Add a cluster of thin clients #399
|
@ -2,27 +2,72 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
name: whoami
|
name: home-assistant
|
||||||
namespace: default
|
namespace: default
|
||||||
spec:
|
spec:
|
||||||
interval: 5m
|
interval: 5m
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: app-template
|
chart: app-template
|
||||||
version: 3.1.0
|
version: 3.4.0
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: bjws-charts
|
name: bjws-charts
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
|
dependsOn:
|
||||||
|
- name: openebs
|
||||||
|
namespace: openebs
|
||||||
values:
|
values:
|
||||||
controllers:
|
controllers:
|
||||||
main:
|
main:
|
||||||
containers:
|
containers:
|
||||||
main:
|
app:
|
||||||
image:
|
image:
|
||||||
repository: containous/whoami
|
repository: ghcr.io/onedr0p/home-assistant
|
||||||
tag: latest
|
tag: 2024.9.1
|
||||||
|
env:
|
||||||
|
TZ: America/New_York #${SERVER_TIMEZONE}
|
||||||
|
HASS_HTTP_TRUSTED_PROXY_1: 192.168.0.0/16
|
||||||
|
HASS_HTTP_TRUSTED_PROXY_2: 10.0.0.0/8
|
||||||
|
HASS_SECRET_URL: &hassHost "hass.thin.seanomik.net" #${SECRET_NEW_DOMAIN}
|
||||||
|
HOME_ASSISTANT__HACS_INSTALL: "true"
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: home-assistant
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
capabilities: { drop: ["ALL"] }
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
limits:
|
||||||
|
memory: 2Gi
|
||||||
|
code-server:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/coder/code-server
|
||||||
|
tag: 4.92.2
|
||||||
|
args: [
|
||||||
|
"--auth", "none",
|
||||||
|
"--user-data-dir", "/config/.vscode",
|
||||||
|
"--extensions-dir", "/config/.vscode",
|
||||||
|
"--port", "12321",
|
||||||
|
"/config"
|
||||||
|
]
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
limits:
|
||||||
|
memory: 512Mi
|
||||||
|
|
||||||
|
defaultPodOptions:
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 568
|
||||||
|
runAsGroup: 568
|
||||||
|
fsGroup: 568
|
||||||
|
fsGroupChangePolicy: OnRootMismatch
|
||||||
|
seccompProfile: { type: RuntimeDefault }
|
||||||
|
|
||||||
service:
|
service:
|
||||||
app:
|
app:
|
||||||
|
@ -30,19 +75,54 @@ spec:
|
||||||
|
|
||||||
ports:
|
ports:
|
||||||
http:
|
http:
|
||||||
port: 80
|
port: 8123
|
||||||
|
code-server:
|
||||||
|
port: 12321
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
main:
|
app:
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
#traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
#traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||||
|
|
||||||
|
className: external
|
||||||
hosts:
|
hosts:
|
||||||
- host: "whoami.${SECRET_NEW_DOMAIN}"
|
- host: *hassHost
|
||||||
paths:
|
paths:
|
||||||
- path: /
|
- path: /
|
||||||
service:
|
service:
|
||||||
identifier: app
|
identifier: app
|
||||||
port: http
|
port: http
|
||||||
|
code-server:
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
#traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||||
|
|
||||||
|
className: internal
|
||||||
|
hosts:
|
||||||
|
- host: "hass-code.internal.thin.seanomik.net"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
service:
|
||||||
|
identifier: app
|
||||||
|
port: code-server
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
existingClaim: home-assistant-config
|
||||||
|
globalMounts:
|
||||||
|
- path: /config
|
||||||
|
logs:
|
||||||
|
type: emptyDir
|
||||||
|
globalMounts:
|
||||||
|
- path: /config/logs
|
||||||
|
tts:
|
||||||
|
type: emptyDir
|
||||||
|
globalMounts:
|
||||||
|
- path: /config/tts
|
||||||
|
tmp:
|
||||||
|
type: emptyDir
|
||||||
|
globalMounts:
|
||||||
|
- path: /tmp
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
|
- ./pvc.yaml
|
||||||
|
- ./secret.sops.yaml
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: home-assistant-config
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
storageClassName: openebs-dual
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 6Gi
|
|
@ -0,0 +1,75 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: home-assistant
|
||||||
|
namespace: default
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
HASS_SECRET_ELEVATION: ENC[AES256_GCM,data:+dg6fw==,iv:8YPS3cD/qnZcQCwjdSVYJ5x/z0rSR8jplZfxr1EPqJk=,tag:2S0JTIYBvxN5tAnLMLMwtQ==,type:str]
|
||||||
|
HASS_SECRET_LATITUDE: ENC[AES256_GCM,data:Kgq3N7fRG8Dn2g==,iv:7m7RQM1WcIKTLfMr1cjcFxqnYJ+7llKNY6Mdl9MdVmI=,tag:wtgsJsCov1BxN0LW3bn2cg==,type:str]
|
||||||
|
HASS_SECRET_LONGITUDE: ENC[AES256_GCM,data:fBTv0J7rNN6Tt5I=,iv:lU0J2Qd1rRzrIKhYUDeqcQfRidGvsBzby7a/9UiCKYU=,tag:Lyh1QS3WIpP0tl0g9NEQMg==,type:str]
|
||||||
|
HASS_SECRET_DB_URL: ENC[AES256_GCM,data:YXk+YKDlqnrn7hxGe4Q5cTaafK2ijRWf2NtAltdeJmQ3sAL3Z8N7yV3VwSUkL9Re181JRXeiIebEoIMx2DDlTaYMcnGPQyqjSWBMSt4/+WgmZ0Q=,iv:5N/dbYht2ts26GAh14BxNA3zq7US+s8WbmNWFJtO+jk=,tag:6sqa0kufUdkyMVdJ9rVCdA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2024-09-16T00:34:28Z"
|
||||||
|
mac: ENC[AES256_GCM,data:zoW6fr1LbCpxj+47BS7YSJtT8CF3QLdkYR+JsNmVNv+NZ5229TC+RGWbSwjyHtqb7Xxzhwzuna8kVR9Jg8dnJOZhEJM2uY7rTx0z0tpakdvUggxDiBH3W8nIc//DzxgbGZwtP9/LNpzE0ucvTKrqJsUW6/Idu815bLknNbeaPxo=,iv:KbbWZ17JQNsCuSI26nGKwKjoP4aULua3GBCJbQgNpyI=,tag:PvEhlwCpYMtJB8lx5vmVfQ==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2024-09-16T00:34:28Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAyqlIeyoxYovAQ//WFv9Y/YWKUUEV7ymMAqVpCdiVp1DiRBbsNVlBCi+x2lF
|
||||||
|
NO/AHTeTvJL+9uyavQsSQVuuIhCMG9R7uwTAQaLgZat8Q3ToC4ntEjoxQQfKsUTl
|
||||||
|
1qfsFTTGW8PJbekkvZmufTMTzmJ+8j0TGnQeCcI9D/XmE/fDP+P551YLCXJm/MtC
|
||||||
|
xGo1Wz27n0YYseWRjO6hAOU0/z3tQxgEYU40uWt/Wego3XaXVIAOC7E+uxbVIGfW
|
||||||
|
DsQQQi3E5mKGdWB6VvzozstneZuDNU+GiNCCHsYYCCSMwT4z1FFPTl3T4Qr+yRbQ
|
||||||
|
Ylh5y7LQsVmHnwzC2eDatxL2v7chSoYWczZMKTmNCcppZ1Lvas14Cd9MdC/yt2yD
|
||||||
|
jDrXtyw1jPho+A688EvB7E/nCEXnchL0xqCcCqa7IE3+hhZzxLWysfz4QM0Mg2rv
|
||||||
|
j7QLP2/ssuB9K2dOrudkE0MUzQyf5tu9Av7YD+KR0SEcuQ/Y2yvnScLf4SS/NEgG
|
||||||
|
erB8e44M/NG/CN38YOxPGtK9FcxjJKyDfk5S//TPteZBgtKwf18H5SDonu3E6WUU
|
||||||
|
Z61U/Vw31xtIuFVRPAQc5qzfCVQ9N0zJx28F3QJXcgMzmEVHQKyJ+/u9ytfTQpg5
|
||||||
|
CPfexvgNg9CR++p6MY0tie07iLkmoT23hq1A36Q+pnyqR1bZVu0vVIVtOIANG3qF
|
||||||
|
AgwDXjg0p2IN1X8BD/4oBsOiwYJYAPdsxtQyMoj92r6NUl+STRdvalSyweJqf9xK
|
||||||
|
RfQzlNtdN6ADTD7p6PKZxg/Bb9HGJe7eUto78Eqn9Uqu67pGPCUiaVk7JUUayGHd
|
||||||
|
Fay3OJYuLEgukEo1okq+yBDjj+dGwTJ17Cl8hYgNSyeGCAiXqUkktkRXkjvhI55X
|
||||||
|
lgOc3wiaRqcuLFG5h00qo3Wy4ESzuQSKFEimpSec8CSxuY/vTg8CFjekkmUerNmd
|
||||||
|
eKKW6q0IB2WUrxbvG4moF+4pK6F8zOgF1B94cFuFHoDQ1sOFkUI95v0/mEi6qIX4
|
||||||
|
gTD6DAbgmZCyFWrfH1ogU7vpa2aDrFDHYLFyjESX6zhMVnQwetQsgdQ3C2Q5HpD5
|
||||||
|
uWuzbVSOVpUzwOsgwP1bUn6Layxnk3cVtgLj5ODdUYSBJZ6/ReQ/aQjhUpNVQIUA
|
||||||
|
inqCuL6dSFDTKKwDpzdVTX105knBNP5pHaDVdFN+iUu9pbFGSqWAZQ/XtfznBSbl
|
||||||
|
QntMp70zVe5TlMtB7DCpkRcgI/oOLjciM+ITVW3mh7nX0tbBUZ/2T/KKPwFHNI/4
|
||||||
|
wU/TH13RW0l92eJRXYarYsOqsDsYzlkOoPupNQFK8UVu44cVe/jPJNNi9yU8EN5r
|
||||||
|
2VoKr2F7sYprbSunhFrOXFGngCs0pgk6lKcWKE6mP8b2AmmX0FHBjojTDRu3D9Rm
|
||||||
|
AQkCEHK/1D/N2aQA8WZBnz87r51MTQ+dqxTu9tAOjCGX2jP1NvQqnS2vL+iqsvlo
|
||||||
|
CxojBsFhFZXLpd/op2N+4nFMA0HAPl4pKj5hi6tUEzkXr9ltfvnIMdv0ZoZoM61r
|
||||||
|
B1xdW8jX
|
||||||
|
=HAf4
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
|
||||||
|
- created_at: "2024-09-16T00:34:28Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAy5t8IMoPu4VAQ//S4pP46cksxK/sNjHKP8A8uY3KNewuTd9URB605mXlaAA
|
||||||
|
iTMnujsimRREiYoxkcgCIuxoYgpXoi30XrlrSbdKwSt1flGRjVBtW62uvgFRn/Ya
|
||||||
|
qmZimGRyhSr0NWMZdsCoOGECCd21lGOwGeTmZzcsvYtzT0fgpYoRtQv0L44eBuFy
|
||||||
|
uzNIvDw7SvvjM2nGWI6VAlAg6CnAz3Fo9JbccZINqgfRTNhtkHU5R6M0M6EjmN6M
|
||||||
|
xkcr280dOdV3dWKfAtZld2aPb9QLj2vxYxcSqaqQ3jLpmy5JrCT+E4fxt6THyg4R
|
||||||
|
x9EGds30zUOUwB5hOJGF+dPPdb3M1imZZymDYZ65WDt6nttRVz9p1Vxu8BiMzMef
|
||||||
|
CPcrArf5ic+TDp4QydwAb3UjkT+b8/iHGLrFLn7E7s9xaWN8Y8wHxhABjEMKia/8
|
||||||
|
hhZozgapC7EIK10Qq4S+mce+pQrLdPrz++/jEL5enuh3vo8s6PSCAbM7sxjoNUV0
|
||||||
|
Sjbl3lOlbvRLMRJoxMgeHCYKR8HBKYX3lbPSOl0+D2rwibdrbuk1N4NMq0z9YU3O
|
||||||
|
PCEDpGxzj469yss1XbpoANG7EpS9uMdTN+ONE1Xx7AvsADMrNvdJeLvku93bknZw
|
||||||
|
6rD1aSBau98H/WGM1XGu0nOzQgxtfCoaFRnXf03lMldWlkQnwYuhZPs+3mwg8vfU
|
||||||
|
ZgEJAhD4mf23O6K9MUJFjoHABoZAQqX2UEc7TRjIc+YHGg8PekuK4yTWIKkHIvUL
|
||||||
|
WdiWaO8gB+QmoyHt6bg4+di1iqTujnKTPqPF6ehpoDlqWHXWs2mxl2UiC6DGUHlm
|
||||||
|
oIfC9MKtDA==
|
||||||
|
=uXt0
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.9.0
|
|
@ -2,12 +2,12 @@
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
metadata:
|
metadata:
|
||||||
name: whoami
|
name: home-assistant
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
spec:
|
spec:
|
||||||
timeout: 5m
|
timeout: 5m
|
||||||
interval: 10m
|
interval: 10m
|
||||||
path: ./kubernetes/thin/apps/default/whoami/files
|
path: ./kubernetes/thin/apps/default/home-assistant/files
|
||||||
prune: true
|
prune: true
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: GitRepository
|
kind: GitRepository
|
||||||
|
@ -16,6 +16,11 @@ spec:
|
||||||
provider: sops
|
provider: sops
|
||||||
secretRef:
|
secretRef:
|
||||||
name: sops-gpg
|
name: sops-gpg
|
||||||
|
dependsOn:
|
||||||
|
- name: openebs-sc
|
||||||
|
namespace: flux-system
|
||||||
|
- name: postgresql
|
||||||
|
namespace: flux-system
|
||||||
postBuild:
|
postBuild:
|
||||||
substitute: {}
|
substitute: {}
|
||||||
substituteFrom:
|
substituteFrom:
|
||||||
|
|
|
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./whoami/ks.yaml
|
- ./whoami/ks.yaml
|
||||||
|
- ./home-assistant/ks.yaml
|
Loading…
Reference in New Issue