diff --git a/projects/homeassistant/project.yaml b/projects/homeassistant/project.yaml index 5f7c14b2..e589ae3d 100644 --- a/projects/homeassistant/project.yaml +++ b/projects/homeassistant/project.yaml @@ -19,3 +19,8 @@ apps: - secretkey include: - ingress-internal + +- name: nodered + chart: node-red + repoURL: https://schwarzit.github.io/node-red-chart + targetRevision: 0.23.1 diff --git a/projects/homeassistant/values/nodered.yaml b/projects/homeassistant/values/nodered.yaml new file mode 100644 index 00000000..484a7ed9 --- /dev/null +++ b/projects/homeassistant/values/nodered.yaml @@ -0,0 +1,178 @@ +image: + # -- The image registry to pull from + registry: docker.io + # -- The image repository to pull from + repository: nodered/node-red + # -- The image pull policy + pullPolicy: IfNotPresent + # -- The image tag to pull, default: `Chart.appVersion` + tag: "" + +npmrc: + # -- Enable custom npmrc config + enabled: false + # -- Configuration to use any compatible registry + registry: "https://registry.npmjs.org" + # -- Configuration to add custom npmrc config + content: | + # Custom npmrc config + +# -- node-red env, see more environment variables in the [node-red documentation](https://nodered.org/docs/getting-started/docker) +env: [] + # Possible Values: + # TZ: + # NODE_OPTIONS: + # NODE_RED_ENABLE_PROJECTS: + # NODE_RED_ENABLE_SAFE_MODE: + # FLOWS: + # example: + # env: + # - name: "NODE_RED_ENABLE_SAFE_MODE" + # value: "" + +# -- Pod Security Context see [values.yaml](values.yaml) +podSecurityContext: + # -- node-red group is 1000 + fsGroup: 1000 + # -- node-red user is 1000 + runAsUser: 1000 + +# -- Security Context see [values.yaml](values.yaml) +securityContext: + privileged: false + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsGroup: 10003 + runAsUser: 10003 + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + +service: + # -- Kubernetes service type + type: ClusterIP + # -- Kubernetes port where service is exposed + port: 1880 + +# Enable Service-Monitor for node-red +metrics: + # -- Deploy metrics service + enabled: false + path: /metrics + serviceMonitor: + # -- Enable a prometheus ServiceMonitor + enabled: false + # -- Prometheus basicAuth configuration for ServiceMonitor endpoint + basicAuth: {} + # -- Prometheus ServiceMonitor interval + interval: 30s + # -- Prometheus [RelabelConfigs] to apply to samples before scraping + relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion + metricRelabelings: [] + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} + +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 5Gi + +ingress: + # -- Enable an ingress resource for the server + enabled: true + # -- Defines which ingress controller will implement the resource + className: "ingress-internal" + # -- Additional ingress annotations + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + # Ingress accepted hostnames + - host: nodered.dc + paths: + # -- The base path + - path: / + # -- Ingress type of path + pathType: ImplementationSpecific + # -- Ingress TLS configuration + tls: + - secretName: chart-example-tls + hosts: + - nodered.dc + certificate: + enabled: true + name: "nodered-tls" + issuerRef: + kind: ClusterIssuer + name: "vault-issuer" + +# -- CPU/Memory resource requests/limits +resources: + limits: + cpu: 500m + memory: 1024Mi + requests: + cpu: 50m + memory: 64Mi + +# -- You can configure node-red using a settings file. default: {} +settings: {} +# Details about the content of the settings.js, you can lookup under +# https://nodered.org/docs/user-guide/runtime/settings-file +# The ConfigMap should already exist and the key must be named `settings.js` +# name: settings-config +# configMapName: settings-config + +sidecar: + # -- Enable the sidecar + enabled: false + # Env variables to pass to the sidecar + env: + # -- Set the sleep time for refresh script + sleep_time_sidecar: 5s + # -- If METHOD is set to LIST, the sidecar will just list config-maps/secrets and exit. With SLEEP it will list all config-maps/secrets, then sleep for SLEEP_TIME seconds. Anything else will continuously watch for changes (see https://kubernetes.io/docs/reference/using-api/api-concepts/#efficient-detection-of-changes). + method: watch + # -- Label that should be used for filtering + label: node-red-settings + # -- The value for the label you want to filter your resources on. Don't set a value to filter by any value + label_value: "1" + # -- Absolute path to shell script to execute after a configmap got reloaded. + script: flow_refresh.sh + # The username for the API Call, check node-red documentation for more information + username: "" + # -- Password as key value pair + password: "" + # -- Password from existing secret + passwordFromExistingSecret: {} + # -- Name of the secret that contains the password + # name: node-red-api-admin-password + # -- Key of the secret that contains the password + # key: password + # -- Extra Environments for the sidecar + extraEnv: [] + # -- Resources for the sidecar + resources: {} + # -- Security context for the sidecar + securityContext: {} + # Image for the sidecar + image: + # -- The image registry to pull the sidecar from + registry: quay.io + # -- The image repository to pull from + repository: kiwigrid/k8s-sidecar + # -- The image tag to pull, default: `1.23.1` + tag: 1.23.1 + # -- The image pull policy, default: `IfNotPresent` + pullPolicy: IfNotPresent + # -- The extra volume mounts for the sidecar + volumeMounts: []