convert home-assistant to app-template

clusters/cl01tl/applications/home-assistant/Chart.yaml

@@ -1,11 +1,18 @@
 apiVersion: v2
 name: home-assistant
 version: 1.0.0
+description: Home Assistant
+keywords:
+  - home
+  - automation
 sources:
   - https://github.com/home-assistant
-  - https://github.com/alexlebens/helm-charts/tree/main/charts/home-assistant
+maintainers:
+  - name: alexlebens
 dependencies:
-  - name: home-assistant
-    version: 0.1.16
-    repository: http://alexlebens.github.io/helm-charts
-appVersion: v2024.5.3
+  - name: app-template
+    alias: home-assistant
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.2.1
+icon: https://avatars.githubusercontent.com/u/13844975?s=200&v=4    
+appVersion: v2024.5.5

clusters/cl01tl/applications/home-assistant/templates/external-secret.yaml

@@ -4,7 +4,7 @@ metadata:
   name: home-assistant-codeserver-password-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: home-assistant-codeserver-password-secret
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
@@ -18,9 +18,9 @@ spec:
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /home-assistant/auth
+        key: /cl01tl/home-assistant/auth
         metadataPolicy: None
-        property: SUDO_PASSWORD
+        property: password
 
 ---
 apiVersion: external-secrets.io/v1beta1
@@ -29,7 +29,7 @@ metadata:
   name: home-assistant-token-secret
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Release.Name }}
+    app.kubernetes.io/name: home-assistant-token-secret
     app.kubernetes.io/instance: {{ .Release.Name }}
     app.kubernetes.io/version: {{ .Chart.AppVersion }}
     app.kubernetes.io/component: web
@@ -43,6 +43,6 @@ spec:
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /home-assistant/auth
+        key: /cl01tl/home-assistant/auth
         metadataPolicy: None
         property: bearerToken

clusters/cl01tl/applications/home-assistant/templates/ingress-route.yaml

@@ -0,0 +1,68 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: home-assistant
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`homeassistant.alexlebens.net`)
+      middlewares:
+        - name: "authentik-{{ .Release.Name }}"
+          namespace: authentik
+      priority: 10
+      services:
+        - kind: Service
+          name: home-assistant
+          port: 8123
+    - kind: Rule
+      match: Host(`homeassistant.alexlebens.net`) && PathPrefix(`/outpost.goauthentik.io/`)
+      priority: 15
+      services:
+        - kind: Service
+          name: authentik-outpost-proxy
+          port: 9000
+          namespace: authentik
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: home-assistant-codeserver
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: home-assistant-codeserver
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`homeassistant-codeserver.alexlebens.net`)
+      middlewares:
+        - name: "authentik-{{ .Release.Name }}"
+          namespace: authentik
+      priority: 10
+      services:
+        - kind: Service
+          name: home-assistant-codeserver
+          port: 8443
+    - kind: Rule
+      match: Host(`homeassistant-codeserver.alexlebens.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
+      priority: 15
+      services:
+        - kind: Service
+          name: authentik-outpost-proxy
+          port: 9000
+          namespace: authentik

clusters/cl01tl/applications/home-assistant/templates/middleware.yaml

@@ -0,0 +1,27 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: "authentik-{{ .Release.Name }}"
+  namespace: authentik
+  labels:
+    app.kubernetes.io/name: "authentik-{{ .Release.Name }}"
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: auth
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  forwardAuth:
+    address: http://authentik-outpost-proxy.authentik:9000/outpost.goauthentik.io/auth/traefik
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version

clusters/cl01tl/applications/home-assistant/templates/prometheus-rule.yaml

@@ -0,0 +1,24 @@
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: home-assistant
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: metrics
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  groups:
+    - name: home-assistant
+      rules:
+        - alert: HomeAssistantAbsent
+          annotations:
+            description: Home Assistant has disappeared from Prometheus service discovery.
+            summary: Home Assistant is down.
+          expr: |
+            absent(up{job=~".*home-assistant.*"} == 1)
+          for: 5m
+          labels:
+            severity: critical

clusters/cl01tl/applications/home-assistant/templates/service-monitor.yaml

@@ -0,0 +1,24 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: home-assistant
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: home-assistant
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: metrics
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: home-assistant
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  endpoints:
+    - port: http
+      interval: 1m
+      scrapeTimeout: 30s
+      path: /api/prometheus
+      bearerTokenSecret:
+        name: home-assistant-token-secret
+        key: bearerToken

clusters/cl01tl/applications/home-assistant/values.yaml

@@ -1,46 +1,79 @@
 home-assistant:
-  deployment:
-    env:
-      TZ: US/Central
-  ingressRoute:
-    enabled: true
-    host: homeassistant.alexlebens.net
-    authentik:
-      outpost: authentik-outpost-proxy
-      namespace: authentik
-  metrics:
-    enabled: true
-    serviceMonitor:
-      bearerTokenSecret:
-        name: home-assistant-token-secret
-        key: bearerToken
-    prometheusRule:
-      enabled: true
-      rules:
-        - alert: HomeAssistantAbsent
-          annotations:
-            description: Home Assistant has disappeared from Prometheus service discovery.
-            summary: Home Assistant is down.
-          expr: |
-            absent(up{job=~".*home-assistant.*"} == 1)
-          for: 5m
-          labels:
-            severity: critical
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        main:
+          image:
+            repository: homeassistant/home-assistant
+            tag: 2024.5.5
+            pullPolicy: IfNotPresent
+          env:
+            - name: TZ
+              value: US/Central
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+    codeserver:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        main:
+          image:
+            repository: linuxserver/code-server
+            tag: 4.89.1
+            pullPolicy: IfNotPresent
+          env:
+            - name: TZ
+              value: US/Central
+            - name: PUID
+              value: 1000
+            - name: PGID
+              value: 1000
+            - name: DEFAULT_WORKSPACE
+              value: /config
+          envFrom:
+            - secretRef:
+                name: home-assistant-codeserver-password-secret
+          resources:
+            requests:
+              cpu: 100m
+              memory: 256Mi
+  serviceAccount:
+    create: true
+  service:
+    main:
+      controller: main
+      ports:
+        http:
+          port: 8123
+          targetPort: 8123
+          protocol: HTTP
+    codeserver:
+      controller: codeserver
+      ports:
+        http:
+          port: 8443
+          targetPort: 8443
+          protocol: HTTP
   persistence:
     config:
-      storageClassName: ceph-block
-      storageSize: 1Gi
-  codeserver:
-    enabled: true
-    env:
-      TZ: US/Central
-      DEFAULT_WORKSPACE: /config
-    envFrom:
-      - secretRef:
-          name: home-assistant-codeserver-password-secret
-    ingressRoute:
-      enabled: true
-      host: homeassistant-codeserver.alexlebens.net
-      authentik:
-        outpost: authentik-outpost-proxy
-        namespace: authentik
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 1Gi
+      retain: true
+      advancedMounts:
+        main:
+          main:
+            - path: /config
+              readOnly: false
+        codeserver:
+          main:
+            - path: /config/home-assistant
+              readOnly: false