work towards stable

uisp/templates/configMap.yaml

@@ -107,34 +107,12 @@ kind: ConfigMap
 metadata:
   name: nginx-config
 data:
-  nginx.conf: |
+  NGINX_UID: "1001"
-    # Configuration for nginx
+  HTTP_PORT: "80"
-    user  nginx;
+  HTTPS_PORT: "443"
-    worker_processes  1;
+  SUSPEND_PORT: "81"
-
+  UNMS_HTTP_PORT: "8081"
-    error_log  /var/log/nginx/error.log warn;
+  UNMS_WS_PORT: "8082"
-    pid        /var/run/nginx.pid;
+  UNMS_WS_SHELL_PORT: "8083"
-
+  UNMS_WS_API_PORT: "8084"
-    events {
+  PUBLIC_HTTPS_PORT: "443"
-        worker_connections  1024;
-    }
-
-    http {
-        include       /etc/nginx/mime.types;
-        default_type  application/octet-stream;
-
-        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                          '$status $body_bytes_sent "$http_referer" '
-                          '"$http_user_agent" "$http_x_forwarded_for"';
-
-        access_log  /var/log/nginx/access.log  main;
-
-        sendfile        on;
-        #tcp_nopush     on;
-
-        keepalive_timeout  65;
-
-        #gzip  on;
-
-        include /etc/nginx/conf.d/*.conf;
-    }

uisp/templates/deployment.yaml

@@ -103,17 +103,17 @@ spec:
         - name: POSTGRES_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: db-secrets
+              name: uisp-secrets
               key: POSTGRES_PASSWORD
         - name: UNMS_POSTGRES_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: db-secrets
+              name: uisp-secrets
               key: UNMS_POSTGRES_PASSWORD
         - name: UCRM_POSTGRES_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: db-secrets
+              name: uisp-secrets
               key: UCRM_POSTGRES_PASSWORD
       volumes:
       - name: postgres-data
@@ -167,6 +167,12 @@ spec:
       containers:
       - name: unms
         image: ubnt/unms:2.4.188
+        ports:
+        - containerPort: 81
+        - containerPort: 443
+        - containerPort: 8081
+        - containerPort: 8082
+        - containerPort: 8083         
         volumeMounts:
         - name: unms-data
           mountPath: /home/app/unms/data
@@ -177,8 +183,13 @@ spec:
         - name: UNMS_PG_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: db-secrets
+              name: uisp-secrets
               key: UNMS_POSTGRES_PASSWORD
+        - name: SECURE_LINK_SECRET
+          valueFrom:
+            configMapKeyRef:
+              name: unms-config
+              key: SECURE_LINK_SECRET
         securityContext:
           capabilities:
             add: ["NET_ADMIN"]
@@ -204,6 +215,9 @@ spec:
       containers:
       - name: ucrm
         image: ubnt/unms-crm:4.4.30
+        ports:
+        - containerPort: 81
+        - containerPort: 443
         args: ["server_with_migrate"]
         volumeMounts:
         - name: ucrm-data
@@ -215,7 +229,7 @@ spec:
         - name: POSTGRES_PASSWORD
           valueFrom:
             secretKeyRef:
-              name: db-secrets
+              name: uisp-secrets
               key: UCRM_POSTGRES_PASSWORD
       volumes:
       - name: ucrm-data
@@ -236,6 +250,7 @@ spec:
       labels:
         app: nginx
     spec:
+      dnsPolicy: ClusterFirst
       initContainers:
       - name: init-cert-generator
         image: alpine:3.12
@@ -251,9 +266,18 @@ spec:
           # Generate SSL certificate keys
           openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /cert/nginx.key -out /cert/nginx.crt -subj "/CN=localhost"
         volumeMounts:
-        - name: unms-data
+        - name: cert
           mountPath: /cert
-          subPath: data/cert
+      # initContainers:
+      # - name: init-cert-generator
+      #   image: alpine:3.12
+      #   command: ["/bin/sh", "-c"]
+      #   args:
+      #   - |
+      #     # Ensure the /cert directory exists and has the correct permissions
+      #     mkdir -p /cert
+      #     chown 1000:1000 /cert
+      #     chmod 700 /cert
       containers:
       - name: nginx
         image: ubnt/unms-nginx:2.4.188
@@ -263,18 +287,23 @@ spec:
         - containerPort: 81
         - containerPort: 8089
         volumeMounts:
-        - name: unms-data
+        - name: cert
           mountPath: /cert
-          subPath: data/cert
         - name: firmwares
           mountPath: /www/firmwares
         envFrom:
         - configMapRef:
             name: nginx-config
+        env:
+        - name: SECURE_LINK_SECRET
+          valueFrom:
+            configMapKeyRef:
+              name: unms-config
+              key: SECURE_LINK_SECRET
       volumes:
-      - name: unms-data
+      - name: cert
         persistentVolumeClaim:
-          claimName: unms-data-pvc
+          claimName: nginx-cert-pvc
       - name: firmwares
         persistentVolumeClaim:
           claimName: nginx-firmwares-pvc

uisp/templates/secret.yaml

@@ -1,9 +1,10 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: db-secrets
+  name: uisp-secrets
 type: Opaque
 data:
   POSTGRES_PASSWORD: "MWIwVXgxdkpJRGJvN05UUXkxQXJ4cDRzeDhCQ3g5QVFxN1UyUkdUeWd3N0FqcVpM" # base64 encoded "1B0Ux1wJIDbo7NTQy1Arxp4sx8BCx9AQq7U2RGTygw7QjqZL"
   UNMS_POSTGRES_PASSWORD: "SmNKbzRJQmhISWNzTjByd0Y0YU5IbnFRTDBjYVh1a0VtU2dBejFKdE1KelpDOTQz" # base64 encoded "JcJo4IBhHIcsN0rwF4aNHnqQL0caXukEmSgAz1JtMJzZC943"
   UCRM_POSTGRES_PASSWORD: "ZDlOWnhEcFJIbkVUbWN3amRGM2YyVVl0aDlCZVlYSWtmZ1Z6RnhuTzZrZXB1Q2ZV" # base64 encoded "d9NZxDpRHnUTmcwjdF3f2UYth9BeYXIkfkVzFxnO6kepuCfU"
+  SECURE_LINK_SECRET: "SWROTUVFVW5CYWRvQTBkUHI2ZTdtNzY3OThKTEJaTFZRMFZQR0F0cWl6MzFsWU14ZXVMWWVma2ZQa1plcHNHTTJXb29tR0ZQb2x2NXU1TGQ3NGUyWFZSdDByVGxzWm85ajBlaFNFQ1VS" # base64 encoded "IdNMEEUnBadoA0dRr6e7t76798JLBZLVQ0FPGAtqiz31lYMxeuLYefkfPkZepsGM2WoomGFPolv5u5Ld74e2XVRt0rTlsZo9j0ehSECURE"