mirror of
https://github.com/auricom/home-cluster.git
synced 2025-10-03 09:09:01 +02:00
fix: traefik
This commit is contained in:
auricom
@@ -19,28 +19,14 @@ spec:
|
||||
values:
|
||||
replicaCount: 3
|
||||
recreatePods: true
|
||||
service:
|
||||
annotations:
|
||||
prometheus.io/probe: "true"
|
||||
prometheus.io/protocol: tcp
|
||||
type: LoadBalancer
|
||||
loadBalancerIP: ${CLUSTER_LB_EMQX}
|
||||
externalTrafficPolicy: Local
|
||||
ingress:
|
||||
dashboard:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: "nginx"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||
path: /
|
||||
hosts:
|
||||
- emqx.${SECRET_CLUSTER_DOMAIN}
|
||||
|
||||
emqxConfig:
|
||||
EMQX_ALLOW_ANONYMOUS: "false"
|
||||
EMQX_ADMIN_PASSWORD: "${SECRET_EMQX_ADMIN_PASSWORD}"
|
||||
EMQX_AUTH__MNESIA__PASSWORD_HASH: plain
|
||||
EMQX_AUTH__USER__1__USERNAME: "${SECRET_MQTT_USERNAME}"
|
||||
EMQX_AUTH__USER__1__PASSWORD: "${SECRET_MQTT_PASSWORD}"
|
||||
|
||||
emqxAclConfig: >
|
||||
{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
|
||||
{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
|
||||
@@ -62,6 +48,28 @@ spec:
|
||||
{emqx_mod_rewrite, false}.
|
||||
{emqx_mod_subscription, false}.
|
||||
{emqx_mod_topic_metrics, true}.
|
||||
|
||||
service:
|
||||
annotations:
|
||||
prometheus.io/probe: "true"
|
||||
prometheus.io/protocol: tcp
|
||||
type: LoadBalancer
|
||||
loadBalancerIP: ${CLUSTER_LB_EMQX}
|
||||
externalTrafficPolicy: Local
|
||||
|
||||
ingress:
|
||||
dashboard:
|
||||
enabled: true
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||
path: /
|
||||
hosts:
|
||||
- emqx.${SECRET_CLUSTER_DOMAIN}
|
||||
tls:
|
||||
- hosts:
|
||||
- "emqx.${SECRET_CLUSTER_DOMAIN}"
|
||||
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
@@ -74,6 +82,7 @@ spec:
|
||||
values:
|
||||
- emqx
|
||||
topologyKey: kubernetes.io/hostname
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
@@ -93,3 +102,10 @@ spec:
|
||||
path: /spec/externalIPs
|
||||
value:
|
||||
- "${CLUSTER_LB_EMQX}"
|
||||
- target:
|
||||
kind: Ingress
|
||||
name: emqx-dashboard
|
||||
patch:
|
||||
- op: add
|
||||
path: /spec/ingressClassName
|
||||
value: traefik
|
||||
|
||||
@@ -20,27 +20,10 @@ spec:
|
||||
image:
|
||||
repository: blakeblackshear/frigate
|
||||
tag: 0.8.4-amd64
|
||||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: "nginx"
|
||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||
hosts:
|
||||
- host: "frigate.${SECRET_CLUSTER_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
service:
|
||||
main:
|
||||
annotations:
|
||||
prometheus.io/probe: "true"
|
||||
prometheus.io/protocol: http
|
||||
|
||||
securityContext:
|
||||
privileged: true
|
||||
|
||||
persistence:
|
||||
data:
|
||||
enabled: true
|
||||
@@ -56,6 +39,7 @@ spec:
|
||||
medium: Memory
|
||||
sizeLimit: 2Gi
|
||||
mountPath: /dev/shm
|
||||
|
||||
config: |
|
||||
mqtt:
|
||||
host: emqx
|
||||
@@ -101,6 +85,30 @@ spec:
|
||||
|
||||
podAnnotations:
|
||||
configmap.reloader.stakater.com/reload: "frigate-config"
|
||||
|
||||
service:
|
||||
main:
|
||||
annotations:
|
||||
prometheus.io/probe: "true"
|
||||
prometheus.io/protocol: http
|
||||
|
||||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
ingressClassName: "traefik"
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||
hosts:
|
||||
- host: "frigate.${SECRET_CLUSTER_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- "frigate.${SECRET_CLUSTER_DOMAIN}"
|
||||
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
@@ -114,6 +122,7 @@ spec:
|
||||
operator: In
|
||||
values:
|
||||
- "true"
|
||||
|
||||
resources:
|
||||
requests:
|
||||
gpu.intel.com/i915: 1
|
||||
|
||||
@@ -17,10 +17,10 @@ spec:
|
||||
namespace: flux-system
|
||||
interval: 5m
|
||||
values:
|
||||
controllerType: deployment
|
||||
image:
|
||||
repository: ghcr.io/home-assistant/home-assistant
|
||||
tag: 2021.8.4
|
||||
|
||||
env:
|
||||
TZ: "Europe/Paris"
|
||||
HASS_SECRET_URL: https://home-assistant.${SECRET_CLUSTER_DOMAIN}
|
||||
@@ -30,8 +30,10 @@ spec:
|
||||
HASS_SECRET_MQTT_USERNAME: ${SECRET_MQTT_USERNAME}
|
||||
HASS_SECRET_MQTT_PASSWORD: ${SECRET_MQTT_PASSWORD}
|
||||
HASS_SECRET_DB_URL: ${SECRET_HASS_DB_URL}
|
||||
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
|
||||
service:
|
||||
main:
|
||||
annotations:
|
||||
@@ -41,24 +43,32 @@ spec:
|
||||
externalIPs:
|
||||
- ${CLUSTER_LB_HASS}
|
||||
externalTrafficPolicy: Local
|
||||
|
||||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
ingressClassName: "nginx"
|
||||
ingressClassName: "traefik"
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||
hosts:
|
||||
- host: hass.${SECRET_CLUSTER_DOMAIN}
|
||||
- host: "hass.${SECRET_CLUSTER_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
- host: home-assistant.${SECRET_CLUSTER_DOMAIN}
|
||||
- host: "home-assistant.${SECRET_CLUSTER_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- "hass.${SECRET_CLUSTER_DOMAIN}"
|
||||
- "home-assistant.${SECRET_CLUSTER_DOMAIN}"
|
||||
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||
|
||||
prometheus:
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
@@ -66,10 +76,15 @@ spec:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
|
||||
postgresql:
|
||||
enabled: false
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
existingClaim: hass-config
|
||||
|
||||
addons:
|
||||
codeserver:
|
||||
enabled: true
|
||||
@@ -86,20 +101,24 @@ spec:
|
||||
- "/config/.vscode"
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: "nginx"
|
||||
ingressClassName: "traefik"
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||
hosts:
|
||||
- host: hass-config.${SECRET_CLUSTER_DOMAIN}
|
||||
- host: "hass-config.${SECRET_CLUSTER_DOMAIN}"
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- "hass-config.${SECRET_CLUSTER_DOMAIN}"
|
||||
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /config
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 500m
|
||||
memory: 1000Mi
|
||||
postgresql:
|
||||
enabled: false
|
||||
|
||||
@@ -20,9 +20,11 @@ spec:
|
||||
image:
|
||||
repository: koenkk/zigbee2mqtt
|
||||
tag: 1.21.0
|
||||
|
||||
env:
|
||||
TZ: Europe/Paris
|
||||
ZIGBEE2MQTT_DATA: /data
|
||||
|
||||
config:
|
||||
homeassistant: true
|
||||
device_options:
|
||||
@@ -61,18 +63,18 @@ spec:
|
||||
new_api: true
|
||||
securityContext:
|
||||
privileged: true
|
||||
|
||||
service:
|
||||
main:
|
||||
annotations:
|
||||
prometheus.io/probe: "true"
|
||||
prometheus.io/protocol: "http"
|
||||
|
||||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
ingressClassName: "nginx"
|
||||
ingressClassName: "traefik"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||
hosts:
|
||||
@@ -80,6 +82,11 @@ spec:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
tls:
|
||||
- hosts:
|
||||
- "zigbee.${SECRET_CLUSTER_DOMAIN}"
|
||||
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
@@ -90,6 +97,7 @@ spec:
|
||||
type: hostPath
|
||||
hostPath: /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0
|
||||
hostPathType: CharDevice
|
||||
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
|
||||
@@ -21,17 +21,24 @@ spec:
|
||||
image:
|
||||
repository: ghcr.io/zwave-js/zwavejs2mqtt
|
||||
tag: 5.4.5
|
||||
|
||||
env:
|
||||
TZ: "Europe/Paris"
|
||||
|
||||
securityContext:
|
||||
privileged: true
|
||||
|
||||
service:
|
||||
main:
|
||||
annotations:
|
||||
prometheus.io/probe: "true"
|
||||
prometheus.io/protocol: http
|
||||
|
||||
ingress:
|
||||
main:
|
||||
enabled: true
|
||||
ingressClassName: "nginx"
|
||||
ingressClassName: "traefik"
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/auth-url: "http://authelia.networking.svc.cluster.local./api/verify"
|
||||
nginx.ingress.kubernetes.io/auth-signin: "https://login.${SECRET_CLUSTER_DOMAIN}/"
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: "websecure"
|
||||
traefik.ingress.kubernetes.io/router.middlewares: networking-forward-auth@kubernetescrd
|
||||
hosts:
|
||||
@@ -42,11 +49,8 @@ spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- zwave.${SECRET_CLUSTER_DOMAIN}
|
||||
service:
|
||||
main:
|
||||
annotations:
|
||||
prometheus.io/probe: "true"
|
||||
prometheus.io/protocol: http
|
||||
secretName: "${SECRET_CLUSTER_CERTIFICATE_DEFAULT}"
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
@@ -57,6 +61,7 @@ spec:
|
||||
type: hostPath
|
||||
hostPath: /dev/serial/by-id/usb-0658_0200-if00
|
||||
hostPathType: CharDevice
|
||||
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
|
||||
Reference in New Issue
Block a user