129 lines
3.5 KiB
YAML
129 lines
3.5 KiB
YAML
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: home-assistant
|
|
namespace: default
|
|
spec:
|
|
interval: 5m
|
|
chart:
|
|
spec:
|
|
chart: app-template
|
|
version: 3.4.0
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: bjws-charts
|
|
namespace: flux-system
|
|
dependsOn:
|
|
- name: openebs
|
|
namespace: openebs
|
|
values:
|
|
controllers:
|
|
main:
|
|
containers:
|
|
app:
|
|
image:
|
|
repository: ghcr.io/onedr0p/home-assistant
|
|
tag: 2024.10.1
|
|
env:
|
|
TZ: America/New_York #${SERVER_TIMEZONE}
|
|
HASS_HTTP_TRUSTED_PROXY_1: 192.168.0.0/16
|
|
HASS_HTTP_TRUSTED_PROXY_2: 10.0.0.0/8
|
|
HASS_SECRET_URL: &hassHost "hass.thin.seanomik.net" #${SECRET_NEW_DOMAIN}
|
|
HOME_ASSISTANT__HACS_INSTALL: "true"
|
|
envFrom:
|
|
- secretRef:
|
|
name: home-assistant
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
capabilities: { drop: ["ALL"] }
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
limits:
|
|
memory: 2Gi
|
|
code-server:
|
|
image:
|
|
repository: ghcr.io/coder/code-server
|
|
tag: 4.93.1
|
|
args: [
|
|
"--auth", "none",
|
|
"--user-data-dir", "/config/.vscode",
|
|
"--extensions-dir", "/config/.vscode",
|
|
"--port", "12321",
|
|
"/config"
|
|
]
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
limits:
|
|
memory: 512Mi
|
|
|
|
defaultPodOptions:
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 568
|
|
runAsGroup: 568
|
|
fsGroup: 568
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
seccompProfile: { type: RuntimeDefault }
|
|
|
|
service:
|
|
app:
|
|
controller: main
|
|
|
|
ports:
|
|
http:
|
|
port: 8123
|
|
code-server:
|
|
port: 12321
|
|
|
|
ingress:
|
|
app:
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
#traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
|
|
|
className: external
|
|
hosts:
|
|
- host: *hassHost
|
|
paths:
|
|
- path: /
|
|
service:
|
|
identifier: app
|
|
port: http
|
|
code-server:
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
#traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
|
|
|
className: internal
|
|
hosts:
|
|
- host: "hass-code.internal.thin.seanomik.net"
|
|
paths:
|
|
- path: /
|
|
service:
|
|
identifier: app
|
|
port: code-server
|
|
|
|
persistence:
|
|
config:
|
|
existingClaim: home-assistant-config
|
|
globalMounts:
|
|
- path: /config
|
|
logs:
|
|
type: emptyDir
|
|
globalMounts:
|
|
- path: /config/logs
|
|
tts:
|
|
type: emptyDir
|
|
globalMounts:
|
|
- path: /config/tts
|
|
tmp:
|
|
type: emptyDir
|
|
globalMounts:
|
|
- path: /tmp
|