add registry rules

updates
2026-02-08 01:36:28 +01:00 · 2025-09-12 13:11:45 +02:00 · 2025-09-12 11:32:45 +02:00
7 changed files with 162 additions and 4 deletions
--- a/charts/apps/home-assistant/templates/deployment.yaml
+++ b/charts/apps/home-assistant/templates/deployment.yaml
@@ -15,6 +15,7 @@ spec:
        app: "{{ .Release.Name }}"
    spec:
      hostNetwork: true
+      dnsPolicy: ClusterFirstWithHostNet

      containers:
        - name: "{{ .Release.Name }}"
--- a/charts/apps/home-assistant/templates/piper.yaml
+++ b/charts/apps/home-assistant/templates/piper.yaml
@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ .Release.Name }}-piper"
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: "{{ .Release.Name }}-piper"
+  template:
+    metadata:
+      labels:
+        app: "{{ .Release.Name }}-piper"
+    spec:
+      hostNetwork: true
+
+      containers:
+        - name: "{{ .Release.Name }}-piper"
+          image: "{{ .Values.piper.image.repository }}:{{ .Values.piper.image.tag }}"
+          imagePullPolicy: "{{ .Values.piper.image.pullPolicy }}"
+          args:
+            - --piper
+            - /usr/share/piper/piper
+            - --data-dir
+            - /usr/share/piper-voices
+            - --voice
+            - "{{ .Values.piper.model }}"
+          env:
+            - name: TZ
+              value: "{{ .Values.globals.timezone }}"
+          ports:
+            - name: http
+              containerPort: 10200
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: http
+          readinessProbe:
+            tcpSocket:
+              port: http
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ .Release.Name }}-piper"
+  labels:
+    app: "{{ .Release.Name }}-piper"
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: 10200
+      protocol: TCP
+      name: http
+  selector:
+    app: "{{ .Release.Name }}-piper"
--- a/charts/apps/home-assistant/templates/whisper.yaml
+++ b/charts/apps/home-assistant/templates/whisper.yaml
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: "{{ .Release.Name }}-whisper"
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: "{{ .Release.Name }}-whisper"
+  template:
+    metadata:
+      labels:
+        app: "{{ .Release.Name }}-whisper"
+    spec:
+      hostNetwork: true
+
+      containers:
+        - name: "{{ .Release.Name }}-whisper"
+          image: "{{ .Values.whisper.image.repository }}:{{ .Values.whisper.image.tag }}"
+          imagePullPolicy: "{{ .Values.whisper.image.pullPolicy }}"
+          args:
+            - --model
+            - "{{ .Values.whisper.model }}"
+            - --language
+            - "{{ .Values.whisper.language }}"
+          env:
+            - name: TZ
+              value: "{{ .Values.globals.timezone }}"
+          ports:
+            - name: http
+              containerPort: 10300
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: http
+          readinessProbe:
+            tcpSocket:
+              port: http
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ .Release.Name }}-whisper"
+  labels:
+    app: "{{ .Release.Name }}-whisper"
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      targetPort: 10300
+      protocol: TCP
+      name: http
+  selector:
+    app: "{{ .Release.Name }}-whisper"
--- a/charts/apps/home-assistant/values.yaml
+++ b/charts/apps/home-assistant/values.yaml
@@ -6,3 +6,16 @@ image:
  tag: stable
  pullPolicy: IfNotPresent
 subdomain: home-assistant
+piper:
+  image:
+    repository: ghcr.io/morten-olsen/glados-voice
+    tag: main
+    pullPolicy: Always
+  model: en_US-glados-medium
+whisper:
+  image:
+    repository: rhasspy/wyoming-whisper
+    tag: latest
+    pullPolicy: IfNotPresent
+  model: tiny-int8
+  language: us
--- a/charts/apps/zot/templates/config-map.yaml
+++ b/charts/apps/zot/templates/config-map.yaml
@@ -36,6 +36,9 @@ data:
        },
        "auth": {
          "failDelay": 5,
+          "htpasswd": {
+            "path": "/etc/zot/htpasswd"
+          },
          "openid": {
            "providers": {
              "oidc": {
@@ -53,12 +56,22 @@ data:
            "actions": ["read", "create", "update", "delete"]
          },
          "repositories": {
+            "public/**": {
+              "anonymousPolicy": ["read"],
+              "defaultPolicy": ["read"],
+              "policies": [
+                {
+                  "users": ["*"],
+                  "actions": ["create", "update", "delete"]
+                }
+              ]
+            },
            "**": {
              "defaultPolicy": ["read"],
              "policies": [
                {
                  "users": ["*"],
-                  "actions": ["push", "delete"]
+                  "actions": ["create", "update", "delete"]
                }
              ]
            }
--- a/charts/apps/zot/templates/deployment.yaml
+++ b/charts/apps/zot/templates/deployment.yaml
@@ -6,6 +6,8 @@ metadata:
    app: "{{ .Release.Name }}"
 spec:
  replicas: 1
+  strategy:
+    type: Recreate
  selector:
    matchLabels:
      app: "{{ .Release.Name }}"
@@ -14,8 +16,6 @@ spec:
      labels:
        app: "{{ .Release.Name }}"
    spec:
-      strategy:
-        type: Recreate
      initContainers:
        - name: render-config
          image: alpine:3.20
@@ -36,9 +36,14 @@ spec:
                secretKeyRef:
                  name: "{{ .Release.Name }}-client"
                  key: clientSecret
+            - name: PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Release.Name }}-cluster"
+                  key: password
          args:
            - |
-              apk add --no-cache gettext >/dev/null
+              apk add --no-cache gettext apache2-utils >/dev/null
              envsubst < /config-tpl/config.tpl.json > /config-out/config.json
              echo "Rendered /etc/zot/config.json"
              echo "---------------------------------------"
@@ -49,6 +54,7 @@ spec:
              echo "---------------------------------------"
              cat /config-out/secrets.json
              echo "---------------------------------------"
+              htpasswd -nbB cluster "$PASSWORD" > /config-out/htpasswd
          volumeMounts:
            - name: config-tpl
              mountPath: /config-tpl
--- a/charts/apps/zot/templates/secret.yaml
+++ b/charts/apps/zot/templates/secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: homelab.mortenolsen.pro/v1
+kind: GenerateSecret
+metadata:
+  name: "{{ .Release.Name }}-cluster"
+spec:
+  fields:
+    - name: password
+      encoding: hex
+      length: 64
Author	SHA1	Message	Date
Morten Olsen	abdd4b81c4	add registry rules	2025-09-12 13:11:45 +02:00
Morten Olsen	4691ab1139	updates	2025-09-12 11:32:45 +02:00