apiVersion: v1 kind: Namespace metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator control-plane: controller-manager name: unifi-network-operator-system --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.17.2 name: firewallpolicies.unifi.engen.priv.no spec: group: unifi.engen.priv.no names: kind: FirewallPolicy listKind: FirewallPolicyList plural: firewallpolicies singular: firewallpolicy scope: Namespaced versions: - name: v1beta1 schema: openAPIV3Schema: description: FirewallPolicy is the Schema for the firewallpolicies API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: destination: properties: firewall_groups: items: properties: name: type: string namespace: type: string type: object type: array services: items: properties: name: type: string namespace: type: string type: object type: array type: object match_firewall_groups_in_all_namespaces: type: boolean match_services_in_all_namespaces: type: boolean name: type: string source: properties: from_networks: items: properties: name: type: string namespace: type: string type: object type: array from_zones: items: properties: name: type: string namespace: type: string type: object type: array type: object required: - destination - name - source type: object status: description: FirewallPolicyStatus defines the observed state of FirewallPolicy. properties: resources_managed: properties: firewall_groups_managed: items: properties: name: type: string namespace: type: string type: object type: array firewall_policies_managed: items: properties: from: type: string tcpipv4_id: type: string tcpipv6_id: type: string to: type: string udpipv4_id: type: string udpipv6_id: type: string required: - from - tcpipv4_id - tcpipv6_id - to - udpipv4_id - udpipv6_id type: object type: array type: object type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.17.2 name: firewallzones.unifi.engen.priv.no spec: group: unifi.engen.priv.no names: kind: FirewallZone listKind: FirewallZoneList plural: firewallzones singular: firewallzone scope: Namespaced versions: - name: v1beta1 schema: openAPIV3Schema: description: FirewallZone is the Schema for the firewallzones API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: FirewallZoneSpec defines the desired state of FirewallZone. properties: _id: type: string default_zone: type: boolean name: type: string network_ids: items: type: string type: array zone_key: type: string type: object status: description: FirewallZoneStatus defines the observed state of FirewallZone. properties: resources_managed: properties: firewall_zones_managed: items: properties: id: type: string name: type: string type: object type: array type: object type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.17.2 name: networkconfigurations.unifi.engen.priv.no spec: group: unifi.engen.priv.no names: kind: Networkconfiguration listKind: NetworkconfigurationList plural: networkconfigurations singular: networkconfiguration scope: Namespaced versions: - name: v1beta1 schema: openAPIV3Schema: description: Networkconfiguration is the Schema for the networkconfigurations API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: NetworkconfigurationSpec defines the desired state of Networkconfiguration. properties: _id: description: Foo is an example field of Networkconfiguration. Edit networkconfiguration_types.go to remove/update type: string enabled: type: boolean firewall_zone: type: string gateway_type: type: string ip_subnet: type: string ipv6_interface_type: type: string ipv6_pd_auto_prefixid_enabled: type: boolean ipv6_ra_enabled: type: boolean ipv6_setting_preference: type: string ipv6_subnet: type: string name: type: string networkgroup: type: string purpose: type: string setting_preference: type: string vlan: format: int64 type: integer vlan_enabled: type: boolean required: - name type: object status: description: NetworkconfigurationStatus defines the observed state of Networkconfiguration. properties: firewall_zone_id: description: |- INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file type: string ipv6_subnet_status: type: string lastSyncTime: description: LastSyncTime is the last time the object was synced format: date-time type: string resources_managed: properties: networks_managed: items: properties: id: type: string name: type: string type: object type: array type: object syncedWithUnifi: description: SyncedWithUnifi indicates whether the addresses are successfully pushed type: boolean type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.17.2 name: portforwards.unifi.engen.priv.no spec: group: unifi.engen.priv.no names: kind: PortForward listKind: PortForwardList plural: portforwards singular: portforward scope: Namespaced versions: - name: v1beta1 schema: openAPIV3Schema: description: |- PortForward is a placeholder type to allow future CRD support if needed. Right now, port forwards are managed entirely through annotations on Services. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: type: object status: type: object type: object served: true storage: true subresources: status: {} --- apiVersion: v1 kind: ServiceAccount metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-controller-manager namespace: unifi-network-operator-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-leader-election-role namespace: unifi-network-operator-system rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-firewallpolicy-admin-role rules: - apiGroups: - unifi.engen.priv.no resources: - firewallpolicies verbs: - '*' - apiGroups: - unifi.engen.priv.no resources: - firewallpolicies/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-firewallpolicy-editor-role rules: - apiGroups: - unifi.engen.priv.no resources: - firewallpolicies verbs: - create - delete - get - list - patch - update - watch - apiGroups: - unifi.engen.priv.no resources: - firewallpolicies/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-firewallpolicy-viewer-role rules: - apiGroups: - unifi.engen.priv.no resources: - firewallpolicies verbs: - get - list - watch - apiGroups: - unifi.engen.priv.no resources: - firewallpolicies/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-firewallzone-admin-role rules: - apiGroups: - unifi.engen.priv.no resources: - firewallzones verbs: - '*' - apiGroups: - unifi.engen.priv.no resources: - firewallzones/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-firewallzone-editor-role rules: - apiGroups: - unifi.engen.priv.no resources: - firewallzones verbs: - create - delete - get - list - patch - update - watch - apiGroups: - unifi.engen.priv.no resources: - firewallzones/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-firewallzone-viewer-role rules: - apiGroups: - unifi.engen.priv.no resources: - firewallzones verbs: - get - list - watch - apiGroups: - unifi.engen.priv.no resources: - firewallzones/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: unifi-network-operator-manager-role rules: - apiGroups: - "" resources: - configmaps - services verbs: - get - list - watch - apiGroups: - unifi.engen.priv.no resources: - firewallgroups - firewallpolicies - firewallzones - networkconfigurations - portforwards verbs: - create - delete - get - list - patch - update - watch - apiGroups: - unifi.engen.priv.no resources: - firewallgroups/finalizers - firewallpolicies/finalizers - firewallzones/finalizers - networkconfigurations/finalizers - portforwards/finalizers verbs: - update - apiGroups: - unifi.engen.priv.no resources: - firewallgroups/status - firewallpolicies/status - firewallzones/status - networkconfigurations/status - portforwards/status verbs: - get - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: unifi-network-operator-metrics-auth-role rules: - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: unifi-network-operator-metrics-reader rules: - nonResourceURLs: - /metrics verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-networkconfiguration-admin-role rules: - apiGroups: - unifi.engen.priv.no resources: - networkconfigurations verbs: - '*' - apiGroups: - unifi.engen.priv.no resources: - networkconfigurations/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-networkconfiguration-editor-role rules: - apiGroups: - unifi.engen.priv.no resources: - networkconfigurations verbs: - create - delete - get - list - patch - update - watch - apiGroups: - unifi.engen.priv.no resources: - networkconfigurations/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-networkconfiguration-viewer-role rules: - apiGroups: - unifi.engen.priv.no resources: - networkconfigurations verbs: - get - list - watch - apiGroups: - unifi.engen.priv.no resources: - networkconfigurations/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-portforward-admin-role rules: - apiGroups: - unifi.engen.priv.no resources: - portforwards verbs: - '*' - apiGroups: - unifi.engen.priv.no resources: - portforwards/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-portforward-editor-role rules: - apiGroups: - unifi.engen.priv.no resources: - portforwards verbs: - create - delete - get - list - patch - update - watch - apiGroups: - unifi.engen.priv.no resources: - portforwards/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-portforward-viewer-role rules: - apiGroups: - unifi.engen.priv.no resources: - portforwards verbs: - get - list - watch - apiGroups: - unifi.engen.priv.no resources: - portforwards/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-leader-election-rolebinding namespace: unifi-network-operator-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: unifi-network-operator-leader-election-role subjects: - kind: ServiceAccount name: unifi-network-operator-controller-manager namespace: unifi-network-operator-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator name: unifi-network-operator-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: unifi-network-operator-manager-role subjects: - kind: ServiceAccount name: unifi-network-operator-controller-manager namespace: unifi-network-operator-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: unifi-network-operator-metrics-auth-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: unifi-network-operator-metrics-auth-role subjects: - kind: ServiceAccount name: unifi-network-operator-controller-manager namespace: unifi-network-operator-system --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator control-plane: controller-manager name: unifi-network-operator-controller-manager-metrics-service namespace: unifi-network-operator-system spec: ports: - name: https port: 8443 protocol: TCP targetPort: 8443 selector: app.kubernetes.io/name: unifi-network-operator control-plane: controller-manager --- apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: unifi-network-operator control-plane: controller-manager name: unifi-network-operator-controller-manager namespace: unifi-network-operator-system spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: unifi-network-operator control-plane: controller-manager template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: app.kubernetes.io/name: unifi-network-operator control-plane: controller-manager spec: containers: - args: - --metrics-bind-address=:8443 - --leader-elect - --health-probe-bind-address=:8081 env: - name: UNIFI_URL valueFrom: secretKeyRef: key: UNIFI_URL name: unifi-configuration - name: UNIFI_SITE valueFrom: secretKeyRef: key: UNIFI_SITE name: unifi-configuration - name: UNIFI_USER valueFrom: secretKeyRef: key: UNIFI_USERNAME name: unifi-configuration - name: UNIFI_PASSWORD valueFrom: secretKeyRef: key: UNIFI_PASSWORD name: unifi-configuration image: gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller:latest livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: manager ports: [] readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL volumeMounts: [] securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault serviceAccountName: unifi-network-operator-controller-manager terminationGracePeriodSeconds: 10 volumes: []