diff --git a/clusters/cl01tl/applications/home-assistant/Chart.yaml b/clusters/cl01tl/applications/home-assistant/Chart.yaml index 45038fbf3..e4ad9a043 100644 --- a/clusters/cl01tl/applications/home-assistant/Chart.yaml +++ b/clusters/cl01tl/applications/home-assistant/Chart.yaml @@ -1,11 +1,18 @@ apiVersion: v2 name: home-assistant version: 1.0.0 +description: Home Assistant +keywords: + - home + - automation sources: - https://github.com/home-assistant - - https://github.com/alexlebens/helm-charts/tree/main/charts/home-assistant +maintainers: + - name: alexlebens dependencies: - - name: home-assistant - version: 0.1.16 - repository: http://alexlebens.github.io/helm-charts -appVersion: v2024.5.3 + - name: app-template + alias: home-assistant + repository: https://bjw-s.github.io/helm-charts/ + version: 3.2.1 +icon: https://avatars.githubusercontent.com/u/13844975?s=200&v=4 +appVersion: v2024.5.5 diff --git a/clusters/cl01tl/applications/home-assistant/templates/external-secret.yaml b/clusters/cl01tl/applications/home-assistant/templates/external-secret.yaml index ef05fb75e..ad7e07ec4 100644 --- a/clusters/cl01tl/applications/home-assistant/templates/external-secret.yaml +++ b/clusters/cl01tl/applications/home-assistant/templates/external-secret.yaml @@ -4,7 +4,7 @@ metadata: name: home-assistant-codeserver-password-secret namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/name: home-assistant-codeserver-password-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: web @@ -18,9 +18,9 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /home-assistant/auth + key: /cl01tl/home-assistant/auth metadataPolicy: None - property: SUDO_PASSWORD + property: password --- apiVersion: external-secrets.io/v1beta1 @@ -29,7 +29,7 @@ metadata: name: home-assistant-token-secret namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ .Release.Name }} + app.kubernetes.io/name: home-assistant-token-secret app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} app.kubernetes.io/component: web @@ -43,6 +43,6 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /home-assistant/auth + key: /cl01tl/home-assistant/auth metadataPolicy: None property: bearerToken diff --git a/clusters/cl01tl/applications/home-assistant/templates/ingress-route.yaml b/clusters/cl01tl/applications/home-assistant/templates/ingress-route.yaml new file mode 100644 index 000000000..50ca07c94 --- /dev/null +++ b/clusters/cl01tl/applications/home-assistant/templates/ingress-route.yaml @@ -0,0 +1,68 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: home-assistant + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: home-assistant + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`homeassistant.alexlebens.net`) + middlewares: + - name: "authentik-{{ .Release.Name }}" + namespace: authentik + priority: 10 + services: + - kind: Service + name: home-assistant + port: 8123 + - kind: Rule + match: Host(`homeassistant.alexlebens.net`) && PathPrefix(`/outpost.goauthentik.io/`) + priority: 15 + services: + - kind: Service + name: authentik-outpost-proxy + port: 9000 + namespace: authentik + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: home-assistant-codeserver + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: home-assistant-codeserver + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: web + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + entryPoints: + - websecure + routes: + - kind: Rule + match: Host(`homeassistant-codeserver.alexlebens.net`) + middlewares: + - name: "authentik-{{ .Release.Name }}" + namespace: authentik + priority: 10 + services: + - kind: Service + name: home-assistant-codeserver + port: 8443 + - kind: Rule + match: Host(`homeassistant-codeserver.alexlebens.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + services: + - kind: Service + name: authentik-outpost-proxy + port: 9000 + namespace: authentik diff --git a/clusters/cl01tl/applications/home-assistant/templates/middleware.yaml b/clusters/cl01tl/applications/home-assistant/templates/middleware.yaml new file mode 100644 index 000000000..c646a0aca --- /dev/null +++ b/clusters/cl01tl/applications/home-assistant/templates/middleware.yaml @@ -0,0 +1,27 @@ +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: "authentik-{{ .Release.Name }}" + namespace: authentik + labels: + app.kubernetes.io/name: "authentik-{{ .Release.Name }}" + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: auth + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + forwardAuth: + address: http://authentik-outpost-proxy.authentik:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version diff --git a/clusters/cl01tl/applications/home-assistant/templates/prometheus-rule.yaml b/clusters/cl01tl/applications/home-assistant/templates/prometheus-rule.yaml new file mode 100644 index 000000000..e35a6b919 --- /dev/null +++ b/clusters/cl01tl/applications/home-assistant/templates/prometheus-rule.yaml @@ -0,0 +1,24 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: home-assistant + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: home-assistant + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + groups: + - name: home-assistant + rules: + - alert: HomeAssistantAbsent + annotations: + description: Home Assistant has disappeared from Prometheus service discovery. + summary: Home Assistant is down. + expr: | + absent(up{job=~".*home-assistant.*"} == 1) + for: 5m + labels: + severity: critical diff --git a/clusters/cl01tl/applications/home-assistant/templates/service-monitor.yaml b/clusters/cl01tl/applications/home-assistant/templates/service-monitor.yaml new file mode 100644 index 000000000..9d8596582 --- /dev/null +++ b/clusters/cl01tl/applications/home-assistant/templates/service-monitor.yaml @@ -0,0 +1,24 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: home-assistant + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: home-assistant + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: home-assistant + app.kubernetes.io/instance: {{ .Release.Name }} + endpoints: + - port: http + interval: 1m + scrapeTimeout: 30s + path: /api/prometheus + bearerTokenSecret: + name: home-assistant-token-secret + key: bearerToken diff --git a/clusters/cl01tl/applications/home-assistant/values.yaml b/clusters/cl01tl/applications/home-assistant/values.yaml index f7cc998f2..b12dd4cb1 100644 --- a/clusters/cl01tl/applications/home-assistant/values.yaml +++ b/clusters/cl01tl/applications/home-assistant/values.yaml @@ -1,46 +1,79 @@ home-assistant: - deployment: - env: - TZ: US/Central - ingressRoute: - enabled: true - host: homeassistant.alexlebens.net - authentik: - outpost: authentik-outpost-proxy - namespace: authentik - metrics: - enabled: true - serviceMonitor: - bearerTokenSecret: - name: home-assistant-token-secret - key: bearerToken - prometheusRule: - enabled: true - rules: - - alert: HomeAssistantAbsent - annotations: - description: Home Assistant has disappeared from Prometheus service discovery. - summary: Home Assistant is down. - expr: | - absent(up{job=~".*home-assistant.*"} == 1) - for: 5m - labels: - severity: critical + controllers: + main: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: homeassistant/home-assistant + tag: 2024.5.5 + pullPolicy: IfNotPresent + env: + - name: TZ + value: US/Central + resources: + requests: + cpu: 100m + memory: 256Mi + codeserver: + type: deployment + replicas: 1 + strategy: Recreate + revisionHistoryLimit: 3 + containers: + main: + image: + repository: linuxserver/code-server + tag: 4.89.1 + pullPolicy: IfNotPresent + env: + - name: TZ + value: US/Central + - name: PUID + value: 1000 + - name: PGID + value: 1000 + - name: DEFAULT_WORKSPACE + value: /config + envFrom: + - secretRef: + name: home-assistant-codeserver-password-secret + resources: + requests: + cpu: 100m + memory: 256Mi + serviceAccount: + create: true + service: + main: + controller: main + ports: + http: + port: 8123 + targetPort: 8123 + protocol: HTTP + codeserver: + controller: codeserver + ports: + http: + port: 8443 + targetPort: 8443 + protocol: HTTP persistence: config: - storageClassName: ceph-block - storageSize: 1Gi - codeserver: - enabled: true - env: - TZ: US/Central - DEFAULT_WORKSPACE: /config - envFrom: - - secretRef: - name: home-assistant-codeserver-password-secret - ingressRoute: - enabled: true - host: homeassistant-codeserver.alexlebens.net - authentik: - outpost: authentik-outpost-proxy - namespace: authentik + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 1Gi + retain: true + advancedMounts: + main: + main: + - path: /config + readOnly: false + codeserver: + main: + - path: /config/home-assistant + readOnly: false