modified: .gitea/workflows/deploy.yaml

s

.gitea/actions/kubectl-setup/action.yml

@@ -0,0 +1,75 @@
+name: Setup kubectl
+description: "Reads kube config from inputs and sets kube config"
+
+inputs:
+  kube_server:
+    description: "Kubernetes server address and port. Example (https://serverip:6443)"
+    required: true
+  kube_ca_base64:
+    description: "Base64-encoded Kubernetes cluster CA certificate"
+    required: true
+  kube_token:
+    description: "Kubernetes ServiceAccount token"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Create kubeconfig
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        # check arguments
+        ERROR=0
+
+        if [ -z "${{ inputs.kube_server }}" ]; then
+          echo "❌ ERROR: kube_server input is empty or not set"
+          $ERROR=1
+        fi
+
+        if [ -z "${{ inputs.kube_ca_base64 }}" ]; then
+          echo "❌ ERROR: kube_ca_base64 input is empty or not set"
+           $ERROR=1
+        fi
+
+        if [ -z "${{ inputs.kube_server }}" ]; then
+          echo "❌ ERROR: kube_token input is empty or not set"
+          $ERROR=1
+        fi
+        
+        if [ "$ERROR" != 0 ]; then
+          echo "❌ ERROR code $ERROR"
+          exit "$ERROR"
+        fi
+        # end check arguments
+
+        # creates kube config
+        mkdir -p "${GITHUB_TEMP}/.kube"
+        cat <<EOF > "${GITHUB_TEMP}/.kube/config"
+        apiVersion: v1
+        kind: Config
+        clusters:
+        - cluster:
+            certificate-authority-data: ${{ inputs.kube_ca_base64 }}
+            server: ${{ inputs.kube_server }}
+          name: cluster
+        contexts:
+        - context:
+            cluster: cluster
+            namespace: default
+            user: user
+          name: context
+        current-context: context
+        users:
+        - name: user
+          user:
+            token: ${{ inputs.kube_token }}
+        EOF
+
+        # sets KUBECONFIG environment variable
+        echo "KUBECONFIG=${GITHUB_TEMP}/.kube/config" >> "${GITHUB_ENV}"
+
+        # tests communication to server (add v argument if debug is required)
+        curl -kv -cacert <(echo "${{ inputs.kube_ca_base64 }}" | base64 -d) -H "Authorization: Bearer ${{ inputs.kube_token }}" ${{ inputs.kube_server }}/version
+

.gitea/workflows/deploy.yaml

@@ -1,35 +1,35 @@
-name: Casa Home Assistant CI/CD Pipeline
+name: Casa Home Assistant CI/CD Pipeline (testing)
 
 on:
   push:
     branches:
       - fix/*
       - main
-      - master
   pull_request:
-  schedule:
-    - cron: '0 16 * * 0' # every sunday 4 pm
 
 jobs:
-  deploy:
+  build:
     runs-on: casa-vlan-cicd
     env:
       GITHUB_TEMP: ${{ runner.temp }}
-      
-    steps:
 
+
+    steps:
       - name: Checkout code
         uses: actions/checkout@v3
 
-      - name: Fetch limbo public actions
-        env: 
-          RUNNER_TEMP: "${{ runner.temp }}"
-          WORKSPACE: "${{ gitea.workspace }}"
+      - name: setup actions from 
         run: |
-          curl -fsSL https://git.limbosolutions.com/kb/gitea/raw/branch/main/cloud-scripts/setup-limbo-actions.sh | bash 2>&1
+          ls -lah ${{ runner.temp }}
+          mkdir -p ${{ runner.temp }}/gitea_src
+          mkdir -p ${{ gitea.workspace }}/.gitea/actions
+          git clone -b main --depth=1 https://git.limbosolutions.com/kb/gitea ${{ runner.temp }}/gitea_src/.gitea
+          ln -s ${{ runner.temp }}/gitea_src/.gitea/actions/kubectl-setup  ${{ gitea.workspace }}/.gitea/actions/kubectl-setup
+          ls -lah ${{ gitea.workspace }}/.gitea/actions/kubectl-setup
+          cat ${{ gitea.workspace }}/.gitea/actions/kubectl-setup/action.yaml
 
       - name: Setup kubectl
-        uses: ./.gitea/limbo_actions/kubectl-setup
+        uses: ./.gitea/actions/kubectl-setup
         with:
           kube_server: ${{ secrets.CASA_VLAN_KUBE_SERVER }}
           kube_ca_base64: ${{ secrets.CASA_VLAN_KUBE_CA_BASE64 }}
@@ -43,6 +43,9 @@ jobs:
           INGRESS_ROUTES_MATCH: "${{ secrets.CASA_HOMEASSISTANT_INGRESS_ROUTES_MATCH }}"
           INGRESS_TLS_SECRET_NAME: "${{ secrets.CASA_HOMEASSISTANT_INGRESS_TLS_SECRET_NAME }}"
         run: |
-          kubectl apply -f ./deploy/deployment.yaml \
-          && envsubst < ./deploy/service.template.yaml | kubectl apply -f -
+          #set -x for debugging
+          set -e
+          cd ${{ gitea.workspace }}
+          kubectl apply -f ./deploy/deployment.yaml
+          envsubst < ./deploy/service.template.yaml | kubectl apply -f -
             

README.md

@@ -2,9 +2,10 @@
 
 Welcome to my Home Assistant setup repository.  
 This repository documents and maintains the Home Assistant instance running in my home, hosted on casa server k3s cluster.  
-Related containers, such as MQTT and speech recognition, are hosted on same cluster.  
+All essential containers, such as MQTT and speech recognition, are hosted on the same server for seamless integration.  
 
-**Table of Contents:**
+<!-- omit in toc -->
+## Table of Contents
 
 - [Devices](#devices)
   - [Broadlink - RM4 Pro](#broadlink---rm4-pro)

deploy/README.md

@@ -44,8 +44,8 @@ All Environment variables requirements as set as secrets.
 
 [gitea workflow](../.gitea/workflows/deploy.yaml)
 
-## cicd RBAC
+## RBAC
 
 ```bash { cwd=../ }
-kubectl apply -f ./deploy/cicd-rbac.yaml
+kubectl apply -f ./deploy/rbac.yaml
 ```

deploy/deployment.yaml

@@ -33,15 +33,9 @@ spec:
     spec:
       dnsPolicy: ClusterFirstWithHostNet # ensures pod uses cluster DNS (CoreDNS) for service discovery even with host networking
       hostNetwork: true
-      nodeName: casa # force deploy to master node cluster
-      tolerations:
-        - key: "node-role.kubernetes.io/control-plane" # allow installation on control-plane
-          operator: "Exists"
-          effect: "NoSchedule"
       containers:
         - name: home-assistant
           image: "homeassistant/home-assistant"
-          imagePullPolicy: Always
           env:
             - name: TZ
               value: Europe/Lisbon  # set timezone