[multiple] Update common library (#141)

* add syslog service

* promtail sidecar

* bump version

* update README

Co-authored-by: Jeff Billimek <jeff@billimek.com>

.github/workflows/lint-test.yaml

@@ -9,7 +9,7 @@ jobs:
       - name: Fetch history
         run: |
           git fetch --prune --unshallow;
-          echo ::set-env name=commitmsg::$(git log --format=%B -n 1 ${{ github.event.after }})
+          echo "commitmsg=$(git log --format=%B -n 1 ${{ github.event.after }})" >> $GITHUB_ENV
       - name: Run chart-testing (lint)
         id: lint
         uses: helm/chart-testing-action@v1.0.0

charts/bazarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v0.9.0.5
 description: Bazarr is a companion application to Sonarr and Radarr. It manages and downloads subtitles based on your requirements
 name: bazarr
-version: 4.0.1
+version: 4.1.0
 keywords:
   - bazarr
   - radarr
@@ -21,4 +21,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.2.0

charts/common/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: common
 description: Function library for k8s-at-home charts
 type: library
-version: 1.1.0
+version: 1.2.0
 keywords:
   - k8s-at-home
   - common

charts/common/templates/addons/vpn/openvpn/_container.tpl

@@ -5,15 +5,15 @@ The OpenVPN container(s) to be inserted
 name: openvpn
 image: "{{ .Values.addons.vpn.openvpn.image.repository }}:{{ .Values.addons.vpn.openvpn.image.tag }}"
 imagePullPolicy: {{ .Values.addons.vpn.imagePullPolicy }}
+{{- with .Values.addons.vpn.securityContext }}
 securityContext:
-  capabilities:
-    add: 
-      - NET_ADMIN
+  {{- toYaml . | nindent 2 }}
+{{- end }}
 {{- with .Values.addons.vpn.env }}
 env:
 {{- range $k, $v := . }}
   - name: {{ $k }}
-    value: {{ $v }}
+    value: {{ $v | quote }}
 {{- end }}
 {{- end }}  
 {{- if or .Values.addons.vpn.openvpn.auth .Values.addons.vpn.openvpn.authSecret }}
@@ -52,10 +52,10 @@ volumeMounts:
 {{- end }}
 {{- with .Values.addons.vpn.livenessProbe }}
 livenessProbe:
-  {{- toYaml . | nindent 4 }}
+  {{- toYaml . | nindent 2 }}
 {{- end -}}
 {{- with .Values.addons.vpn.resources }}
 resources:
-  {{- toYaml . | nindent 4 }}
+  {{- toYaml . | nindent 2 }}
 {{- end }}
 {{- end -}}

charts/common/templates/addons/vpn/wireguard/_addon.tpl

@@ -3,7 +3,7 @@ Template to render Wireguard addon
 */}}
 {{- define "common.addon.wireguard" -}}
   {{/* Append the Wireguard container to the additionalContainers */}}
-  {{- $container := include "common.addon.wireguard.container" . | fromYaml -}}
+  {{- $container := fromYaml (include "common.addon.wireguard.container" .) -}}
   {{- if $container -}}
     {{- $additionalContainers := append .Values.additionalContainers $container -}}
     {{- $_ := set .Values "additionalContainers" $additionalContainers -}}

charts/common/templates/addons/vpn/wireguard/_container.tpl

@@ -5,24 +5,22 @@ The Wireguard container(s) to be inserted
 name: wireguard
 image: "{{ .Values.addons.vpn.wireguard.image.repository }}:{{ .Values.addons.vpn.wireguard.image.tag }}"
 imagePullPolicy: {{ .Values.addons.vpn.imagePullPolicy }}
+{{- with .Values.addons.vpn.securityContext }}
 securityContext:
-  privileged: true
-  capabilities:
-    add: 
-      - NET_ADMIN
-      - SYS_MODULE
+  {{- toYaml . | nindent 2 }}
+{{- end }}
 {{- with .Values.addons.vpn.env }}
 env:
 {{- range $k, $v := . }}
   - name: {{ $k }}
-    value: {{ $v }}
+    value: {{ $v | quote }}
 {{- end }}
 {{- end }}
 {{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
 volumeMounts:
 {{- if .Values.addons.vpn.configFile }}
   - name: vpnconfig
-    mountPath: /config/wg0.conf
+    mountPath: /etc/wireguard/wg0.conf
     subPath: vpnConfigfile
 {{- end }}
 {{- if .Values.addons.vpn.scripts.up }}
@@ -45,10 +43,10 @@ volumeMounts:
 {{- end }}
 {{- with .Values.addons.vpn.livenessProbe }}
 livenessProbe:
-  {{- toYaml . | nindent 4 }}
+  {{- toYaml . | nindent 2 }}
 {{- end -}}
 {{- with .Values.addons.vpn.resources }}
 resources:
-  {{- toYaml . | nindent 4 }}
+  {{- toYaml . | nindent 2 }}
 {{- end }}
 {{- end -}}

charts/common/templates/lib/controller/_volumes.tpl

@@ -6,15 +6,15 @@ volumes included by the controller
 {{- if $persistence.enabled }}
 - name: {{ $index }}
 {{- if $persistence.existingClaim }}
-{{/* Always prefer an existingClaim if that is set */}}
+{{- /* Always prefer an existingClaim if that is set */}}
   persistentVolumeClaim:
     claimName: {{ $persistence.existingClaim }}
 {{- else -}}
   {{- if $persistence.emptyDir -}}
-  {{/* Always prefer an emptyDir next if that is set */}}
+  {{- /* Always prefer an emptyDir next if that is set */}}
   emptyDir: {}
   {{- else -}}
-  {{/* Otherwise refer to the PVC name */}}
+  {{- /* Otherwise refer to the PVC name */}}
   persistentVolumeClaim:
     {{- if $persistence.nameSuffix }}
     claimName: {{ printf "%s-%s" (include "common.names.fullname" $) $persistence.nameSuffix }}

charts/common/values.yaml

@@ -154,14 +154,21 @@ addons:
       # under the VPN_AUTH key
       authSecret:  # my-vpn-secret
 
-    # OpenVPN specific configuration
+    # WireGuard specific configuration
     wireguard:
       image:
-        repository: linuxserver/wireguard
-        tag: version-v1.0.20200827
+        repository: k8sathome/wireguard
+        tag: 1.0.20200827
 
     imagePullPolicy: IfNotPresent
 
+    # Set the VPN container securityContext
+    securityContext:
+      capabilities:
+        add: 
+          - NET_ADMIN
+          - SYS_MODULE
+
     # All variables specified here will be added to the vpn sidecar container
     # See the documentation of the VPN image for all config values
     env: {}

charts/homebridge/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 appVersion: 3.1.0
-version: 1.0.1
+version: 1.0.2
 name: homebridge
 description: A lightweight NodeJS server that emulates the iOS HomeKit API
 type: application

charts/homebridge/templates/deployment.yaml

@@ -6,6 +6,8 @@ metadata:
     {{- include "homebridge.labels" . | nindent 4 }}
 spec:
   replicas: {{ .Values.replicaCount }}
+  strategy:
+    type: {{ .Values.strategyType }}
   selector:
     matchLabels:
       {{- include "homebridge.selectorLabels" . | nindent 6 }}

charts/homebridge/values.yaml

@@ -12,6 +12,9 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
+# upgrade strategy type (e.g. Recreate or RollingUpdate)
+strategyType: Recreate
+
 timezone: "UTC"
 puid: 1000
 pgid: 1000

charts/jackett/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v0.16.2106
 description: API Support for your favorite torrent trackers
 name: jackett
-version: 5.0.3
+version: 5.1.0
 keywords:
   - jackett
   - torrent
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.2.0

charts/lidarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 0.8.0.1886
 description: Looks and smells like Sonarr but made for music
 name: lidarr
-version: 5.0.1
+version: 5.1.0
 keywords:
   - lidarr
   - torrent
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.2.0

charts/nzbget/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v21.0
 description: NZBGet is a Usenet downloader client
 name: nzbget
-version: 6.0.0
+version: 6.1.0
 keywords:
   - nzbget
   - usenet
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.2.0

charts/nzbhydra2/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v3.4.3
 description: Usenet meta search
 name: nzbhydra2
-version: 4.0.1
+version: 4.1.0
 keywords:
   - nzbhydra2
   - usenet
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.2.0

charts/ombi/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.0.681
 description: Want a Movie or TV Show on Plex or Emby? Use Ombi!
 name: ombi
-version: 5.0.1
+version: 5.1.0
 keywords:
   - ombi
   - plex
@@ -21,4 +21,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.2.0

charts/organizr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: latest
 description: HTPC/Homelab Services Organizer
 name: organizr
-version: 2.0.1
+version: 2.1.0
 keywords:
   - organizr
 home: https://github.com/k8s-at-home/charts/tree/master/charts/organizr
@@ -16,4 +16,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.2.0

charts/qbittorrent/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 4.3.0
 description: qBittorrent is a cross-platform free and open-source BitTorrent client
 name: qbittorrent
-version: 6.0.0
+version: 6.1.0
 keywords:
   - qbittorrent
   - torrrent
@@ -16,4 +16,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.2.0

charts/qbittorrent/templates/configmap.yaml

@@ -5,11 +5,18 @@ metadata:
   labels:
     {{- include "common.labels" . | nindent 4 }}
 data:
-  {{- if and .Values.service.bittorrent .Values.service.bittorrent.port }}
+  {{- /* Determine if the bittorrent port is set somewhere */ -}}
+  {{- $bittorrentPort := "" -}}
+  {{- range $extraServices := .Values.service.additionalServices }}
+    {{- if and .enabled (eq "bittorrent" .nameSuffix) -}}
+      {{- $bittorrentPort = .port.port -}}
+    {{- end }}
+  {{- end }}
+  {{- if $bittorrentPort }}
   31-update-port: |-
     #!/bin/bash
     QBITTORRENT_CONFIGFILE="/config/qBittorrent/qBittorrent.conf"
-    INCOMING_PORT={{- .Values.service.bittorrent.port }}
+    INCOMING_PORT={{- $bittorrentPort }}
 
     incoming_port_exist=$(cat ${QBITTORRENT_CONFIGFILE} | grep -m 1 'Connection\\PortRangeMin='${INCOMING_PORT})
     if [[ -z "${incoming_port_exist}" ]]; then

charts/qbittorrent/templates/service.yaml

@@ -1,28 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "common.names.fullname" . }}-bittorrent
-  labels:
-    {{- include "common.labels" . | nindent 4 }}
-    {{- with .Values.service.bittorrent.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- with .Values.service.bittorrent.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  type: {{ .Values.service.bittorrent.type }}
-  ports:
-    - name: bittorrent
-      port: {{ .Values.service.bittorrent.port }}
-      protocol: TCP
-      targetPort: {{ .Values.service.bittorrent.port }}
-      {{- if (and (eq .Values.service.bittorrent.type "NodePort") (not (empty .Values.service.bittorrent.nodePort))) }}
-      nodePort: {{ .Values.service.bittorrent.nodePort }}
-      {{- end }}
-  {{- with .Values.service.bittorrent.additionalSpec }}
-  {{- toYaml . | nindent 2 }}
-  {{- end }}
-  selector:
-    {{- include "common.labels.selectorLabels" . | nindent 4 }}

charts/qbittorrent/values.yaml

@@ -15,20 +15,15 @@ service:
   port:
     port: 8080
 
-  bittorrent:
+  additionalServices:
+  - enabled: true
+    nameSuffix: bittorrent
     type: ClusterIP
-    port: 6881
-    ## Specify the nodePort value for the LoadBalancer and NodePort service types.
-    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
-    ##
-    # nodePort:
-    ## Provide any additional annotations which may be required. This can be used to
-    ## set the LoadBalancer service type to internal only.
-    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
-    ##
-    annotations: {}
-    labels: {}
-    additionalSpec: {}
+    port:
+      port: 6881
+      name: bittorrent
+      protocol: TCP
+      targetPort: 6881
 
 persistence:
   config:

charts/radarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 3.0.0.3989
 description: A fork of Sonarr to work with movies à la Couchpotato
 name: radarr
-version: 7.0.1
+version: 7.1.0
 keywords:
   - radarr
   - torrent
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.2.0

charts/sabnzbd/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 3.1.0
 description: Free and easy binary newsreader
 name: sabnzbd
-version: 3.0.1
+version: 3.1.0
 keywords:
   - sabnzbd
   - usenet
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.2.0

charts/sonarr/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 3.0.4.993
 description: Smart PVR for newsgroup and bittorrent users
 name: sonarr
-version: 7.0.2
+version: 7.1.0
 keywords:
   - sonarr
   - torrent
@@ -18,4 +18,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.2.0

charts/tautulli/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: v2.6.1
 description: A Python based monitoring and tracking tool for Plex Media Server
 name: tautulli
-version: 5.0.1
+version: 5.1.0
 keywords:
   - tautulli
   - plex
@@ -17,4 +17,4 @@ maintainers:
 dependencies:
   - name: common
     repository: https://k8s-at-home.com/charts/
-    version: ^1.0.5
+    version: ^1.2.0

charts/unifi/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: 5.12.35
 description: Ubiquiti Network's Unifi Controller
 name: unifi
-version: 1.0.0
+version: 1.1.0
 keywords:
   - ubiquiti
   - unifi

charts/unifi/README.md

@@ -86,7 +86,14 @@ The following tables lists the configurable parameters of the Unifi chart and th
 | `discoveryService.loadBalancerIP`               | `{}`                         | Loadbalance IP for AP discovery                                                                                        |
 | `discoveryService.loadBalancerSourceRanges`     | None                         | List of IP CIDRs allowed access to load balancer (if supported)                                                        |
 | `discoveryService.externalTrafficPolicy`        | `Cluster`                    | Set the externalTrafficPolicy in the Service to either Cluster or Local                                                |
-| `unifiedService.enabled`                        | `false`                      | Use a single service for GUI, controller, STUN, and discovery                                                          |
+| `syslogService.type`                            | `NodePort`                   | Kubernetes service type for remote syslog capture                                                                      |
+| `syslogService.port`                            | `5514`                       | Kubernetes UDP port for remote syslog capture                                                                          |
+| `syslogService.annotations`                     | `{}`                         | Service annotations for remote syslog capture                                                                          |
+| `syslogService.labels`                          | `{}`                         | Custom labels                                                                                                          |
+| `syslogService.loadBalancerIP`                  | `{}`                         | Loadbalancer IP for remote syslog capture                                                                              |
+| `syslogService.loadBalancerSourceRanges`        | None                         | List of IP CIDRs allowed access to load balancer (if supported)                                                        |
+| `syslogService.externalTrafficPolicy`           | `Cluster`                    | Set the externalTrafficPolicy in the Service to either Cluster or Local                                                |
+| `unifiedService.enabled`                        | `false`                      | Use a single service for GUI, controller, STUN, discovery and syslog                                                   |
 | `unifiedService.type`                           | `ClusterIP`                  | Kubernetes service type for the unified service                                                                        |
 | `unifiedService.annotations`                    | `{}`                         | Annotations for the unified service                                                                                    |
 | `unifiedService.labels`                         | `{}`                         | Custom labels for the unified service                                                                                  |
@@ -108,6 +115,11 @@ The following tables lists the configurable parameters of the Unifi chart and th
 | `customCert.certName`                           | `tls.crt`                    | Name of the the certificate file in `<unifi-data>/cert`                                                                |
 | `customCert.keyName`                            | `tls.key`                    | Name of the the private key file in `<unifi-data>/cert`                                                                |
 | `customCert.certSecret`                         | `nil`                        | Name of the the k8s tls secret where the certificate and its key are stored.                                           |
+| `logging.promtail.enabled`                      | `false`                      | Enable a Promtail sidecar to collect controller logs                                                                   |
+| `logging.promtail.image.repository`             | `grafana/promtail`           | Promtail image repository                                                                                              |
+| `logging.promtail.image.tag`                    | `1.6.0`                      | Promtail image tag                                                                                                     |
+| `logging.promtail.image.pullPolicy`             | `IfNotPresent`               | Promtail image pull policy                                                                                             |
+| `logging.promtail.loki.url`                     | `http://loki.logs.svc.cluster.local:3100/loki/api/v1/push` | URL of the Loki push API                                                                 |
 | `mongodb.enabled`                               | `false`                      | Use external MongoDB for data storage                                                                                  |
 | `mongodb.dbUri`                                 | `mongodb://mongo/unifi`      | external MongoDB URI                                                                                                   |
 | `mongodb.statDbUri`                             | `mongodb://mongo/unifi_stat` | external MongoDB statdb URI                                                                                            |
@@ -163,6 +175,9 @@ Read through the [values.yaml](values.yaml) file. It has several commented out s
 - `stunService`: Also used periodically by the unifi devices to communicate
   with the controller using UDP. See [this article][ubnt 3] and [this other
   article][ubnt 4] for more information.
+- `syslogService`: Used to capture syslog from Unifi devices if the feature is 
+  enabled in the site configuration. This needs to be reachable by Unifi devices
+  on port 5514/UDP.
 
 ## Ingress and HTTPS
 

charts/unifi/templates/deployment.yaml

@@ -34,6 +34,21 @@ spec:
       {{- end }}
     spec:
       containers:
+      {{- if .Values.logging.promtail.enabled }}
+        - name: {{ .Chart.Name }}-promtail
+          image: "{{ .Values.logging.promtail.image.repository }}:{{ .Values.logging.promtail.image.tag }}"
+          imagePullPolicy: {{ .Values.logging.promtail.image.pullPolicy }}
+          args:
+          - -config.file=/etc/promtail/promtail.yaml
+          volumeMounts:
+          - name: promtail-config
+            mountPath: /etc/promtail/promtail.yaml
+            subPath: promtail.yaml
+            readOnly: true
+          - mountPath: /unifi/log
+            name: unifi-data
+            subPath: {{ ternary "log" (printf "%s/%s" .Values.persistence.subPath "log") (empty .Values.persistence.subPath) }}
+      {{- end }}      
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
@@ -50,6 +65,9 @@ spec:
             - name: stun
               containerPort: 3478
               protocol: UDP
+            - name: syslog
+              containerPort: 5514
+              protocol: UDP
               {{ if .Values.captivePortalService.enabled }}
             - name: captive-http
               containerPort: 8880
@@ -151,6 +169,17 @@ spec:
           secret:
             secretName: "{{ .Values.customCert.certSecret }}"
         {{- end }}
+        {{- if .Values.logging.promtail.enabled }}
+        - name: promtail-config
+          projected:
+            defaultMode: 0444
+            sources:
+            - configMap:
+                name: {{ template "unifi.fullname" . }}-promtail
+                items:
+                  - key: promtail.yaml
+                    path: promtail.yaml
+        {{- end }}        
         {{- if .Values.extraVolumes  }}{{ toYaml .Values.extraVolumes | trim | nindent 8 }}{{ end }}
     {{- with .Values.nodeSelector }}
       nodeSelector:

charts/unifi/templates/promtail-configmap.yaml

@@ -0,0 +1,34 @@
+{{- if .Values.logging.promtail.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "unifi.fullname" . }}-promtail
+  labels:
+    app.kubernetes.io/name: {{ include "unifi.name" . }}
+    helm.sh/chart: {{ include "unifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  promtail.yaml: |
+    server:
+      disable: true
+    positions:
+      filename: /tmp/positions.yaml
+    clients:
+    - url: {{ .Values.logging.promtail.loki.url }}
+    scrape_configs:
+    - job_name: unifi-logs
+      static_configs:
+      - targets:
+          - localhost
+        labels:
+          job: unifi-logs
+          __path__: "/unifi/log/*.log"
+    - job_name: unifi-remote-logs
+      static_configs:
+      - targets:
+          - localhost
+        labels:
+          job: unifi-remote-logs
+          __path__: "/unifi/log/remote/*.log"
+{{- end }}

charts/unifi/templates/syslog-svc.yaml

@@ -0,0 +1,54 @@
+{{ if not .Values.syslogService.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "unifi.fullname" . }}-syslog
+  labels:
+    app.kubernetes.io/name: {{ include "unifi.name" . }}
+    helm.sh/chart: {{ include "unifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- if .Values.syslogService.labels }}
+{{ toYaml .Values.syslogService.labels | indent 4 }}
+{{- end }}
+{{- with .Values.syslogService.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if (or (eq .Values.syslogService.type "ClusterIP") (empty .Values.syslogService.type)) }}
+  type: ClusterIP
+  {{- if .Values.syslogService.clusterIP }}
+  clusterIP: {{ .Values.syslogService.clusterIP }}
+  {{end}}
+{{- else if eq .Values.syslogService.type "LoadBalancer" }}
+  type: {{ .Values.syslogService.type }}
+  {{- if .Values.syslogService.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.syslogService.loadBalancerIP }}
+  {{- end }}
+  {{- if .Values.syslogService.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{ toYaml .Values.syslogService.loadBalancerSourceRanges | indent 4 }}
+  {{- end -}}
+{{- else }}
+  type: {{ .Values.syslogService.type }}
+{{- end }}
+{{- if .Values.syslogService.externalIPs }}
+  externalIPs:
+{{ toYaml .Values.syslogService.externalIPs | indent 4 }}
+{{- end }}
+  {{- if .Values.syslogService.externalTrafficPolicy }}
+  externalTrafficPolicy: {{ .Values.syslogService.externalTrafficPolicy }}
+  {{- end }}
+  ports:
+    - port: {{ .Values.syslogService.port }}
+      targetPort: syslog
+      protocol: UDP
+      name: syslog
+{{ if (and (eq .Values.syslogService.type "NodePort") (not (empty .Values.syslogService.nodePort))) }}
+      nodePort: {{.Values.syslogService.nodePort}}
+{{ end }}
+  selector:
+    app.kubernetes.io/name: {{ include "unifi.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{ end }}

charts/unifi/templates/unified-svc.yaml

@@ -61,6 +61,13 @@ spec:
       name: stun
 {{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.stunService.nodePort))) }}
       nodePort: {{.Values.stunService.nodePort}}
+{{ end }}
+    - port: {{ .Values.syslogService.port }}
+      targetPort: syslog
+      protocol: UDP
+      name: syslog
+{{ if (and (eq .Values.unifiedService.type "NodePort") (not (empty .Values.syslogService.nodePort))) }}
+      nodePort: {{.Values.syslogService.nodePort}}
 {{ end }}
     - name: https-gui
       port: {{ .Values.guiService.port }}

charts/unifi/values.yaml

@@ -10,10 +10,10 @@ image:
   tag: 5.12.35
   pullPolicy: IfNotPresent
 
-# If enabled, the controller, discovery, GUI, and STUN services will not be
+# If enabled, the controller, discovery, GUI, STUN and syslog services will not be
 # created.
 # Instead, one service will be created with the port and nodePort settings from
-# controllerService, discoveryService, guiService, and stunService.
+# controllerService, discoveryService, guiService, stunService and syslogService.
 # This is useful if, for example, the ClusterIP network is routable and being
 # accessed directly by access points, and the APs don't have a way to discern
 # different services on different IPs.
@@ -169,6 +169,27 @@ discoveryService:
   ## Set the externalTrafficPolicy in the Service to either Cluster or Local
   # externalTrafficPolicy: Cluster
 
+syslogService:
+  type: NodePort
+  port: 5514  # udp
+  ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+  ##
+  # nodePort:
+  ## Provide any additional annotations which may be required. This can be used to
+  ## set the LoadBalancer service type to internal only.
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+  ##
+  annotations: {}
+  labels: {}
+  ## Use loadBalancerIP to request a specific static IP,
+  ## otherwise leave blank
+  ##
+  loadBalancerIP:
+  # loadBalancerSourceRanges: []
+  ## Set the externalTrafficPolicy in the Service to either Cluster or Local
+  # externalTrafficPolicy: Cluster
+
 ingress:
   enabled: false
   annotations: {}
@@ -200,6 +221,17 @@ customCert:
   # you can pass the name of that secret using certSecret variable
   # certSecret: unifi-tls
 
+# Logging configuration
+logging:
+  promtail:
+    enabled: false
+    image:
+      repository: grafana/promtail
+      tag: 1.6.0
+      pullPolicy: IfNotPresent
+    loki:
+      url: http://loki.logs.svc.cluster.local:3100/loki/api/v1/push
+
 # define an external mongoDB instead of using the built-in mongodb
 mongodb:
   enabled: false