diff --git a/kube/deploy/apps/home-assistant/app/hr.yaml b/kube/deploy/apps/home-assistant/app/hr.yaml
index 06eb9007c3..144eece9dc 100644
--- a/kube/deploy/apps/home-assistant/app/hr.yaml
+++ b/kube/deploy/apps/home-assistant/app/hr.yaml
@@ -162,6 +162,22 @@ spec:
             port: 21062
             protocol: TCP
             primary: false
+          homekit-sensors:
+            port: 21063
+            protocol: TCP
+            primary: false
+          homekit-4:
+            port: 21064
+            protocol: TCP
+            primary: false
+          homekit-5:
+            port: 21065
+            protocol: TCP
+            primary: false
+          homekit-6:
+            port: 21066
+            protocol: TCP
+            primary: false
     ingress:
       main:
         className: "nginx-internal"
@@ -205,10 +221,14 @@ spec:
       tmp:
         type: emptyDir
         medium: Memory
+        sizeLimit: 16Mi
         globalMounts:
           - subPath: "tmp"
             path: "/tmp"
             readOnly: false
+          - subPath: logs
+            path: /config/logs
+            readOnly: false
       litestream:
         type: secret
         name: "litestream-secrets"
diff --git a/kube/deploy/apps/home-assistant/app/netpol.yaml b/kube/deploy/apps/home-assistant/app/netpol.yaml
index 3aa4e350d7..d479d5f2cb 100644
--- a/kube/deploy/apps/home-assistant/app/netpol.yaml
+++ b/kube/deploy/apps/home-assistant/app/netpol.yaml
@@ -19,6 +19,14 @@ spec:
               protocol: TCP
             - port: "21062"
               protocol: TCP
+            - port: "21063"
+              protocol: TCP
+            - port: "21064"
+              protocol: TCP
+            - port: "21065"
+              protocol: TCP
+            - port: "21066"
+              protocol: TCP
   ingressDeny: # only ingress can hit HTTP port
     - fromEntities: [world]
       toPorts: