update home assistant version

Update helm/kind-action action to v1.9.0

.github/workflows/lint-test.yaml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
@@ -16,13 +16,13 @@ jobs:
         with:
           version: v3.13.3
 
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.10"
           check-latest: true
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.6.0
+        uses: helm/chart-testing-action@v2.6.1
 
       - name: Run chart-testing (list-changed)
         id: list-changed
@@ -38,7 +38,7 @@ jobs:
 
       - name: Create kind cluster
         if: steps.list-changed.outputs.changed == 'true'
-        uses: helm/kind-action@v1.8.0
+        uses: helm/kind-action@v1.9.0
 
       - name: Run chart-testing (install)
         if: steps.list-changed.outputs.changed == 'true'

.github/workflows/release.yml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

charts/home-assistant/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: home-assistant
+version: 0.0.9
+description: Chart for Home Assistant
+keywords:
+  - home-automation
+sources:
+  - https://github.com/home-assistant
+maintainers:
+  - name: alexlebens
+icon: https://avatars.githubusercontent.com/u/13844975?s=200&v=4
+appVersion: v2024.2.2

charts/home-assistant/README.md

@@ -0,0 +1,18 @@
+## Introduction
+
+[Home Assistant](https://www.home-assistant.io/)
+
+Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. 
+
+This chart bootstraps a [Home-Assistant](https://github.com/home-assistant) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes
+- Helm
+- Traefik v2 / IngressRoute
+- Authentik / Auth
+
+## Parameters
+
+See the [values files](values.yaml).

charts/home-assistant/templates/deployment.yaml

@@ -0,0 +1,99 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: home-assistant
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: helm
+spec:
+  revisionHistoryLimit: 3
+  replicas: {{ .Values.deployment.replicas }}
+  strategy:
+    type: {{ .Values.deployment.strategy }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: home-assistant
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: home-assistant
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      serviceAccountName: home-assistant
+      automountServiceAccountToken: true
+      containers:
+        - name: {{ .Release.Name }}
+          image: "{{ .Values.deployment.image.repository }}:{{ .Values.deployment.image.tag }}"
+          imagePullPolicy: {{ .Values.deployment.image.imagePullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.http.port }}
+              protocol: TCP
+          env:
+          {{- range $k,$v := .Values.deployment.env }}
+            - name: {{ $k }}
+              value: {{ $v | quote }}
+          {{- end }}
+          {{- with .Values.deployment.envFrom }}
+          envFrom:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - mountPath: /config
+              name: home-assistant-config
+          resources:
+            {{- toYaml .Values.deployment.resources | nindent 12 }}
+          livenessProbe:
+            tcpSocket:
+              port: {{ .Values.service.http.port }}
+            initialDelaySeconds: 0
+            failureThreshold: 3
+            timeoutSeconds: 1
+            periodSeconds: 10
+          readinessProbe:
+            tcpSocket:
+              port: {{ .Values.service.http.port }}
+            initialDelaySeconds: 0
+            failureThreshold: 3
+            timeoutSeconds: 1
+            periodSeconds: 10
+          startupProbe:
+            tcpSocket:
+              port: {{ .Values.service.http.port }}
+            initialDelaySeconds: 0
+            failureThreshold: 30
+            timeoutSeconds: 1
+            periodSeconds: 5
+        {{- if .Values.codeserver.enabled }}
+        - name: codeserver
+          image: "{{ .Values.codeserver.image.repository }}:{{ .Values.codeserver.image.tag }}"
+          imagePullPolicy: {{ .Values.codeserver.image.imagePullPolicy }}
+          ports:
+            - containerPort: {{ .Values.codeserver.service.http.port }}
+              name: codeserver-http
+              protocol: TCP
+          env:
+          {{- range $k,$v := .Values.codeserver.env }}
+            - name: {{ $k }}
+              value: {{ $v | quote }}
+          {{- end }}
+          {{- with .Values.codeserver.envFrom }}
+          envFrom:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          securityContext:
+            {{- toYaml .Values.codeserver.securityContext | nindent 12 }}
+          volumeMounts:
+            - mountPath: /config/home-assistant
+              name: home-assistant-config
+        {{- end }}
+      volumes:
+        - name: home-assistant-config
+          persistentVolumeClaim:
+            claimName: home-assistant-config

charts/home-assistant/templates/ingress-route.yaml

@@ -0,0 +1,62 @@
+{{- if .Values.ingressRoute.enabled }}
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: home-assistant
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: home-assistant
+    app.kubernetes.io/managed-by: helm
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: "Host(`{{ .Values.ingressRoute.host }}`)"
+      middlewares:
+        - name: authentik
+          namespace: {{ .Release.Namespace }}
+      priority: 10
+      services:
+        - kind: Service
+          name: home-assistant
+          port: {{ .Values.service.http.port }}
+    - kind: Rule
+      match: "Host(`{{ .Values.ingressRoute.host }}`) && PathPrefix(`/outpost.goauthentik.io/`)"
+      priority: 15
+      services:
+        - kind: Service
+          name: {{ .Values.ingressRoute.authentik.outpost }}
+          port: {{ .Values.ingressRoute.authentik.port }}
+{{- end }}
+
+---
+{{- if and .Values.codeserver.ingressRoute.enabled .Values.codeserver.enabled }}
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: home-assistant-codeserver
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: home-assistant
+    app.kubernetes.io/managed-by: helm
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: "Host(`{{ .Values.codeserver.ingressRoute.host }}`)"
+      priority: 10
+      services:
+        - kind: Service
+          name: home-assistant-codeserver
+          port: {{ .Values.codeserver.service.http.port }}
+{{- end }}          

charts/home-assistant/templates/middleware.yaml

@@ -0,0 +1,30 @@
+{{- if .Values.ingressRoute.enabled }}
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: authentik
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: auth
+    app.kubernetes.io/part-of: home-assistant
+    app.kubernetes.io/managed-by: helm
+spec:
+  forwardAuth:
+    address: "http://{{ .Values.ingressRoute.authentik.outpost }}.authentik:{{ .Values.ingressRoute.authentik.port }}/outpost.goauthentik.io/auth/traefik"
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
+{{- end }}

charts/home-assistant/templates/persistant-volume-claim.yaml

@@ -0,0 +1,20 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: home-assistant-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: helm
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.persistence.config.storageSize }}
+  storageClassName: {{ .Values.persistence.config.storageClassName }}
+  volumeMode: {{ .Values.persistence.config.volumeMode }}

charts/home-assistant/templates/prometheus-rule.yaml

@@ -0,0 +1,19 @@
+{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: home-assistant
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: home-assistant
+    app.kubernetes.io/managed-by: helm
+spec:
+  groups:
+    - name: {{ .Release.Name }}
+      rules:
+        {{- toYaml .Values.metrics.prometheusRule.rules | nindent 8 }}
+{{- end }}

charts/home-assistant/templates/service-account.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: home-assistant
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: home-assistant
+    app.kubernetes.io/managed-by: helm

charts/home-assistant/templates/service-monitor.yaml

@@ -0,0 +1,27 @@
+{{- if .Values.metrics.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: home-assistant
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: home-assistant
+    app.kubernetes.io/managed-by: helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: home-assistant
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  endpoints:
+    - port: http
+      interval: {{ .Values.metrics.serviceMonitor.interval }}
+      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+      path: /api/prometheus
+      bearerTokenSecret:
+        name: {{ .Values.metrics.serviceMonitor.bearerTokenSecret.name }}
+        key: {{ .Values.metrics.serviceMonitor.bearerTokenSecret.key }}
+{{- end }}

charts/home-assistant/templates/service.yaml

@@ -0,0 +1,48 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: home-assistant
+  namespace: {{ .Release.Namespace }}  
+  labels:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: {{ .Values.service.http.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+
+---
+{{- if .Values.codeserver.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: home-assistant-codeserver
+  namespace: {{ .Release.Namespace }}  
+  labels:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: {{ .Values.codeserver.service.http.port }}
+      targetPort: codeserver-http
+      protocol: TCP
+      name: codeserver-http
+  selector:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/home-assistant/values.yaml

@@ -0,0 +1,74 @@
+deployment:
+  replicas: 1
+  strategy: Recreate
+  image:
+    repository: homeassistant/home-assistant
+    tag: 2024.2.2
+    imagePullPolicy: IfNotPresent
+  env:
+    TZ: US/Mountain
+  envFrom:
+  resources:
+    requests:
+      memory: 512Mi
+      cpu: 50m
+    limits:
+      memory: 1Gi
+      cpu: 500m
+service:
+  http:
+    port: 8123
+ingressRoute:
+  enabled: true
+  host: homeassistant.alexlebens.net
+  authentik:
+    outpost: authentik-proxy-outpost
+    port: 9000
+metrics:
+  enabled: false
+  serviceMonitor:
+    interval: 1m
+    scrapeTimeout: 30s
+    ## See https://www.home-assistant.io/docs/authentication/ for where to find
+    ## long lived access token creation under your account profile, which is
+    ## needed to monitor Home Assistant
+    bearerTokenSecret:
+      name: ""
+      key: ""
+  prometheusRule:
+    enabled: false
+    rules:
+      - alert: HomeAssistantAbsent
+        annotations:
+          description: Home Assistant has disappeared from Prometheus service discovery.
+          summary: Home Assistant is down.
+        expr: |
+          absent(up{job=~".*home-assistant.*"} == 1)
+        for: 5m
+        labels:
+          severity: critical
+persistence:
+  config:
+    storageClassName: ceph-block
+    storageSize: 1Gi
+    volumeMode: Filesystem
+codeserver:
+  enabled: true
+  image:
+    repository: linuxserver/code-server
+    tag: 4.21.1
+    imagePullPolicy: IfNotPresent
+  env:
+    TZ: US/Mountain
+    PUID: 1000
+    PGID: 1000
+    DEFAULT_WORKSPACE: /config
+  envFrom:
+  securityContext:
+    runAsUser: 0
+  service:
+    http:
+      port: 8443
+  ingressRoute:
+    enabled: true
+    host: codeserver.homeassistant.alexlebens.net

charts/homepage/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: homepage
-version: 0.0.2
+version: 0.0.5
 description: Chart for benphelps homepage
 keywords:
   - dashboard
@@ -9,4 +9,4 @@ sources:
 maintainers:
   - name: alexlebens
 icon: https://github.com/benphelps/homepage/blob/de584eae8f12a0d257e554e9511ef19bd2a1232c/public/mstile-150x150.png
-appVersion: 0.8.7
+appVersion: v0.8.8

charts/homepage/values.yaml

@@ -2,18 +2,18 @@ deployment:
   replicas: 1
   strategy: Recreate
   image:
-    repository: ghcr.io/benphelps/homepage
+    repository: ghcr.io/gethomepage/homepage
-    tag: v0.8.7
+    tag: v0.8.8
     imagePullPolicy: IfNotPresent
   env:
   envFrom:
   resources:
     requests:
-      memory: 50Mi
+      memory: 256Mi
-      cpu: 10m
+      cpu: 50m
     limits:
-      memory: 200Mi
+      memory: 512Mi
-      cpu: 500m    
+      cpu: 500m 
 service:
   http:
     port: 3000

charts/postgres-cluster/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: postgres-cluster
-version: 0.0.2
+version: 0.0.4
 description: Chart for cloudnative-pg cluster
 keywords:
   - database

charts/postgres-cluster/templates/postgresql-cluster.yaml

@@ -11,6 +11,7 @@ metadata:
     app.kubernetes.io/part-of: {{ .Release.Name }}
     app.kubernetes.io/managed-by: helm
 spec:
+  imageName: {{ .Values.cluster.imageName }}
   instances: {{ .Values.cluster.instances }}
   replicationSlots:
     highAvailability:

charts/postgres-cluster/values.yaml

@@ -1,5 +1,6 @@
 cluster:
   name: cl01tl
+  imageName: ghcr.io/cloudnative-pg/postgresql:16.0
   instances: 2
   parameters:
     shared_buffers: 128MB
@@ -7,7 +8,7 @@ cluster:
     hot_standby_feedback: "on"
   resources:
     requests:
-      memory: 128Mi
+      memory: 512Mi
       cpu: 100m
     limits:
       memory: 2Gi

renovate.json

@@ -1,14 +1,12 @@
 {
     "$schema": "https://docs.renovatebot.com/renovate-schema.json",
     "extends": [
-        "config:base",
+        "config:recommended",
         "mergeConfidence:all-badges"
     ],
-    "timezone": "MST7MDT",
+    "timezone": "US/Mountain",
-    "schedule": "before 8am every weekday",
-    "ignoreTests": true,
     "lockFileMaintenance": {
         "enabled": true,
         "automerge": true
     }
-}
+}