k3s-cluster/kubernetes/thin/apps/default/home-assistant/files/helm-release.yaml

129 lines
3.5 KiB
YAML

# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: home-assistant
namespace: default
spec:
interval: 5m
chart:
spec:
chart: app-template
version: 3.4.0
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
dependsOn:
- name: openebs
namespace: openebs
values:
controllers:
main:
containers:
app:
image:
repository: ghcr.io/onedr0p/home-assistant
tag: 2024.10.1
env:
TZ: America/New_York #${SERVER_TIMEZONE}
HASS_HTTP_TRUSTED_PROXY_1: 192.168.0.0/16
HASS_HTTP_TRUSTED_PROXY_2: 10.0.0.0/8
HASS_SECRET_URL: &hassHost "hass.thin.seanomik.net" #${SECRET_NEW_DOMAIN}
HOME_ASSISTANT__HACS_INSTALL: "true"
envFrom:
- secretRef:
name: home-assistant
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: { drop: ["ALL"] }
resources:
requests:
cpu: 10m
limits:
memory: 2Gi
code-server:
image:
repository: ghcr.io/coder/code-server
tag: 4.93.1
args: [
"--auth", "none",
"--user-data-dir", "/config/.vscode",
"--extensions-dir", "/config/.vscode",
"--port", "12321",
"/config"
]
resources:
requests:
cpu: 10m
limits:
memory: 512Mi
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 568
runAsGroup: 568
fsGroup: 568
fsGroupChangePolicy: OnRootMismatch
seccompProfile: { type: RuntimeDefault }
service:
app:
controller: main
ports:
http:
port: 8123
code-server:
port: 12321
ingress:
app:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
#traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
className: external
hosts:
- host: *hassHost
paths:
- path: /
service:
identifier: app
port: http
code-server:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
#traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
className: internal
hosts:
- host: "hass-code.internal.thin.seanomik.net"
paths:
- path: /
service:
identifier: app
port: code-server
persistence:
config:
existingClaim: home-assistant-config
globalMounts:
- path: /config
logs:
type: emptyDir
globalMounts:
- path: /config/logs
tts:
type: emptyDir
globalMounts:
- path: /config/tts
tmp:
type: emptyDir
globalMounts:
- path: /tmp