roger/k3s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
k3s-cluster/homeassistant/homeassistant.yaml
Roger Oriol e77e170421 fix(homeassistant): trust k3s pod/service CIDRs as X-Forwarded-For proxies 
HA runs with hostNetwork on roger-nucbox-evo-x2 while Traefik runs on the
raspberrypi node, so requests arrive at HA from 10.88.20.11. The previous
trusted_proxies entry (10.88.88.0/24) did not include this address, causing
HA to reject X-Forwarded-For and return 400 on every ingress request.
2026-06-26 11:58:46 +02:00

114 lines
2.4 KiB
YAML
Raw Permalink Blame History

---
apiVersion: v1
kind: Namespace
metadata:
name: home-assistant
---
apiVersion: v1
kind: Service
metadata:
namespace: home-assistant
name: home-assistant
spec:
selector:
app: home-assistant
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8123
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: home-assistant
name: home-assistant-config
data:
configuration.yaml: |
# Loads default set of integrations
default_config:
http:
use_x_forwarded_for: true
trusted_proxies:
- 10.42.0.0/16 # k3s pod CIDR (Traefik pod lives here)
- 10.43.0.0/16 # k3s service CIDR
- 10.88.20.0/24 # node subnet (Traefik runs hostNetwork-ish, forwards from 10.88.20.11)
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: home-assistant
name: home-assistant
labels:
app: home-assistant
spec:
replicas: 1
selector:
matchLabels:
app: home-assistant
template:
metadata:
labels:
app: home-assistant
spec:
containers:
- name: home-assistant
image: ghcr.io/home-assistant/home-assistant:stable
resources:
requests:
memory: "256Mi"
limits:
memory: "512Mi"
ports:
- containerPort: 8123
volumeMounts:
- name: config
mountPath: /config
- name: configuration
mountPath: /config/configuration.yaml
subPath: configuration.yaml
- name: localtime
mountPath: /etc/localtime
readOnly: true
- name: dbus
mountPath: /run/dbus
readOnly: true
securityContext:
privileged: true
capabilities:
add:
- NET_ADMIN
- NET_RAW
- SYS_ADMIN
hostNetwork: true
volumes:
- name: config
persistentVolumeClaim:
claimName: home-assistant-config
- name: configuration
configMap:
name: home-assistant-config
- name: localtime
hostPath:
path: /etc/localtime
type: File
- name: dbus
hostPath:
path: /run/dbus
type: Directory
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
namespace: home-assistant
name: home-assistant-config
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
Reference in New Issue View Git Blame Copy Permalink