diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml deleted file mode 100644 index 9d18b68..0000000 --- a/.gitea/workflows/deploy.yaml +++ /dev/null @@ -1,42 +0,0 @@ -name: Casa Home Assistant CI/CD Pipeline - -on: - push: - branches: - - fix/* - - main - - master - pull_request: - schedule: - - cron: '0 16 * * 0' # every sunday 4 pm - -jobs: - deploy: - runs-on: ["casa-vlan-cicd", "kubectl", "helm", "deploy"] - env: - GITHUB_TEMP: ${{ runner.temp }} - - steps: - - - name: Checkout code - uses: actions/checkout@v3 - - - name: Fetch limbo public actions - env: - RUNNER_TEMP: "${{ runner.temp }}" - WORKSPACE: "${{ gitea.workspace }}" - run: | - curl -fsSL https://git.limbosolutions.com/kb/gitea/raw/branch/main/cloud-scripts/setup-limbo-actions.sh | bash 2>&1 - - - name: Setup kubectl - uses: ./.gitea/limbo_actions/kubectl-setup - with: - kube_server: ${{ secrets.CASA_VLAN_KUBE_SERVER }} - kube_ca_base64: ${{ secrets.CASA_VLAN_KUBE_CA_BASE64 }} - kube_token: ${{ secrets.CASA_VLAN_KUBE_TOKEN }} - - - name: Deploy Home Assistant - shell: bash - run: | - ./ops-scripts/apply-app.sh - \ No newline at end of file diff --git a/README.md b/README.md index 3a5d17e..7dfbb9c 100644 --- a/README.md +++ b/README.md @@ -254,6 +254,8 @@ Home Assistant authenticates with Xbox Live through OAuth2 using the Home Assist ## Setup +Using flux for reconciliation. + ``` bash -./ops-scripts/apply-app.sh +./ops-scripts/apply-flux.sh ``` diff --git a/deploy/app/image-policy.yaml b/deploy/app/image-policy.yaml new file mode 100644 index 0000000..9446c2a --- /dev/null +++ b/deploy/app/image-policy.yaml @@ -0,0 +1,13 @@ +apiVersion: image.toolkit.fluxcd.io/v1 +kind: ImagePolicy +metadata: + name: home-assistant +spec: + imageRepositoryRef: + name: home-assistant + filterTags: + pattern: '^latest$' + policy: + alphabetical: {} + digestReflectionPolicy: Always + interval: 24h \ No newline at end of file diff --git a/deploy/app/image-repo.yaml b/deploy/app/image-repo.yaml new file mode 100644 index 0000000..765b325 --- /dev/null +++ b/deploy/app/image-repo.yaml @@ -0,0 +1,7 @@ +apiVersion: image.toolkit.fluxcd.io/v1 +kind: ImageRepository +metadata: + name: home-assistant +spec: + image: homeassistant/home-assistant + interval: 72h \ No newline at end of file diff --git a/deploy/app/image-update-automation.yaml b/deploy/app/image-update-automation.yaml new file mode 100644 index 0000000..902bf27 --- /dev/null +++ b/deploy/app/image-update-automation.yaml @@ -0,0 +1,24 @@ +apiVersion: image.toolkit.fluxcd.io/v1 +kind: ImageUpdateAutomation +metadata: + name: home-assistant +spec: + interval: 72h + sourceRef: + kind: GitRepository + name: home-assistant + git: + checkout: + ref: + branch: master + commit: + author: + name: FluxCD + email: flux@local + messageTemplate: | + Update home-assistant image. + push: + branch: master + update: + path: ./deploy/app/statefulset.yaml + strategy: Setters \ No newline at end of file diff --git a/deploy/app/kustomization.yaml b/deploy/app/kustomization.yaml index b449032..524b92d 100644 --- a/deploy/app/kustomization.yaml +++ b/deploy/app/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: home-assistant resources: - pvc.yaml - statefulset.yaml -generatorOptions: - disableNameSuffixHash: true \ No newline at end of file + - service.yaml diff --git a/deploy/app/pvc.yaml b/deploy/app/pvc.yaml index a7dde55..66b26dc 100644 --- a/deploy/app/pvc.yaml +++ b/deploy/app/pvc.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: home-assistant-config - namespace: home-assistant spec: accessModes: - ReadWriteOnce diff --git a/deploy/infra/service.template.yaml b/deploy/app/service.yaml similarity index 60% rename from deploy/infra/service.template.yaml rename to deploy/app/service.yaml index fed62db..2fa90ff 100644 --- a/deploy/infra/service.template.yaml +++ b/deploy/app/service.yaml @@ -3,11 +3,10 @@ apiVersion: v1 kind: Service metadata: name: home-assistant - namespace: home-assistant spec: clusterIP: None ports: - - port: ${SERVICE_PORT} + - port: 8123 protocol: TCP --- @@ -16,27 +15,25 @@ apiVersion: v1 kind: Endpoints metadata: name: home-assistant - namespace: home-assistant subsets: - addresses: - - ip: ${ENDPOINT_IP} + - ip: 192.168.14.9 ports: - - port: ${SERVICE_PORT} + - port: 8123 --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: home-assistant - namespace: home-assistant spec: entryPoints: - websecure routes: - - match: ${INGRESS_ROUTES_MATCH} + - match: Host(`casa.limbosolutions.com`) || Host(`has.casa.limbosolutions.com`) kind: Rule services: - name: home-assistant - port: ${SERVICE_PORT} + port: 8123 tls: - secretName: ${INGRESS_TLS_SECRET_NAME} \ No newline at end of file + secretName: casa-limbosolutions-com-tls \ No newline at end of file diff --git a/deploy/app/statefulset.yaml b/deploy/app/statefulset.yaml index ab05e1a..4f00e0e 100644 --- a/deploy/app/statefulset.yaml +++ b/deploy/app/statefulset.yaml @@ -2,7 +2,6 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: home-assistant - namespace: home-assistant labels: app: home-assistant spec: @@ -24,8 +23,9 @@ spec: effect: "NoSchedule" containers: - name: home-assistant - image: "homeassistant/home-assistant" - imagePullPolicy: Always + ### Maintained by flux - Image Update Automation + image: homeassistant/home-assistant:latest # {"$imagepolicy": "home-assistant:home-assistant} + imagePullPolicy: IfNotPresent env: - name: TZ value: Europe/Lisbon diff --git a/deploy/flux/.env.d/.gitignore b/deploy/flux/.env.d/.gitignore new file mode 100644 index 0000000..d29675e --- /dev/null +++ b/deploy/flux/.env.d/.gitignore @@ -0,0 +1,2 @@ +** +!.gitignore \ No newline at end of file diff --git a/deploy/flux/app-sync.yaml b/deploy/flux/app-sync.yaml new file mode 100644 index 0000000..c8167e2 --- /dev/null +++ b/deploy/flux/app-sync.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: home-assistant +spec: + interval: 1m + sourceRef: + kind: GitRepository + name: home-assistant + path: deploy/app + prune: true + \ No newline at end of file diff --git a/deploy/flux/git-repo.yaml b/deploy/flux/git-repo.yaml new file mode 100644 index 0000000..bd4f8e7 --- /dev/null +++ b/deploy/flux/git-repo.yaml @@ -0,0 +1,11 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: home-assistant +spec: + interval: 1m0s + url: ssh://git@git.limbosolutions.com:2222/marcio.fernandes/homeAssistant.git + ref: + branch: master + secretRef: + name: flux-repo-ssh-credentials \ No newline at end of file diff --git a/deploy/flux/kustomization.yaml b/deploy/flux/kustomization.yaml new file mode 100644 index 0000000..b699ae1 --- /dev/null +++ b/deploy/flux/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: home-assistant +resources: + - git-repo.yaml + - app-sync.yaml +secretGenerator: + - name: flux-repo-ssh-credentials + namespace: home-assistant + files: + - "identity=./.env.d/flux-repo-ssh-key" + - "known_hosts=./.env.d/flux-repo-ssh-known_hosts" + - "pubkey=./.env.d/flux-repo-ssh-key.pub" + - name: flux-sops-age + namespace: home-assistant + files: + - "age.agekey=./.env.d/age.agekey" +generatorOptions: + disableNameSuffixHash: true \ No newline at end of file diff --git a/deploy/infra/README.md b/deploy/infra/README.md deleted file mode 100644 index 80439fa..0000000 --- a/deploy/infra/README.md +++ /dev/null @@ -1,51 +0,0 @@ -# Home Assistant Deploy - -## Namespace - -```bash { cwd=../ terminalRows=15 } -# from repo root folder -kubectl create namespace home-assistant -``` - -## Deployment - -### Environments requirements - -``` bash -#./deploy/.env - -export ENDPOINT_IP="xxx.xxx.xxx.xxxx" -export SERVICE_PORT=xxxx -export INGRESS_ROUTES_MATCH="Host(`xxxx`)" -export INGRESS_TLS_SECRET_NAME=xxxxxx -``` - -## Test Templates - -```bash { cwd=../ terminalRows=15 } -# from repo root folder -source ./deploy/.env \ -&& cat ./deploy/deployment.yaml \ -&& envsubst < ./deploy/service.template.yaml -``` - -## Deploy - -```bash { cwd=../ terminalRows=15 } -# from repo root folder -source ./deploy/.env \ -&& kubectl apply -f ./deploy/deployment.yaml \ -&& envsubst < ./deploy/service.template.yaml | kubectl apply -f - -``` - -## Continuos Deploy - -All Environment variables requirements as set as secrets. - -[gitea workflow](../.gitea/workflows/deploy.yaml) - -## cicd RBAC - -```bash { cwd=../ } -kubectl apply -f ./deploy/cicd-rbac.yaml -``` diff --git a/deploy/infra/cicd-rbac.yaml b/deploy/infra/cicd-rbac.yaml deleted file mode 100644 index e6969d2..0000000 --- a/deploy/infra/cicd-rbac.yaml +++ /dev/null @@ -1,34 +0,0 @@ - - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: home-assistant - name: ci-cd -rules: -- apiGroups: [""] - resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"] - verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] -- apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] - verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] -- apiGroups: ["networking.k8s.io"] - resources: ["ingresses"] - verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] -- apiGroups: ["traefik.io"] - resources: ["ingressroutes"] - verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: ci-cd - namespace: home-assistant -subjects: -- kind: ServiceAccount - name: casa-ci-cd - namespace: home-assistant -roleRef: - kind: Role - name: ci-cd - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/infra/service-account-secret.yaml b/deploy/infra/service-account-secret.yaml deleted file mode 100644 index 67d37ee..0000000 --- a/deploy/infra/service-account-secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: casa-ci-cd - annotations: - kubernetes.io/service-account.name: casa-ci-cd -type: kubernetes.io/service-account-token \ No newline at end of file diff --git a/deploy/infra/service-account.yaml b/deploy/infra/service-account.yaml deleted file mode 100644 index 933fa7e..0000000 --- a/deploy/infra/service-account.yaml +++ /dev/null @@ -1,6 +0,0 @@ - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: casa-ci-cd - namespace: home-assistant diff --git a/ops-scripts/apply-app.sh b/ops-scripts/apply-app.sh deleted file mode 100755 index 0b895d0..0000000 --- a/ops-scripts/apply-app.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -e -echo "Executing app deploy." - -kubectl kustomize deploy/app | kubectl apply -f - \ No newline at end of file diff --git a/ops-scripts/apply-flux.sh b/ops-scripts/apply-flux.sh new file mode 100755 index 0000000..e4f8708 --- /dev/null +++ b/ops-scripts/apply-flux.sh @@ -0,0 +1,4 @@ +#!/bin/bash +set -e + +kubectl kustomize deploy/flux | kubectl apply -f - \ No newline at end of file diff --git a/ops-scripts/apply-infra.sh b/ops-scripts/apply-infra.sh deleted file mode 100755 index f2cb358..0000000 --- a/ops-scripts/apply-infra.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -e -echo "Executing infra deploy." - -kubectl kustomize deploy/infra | kubectl apply -f - \ No newline at end of file