flux: migrate to flux cd

2026-06-06 01:17:21 +00:00
parent ed6809a87a
commit 07ac6f58a9
20 changed files with 106 additions and 166 deletions
@@ -1,42 +0,0 @@
 name: Casa Home Assistant CI/CD Pipeline
 on:
  push:
    branches:
      - fix/*
      - main
      - master
  pull_request:
  schedule:
    - cron: '0 16 * * 0' # every sunday 4 pm
 jobs:
  deploy:
    runs-on: ["casa-vlan-cicd", "kubectl", "helm", "deploy"]
    env:
      GITHUB_TEMP: ${{ runner.temp }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Fetch limbo public actions
        env: 
          RUNNER_TEMP: "${{ runner.temp }}"
          WORKSPACE: "${{ gitea.workspace }}"
        run: |
          curl -fsSL https://git.limbosolutions.com/kb/gitea/raw/branch/main/cloud-scripts/setup-limbo-actions.sh | bash 2>&1
      - name: Setup kubectl
        uses: ./.gitea/limbo_actions/kubectl-setup
        with:
          kube_server: ${{ secrets.CASA_VLAN_KUBE_SERVER }}
          kube_ca_base64: ${{ secrets.CASA_VLAN_KUBE_CA_BASE64 }}
          kube_token: ${{ secrets.CASA_VLAN_KUBE_TOKEN }}
      - name: Deploy Home Assistant
        shell: bash
        run: |
          ./ops-scripts/apply-app.sh
@@ -254,6 +254,8 @@ Home Assistant authenticates with Xbox Live through OAuth2 using the Home Assist
 ## Setup
 Using flux for reconciliation.
 ``` bash
-./ops-scripts/apply-app.sh
+./ops-scripts/apply-flux.sh
 ```
@@ -0,0 +1,13 @@
 apiVersion: image.toolkit.fluxcd.io/v1
 kind: ImagePolicy
 metadata:
  name: home-assistant
 spec:
  imageRepositoryRef:
    name: home-assistant
  filterTags:
    pattern: '^latest$'
  policy:
    alphabetical: {}
  digestReflectionPolicy: Always
  interval: 24h
@@ -0,0 +1,7 @@
 apiVersion: image.toolkit.fluxcd.io/v1
 kind: ImageRepository
 metadata:
  name: home-assistant
 spec:
  image: homeassistant/home-assistant
  interval: 72h
@@ -0,0 +1,24 @@
 apiVersion: image.toolkit.fluxcd.io/v1
 kind: ImageUpdateAutomation
 metadata:
  name: home-assistant
 spec:
  interval: 72h
  sourceRef:
    kind: GitRepository
    name: home-assistant
  git:
    checkout:
      ref:
        branch: master
    commit:
      author:
        name: FluxCD
        email: flux@local
      messageTemplate: |
        Update home-assistant image.
    push:
      branch: master
  update:
    path: ./deploy/app/statefulset.yaml
    strategy: Setters
@@ -1,7 +1,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: home-assistant
 resources:
  - pvc.yaml
  - statefulset.yaml
-generatorOptions:
+  - service.yaml
  disableNameSuffixHash: true
@@ -2,7 +2,6 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: home-assistant-config 
  namespace: home-assistant 
 spec:
  accessModes:
    - ReadWriteOnce
@@ -3,11 +3,10 @@ apiVersion: v1
 kind: Service
 metadata:
  name: home-assistant
  namespace: home-assistant
 spec:
  clusterIP: None
  ports:
-    - port: ${SERVICE_PORT}
+    - port: 8123
      protocol: TCP
 ---
@@ -16,27 +15,25 @@ apiVersion: v1
 kind: Endpoints
 metadata:
  name: home-assistant
  namespace: home-assistant
 subsets:
  - addresses:
-      - ip: ${ENDPOINT_IP}
+      - ip: 192.168.14.9
    ports:
-      - port: ${SERVICE_PORT}
+      - port: 8123
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: home-assistant
  namespace: home-assistant
 spec:
  entryPoints:
    - websecure
  routes:
-    - match: ${INGRESS_ROUTES_MATCH}
+    - match: Host(`casa.limbosolutions.com`) || Host(`has.casa.limbosolutions.com`)
      kind: Rule
      services:
        - name: home-assistant
-          port: ${SERVICE_PORT}
+          port: 8123
  tls:
-    secretName: ${INGRESS_TLS_SECRET_NAME}
+    secretName: casa-limbosolutions-com-tls
@@ -2,7 +2,6 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
  name: home-assistant
  namespace: home-assistant
  labels:
    app: home-assistant
 spec:
@@ -24,8 +23,9 @@ spec:
          effect: "NoSchedule"
      containers:
        - name: home-assistant
-          image: "homeassistant/home-assistant"
+     ### Maintained by flux - Image Update Automation
-          imagePullPolicy: Always
+          image: homeassistant/home-assistant:latest # {"$imagepolicy": "home-assistant:home-assistant}
          imagePullPolicy: IfNotPresent
          env:
            - name: TZ
              value: Europe/Lisbon
@@ -0,0 +1,2 @@
 **
 !.gitignore
@@ -0,0 +1,12 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
  name: home-assistant
 spec:
  interval: 1m
  sourceRef:
    kind: GitRepository
    name: home-assistant
  path: deploy/app
  prune: true
@@ -0,0 +1,11 @@
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: GitRepository
 metadata:
  name: home-assistant
 spec:
  interval: 1m0s
  url: ssh://git@git.limbosolutions.com:2222/marcio.fernandes/homeAssistant.git
  ref:
    branch: master
  secretRef:
    name: flux-repo-ssh-credentials
@@ -0,0 +1,19 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: home-assistant
 resources:
 - git-repo.yaml
 - app-sync.yaml
 secretGenerator:
  - name: flux-repo-ssh-credentials
    namespace: home-assistant
    files:
      - "identity=./.env.d/flux-repo-ssh-key"
      - "known_hosts=./.env.d/flux-repo-ssh-known_hosts"
      - "pubkey=./.env.d/flux-repo-ssh-key.pub"
  - name: flux-sops-age
    namespace: home-assistant
    files:
      - "age.agekey=./.env.d/age.agekey"
 generatorOptions:
  disableNameSuffixHash: true
@@ -1,51 +0,0 @@
 # Home Assistant Deploy
 ## Namespace
 ```bash { cwd=../ terminalRows=15 }
 # from repo root folder
 kubectl create namespace home-assistant
 ```
 ## Deployment
 ### Environments requirements
 ``` bash
 #./deploy/.env
 export ENDPOINT_IP="xxx.xxx.xxx.xxxx"
 export SERVICE_PORT=xxxx
 export INGRESS_ROUTES_MATCH="Host(`xxxx`)"
 export INGRESS_TLS_SECRET_NAME=xxxxxx
 ```
 ## Test Templates
 ```bash { cwd=../ terminalRows=15 }
 # from repo root folder
 source ./deploy/.env \
 && cat ./deploy/deployment.yaml \
 && envsubst < ./deploy/service.template.yaml
 ```
 ## Deploy
 ```bash { cwd=../ terminalRows=15 }
 # from repo root folder
 source ./deploy/.env \
 && kubectl apply -f ./deploy/deployment.yaml \
 && envsubst < ./deploy/service.template.yaml | kubectl apply -f -
 ```
 ## Continuos Deploy
 All Environment variables requirements as set as secrets.
 [gitea workflow](../.gitea/workflows/deploy.yaml)
 ## cicd RBAC
 ```bash { cwd=../ }
 kubectl apply -f ./deploy/cicd-rbac.yaml
 ```
@@ -1,34 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  namespace: home-assistant
  name: ci-cd
 rules:
 - apiGroups: [""]
  resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"]
  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
 - apiGroups: ["apps"]
  resources: ["deployments", "statefulsets"]
  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
 - apiGroups: ["networking.k8s.io"]
  resources: ["ingresses"]
  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
 - apiGroups: ["traefik.io"]
  resources: ["ingressroutes"]
  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name:  ci-cd
  namespace: home-assistant
 subjects:
 - kind: ServiceAccount
  name: casa-ci-cd
  namespace: home-assistant
 roleRef:
  kind: Role
  name: ci-cd
  apiGroup: rbac.authorization.k8s.io
@@ -1,7 +0,0 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: casa-ci-cd
  annotations:
    kubernetes.io/service-account.name: casa-ci-cd
 type: kubernetes.io/service-account-token
@@ -1,6 +0,0 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: casa-ci-cd
  namespace: home-assistant
@@ -1,5 +0,0 @@
 #!/bin/bash
 set -e
 echo "Executing app deploy."
 kubectl kustomize deploy/app | kubectl apply -f -
@@ -0,0 +1,4 @@
 #!/bin/bash
 set -e
 kubectl kustomize deploy/flux | kubectl apply -f -
@@ -1,5 +0,0 @@
 #!/bin/bash
 set -e
 echo "Executing infra deploy."
 kubectl kustomize deploy/infra | kubectl apply -f -