SeanOMik/k3s-cluster
1
0
Fork 0
Code Issues3 Pull requests11 Activity

feat(thin): add esphome

Browse source
This commit is contained in:
SeanOMik 2025-03-01 16:45:07 -05:00
parent bdd919c592
commit de10288165
Signed by: SeanOMik
GPG key ID: FEC9E2FC15235964
5 changed files with 156 additions and 0 deletions

111
kubernetes/thin/apps/default/esphome/app/helm-release.yaml Normal file
View file

@ -0,0 +1,111 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: esphome
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.4.0
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
dependsOn:
- name: home-assistant
namespace: default
values:
controllers:
main:
containers:
app:
image:
repository: ghcr.io/esphome/esphome
tag: 2025.2.1
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 10m
limits:
memory: 1Gi
code-server:
image:
repository: ghcr.io/coder/code-server
tag: 4.97.2
args: [
"--auth", "none",
"--user-data-dir", "/config/.vscode",
"--extensions-dir", "/config/.vscode",
"--port", "12321",
"/config"
]
resources:
requests:
cpu: 10m
limits:
memory: 512Mi
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
seccompProfile: { type: RuntimeDefault }
service:
app:
controller: main
ports:
http:
port: 6052
ingress:
app:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
#traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
className: internal
hosts:
- host: "esphome.internal.${SECRET_NEW_DOMAIN}"
#- host: *hassHost
paths:
- path: /
service:
identifier: app
port: http
code-server:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
#traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
className: internal
hosts:
- host: "esphome-code.internal.${SECRET_NEW_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: code-server
persistence:
config:
existingClaim: home-assistant-config
globalMounts:
- path: /config
# logs:
# type: emptyDir
# globalMounts:
# - path: /config/logs
# tts:
# type: emptyDir
# globalMounts:
# - path: /config/tts
tmp:
type: emptyDir
globalMounts:
- path: /tmp

5
kubernetes/thin/apps/default/esphome/app/kustomization.yaml Normal file
View file

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./pvc.yaml
- ./helm-release.yaml

11
kubernetes/thin/apps/default/esphome/app/pvc.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: esphome-config
spec:
accessModes:
- ReadWriteOnce
storageClassName: openebs-dual
resources:
requests:
storage: 1Gi

28
kubernetes/thin/apps/default/esphome/ks.yaml Normal file
View file

@ -0,0 +1,28 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: esphome
namespace: flux-system
spec:
timeout: 5m
interval: 10m
path: ./kubernetes/thin/apps/default/esphome/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: home-assistant
namespace: flux-system
postBuild:
substitute: {}
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets

1
kubernetes/thin/apps/default/kustomization.yaml
View file

@ -3,4 +3,5 @@ kind: Kustomization
resources:
- ./whoami/ks.yaml
- ./home-assistant/ks.yaml
- ./esphome/ks.yaml
#- ./nextcloud/ks.yaml