_SECRET securityContext: capabilities: add: ["NET_ADMIN"] @@ -204,6 +215,9 @@ spec: containers: - name: ucrm image: ubnt/unms-crm:4.4.30 + ports: + - containerPort: 81 + - containerPort: 443 args: ["server_with_migrate"] volumeMounts: - name: ucrm-data @@ -215,7 +229,7 @@ spec: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: db-secrets + name: uisp-secrets key: UCRM_POSTGRES_PASSWORD volumes: - name: ucrm-data @@ -236,6 +250,7 @@ spec: labels: app: nginx spec: + dnsPolicy: ClusterFirst initContainers: - name: init-cert-generator image: alpine:3.12 @@ -251,9 +266,18 @@ spec: # Generate SSL certificate keys openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /cert/nginx.key -out /cert/nginx.crt -subj "/CN=localhost" volumeMounts: - - name: unms-data + - name: cert mountPath: /cert - subPath: data/cert + # initContainers: + # - name: init-cert-generator + # image: alpine:3.12 + # command: ["/bin/sh", "-c"] + # args: + # - | + # # Ensure the /cert directory exists and has the correct permissions + # mkdir -p /cert + # chown 1000:1000 /cert + # chmod 700 /cert containers: - name: nginx image: ubnt/unms-nginx:2.4.188 @@ -263,18 +287,23 @@ spec: - containerPort: 81 - containerPort: 8089 volumeMounts: - - name: unms-data + - name: cert mountPath: /cert - subPath: data/cert - name: firmwares mountPath: /www/firmwares envFrom: - configMapRef: name: nginx-config + env: + - name: SECURE_LINK_SECRET + valueFrom: + configMapKeyRef: + name: unms-config + key: SECURE_LINK_SECRET volumes: - - name: unms-data + - name: cert persistentVolumeClaim: - claimName: unms-data-pvc + claimName: nginx-cert-pvc - name: firmwares persistentVolumeClaim: claimName: nginx-firmwares-pvc diff --git a/uisp/templates/secret.yaml b/uisp/templates/secret.yaml index cf9c069..e55bac4 100644 --- a/uisp/templates/secret.yaml +++ b/uisp/templates/secret.yaml @@ -1,9 +1,10 @@ apiVersion: v1 kind: Secret metadata: - name: db-secrets + name: uisp-secrets type: Opaque data: POSTGRES_PASSWORD: "MWIwVXgxdkpJRGJvN05UUXkxQXJ4cDRzeDhCQ3g5QVFxN1UyUkdUeWd3N0FqcVpM" # base64 encoded "1B0Ux1wJIDbo7NTQy1Arxp4sx8BCx9AQq7U2RGTygw7QjqZL" UNMS_POSTGRES_PASSWORD: "SmNKbzRJQmhISWNzTjByd0Y0YU5IbnFRTDBjYVh1a0VtU2dBejFKdE1KelpDOTQz" # base64 encoded "JcJo4IBhHIcsN0rwF4aNHnqQL0caXukEmSgAz1JtMJzZC943" - UCRM_POSTGRES_PASSWORD: "ZDlOWnhEcFJIbkVUbWN3amRGM2YyVVl0aDlCZVlYSWtmZ1Z6RnhuTzZrZXB1Q2ZV" # base64 encoded "d9NZxDpRHnUTmcwjdF3f2UYth9BeYXIkfkVzFxnO6kepuCfU" \ No newline at end of file + UCRM_POSTGRES_PASSWORD: "ZDlOWnhEcFJIbkVUbWN3amRGM2YyVVl0aDlCZVlYSWtmZ1Z6RnhuTzZrZXB1Q2ZV" # base64 encoded "d9NZxDpRHnUTmcwjdF3f2UYth9BeYXIkfkVzFxnO6kepuCfU" + SECURE_LINK_SECRET: "SWROTUVFVW5CYWRvQTBkUHI2ZTdtNzY3OThKTEJaTFZRMFZQR0F0cWl6MzFsWU14ZXVMWWVma2ZQa1plcHNHTTJXb29tR0ZQb2x2NXU1TGQ3NGUyWFZSdDByVGxzWm85ajBlaFNFQ1VS" # base64 encoded "IdNMEEUnBadoA0dRr6e7t76798JLBZLVQ0FPGAtqiz31lYMxeuLYefkfPkZepsGM2WoomGFPolv5u5Ld74e2XVRt0rTlsZo9j0ehSECURE" \ No newline at end of file