.

.gitea/actions/kubectl-setup/action.yml

@@ -0,0 +1,51 @@
+name: Setup kubectl
+description: "Reads kube config from inputs and sets KUBECONFIG"
+
+inputs:
+  kube_server:
+    description: "Kubernetes API server address"
+    required: true
+  kube_ca_base64:
+    description: "Base64-encoded CA certificate"
+    required: true
+  kube_token:
+    description: "ServiceAccount token"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Create kubeconfig
+      shell: bash
+      run: |
+        set -x
+        mkdir -p "${GITHUB_TEMP}/.kube"
+
+        cat <<EOF > "${GITHUB_TEMP}/.kube/config"
+        apiVersion: v1
+        kind: Config
+        clusters:
+        - cluster:
+            certificate-authority-data: ${{ inputs.kube_ca_base64 }}
+            server: ${{ inputs.kube_server }}
+          name: cluster
+        contexts:
+        - context:
+            cluster: cluster
+            namespace: default
+            user: user
+          name: context
+        current-context: context
+        users:
+        - name: user
+          user:
+            token: ${{ inputs.kube_token }}
+        EOF
+        echo "config created - ${GITHUB_TEMP}/.kube/config"
+        ls -lah ${GITHUB_TEMP}/.kube/config
+        echo "KUBECONFIG=${GITHUB_TEMP}/.kube/config" >> "${GITHUB_ENV}"
+
+# curl -vk \
+#   --cacert ca.crt \
+#   -H "Authorization: Bearer $KUBE_TOKEN" \
+#   https://<server>:6443/version

.gitea/workflows/deploy.yaml

@@ -1,35 +1,23 @@
-name: Casa Home Assistant CI/CD Pipeline
+name: Casa Home Assistant CI/CD Pipeline (testing)
 
 on:
   push:
     branches:
       - fix/*
       - main
-      - master
   pull_request:
-  schedule:
-    - cron: '0 16 * * 0' # every sunday 4 pm
 
 jobs:
-  deploy:
+  build:
     runs-on: casa-vlan-cicd
     env:
       GITHUB_TEMP: ${{ runner.temp }}  
-      
     steps:
-
       - name: Checkout code
         uses: actions/checkout@v3
 
-      - name: Fetch limbo public actions
-        env: 
-          RUNNER_TEMP: "${{ runner.temp }}"
-          WORKSPACE: "${{ gitea.workspace }}"
-        run: |
-          curl -fsSL https://git.limbosolutions.com/kb/gitea/raw/branch/main/cloud-scripts/setup-limbo-actions.sh | bash 2>&1
-
       - name: Setup kubectl
-        uses: ./.gitea/limbo_actions/kubectl-setup
+        uses: ./.gitea/actions/kubectl-setup
         with:
           kube_server: ${{ secrets.CASA_VLAN_KUBE_SERVER }}
           kube_ca_base64: ${{ secrets.CASA_VLAN_KUBE_CA_BASE64 }}
@@ -37,6 +25,15 @@ jobs:
          
       - name: Deploy Home Assistant
         shell: bash
+        env:
+          ENDPOINT_IP: "${{ secrets.CASA_HOMEASSISTANT_ENDPOINT_IP }}"
+          SERVICE_PORT: "${{ secrets.CASA_HOMEASSISTANT_ENDPOINT_SERVICE_PORT }}"
+          INGRESS_ROUTES_MATCH: "${{ secrets.CASA_HOMEASSISTANT_INGRESS_ROUTES_MATCH }}"
+          INGRESS_TLS_SECRET_NAME: "${{ secrets.CASA_HOMEASSISTANT_INGRESS_TLS_SECRET_NAME }}"
         run: |
-          ./ops-scripts/apply-app.sh
+          #set -x for debugging
+          set -e
+          cd ${{ gitea.workspace }}
+          kubectl apply -f ./deploy/deployment.yaml
+          envsubst < ./deploy/service.template.yaml 
             

README.md

@@ -2,9 +2,10 @@
 
 Welcome to my Home Assistant setup repository.  
 This repository documents and maintains the Home Assistant instance running in my home, hosted on casa server k3s cluster.  
-Related containers, such as MQTT and speech recognition, are hosted on same cluster.  
+All essential containers, such as MQTT and speech recognition, are hosted on the same server for seamless integration.  
 
-**Table of Contents:**
+<!-- omit in toc -->
+## Table of Contents
 
 - [Devices](#devices)
   - [Broadlink - RM4 Pro](#broadlink---rm4-pro)
@@ -254,6 +255,4 @@ Home Assistant authenticates with Xbox Live through OAuth2 using the Home Assist
 
 ## Setup
 
-``` bash
+[Deploy documentation](./deploy/README.md).
-./ops-scripts/apply-app.sh
-```

deploy/README.md

@@ -44,8 +44,8 @@ All Environment variables requirements as set as secrets.
 
 [gitea workflow](../.gitea/workflows/deploy.yaml)
 
-## cicd RBAC
+## RBAC
 
 ```bash { cwd=../ }
-kubectl apply -f ./deploy/cicd-rbac.yaml
+kubectl apply -f ./deploy/rbac.yaml
 ```

deploy/app/kustomization.yaml

@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - pvc.yaml
-  - statefulset.yaml
-generatorOptions:
-  disableNameSuffixHash: true

deploy/app/pvc.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: home-assistant-config 
-  namespace: home-assistant 
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 8Gi
-  storageClassName: local-path 

deploy/deployment.yaml

@@ -1,3 +1,19 @@
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: home-assistant-config 
+  namespace: home-assistant 
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 8Gi
+  storageClassName: local-path 
+---      
+
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
@@ -17,18 +33,17 @@ spec:
     spec:
       dnsPolicy: ClusterFirstWithHostNet # ensures pod uses cluster DNS (CoreDNS) for service discovery even with host networking
       hostNetwork: true
-      nodeName: casa # force deploy to master node cluster
+      #  delays start so host have time to start on low memory resources
-      tolerations:
+      # initContainers:
-        - key: "node-role.kubernetes.io/control-plane" # allow installation on control-plane
+      #   - name: delay-start
-          operator: "Exists"
+      #     image: busybox:latest
-          effect: "NoSchedule"
+      #     command: ["sh", "-c", "sleep 60"]
       containers:
         - name: home-assistant
           image: "homeassistant/home-assistant"
-          imagePullPolicy: Always
           env:
             - name: TZ
-              value: Europe/Lisbon
+              value: Europe/Lisbon  # set timezone      
           volumeMounts:
             - name: home-assistant-config
               mountPath: /config
@@ -39,7 +54,6 @@ spec:
             limits:
               memory: "724Mi"
               cpu: "1000m"
-              
       volumes:
         - name: home-assistant-config
           persistentVolumeClaim:

docs/tests.md

@@ -1,55 +0,0 @@
-# tests
-
-## logs from loki
-
-```python
-# loki-get-last-to-sensor.py
-import sys, os, requests, datetime, time, json
-
-url = os.environ.get("LOKI_ADDRESS")
-
-if not url:
-    print(json.dumps({"state": "error", "log_message": "LOKI_ADDRESS is not set or empty"}))
-    sys.exit(1)
-
-query = os.environ.get("LOKI_QUERY")
-if not query:
-    print(json.dumps({"state": "error", "log_message": "LOKI_ADDRESS is not set or empty"}))
-    sys.exit(1)
-    
-
-end = int(time.time()) * 1_000_000_000
-start = (int(time.time()) - 24*60*60) * 1_000_000_000
-
-
-params = {
-    "query": query,
-    "limit": 1,
-    "direction": "backward",
-    "start": str(start),
-    "end": str(end),
-}
-
-resp = requests.get(url, params=params)
-data = resp.json()
-
-try:
-    ns = int(data["data"]["result"][0]["values"][0][0])
-    ts = ns / 1_000_000_000
-    dt = datetime.datetime.fromtimestamp(ts).strftime("%Y-%m-%d %H:%M:%S")
-    
-    print(json.dumps({
-       "state": dt,
-    }))
-
-except Exception:
-    print(json.dumps({"state": "unknown"}))
-```
-
-```yaml
-# example of the sensor
-name: git_limbosolutions_com_last_pbs_backup
-command: >
-  LOKI_ADDRESS=${LOKI_ADDRESS} LOKI_QUERY="{job=\"git-limbosolutions-com/pbs-backup\"} |= \"INFO: Finished Backup\"" python3 /config/scripts/loki-get-last-to-sensor.py
-value_template: "{{ value }}"
-```

ops-scripts/apply-app.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-set -e
-echo "Executing app deploy."
-
-kubectl kustomize deploy/app | kubectl apply -f -

ops-scripts/apply-infra.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-set -e
-echo "Executing infra deploy."
-
-kubectl kustomize deploy/infra | kubectl apply -f -