apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: home-assistant labels: - pairs: app.kubernetes.io/instance: home-assistant resources: - namespace.yaml - secrets.yaml - postgres-cert.yaml - home-assistant.yaml - mosquitto-cert.yaml - mosquitto.yaml - zigbee2mqtt.yaml - zwavejs2mqtt.yaml - piper.yaml - whisper.yaml - mqtt2vl.yaml - ingress.yaml - ../dch-root-ca configMapGenerator: - name: home-assistant files: - configuration.yaml - event-snapshot.sh - groups.yaml - restart-diddy-mopidy.sh - restart-kitchen-mqttmarionette.sh - shell-command.yaml - shutdown-kiosk.sh - ssh_known_hosts - rest-command.yaml options: disableNameSuffixHash: true labels: app.kubernetes.io/name: home-assistant app.kubernetes.io/component: home-assistant app.kubernetes.io/part-of: home-assistant - name: mosquitto files: - mosquitto.conf - name: mqtt2vl files: - mqtt2vl.toml - name: zigbee2mqtt envs: - zigbee2mqtt.env patches: - patch: |- apiVersion: apps/v1 kind: StatefulSet metadata: name: home-assistant spec: template: spec: initContainers: - name: waitfordb image: docker.io/library/postgres:15 command: - sh - -c - until pg_isready; do sleep 1; done env: &pgsqlenv - name: PGHOST value: postgresql.pyrocufflink.blue - name: PGGDATABASE value: homeassistant - name: PGUSER value: homeassistant - name: PGSSLMODE value: verify-full - name: PGSSLROOTCERT value: /run/dch-ca/dch-root-ca.crt - name: PGSSLCERT value: /run/secrets/home-assistant/postgresql/tls.crt - name: PGSSLKEY value: /run/secrets/home-assistant/postgresql/tls.key volumeMounts: - mountPath: /run/dch-ca/ name: dch-root-ca readOnly: true - mountPath: /run/secrets/home-assistant/postgresql name: postgresql-cert containers: - name: home-assistant env: *pgsqlenv volumeMounts: - mountPath: /run/config name: home-assistant-config readOnly: true - mountPath: /run/dch-ca/ name: dch-root-ca readOnly: true - mountPath: /run/secrets/home-assistant name: home-assistant-secrets readOnly: true - mountPath: /run/secrets/home-assistant/postgresql name: postgresql-cert volumes: - name: home-assistant-config configMap: name: home-assistant defaultMode: 0600 - name: home-assistant-secrets secret: secretName: home-assistant defaultMode: 0640 - name: postgresql-cert secret: secretName: postgres-client-cert defaultMode: 0640 - name: dch-root-ca configMap: name: dch-root-ca - patch: |- apiVersion: apps/v1 kind: StatefulSet metadata: name: mqtt2vl spec: template: spec: containers: - name: mqtt2vl env: - name: SSL_CERT_FILE value: /run/dch-ca/dch-root-ca.crt volumeMounts: - mountPath: /run/dch-ca/ name: dch-root-ca readOnly: true - mountPath: /run/secrets/du51tn.xyz/mqtt2vl name: secrets readOnly: true volumes: - name: dch-root-ca configMap: name: dch-root-ca - name: secrets secret: secretName: mqtt2vl defaultMode: 0640 images: - name: ghcr.io/home-assistant/home-assistant newTag: 2025.4.3 - name: docker.io/rhasspy/wyoming-whisper newTag: 2.4.0 - name: docker.io/rhasspy/wyoming-piper newTag: 1.5.0 - name: docker.io/koenkk/zigbee2mqtt newTag: 2.2.1 - name: docker.io/zwavejs/zwave-js-ui newTag: 10.2.0 - name: docker.io/library/eclipse-mosquitto newTag: 2.0.21