diff --git a/library/ix-dev/community/unifi-controller/Chart.yaml b/library/ix-dev/community/unifi-controller/Chart.yaml index 2fa8756b70..4368f9f5b0 100644 --- a/library/ix-dev/community/unifi-controller/Chart.yaml +++ b/library/ix-dev/community/unifi-controller/Chart.yaml @@ -3,9 +3,9 @@ description: Unifi Controller is a network management controller for Unifi Equip annotations: title: Unifi Controller type: application -version: 1.1.3 +version: 1.2.0 apiVersion: v2 -appVersion: 7.5.176 +appVersion: 7.5.187 kubeVersion: '>=1.16.0-0' maintainers: - name: truenas @@ -15,12 +15,12 @@ dependencies: - name: common repository: file://../../../common version: 1.2.3 -home: https://github.com/jacobalberty/unifi-docker +home: https://github.com/goofball222/unifi icon: https://media.sys.truenas.net/apps/unifi-controller/icons/icon.png sources: - - https://github.com/jacobalberty/unifi-docker + - https://github.com/goofball222/unifi - https://github.com/truenas/charts/tree/master/library/ix-dev/community/unifi-controller - - https://hub.docker.com/r/jacobalberty/unifi + - https://hub.docker.com/r/goofball222/unifi keywords: - network - controller diff --git a/library/ix-dev/community/unifi-controller/README.md b/library/ix-dev/community/unifi-controller/README.md index 757081d4a1..f5b44a70a0 100644 --- a/library/ix-dev/community/unifi-controller/README.md +++ b/library/ix-dev/community/unifi-controller/README.md @@ -1,6 +1,6 @@ # Unifi Controller -[Unifi Controller](https://github.com/jacobalberty/unifi-docker) is a network management controller for Unifi Equipment. +[Unifi Controller](https://github.com/goofball222/unifi) is a network management controller for Unifi Equipment. > When application is installed, a container will be launched with **root** privileges. > This is required in order to apply the correct permissions to the `Unifi Controller` directories. diff --git a/library/ix-dev/community/unifi-controller/app-readme.md b/library/ix-dev/community/unifi-controller/app-readme.md index 757081d4a1..f5b44a70a0 100644 --- a/library/ix-dev/community/unifi-controller/app-readme.md +++ b/library/ix-dev/community/unifi-controller/app-readme.md @@ -1,6 +1,6 @@ # Unifi Controller -[Unifi Controller](https://github.com/jacobalberty/unifi-docker) is a network management controller for Unifi Equipment. +[Unifi Controller](https://github.com/goofball222/unifi) is a network management controller for Unifi Equipment. > When application is installed, a container will be launched with **root** privileges. > This is required in order to apply the correct permissions to the `Unifi Controller` directories. diff --git a/library/ix-dev/community/unifi-controller/charts/common-1.2.3.tgz b/library/ix-dev/community/unifi-controller/charts/common-1.2.3.tgz index 153140c930..2a0564b1e8 100644 Binary files a/library/ix-dev/community/unifi-controller/charts/common-1.2.3.tgz and b/library/ix-dev/community/unifi-controller/charts/common-1.2.3.tgz differ diff --git a/library/ix-dev/community/unifi-controller/ci/basic-values.yaml b/library/ix-dev/community/unifi-controller/ci/basic-values.yaml index e5de6d579c..5a98d14a29 100644 --- a/library/ix-dev/community/unifi-controller/ci/basic-values.yaml +++ b/library/ix-dev/community/unifi-controller/ci/basic-values.yaml @@ -1,4 +1,3 @@ unifiStorage: data: - type: hostPath - hostPath: /mnt/{{ .Release.Namespace }}/data + type: pvc diff --git a/library/ix-dev/community/unifi-controller/ci/extra-values.yaml b/library/ix-dev/community/unifi-controller/ci/extra-values.yaml index 51ae6de7ab..2cb2992881 100644 --- a/library/ix-dev/community/unifi-controller/ci/extra-values.yaml +++ b/library/ix-dev/community/unifi-controller/ci/extra-values.yaml @@ -1,11 +1,9 @@ unifiStorage: data: - type: hostPath - hostPath: /mnt/{{ .Release.Namespace }}/data + type: pvc additionalStorages: - - type: hostPath - hostPath: /mnt/{{ .Release.Namespace }}/init.d - mountPath: /unifi/init.d + - type: pvc + mountPath: /data2 unifiNetwork: enableWebHttp: true diff --git a/library/ix-dev/community/unifi-controller/ci/hostNet-values.yaml b/library/ix-dev/community/unifi-controller/ci/hostNet-values.yaml index 7251f97ef5..bc36fbe548 100644 --- a/library/ix-dev/community/unifi-controller/ci/hostNet-values.yaml +++ b/library/ix-dev/community/unifi-controller/ci/hostNet-values.yaml @@ -1,7 +1,6 @@ unifiStorage: data: - type: hostPath - hostPath: /mnt/{{ .Release.Namespace }}/data + type: pvc unifiNetwork: hostNetwork: true diff --git a/library/ix-dev/community/unifi-controller/ci/https-values.yaml b/library/ix-dev/community/unifi-controller/ci/https-values.yaml index a1f2b8ac7b..ce2452a158 100644 --- a/library/ix-dev/community/unifi-controller/ci/https-values.yaml +++ b/library/ix-dev/community/unifi-controller/ci/https-values.yaml @@ -1,7 +1,6 @@ unifiStorage: data: - type: hostPath - hostPath: /mnt/{{ .Release.Namespace }}/data + type: pvc unifiNetwork: certificateID: 1 diff --git a/library/ix-dev/community/unifi-controller/templates/_persistence.tpl b/library/ix-dev/community/unifi-controller/templates/_persistence.tpl index 201fe23b2d..607bc1f1c5 100644 --- a/library/ix-dev/community/unifi-controller/templates/_persistence.tpl +++ b/library/ix-dev/community/unifi-controller/templates/_persistence.tpl @@ -8,11 +8,27 @@ persistence: targetSelector: unifi: unifi: - mountPath: /unifi + mountPath: /usr/lib/unifi/data 01-permissions: mountPath: /mnt/directories/unifi - 02-certs: - mountPath: /unifi + 02-migrate: + mountPath: /usr/lib/unifi/data + cert: + # Mounted secrets are combined + # into a java keystore at startup + enabled: true + type: emptyDir + targetSelector: + unifi: + unifi: + mountPath: /usr/lib/unifi/cert + logs: + enabled: true + type: emptyDir + targetSelector: + unifi: + unifi: + mountPath: /usr/lib/unifi/logs tmp: enabled: true type: emptyDir @@ -49,22 +65,28 @@ persistence: {{- end -}} {{- if .Values.unifiNetwork.certificateID }} - cert: + cert-private: enabled: true type: secret objectName: unifi-cert defaultMode: "0600" - items: - - key: tls.key - path: private.key - - key: tls.crt - path: public.crt targetSelector: unifi: - 02-certs: - mountPath: /ix/cert + unifi: + mountPath: /usr/lib/unifi/cert/privkey.pem + subPath: tls.key + readOnly: true + cert-public: + enabled: true + type: secret + objectName: unifi-cert + defaultMode: "0600" + targetSelector: + unifi: + unifi: + mountPath: /usr/lib/unifi/cert/cert.pem + subPath: tls.crt readOnly: true - scaleCertificate: unifi-cert: enabled: true diff --git a/library/ix-dev/community/unifi-controller/templates/_unifi.tpl b/library/ix-dev/community/unifi-controller/templates/_unifi.tpl index 0e6f980ad6..1f509093fa 100644 --- a/library/ix-dev/community/unifi-controller/templates/_unifi.tpl +++ b/library/ix-dev/community/unifi-controller/templates/_unifi.tpl @@ -16,16 +16,13 @@ workload: runAsGroup: 999 readOnlyRootFilesystem: false env: - UNIFI_STDOUT: true + DB_MONGO_LOCAL: true + RUN_CHOWN: false + RUNAS_UID0: false UNIFI_HTTP_PORT: {{ .Values.unifiNetwork.webHttpPort }} UNIFI_HTTPS_PORT: {{ .Values.unifiNetwork.webHttpsPort }} PORTAL_HTTP_PORT: {{ .Values.unifiNetwork.portalHttpPort }} PORTAL_HTTPS_PORT: {{ .Values.unifiNetwork.portalHttpsPort }} - {{- if .Values.unifiNetwork.certificateID }} - CERTNAME: cert.pem - CERT_PRIVATE_NAME: privkey.pem - CERT_IS_CHAIN: true - {{- end }} {{ with .Values.unifiConfig.additionalEnvs }} envList: {{ range $env := . }} @@ -52,11 +49,20 @@ workload: "GID" 999 "mode" "check" "type" "init") | nindent 8 }} - {{- if .Values.unifiNetwork.certificateID }} - # Unifi chowns the files on startup, and if we mount them directly - # from the secret, it will fail to start. So we make copy. - 02-certs: - enabled: true + {{- $migrate := false -}} + {{- if (hasKey .Values.global "ixChartContext") -}} + {{- if (hasKey .Values.global.ixChartContext "upgradeMetadata") -}} + {{- with .Values.global.ixChartContext.upgradeMetadata -}} + {{- $ver := semver (.oldChartVersion | default "0.0.0") -}} + {{/* Enable migrate script if old version is below 1.2.x */}} + {{- if and (eq $ver.Major 1) (lt $ver.Minor 2) -}} + {{- $migrate = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end }} + 02-migrate: + enabled: {{ $migrate }} type: init imageSelector: image securityContext: @@ -64,15 +70,24 @@ workload: runAsGroup: 999 readOnlyRootFilesystem: false command: - - /bin/sh - - -c + - /bin/bash args: + - -c - | - certdir=/unifi/cert - echo "Copying certificates to $certdir" - mkdir -p $certdir - cp --force --verbose /ix/cert/private.key $certdir/privkey.pem - cp --force --verbose /ix/cert/public.crt $certdir/cert.pem - cp --force --verbose /ix/cert/public.crt $certdir/chain.pem - {{- end -}} + newdatadir="/usr/lib/unifi/data" + olddatadir="/usr/lib/unifi/data/data" + # Check the dir exists + [ ! -d "$newdatadir" ] && echo "$newdatadir missing" && exit 1 + # Check if there is a data/data dir to migrate + [ ! -d "$olddatadir" ] && echo "No $olddatadir dir found. Migration skipped" && exit 0 + + # Check if the new data dir is empty, ignoring the old data dir + dirs=$(ls -A "$newdatadir" | grep -v "data") + if [ -n "$dirs" ]; then + echo "New data dir is empty. Migrating data one level up" + mv $olddatadir/* $newdatadir || echo "Failed to move data" && exit 1 + # Remove the data/data dir + rm -rf $olddatadir + echo "Data migration complete" + fi {{- end -}} diff --git a/library/ix-dev/community/unifi-controller/upgrade_strategy b/library/ix-dev/community/unifi-controller/upgrade_strategy index 5718e19a44..af685230a1 100755 --- a/library/ix-dev/community/unifi-controller/upgrade_strategy +++ b/library/ix-dev/community/unifi-controller/upgrade_strategy @@ -6,12 +6,12 @@ import sys from catalog_update.upgrade_strategy import semantic_versioning -RE_STABLE_VERSION = re.compile(r'v\d+\.\d+\.\d+') +RE_STABLE_VERSION = re.compile(r'\d+\.\d+\.\d+') def newer_mapping(image_tags): key = list(image_tags.keys())[0] - tags = {t.strip('v'): t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)} + tags = {t: t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)} version = semantic_versioning(list(tags)) if not version: return {} diff --git a/library/ix-dev/community/unifi-controller/values.yaml b/library/ix-dev/community/unifi-controller/values.yaml index 2ff21e7d08..8fb7ea984c 100644 --- a/library/ix-dev/community/unifi-controller/values.yaml +++ b/library/ix-dev/community/unifi-controller/values.yaml @@ -1,7 +1,7 @@ image: - repository: jacobalberty/unifi + repository: goofball222/unifi pullPolicy: IfNotPresent - tag: v7.5.176 + tag: 7.5.187 resources: limits: