feat(apps): Added Home Assistant application

QUICKSTART.md

@@ -62,12 +62,4 @@ traefik-cert-pv `PersistentVolume` for persistent storage of certificates using
 terraform init
 terraform plan
 terraform apply
-```
-
-## Test application
-
-If not already created with Terraform run
-
-```shell
-kubectl apply -f apps/whoami/00-whoami.yml
 ```

README.md

@@ -143,13 +143,7 @@ IP can be found with `kubectl get svc`.
 
 # Test-application
 
-Create a test-application (if not already created with Terraform) with
+A test-application `whoami` should be available at `https://whoami.${DOMAIN}`.
-
-```shell
-kubectl apply -f apps/whoami/00-whoami.yml
-```
-
-`whoami` should now be available at `https://whoami.${DOMAIN}`.
 
 # Cleanup
 

apps/arr/traefik-forward-auth/kustomization.yaml

@@ -4,8 +4,8 @@ commonLabels:
   app: traefik-forward-auth
 
 resources:
-  - deployment.yaml
   - service.yaml
+  - deployment.yaml
   - middleware.yaml
 
 configMapGenerator:

apps/home-assistant/home-assistant/deployment.yaml

@@ -0,0 +1,24 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: home-assistant
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: home-assistant
+  template:
+    spec:
+      volumes:
+        - name: home-assistant-config
+          hostPath:
+            path: "/mnt/sdb1/config/home-assistant"
+      containers:
+        - image: homeassistant/home-assistant
+          name: home-assistant
+          volumeMounts:
+            - mountPath: "/config"
+              name: home-assistant-config
+          ports:
+            - name: web
+              containerPort: 8123

apps/home-assistant/home-assistant/kustomization.yaml

@@ -1,9 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 commonLabels:
-  app: whoami
+  app: home-assistant
 
 resources:
   - service.yaml
   - deployment.yaml
-  - ingress.yaml

apps/home-assistant/home-assistant/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: home-assistant

apps/home-assistant/home-assistant/service.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: home-assistant
+spec:
+  ports:
+    - name: web
+      port: 8123
+  selector:
+    app: home-assistant

apps/home-assistant/ingress.yaml

@@ -0,0 +1,24 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: ingressroute-arr
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`auth-hass.stonegarden.dev`)
+      kind: Rule
+      services:
+        - name: traefik-forward-auth
+          port: 4181
+      middlewares:
+        - name: traefik-forward-auth
+    - match: Host(`hass.stonegarden.dev`)
+      kind: Rule
+      services:
+        - name: home-assistant
+          port: 8123
+      middlewares:
+        - name: traefik-forward-auth
+  tls:
+    certResolver: letsencrypt

apps/home-assistant/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: home-assistant
+
+resources:
+  - namespace.yaml
+  - ingress.yaml
+  - traefik-forward-auth
+  - home-assistant

apps/home-assistant/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: home-assistant

apps/home-assistant/traefik-forward-auth/configs/traefik-forward-auth.ini

@@ -0,0 +1,5 @@
+cookie-name = "_hass_auth"
+log-level = "error"
+cookie-domain = "stonegarden.dev"
+auth-host = "auth-hass.stonegarden.dev"
+whitelist = "veghag@gmail.com, nina.m.smorsgard@gmail.com"

apps/home-assistant/traefik-forward-auth/deployment.yaml

@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: traefik-forward-auth
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: traefik-forward-auth
+  strategy:
+    type: Recreate
+  template:
+    spec:
+      terminationGracePeriodSeconds: 60
+      containers:
+        - image: thomseddon/traefik-forward-auth:2
+          name: traefik-forward-auth
+          ports:
+            - containerPort: 4181
+              protocol: TCP
+          env:
+            - name: CONFIG
+              value: "/config"
+            - name: PROVIDERS_GOOGLE_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: traefik-forward-auth-secrets
+                  key: google-client-id
+            - name: PROVIDERS_GOOGLE_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: traefik-forward-auth-secrets
+                  key: google-client-secret
+            - name: SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: traefik-forward-auth-secrets
+                  key: secret
+          volumeMounts:
+            - name: configs
+              mountPath: /config
+              subPath: traefik-forward-auth.ini
+
+      volumes:
+        - name: configs
+          configMap:
+            name: configs
+        - name: traefik-forward-auth-secrets
+          secret:
+            secretName: traefik-forward-auth-secrets

apps/home-assistant/traefik-forward-auth/kustomization.yaml

@@ -4,9 +4,8 @@ commonLabels:
   app: traefik-forward-auth
 
 resources:
-  - deployment.yaml
   - service.yaml
-  - ingress.yaml
+  - deployment.yaml
   - middleware.yaml
 
 configMapGenerator:

apps/home-assistant/traefik-forward-auth/middleware.yaml

@@ -0,0 +1,10 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: traefik-forward-auth
+spec:
+  forwardAuth:
+    address: http://traefik-forward-auth.home-assistant.svc.cluster.local:4181
+    authResponseHeaders:
+      - X-Forwarded-User
+    trustForwardHeader: true

apps/home-assistant/traefik-forward-auth/service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-forward-auth
+spec:
+  type: ClusterIP
+  selector:
+    app: traefik-forward-auth
+  ports:
+    - name: auth-http
+      port: 4181

apps/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - arr
+  - plex
+  - home-assistant
+  - whoami

apps/traefik-forward-auth/whoami/ingress.yaml

@@ -1,17 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: whoami
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`whoami.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: whoami
-          port: 80
-      middlewares:
-        - name: traefik-forward-auth
-  tls:
-    certResolver: letsencrypt

apps/whoami/00-whoami.yml

@@ -1,66 +0,0 @@
-# Namespace for whoami
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: whoami
-
----
-# Service for exposing deployment of whoami
-apiVersion: v1
-kind: Service
-metadata:
-  namespace: whoami
-  name: whoami
-spec:
-  type: ClusterIP
-  selector:
-    app: whoami
-  ports:
-    - protocol: TCP
-      name: web
-      port: 80
-
----
-# Deployment of whoami
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  namespace: whoami
-  name: whoami
-  labels:
-    app: whoami
-spec:
-  replicas: 2
-  selector:
-    matchLabels:
-      app: whoami
-  template:
-    metadata:
-      labels:
-        app: whoami
-    spec:
-      containers:
-        - name: whoami
-          image: traefik/whoami
-          ports:
-            - name: web
-              containerPort: 80
-
----
-# IngressRoute for secure whoami address
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: ingressroute-whoami
-  namespace: whoami
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`whoami.stonegarden.dev`)
-      kind: Rule
-      services:
-        - name: whoami
-          port: 80
-  tls:
-    certResolver: letsencrypt

apps/whoami/ingress.yaml

@@ -11,12 +11,19 @@ spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`auth.stonegarden.dev`)
+    - match: Host(`auth-whoami.stonegarden.dev`)
       kind: Rule
       services:
         - name: traefik-forward-auth
           port: 4181
       middlewares:
         - name: traefik-forward-auth
+    - match: Host(`whoami.stonegarden.dev`)
+      kind: Rule
+      services:
+        - name: whoami
+          port: 80
+      middlewares:
+        - name: traefik-forward-auth
   tls:
     certResolver: letsencrypt

apps/whoami/kustomization.yaml

@@ -4,5 +4,6 @@ namespace: whoami
 
 resources:
   - namespace.yaml
+  - ingress.yaml
   - traefik-forward-auth
   - whoami

apps/whoami/traefik-forward-auth/configs/traefik-forward-auth.ini

@@ -1,5 +1,5 @@
 cookie-name = "_whoami_auth"
 log-level = "error"
 cookie-domain = "stonegarden.dev"
-auth-host = "auth.stonegarden.dev"
+auth-host = "auth-whoami.stonegarden.dev"
-whitelist = "veghag@gmail.com"
+domain = "gmail.com"

apps/whoami/traefik-forward-auth/kustomization.yaml

@@ -0,0 +1,19 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonLabels:
+  app: traefik-forward-auth
+
+resources:
+  - service.yaml
+  - deployment.yaml
+  - middleware.yaml
+
+configMapGenerator:
+  - name: configs
+    files:
+      - configs/traefik-forward-auth.ini
+
+secretGenerator:
+  - name: traefik-forward-auth-secrets
+    envs:
+      - secrets/traefik-forward-auth.env

apps/whoami/whoami/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonLabels:
+  app: whoami
+
+resources:
+  - service.yaml
+  - deployment.yaml

main.tf

@@ -90,64 +90,63 @@ resource "helm_release" "traefik" {
   values = [file("helm/traefik-values.yaml")]
 }
 
-# --- whoami
+resource "kubernetes_namespace" "whoami" {
-#resource "kubernetes_namespace" "whoami" {
+  metadata {
-#  metadata {
+    name = "whoami"
-#    name = "whoami"
+  }
-#  }
+}
-#}
+
-#
+resource "kubernetes_service" "whoami" {
-#resource "kubernetes_service" "whoami" {
+  metadata {
-#  metadata {
+    name = "whoami"
-#    name = "whoami"
+    namespace = kubernetes_namespace.whoami.metadata.0.name
-#    namespace = kubernetes_namespace.whoami.metadata.0.name
+  }
-#  }
+  spec {
-#  spec {
+    selector = {
-#    selector = {
+      app = kubernetes_deployment.whoami.spec.0.template.0.metadata.0.labels.app
-#      app = kubernetes_deployment.whoami.spec.0.template.0.metadata.0.labels.app
+    }
-#    }
+
-#
+    type = "LoadBalancer"
-#    type = "LoadBalancer"
+    port {
-#    port {
+      protocol = "TCP"
-#      protocol = "TCP"
+      name = "web"
-#      name = "web"
+      port = 80
-#      port = 80
+    }
-#    }
+  }
-#  }
+}
-#}
+
-#
+resource "kubernetes_deployment" "whoami" {
-#resource "kubernetes_deployment" "whoami" {
+  metadata {
-#  metadata {
+    name = "whoami"
-#    name = "whoami"
+    namespace = kubernetes_namespace.whoami.metadata.0.name
-#    namespace = kubernetes_namespace.whoami.metadata.0.name
+  }
-#  }
+  spec {
-#  spec {
+    replicas = "2"
-#    replicas = "2"
+    selector {
-#    selector {
+      match_labels = {
-#      match_labels = {
+        app = "whoami"
-#        app = "whoami"
+      }
-#      }
+    }
-#    }
+    template {
-#    template {
+      metadata {
-#      metadata {
+        labels = {
-#        labels = {
+          app = "whoami"
-#          app = "whoami"
+        }
-#        }
+      }
-#      }
+      spec {
-#      spec {
+        container {
-#        container {
+          name = "whoami"
-#          name = "whoami"
+          image = "traefik/whoami"
-#          image = "traefik/whoami"
+          port {
-#          port {
+            name = "web"
-#            name = "web"
+            container_port = 80
-#            container_port = 80
+          }
-#          }
+        }
-#        }
+      }
-#      }
+    }
-#    }
+  }
-#  }
+}
-#}
+
-#
 #resource "helm_release" "whoami" {
 #  name       = "whoami"
 #  repository = "https://charts.itscontained.io"
@@ -155,61 +154,4 @@ resource "helm_release" "traefik" {
 #  version    = "0.2.5"
 #
 #  values = [file("helm/whoami-values.yaml")]
-#}
+#}
-
-//resource "kubernetes_namespace" "test" {
-//  metadata {
-//    name = "nginx"
-//  }
-//}
-//
-//resource "kubernetes_service" "test" {
-//  metadata {
-//    name      = "nginx"
-//    namespace = kubernetes_namespace.test.metadata.0.name
-//  }
-//  spec {
-//    selector = {
-//      app = kubernetes_deployment.test.spec.0.template.0.metadata.0.labels.app
-//    }
-//
-//    type = "LoadBalancer"
-//    port {
-//      protocol    = "TCP"
-//      port        = 80
-//      target_port = 80
-//    }
-//  }
-//}
-//
-//resource "kubernetes_deployment" "test" {
-//  metadata {
-//    name      = "nginx"
-//    namespace = kubernetes_namespace.test.metadata.0.name
-//  }
-//  spec {
-//    replicas = 2
-//    selector {
-//      match_labels = {
-//        app = "MyTestApp"
-//      }
-//    }
-//    template {
-//      metadata {
-//        labels = {
-//          app = "MyTestApp"
-//        }
-//      }
-//      spec {
-//        container {
-//          image = "nginx"
-//          name  = "nginx-container"
-//          port {
-//            container_port = 80
-//          }
-//        }
-//      }
-//    }
-//  }
-//}
-