Add helm

2025-10-21 07:23:07 +02:00
parent 32a595d160
commit ea68bed9c2
24 changed files with 2126 additions and 0 deletions
--- a/helm/README.md
+++ b/helm/README.md
@@ -0,0 +1,234 @@
+# UniFi Network Operator - Helm Chart
+
+This directory contains the Helm chart for deploying the UniFi Network Operator to Kubernetes.
+
+## Quick Links
+
+- **[Installation Guide](./INSTALL.md)** - Detailed installation instructions and examples
+- **[Chart Documentation](./unifi-network-operator/README.md)** - Full configuration reference
+- **[Values Reference](./unifi-network-operator/values.yaml)** - All configurable values
+
+## Quick Start
+
+```bash
+# Install with minimal configuration
+helm install unifi-network-operator ./helm/unifi-network-operator \
+  --namespace unifi-network-operator-system \
+  --create-namespace \
+  --set unifi.url="https://your-unifi-controller:8443" \
+  --set unifi.password="your-password"
+```
+
+## Chart Structure
+
+```
+helm/unifi-network-operator/
+├── Chart.yaml                 # Chart metadata
+├── values.yaml               # Default configuration values
+├── README.md                 # Detailed chart documentation
+├── .helmignore              # Files to ignore when packaging
+├── crds/                    # Custom Resource Definitions
+│   ├── unifi.engen.priv.no_firewallgroups.yaml
+│   ├── unifi.engen.priv.no_firewallpolicies.yaml
+│   ├── unifi.engen.priv.no_firewallzones.yaml
+│   ├── unifi.engen.priv.no_networkconfigurations.yaml
+│   └── unifi.engen.priv.no_portforwards.yaml
+└── templates/               # Kubernetes resource templates
+    ├── NOTES.txt           # Post-installation notes
+    ├── _helpers.tpl        # Template helpers
+    ├── deployment.yaml     # Operator deployment
+    ├── serviceaccount.yaml # Service account
+    ├── clusterrole.yaml    # Cluster-level permissions
+    ├── clusterrolebinding.yaml
+    ├── role.yaml           # Namespace-level permissions
+    ├── rolebinding.yaml
+    ├── configmap.yaml      # Operator configuration
+    ├── secret.yaml         # UniFi credentials
+    ├── service.yaml        # Metrics service
+    └── servicemonitor.yaml # Prometheus integration
+```
+
+## Features
+
+- **Secure by Default**: Runs with restricted security context and non-root user
+- **Flexible Configuration**: Extensive values for customization
+- **Production Ready**: Leader election, resource limits, health checks
+- **Monitoring**: Built-in Prometheus ServiceMonitor support
+- **GitOps Friendly**: Works with ArgoCD, Flux, and other GitOps tools
+- **Credential Management**: Support for external secrets
+
+## Key Configuration Options
+
+### Required Settings
+
+- `unifi.url` - UniFi controller URL (e.g., `https://unifi.example.com:8443`)
+- `unifi.password` - UniFi password (or use `unifi.existingSecret`)
+
+### Common Optional Settings
+
+- `unifi.site` - UniFi site ID (default: `default`)
+- `unifi.username` - UniFi username (default: `admin`)
+- `config.fullSyncZone` - Zone name for bidirectional sync
+- `config.fullSyncNetwork` - Network name for bidirectional sync
+- `metrics.serviceMonitor.enabled` - Enable Prometheus monitoring
+- `resources.*` - Resource limits and requests
+
+## Using Make Targets
+
+The project Makefile includes helpful Helm targets:
+
+```bash
+# Lint the chart
+make helm-lint
+
+# Render templates (for debugging)
+make helm-template
+
+# Install (requires env vars)
+export UNIFI_URL="https://unifi.example.com:8443"
+export UNIFI_PASSWORD="your-password"
+make helm-install
+
+# Upgrade
+make helm-upgrade
+
+# Uninstall
+make helm-uninstall
+
+# Package the chart
+make helm-package
+
+# Dry run
+make helm-dry-run
+```
+
+## Examples
+
+### Development Installation
+
+```bash
+helm install unifi-network-operator ./helm/unifi-network-operator \
+  -n unifi-network-operator-system \
+  --create-namespace \
+  --set unifi.url="https://192.168.1.1:8443" \
+  --set unifi.password="admin"
+```
+
+### Production with Existing Secret
+
+```bash
+# Create secret
+kubectl create secret generic unifi-creds \
+  --from-literal=UNIFI_URL="https://unifi.example.com:8443" \
+  --from-literal=UNIFI_SITE="default" \
+  --from-literal=UNIFI_USERNAME="operator" \
+  --from-literal=UNIFI_PASSWORD="secure-password" \
+  -n unifi-network-operator-system
+
+# Install with secret reference
+helm install unifi-network-operator ./helm/unifi-network-operator \
+  -n unifi-network-operator-system \
+  --set unifi.existingSecret="unifi-creds"
+```
+
+### With Full Sync and Monitoring
+
+```bash
+helm install unifi-network-operator ./helm/unifi-network-operator \
+  -n unifi-network-operator-system \
+  --create-namespace \
+  --set unifi.url="https://unifi.example.com:8443" \
+  --set unifi.password="password" \
+  --set config.fullSyncZone="gateway" \
+  --set config.fullSyncNetwork="core" \
+  --set metrics.serviceMonitor.enabled=true
+```
+
+## Upgrading
+
+To upgrade the operator:
+
+```bash
+helm upgrade unifi-network-operator ./helm/unifi-network-operator \
+  -n unifi-network-operator-system
+```
+
+## Uninstalling
+
+```bash
+# Remove the operator (CRDs remain)
+helm uninstall unifi-network-operator -n unifi-network-operator-system
+
+# Also remove CRDs (WARNING: deletes all custom resources)
+kubectl delete crds \
+  firewallgroups.unifi.engen.priv.no \
+  firewallpolicies.unifi.engen.priv.no \
+  firewallzones.unifi.engen.priv.no \
+  networkconfigurations.unifi.engen.priv.no \
+  portforwards.unifi.engen.priv.no
+```
+
+## Customization
+
+Create a `custom-values.yaml` file:
+
+```yaml
+image:
+  tag: "v1.0.0"
+
+replicaCount: 1
+
+unifi:
+  existingSecret: "my-unifi-secret"
+
+config:
+  fullSyncZone: "gateway"
+  fullSyncNetwork: "core"
+  kubernetesUnifiZone: "k8s"
+
+resources:
+  limits:
+    memory: 256Mi
+  requests:
+    memory: 128Mi
+
+metrics:
+  serviceMonitor:
+    enabled: true
+    additionalLabels:
+      prometheus: kube-prometheus
+
+nodeSelector:
+  kubernetes.io/os: linux
+
+tolerations:
+  - key: "node-role.kubernetes.io/control-plane"
+    operator: "Exists"
+    effect: "NoSchedule"
+```
+
+Install with:
+
+```bash
+helm install unifi-network-operator ./helm/unifi-network-operator \
+  -n unifi-network-operator-system \
+  --create-namespace \
+  -f custom-values.yaml
+```
+
+## Documentation
+
+- **[INSTALL.md](./INSTALL.md)** - Complete installation guide with examples
+- **[Chart README](./unifi-network-operator/README.md)** - Full configuration reference
+- **[values.yaml](./unifi-network-operator/values.yaml)** - Commented default values
+
+## Support
+
+For issues and questions:
+- Check the [Installation Guide](./INSTALL.md)
+- Review the [Chart Documentation](./unifi-network-operator/README.md)
+- Check operator logs: `kubectl logs -n unifi-network-operator-system -l app.kubernetes.io/name=unifi-network-operator`
+
+## License
+
+This Helm chart is provided under the same license as the UniFi Network Operator project.