feat(ring-mqtt): setup

kubernetes/talos-flux/apps/home-automation/kustomization.yaml

@@ -11,4 +11,5 @@ resources:
   - ./home-assistant/flux-sync.yaml
   - ./locking-service/flux-sync.yaml
   - ./node-red/flux-sync.yaml
+  - ./node-red/ring-mqtt/flux-sync.yaml
   - ./zigbee2mqtt/flux-sync.yaml

kubernetes/talos-flux/apps/home-automation/ring-mqtt/app/external-secret.yaml

@@ -0,0 +1,22 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &name ring-mqtt-config
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: *name
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        config.json: "{{ .config.json }}"
+        ring-state.json: "{{ .ring-state.json }}"
+  dataFrom:
+    - extract:
+        key: infra/techtales/home-automation/ring-mqtt

kubernetes/talos-flux/apps/home-automation/ring-mqtt/app/helm-release.yaml

@@ -0,0 +1,113 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app ring-mqtt
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.6.1
+      interval: 15m
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s-charts
+        namespace: flux-system
+  maxHistory: 15
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    controllers:
+      ring-mqtt:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          app:
+            env:
+              TZ: ${SETTING_TZ}
+            image:
+              repository: tsightler/ring-mqtt
+              tag: 5.8.0@sha256:43717ab265a9c97dbb1fc029bfcbc8925e82a0f6bc2b28280dfd673c7f902541
+            ports:
+              - name: rtsp
+                containerPort: &port 8554
+                protocol: TCP
+            probes:
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+              startup:
+                enabled: true
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+        pod:
+          securityContext:
+            runAsUser: 65534
+            runAsGroup: 65534
+            runAsNonRoot: true
+
+    service:
+      app:
+        controller: *app
+        ports:
+          http:
+            port: *port
+
+    # ingress:
+    #   app:
+    #     enabled: true
+    #     className: traefik
+    #     annotations:
+    #       cert-manager.io/cluster-issuer: letsencrypt-production
+    #       traefik.ingress.kubernetes.io/router.middlewares: traefik-ingress-sso@kubernetescrd
+    #       traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    #       traefik.ingress.kubernetes.io/affinity: "true"
+    #       traefik.ingress.kubernetes.io/router.tls: "true"
+    #       gethomepage.dev/enabled: "true"
+    #       gethomepage.dev/description: Govee to MQTT bridge for Home Assistant
+    #       gethomepage.dev/group: Home Automation
+    #       gethomepage.dev/icon: mqtt
+    #       gethomepage.dev/name: ring-mqtt
+    #       gethomepage.dev/weight: "3" # optional
+    #     hosts:
+    #       - host: &host ring-mqtt.techtales.io
+    #         paths:
+    #           - path: /
+    #             service:
+    #               identifier: app
+    #               port: rtsp
+    #     tls:
+    #       - hosts:
+    #           - *host
+    #         secretName: ring-mqtt-tls
+
+    persistence:
+      data:
+        type: emptyDir
+        globalMounts:
+          - path: /data
+      credentials:
+        type: secret
+        name: ring-mqtt-config
+        advancedMounts:
+          ring-mqtt:
+            config:
+              - path: /data/config.json
+                subPath: config.json
+                readOnly: true
+              - path: /data/ring-state.json
+                subPath: ring-state.json
+                readOnly: true

kubernetes/talos-flux/apps/home-automation/ring-mqtt/app/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - external-secret.yaml
+  - helm-release.yaml

kubernetes/talos-flux/apps/home-automation/ring-mqtt/flux-sync.yaml

@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &appname ring-mqtt
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "true"
+spec:
+  targetNamespace: home-automation
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *appname
+  interval: 10m
+  path: ./kubernetes/talos-flux/apps/home-automation/ring-mqtt/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops
+  wait: false
+  timeout: 5m
+  # dependsOn:
+  #   - name: apps-rook-ceph-cluster
+  #   - name: apps-volsync
+  #   - name: apps-kube-prometheus-stack
+  #   - name: apps-external-secrets-stores