feat: add Discord and Home Assistant integration with sealed secrets and deployments
This commit is contained in:
parent
c470c60b4a
commit
53e7e32d5a
@ -20,8 +20,15 @@ AUTHENTIK_GITEA_CLIENT_ID=your_client_id_here
|
||||
AUTHENTIK_GITEA_CLIENT_SECRET=your_client_secret_here
|
||||
AUTHENTIK_GRAFANA_CLIENT_ID=your_client_id_here
|
||||
AUTHENTIK_GRAFANA_CLIENT_SECRET=your_client_secret_here
|
||||
AUTHENTIK_ARGOCD_CLIENT_ID=your_client_id_here
|
||||
AUTHENTIK_ARGOCD_CLIENT_SECRET=your_client_secret_here
|
||||
|
||||
# Gitea container registry credentials
|
||||
REGISTRY_SERVER=your_registry_server_here
|
||||
REGISTRY_USER=your_username_here
|
||||
REGISTRY_PASSWORD=your_token_here
|
||||
REGISTRY_PASSWORD=your_token_here
|
||||
|
||||
# Home Assistant and Discord integration
|
||||
HA_TOKEN=your_home_assistant_token_here
|
||||
DISCORD_TOKEN=your_discord_token_here
|
||||
GUILD_ID=your_discord_guild_id_here
|
||||
22
argocd/apps/home-services.yaml
Normal file
22
argocd/apps/home-services.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: home-services
|
||||
namespace: argocd
|
||||
labels:
|
||||
app.kubernetes.io/part-of: argocd
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: https://gitea.nik4nao.com/nik/homelab.git
|
||||
targetRevision: HEAD
|
||||
path: manifests/home-services
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: default
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- CreateNamespace=false
|
||||
14
manifests/home-services/discord-bot-sealed.yaml
Normal file
14
manifests/home-services/discord-bot-sealed.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
name: discord-bot-secret
|
||||
namespace: default
|
||||
spec:
|
||||
encryptedData:
|
||||
DISCORD_TOKEN: AgDBma4WxR+7UY2EXu4R98SMc5+OUtGCdccjmXObtKyYTXGzKdOl2pqrfxvTo1fU3M0G/6RvbE8feHGollz44YdyJtM8UZZztWE71p/azGrCOsX/ahCaDa6x0cY8wVXkAuojJNHR4OgszdAiDimQDk1fhe6FYN+JHHUfIntsU0I8aVWlLEWFUVw0U9o4waEV0LF0FJUyGdmj2g+YUOAfsEIX+RNAlMZ3PU6cIjy/LyMStbZI6z8GiPRk4TO15Tg+929V5MRS8CASTeWNC+sh4oGMOsTSLalNMNVFdDhr6HWxiyFCVUXZwnQ2ovt5/E8Gk9T49vedwdpywB/74suY+JIftZtysVk+hXV7aQdKyz10BlKcJ2OTlvoPKY2P7Q1ByM/zvSKl4d8GRmPA3MqV+qyi/SHkUsR8MZbdcxFLmbOv6ESGnvinwOvZR9PbdQZq7GWXzqoIvYkITueRheiMOzF0LmA64fpsKCCQ2Gk+HlpOcc7mes6GCoczVDHUofs8woN8zWyWptxogDQJcuvIoV0XSOBuKQGY+dAgiBrOAQrqdvBIXraqBPFLvh6P6NWht/p2CJGBGCSAHfhX3SVlPIvmEPmZjInVypsBENRWop6OwueyqvpzC3c3ANV+9Din++tnyUryT6R+MyPk3IQkVUCnyyM3vkv4vVHo/8gMlZE/H5yThvVNEbK273WCsJaBRsM56sJCqDf51fJ+gOB6vvgh3+drRrzhjDoNesVsMiAfKPBprbNTCPY1iWUeCZLrMfgMS0kJay49pMVRgR/UwJm+5z7ZCtguqGM=
|
||||
GUILD_ID: AgASZNRwZmFajqhfisPKYPESY/JErX+USTI4DBCUWjS16i+8p1euCu6eyuYZQGuDsBIuRO80nvzB7xFEsW9NIyX0QfBTsLJ4dEIVOa1iGaaX/7t9u6asMRyDRTUZrve0UYX6MKjJiLvbOAnDzSlsFp+I4/uLWWnnQjjQkKcNScWHVQE3r6cIe8dwSKxj2vyVoaO61muIWtC5HxgCW4YsbRlMt8eNbQaWpjV4uOzcj282s7gNJd36LKFtdQuzpahJDmfVnEOYAtIDMPZfGqYeyvVMP6LAEpYLSUCV7CmL+7VQuXMNma2sRUjrK0f0pmBk6Ohji60VlsPG97E09HPhuqN4zsZDgNpuevlbnHfigynDWO9Agbxx7AqAxZ58YTtaCtMRozKx490jEPD5Lp69tcPTcU9n9fsSEqIMsydg3CeOCPV/8DEfsgjQOa1/B1N0p2viHk7uibkjNQ/T339cznBdP0AdnzBJC4wELvS/HzBJb1sIwJndziFs5LSbbRl7TSkS3UnGmiY1k0HmZ26XhIE+avYP2zASmV0pMJzpsfsbyhGLQwKgRUkwAVeh3mQVP84tM5Tn2L9oy2DQjB3upZjQ7k3VDZL5WLRzgmgzhvx5AwPjToEeW2EIOXpnOZ1g7WBNAT04HUlN+7YWRugx00oTUJozu1hgo69ScCcA6grypY89tTFLltq9gYXNcMsjzTfQa1ftgXW9/pUJ9dk0mHYDwmYn
|
||||
template:
|
||||
metadata:
|
||||
name: discord-bot-secret
|
||||
namespace: default
|
||||
18
manifests/home-services/discord-bot-secret.sh
Normal file
18
manifests/home-services/discord-bot-secret.sh
Normal file
@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env bash
|
||||
# Usage: bash manifests/home-services/discord-bot-secret.sh
|
||||
# Description: Regenerates the discord-bot SealedSecret from .env
|
||||
set -euo pipefail
|
||||
|
||||
source "$(dirname "$0")/../../.env"
|
||||
|
||||
kubectl create secret generic discord-bot-secret \
|
||||
--namespace=default \
|
||||
--from-literal=DISCORD_TOKEN="${DISCORD_TOKEN}" \
|
||||
--from-literal=GUILD_ID="${GUILD_ID}" \
|
||||
--dry-run=client -o yaml \
|
||||
| kubeseal --controller-namespace=kube-system \
|
||||
--controller-name=sealed-secrets-controller \
|
||||
--format=yaml \
|
||||
> "$(dirname "$0")/discord-bot-sealed.yaml"
|
||||
|
||||
echo "discord-bot-sealed.yaml regenerated — commit to repo"
|
||||
44
manifests/home-services/discord-bot.yaml
Normal file
44
manifests/home-services/discord-bot.yaml
Normal file
@ -0,0 +1,44 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: discord-bot
|
||||
namespace: default
|
||||
labels:
|
||||
app: discord-bot
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: discord-bot
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: discord-bot
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: gitea-registry-secret
|
||||
containers:
|
||||
- name: discord-bot
|
||||
image: gitea.nik4nao.com/nik/discord-bot:latest
|
||||
env:
|
||||
- name: DISCORD_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: discord-bot-secret
|
||||
key: DISCORD_TOKEN
|
||||
- name: GUILD_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: discord-bot-secret
|
||||
key: GUILD_ID
|
||||
- name: HA_GATEWAY_ADDR
|
||||
value: "ha-gateway.default.svc.cluster.local:50051"
|
||||
- name: OTEL_ENDPOINT
|
||||
value: "otel-collector-opentelemetry-collector.monitoring.svc.cluster.local:4317"
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 64Mi
|
||||
limits:
|
||||
cpu: 200m
|
||||
memory: 128Mi
|
||||
13
manifests/home-services/ha-gateway-sealed.yaml
Normal file
13
manifests/home-services/ha-gateway-sealed.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
name: ha-gateway-secret
|
||||
namespace: default
|
||||
spec:
|
||||
encryptedData:
|
||||
HA_TOKEN: AgAoJBgA7GmZs1JNRfP5LAwkgVGguwAWczm7eybLzjVMzxEVROVEQ2/UXsA+KxIMleParjgMRQ2kEeuJusVWV6IyXVwizO+AhMZsoL6rJZC/bL8yPlAZ66thLZ322NAaMCAa49LJSk+tgp9bv2eP0Xi5jkn6LOyCZW78VZU3aqhoqREsW/0UUfatUGIUGAaekIkKWU4vDQlbXgmztQd3gpWPsh9QVooJeWxRdMyDpkrkJTrkF4e1BmGxEte+9ZO2eNiqbGWRM1IfmsJHOab/3RkN4kA2C5uMHFDly1XB8iqcoLtxIgl6XU6dH6ny7OlQFI63kWkTg8mg9TOZ9GzRJ8sAzHqb/bi3zfvPbC5ZNCau+0VY4duuMh+zzZOAEPo7zHQUhXnrXXe9aGhlomgU6KlnHUCBmPYWr+puixrHK2VIkGt1e37Mi7HTYl17LewKJR1hYi4LaGU+XwJmxQxnNabVsSBFXhGgxkFcwHy+biWkNgxKt+o7bS7m5b2pkwOBVQ2/Ri/Eg45x2XaHETh2cLKAQBQYjJ3lck7dawdGkporLrx21XaTP0FfsvyUUcQpavP9tSJMvLuVhy+HAFB8ttHnSn9uYIh2IuP9R8Ac/diLwqHCmVkK8W9sDNRbmy3woK23OOYMYD1wXjUm/bmXJXiKGKp7/7IM3IbOghRCCnhorb7RumcvojtTiaxwYjGXj/a3sbtWLFbRvtoYf1ojIMfvLVWD14+8j8Nmp5ubz98+y4q/QrWnOEWK7I/48ShdiRFb8JSxrH3LPNygzITJu2aGlhRPw+kfAjvK3Cy1T6ZZkWJjvfEQjMzSs097axj1rVL5UcV0tErBtqeHKbCV5XjTYsNvKLmGCIEUHUiI9jnj8oR8XwGtrw7DhHvRS7GzI1I4OPi7BhtwxBVH2R9H/HtMp8MfAt4pvv7SSjwjzaXr1DS9asiK6aA=
|
||||
template:
|
||||
metadata:
|
||||
name: ha-gateway-secret
|
||||
namespace: default
|
||||
17
manifests/home-services/ha-gateway-secret.sh
Normal file
17
manifests/home-services/ha-gateway-secret.sh
Normal file
@ -0,0 +1,17 @@
|
||||
#!/usr/bin/env bash
|
||||
# Usage: bash manifests/home-services/ha-gateway-secret.sh
|
||||
# Description: Regenerates the ha-gateway SealedSecret from .env
|
||||
set -euo pipefail
|
||||
|
||||
source "$(dirname "$0")/../../.env"
|
||||
|
||||
kubectl create secret generic ha-gateway-secret \
|
||||
--namespace=default \
|
||||
--from-literal=HA_TOKEN="${HA_TOKEN}" \
|
||||
--dry-run=client -o yaml \
|
||||
| kubeseal --controller-namespace=kube-system \
|
||||
--controller-name=sealed-secrets-controller \
|
||||
--format=yaml \
|
||||
> "$(dirname "$0")/ha-gateway-sealed.yaml"
|
||||
|
||||
echo "ha-gateway-sealed.yaml regenerated"
|
||||
70
manifests/home-services/ha-gateway.yaml
Normal file
70
manifests/home-services/ha-gateway.yaml
Normal file
@ -0,0 +1,70 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: ha-gateway
|
||||
namespace: default
|
||||
labels:
|
||||
app: ha-gateway
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: ha-gateway
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: ha-gateway
|
||||
spec:
|
||||
imagePullSecrets:
|
||||
- name: gitea-registry-secret
|
||||
containers:
|
||||
- name: ha-gateway
|
||||
image: gitea.nik4nao.com/nik/ha-gateway:latest
|
||||
ports:
|
||||
- containerPort: 50051
|
||||
name: grpc
|
||||
env:
|
||||
- name: GRPC_PORT
|
||||
value: "50051"
|
||||
- name: HA_BASE_URL
|
||||
value: "http://ha.home.arpa:8123"
|
||||
- name: HA_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ha-gateway-secret
|
||||
key: HA_TOKEN
|
||||
- name: OTEL_ENDPOINT
|
||||
value: "otel-collector-opentelemetry-collector.monitoring.svc.cluster.local:4317"
|
||||
readinessProbe:
|
||||
grpc:
|
||||
port: 50051
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
livenessProbe:
|
||||
grpc:
|
||||
port: 50051
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 30
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 64Mi
|
||||
limits:
|
||||
cpu: 200m
|
||||
memory: 128Mi
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ha-gateway
|
||||
namespace: default
|
||||
labels:
|
||||
app: ha-gateway
|
||||
spec:
|
||||
selector:
|
||||
app: ha-gateway
|
||||
ports:
|
||||
- name: grpc
|
||||
port: 50051
|
||||
targetPort: 50051
|
||||
type: ClusterIP
|
||||
Loading…
x
Reference in New Issue
Block a user