marcio.fernandes/homeAssistant
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

flux: migrate to flux cd

Browse Source
This commit is contained in:
Márcio Fernandes
2026-06-06 01:17:21 +00:00
parent ed6809a87a
commit 07ac6f58a9
20 changed files with 106 additions and 166 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/deploy.yaml
-42
View File
@@ -1,42 +0,0 @@
name: Casa Home Assistant CI/CD Pipeline
on:
push:
branches:
- fix/*
- main
- master
pull_request:
schedule:
- cron: '0 16 * * 0' # every sunday 4 pm
jobs:
deploy:
runs-on: ["casa-vlan-cicd", "kubectl", "helm", "deploy"]
env:
GITHUB_TEMP: ${{ runner.temp }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Fetch limbo public actions
env:
RUNNER_TEMP: "${{ runner.temp }}"
WORKSPACE: "${{ gitea.workspace }}"
run: |
curl -fsSL https://git.limbosolutions.com/kb/gitea/raw/branch/main/cloud-scripts/setup-limbo-actions.sh | bash 2>&1
- name: Setup kubectl
uses: ./.gitea/limbo_actions/kubectl-setup
with:
kube_server: ${{ secrets.CASA_VLAN_KUBE_SERVER }}
kube_ca_base64: ${{ secrets.CASA_VLAN_KUBE_CA_BASE64 }}
kube_token: ${{ secrets.CASA_VLAN_KUBE_TOKEN }}
- name: Deploy Home Assistant
shell: bash
run: |
./ops-scripts/apply-app.sh
README.md
+3 -1
View File
@@ -254,6 +254,8 @@ Home Assistant authenticates with Xbox Live through OAuth2 using the Home Assist
## Setup
Using flux for reconciliation.
``` bash
./ops-scripts/apply-app.sh
./ops-scripts/apply-flux.sh
```
deploy/app/image-policy.yaml
+13
View File
@@ -0,0 +1,13 @@
apiVersion: image.toolkit.fluxcd.io/v1
kind: ImagePolicy
metadata:
name: home-assistant
spec:
imageRepositoryRef:
name: home-assistant
filterTags:
pattern: '^latest$'
policy:
alphabetical: {}
digestReflectionPolicy: Always
interval: 24h
deploy/app/image-repo.yaml
+7
View File
@@ -0,0 +1,7 @@
apiVersion: image.toolkit.fluxcd.io/v1
kind: ImageRepository
metadata:
name: home-assistant
spec:
image: homeassistant/home-assistant
interval: 72h
deploy/app/image-update-automation.yaml
+24
View File
@@ -0,0 +1,24 @@
apiVersion: image.toolkit.fluxcd.io/v1
kind: ImageUpdateAutomation
metadata:
name: home-assistant
spec:
interval: 72h
sourceRef:
kind: GitRepository
name: home-assistant
git:
checkout:
ref:
branch: master
commit:
author:
name: FluxCD
email: flux@local
messageTemplate: |
Update home-assistant image.
push:
branch: master
update:
path: ./deploy/app/statefulset.yaml
strategy: Setters
deploy/app/kustomization.yaml
+2 -2
View File
@@ -1,7 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: home-assistant
resources:
- pvc.yaml
- statefulset.yaml
generatorOptions:
disableNameSuffixHash: true
- service.yaml
deploy/app/pvc.yaml
-1
View File
@@ -2,7 +2,6 @@ apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: home-assistant-config
namespace: home-assistant
spec:
accessModes:
- ReadWriteOnce
deploy/infra/service.template.yaml → deploy/app/service.yaml
+6 -9
View File
@@ -3,11 +3,10 @@ apiVersion: v1
kind: Service
metadata:
name: home-assistant
namespace: home-assistant
spec:
clusterIP: None
ports:
- port: ${SERVICE_PORT}
- port: 8123
protocol: TCP
---
@@ -16,27 +15,25 @@ apiVersion: v1
kind: Endpoints
metadata:
name: home-assistant
namespace: home-assistant
subsets:
- addresses:
- ip: ${ENDPOINT_IP}
- ip: 192.168.14.9
ports:
- port: ${SERVICE_PORT}
- port: 8123
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: home-assistant
namespace: home-assistant
spec:
entryPoints:
- websecure
routes:
- match: ${INGRESS_ROUTES_MATCH}
- match: Host(`casa.limbosolutions.com`) || Host(`has.casa.limbosolutions.com`)
kind: Rule
services:
- name: home-assistant
port: ${SERVICE_PORT}
port: 8123
tls:
secretName: ${INGRESS_TLS_SECRET_NAME}
secretName: casa-limbosolutions-com-tls
deploy/app/statefulset.yaml
+3 -3
View File
@@ -2,7 +2,6 @@ apiVersion: apps/v1
kind: StatefulSet
metadata:
name: home-assistant
namespace: home-assistant
labels:
app: home-assistant
spec:
@@ -24,8 +23,9 @@ spec:
effect: "NoSchedule"
containers:
- name: home-assistant
image: "homeassistant/home-assistant"
imagePullPolicy: Always
### Maintained by flux - Image Update Automation
image: homeassistant/home-assistant:latest # {"$imagepolicy": "home-assistant:home-assistant}
imagePullPolicy: IfNotPresent
env:
- name: TZ
value: Europe/Lisbon
deploy/flux/.env.d/.gitignore
+2
View File
@@ -0,0 +1,2 @@
**
!.gitignore
deploy/flux/app-sync.yaml
+12
View File
@@ -0,0 +1,12 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: home-assistant
spec:
interval: 1m
sourceRef:
kind: GitRepository
name: home-assistant
path: deploy/app
prune: true
deploy/flux/git-repo.yaml
+11
View File
@@ -0,0 +1,11 @@
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
name: home-assistant
spec:
interval: 1m0s
url: ssh://git@git.limbosolutions.com:2222/marcio.fernandes/homeAssistant.git
ref:
branch: master
secretRef:
name: flux-repo-ssh-credentials
deploy/flux/kustomization.yaml
+19
View File
@@ -0,0 +1,19 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: home-assistant
resources:
- git-repo.yaml
- app-sync.yaml
secretGenerator:
- name: flux-repo-ssh-credentials
namespace: home-assistant
files:
- "identity=./.env.d/flux-repo-ssh-key"
- "known_hosts=./.env.d/flux-repo-ssh-known_hosts"
- "pubkey=./.env.d/flux-repo-ssh-key.pub"
- name: flux-sops-age
namespace: home-assistant
files:
- "age.agekey=./.env.d/age.agekey"
generatorOptions:
disableNameSuffixHash: true
deploy/infra/README.md
-51
View File
@@ -1,51 +0,0 @@
# Home Assistant Deploy
## Namespace
```bash { cwd=../ terminalRows=15 }
# from repo root folder
kubectl create namespace home-assistant
```
## Deployment
### Environments requirements
``` bash
#./deploy/.env
export ENDPOINT_IP="xxx.xxx.xxx.xxxx"
export SERVICE_PORT=xxxx
export INGRESS_ROUTES_MATCH="Host(`xxxx`)"
export INGRESS_TLS_SECRET_NAME=xxxxxx
```
## Test Templates
```bash { cwd=../ terminalRows=15 }
# from repo root folder
source ./deploy/.env \
&& cat ./deploy/deployment.yaml \
&& envsubst < ./deploy/service.template.yaml
```
## Deploy
```bash { cwd=../ terminalRows=15 }
# from repo root folder
source ./deploy/.env \
&& kubectl apply -f ./deploy/deployment.yaml \
&& envsubst < ./deploy/service.template.yaml | kubectl apply -f -
```
## Continuos Deploy
All Environment variables requirements as set as secrets.
[gitea workflow](../.gitea/workflows/deploy.yaml)
## cicd RBAC
```bash { cwd=../ }
kubectl apply -f ./deploy/cicd-rbac.yaml
```
deploy/infra/cicd-rbac.yaml
-34
View File
@@ -1,34 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: home-assistant
name: ci-cd
rules:
- apiGroups: [""]
resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"]
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets"]
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
- apiGroups: ["traefik.io"]
resources: ["ingressroutes"]
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ci-cd
namespace: home-assistant
subjects:
- kind: ServiceAccount
name: casa-ci-cd
namespace: home-assistant
roleRef:
kind: Role
name: ci-cd
apiGroup: rbac.authorization.k8s.io
deploy/infra/service-account-secret.yaml
-7
View File
@@ -1,7 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: casa-ci-cd
annotations:
kubernetes.io/service-account.name: casa-ci-cd
type: kubernetes.io/service-account-token
deploy/infra/service-account.yaml
-6
View File
@@ -1,6 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: casa-ci-cd
namespace: home-assistant
ops-scripts/apply-app.sh
-5
View File
@@ -1,5 +0,0 @@
#!/bin/bash
set -e
echo "Executing app deploy."
kubectl kustomize deploy/app | kubectl apply -f -
ops-scripts/apply-flux.sh
Executable
+4
View File
@@ -0,0 +1,4 @@
#!/bin/bash
set -e
kubectl kustomize deploy/flux | kubectl apply -f -
ops-scripts/apply-infra.sh
-5
View File
@@ -1,5 +0,0 @@
#!/bin/bash
set -e
echo "Executing infra deploy."
kubectl kustomize deploy/infra | kubectl apply -f -