apiVersion: v1 kind: Namespace metadata: name: homeassistant --- # PersistentVolume for NFS apiVersion: v1 kind: PersistentVolume metadata: name: homeassistant-pv spec: storageClassName: "" capacity: storage: 2Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain mountOptions: - hard - nfsvers=4.1 nfs: server: 192.168.2.110 path: /mnt/nfs_share/lp/homeassistant readOnly: false --- # PersistentVolumeClaim apiVersion: v1 kind: PersistentVolumeClaim metadata: name: homeassistant-pvc namespace: homeassistant spec: accessModes: - ReadWriteOnce storageClassName: "" resources: requests: storage: 2Gi --- # Deployment apiVersion: apps/v1 kind: Deployment metadata: name: homeassistant namespace: homeassistant spec: replicas: 1 selector: matchLabels: app: homeassistant template: metadata: labels: app: homeassistant spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet containers: - name: homeassistant image: ghcr.io/home-assistant/home-assistant:stable ports: - containerPort: 8123 volumeMounts: - name: config mountPath: /config - name: tls-cert mountPath: /ssl readOnly: true securityContext: capabilities: add: - NET_ADMIN - NET_RAW volumes: - name: config persistentVolumeClaim: claimName: homeassistant-pvc - name: tls-cert secret: secretName: homeassistant-certificate-secret --- # Service (optional with hostNetwork, needed for Traefik) apiVersion: v1 kind: Service metadata: name: homeassistant namespace: homeassistant spec: selector: app: homeassistant ports: - port: 8123 targetPort: 8123 --- apiVersion: traefik.io/v1alpha1 kind: IngressRouteTCP metadata: name: homeassistant-tcp namespace: homeassistant spec: entryPoints: - websecure routes: - match: HostSNI(`homeassistant-lp.allarddcs.nl`) services: - name: homeassistant port: 8123 tls: passthrough: true --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: homeassistant-http namespace: homeassistant spec: entryPoints: - web routes: - match: Host(`homeassistant-lp.allarddcs.nl`) kind: Rule services: - name: homeassistant port: 8123