apiVersion: apps/v1 kind: Deployment metadata: name: fluentd spec: replicas: 1 selector: matchLabels: app: fluentd template: metadata: labels: app: fluentd spec: containers: - name: fluentd image: ubnt/unms-fluentd:2.4.188 ports: - containerPort: 24224 volumeMounts: - name: logs mountPath: /fluentd/log envFrom: - configMapRef: name: fluentd-config volumes: - name: logs persistentVolumeClaim: claimName: fluentd-logs-pvc --- apiVersion: apps/v1 kind: Deployment metadata: name: siridb spec: replicas: 1 selector: matchLabels: app: siridb template: metadata: labels: app: siridb spec: containers: - name: siridb image: ubnt/unms-siridb:2.4.188 volumeMounts: - name: siridb-data mountPath: /var/lib/siridb - name: siridb-cores mountPath: /cores envFrom: - configMapRef: name: siridb-config securityContext: capabilities: add: ["SYS_PTRACE"] volumes: - name: siridb-data persistentVolumeClaim: claimName: siridb-data-pvc - name: siridb-cores persistentVolumeClaim: claimName: siridb-cores-pvc --- apiVersion: apps/v1 kind: Deployment metadata: name: postgres spec: replicas: 1 selector: matchLabels: app: postgres template: metadata: labels: app: postgres spec: initContainers: - name: init-postgres image: busybox command: ["sh", "-c"] args: - | mkdir -p /var/lib/postgresql/data/pgdata chown -R 999:999 /var/lib/postgresql/data/pgdata volumeMounts: - name: postgres-data mountPath: /var/lib/postgresql/data containers: - name: postgres image: ubnt/unms-postgres:2.4.188 args: ["postgres", "-c", "deadlock_timeout=5000", "-c", "max_connections=570"] volumeMounts: - name: postgres-data mountPath: /var/lib/postgresql/data envFrom: - configMapRef: name: postgres-config env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: db-secrets key: POSTGRES_PASSWORD - name: UNMS_POSTGRES_PASSWORD valueFrom: secretKeyRef: name: db-secrets key: UNMS_POSTGRES_PASSWORD - name: UCRM_POSTGRES_PASSWORD valueFrom: secretKeyRef: name: db-secrets key: UCRM_POSTGRES_PASSWORD volumes: - name: postgres-data persistentVolumeClaim: claimName: postgres-data-pvc --- apiVersion: apps/v1 kind: Deployment metadata: name: rabbitmq spec: replicas: 1 selector: matchLabels: app: rabbitmq template: metadata: labels: app: rabbitmq spec: containers: - name: rabbitmq image: rabbitmq:3.7.28-alpine ports: - containerPort: 5672 volumeMounts: - name: rabbitmq-data mountPath: /var/lib/rabbitmq envFrom: - configMapRef: name: rabbitmq-config volumes: - name: rabbitmq-data persistentVolumeClaim: claimName: rabbitmq-data-pvc --- apiVersion: apps/v1 kind: Deployment metadata: name: unms spec: replicas: 1 selector: matchLabels: app: unms template: metadata: labels: app: unms spec: containers: - name: unms image: ubnt/unms:2.4.188 volumeMounts: - name: unms-data mountPath: /home/app/unms/data envFrom: - configMapRef: name: unms-config env: - name: UNMS_PG_PASSWORD valueFrom: secretKeyRef: name: db-secrets key: UNMS_POSTGRES_PASSWORD securityContext: capabilities: add: ["NET_ADMIN"] volumes: - name: unms-data persistentVolumeClaim: claimName: unms-data-pvc --- apiVersion: apps/v1 kind: Deployment metadata: name: ucrm spec: replicas: 1 selector: matchLabels: app: ucrm template: metadata: labels: app: ucrm spec: containers: - name: ucrm image: ubnt/unms-crm:4.4.30 args: ["server_with_migrate"] volumeMounts: - name: ucrm-data mountPath: /data envFrom: - configMapRef: name: ucrm-config env: - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: db-secrets key: UCRM_POSTGRES_PASSWORD volumes: - name: ucrm-data persistentVolumeClaim: claimName: ucrm-data-pvc --- apiVersion: apps/v1 kind: Deployment metadata: name: nginx spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: initContainers: - name: init-cert-generator image: alpine:3.12 command: ["/bin/sh", "-c"] args: - | # Install OpenSSL apk add --no-cache openssl # Ensure the /cert directory exists and has the correct permissions mkdir -p /cert chown 1000:1000 /cert chmod 700 /cert # Generate SSL certificate keys openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /cert/nginx.key -out /cert/nginx.crt -subj "/CN=localhost" volumeMounts: - name: unms-data mountPath: /cert subPath: data/cert containers: - name: nginx image: ubnt/unms-nginx:2.4.188 ports: - containerPort: 80 - containerPort: 443 - containerPort: 81 - containerPort: 8089 volumeMounts: - name: unms-data mountPath: /cert subPath: data/cert - name: firmwares mountPath: /www/firmwares envFrom: - configMapRef: name: nginx-config volumes: - name: unms-data persistentVolumeClaim: claimName: unms-data-pvc - name: firmwares persistentVolumeClaim: claimName: nginx-firmwares-pvc --- apiVersion: apps/v1 kind: Deployment metadata: name: netflow spec: replicas: 1 selector: matchLabels: app: netflow template: metadata: labels: app: netflow spec: containers: - name: netflow image: ubnt/unms-netflow:2.4.188 ports: - containerPort: 2055 protocol: UDP envFrom: - configMapRef: name: netflow-config