From 20dba5bb2f60dff8702cd2175d6d7fae267b74de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=98eho=C5=99?= Date: Thu, 11 Jul 2024 17:21:46 +0200 Subject: [PATCH] feat: add ebusd --- .../ebusd/app/config-deploy-key.sops.yaml | 29 ++ .../ebusd/app/config-secrets.sops.yaml | 36 +++ .../ebusd/app/emqx-init-secret.yaml | 54 ++++ .../ebusd/app/helmrelease.yaml | 247 ++++++++++++++++++ .../ebusd/app/kustomization.yaml | 11 + .../home-automation/ebusd/app/secret.yaml | 44 ++++ .../main/apps/home-automation/ebusd/ks.yaml | 29 ++ .../external-secrets/stores/rbac.yaml | 2 +- .../home-assistant/app/emqx-init-secret.yaml | 2 +- .../home-assistant/app/helmrelease.yaml | 4 + .../apps/home-automation/kustomization.yaml | 1 + 11 files changed, 457 insertions(+), 2 deletions(-) create mode 100644 kubernetes/main/apps/home-automation/ebusd/app/config-deploy-key.sops.yaml create mode 100644 kubernetes/main/apps/home-automation/ebusd/app/config-secrets.sops.yaml create mode 100644 kubernetes/main/apps/home-automation/ebusd/app/emqx-init-secret.yaml create mode 100644 kubernetes/main/apps/home-automation/ebusd/app/helmrelease.yaml create mode 100644 kubernetes/main/apps/home-automation/ebusd/app/kustomization.yaml create mode 100644 kubernetes/main/apps/home-automation/ebusd/app/secret.yaml create mode 100644 kubernetes/main/apps/home-automation/ebusd/ks.yaml diff --git a/kubernetes/main/apps/home-automation/ebusd/app/config-deploy-key.sops.yaml b/kubernetes/main/apps/home-automation/ebusd/app/config-deploy-key.sops.yaml new file mode 100644 index 00000000..7d4236df --- /dev/null +++ b/kubernetes/main/apps/home-automation/ebusd/app/config-deploy-key.sops.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ebusd-config-deploy-key +type: kubernetes.io/ssh-auth +stringData: + ssh-privatekey: ENC[AES256_GCM,data:FgLKm8XNvj7PisZNng0vJ9sd3qHMfKRmoP4vDuy93cusYV7HmR+zI4hM1lZ93lHC5flj20OqW1MSIBkclrRuB95hMFl8o9gfYNrph0MCTk192FbMFYD0K4MDrXYtWXMdv+cg6WLYahBeiCObK69DjzewD3RritiDZLLW5sgR/U1DGSBiFgGxfkC0Qc22r6IzY0fb6qu0/5GKIFRCdO11HKp9AIRPheiAaBRSiZRHtXcvdfNwzoOCeNf6TXyVeDhDrX8hTOzTMrsDVq85+NeTF3cMjdoSjv/q2Qbq8xasFcYh1Uk95qAv7ufIDFBvYkPLHVmQR8GdMUif1T/OH/AwvkiW8s3BVNrXI13yzd4A9MUdGuic+fhR26WTBbPqgM/QBUoPFGxaJEmoQNvX4eQrXfzs2ukyu+EDPCshcS8Xb9cuX8nbUzX9RAcnYYKhRzPofSEWhOrSZjW/5DoBcqJ9vwVi0I4YWGBzTl51dzM1Be0piO4G7pVZJTL1YqNgRmGxc8/YTLb7e51sry5A32vG1OTlJnkeeLCRdrJTzaMKhgVs0fU=,iv:nuh1/y4b9pdacvKiaGHctrZjP9nfMmF21fea2hc4tCQ=,tag:/Hzw+9TS/ghbOZwnsxTPsg==,type:str] + ssh-privatekey-type: ENC[AES256_GCM,data:7ArBiHJgrw==,iv:HARFrYhoAvM1CjbUUQh9/nMtRll8nIEprjn33Gsk4Jc=,tag:BvfzrVLaz8yBCj5f8CMDYw==,type:str] + ssh-known-hosts: ENC[AES256_GCM,data:QOBt7z+ErV81bhnZKZzOJLlxH3hePo54XvXa5t9enJq56Ei8hUEwpUNW1M+bcDQmRn7XvjtQr9RB796Dh0rLYBGn0QzvilOL22ZHLYq0FurD/lhhRq9YUXjd0TBttkW2xssSVj8Aq9ZM+ym01tBU2xjrVpxmqo0ktVDlogx60CYjPw38phHEuTNNkLFcBQKWvZXCltTA/S34rM1vK+vAhrMSMZk00jLOMJ69JmVbfkWI+hmB/MPNpz+HIVXfGHfpn8sedMjkhPvbsp8z3dGRDcbwAcE4lrHrZIjyDO882FMJ+2v+PZACtvI49n9k8ihquFRrsBkPbc0WnnOCSbq4+MGh4XvBHQdNFgsYV8zf206BVzENOKF661Ds++Rz6ytjguiols482r1yziBR6L1/AnXze95oNd5dGUzYEvXN+Hl60/t2dwOzjeBCYn6ekw0PRpYE970kCA31I1KavepUaeIBtxCn7GFAhYVWEwQFI7MyR77K6a7TbsdDukfkHww8XjcoQSm+/5XSsLAbBoqqPv8f2LcwV2YXkDX8KrwlNPZoxghH1rFXzhTEKg1ErUJNt96nAJ3cr4kfsyWnq3aA6cyimoRjdhW4JPbx13ubuz4b19Fu/9sKxGJG8akJU+1Bz8KXLV9uJjOQO91qi5+dDk1w8Hvu9GX3wnS0EiaCLh8tVNDDdtdtATUPS+MZEkMVFTGYfW0auRR2nfoPyTJgpvtRxi7dToxKpA67jacj+j4NQRwm0sKamwDN0xBWfENeuaZ/NHbFWzC+xssZmSeA/FRTPmdEpLQQ8jcG+MI9Fc8xnd+Ydz/GCv6TdWPazww0C6X4ERTBk5eo9BEMAjDo8jF9A5aRDThgx/rxeDz01G0JgYzDR1rPZWJLTpHenJOx6sjzRQukHHi1dK0aMaP9JNfuARAgx0/H4/xxRRsV6QTd6H7rbsMxPyXQMMeAjM9t1l0cnhxglR/wUiW6GJi3LnfXDvRVx2KQDetO605zI6O4ZDUtEgTNlZ2PotZ42/hhDRF56GmhF5z8XU1KLEhVG0N0rZXxB5NmNQtHbu5Wx9qpUHe7YgTvAHIbUzkvf4VZ0sTxuxMNYvXONEEu,iv:SG9Rjm6OO69IVNtdE6wtdqApW0svCUTYHtMH1/FxluA=,tag:+Zuaf+b7LaOlOUlgKyb0IA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ve9kzacrwq7l9l0emvs326uk6t576d75r596e083r2tq6xu28qcsacy3s7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzL2FNUlZqWFFtUGRPUE5o + Rm0zNmplVE9ocTVaQ3V4OFRwRDJXVkF2MEJjCjBZS1Y3RFFXcHVZQmU4ejV6QTlT + QVh0bXZzNy9aTTllQ1FaRGtwM25SaDgKLS0tIDd0U2Y1MU5oL0RsUjg0UHZleC9D + aVNLZzdlbmFHVXVQMldXa0VvRHJoU0EKWzThM5A/IjS4XBvmxHZFr3pywKitjbfK + CKnctMdz2AcJ224TUl6PEc7GVZdCycHZn9nK2zP6tcY8bPlX4VBP4Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-30T20:07:02Z" + mac: ENC[AES256_GCM,data:03LjoWfq3vWeQ2Fs24WDW6E4T/5WnRvdGmPuiVVWEqqpyn0qnAz92MIMPc7B7TCy6XzQ31GqacjK2dxM3o4sSAqET+yotpOOhTVRnxarJWOre8uzDK/8LnYzP3Jbd7DpueCTXNRkomk9OLMYElp8HRszbWr1rEVj4UG/nfCY1y4=,iv:WemTKSYH2Hp3m6JT9LMrlKXUkdcwDzEwLmXboAaZ0mc=,tag:x1iXanJE/PnlETI54gR+8g==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/main/apps/home-automation/ebusd/app/config-secrets.sops.yaml b/kubernetes/main/apps/home-automation/ebusd/app/config-secrets.sops.yaml new file mode 100644 index 00000000..c51dce05 --- /dev/null +++ b/kubernetes/main/apps/home-automation/ebusd/app/config-secrets.sops.yaml @@ -0,0 +1,36 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ebusd-config-secret +type: kubernetes.io/basic-auth +stringData: + #ENC[AES256_GCM,data:zF86RzBVCdzSDrGynQ==,iv:UAppp8Tspuz/kZFNlmJHPvHneK3iPeootgCGq6YRhjI=,tag:IIJT6N2rSIvv7l2AwcfgXw==,type:comment] + username: ENC[AES256_GCM,data:bRhNHEA=,iv:k4QlV2mvZiG1iTy3rXehRujru2dPtDtknRJxK0ddAeQ=,tag:NJzVjuc0rUUZxiBn1JsyWQ==,type:str] + password: ENC[AES256_GCM,data:Bggc/GLPLnnWEtIMlf9jDV/nUpoceBMvWqjw+NshjoZJNmifMF6DFw==,iv:CGF3ukNNssEm+1G5M6eG1/OtEaG63wpUs9gfY6+mdvk=,tag:LTLfFnOGOiKDNKjjhL5gSA==,type:str] + #ENC[AES256_GCM,data:bds89uaF6UDYI//rnTBbaZTh3zf/WAb79zancM8WVKoGfd+AMWEFZLMhJvA=,iv:+/8I2rJBSK4XC/sWo1/8Hdp6SWcsT7U8YPeduwB5lKM=,tag:KLaYACvrQHsufokXosf2zA==,type:comment] + #ENC[AES256_GCM,data:FwtxO7qk5bwnG1aJFYNr,iv:jFITOSG/J/42EHtwcgNiRXus+NxnRkXYkH2RylK3uNQ=,tag:oU2gzMiPY9APbEWk4DOklg==,type:comment] + #ENC[AES256_GCM,data:ufapEl++l2M2B7hBYaGg17nwrM6yELAu3IWrSRtqsS0=,iv:E74vX43/YyrTgT+xfu+0zVFpJR2LC0f+WeDTIsSOopw=,tag:XBuQAMIqy+RuJZ8VyJXEGw==,type:comment] + device: ENC[AES256_GCM,data:fAL248UkkabkaOnVKrZxGOO4rw/GJTn0,iv:pJOPSzjCrgwEzpgyK38OUwuqla0L8tCqr1RemulCnp0=,tag:PefdDw7dbcsNmxmYLQmA6Q==,type:str] + #ENC[AES256_GCM,data:Aavl48ibfFc3lVIBwYHrD8Qwc61TvFMBv3sfEuWJwPDFs3ysGO2yEIYxVNIJUv1CcQFspzSwgsiUQBh0Wk93K/SfEMO1ml8m0/AgsE0Hu5dqRc5FCyVC,iv:FNZ9O2R8uh1lgwc2ygnKZLaMIZkMOfjmvXrqwTuLXOk=,tag:TYWsoY8gACBmB3V2nfgWxQ==,type:comment] + github_user_mail: ENC[AES256_GCM,data:6olG/yp8bvc=,iv:/yhG6eYlbxKhWJcyyFXs2WzaF+dh1VSBXRdqZBAX64k=,tag:Uv4qQWOm9DUBbvqOncqeHg==,type:str] + github_user_name: ENC[AES256_GCM,data:+6jBlhhYa9wn35Q9,iv:b24y9aYFrZSB2aU/p89ehJRT5bi15vUY64ddeE0syT8=,tag:mzuFUN59543wF6Zic/3QIA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ve9kzacrwq7l9l0emvs326uk6t576d75r596e083r2tq6xu28qcsacy3s7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMVdKcTJuY1ZJL2l2Ni9Y + YVVSYi9xQ0hhYng4ZzMrVkVWb3cwalpSd2dnCktBNzFEZGJxRkFySVhBQ2RZdGJ4 + bjlmVGxWUFZnT2tFUnBBd1ozZXdSdlEKLS0tIFd6K3h1OFZyY0xvc2VDL3diRlZB + cHdibGdzaHg0NnBMTXpYdGo1N3VCUG8Km3Pd+F+Dm0GYNr13rKykH0mLIJfZ7cw7 + ubzfRKrO1TDud0Cd5WP3RaLKX+viux7Wq8LLfHena1DfaeAblP1mfA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-07-07T10:53:39Z" + mac: ENC[AES256_GCM,data:0lptBE1Pers4fdlRXNBEmtMYRYwaupPghg6L4qMeGGEr9+tmoW1H1Pmz+wqZhMDX0LDl3VjUjlnTWuZXlBBgYJMHaOi+As64C24K66I3YFEk4fB4XvR5Houi1Q2h8fNrA17shGT/Cly2fMetmJXMmn4styQHd1aRGtHj6Ov+Qjs=,iv:lItUROOgPvBGUhyYEcOqRq0JVRFdJf5HB1NvF9zB4Sc=,tag:PNbMpSBqeuZengOIur30Rg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1 diff --git a/kubernetes/main/apps/home-automation/ebusd/app/emqx-init-secret.yaml b/kubernetes/main/apps/home-automation/ebusd/app/emqx-init-secret.yaml new file mode 100644 index 00000000..b2f549ea --- /dev/null +++ b/kubernetes/main/apps/home-automation/ebusd/app/emqx-init-secret.yaml @@ -0,0 +1,54 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ebusd-emqx-init +spec: + target: + creationPolicy: Owner + template: + engineVersion: v2 + data: + INIT_EMQX_API_HOST: "{{ .emqx_api_host }}" + INIT_EMQX_API_PORT: "{{ .emqx_api_port }}" + INIT_EMQX_ACCESS_KEY: "{{ .emqx_username }}" + INIT_EMQX_SECRET_KEY: "{{ .emqx_password }}" + INIT_EMQX_USER: "{{ .ebusd_username }}" + INIT_EMQX_PASS: "{{ .ebusd_password }}" + INIT_EMQX_TOPIC: "ebusd/#" + INIT_EMQX_TOPIC_ACLS: >- + {{ .ebusd_username }}:homeassistant/#:all:allow + {{ .hass_username }}:ebusd/#:all:allow + dataFrom: + - extract: + key: emqx-secret + rewrite: + - regexp: + source: "^(.*)$" + target: "emqx_$1" + sourceRef: + storeRef: + name: emqx-secret-store + kind: ClusterSecretStore + - extract: + key: ebusd-config-secret + rewrite: + - regexp: + source: "^(.*)$" + target: "ebusd_$1" + sourceRef: + storeRef: + name: home-automation-secret-store + kind: SecretStore + - extract: + key: home-assistant-emqx-secret + rewrite: + - regexp: + source: "^(.*)$" + target: "hass_$1" + sourceRef: + storeRef: + name: home-automation-secret-store + kind: SecretStore + diff --git a/kubernetes/main/apps/home-automation/ebusd/app/helmrelease.yaml b/kubernetes/main/apps/home-automation/ebusd/app/helmrelease.yaml new file mode 100644 index 00000000..2c188b7b --- /dev/null +++ b/kubernetes/main/apps/home-automation/ebusd/app/helmrelease.yaml @@ -0,0 +1,247 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app ebusd +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.2.1 + interval: 30m + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + dependsOn: + - name: emqx-operator + namespace: database + - name: external-secrets + namespace: security + - name: multus + namespace: kube-system + - name: volsync + namespace: storage + values: + defaultPodOptions: + annotations: + secret.reloader.stakater.com/reload: "ebusd-emqx-init,ebusd-secret" + securityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: { type: RuntimeDefault } + controllers: + ebusd: + containers: + app: + image: + repository: docker.io/john30/ebusd + tag: &version v23.3 + command: ["ebusd"] + args: + # https://github.com/john30/ebusd/wiki/2.-Run + # Message Configuration Options + - --configpath=/config/latest/en + - --configlang=en + - --pollinterval=10 + - --scanconfig + # Daemon Options + - --foreground + # HTTP Client + - --httpport=8080 + - --htmlpath=/config/html + # Log Options + - --log=all:notice + # MQTT Options + - --mqttint=/config/mqtt-hassio.cfg + - --mqttjson + envFrom: + - secretRef: + name: ebusd-secret + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: + path: /data/global + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: *probes + resources: + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 2000m + memory: 2Gi + code-server: + image: + repository: ghcr.io/coder/code-server + tag: 4.90.3 + args: + - --auth=none + - --user-data-dir=/config/.vscode + - --extensions-dir=/config/.vscode + - --port=80 + - /config" + envFrom: + - secretRef: + name: ebusd-secret + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 1000m + memory: 2Gi + lifecycle: + postStart: + exec: + command: + - /bin/sh + - -c + - | + ( + set -ex + + # Install packages + sudo apt update + sudo apt install --yes dnsutils + sudo apt install --yes iproute2 + sudo apt install --yes inetutils-ping + sudo apt install --yes inetutils-telnet + sudo apt install --yes inetutils-traceroute + sudo apt install --yes net-tools + + # Setup git + git config --global user.name "$${GITCONFIG_USER_NAME}" + git config --global user.email "$${GITCONFIG_USER_MAIL}" + git config --global branch.autosetuprebase always + git config --global --add safe.directory '/config' + ) > /tmp/postStart.log 2>&1 || true + initContainers: + config: + image: + repository: ghcr.io/prehor/alpine-toolbox + tag: 3.20.1 + args: + - /entrypoint.sh + - /bin/bash + - -c + - | + set -ex + + # Clone ebusd-config repository + if [ ! -e "/config/.git" ]; then + git clone git@github.com:prehor/ebusd-config.git /config/.ebusd-config + mv /config/.ebusd-config/* /config/.ebusd-config/.* /config + rmdir /config/.ebusd-config/ + fi + + # Fetch mqtt-hassio.cfg + if [ ! -e "/config/mqtt-hassio.cfg" ]; then + curl https://raw.githubusercontent.com/john30/ebusd/master/contrib/etc/ebusd/mqtt-hassio.cfg -o /config/mqtt-hassio.cfg + fi + + # Fetch contrib/html + if [ ! -e "/config/html/.ebus-$${EBUSD_VERSION#v}" ]; then + mkdir -p /config/html + rm -rf /config/html/* + ( + cd /config/html + curl -L https://github.com/john30/ebusd/archive/refs/tags/$${EBUSD_VERSION#v}.tar.gz | + tar xfvz - --strip-components=3 ebusd-$${EBUSD_VERSION#v}/contrib/html + ) + touch /config/html/.ebus-$${EBUSD_VERSION#v} + fi + env: + EBUSD_VERSION: *version + envFrom: + - secretRef: + name: ebusd-secret + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 500m + memory: 512Mi + emqx-init: + image: + repository: ghcr.io/prehor/emqx-init + tag: 1.0.0 + envFrom: + - secretRef: + name: ebusd-emqx-init + resources: + requests: + cpu: 10m + memory: 64Mi + limits: + cpu: 500m + memory: 512Mi + service: + app: + controller: ebusd + ports: + http: + port: 8888 + code-server: + port: 80 + ingress: + app: + enabled: true + className: internal + hosts: + - host: &host ebus.${SECRET_DOMAIN} + paths: + - path: / + service: + identifier: app + port: http + tls: + - hosts: + - *host + code-server: + className: internal + hosts: + - host: &host "ebush.${SECRET_DOMAIN}" + paths: + - path: / + service: + identifier: app + port: code-server + tls: + - hosts: + - *host + persistence: + config: + existingClaim: *app + deploy-key: + type: secret + name: ebusd-config-deploy-key + globalMounts: + - path: /config/.ssh/id_ed25519 + subPath: ssh-privatekey + - path: /config/.ssh/known_hosts2 + subPath: ssh-known-hosts + tmp: + type: emptyDir diff --git a/kubernetes/main/apps/home-automation/ebusd/app/kustomization.yaml b/kubernetes/main/apps/home-automation/ebusd/app/kustomization.yaml new file mode 100644 index 00000000..d769bf66 --- /dev/null +++ b/kubernetes/main/apps/home-automation/ebusd/app/kustomization.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./config-deploy-key.sops.yaml + - ./config-secrets.sops.yaml + - ./emqx-init-secret.yaml + - ./helmrelease.yaml + - ./secret.yaml + - ../../../../templates/volsync diff --git a/kubernetes/main/apps/home-automation/ebusd/app/secret.yaml b/kubernetes/main/apps/home-automation/ebusd/app/secret.yaml new file mode 100644 index 00000000..9ed44237 --- /dev/null +++ b/kubernetes/main/apps/home-automation/ebusd/app/secret.yaml @@ -0,0 +1,44 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: ebusd-secret +spec: + target: + creationPolicy: Owner + template: + engineVersion: v2 + data: + # https://github.com/john30/ebusd/wiki/2.-Run + # Device Options + EBUSD_DEVICE: "{{ .ebusd_device }}" + # MQTT Options + EBUSD_MQTTHOST: "{{ .emqx_host }}" + EBUSD_MQTTPORT: "{{ .emqx_port }}" + EBUSD_MQTTUSER: "{{ .ebusd_username }}" + EBUSD_MQTTPASS: "{{ .ebusd_password }}" + # https://github.com/prehor/container-images/blob/main/apps/alpine-toolbox/entrypoint.sh + GITCONFIG_USER_MAIL: "{{ .ebusd_github_user_mail}}" + GITCONFIG_USER_NAME: "{{ .ebusd_github_user_name}}" + dataFrom: + - extract: + key: ebusd-config-secret + rewrite: + - regexp: + source: "^(.*)$" + target: "ebusd_$1" + sourceRef: + storeRef: + name: home-automation-secret-store + kind: SecretStore + - extract: + key: emqx-secret + rewrite: + - regexp: + source: "^(.*)$" + target: "emqx_$1" + sourceRef: + storeRef: + name: emqx-secret-store + kind: ClusterSecretStore diff --git a/kubernetes/main/apps/home-automation/ebusd/ks.yaml b/kubernetes/main/apps/home-automation/ebusd/ks.yaml new file mode 100644 index 00000000..0d35f1b3 --- /dev/null +++ b/kubernetes/main/apps/home-automation/ebusd/ks.yaml @@ -0,0 +1,29 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app ebusd + namespace: flux-system +spec: + targetNamespace: home-automation + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: home-automation-external-secrets-stores + - name: multus + - name: volsync + path: "./kubernetes/main/apps/home-automation/ebusd/app" + prune: true + sourceRef: + kind: GitRepository + name: home-ops + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app + VOLSYNC_CAPACITY: 100Mi diff --git a/kubernetes/main/apps/home-automation/external-secrets/stores/rbac.yaml b/kubernetes/main/apps/home-automation/external-secrets/stores/rbac.yaml index 1a8e03d9..011ebb6d 100644 --- a/kubernetes/main/apps/home-automation/external-secrets/stores/rbac.yaml +++ b/kubernetes/main/apps/home-automation/external-secrets/stores/rbac.yaml @@ -13,7 +13,7 @@ rules: resources: - secrets resourceNames: - - ebusd-emqx-secret + - ebusd-config-secret - home-assistant-config-secret - home-assistant-emqx-secret - home-assistant-postgres-dburl diff --git a/kubernetes/main/apps/home-automation/home-assistant/app/emqx-init-secret.yaml b/kubernetes/main/apps/home-automation/home-assistant/app/emqx-init-secret.yaml index 544b28d0..cc995744 100644 --- a/kubernetes/main/apps/home-automation/home-assistant/app/emqx-init-secret.yaml +++ b/kubernetes/main/apps/home-automation/home-assistant/app/emqx-init-secret.yaml @@ -16,7 +16,7 @@ spec: INIT_EMQX_SECRET_KEY: "{{ .emqx_password }}" INIT_EMQX_USER: "{{ .hass_username }}" INIT_EMQX_PASS: "{{ .hass_password }}" - INIT_EMQX_TOPIC: "homeassistant" + INIT_EMQX_TOPIC: "homeassistant/#" dataFrom: - extract: key: emqx-secret diff --git a/kubernetes/main/apps/home-automation/home-assistant/app/helmrelease.yaml b/kubernetes/main/apps/home-automation/home-assistant/app/helmrelease.yaml index 5f559e09..2265e090 100644 --- a/kubernetes/main/apps/home-automation/home-assistant/app/helmrelease.yaml +++ b/kubernetes/main/apps/home-automation/home-assistant/app/helmrelease.yaml @@ -24,6 +24,10 @@ spec: strategy: rollback retries: 3 dependsOn: + - name: postgres-operator + namespace: database + - name: emqx-operator + namespace: database - name: external-secrets namespace: security - name: multus diff --git a/kubernetes/main/apps/home-automation/kustomization.yaml b/kubernetes/main/apps/home-automation/kustomization.yaml index a6ab8d89..33829749 100644 --- a/kubernetes/main/apps/home-automation/kustomization.yaml +++ b/kubernetes/main/apps/home-automation/kustomization.yaml @@ -3,5 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./namespace.yaml + - ./ebusd/ks.yaml - ./external-secrets/ks.yaml - ./home-assistant/ks.yaml