--- # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: &app home-assistant spec: interval: 1h chartRef: kind: OCIRepository name: app-template install: remediation: retries: 3 upgrade: cleanupOnFail: true remediation: strategy: rollback retries: 3 values: defaultPodOptions: securityContext: runAsUser: 0 runAsGroup: 0 fsGroup: 0 fsGroupChangePolicy: OnRootMismatch nodeSelector: nodo.feature.node.kubernetes.io/rflink: "true" controllers: home-assistant: annotations: reloader.stakater.com/auto: "true" secret.reloader.stakater.com/reload: home-assistant-db-secret containers: app: image: repository: ghcr.io/home-operations/home-assistant tag: 2025.8.3@sha256:7ef14f513e487add292b43306cccb4f1cd9dbcbd5eaf85d6438f98b197f930a4 env: TZ: "${TIMEZONE}" envFrom: - secretRef: name: home-assistant-secret probes: liveness: enabled: false readiness: enabled: false startup: enabled: false resources: requests: cpu: 10m memory: 128Mi limits: memory: 1Gi securityContext: privileged: true service: app: controller: *app type: LoadBalancer loadBalancerIP: 192.168.169.107 externalTrafficPolicy: Local ports: http: port: &port 8123 route: app: hostnames: ["hass.${SECRET_EXTERNAL_DOMAIN}"] parentRefs: - name: internal namespace: network sectionName: https rules: - backendRefs: - name: *app port: *port persistence: config: enabled: true existingClaim: *app globalMounts: - path: /config usb: enabled: true type: hostPath hostPath: /dev/serial/by-id/usb-Arduino__www.arduino.cc__0042_5503731323735171A241-if00 hostPathType: CharDevice globalMounts: - path: /dev/ttyUSB0