fix(home-assistant): existingClaim controller, netpols

2026-01-27 18:18:26 +00:00 · 2024-12-15 03:53:43 +08:00
parent 44597a0710
commit 9c77aed133
2 changed files with 30 additions and 1 deletions
--- a/kube/deploy/apps/home-assistant/app/hr.yaml
+++ b/kube/deploy/apps/home-assistant/app/hr.yaml
@@ -21,6 +21,7 @@ spec:
        type: deployment
        replicas: 1
        pod:
+          hostname: "home-assistant"
          labels:
            ingress.home.arpa/nginx-internal: "allow"
            ingress.home.arpa/world: "allow"
@@ -111,6 +112,8 @@ spec:
        ports:
          http:
            port: 8123
+            protocol: TCP
+            appProtocol: http
      vscode:
        primary: false
        controller: "vscode"
@@ -157,7 +160,7 @@ spec:
        enabled: true
        existingClaim: "home-assistant-data"
        advancedMounts:
-          main:
+          home-assistant:
            main:
              - subPath: "config"
                path: "/config"
--- a/kube/deploy/apps/home-assistant/app/netpol.yaml
+++ b/kube/deploy/apps/home-assistant/app/netpol.yaml
@@ -0,0 +1,26 @@
+---
+# yaml-language-server: $schema=https://crds.jank.ing/cilium.io/ciliumnetworkpolicy_v2.json
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: &app home-assistant
+  namespace: *app
+spec:
+  endpointSelector: {}
+  ingress:
+    - fromCIDR: &privIPv4
+        - "10.0.0.0/8"
+        - "172.16.0.0/12"
+        - "192.168.0.0/16"
+        - "100.64.0.0/10"
+      toPorts:
+        - ports:
+            - port: "21061"
+              protocol: TCP
+  ingressDeny: # only ingress can hit HTTP port
+    - fromEntities: [world]
+      toPorts:
+        - ports:
+            - port: "8123"
+              protocol: ANY
+