viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add home assistant files [ci skip]

Browse source
This commit is contained in:
viktorbarzin 2022-06-02 16:05:14 +01:00
parent cf75950e7d
commit bf10de9255
6 changed files with 339 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

15
.terraform.lock.hcl generated
View file

@ -1,21 +1,6 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/gavinbunney/kubectl" {
version = "1.10.0"
constraints = ">= 1.10.0"
hashes = [
"h1:x5NHOW8DG0cBE1QmJ/Hl4ktMpeIfkEpoOvnf/kISdBU=",
"zh:0786e6cb375e4e6a70220bb67fc3de80c8c30dcb00c0f4f0ec7bb10404a120db",
"zh:577347a8334c8cd13215608780e03b77615d211fac64ad6e4356b7f4bb160022",
"zh:7d3347690a0b68dca54ae5cc90877cf82069f7ef13517668b17fd37f49c91e8c",
"zh:7f4eeae41b22de803ea7bf8977226c2bc0baaf204a4a2a05c421d9358c907808",
"zh:8db7a6550374918109d6f445c6c196f02ea3fa2029b882eca186d6e13bd1e4ce",
"zh:9c93ad71c3039463cf4345acb781c68d7ce82fe8f8495a94a6b588bf87259e51",
"zh:ee94ff2448caee374f3a3e888568d7ff48e6b9438df76f6eb72efa1aadc6391b",
]
}
provider "registry.terraform.io/hashicorp/helm" {
version = "2.4.1"
hashes = [

4
main.tf
View file

@ -45,6 +45,7 @@ variable "webhook_handler_ssh_key" {}
variable "monitoring_idrac_username" {}
variable "monitoring_idrac_password" {}
variable "alertmanager_slack_api_url" {}
variable "home_assistant_configuration" {}
variable "ansible_prefix" {
default = "ANSIBLE_VAULT_PASSWORD_FILE=~/.ansible/vault_pass.txt ansible-playbook -i playbook/hosts.yaml playbook/linux.yml -t linux/initial_setup"
@ -234,5 +235,6 @@ module "kubernetes_cluster" {
# dbaas
dbaas_root_password = var.dbaas_root_password
# home-assistant
home_assistant_configuration = var.home_assistant_configuration
}

1
modules/kubernetes/descheduler/main.tf
View file

@ -101,6 +101,7 @@ resource "kubernetes_config_map" "policy" {
- "bind"
- "monitoring"
- "kube-system"
- "wireguard"
EOF
}
}

74
modules/kubernetes/home_assistant/home_assistant_chart_values.tpl Normal file
View file

@ -0,0 +1,74 @@
# hostname: home-assistant
ingress:
main:
# -- Enables or disables the ingress
enabled: true
# -- Make this the primary ingress (used in probes, notes, etc...).
# If there is more than 1 ingress, make sure that only 1 ingress is marked as primary.
primary: true
# -- Override the name suffix that is used for this ingress.
nameOverride:
# -- Provide additional annotations which may be required.
annotations: #{}
kubernetes.io/ingress.class : "nginx"
nginx.ingress.kubernetes.io/force-ssl-redirect : "true"
nginx.ingress.kubernetes.io/auth-tls-verify-client : "on"
nginx.ingress.kubernetes.io/auth-tls-secret : ${client_certificate_secret_name}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# -- Provide additional labels which may be required.
labels: {}
# -- Set the ingressClass that is used for this ingress.
# Requires Kubernetes >=1.19
ingressClassName: # "nginx"
## Configure the hosts for the ingress
hosts:
- # -- Host address. Helm template can be passed.
host: home-assistant.viktorbarzin.me
## Configure the paths for the host
paths:
- # -- Path. Helm template can be passed.
path: /
# -- Ignored if not kubeVersion >= 1.14-0
pathType: Prefix
service:
# -- Overrides the service name reference for this path
name: home-assistant
# -- Overrides the service port reference for this path
port: 8123
# -- Configure TLS for the ingress. Both secretName and hosts can process a Helm template.
tls: #[]
- secretName: ${tls_secret_name}
hosts:
- home-assistant.viktorbarzin.me
# -- Configure persistence for the chart here.
# Additional items can be added by adding a dictionary key similar to the 'config' key.
# [[ref]](http://docs.k8s-at-home.com/our-helm-charts/common-library-storage)
# @default -- See below
persistence:
# -- Default persistence for configuration files.
# @default -- See below
config:
# -- Enables or disables the persistence item
enabled: false
# -- Sets the persistence type
# Valid options are pvc, emptyDir, hostPath, secret, configMap or custom
type: configMap
name: home-assistant-configmap
# -- Where to mount the volume in the main container.
# Defaults to `/<name_of_the_volume>`,
# setting to '-' creates the volume but disables the volumeMount.
mountPath: /config
# -- Specify if the volume should be mounted read-only.
readOnly: true

253
modules/kubernetes/home_assistant/main.tf Normal file
View file

@ -0,0 +1,253 @@
variable "tls_secret_name" {}
variable "client_certificate_secret_name" {}
variable "configuration_yaml" {}
resource "kubernetes_namespace" "home_assistant" {
metadata {
name = "home-assistant"
}
}
resource "kubernetes_persistent_volume" "home_assistant_pv" {
metadata {
name = "home-assistant-pv"
}
spec {
capacity = {
storage = "2Gi"
}
access_modes = ["ReadWriteMany"]
persistent_volume_source {
vsphere_volume {
volume_path = "/config"
}
}
}
}
resource "kubernetes_config_map" "home_assistant_config_map" {
metadata {
name = "home-assistant-configmap"
namespace = "home-assistant"
annotations = {
"reloader.stakater.com/match" = "true"
}
}
data = {
# "db.viktorbarzin.lan" = var.db_viktorbarzin_lan
# "db.viktorbarzin.me" = format("%s%s", var.db_viktorbarzin_me, file("${path.module}/extra/viktorbarzin.me"))
# "db.181.191.213.in-addr.arpa" = var.db_ptr
"configuration.yaml" = var.configuration_yaml
}
}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "home-assistant"
tls_secret_name = var.tls_secret_name
}
# resource "helm_release" "home_assistant" {
# namespace = "home-assistant"
# create_namespace = true
# name = "home-assistant"
# repository = "https://k8s-at-home.com/charts/"
# chart = "home-assistant"
# values = [templatefile("${path.module}/home_assistant_chart_values.tpl", { tls_secret_name = var.tls_secret_name, client_certificate_secret_name = var.client_certificate_secret_name })]
# }
resource "kubernetes_deployment" "home_assistant" {
metadata {
name = "home-assistant"
namespace = "home-assistant"
labels = {
"app.kubernetes.io/instance" = "home-assistant"
"app.kubernetes.io/name" = "home-assistant"
"app.kubernetes.io/version" = "2022.5.4"
}
}
spec {
replicas = 1
selector {
match_labels = {
"app.kubernetes.io/instance" = "home-assistant"
"app.kubernetes.io/name" = "home-assistant"
}
}
template {
metadata {
labels = {
"app.kubernetes.io/instance" = "home-assistant"
"app.kubernetes.io/name" = "home-assistant"
}
}
spec {
container {
name = "home-assistant"
image = "ghcr.io/home-assistant/home-assistant:2022.5.4"
port {
name = "http"
container_port = 8123
protocol = "TCP"
}
env {
name = "TZ"
value = "UTC+3"
}
volume_mount {
name = "configuration"
mount_path = "/config"
# sub_path = "hackmd"
}
liveness_probe {
tcp_socket {
port = "8123"
}
timeout_seconds = 1
period_seconds = 10
success_threshold = 1
failure_threshold = 3
}
readiness_probe {
tcp_socket {
port = "8123"
}
timeout_seconds = 1
period_seconds = 10
success_threshold = 1
failure_threshold = 3
}
startup_probe {
tcp_socket {
port = "8123"
}
timeout_seconds = 1
period_seconds = 5
success_threshold = 1
failure_threshold = 30
}
termination_message_path = "/dev/termination-log"
image_pull_policy = "IfNotPresent"
}
volume {
name = "configuration"
iscsi {
target_portal = "iscsi.viktorbarzin.lan:3260"
fs_type = "ext4"
iqn = "iqn.2020-12.lan.viktorbarzin:storage:home-assistant"
lun = 0
read_only = false
}
}
restart_policy = "Always"
termination_grace_period_seconds = 30
dns_policy = "ClusterFirst"
service_account_name = "default"
}
}
strategy {
type = "Recreate"
}
revision_history_limit = 3
}
}
resource "kubernetes_service" "home_assistant" {
metadata {
name = "home-assistant"
namespace = "home-assistant"
labels = {
"app.kubernetes.io/instance" = "home-assistant"
"app.kubernetes.io/managed-by" = "Helm"
"app.kubernetes.io/name" = "home-assistant"
"app.kubernetes.io/version" = "2022.5.4"
"helm.sh/chart" = "home-assistant-13.2.0"
}
annotations = {
"meta.helm.sh/release-name" = "home-assistant"
"meta.helm.sh/release-namespace" = "home-assistant"
}
}
spec {
port {
name = "http"
protocol = "TCP"
port = 8123
target_port = "http"
}
selector = {
"app.kubernetes.io/instance" = "home-assistant"
"app.kubernetes.io/name" = "home-assistant"
}
# cluster_ip = "10.102.20.150"
type = "ClusterIP"
session_affinity = "None"
}
}
resource "kubernetes_ingress_v1" "home-assistant-ui" {
metadata {
name = "home-assistant-ui-ingress"
namespace = "home-assistant"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/force-ssl-redirect" = "true"
"nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
"nginx.ingress.kubernetes.io/auth-tls-secret" = var.client_certificate_secret_name
}
}
spec {
tls {
hosts = ["home-assistant.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "home-assistant.viktorbarzin.me"
http {
path {
path = "/"
backend {
service {
name = "home-assistant"
port {
number = 8123
}
}
}
}
}
}
}
}

8
modules/kubernetes/main.tf
View file

@ -33,6 +33,7 @@ variable "webhook_handler_ssh_key" {}
variable "idrac_username" {}
variable "idrac_password" {}
variable "alertmanager_slack_api_url" {}
variable "home_assistant_configuration" {}
resource "null_resource" "core_services" {
# List all the core modules that must be provisioned first
@ -225,3 +226,10 @@ module "wireguard" {
wg_0_key = var.wireguard_wg_0_key
firewall_sh = var.wireguard_firewall_sh
}
module "home_assistant" {
source = "./home_assistant"
tls_secret_name = var.tls_secret_name
client_certificate_secret_name = var.client_certificate_secret_name
configuration_yaml = var.home_assistant_configuration
}