lcy
/
truenas


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778
							{{- define "unifi.workload" -}}
workload:
  unifi:
    enabled: true
    primary: true
    type: Deployment
    podSpec:
      hostNetwork: {{ .Values.unifiNetwork.hostNetwork }}
      containers:
        unifi:
          enabled: true
          primary: true
          imageSelector: image
          securityContext:
            runAsUser: 999
            runAsGroup: 999
            readOnlyRootFilesystem: false
          env:
            UNIFI_STDOUT: true
            UNIFI_HTTP_PORT: {{ .Values.unifiNetwork.webHttpPort }}
            UNIFI_HTTPS_PORT: {{ .Values.unifiNetwork.webHttpsPort }}
            PORTAL_HTTP_PORT: {{ .Values.unifiNetwork.portalHttpPort }}
            PORTAL_HTTPS_PORT: {{ .Values.unifiNetwork.portalHttpsPort }}
            {{- if .Values.unifiNetwork.certificateID }}
            CERTNAME: cert.pem
            CERT_PRIVATE_NAME: privkey.pem
            CERT_IS_CHAIN: true
            {{- end }}
          {{ with .Values.unifiConfig.additionalEnvs }}
          envList:
            {{ range $env := . }}
            - name: {{ $env.name }}
              value: {{ $env.value }}
            {{ end }}
          {{ end }}
          probes:
            liveness:
              enabled: true
              type: exec
              command: /usr/local/bin/docker-healthcheck.sh
            readiness:
              enabled: true
              type: exec
              command: /usr/local/bin/docker-healthcheck.sh
            startup:
              enabled: true
              type: exec
              command: /usr/local/bin/docker-healthcheck.sh
      initContainers:
      {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
                                                        "UID" 999
                                                        "GID" 999
                                                        "mode" "check"
                                                        "type" "init") | nindent 8 }}
      {{- if .Values.unifiNetwork.certificateID }}
        # Unifi chowns the files on startup, and if we mount them directly
        # from the secret, it will fail to start. So we make copy.
        02-certs:
          enabled: true
          type: init
          imageSelector: image
          securityContext:
            runAsUser: 999
            runAsGroup: 999
            readOnlyRootFilesystem: false
          command:
            - /bin/sh
            - -c
          args:
            - |
              certdir=/unifi/cert
              echo "Copying certificates to $certdir"
              mkdir -p $certdir
              cp --force --verbose /ix/cert/private.key $certdir/privkey.pem
              cp --force --verbose /ix/cert/public.crt $certdir/cert.pem
              cp --force --verbose /ix/cert/public.crt $certdir/chain.pem
      {{- end -}}
{{- end -}}