From 18eef88764c73e0fc63ef25f609885e9c6ecceb3 Mon Sep 17 00:00:00 2001 From: baschno Date: Tue, 4 Feb 2025 23:58:21 +0100 Subject: [PATCH] homeassistant on k8s --- Homeassistant/deployment.yaml | 143 +++++++++++++++++ Homeassistant/deployment_complete.yaml | 146 ++++++++++++++++++ Homeassistant/homeassistant-certificate.yaml | 12 ++ .../homeassistant-ingress-route.yaml | 16 ++ 4 files changed, 317 insertions(+) create mode 100644 Homeassistant/deployment.yaml create mode 100644 Homeassistant/deployment_complete.yaml create mode 100644 Homeassistant/homeassistant-certificate.yaml create mode 100644 Homeassistant/homeassistant-ingress-route.yaml diff --git a/Homeassistant/deployment.yaml b/Homeassistant/deployment.yaml new file mode 100644 index 0000000..68b6bde --- /dev/null +++ b/Homeassistant/deployment.yaml @@ -0,0 +1,143 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: home-assistant +--- +apiVersion: v1 +kind: Service +metadata: + namespace: home-assistant + name: home-assistant +spec: + selector: + app: home-assistant + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 8123 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: home-assistant + name: home-assistant + labels: + app: home-assistant +spec: + replicas: 1 + selector: + matchLabels: + app: home-assistant + template: + metadata: + labels: + app: home-assistant + spec: + containers: + # - name: bluez + # image: ghcr.io/mysticrenji/bluez-service:v1.0.0 + # securityContext: + # privileged: true + - name: home-assistant + image: homeassistant/home-assistant:2025.1.4 + resources: + requests: + memory: "256Mi" + limits: + memory: "512Mi" + ports: + - containerPort: 8123 + volumeMounts: + - mountPath: /config + name: config + - mountPath: /config/configuration.yaml + subPath: configuration.yaml + name: configmap-file + - mountPath: /config/automations.yaml + subPath: automations.yaml + name: configmap-file + - mountPath: /media + name: media-volume + # - mountPath: /run/dbus + # name: d-bus + # readOnly: true + - mountPath: /dev/ttyUSB1 + name: zigbee + #- mountPath: /dev/video0 + # name: cam + securityContext: + privileged: true + capabilities: + add: + - NET_ADMIN + - NET_RAW + - SYS_ADMIN + hostNetwork: true + volumes: + - name: config + persistentVolumeClaim: + claimName: home-assistant-pvc + - name: media-volume + hostPath: + path: /tmp/media + - name: configmap-file + configMap: + name: home-assistant-configmap + # hostPath: + # path: /tmp/home-assistant + # type: DirectoryOrCreate + # - name: d-bus + # hostPath: + # path: /run/dbus + - name: zigbee + hostPath: + path: /dev/ttyACM0 + #- name: cam + # hostPath: + # path: /dev/video0 +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: home-assistant-configmap + namespace: home-assistant +data: + known_devices.yaml: | + automations.yaml: | + configuration.yaml: |- + default_config: + frontend: + themes: !include_dir_merge_named themes + automation: !include automations.yaml + auth_providers: + - type: homeassistant + - type: trusted_networks + trusted_networks: + - 192.168.178.0/24 + - fd00::/8 + + http: + use_x_forwarded_for: true + trusted_proxies: + - 10.10.0.0/16 + - 192.168.178.0/24 + - 10.42.0.0/16 +--- + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: home-assistant-pvc + labels: + app: home-assistant + namespace: home-assistant +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 9Gi \ No newline at end of file diff --git a/Homeassistant/deployment_complete.yaml b/Homeassistant/deployment_complete.yaml new file mode 100644 index 0000000..b6857c7 --- /dev/null +++ b/Homeassistant/deployment_complete.yaml @@ -0,0 +1,146 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: home-assistant +--- +apiVersion: v1 +kind: Service +metadata: + namespace: home-assistant + name: home-assistant +spec: + selector: + app: home-assistant + type: ClusterIP + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 8123 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: home-assistant + name: home-assistant + labels: + app: home-assistant +spec: + replicas: 1 + selector: + matchLabels: + app: home-assistant + template: + metadata: + labels: + app: home-assistant + spec: + containers: + - name: bluez + image: ghcr.io/mysticrenji/bluez-service:v1.0.0 + securityContext: + privileged: true + - name: home-assistant + image: ghcr.io/mysticrenji/homeassistant-arm64:2023.3.0 + resources: + requests: + memory: "256Mi" + limits: + memory: "512Mi" + ports: + - containerPort: 8123 + volumeMounts: + - mountPath: /config + name: config + - mountPath: /config/configuration.yaml + subPath: configuration.yaml + name: configmap-file + - mountPath: /config/automations.yaml + subPath: automations.yaml + name: configmap-file + - mountPath: /media + name: media-volume + # - mountPath: /run/dbus + # name: d-bus + # readOnly: true + - mountPath: /dev/ttyUSB1 + name: zigbee + #- mountPath: /dev/video0 + # name: cam + securityContext: + privileged: true + capabilities: + add: + - NET_ADMIN + - NET_RAW + - SYS_ADMIN + hostNetwork: true + volumes: + - name: config + persistentVolumeClaim: + claimName: home-assistant-pvc + - name: media-volume + hostPath: + path: /tmp/media + - name: configmap-file + configMap: + name: home-assistant-configmap + # hostPath: + # path: /tmp/home-assistant + # type: DirectoryOrCreate + # - name: d-bus + # hostPath: + # path: /run/dbus + - name: zigbee + hostPath: + path: /dev/ttyACM0 + #- name: cam + # hostPath: + # path: /dev/video0 +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: home-assistant-configmap + namespace: home-assistant +data: + known_devices.yaml: | + automations.yaml: | + configuration.yaml: |- + default_config: + frontend: + themes: !include_dir_merge_named themes + automation: !include automations.yaml + http: + use_x_forwarded_for: true + trusted_proxies: + - 10.10.0.0/16 +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: home-assistant-pvc + labels: + app: home-assistant + namespace: home-assistant +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 9Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: zwavejs2mqtt-pvc + labels: + app: zwavejs2mqtt + namespace: home-assistant +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 500Mi \ No newline at end of file diff --git a/Homeassistant/homeassistant-certificate.yaml b/Homeassistant/homeassistant-certificate.yaml new file mode 100644 index 0000000..2eec61a --- /dev/null +++ b/Homeassistant/homeassistant-certificate.yaml @@ -0,0 +1,12 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: homeassistant-ingress-certificate + namespace: home-assistant +spec: + secretName: homeassistant-certificate-secret + issuerRef: + name: cloudflare-cluster-issuer + kind: ClusterIssuer + dnsNames: + - homeassistant.k8s.internal.schnrbs.work \ No newline at end of file diff --git a/Homeassistant/homeassistant-ingress-route.yaml b/Homeassistant/homeassistant-ingress-route.yaml new file mode 100644 index 0000000..962d072 --- /dev/null +++ b/Homeassistant/homeassistant-ingress-route.yaml @@ -0,0 +1,16 @@ +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: homeassistant-ingress-route + namespace: home-assistant +spec: + entryPoints: + - websecure + routes: + - match: Host(`homeassistant.k8s.internal.schnrbs.work`) + kind: Rule + services: + - name: home-assistant + port: 80 + tls: + secretName: homeassistant-certificate-secret \ No newline at end of file