--- apiVersion: v1 kind: Namespace metadata: name: home-assistant --- apiVersion: v1 kind: Service metadata: namespace: home-assistant name: home-assistant spec: selector: app: home-assistant type: ClusterIP ports: - name: http protocol: TCP port: 80 targetPort: 8123 --- apiVersion: v1 kind: ConfigMap metadata: namespace: home-assistant name: home-assistant-config data: configuration.yaml: | # Loads default set of integrations default_config: http: use_x_forwarded_for: true trusted_proxies: - 10.42.0.0/16 # k3s pod CIDR (Traefik pod lives here) - 10.43.0.0/16 # k3s service CIDR - 10.88.20.0/24 # node subnet (Traefik runs hostNetwork-ish, forwards from 10.88.20.11) --- apiVersion: apps/v1 kind: Deployment metadata: namespace: home-assistant name: home-assistant labels: app: home-assistant spec: replicas: 1 selector: matchLabels: app: home-assistant template: metadata: labels: app: home-assistant spec: containers: - name: home-assistant image: ghcr.io/home-assistant/home-assistant:stable resources: requests: memory: "256Mi" limits: memory: "512Mi" ports: - containerPort: 8123 volumeMounts: - name: config mountPath: /config - name: configuration mountPath: /config/configuration.yaml subPath: configuration.yaml - name: localtime mountPath: /etc/localtime readOnly: true - name: dbus mountPath: /run/dbus readOnly: true securityContext: privileged: true capabilities: add: - NET_ADMIN - NET_RAW - SYS_ADMIN hostNetwork: true volumes: - name: config persistentVolumeClaim: claimName: home-assistant-config - name: configuration configMap: name: home-assistant-config - name: localtime hostPath: path: /etc/localtime type: File - name: dbus hostPath: path: /run/dbus type: Directory --- apiVersion: v1 kind: PersistentVolumeClaim metadata: namespace: home-assistant name: home-assistant-config spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi ---