moore home assistant

apps/homeassistant/base/deployment.yaml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: homeassistant
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: homeassistant
+  template:
+    metadata:
+      labels:
+        app: homeassistant
+    spec:
+      containers:
+        - name: homeassistant
+          image: homeassistant
+          ports:
+            - containerPort: 8123
+          env:
+          - name: TZ
+            value: Europe/Berlin
+          volumeMounts:
+            - name: config-dir
+              mountPath: /config
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "200Mi"
+            limits:
+              cpu: "2"
+              memory: "1Gi"
+      volumes:
+        - name: config-dir
+          persistentVolumeClaim:
+            claimName: config

apps/homeassistant/base/ingress.yaml

@@ -0,0 +1,28 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: homeassistant
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`homeassistant.kluster.moll.re`)
+      middlewares:
+        - name: homeassistant
+      kind: Rule
+      services:
+        - name: homeassistant
+          port: 8123
+  tls:
+    certResolver: default-tls
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: homeassistant
+spec:
+  headers:
+    customRequestHeaders:
+      X-Forwarded-Proto: "https"
+      # enable websockets
+      Upgrade: "websocket"

apps/homeassistant/base/kustomization.yaml

@@ -0,0 +1,20 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  # - namespace.yaml # not managed by kustomize but created as needed by the argo app. creates conflicts otherwise since both overlays share the same namespace
+  - ingress.yaml
+  - pvc.yaml
+  - service.yaml
+  - deployment.yaml
+  - servicemonitor.yaml
+
+
+images:
+  - name: homeassistant
+    newName: homeassistant/home-assistant
+    newTag: "2025.10"
+
+configurations:
+  # allow nameReference to work with different mentions of the same resource as well
+  - name_reference.yaml

apps/homeassistant/base/name_reference.yaml

@@ -0,0 +1,32 @@
+nameReference:
+  # Tie target Service metadata.name to other ingressroute fields
+  - kind: Service
+    fieldSpecs:
+      # rewrite the backend service name
+      - kind: IngressRoute
+        group: traefik.io
+        version: v1alpha1
+        path: spec/routes/services/name
+
+      # adapt the ingress url
+      # DOES NOT WORK
+      - kind: IngressRoute
+        group: traefik.io
+        version: v1alpha1
+        path: /spec/routes/match
+        create: false
+
+      # adapt any middleware names
+      - kind: IngressRoute
+        group: traefik.io
+        version: v1alpha1
+        path: spec/routes/middlewares/name
+
+  # Update deployment volume mounts according to name changes in the sealedsecret
+  - kind: SealedSecret
+    fieldSpecs:
+      # volume mounts:
+      - kind: Deployment
+        group: apps
+        version: v1
+        path: spec/template/spec/volumes/secret/secretName

apps/homeassistant/base/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: placeholder

apps/homeassistant/base/pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: config
+spec:
+  storageClassName: "nfs-client"
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: "1Gi"

apps/homeassistant/base/service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: homeassistant
+  labels:
+    app: homeassistant
+spec:
+  selector:
+    app: homeassistant
+  ports:
+  - port: 8123
+    targetPort: 8123
+    name: http

apps/homeassistant/base/servicemonitor.yaml

@@ -0,0 +1,13 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: homeassistant-servicemonitor
+  labels:
+    app: homeassistant
+spec:
+  selector:
+    matchLabels:
+      app: homeassistant
+  endpoints:
+    - port: http
+      path: /api/prometheus