[networking] moved and fixed unifi-controller-related resources

apps/argocd/base/networking/kustomization.yaml

@@ -2,13 +2,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-- ./external-dns
-- cert-manager.yaml
-- nginx-ingress.yaml
-- tailscale-operator.yaml
-- tailscale.yaml
-- issuer.yaml
-- kube-vip.yaml
+  - ./external-dns
+  - cert-manager.yaml
+  - nginx-ingress.yaml
+  - tailscale-operator.yaml
+  - tailscale.yaml
+  - issuer.yaml
+  - kube-vip.yaml
+  - unifi-controller.yaml
 
 namespace: argocd
 

apps/argocd/base/apps/unifi.yaml → apps/argocd/base/networking/unifi-controller.yaml

@@ -3,27 +3,24 @@ kind: Application
 metadata:
   name: unifi-controller
 spec:
-  project: apps
+  project: networking
   source:
-    repoURL: 'https://github.com/gruberdev/homelab.git'
+    repoURL: "https://github.com/gruberdev/homelab.git"
     path: apps/networking/unifi/controller
     targetRevision: main
+    kustomize:
+      commonLabels:
+        app.kubernetes.io/category: networking
   destination:
     namespace: unifi
     name: in-cluster
   syncPolicy:
     automated:
       prune: true
       selfHeal: true
-      allowEmpty: true
     syncOptions:
-    - Validate=false
-    - CreateNamespace=true
-    - PrunePropagationPolicy=foreground
-    - PruneLast=true
-    - ApplyOutOfSyncOnly=false
-    - Replace=true
-    - Prune=true
+      - Prune=true
+      - ServerSideApply=true
     retry:
       limit: 10
       backoff:

apps/argocd/base/projects/networking.yaml

@@ -5,26 +5,28 @@ metadata:
 spec:
   description: Networking related Kubernetes resources
   sourceRepos:
-  - '*'
+    - "*"
   destinations:
-  - namespace: kube-system
-    server: https://kubernetes.default.svc
-  - namespace: argocd
-    server: https://kubernetes.default.svc
-  - namespace: cert-manager
-    server: https://kubernetes.default.svc
-  - namespace: istio-system
-    server: https://kubernetes.default.svc
-  - namespace: networking
-    server: https://kubernetes.default.svc
-  - namespace: external-dns
-    server: https://kubernetes.default.svc
-  - namespace: tailscale
-    server: https://kubernetes.default.svc
-  - namespace: monitoring
-    server: https://kubernetes.default.svc
+    - namespace: kube-system
+      server: https://kubernetes.default.svc
+    - namespace: argocd
+      server: https://kubernetes.default.svc
+    - namespace: cert-manager
+      server: https://kubernetes.default.svc
+    - namespace: istio-system
+      server: https://kubernetes.default.svc
+    - namespace: networking
+      server: https://kubernetes.default.svc
+    - namespace: external-dns
+      server: https://kubernetes.default.svc
+    - namespace: tailscale
+      server: https://kubernetes.default.svc
+    - namespace: monitoring
+      server: https://kubernetes.default.svc
+    - namespace: unifi
+      server: https://kubernetes.default.svc
   clusterResourceWhitelist:
-  - group: '*'
-    kind: '*'
+    - group: "*"
+      kind: "*"
   orphanedResources:
     warn: true

apps/argocd/kustomization.yaml

@@ -23,7 +23,6 @@ resources:
 
   # Applications
   - base/apps/vault.yaml
-  - base/apps/unifi.yaml
 
   # Monitoring
   - base/monitoring/kuma.yaml

apps/networking/unifi/controller/base/deployment.yaml

@@ -38,7 +38,6 @@ spec:
           image: jacobalberty/unifi:v7.4.162
           securityContext:
             runAsUser: 0
-            fsGroupChangePolicy: Always
             allowPrivilegeEscalation: true
           envFrom:
             - configMapRef:
@@ -80,11 +79,11 @@ spec:
               name: config
           resources:
             limits:
-              cpu: 500m
-              memory: 1.3Gi
+              cpu: 450m
+              memory: 1500Mi
             requests:
-              cpu: 100m
-              memory: 900Mi
+              cpu: 200m
+              memory: 1024Mi
           livenessProbe:
             tcpSocket:
               port: 8443