dvirlabs/my-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add home-assistant

Browse Source
This commit is contained in:
dvirlabs 2025-07-10 17:32:23 +03:00
parent 74e9a6a7fc
commit 6f69320dd8
40 changed files with 1885 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
argocd-apps/home-assistant.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: home-assistant
namespace: argocd
spec:
project: my-apps
source:
repoURL: https://git.dvirlabs.com/dvirlabs/my-apps.git
targetRevision: HEAD
path: charts/home-assistant
helm:
valueFiles:
- ../../manifests/home-assistant/values.yaml
destination:
server: https://kubernetes.default.svc
namespace: home-automation
syncPolicy:
automated:
prune: true
selfHeal: true

23
charts/home-assistant/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

20
charts/home-assistant/Chart.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: v2
appVersion: 2025.7.1
description: Automatically Updated Helm Chart for Home Assistant
home: https://github.com/pajikos/home-assistant-helm-chart
icon: https://upload.wikimedia.org/wikipedia/commons/thumb/6/6e/Home_Assistant_Logo.svg/519px-Home_Assistant_Logo.svg.png
keywords:
- home-assistant
- hass
- homeassistant
kubeVersion: '>=1.16.0-0'
maintainers:
- email: sklenar.pav@gmail.com
name: pajikos
name: home-assistant
sources:
- https://github.com/pajikos/home-assistant-helm-chart
- https://github.com/cdr/code-server
- https://github.com/pajikos/home-assistant-helm-chart/tree/main/charts/home-assistant
type: application
version: 0.3.10

372
charts/home-assistant/README.md Normal file
View File

@ -0,0 +1,372 @@
# Helm chart for Home Assistant
![Latest Released Version](https://img.shields.io/github/v/tag/pajikos/home-assistant-helm-chart?sort=semver)
![Helm Chart Release](https://github.com/pajikos/home-assistant-helm-chart/actions/workflows/build-helm-chart-release.yaml/badge.svg)
![Auto-update latest HA version](https://github.com/pajikos/home-assistant-helm-chart/actions/workflows/check_ha_release.yml/badge.svg)
[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/helm-hass)](https://artifacthub.io/packages/search?repo=helm-hass)
## Introduction
This chart bootstraps a [Home Assistant](https://home-assistant.io) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
It is updated **automatically** with each new release of Home Assistant, ensuring you always have access to the latest features and improvements.
## Features
- **Automatic Updates**: The chart is updated with each new release of Home Assistant.
- **Flexibility**: Extensive configuration options to tailor Home Assistant to your needs.
- **Addons Support**: Extend Home Assistant's functionality with supported addons, such as code-server.
## Quick Start
To deploy Home Assistant using this Helm chart, follow these steps:
```console
$ helm repo add pajikos http://pajikos.github.io/home-assistant-helm-chart/
$ helm repo update
$ helm install home-assistant pajikos/home-assistant
```
This will deploy Home Assistant with the default configuration. See the [Configuration](#configuration) section for details on customizing the deployment.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `home-assistant` deployment:
```console
$ helm delete home-assistant
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following table lists the configurable parameters of the Home Assistant chart and their default values.
# Home Assistant Helm Chart
This document provides detailed configuration options for the Home Assistant Helm chart.
| Parameter | Description | Default |
| --------- | ----------- | ------- |
| `replicaCount` | Number of replicas for the deployment | `1` |
| `image.repository` | Repository for the Home Assistant image | `ghcr.io/home-assistant/home-assistant` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.tag` | Overrides the image tag (default is the chart appVersion) | `""` |
| `image.imagePullSecrets` | List of imagePullSecrets for private image repositories | `[]` |
| `nameOverride` | Override the default name of the Helm chart | `""` |
| `fullnameOverride` | Override the default full name of the Helm chart | `""` |
| `serviceAccount.create` | Specifies whether a service account should be created | `true` |
| `serviceAccount.annotations` | Annotations to add to the service account | `{}` |
| `serviceAccount.name` | The name of the service account to use | `""` |
| `podAnnotations` | Annotations to add to the pod | `{}` |
| `controller.type` | Type of controller to use: StatefulSet or Deployment | `StatefulSet` |
| `statefulSetAnnotations` | Annotations to add to the StatefulSet | `{}` |
| `deploymentAnnotations` | Annotations to add to the Deployment | `{}` |
| `podSecurityContext` | Pod security context settings | `{}` |
| `env` | Environment variables | `[]` |
| `envFrom` | Use environment variables from ConfigMaps or Secrets | `[]` |
| `hostNetwork` | Specifies if the containers should be started in `hostNetwork` mode. | `false` |
| `dnsPolicy` | Specifies the [`dnsPolicy`](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy) for the pod. | `false` |
| `hostPort.enabled` | Enable 'hostPort' or not | `false` |
| `hostPort.port` | Port number | `8123` |
| `dnsConfig` | Override the default dnsConfig and set your own nameservers or ndots, among other options | `{}` |
| `service.type` | Service type (ClusterIP, NodePort, LoadBalancer, or ExternalName) | `ClusterIP` |
| `service.port` | Service port | `8080` |
| `service.annotations` | Annotations to add to the service | `{}` |
| `ingress.enabled` | Enable ingress for Home Assistant | `false` |
| `ingress.external` | Enable external ingress (cannot be true when ingress.enabled is true) | `false` |
| `resources` | Resource settings for the container | `{}` |
| `nodeSelector` | Node selector settings for scheduling the pod on specific nodes | `{}` |
| `tolerations` | Tolerations settings for scheduling the pod based on node taints | `[]` |
| `affinity` | Affinity settings for controlling pod scheduling | `{}` |
| `priorityClassName` | Priority class name for Home Assistant pods | `""` |
| `persistence.enabled` | Enables the creation of a Persistent Volume Claim (PVC) for Home Assistant. | `false` |
| `persistence.accessMode` | The access mode of the PVC. | `ReadWriteOnce` |
| `persistence.size` | The size of the PVC to create. | `5Gi` |
| `persistence.storageClass` | The storage class to use for the PVC. If empty, the default storage class is used. | `""` |
| `persistence.existingVolume` | The name of an existing Persistent Volume to bind to when using StatefulSet. This bypasses dynamic provisioning. | `""` |
| `persistence.existingClaim` | The name of an existing PVC to use when using Deployment. | `""` |
| `persistence.matchLabels` | Label selectors to apply when binding to an existing Persistent Volume. | `{}` |
| `persistence.matchExpressions` | Expression selectors to apply when binding to an existing Persistent Volume. | `{}` |
| `persistence.annotations` | Annotations to add to the PVC. | `{}` |
| `additionalVolumes` | Additional volumes to be mounted in the home assistant container | `[]` |
| `additionalMounts` | Additional volume mounts to be mounted in the home assistant container | `[]` |
| `initContainers` | List of initialization containers | `[]` |
| `configuration.enabled` | Enable or disable the configuration setup for Home Assistant | `false` |
| `configuration.forceInit` | Force init will merge the current configuration file with the default configuration on every start | `false` |
| `configuration.trusted_proxies` | List of trusted proxies in CIDR notation | `["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "127.0.0.0/8"]` |
| `configuration.templateConfig` | Template for the `configuration.yaml` file | See Advanced Configuration |
| `configuration.initScript` | Init script for Home Assistant initialization | See values.yaml for the complete configuration options |
| `configuration.initContainer` | Configuration for the init container | See values.yaml for the complete configuration options |
| `addons.codeserver.enabled` | Enable or disable the code-server addon | `false` |
| `addons.codeserver.resources` | Resource settings for the code-server container | `{}` |
| `addons.codeserver.image.repository` | Repository for the code-server image | `ghcr.io/coder/code-server` |
| `addons.codeserver.image.pullPolicy` | Image pull policy for the code-server image | `IfNotPresent` |
| `addons.codeserver.image.tag` | Tag for the code-server image | `latest released version, automatically updated` |
| `addons.codeserver.service.type` | Service type for the code-server addon | `ClusterIP` |
| `addons.codeserver.service.port` | Service port for the code-server addon | `12321` |
| `addons.codeserver.ingress.enabled` | Enable or disable the ingress for the code-server addon | `false` |
| `addons.codeserver.ingress.hosts` | Hosts for the code-server addon | `[]` |
| `addons.codeserver.ingress.tls` | TLS settings for the code-server addon | `[]` |
| `addons.codeserver.ingress.annotations` | Annotations for the code-server addon | `{}` |
## Controller Type
This chart supports two types of controllers for deploying Home Assistant:
1. `StatefulSet` (default): Recommended for production use, especially when persistence is enabled. StatefulSets provide stable network identities and persistent storage that survives pod rescheduling.
2. `Deployment`: Simpler controller type that might be preferred in some scenarios. When using a Deployment with persistence enabled, a separate PVC is created instead of using volumeClaimTemplates.
To specify the controller type, set the `controller.type` value:
```yaml
controller:
type: StatefulSet # or Deployment
```
## Persistence
The default configuration of this chart uses an `emptyDir` volume for persistence, which means that data is lost when the pod is removed. To enable persistent storage that survives pod restarts and redeployments, you can configure the chart to use a Persistent Volume Claim (PVC).
### Enabling Persistence
To enable persistence, set `persistence.enabled` to `true`. You can also specify the desired `accessMode` and `size` for the PVC. By default, the `accessMode` is set to `ReadWriteOnce`, and there is no default storage class (`storageClass: ""`), meaning the cluster's default storage class will be used.
```yaml
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 5Gi
storageClass: ""
```
### Using an Existing Volume or PVC
Depending on the controller type you're using, you can either bind to an existing Persistent Volume (PV) or use an existing Persistent Volume Claim (PVC):
#### With StatefulSet (default)
If you already have a Persistent Volume (PV) that you wish to use with a StatefulSet, you can specify the name of this existing volume in the `persistence.existingVolume` field. This will direct the chart to use the specified PV, bypassing dynamic volume provisioning.
```yaml
controller:
type: StatefulSet
persistence:
enabled: true
existingVolume: "my-existing-volume"
```
#### With Deployment
If you're using a Deployment and already have a PVC that you wish to use, you can specify the name of this existing claim in the `persistence.existingClaim` field:
```yaml
controller:
type: Deployment
persistence:
enabled: true
existingClaim: "my-existing-pvc"
```
Alternatively, if you want to bind to a specific PV with a Deployment, you can create a new PVC that binds to the PV by setting `persistence.existingVolume`:
```yaml
controller:
type: Deployment
persistence:
enabled: true
existingVolume: "my-existing-volume"
```
When using an existing volume or claim, ensure that the `accessMode` and `size` specified in the chart values match the capabilities and capacity of the existing PV/PVC.
### Selectors
You can further refine the selection of an existing PV using `matchLabels` or `matchExpressions` under the `persistence` section. These selectors will be used to match the existing PVs based on their labels.
```yaml
persistence:
enabled: true
matchLabels:
type: fast-ssd
matchExpressions:
- key: "failure-domain.beta.kubernetes.io/zone"
operator: "In"
values: ["us-west-1a"]
```
### PVC Annotations
You can add annotations to the PVC by specifying them in the `persistence.annotations` field. This is useful for backup solutions like k8up that use annotations to identify resources for backup.
```yaml
persistence:
enabled: true
annotations:
k8up.io/backup: "true"
another-annotation: "value"
```
> **Note**: When specifying an `existingVolume`, ensure that the PV is not already bound to another PVC, as a PV can only be bound to a single PVC at a time.
## Ingress
The chart provides two mutually exclusive ways to configure ingress:
1. `ingress.enabled`: Traditional Kubernetes ingress configuration
2. `ingress.external`: For scenarios where the ingress is managed externally
Note: These two options cannot be enabled simultaneously. Attempting to set both to `true` will result in a validation error.
Example configuration:
```yaml
ingress:
enabled: true # Traditional ingress
external: false # External ingress
```
In addition, you can specify the `ingress.hosts` and `ingress.tls` values. The default values are `[]` and `[]` respectively.
The second option is to set `service.type` to `NodePort` or `LoadBalancer` (when ingress is not available in your cluster)
## HostPort and HostNetwork
To enable hostPort, set `hostPort.enabled` to `true`. In addition, you can specify the `hostPort.port` value. The default value is `8123`.
To enable hostNetwork, set `hostNetwork` to `true`.
HostNetwork is required for auto-discovery of Home Assistant, when not using auto-discovery, hostNetwork is not required and not recommended.
## ServiceMonitor
If you have the Prometheus Operator installed, you can enable a ServiceMonitor to scrape Home Assistant metrics by setting `serviceMonitor.enabled` to `true`. This requires the [Prometheus integration](https://www.home-assistant.io/integrations/prometheus/) to be configured in Home Assistant.
```yaml
serviceMonitor:
enabled: true
scrapeInterval: 30s
labels:
release: prometheus
# Bearer token authentication configuration (optional)
bearerToken:
secretName: "prometheus-token"
secretKey: "token"
```
### Bearer Token Authentication
To use bearer token authentication for the ServiceMonitor, simply provide both:
- `secretName`: The name of the Kubernetes secret containing the token
- `secretKey`: The key within that secret containing the actual token
This lets you secure the metrics endpoint with a bearer token that Prometheus will use for authentication.
## Addons
The Home Assistant chart supports the following addons:
* [code-server](https://github.com/coder/code-server)
## Additional volumes and volume mounts
To add additional volumes and volume mounts, you can use the `additionalVolumes` and `additionalMounts` values. The default values are `[]`.
Example mounting usb devices:
```yaml
additionalVolumes:
- hostPath:
path: >-
/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20230509111242-if00
type: CharDevice
name: usb
additionalMounts:
- mountPath: /dev/ttyACM0
name: usb
```
Note: When mounting usb devices, you need to set the `securityContext.privileged` value to `true`.
## Advanced Configuration
### Init Containers
Use init containers to perform tasks before starting Home Assistant, such as waiting for a dependency:
```yaml
initContainers:
- name: init-myservice
image: busybox
command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
```
### Home Assistant Configuration
Customize Home Assistant's configuration directly through the Helm chart:
```yaml
# Configuration for Home Assistant
configuration:
# Enable or disable the configuration setup for Home Assistant
enabled: true
# Force init will merge the current configuration file with the default configuration on every start
# This is useful when you want to ensure that the configuration file is always up to date
forceInit: true
# List of trusted proxies in the format of CIDR notation in a case of using a reverse proxy
# Here is the list of the most common private IP ranges, use your list of possible trusted proxies, usually, it's the IP of the reverse proxy
trusted_proxies:
- 10.42.0.0/16 # Add the IP address of your cluster CIDR
# Editing templateConfig allows you to customize the configuration.yaml file
# You can use Go template functions to customize the configuration
templateConfig: |-
# Loads default set of integrations. Do not remove.
default_config:
{{- if .Values.ingress.enabled }}
http:
use_x_forwarded_for: true
trusted_proxies:
{{- range .Values.configuration.trusted_proxies }}
- {{ . }}
{{- end }}
{{- end}}
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
```
This allows for dynamic configuration based on your Helm values.
## code-server
To enable the code-server addon, set `addons.codeserver.enabled` to `true`. In addition, you can specify the `addons.codeserver.resources` values. The default value is `{}`.
To be able to access the code-server addon, you need to enable the ingress for the code-server addon by setting `addons.codeserver.ingress.enabled` to `true` or setting `service.type` to `NodePort` or `LoadBalancer`.
## Upgrade Notes (v0.3)
This release adds support for both `StatefulSet` (default/legacy) and `Deployment` controllers, and clarifies persistence usage.
### Key Changes
- New value: `controller.type`—default remains `StatefulSet` for backward compatibility; use `Deployment` by setting `controller.type: Deployment`.
- The auto-generated PVC for `controller.type: Deployment` is now named `<fullname>-pvc` (vs. prior defaults for StatefulSet). Update all references if switching controller type!
- `persistence.existingClaim` is only supported with Deployment; `persistence.existingVolume` with StatefulSet.
- Manual cleanup may be needed if switching controller kind (e.g. legacy StatefulSet/PVC may remain until manually deleted).
### Migration Guidance
- If you keep using StatefulSet, no changes required.
- If switching to Deployment:
- Update any automation or manifests to refer to the new PVC name (`-pvc` suffix).
- Review and clean up old StatefulSet/volume resources as needed after migration.
See "Controller Type" and "Persistence" sections above for full explanation.

4
charts/home-assistant/ci/01-hass-configuration-values.yaml Normal file
View File

@ -0,0 +1,4 @@
# test case 01: Test the default values of the configuration
configuration:
enabled: true
forceInit: false

5
charts/home-assistant/ci/02-hass-configuration-values.yaml Normal file
View File

@ -0,0 +1,5 @@
# Test case 02: Test for setting trusted_proxies and use_x_forwarded_for
ingress:
enabled: true
configuration:
enabled: true

4
charts/home-assistant/ci/03-hass-configuration-values.yaml Normal file
View File

@ -0,0 +1,4 @@
# test case 03: Test the configuration with forceInit set to true
configuration:
enabled: true
forceInit: true

8
charts/home-assistant/ci/04-hass-configuration-values.yaml Normal file
View File

@ -0,0 +1,8 @@
# Test case 04: Test for setting custom trusted_proxies and use_x_forwarded_for
ingress:
enabled: true
configuration:
enabled: true
forceInit: true
trusted_proxies:
- 172.16.100.0/24

12
charts/home-assistant/ci/05-hass-configuration-values.yaml Normal file
View File

@ -0,0 +1,12 @@
# Test case 05: Test for setting custom template configuration and init script
configuration:
enabled: true
forceInit: false
templateConfig: |-
default_config:
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
initScript: |-
#!/bin/bash
echo "Custom trusted proxies init script"

5
charts/home-assistant/ci/additional-env-values.yaml Normal file
View File

@ -0,0 +1,5 @@
env:
- name: TZ
value: "America/New_York"
- name: DEBUG_MODE
value: "true"

13
charts/home-assistant/ci/addon-vscode-additional-mount-values.yaml Normal file
View File

@ -0,0 +1,13 @@
# Addons configuration for additional services
addons:
# Code-server addon configuration
codeserver:
# if you need any additional volume mounts, you can define them here
additionalMounts:
- mountPath: /home/coder/.ssh/id_rsa
name: id-rsa
# empty dir volume for id_rsa
additionalVolumes:
- name: id-rsa
emptyDir: {}

3
charts/home-assistant/ci/addons-enabled-values.yaml Normal file
View File

@ -0,0 +1,3 @@
addons:
codeserver:
enabled: true

6
charts/home-assistant/ci/addons-persistence-values.yaml Normal file
View File

@ -0,0 +1,6 @@
persistence:
enabled: true
size: "8Gi"
addons:
codeserver:
enabled: true

11
charts/home-assistant/ci/advanced-networking-values.yaml Normal file
View File

@ -0,0 +1,11 @@
hostNetwork: true
dnsConfig:
nameservers:
- 8.8.8.8
- 8.8.4.4
options:
- name: ndots
value: "1"
hostPort:
enabled: true
port: 8123

7
charts/home-assistant/ci/custom-resources-values.yaml Normal file
View File

@ -0,0 +1,7 @@
resources:
requests:
cpu: "250m"
memory: "256Mi"
limits:
cpu: "500m"
memory: "512Mi"

1
charts/home-assistant/ci/default-values.yaml Normal file
View File

@ -0,0 +1 @@
# No overrides provided; using chart defaults.

12
charts/home-assistant/ci/deployment-controller-values.yaml Normal file
View File

@ -0,0 +1,12 @@
# Test values for using Deployment instead of StatefulSet
controller:
type: Deployment
# Enable persistence to test PVC creation
persistence:
enabled: true
size: 1Gi
# Add some deployment annotations
deploymentAnnotations:
test: "true"

1
charts/home-assistant/ci/ha-values.yaml Normal file
View File

@ -0,0 +1 @@
replicaCount: 3

14
charts/home-assistant/ci/ingress-custom-values.yaml Normal file
View File

@ -0,0 +1,14 @@
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: "letsencrypt-prod"
hosts:
- host: homeassistant.example.com
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: homeassistant-tls
hosts:
- homeassistant.example.com

3
charts/home-assistant/ci/ingress-external-values.yaml Normal file
View File

@ -0,0 +1,3 @@
ingress:
enabled: false
external: true

6
charts/home-assistant/ci/persistence-enabled-values.yaml Normal file
View File

@ -0,0 +1,6 @@
persistence:
enabled: true
size: "10Gi"
annotations:
backup: "true"
second-annotation: "another value"

5
charts/home-assistant/ci/security-context-values.yaml Normal file
View File

@ -0,0 +1,5 @@
securityContext:
runAsUser: 1000
runAsNonRoot: true
podAnnotations:
hello: world

10
charts/home-assistant/ci/startupProbe-values.yaml Normal file
View File

@ -0,0 +1,10 @@
startupProbe:
initialDelaySeconds: 1
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 1
httpGet:
scheme: HTTP
path: /
port: http

8
charts/home-assistant/ci/statefulset-persistence-values.yaml Normal file
View File

@ -0,0 +1,8 @@
# Test values for StatefulSet with persistence
controller:
type: StatefulSet
# Enable persistence
persistence:
enabled: true
size: 1Gi

39
charts/home-assistant/templates/NOTES.txt Normal file
View File

@ -0,0 +1,39 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "home-assistant.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "home-assistant.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "home-assistant.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "home-assistant.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8123 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8123:$CONTAINER_PORT
{{- end }}
{{- if .Values.configuration.enabled }}
{{- if or (has "10.0.0.0/8" .Values.configuration.trusted_proxies) (has "172.16.0.0/12" .Values.configuration.trusted_proxies) (has "192.168.0.0/16" .Values.configuration.trusted_proxies) (has "127.0.0.0/8" .Values.configuration.trusted_proxies) }}
WARNING: You have enabled configuration setup for Home Assistant and are using widely trusted proxy IP ranges. Please ensure that this is intended and secure for your environment. Misconfiguration can lead to security vulnerabilities.
{{- end }}
{{- end }}
{{- if and .Values.ingress.enabled (not .Values.configuration.enabled) }}
WARNING: Ingress is enabled for Home Assistant, but the configuration setup is disabled. If you are using a reverse proxy, it is recommended to configure trusted proxies to ensure Home Assistant functions correctly and securely. For more information on configuring trusted proxies, visit: https://www.home-assistant.io/integrations/http/#reverse-proxies
{{- end }}
{{- if and .Values.configuration.enabled (or .Values.securityContext .Values.podSecurityContext) }}
WARNING: You have enabled the configuration setup for Home Assistant and defined a securityContext or podSecurityContext. Please ensure to update the configuration.initContainer.securityContext to have the same user setup to avoid running the init container as the root user. This is crucial for maintaining the security of your deployment.
{{- end }}

80
charts/home-assistant/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,80 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "home-assistant.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "home-assistant.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "home-assistant.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "home-assistant.labels" -}}
helm.sh/chart: {{ include "home-assistant.chart" . }}
{{ include "home-assistant.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "home-assistant.selectorLabels" -}}
app.kubernetes.io/name: {{ include "home-assistant.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "home-assistant.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "home-assistant.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Validate ingress configuration
*/}}
{{- define "home-assistant.validateIngress" -}}
{{- if and .Values.ingress.enabled .Values.ingress.external -}}
{{- fail "ingress.enabled and ingress.external cannot both be true" -}}
{{- end -}}
{{- end -}}
{{/*
Validate controller type
*/}}
{{- define "home-assistant.validateController" -}}
{{- if not (or (eq .Values.controller.type "StatefulSet") (eq .Values.controller.type "Deployment")) -}}
{{- fail "controller.type must be either 'StatefulSet' or 'Deployment'" -}}
{{- end -}}
{{- end -}}

10
charts/home-assistant/templates/configmap-hass-config.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- if .Values.configuration.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: hass-configuration
namespace: {{ .Release.Namespace }}
data:
configuration.yaml: |
{{- tpl .Values.configuration.templateConfig . | nindent 4 }}
{{- end -}}

10
charts/home-assistant/templates/configmap-init-script.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- if .Values.configuration.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: init-script
namespace: {{ .Release.Namespace }}
data:
init.sh: |
{{- tpl .Values.configuration.initScript . | nindent 4 }}
{{- end -}}

198
charts/home-assistant/templates/deployment.yaml Normal file
View File

@ -0,0 +1,198 @@
{{- if eq .Values.controller.type "Deployment" }}
{{- include "home-assistant.validateController" . | trim }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "home-assistant.fullname" . }}
labels:
{{- include "home-assistant.labels" . | nindent 4 }}
{{- if .Values.deploymentAnnotations }}
annotations:
{{- toYaml .Values.deploymentAnnotations | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "home-assistant.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "home-assistant.selectorLabels" . | nindent 8 }}
annotations:
{{- if .Values.configuration.enabled }}
checksum/init-script: {{ include (print $.Template.BasePath "/configmap-init-script.yaml") . | sha256sum }}
checksum/hass-configuration: {{ include (print $.Template.BasePath "/configmap-hass-config.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.hostNetwork }}
hostNetwork: true
{{- end }}
{{- if .Values.dnsPolicy }}
dnsPolicy: {{ .Values.dnsPolicy }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "home-assistant.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.dnsConfig }}
dnsConfig:
{{- toYaml .Values.dnsConfig | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.envFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.env }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: 8123
protocol: TCP
{{- if .Values.hostPort.enabled }}
hostPort: {{ .Values.hostPort.port }}
{{- end }}
{{- if .Values.additionalPorts }}
{{- .Values.additionalPorts | toYaml | nindent 12 }}
{{- end }}
{{- with $.Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with $.Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with $.Values.startupProbe }}
startupProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /config
name: {{ include "home-assistant.fullname" . }}-pvc
{{- if .Values.additionalMounts }}
{{- .Values.additionalMounts | toYaml | nindent 10 }}
{{- end }}
{{- if .Values.addons.codeserver.enabled }}
- name: codeserver
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
args:
- --auth
- none
- --user-data-dir
- "/config/.vscode"
- --extensions-dir
- "/config/.vscode"
- --port
- "12321"
- "/config"
image: "{{ .Values.addons.codeserver.image.repository }}:{{ .Values.addons.codeserver.image.tag }}"
imagePullPolicy: "{{ .Values.addons.codeserver.image.pullPolicy }}"
ports:
- containerPort: 12321
name: codeserver
protocol: TCP
{{- with .Values.addons.codeserver.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /config
name: {{ include "home-assistant.fullname" . }}-pvc
{{- if .Values.addons.codeserver.additionalMounts }}
{{- .Values.addons.codeserver.additionalMounts | toYaml | nindent 10 }}
{{- end }}
{{- end }}
{{- if or (.Values.configuration.enabled) .Values.initContainers }}
initContainers:
{{- if .Values.initContainers }}
{{- toYaml .Values.initContainers | nindent 8 }}
{{- end }}
{{- if .Values.configuration.enabled }}
- name: {{ .Values.configuration.initContainer.name }}
image: {{ .Values.configuration.initContainer.image }}
{{- if .Values.configuration.initContainer.securityContext }}
securityContext:
{{- toYaml .Values.configuration.initContainer.securityContext | nindent 12 }}
{{- end }}
{{- if .Values.configuration.initContainer.command }}
command: {{ toYaml .Values.configuration.initContainer.command | nindent 12 }}
{{- end }}
{{- if .Values.configuration.initContainer.args }}
args: {{ toYaml .Values.configuration.initContainer.args | nindent 12 }}
{{- end }}
{{- if .Values.configuration.initContainer.env }}
env:
{{- toYaml .Values.configuration.initContainer.env | nindent 12 }}
{{- end }}
volumeMounts:
{{- range .Values.configuration.initContainer.volumeMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
{{- if .subPath }}
subPath: {{ .subPath }}
{{ end }}
{{- end }}
- mountPath: /config
name: {{ include "home-assistant.fullname" $ }}-pvc
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
volumes:
{{- if .Values.configuration.enabled }}
- name: init-volume
configMap:
name: init-script
- name: config-volume
configMap:
name: hass-configuration
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: {{ include "home-assistant.fullname" . }}-pvc
emptyDir: {}
{{- else if .Values.persistence.existingClaim }}
- name: {{ include "home-assistant.fullname" . }}-pvc
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim }}
{{- else }}
- name: {{ include "home-assistant.fullname" . }}-pvc
persistentVolumeClaim:
claimName: {{ include "home-assistant.fullname" . }}-pvc
{{- end }}
{{- if .Values.additionalVolumes }}
{{- .Values.additionalVolumes | toYaml | nindent 6 }}
{{- end }}
{{- end }}

61
charts/home-assistant/templates/ingress-codeserver.yaml Normal file
View File

@ -0,0 +1,61 @@
{{- if and .Values.addons.codeserver .Values.addons.codeserver.ingress.enabled -}}
{{- $fullName := print (include "home-assistant.fullname" .) "-codeserver" -}}
{{- $svcPort := 12321 -}}
{{- if and .Values.addons.codeserver.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.addons.codeserver.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.addons.codeserver.ingress.annotations "kubernetes.io/ingress.class" .Values.addons.codeserver.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "home-assistant.labels" . | nindent 4 }}
{{- with .Values.addons.codeserver.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.addons.codeserver.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.addons.codeserver.ingress.className }}
{{- end }}
{{- if .Values.addons.codeserver.ingress.tls }}
tls:
{{- range .Values.addons.codeserver.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.addons.codeserver.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

65
charts/home-assistant/templates/ingress.yaml Normal file
View File

@ -0,0 +1,65 @@
{{- if .Values.ingress.enabled -}}
{{- include "home-assistant.validateIngress" . }}
{{- $fullName := include "home-assistant.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "home-assistant.labels" . | nindent 4 }}
{{- with .Values.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

35
charts/home-assistant/templates/pvc.yaml Normal file
View File

@ -0,0 +1,35 @@
{{- if and (eq .Values.controller.type "Deployment") .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "home-assistant.fullname" . }}-pvc
labels:
{{- include "home-assistant.labels" . | nindent 4 }}
{{- with .Values.persistence.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode }}
{{- if .Values.persistence.existingVolume }}
volumeName: {{ .Values.persistence.existingVolume }}
{{- end }}
{{- if or .Values.persistence.matchLabels (.Values.persistence.matchExpressions) }}
selector:
{{- if .Values.persistence.matchLabels }}
matchLabels:
{{ toYaml .Values.persistence.matchLabels | indent 4 }}
{{- end -}}
{{- if .Values.persistence.matchExpressions }}
matchExpressions:
{{ toYaml .Values.persistence.matchExpressions | indent 4 }}
{{- end -}}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- if .Values.persistence.storageClass }}
storageClassName: {{ .Values.persistence.storageClass }}
{{- end }}
{{- end }}

17
charts/home-assistant/templates/service-codeserver.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if and .Values.addons.codeserver.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "home-assistant.fullname" . }}-codeserver
labels:
{{- include "home-assistant.labels" . | nindent 4 }}
spec:
type: {{ .Values.addons.codeserver.service.type }}
ports:
- port: {{ .Values.addons.codeserver.service.port }}
targetPort: codeserver
protocol: TCP
name: codeserver
selector:
{{- include "home-assistant.selectorLabels" . | nindent 4 }}
{{- end }}

27
charts/home-assistant/templates/service-monitor.yaml Normal file
View File

@ -0,0 +1,27 @@
{{- if and .Values.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "home-assistant.fullname" . }}
labels:
{{- include "home-assistant.labels" . | nindent 4 }}
{{- with .Values.serviceMonitor.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
spec:
endpoints:
- interval: {{ .Values.serviceMonitor.scrapeInterval }}
port: http
path: /api/prometheus
{{- if and .Values.serviceMonitor.bearerToken (and .Values.serviceMonitor.bearerToken.secretName .Values.serviceMonitor.bearerToken.secretKey) }}
bearerTokenSecret:
name: {{ .Values.serviceMonitor.bearerToken.secretName }}
key: {{ .Values.serviceMonitor.bearerToken.secretKey }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "home-assistant.selectorLabels" . | nindent 6 }}
{{- end }}

53
charts/home-assistant/templates/service.yaml Normal file
View File

@ -0,0 +1,53 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "home-assistant.fullname" . }}
labels:
{{- include "home-assistant.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{ end }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "home-assistant.selectorLabels" . | nindent 4 }}
{{- if .Values.additionalServices }}
{{- range .Values.additionalServices }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "home-assistant.fullname" $ }}-{{ .name }}
labels:
{{- include "home-assistant.labels" $ | nindent 4 }}
{{- with .labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{ end }}
spec:
type: {{ .type }}
{{- if .loadBalancerClass}}
loadBalancerClass: {{.loadBalancerClass}}
{{- end}}
ports:
- port: {{ .port }}
targetPort: {{ .targetPort }}
protocol: {{ .protocol }}
name: {{ .name }}
{{- if .nodePort }}
nodePort: {{ .nodePort }}
{{- end }}
selector:
{{- include "home-assistant.selectorLabels" $ | nindent 4 }}
{{- end }}
{{- end}}

12
charts/home-assistant/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "home-assistant.serviceAccountName" . }}
labels:
{{- include "home-assistant.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

225
charts/home-assistant/templates/statefulset.yaml Normal file
View File

@ -0,0 +1,225 @@
{{- include "home-assistant.validateController" . }}
{{- if eq .Values.controller.type "StatefulSet" }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "home-assistant.fullname" . }}
labels:
{{- include "home-assistant.labels" . | nindent 4 }}
{{- if .Values.statefulSetAnnotations }}
annotations:
{{- toYaml .Values.statefulSetAnnotations | nindent 4 }}
{{- end }}
spec:
serviceName: {{ include "home-assistant.fullname" . }}
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "home-assistant.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "home-assistant.selectorLabels" . | nindent 8 }}
annotations:
{{- if .Values.configuration.enabled }}
checksum/init-script: {{ include (print $.Template.BasePath "/configmap-init-script.yaml") . | sha256sum }}
checksum/hass-configuration: {{ include (print $.Template.BasePath "/configmap-hass-config.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.hostNetwork }}
hostNetwork: true
{{- end }}
{{- if .Values.dnsPolicy }}
dnsPolicy: {{ .Values.dnsPolicy }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "home-assistant.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.dnsConfig }}
dnsConfig:
{{- toYaml .Values.dnsConfig | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with .Values.envFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.env }}
env:
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: 8123
protocol: TCP
{{- if .Values.hostPort.enabled }}
hostPort: {{ .Values.hostPort.port }}
{{- end }}
{{- if .Values.additionalPorts }}
{{- .Values.additionalPorts | toYaml | nindent 12 }}
{{- end }}
{{- with $.Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with $.Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with $.Values.startupProbe }}
startupProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /config
name: {{ include "home-assistant.fullname" . }}
{{- if .Values.additionalMounts }}
{{- .Values.additionalMounts | toYaml | nindent 10 }}
{{- end }}
{{- if .Values.addons.codeserver.enabled }}
- name: codeserver
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
args:
- --auth
- none
- --user-data-dir
- "/config/.vscode"
- --extensions-dir
- "/config/.vscode"
- --port
- "12321"
- "/config"
image: "{{ .Values.addons.codeserver.image.repository }}:{{ .Values.addons.codeserver.image.tag }}"
imagePullPolicy: "{{ .Values.addons.codeserver.image.pullPolicy }}"
ports:
- containerPort: 12321
name: codeserver
protocol: TCP
{{- with .Values.addons.codeserver.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
- mountPath: /config
name: {{ include "home-assistant.fullname" . }}
{{- if .Values.addons.codeserver.additionalMounts }}
{{- .Values.addons.codeserver.additionalMounts | toYaml | nindent 10 }}
{{- end }}
{{- end }}
{{- if or (.Values.configuration.enabled) .Values.initContainers }}
initContainers:
{{- if .Values.initContainers }}
{{- toYaml .Values.initContainers | nindent 8 }}
{{- end }}
{{- if .Values.configuration.enabled }}
- name: {{ .Values.configuration.initContainer.name }}
image: {{ .Values.configuration.initContainer.image }}
{{- if .Values.configuration.initContainer.securityContext }}
securityContext:
{{- toYaml .Values.configuration.initContainer.securityContext | nindent 12 }}
{{- end }}
{{- if .Values.configuration.initContainer.command }}
command: {{ toYaml .Values.configuration.initContainer.command | nindent 12 }}
{{- end }}
{{- if .Values.configuration.initContainer.args }}
args: {{ toYaml .Values.configuration.initContainer.args | nindent 12 }}
{{- end }}
{{- if .Values.configuration.initContainer.env }}
env:
{{- toYaml .env | nindent 12 }}
{{- end }}
volumeMounts:
{{- range .Values.configuration.initContainer.volumeMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
{{- if .subPath }}
subPath: {{ .subPath }}
{{ end }}
{{- end }}
- mountPath: /config
name: {{ include "home-assistant.fullname" $ }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
volumes:
{{- if .Values.configuration.enabled }}
- name: init-volume
configMap:
name: init-script
- name: config-volume
configMap:
name: hass-configuration
{{- end }}
{{- if not .Values.persistence.enabled }}
- name: {{ include "home-assistant.fullname" . }}
emptyDir: {}
{{- end }}
{{- if .Values.additionalVolumes }}
{{- .Values.additionalVolumes | toYaml | nindent 6 }}
{{- end }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: {{ include "home-assistant.fullname" . }}
{{- with .Values.persistence.annotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode }}
{{- if .Values.persistence.existingVolume }}
volumeName: {{ .Values.persistence.existingVolume }}
{{- end }}
{{- if or .Values.persistence.matchLabels (.Values.persistence.matchExpressions) }}
selector:
{{- if .Values.persistence.matchLabels }}
matchLabels:
{{ toYaml .Values.persistence.matchLabels | indent 8 }}
{{- end -}}
{{- if .Values.persistence.matchExpressions }}
matchExpressions:
{{ toYaml .Values.persistence.matchExpressions | indent 8 }}
{{- end -}}
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- if .Values.persistence.storageClass }}
storageClassName: {{ .Values.persistence.storageClass }}
{{- end }}
{{- end }}
{{- end }}

15
charts/home-assistant/templates/tests/test-connection.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "home-assistant.fullname" . }}-test-connection"
labels:
{{- include "home-assistant.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "home-assistant.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never

439
charts/home-assistant/values.yaml Normal file
View File

@ -0,0 +1,439 @@
# Default values for home-assistant.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Number of replicas for the deployment
replicaCount: 1
# Image settings
image:
# Repository for the Home Assistant image
repository: ghcr.io/home-assistant/home-assistant
# Image pull policy
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
# List of imagePullSecrets for private image repositories
imagePullSecrets: []
# Override the default name of the Helm chart
nameOverride: ""
# Override the default full name of the Helm chart
fullnameOverride: ""
# Service account settings
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# Annotations to add to the pod
podAnnotations: {}
# Pod security context settings
podSecurityContext:
{}
# runAsUser: 568
# runAsGroup: 568
# fsGroup: 568
# fsGroupChangePolicy: "OnRootMismatch"
# Environment variables
env: []
# - name: TZ
# value: Europe/Prague
# - name: SOME_VAR_FROM_CONFIG_MAP
# valueFrom:
# configMapRef:
# name: configmap-name
# key: config-key
# - name: SOME_SECRET
# valueFrom:
# secretKeyRef:
# name: secret-name
# key: secret-key
# Use environment variables from ConfigMaps or Secrets
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
hostPort:
# Enable 'hostPort' or not
enabled: false
port: 8123
# Specifies if the containers should be started in hostNetwork mode.
#
# Required for use auto-discovery feature of Home Assistant
hostNetwork: false
# Set the dnsPolicy (you'll want ClusterFirstWithHostNet if running on hostNetwork to reac
# other k8s services via DNS
# dnsPolicy: ClusterFirst
# Container security context settings
securityContext:
{}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
# Pod's DNS Configuration
# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config
# This value is useful if you need to reduce the DNS load: set "ndots" to 0 and only use FQDNs.
dnsConfig: {}
# nameservers:
# - 1.2.3.4
# searches:
# - ns1.svc.cluster-domain.example
# - my.dns.search.suffix
# options:
# - name: ndots
# value: "2"
# Service settings
service:
# Service type (ClusterIP, NodePort, LoadBalancer, or ExternalName)
type: ClusterIP
# Service port
port: 8080
# Annotations to add to the service
annotations: {}
# Ingress settings
ingress:
# Enable ingress for home assistant
enabled: false
# Enable external ingress (cannot be true when ingress.enabled is true)
external: false
className: ""
labels: {}
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# Resource settings for the container
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Node selector settings for scheduling the pod on specific nodes
nodeSelector: {}
# Tolerations settings for scheduling the pod based on node taints
tolerations: []
# Affinity settings for controlling pod scheduling
affinity: {}
# Set a priorityClassName on Home Assistant pods
priorityClassName: ""
initContainers: []
# Example of integrating a custom component before starting the Home Assistant container
# Uses emptyDir custom-components, see below
# - name: init-panasonic-cc
# image: alpine/git
# command: [ "/bin/sh", "-c" ]
# args:
# - |
# git clone https://github.com/sockless-coding/panasonic_cc.git /git/panasonic_cc
# cp -r /git/panasonic_cc/custom_components/panasonic_cc/* /panasonic_cc
# chown -R 1000:1000 /panasonic_cc/*
# volumeMounts:
# - name: custom-components
# mountPath: /panasonic_cc
# Configuration for Home Assistant
configuration:
# Enable or disable the configuration setup for Home Assistant
enabled: false
# Force init will merge the current configuration file with the default configuration on every start
# This is useful when you want to ensure that the configuration file is always up to date
forceInit: false
# List of trusted proxies in the format of CIDR notation in a case of using a reverse proxy
# Here is the list of the most common private IP ranges, use your list of possible trusted proxies, usually, it's the IP of the reverse proxy
trusted_proxies:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- 127.0.0.0/8
# Template for the configuration.yaml file
# Used the `tpl` function to render the template, so you can use Go template functions
templateConfig: |-
# Loads default set of integrations. Do not remove.
default_config:
{{- if or .Values.ingress.enabled .Values.ingress.external }}
http:
use_x_forwarded_for: true
trusted_proxies:
{{- range .Values.configuration.trusted_proxies }}
- {{ . }}
{{- end }}
{{- end}}
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
# Init script for the Home Assistant initialization, you can use Go template functions
# Script is executed before the Home Assistant container starts and is used to prepare the configuration
# Will be executed only if the configuration.enabled is set to true
initScript: |-
#!/bin/bash
set -e
# Check if the configuration file exists
if [ ! -f /config/configuration.yaml ]; then
echo "Configuration file not found, creating a new one"
cp /config-templates/configuration.yaml /config/configuration.yaml
fi
# Check if the force init is enabled
forceInit="{{ .Values.configuration.forceInit }}"
if [ "$forceInit" = "true" ]; then
echo "Force init is enabled, overwriting the configuration file"
current_time=$(date +%Y%m%d_%H%M%S)
echo "Backup the current configuration file to configuration.yaml.$current_time"
cp /config/configuration.yaml /config/configuration.yaml.$current_time
echo "Before cleanup - all backup files:"
ls -l /config/configuration.yaml.*
echo "Cleaning up - keeping only 10 most recent backups..."
ls -t /config/configuration.yaml.* 2>/dev/null | tail -n +11 | xargs -r rm
echo "After cleanup - remaining backup files:"
ls -l /config/configuration.yaml.*
echo "The current configuration file will be merged with the default configuration file with this content:"
cat /config-templates/configuration.yaml
if [[ ! -s /config/configuration.yaml ]]; then
# If /config/configuration.yaml is empty, use the content of /config-templates/configuration.yaml
cat /config-templates/configuration.yaml > /config/configuration.yaml
else
# Perform the merge operation if /config/configuration.yaml is not empty
yq eval-all --inplace 'select(fileIndex == 0) *d select(fileIndex == 1)' /config/configuration.yaml /config-templates/configuration.yaml
fi
fi
# Check if the automations file exists
if [ ! -f /config/automations.yaml ]; then
echo "Automations file not found, creating a new one"
touch /config/automations.yaml
echo "[]" >> /config/automations.yaml
fi
# Check if the scripts file exists
if [ ! -f /config/scripts.yaml ]; then
echo "Scripts file not found, creating a new one"
touch /config/scripts.yaml
fi
# Check if the scenes file exists
if [ ! -f /config/scenes.yaml ]; then
echo "Scenes file not found, creating a new one"
touch /config/scenes.yaml
fi
initContainer:
name: setup-config
image: mikefarah/yq:4
securityContext:
runAsUser: 0
command: ["/bin/sh", "-c"]
args:
- /bin/sh /mnt/init/init.sh
# env:
# - name: FORCE_INIT
# valueFrom:
# configMapKeyRef:
# name: init-script
# key: forceInit
# Home Assistant configuration volume will be mounted to /config automatically
volumeMounts:
- name: init-volume
mountPath: /mnt/init/init.sh
subPath: init.sh
- name: config-volume
mountPath: /config-templates
# Persistence values for the Home Assistant instance
persistence:
# Enable or disable persistence
enabled: false
# Access mode for the persistent volume claim
accessMode: ReadWriteOnce
# Size of the persistent volume claim
size: 5Gi
# Storage class for the persistent volume claim
storageClass: ""
# Name of the existing volume for the StatefulSet, this option can be used to bind to an existing PV
existingVolume: ""
# Name of the existing PVC to use with Deployment, this option can be used to use an existing PVC
existingClaim: ""
# Annotations to add to the persistent volume claim
annotations: {}
# k8up.io/backup: "true"
# another-annotation: "value"
## Persistent Volume selectors
## https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector
matchLabels: {}
matchExpressions: {}
# if you need any additional volumes, you can define them here
additionalVolumes: []
# - name: custom-components
# emptyDir: {}
# - hostPath:
# path: >-
# /dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0
# type: CharDevice
# name: usb
# if you need any additional volume mounts, you can define them here
additionalMounts: []
# - mountPath: /config/custom_components/panasonic_cc
# name: custom-components
# - mountPath: /dev/ttyACM0
# name: usb
# if you need to expose additional ports
additionalPorts: []
# - name: sia
# containerPort: 8124
# protocol: TCP
# if you need to expose additional services
additionalServices: []
# - name: sia
# port: 8124
# targetPort: sia
# type: NodePort
# protocol: TCP
# nodePort: 30124
livenessProbe:
failureThreshold: 3
httpGet:
path: /
port: http
scheme: HTTP
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 2
readinessProbe:
failureThreshold: 3
httpGet:
path: /
port: http
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
startupProbe: {}
# initialDelaySeconds: 1
# periodSeconds: 5
# timeoutSeconds: 1
# successThreshold: 1
# failureThreshold: 1
# httpGet:
# scheme: HTTP
# path: /
# port: http
serviceMonitor:
# requires HA integration: https://www.home-assistant.io/integrations/prometheus/
enabled: false
scrapeInterval: 30s
labels: {}
# Bearer token authentication configuration
bearerToken: {}
# Name of the secret containing the bearer token
# secretName: ""
# Key in the secret containing the bearer token
# secretKey: ""
# Addons configuration for additional services
addons:
# Code-server addon configuration
codeserver:
# Enable or disable the code-server addon
enabled: false
# Resource settings for the code-server container
resources: {}
# Image settings for the code-server addon
image:
# Repository for the code-server image
repository: ghcr.io/coder/code-server
# Image pull policy for the code-server image
pullPolicy: IfNotPresent
# Tag for the code-server image
tag: "4.99.4"
# Service settings
service:
# Service type (ClusterIP, NodePort, LoadBalancer, or ExternalName)
type: ClusterIP
# Service port
port: 12321
# Ingress settings for the code-server addon
ingress:
# Enable or disable the ingress for the code-server addon
enabled: false
# Ingress class name
className: ""
# Ingress annotations
annotations: {}
# Ingress hosts configuration
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
# Ingress TLS configuration
tls: []
# if you need any additional volume mounts, you can define them here
additionalMounts: []
# - mountPath: /home/coder/.ssh/id_rsa
# name: id-rsa
# Controller configuration
controller:
# Type of controller to use: StatefulSet or Deployment
type: StatefulSet
# Annotations to add to the stateful set
statefulSetAnnotations: {}
# Annotations to add to the deployment
deploymentAnnotations: {}

25
manifests/home-assistant/values.yaml Normal file
View File

@ -0,0 +1,25 @@
image:
repository: ghcr.io/home-assistant/home-assistant
tag: "2025.7.1"
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 8123
persistence:
enabled: true
storageClass: nfs-client
size: 5Gi
ingress:
enabled: true
ingressClassName: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
hosts:
- host: ha.dvirlabs.com
paths:
- path: /
pathType: Prefix