Setting Up a UniFi Controller on Kubernetes with Flatcar and Traefik

The UniFi Controller is a software that simplifies network management. It allows for central control of various network elements and facilitates services such as threat detection. When deployed on a Kubernetes cluster, it can lead to streamlined operations and simplified troubleshooting. This guide, originated from community member DanielH, explains how to set up the UniFi Controller on your Kubernetes cluster.

Instructions

This setup is specifically for Kubernetes running on Flatcar, using Traefik as the network handler.

  1. Set Up a Static IP for the Network

    Creating a static IP address for the network is your first step. This can be accomplished with the command:

    sudo vi /etc/systemd/network/static.network
    

    This command opens a file where you can set two static IPs: one for the main Kubernetes pods and one for the UniFi Controller. Here's an example of how you can set it:

    [Match]
    Name=eth0
    [Network]
    Address=192.168.3.22/24
    Gateway=192.168.3.1
    Address=192.168.3.23/24
    Gateway=192.168.3.1
    DNS=8.8.8.8
    

    To apply these settings, restart the service with:

    sudo systemctl restart systemd-networkd
    
  2. Set Up Your Local Host

    This guide uses "unifi.local" as the local host. You need to configure this in your local Gateway / Router / DNS server.

  3. Allow Traefik to Skip Security Checks for Insecure Protocols

    To ensure the UniFi Controller's graphical user interface (GUI) functions correctly, you need to configure Traefik to skip checks for insecure protocols. This is crucial since the GUI works with self-signed certificates and needs to be accessed via HTTPS. Here's how you do it:

    • Add a "serversTransport" configuration that directs Traefik to skip insecure protocol checks.
    • Set up a "Middleware" that catches HTTP requests and forwards them to HTTPS.

    Subsequently, you need to change the 'ingress' to your local host, which you've configured in your router to the correct IP. Update the following two entries:

    For the ingress:

    spec:
        routes:
          - match: Host(`unifi.local`)
    

    For the service:

    externalIPs:
        - "192.168.3.23"
    
  4. Apply the Manifests to the Namespace

    Lastly, apply the manifests in the namespace "unifi". The manifests can be found in DanielH's original repository. Execute the following commands in the folder containing the manifests:

    sudo kubectl create namespace unifi
    sudo kubectl apply -f .
    

    These commands will deploy all the ".yaml"-files in the folder.

You've now successfully set up a UniFi controller on a Kubernetes cluster running on Flatcar, handled by Traefik. This guide is designed to simplify your setup process and improve your network management experience.