continuos deploy

deploy/README.md

@@ -0,0 +1,51 @@
+# Home Assistant Deploy
+
+## Namespace
+
+```bash { cwd=../ terminalRows=15 }
+# from repo root folder
+kubectl create namespace home-assistant
+```
+
+## Deployment
+
+### Environments requirements
+
+``` bash
+#./deploy/.env
+
+export ENDPOINT_IP="xxx.xxx.xxx.xxxx"
+export SERVICE_PORT=xxxx
+export INGRESS_ROUTES_MATCH="Host(`xxxx`)"
+export INGRESS_TLS_SECRET_NAME=xxxxxx
+```
+
+## Test Templates
+
+```bash { cwd=../ terminalRows=15 }
+# from repo root folder
+source ./deploy/.env \
+&& cat ./deploy/deployment.yaml \
+&& envsubst < ./deploy/service.template.yaml
+```
+
+## Deploy
+
+```bash { cwd=../ terminalRows=15 }
+# from repo root folder
+source ./deploy/.env \
+&& kubectl apply -f ./deploy/deployment.yaml \
+&& envsubst < ./deploy/service.template.yaml | kubectl apply -f -
+```
+
+## Continuos Deploy
+
+All Environment variables requirements as set as secrets.
+
+[gitea workflow](../.gitea/workflows/deploy.yaml)
+
+## RBAC
+
+```bash { cwd=../ }
+kubectl apply -f ./deploy/rbac.yaml
+```

deploy/deployment.yaml

@@ -1,7 +1,3 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: home-assistant
 ---
 
 apiVersion: v1
@@ -38,10 +34,10 @@ spec:
       dnsPolicy: ClusterFirstWithHostNet # ensures pod uses cluster DNS (CoreDNS) for service discovery even with host networking
       hostNetwork: true
       #  delays start so host have time to start on low memory resources
-      initContainers:
-        - name: delay-start
-          image: busybox:latest
-          command: ["sh", "-c", "sleep 60"]
+      # initContainers:
+      #   - name: delay-start
+      #     image: busybox:latest
+      #     command: ["sh", "-c", "sleep 60"]
       containers:
         - name: home-assistant
           image: "homeassistant/home-assistant"

deploy/home-assistant-external-service.yaml

@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: home-assistant-external
-  namespace: home-assistant
-spec:
-  clusterIP: None
-  ports:
-    - port: 8123
-      protocol: TCP
-
----
-
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: home-assistant-external
-  namespace: home-assistant
-subsets:
-  - addresses:
-      - ip: 192.168.14.9  # Replace with your actual external IP
-    ports:
-      - port: 8123

deploy/home-assistant-ingress.yaml

@@ -1,22 +0,0 @@
-
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: home-assistant
-  namespace: home-assistant
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`casa.limbosolutions.com`)
-      kind: Rule
-      services:
-        - name: home-assistant-external
-          port: 8123
-    - match: Host(`has.casa.limbosolutions.com`)
-      kind: Rule
-      services:
-        - name: home-assistant-external
-          port: 8123
-  tls:
-    secretName: casa-limbosolutions-com-tls

deploy/rbac.yaml

@@ -0,0 +1,34 @@
+
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: home-assistant
+  name: ci-cd
+rules:
+- apiGroups: [""]
+  resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+- apiGroups: ["apps"]
+  resources: ["deployments", "statefulsets"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingresses"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+- apiGroups: ["traefik.io"]
+  resources: ["ingressroutes"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name:  ci-cd
+  namespace: home-assistant
+subjects:
+- kind: ServiceAccount
+  name: casa-ci-cd
+  namespace: home-assistant
+roleRef:
+  kind: Role
+  name: ci-cd
+  apiGroup: rbac.authorization.k8s.io

deploy/service-account-secret.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: casa-ci-cd
+  annotations:
+    kubernetes.io/service-account.name: casa-ci-cd
+type: kubernetes.io/service-account-token

deploy/service-account.yaml

@@ -0,0 +1,6 @@
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: casa-ci-cd
+  namespace: home-assistant

deploy/service.template.yaml

@@ -0,0 +1,42 @@
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: home-assistant
+  namespace: home-assistant
+spec:
+  clusterIP: None
+  ports:
+    - port: ${SERVICE_PORT}
+      protocol: TCP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: home-assistant
+  namespace: home-assistant
+subsets:
+  - addresses:
+      - ip: ${ENDPOINT_IP}
+    ports:
+      - port: ${SERVICE_PORT}
+---
+
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: home-assistant
+  namespace: home-assistant
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: ${INGRESS_ROUTES_MATCH}
+      kind: Rule
+      services:
+        - name: home-assistant
+          port: ${SERVICE_PORT}
+  tls:
+    secretName: ${INGRESS_TLS_SECRET_NAME}