Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(esphome): fix cache and move code to path #3885

Merged
merged 1 commit into from
Dec 26, 2024
Merged

refactor(esphome): fix cache and move code to path #3885

merged 1 commit into from
Dec 26, 2024

Conversation

blackjid
Copy link
Owner

No description provided.

@bot-x-mod
Copy link
Contributor

bot-x-mod bot commented Dec 26, 2024
edited
Loading 

--- kubernetes/apps/home/esphome/app Kustomization: flux-system/esphome HelmRelease: home/esphome

+++ kubernetes/apps/home/esphome/app Kustomization: flux-system/esphome HelmRelease: home/esphome

@@ -1,25 +1,26 @@

 ---
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   labels:
     app.kubernetes.io/name: esphome
     kustomize.toolkit.fluxcd.io/name: esphome
     kustomize.toolkit.fluxcd.io/namespace: flux-system
   name: esphome
   namespace: home
 spec:
   chart:
     spec:
       chart: app-template
+      interval: 30m
       sourceRef:
         kind: HelmRepository
         name: bjw-s
         namespace: flux-system
-      version: 3.5.1
+      version: 3.6.0
   dependsOn:
   - name: longhorn
     namespace: longhorn-system
   - name: volsync
     namespace: volsync-system
   install:
@@ -36,102 +37,100 @@

       esphome:
         annotations:
           reloader.stakater.com/auto: 'true'
         containers:
           app:
             env:
-              PLATFORMIO_CORE_DIR: .platformio
-              PLATFORMIO_GLOBALLIB_DIR: .platformiolibs
+              ESPHOME_DASHBOARD_USE_PING: true
               TZ: America/Santiago
             image:
-              repository: ghcr.io/esphome/esphome
-              tag: 2024.12.2@sha256:ce313b07edc3d0bde937ce23821b5e0476dcc1cfb62456bef7a6f79b8109f678
+              repository: ghcr.io/bjw-s-labs/esphome
+              tag: 2024.12.2@sha256:cdc5a3f2a0efb321c143317fc1c0d914dc96e4f8d896db2f17632af7a9008814
             probes:
               liveness:
-                enabled: true
+                enabled: false
               readiness:
-                enabled: true
+                enabled: false
               startup:
-                enabled: true
-                spec:
-                  failureThreshold: 30
-                  periodSeconds: 5
+                enabled: false
             resources:
               limits:
                 memory: 2Gi
               requests:
-                cpu: 100m
+                cpu: 5m
                 memory: 512Mi
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                - ALL
+              readOnlyRootFilesystem: true
           code-server:
             args:
             - --auth
             - none
+            - --disable-telemetry
+            - --disable-update-check
             - --user-data-dir
-            - /config/.vscode
+            - /config/.code-server
             - --extensions-dir
-            - /config/.vscode
+            - /config/.code-server
             - --port
             - '12321'
             - /config
             image:
               repository: ghcr.io/coder/code-server
-              tag: 4.96.1@sha256:2dbf436d68564dfda13b4d4eeb8324704b6b4120f25ca57feaf230228c3d70da
+              tag: 4.96.2@sha256:6b8c0e944caec80057e71d2c2f352cee38fe00ae4b7515fc4458eb300844f699
             resources:
               limits:
                 memory: 512Mi
               requests:
                 cpu: 10m
         pod:
-          hostNetwork: true
-    defaultPodOptions:
-      securityContext:
-        fsGroup: 100
-        fsGroupChangePolicy: OnRootMismatch
-        runAsGroup: 1000
-        runAsNonRoot: true
-        runAsUser: 1000
-        seccompProfile:
-          type: RuntimeDefault
+          securityContext:
+            fsGroup: 2000
+            fsGroupChangePolicy: OnRootMismatch
+            runAsGroup: 2000
+            runAsUser: 2000
     ingress:
       app:
         annotations:
           external-dns.alpha.kubernetes.io/target: internal.donoso.family
+          nginx.ingress.kubernetes.io/rewrite-target: /$1
         className: internal
         hosts:
         - host: esphome.donoso.family
           paths:
-          - path: /
+          - path: /(.*)
             service:
               identifier: app
               port: http
-      code-server:
-        annotations:
-          external-dns.alpha.kubernetes.io/target: internal.donoso.family
-        className: internal
-        hosts:
-        - host: esphome-code.donoso.family
-          paths:
-          - path: /
+          - path: /code/(.*)
             service:
               identifier: app
               port: code-server
     persistence:
       cache:
-        globalMounts:
-        - path: /config/.esphome
+        advancedMounts:
+          esphome:
+            app:
+            - path: /cache
         type: emptyDir
       config:
+        advancedMounts:
+          esphome:
+            app:
+            - path: /config
+            code-server:
+            - path: /config
         existingClaim: esphome
-        globalMounts:
-        - path: /config
       deploy-key:
         advancedMounts:
           esphome:
             code-server:
             - path: /home/coder/.ssh/id_ed25519
-              readOnly: true
               subPath: id_ed25519
         defaultMode: 256
         name: esphome-deploykey
         type: secret
       secrets:
         globalMounts:

@bot-x-mod
Copy link
Contributor

bot-x-mod bot commented Dec 26, 2024
edited
Loading 

--- HelmRelease: home/esphome Deployment: home/esphome

+++ HelmRelease: home/esphome Deployment: home/esphome

@@ -28,93 +28,73 @@

         app.kubernetes.io/name: esphome
     spec:
       enableServiceLinks: false
       serviceAccountName: default
       automountServiceAccountToken: true
       securityContext:
-        fsGroup: 100
+        fsGroup: 2000
         fsGroupChangePolicy: OnRootMismatch
-        runAsGroup: 1000
-        runAsNonRoot: true
-        runAsUser: 1000
-        seccompProfile:
-          type: RuntimeDefault
+        runAsGroup: 2000
+        runAsUser: 2000
       hostIPC: false
-      hostNetwork: true
+      hostNetwork: false
       hostPID: false
-      dnsPolicy: ClusterFirstWithHostNet
+      hostUsers: true
+      dnsPolicy: ClusterFirst
       containers:
       - env:
-        - name: PLATFORMIO_CORE_DIR
-          value: .platformio
-        - name: PLATFORMIO_GLOBALLIB_DIR
-          value: .platformiolibs
+        - name: ESPHOME_DASHBOARD_USE_PING
+          value: 'true'
         - name: TZ
           value: America/Santiago
-        image: ghcr.io/esphome/esphome:2024.12.2@sha256:ce313b07edc3d0bde937ce23821b5e0476dcc1cfb62456bef7a6f79b8109f678
-        livenessProbe:
-          failureThreshold: 3
-          initialDelaySeconds: 0
-          periodSeconds: 10
-          tcpSocket:
-            port: 12321
-          timeoutSeconds: 1
+        image: ghcr.io/bjw-s-labs/esphome:2024.12.2@sha256:cdc5a3f2a0efb321c143317fc1c0d914dc96e4f8d896db2f17632af7a9008814
         name: app
-        readinessProbe:
-          failureThreshold: 3
-          initialDelaySeconds: 0
-          periodSeconds: 10
-          tcpSocket:
-            port: 12321
-          timeoutSeconds: 1
         resources:
           limits:
             memory: 2Gi
           requests:
-            cpu: 100m
+            cpu: 5m
             memory: 512Mi
-        startupProbe:
-          failureThreshold: 30
-          initialDelaySeconds: 0
-          periodSeconds: 5
-          tcpSocket:
-            port: 12321
-          timeoutSeconds: 1
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
         volumeMounts:
-        - mountPath: /config/.esphome
+        - mountPath: /cache
           name: cache
         - mountPath: /config
           name: config
         - mountPath: /config/secrets.yaml
           name: secrets
           subPath: secrets.yaml
       - args:
         - --auth
         - none
+        - --disable-telemetry
+        - --disable-update-check
         - --user-data-dir
-        - /config/.vscode
+        - /config/.code-server
         - --extensions-dir
-        - /config/.vscode
+        - /config/.code-server
         - --port
         - '12321'
         - /config
-        image: ghcr.io/coder/code-server:4.96.1@sha256:2dbf436d68564dfda13b4d4eeb8324704b6b4120f25ca57feaf230228c3d70da
+        image: ghcr.io/coder/code-server:4.96.2@sha256:6b8c0e944caec80057e71d2c2f352cee38fe00ae4b7515fc4458eb300844f699
         name: code-server
         resources:
           limits:
             memory: 512Mi
           requests:
             cpu: 10m
         volumeMounts:
-        - mountPath: /config/.esphome
-          name: cache
         - mountPath: /config
           name: config
         - mountPath: /home/coder/.ssh/id_ed25519
           name: deploy-key
-          readOnly: true
           subPath: id_ed25519
         - mountPath: /config/secrets.yaml
           name: secrets
           subPath: secrets.yaml
       volumes:
       - emptyDir: {}
--- HelmRelease: home/esphome Ingress: home/esphome-app

+++ HelmRelease: home/esphome Ingress: home/esphome-app

@@ -1,25 +0,0 @@

----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: esphome-app
-  labels:
-    app.kubernetes.io/instance: esphome
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: esphome
-  annotations:
-    external-dns.alpha.kubernetes.io/target: internal.donoso.family
-spec:
-  ingressClassName: internal
-  rules:
-  - host: esphome.donoso.family
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: esphome
-            port:
-              number: 6052
-
--- HelmRelease: home/esphome Ingress: home/esphome-code-server

+++ HelmRelease: home/esphome Ingress: home/esphome-code-server

@@ -1,25 +0,0 @@

----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: esphome-code-server
-  labels:
-    app.kubernetes.io/instance: esphome
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: esphome
-  annotations:
-    external-dns.alpha.kubernetes.io/target: internal.donoso.family
-spec:
-  ingressClassName: internal
-  rules:
-  - host: esphome-code.donoso.family
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: esphome
-            port:
-              number: 12321
-
--- HelmRelease: home/esphome Ingress: home/esphome

+++ HelmRelease: home/esphome Ingress: home/esphome

@@ -0,0 +1,33 @@

+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: esphome
+  labels:
+    app.kubernetes.io/instance: esphome
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: esphome
+  annotations:
+    external-dns.alpha.kubernetes.io/target: internal.donoso.family
+    nginx.ingress.kubernetes.io/rewrite-target: /$1
+spec:
+  ingressClassName: internal
+  rules:
+  - host: esphome.donoso.family
+    http:
+      paths:
+      - path: /(.*)
+        pathType: Prefix
+        backend:
+          service:
+            name: esphome
+            port:
+              number: 6052
+      - path: /code/(.*)
+        pathType: Prefix
+        backend:
+          service:
+            name: esphome
+            port:
+              number: 12321
+

@blackjid blackjid merged commit 466213d into main Dec 26, 2024
8 checks passed
@blackjid blackjid deleted the fix_esphome branch December 26, 2024 21:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/kubernetes cluster/main
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@blackjid