From acc0dfcf2f5484694f14d7ad23f74cb71cb3f4d4 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Mon, 14 Jul 2025 00:19:14 +0200 Subject: [PATCH] feat: zigbee usb disable --- .../zigbee2mqtt/app/externalsecret.yaml | 21 -------- .../default/zigbee2mqtt/app/helmrelease.yaml | 50 +++++++++++-------- .../zigbee2mqtt/app/kustomization.yaml | 1 - .../rules/kustomization.yaml | 1 - .../rules/zzh-zigbee-device.yaml | 18 ------- 5 files changed, 28 insertions(+), 63 deletions(-) delete mode 100644 kubernetes/apps/default/zigbee2mqtt/app/externalsecret.yaml delete mode 100644 kubernetes/apps/kube-system/node-feature-discovery/rules/zzh-zigbee-device.yaml diff --git a/kubernetes/apps/default/zigbee2mqtt/app/externalsecret.yaml b/kubernetes/apps/default/zigbee2mqtt/app/externalsecret.yaml deleted file mode 100644 index 90c50ced1..000000000 --- a/kubernetes/apps/default/zigbee2mqtt/app/externalsecret.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: zigbee2mqtt -spec: - secretStoreRef: - kind: ClusterSecretStore - name: onepassword-connect - target: - name: zigbee2mqtt-secret - template: - engineVersion: v2 - data: - ZIGBEE2MQTT_CONFIG_MQTT_USER: "{{ .EMQX_MQTT_USER }}" - ZIGBEE2MQTT_CONFIG_MQTT_PASSWORD: "{{ .EMQX_MQTT_PASSWORD }}" - - dataFrom: - - extract: - key: emqx diff --git a/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml b/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml index 105e7b43c..678000d2f 100644 --- a/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml +++ b/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml @@ -18,13 +18,8 @@ spec: strategy: rollback retries: 3 values: - defaultPodOptions: - nodeSelector: - zzh.feature.node.kubernetes.io/zigbee: "true" controllers: zigbee2mqtt: - annotations: - reloader.stakater.com/auto: "true" containers: app: image: @@ -40,7 +35,6 @@ spec: ZIGBEE2MQTT_CONFIG_ADVANCED_NETWORK_KEY: "[204, 61, 75, 23, 44, 230, 24, 203, 53, 5, 248, 32, 50, 84, 44, 159]" ZIGBEE2MQTT_CONFIG_AVAILABILITY_ACTIVE_TIMEOUT: 60 ZIGBEE2MQTT_CONFIG_AVAILABILITY_PASSIVE_TIMEOUT: 2000 - ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_LEGACY: "false" ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_RETAIN: "true" ZIGBEE2MQTT_CONFIG_EXPERIMENTAL_NEW_API: "true" ZIGBEE2MQTT_CONFIG_FRONTEND_PORT: &port 8080 @@ -53,21 +47,36 @@ spec: ZIGBEE2MQTT_CONFIG_MQTT_SERVER: mqtt://mosquitto.database.svc.cluster.local.:1883 ZIGBEE2MQTT_CONFIG_MQTT_VERSION: 5 ZIGBEE2MQTT_CONFIG_PERMIT_JOIN: "false" - ZIGBEE2MQTT_CONFIG_SERIAL_ADAPTER: zstack - ZIGBEE2MQTT_CONFIG_SERIAL_PORT: /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0 - # ZIGBEE2MQTT_CONFIG_DEVICES: devices.yaml - # ZIGBEE2MQTT_CONFIG_GROUPS: groups.yaml - envFrom: - - secretRef: - name: zigbee2mqtt-secret + ZIGBEE2MQTT_CONFIG_SERIAL_ADAPTER: ember + ZIGBEE2MQTT_CONFIG_SERIAL_PORT: tcp://192.168.9.91:6638 + ZIGBEE2MQTT_CONFIG_SERIAL_BAUDRATE: 115200 + ZIGBEE2MQTT_CONFIG_SERIAL_DISABLE_LED: "false" + probes: + liveness: + enabled: true + readiness: + enabled: true + startup: + enabled: true + spec: + failureThreshold: 30 + periodSeconds: 10 securityContext: - privileged: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } resources: requests: cpu: 10m - memory: 128Mi limits: - memory: 512Mi + memory: 384Mi + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch service: app: controller: *app @@ -109,10 +118,7 @@ spec: existingClaim: *app globalMounts: - path: /config - usb: - enabled: true - type: hostPath - hostPath: /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0 - hostPathType: CharDevice + logs: + type: emptyDir globalMounts: - - path: /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0 + - path: /config/log diff --git a/kubernetes/apps/default/zigbee2mqtt/app/kustomization.yaml b/kubernetes/apps/default/zigbee2mqtt/app/kustomization.yaml index f06a8e56e..ad5f8ebaf 100644 --- a/kubernetes/apps/default/zigbee2mqtt/app/kustomization.yaml +++ b/kubernetes/apps/default/zigbee2mqtt/app/kustomization.yaml @@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ./externalsecret.yaml - ./helmrelease.yaml diff --git a/kubernetes/apps/kube-system/node-feature-discovery/rules/kustomization.yaml b/kubernetes/apps/kube-system/node-feature-discovery/rules/kustomization.yaml index f8ec2088a..58ca38536 100644 --- a/kubernetes/apps/kube-system/node-feature-discovery/rules/kustomization.yaml +++ b/kubernetes/apps/kube-system/node-feature-discovery/rules/kustomization.yaml @@ -7,4 +7,3 @@ resources: - ./aeotec-zwave-device.yaml - ./google-coral-device.yaml - ./nodo-rflink-device.yaml - - ./zzh-zigbee-device.yaml diff --git a/kubernetes/apps/kube-system/node-feature-discovery/rules/zzh-zigbee-device.yaml b/kubernetes/apps/kube-system/node-feature-discovery/rules/zzh-zigbee-device.yaml deleted file mode 100644 index dc8a01181..000000000 --- a/kubernetes/apps/kube-system/node-feature-discovery/rules/zzh-zigbee-device.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json -apiVersion: nfd.k8s-sigs.io/v1alpha1 -kind: NodeFeatureRule -metadata: - name: zzh-zigbee-device -spec: - rules: - - # zzh! CC2652R Multiprotocol RF Stick - name: zzh.zigbee - labels: - zzh.feature.node.kubernetes.io/zigbee: "true" - matchFeatures: - - feature: usb.device - matchExpressions: - class: { op: In, value: ["ff"] } - vendor: { op: In, value: ["1a86"] } - device: { op: In, value: ["7523"] }