Home Automation
Relevant source files
- docs/hass.md
- kubernetes/apps/database/cloudnative-pg/app/helmrelease.yaml
- kubernetes/apps/database/cloudnative-pg/app/kustomization.yaml
- kubernetes/apps/database/cloudnative-pg/backup/externalsecret.yaml
- kubernetes/apps/database/cloudnative-pg/backup/helmrelease.yaml
- kubernetes/apps/database/cloudnative-pg/backup/kustomization.yaml
- kubernetes/apps/database/cloudnative-pg/cluster/backup.yaml
- kubernetes/apps/database/cloudnative-pg/cluster/cluster.yaml
- kubernetes/apps/database/cloudnative-pg/cluster/externalsecret.yaml
- kubernetes/apps/database/cloudnative-pg/cluster/kustomization.yaml
- kubernetes/apps/database/cloudnative-pg/cluster/prometheusrule.yaml
- kubernetes/apps/database/cloudnative-pg/cluster/service.yaml
- kubernetes/apps/database/cloudnative-pg/ks.yaml
- kubernetes/apps/database/kustomization.yaml
- kubernetes/apps/database/mosquitto/app/helmrelease.yaml
- kubernetes/apps/database/mosquitto/app/kustomization.yaml
- kubernetes/apps/database/mosquitto/app/pvc.yaml
- kubernetes/apps/home-automation/frigate/app/externalsecret.yaml
- kubernetes/apps/home-automation/frigate/app/helmrelease.yaml
- kubernetes/apps/home-automation/frigate/app/kustomization.yaml
- kubernetes/apps/home-automation/frigate/app/resources/config.yml
- kubernetes/apps/home-automation/frigate/app/resources/lokirule.yaml
- kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml
- kubernetes/apps/network/multus/app/helmrelease.yaml
- kubernetes/apps/network/multus/app/kustomization.yaml
- kubernetes/apps/network/multus/app/ocirepository.yaml
- kubernetes/apps/network/multus/config/kustomization.yaml
- kubernetes/apps/network/multus/config/net-attach-iot.yaml
- kubernetes/apps/network/multus/config/net-attach-not.yaml
- kubernetes/apps/network/multus/config/net-attach-trust.yaml
- kubernetes/apps/network/multus/ks.yaml
The home automation stack provides the central intelligence and security monitoring for the physical premises. It leverages a multi-VLAN network topology to isolate IoT devices while maintaining high availability through persistent storage backups and hardware-accelerated computer vision.
Home Assistant
home-assistant serves as the primary automation engine. It is deployed as a multi-container pod featuring the core application and a code-server sidecar for live configuration management kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml33-115
Multi-VLAN Networking (Multus)
To interact with devices across isolated network segments, Home Assistant utilizes Multus CNI to attach multiple network interfaces directly to the pod. This allows the pod to reside in the cluster network while having a footprint in specific physical VLANs kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml37-54
| Network Name | VLAN Description | CIDR | Assigned Pod IP |
|---|---|---|---|
multus-trust | Trusted devices (e.g., PCs, Servers) | 10.10.10.0/24 | 10.10.10.250 |
multus-not | No-Internet devices (e.g., Local-only IoT) | 10.10.32.0/24 | 10.10.32.250 |
multus-iot | IoT devices with restricted access | 10.10.33.0/24 | 10.10.33.250 |
These interfaces are defined via NetworkAttachmentDefinition resources using the macvlan CNI plugin with sbr (Source Based Routing) to ensure traffic returns through the correct interface kubernetes/apps/network/multus/config/net-attach-iot.yaml2-36kubernetes/apps/network/multus/config/net-attach-not.yaml2-36kubernetes/apps/network/multus/config/net-attach-trust.yaml2-37
Configuration and Sidecars
- Code-Server: A sidecar container running
ghcr.io/coder/code-serverallows for browser-based editing of the YAML configuration files located in/configkubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml90-115 - Persistence: The
/configdirectory is backed by a PersistentVolumeClaim (existingClaim: home-assistant), with a separateconfig-cachefor Python virtual environments to speed up restarts kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml134-149 - Ingress: External access is provided via
envoy-externalathass.cloudjur.com, while the code-server is restricted toenvoy-internalkubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml164-198
Sources:kubernetes/apps/home-automation/home-assistant/app/helmrelease.yamlkubernetes/apps/network/multus/config/net-attach-iot.yamlkubernetes/apps/network/multus/config/net-attach-trust.yaml
Frigate NVR
Frigate provides AI-powered video surveillance. It integrates with the cluster’s hardware acceleration and uses MQTT for event bus communication.
Camera Configuration and go2rtc
Frigate utilizes go2rtc to manage high-performance RTSP restreaming from Reolink cameras kubernetes/apps/home-automation/frigate/app/resources/config.yml55-70
- Hardware Acceleration: The deployment is configured to use Intel QuickSync (
LIBVA_DRIVER_NAME: i965) for video decoding kubernetes/apps/home-automation/frigate/app/helmrelease.yaml32 - Storage: Video recordings are stored on a remote NFS share (
smb.cloudjur.com) mounted at/media/frigate, while high-frequency IO (shm) uses anemptyDirbacked by RAM to prevent disk wear kubernetes/apps/home-automation/frigate/app/helmrelease.yaml103-122 - Object Detection: Configured to track
personandanimalobjects kubernetes/apps/home-automation/frigate/app/resources/config.yml47-48 Detection is globally managed but can be overridden per camera, such as thereolink_rlc1212a_frontdoorwhich defines specific zones for alerts kubernetes/apps/home-automation/frigate/app/resources/config.yml78-116
Entity Integration Diagram
The following diagram illustrates the relationship between Frigate’s configuration entities and the underlying infrastructure.
Title: Frigate Logic to Infrastructure Mapping
[Flowchart Diagram]
Sources:kubernetes/apps/home-automation/frigate/app/resources/config.ymlkubernetes/apps/home-automation/frigate/app/helmrelease.yaml
Mosquitto MQTT Broker
Mosquitto acts as the central message bus for the home automation ecosystem, facilitating communication between Frigate, Home Assistant, and various IoT sensors.
- Namespace: Resides in the
databasenamespace kubernetes/apps/database/kustomization.yaml11 - Internal Discovery: Services connect via the internal DNS name
mosquitto.database.svc.cluster.localkubernetes/apps/home-automation/frigate/app/resources/config.yml9 - Persistence: Uses a standard PVC to maintain the Mosquitto persistence database across pod restarts.
Data Flow Architecture
The diagram below shows how data flows through the automation stack using the code-defined endpoints.
Title: Automation Data Flow
[Flowchart Diagram]
Sources:kubernetes/apps/home-automation/home-assistant/app/helmrelease.yaml39-54kubernetes/apps/home-automation/frigate/app/resources/config.yml8-12kubernetes/apps/database/kustomization.yaml4-12
Database Layer
While Home Assistant uses a local SQLite database by default, other automation-adjacent services rely on the cloudnative-pg (PostgreSQL) cluster.
- Postgres Cluster: A single-instance cluster (
instances: 1) usinglocal-hostpathstorage for performance kubernetes/apps/database/cloudnative-pg/cluster/cluster.yaml11-19 - Backups: WAL (Write-Ahead Log) archiving is performed to an S3-compatible Garage bucket at
s3://postgresql/kubernetes/apps/database/cloudnative-pg/cluster/cluster.yaml42-49 - Daily Dumps: A
CronJobexecutes daily to create logical backups (pg_dump) of specific databases likeauthentikandsure, which are stored on an NFS share for long-term retention kubernetes/apps/database/cloudnative-pg/backup/helmrelease.yaml24-64
Sources:kubernetes/apps/database/cloudnative-pg/cluster/cluster.yamlkubernetes/apps/database/cloudnative-pg/backup/helmrelease.yaml