feat: zigbee usb disable

2025-09-17 18:24:14 +02:00 · 2025-07-14 00:19:14 +02:00
parent 47548b8b37
commit acc0dfcf2f
5 changed files with 28 additions and 63 deletions
--- a/kubernetes/apps/default/zigbee2mqtt/app/externalsecret.yaml
+++ b/kubernetes/apps/default/zigbee2mqtt/app/externalsecret.yaml
@@ -1,21 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1.json
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: zigbee2mqtt
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: onepassword-connect
-  target:
-    name: zigbee2mqtt-secret
-    template:
-      engineVersion: v2
-      data:
-        ZIGBEE2MQTT_CONFIG_MQTT_USER: "{{ .EMQX_MQTT_USER }}"
-        ZIGBEE2MQTT_CONFIG_MQTT_PASSWORD: "{{ .EMQX_MQTT_PASSWORD }}"
-
-  dataFrom:
-    - extract:
-        key: emqx
--- a/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml
+++ b/kubernetes/apps/default/zigbee2mqtt/app/helmrelease.yaml
@@ -18,13 +18,8 @@ spec:
      strategy: rollback
      retries: 3
  values:
-    defaultPodOptions:
-      nodeSelector:
-        zzh.feature.node.kubernetes.io/zigbee: "true"
    controllers:
      zigbee2mqtt:
-        annotations:
-          reloader.stakater.com/auto: "true"
        containers:
          app:
            image:
@@ -40,7 +35,6 @@ spec:
              ZIGBEE2MQTT_CONFIG_ADVANCED_NETWORK_KEY: "[204, 61, 75, 23, 44, 230, 24, 203, 53, 5, 248, 32, 50, 84, 44, 159]"
              ZIGBEE2MQTT_CONFIG_AVAILABILITY_ACTIVE_TIMEOUT: 60
              ZIGBEE2MQTT_CONFIG_AVAILABILITY_PASSIVE_TIMEOUT: 2000
-              ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_LEGACY: "false"
              ZIGBEE2MQTT_CONFIG_DEVICE_OPTIONS_RETAIN: "true"
              ZIGBEE2MQTT_CONFIG_EXPERIMENTAL_NEW_API: "true"
              ZIGBEE2MQTT_CONFIG_FRONTEND_PORT: &port 8080
@@ -53,21 +47,36 @@ spec:
              ZIGBEE2MQTT_CONFIG_MQTT_SERVER: mqtt://mosquitto.database.svc.cluster.local.:1883
              ZIGBEE2MQTT_CONFIG_MQTT_VERSION: 5
              ZIGBEE2MQTT_CONFIG_PERMIT_JOIN: "false"
-              ZIGBEE2MQTT_CONFIG_SERIAL_ADAPTER: zstack
-              ZIGBEE2MQTT_CONFIG_SERIAL_PORT: /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0
-              # ZIGBEE2MQTT_CONFIG_DEVICES: devices.yaml
-              # ZIGBEE2MQTT_CONFIG_GROUPS: groups.yaml
-            envFrom:
-              - secretRef:
-                  name: zigbee2mqtt-secret
+              ZIGBEE2MQTT_CONFIG_SERIAL_ADAPTER: ember
+              ZIGBEE2MQTT_CONFIG_SERIAL_PORT: tcp://192.168.9.91:6638
+              ZIGBEE2MQTT_CONFIG_SERIAL_BAUDRATE: 115200
+              ZIGBEE2MQTT_CONFIG_SERIAL_DISABLE_LED: "false"
+            probes:
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+              startup:
+                enabled: true
+                spec:
+                  failureThreshold: 30
+                  periodSeconds: 10
            securityContext:
-              privileged: true
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
            resources:
              requests:
                cpu: 10m
-                memory: 128Mi
              limits:
-                memory: 512Mi
+                memory: 384Mi
+    defaultPodOptions:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        fsGroupChangePolicy: OnRootMismatch
    service:
      app:
        controller: *app
@@ -109,10 +118,7 @@ spec:
        existingClaim: *app
        globalMounts:
          - path: /config
-      usb:
-        enabled: true
-        type: hostPath
-        hostPath: /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0
-        hostPathType: CharDevice
+      logs:
+        type: emptyDir
        globalMounts:
-          - path: /dev/serial/by-id/usb-1a86_USB_Serial-if00-port0
+          - path: /config/log
--- a/kubernetes/apps/default/zigbee2mqtt/app/kustomization.yaml
+++ b/kubernetes/apps/default/zigbee2mqtt/app/kustomization.yaml
@@ -2,5 +2,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./externalsecret.yaml
  - ./helmrelease.yaml
--- a/kubernetes/apps/kube-system/node-feature-discovery/rules/kustomization.yaml
+++ b/kubernetes/apps/kube-system/node-feature-discovery/rules/kustomization.yaml
@@ -7,4 +7,3 @@ resources:
  - ./aeotec-zwave-device.yaml
  - ./google-coral-device.yaml
  - ./nodo-rflink-device.yaml
-  - ./zzh-zigbee-device.yaml
--- a/kubernetes/apps/kube-system/node-feature-discovery/rules/zzh-zigbee-device.yaml
+++ b/kubernetes/apps/kube-system/node-feature-discovery/rules/zzh-zigbee-device.yaml
@@ -1,18 +0,0 @@
---
-# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/nfd.k8s-sigs.io/nodefeaturerule_v1alpha1.json
-apiVersion: nfd.k8s-sigs.io/v1alpha1
-kind: NodeFeatureRule
-metadata:
-  name: zzh-zigbee-device
-spec:
-  rules:
-    - # zzh! CC2652R Multiprotocol RF Stick
-      name: zzh.zigbee
-      labels:
-        zzh.feature.node.kubernetes.io/zigbee: "true"
-      matchFeatures:
-        - feature: usb.device
-          matchExpressions:
-            class: { op: In, value: ["ff"] }
-            vendor: { op: In, value: ["1a86"] }
-            device: { op: In, value: ["7523"] }