ci: deploy home assistant via flux cd (20GiB, ha.patanix.de)

apps/home-assistant/helmrelease.yaml

@@ -0,0 +1,35 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: home-assistant
+  namespace: home-assistant
+spec:
+  interval: 10m
+  releaseName: home-assistant
+  chart:
+    spec:
+      chart: home-assistant
+      version: "0.3.2"
+      sourceRef:
+        kind: HelmRepository
+        name: home-assistant
+        namespace: flux-system
+  values:
+    persistence:
+      enabled: true
+      existingClaim: home-assistant-config
+    ingress:
+      main:
+        enabled: true
+        # className: traefik
+        hosts:
+          - host: ha.patanix.de
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - secretName: ha-patanix-de-tls
+            hosts:
+              - ha.patanix.de
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-dns

apps/home-assistant/helmrepository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: home-assistant
+  namespace: flux-system
+spec:
+  interval: 1h0m0s
+  url: http://pajikos.github.io/home-assistant-helm-chart

apps/home-assistant/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - helmrepository.yaml
+  - helmrelease.yaml
+  - pvc.yaml

apps/home-assistant/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: home-assistant

apps/home-assistant/pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: home-assistant-config
+  namespace: home-assistant
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+  storageClassName: local-path

apps/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - home-assitant/

clusters/production/kustomization.yaml

@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ../../infrastructure
+  - ../../apps

notes/home-assistant.md

@@ -0,0 +1,86 @@
+# Home Assistant Best Practices
+
+## Secret
+- Nicht zwingend nötig, nur für zusätzliche Umgebungsvariablen.
+- Kann jederzeit nachgerüstet werden.
+
+## Zertifikat
+- Standard: Ingress mit cert-manager-Annotation, cert-manager erstellt das Zertifikat automatisch.
+- Alternativ: Certificate-Objekt selbst anlegen, dann Annotation im Ingress entfernen.
+
+## HelmRepository (pajikos)
+```bash
+cat <<EOF > infrastructure/services/home-assistant/helmrepository.yaml
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: pajikos-home-assistant
+  namespace: flux-system
+spec:
+  interval: 30m
+  url: https://pajikos.github.io/home-assistant-helm-chart
+EOF
+```
+
+## HelmRelease (Beispiel)
+```bash
+cat <<EOF > infrastructure/services/home-assistant/helmrelease.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: home-assistant
+  namespace: home-assistant
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: home-assistant
+      version: 15.3.5
+      sourceRef:
+        kind: HelmRepository
+        name: pajikos-home-assistant
+        namespace: flux-system
+  values:
+    persistence:
+      enabled: true
+      existingClaim: home-assistant-config
+    ingress:
+      main:
+        enabled: true
+        hosts:
+          - host: ha.patanix.de
+            paths:
+              - /
+        tls:
+          - secretName: ha-patanix-de-tls
+            hosts:
+              - ha.patanix.de
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-dns
+EOF
+```
+
+## 2. Secret verschlüsseln - falls vorhanden
+```bash
+sops -e -i infrastructure/services/home-assistant/secret.yaml
+```
+
+## 3. Dateien ins Repo legen und pushen
+```bash
+git add infrastructure/services/home-assistant/*
+git add infrastructure/kustomization-home-assistant.yaml
+git commit -m "Deploy Home Assistant via FluxCD (20GiB, ha.patanix.de)"
+git push origin main
+```
+
+## 4. Flux synchronisieren
+```bash
+flux reconcile source git flux-system
+flux get kustomizations
+kubectl -n home-assistant get pods
+kubectl -n home-assistant get ingress
+kubectl -n home-assistant get certificate
+```
+
+## 5. Erreichbarkeit testen
+# Nach DNS-Propagation und Zertifikatsausstellung: https://ha.patanix.de aufrufen