[stable/unifi] Adding captive portal service (helm#21241)

* [stable/unifi] Adding captive portal service Signed-off-by: Arno Dubois <arno.du@orange.fr> Signed-off-by: Arno DUBOIS <arnodubois@sweetpunk.com> * [stable/unifi] Annnd bumping version Signed-off-by: Arno Dubois <arno.du@orange.fr> Signed-off-by: Arno DUBOIS <arnodubois@sweetpunk.com> * Added an enabled switch Signed-off-by: Arno DUBOIS <arnodubois@sweetpunk.com> * [stable/unifi] Fixing feedbacks Signed-off-by: Arno DUBOIS <arnodubois@sweetpunk.com> * [stable/unifi] Adding captive portal ingress Signed-off-by: Arno DUBOIS <arnodubois@sweetpunk.com> * [stable/unifi] Better table formatting Signed-off-by: Arno DUBOIS <arnodubois@sweetpunk.com> * [stable/unifi] Fixed ingress Signed-off-by: Arno DUBOIS <arnodubois@sweetpunk.com> Co-authored-by: Arno DUBOIS <arnodubois@sweetpunk.com> Signed-off-by: Miguel Mingorance <miguel.mingorance@deliveryhero.com>
mmingorance-dh · Aug 28, 2020 · 48c644b · 48c644b
1 parent 569f460
commit 48c644b
Show file tree

Hide file tree

Showing 7 changed files with 255 additions and 69 deletions.
diff --git a/stable/unifi/Chart.yaml b/stable/unifi/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: 5.11.50
 description: Ubiquiti Network's Unifi Controller
 name: unifi
-version: 0.6.1
+version: 0.6.2
 keywords:
   - ubiquiti
   - unifi

diff --git a/stable/unifi/README.md b/stable/unifi/README.md
diff --git a/stable/unifi/templates/captive-ingress.yaml b/stable/unifi/templates/captive-ingress.yaml
@@ -0,0 +1,39 @@
+{{- if (and .Values.captivePortalService.ingress.enabled (not .Values.unifiedService.enabled)) }}
+{{- $fullName := include "unifi.fullname" . -}}
+{{- $ingressPath := .Values.captivePortalService.ingress.path -}}
+{{- $unifiedServiceEnabled := .Values.unifiedService.enabled -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-captive
+  labels:
+    app.kubernetes.io/name: {{ include "unifi.name" . }}
+    helm.sh/chart: {{ include "unifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.captivePortalService.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.captivePortalService.ingress.tls }}
+  tls:
+  {{- range .Values.captivePortalService.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.captivePortalService.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}-captivePortalService
+              servicePort: captive-http
+  {{- end }}
+{{- end }}
diff --git a/stable/unifi/templates/captive-svc.yaml b/stable/unifi/templates/captive-svc.yaml
@@ -0,0 +1,61 @@
+{{ if (and .Values.captivePortalService.enabled (not .Values.unifiedService.enabled)) }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "unifi.fullname" . }}-captivePortalService
+  labels:
+    app.kubernetes.io/name: {{ include "unifi.name" . }}
+    helm.sh/chart: {{ include "unifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.captivePortalService.labels }}
+{{ toYaml .Values.captivePortalService.labels | indent 4 }}
+{{- end }}
+{{- with .Values.captivePortalService.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if (or (eq .Values.captivePortalService.type "ClusterIP") (empty .Values.captivePortalService.type)) }}
+  type: ClusterIP
+  {{- if .Values.captivePortalService.clusterIP }}
+  clusterIP: {{ .Values.captivePortalService.clusterIP }}
+  {{end}}
+{{- else if eq .Values.captivePortalService.type "LoadBalancer" }}
+  type: {{ .Values.captivePortalService.type }}
+  {{- if .Values.captivePortalService.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.captivePortalService.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.captivePortalService.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.captivePortalService.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+{{- else }}
+  type: {{ .Values.captivePortalService.type }}
+{{- end }}
+{{- if .Values.captivePortalService.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.captivePortalService.externalIPs | indent 4 }}
+{{- end }}
+  {{- if .Values.captivePortalService.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.captivePortalService.externalTrafficPolicy }}
+  {{- end }}
+  ports:
+    - port: {{ .Values.captivePortalService.http }}
+      targetPort: captive-http
+      protocol: TCP
+      name: captive-http
+{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.nodePorts.http))) }}
+      nodePort: {{.Values.captivePortalService.nodePorts.http}}
+{{ end }}
+    - port: {{ .Values.captivePortalService.https }}
+      targetPort: captive-https
+      protocol: TCP
+      name: captive-https
+{{ if (and (eq .Values.captivePortalService.type "NodePort") (not (empty .Values.captivePortalService.nodePorts.https))) }}
+      nodePort: {{.Values.captivePortalService.nodePorts.https}}
+{{ end }}
+  selector:
+    app.kubernetes.io/name: {{ include "unifi.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{ end }}
diff --git a/stable/unifi/templates/deployment.yaml b/stable/unifi/templates/deployment.yaml
@@ -50,6 +50,14 @@ spec:
             - name: stun
               containerPort: 3478
               protocol: UDP
+              {{ if .Values.captivePortalService.enabled }}
+            - name: captive-http
+              containerPort: 8880
+              protocol: TCP
+            - name: captive-https
+              containerPort: 8843
+              protocol: TCP
+              {{ end }}
           {{- if not .Values.runAsRoot }}
           securityContext:
             capabilities:

diff --git a/stable/unifi/templates/unified-svc.yaml b/stable/unifi/templates/unified-svc.yaml
@@ -69,6 +69,23 @@ spec:
 {{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.guiService.nodePort))) }}
       nodePort: {{.Values.guiService.nodePort}}
 {{ end }}
+{{ if .Values.captivePortalService.enabled }}
+    - name: captive-http
+      port: {{ .Values.captivePortalService.http }}
+      protocol: TCP
+      targetPort: captive-http
+{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.captivePortalService.http))) }}
+      nodePort: {{.Values.captivePortalService.nodePorts.http}}
+{{ end }}
+    - name: captive-https
+      port: {{ .Values.captivePortalService.https }}
+      protocol: TCP
+      targetPort: captive-https
+{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.captivePortalService.https))) }}
+      nodePort: {{.Values.captivePortalService.nodePorts.https}}
+{{ end }}
+{{ end }}
+
   selector:
     app.kubernetes.io/name: {{ include "unifi.name" . }}
     app.kubernetes.io/instance: {{ .Release.Name }}

diff --git a/stable/unifi/values.yaml b/stable/unifi/values.yaml
@@ -59,6 +59,47 @@ guiService:
   ## Set the externalTrafficPolicy in the Service to either Cluster or Local
   # externalTrafficPolicy: Cluster
 
+captivePortalService:
+  enabled: false
+  type: ClusterIP
+  http: 8880
+  https: 8843
+  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+  ##
+  # nodePort:
+  #   http: 8880
+  #   https: 8843
+  ## Provide any additional annotations which may be required. This can be used to
+  ## set the LoadBalancer service type to internal only.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+  ##
+  annotations: {}
+  labels: {}
+  ## Use loadBalancerIP to request a specific static IP,
+  ## otherwise leave blank
+  ##
+  loadBalancerIP:
+  # loadBalancerSourceRanges: []
+  ## Set the externalTrafficPolicy in the Service to either Cluster or Local
+  # externalTrafficPolicy: Cluster
+
+
+  # Ingress settings only for the captive portal
+  ingress:
+    enabled: false
+    annotations: {}
+      # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+      # kubernetes.io/ingress.class: nginx
+      # kubernetes.io/tls-acme: "true"
+    path: /
+    hosts:
+      - chart-example.local
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+
 controllerService:
   type: NodePort
   port: 8080