Portainer
/
k8s
mirror of https://github.com/portainer/k8s.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #73 from portainer/add-ssl 

Update chart to support BYO SSL certificates
pull/75/head portainer-1.0.17
samdulam 2021-09-27 15:23:50 +13:00 committed by GitHub
parent 143789a0bd a158f5557a
commit 0190fa934f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 121 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/on-push-lint-charts.yml vendored
View File

@ -60,7 +60,7 @@ jobs:
# Refer to https://github.com/kubernetes-sigs/kind/releases when updating the node_images
- name: Create 1.20 kind cluster
uses: helm/kind-action@v1.1.0
uses: helm/kind-action@v1.2.0
with:
node_image: kindest/node:v1.20.2@sha256:8f7ea6e7642c0da54f04a7ee10431549c0257315b3a634f6ef2fecaaedb19bab
cluster_name: kubernetes-1.20
@ -70,7 +70,7 @@ jobs:
run: ct install --config .ci/ct-config.yaml
- name: Create 1.19 kind cluster
uses: helm/kind-action@v1.1.0
uses: helm/kind-action@v1.2.0
with:
node_image: kindest/node:v1.19.7@sha256:a70639454e97a4b733f9d9b67e12c01f6b0297449d5b9cbbef87473458e26dca
cluster_name: kubernetes-1.19
@ -80,7 +80,7 @@ jobs:
run: ct install --config .ci/ct-config.yaml
- name: Create 1.18 kind cluster
uses: helm/kind-action@v1.1.0
uses: helm/kind-action@v1.2.0
with:
node_image: kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4
cluster_name: kubernetes-1.18

2
charts/portainer/Chart.yaml
View File

@ -16,7 +16,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: 1.0.16
version: 1.0.17
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.

10
charts/portainer/templates/NOTES.txt
View File

@ -7,17 +7,17 @@
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "portainer.fullname" . }})
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ include "portainer.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
echo https://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
Get the application URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "portainer.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "portainer.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.httpPort }}
echo http://$SERVICE_IP:{{ .Values.service.httpsPort }}
{{- else if contains "ClusterIP" .Values.service.type }}
Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "portainer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].me$ echo "Visit http://127.0.0.1:9000 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9000:9000
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "portainer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].me$ echo "Visit http://127.0.0.1:9443 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9443:9443
{{- end }}

32
charts/portainer/templates/deployment.yaml
View File

@ -25,9 +25,14 @@ spec:
{{- end }}
serviceAccountName: {{ include "portainer.serviceAccountName" . }}
volumes:
- name: "data"
persistentVolumeClaim:
claimName: {{ template "portainer.pvcName" . }}
- name: "data"
persistentVolumeClaim:
claimName: {{ template "portainer.pvcName" . }}
{{- if .Values.tls.existingSecret }}
- name: certs
secret:
secretName: {{ .Values.tls.existingSecret }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- if .Values.enterpriseEdition.enabled }}
@ -37,26 +42,41 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- end }}
args:
{{- if .Values.tls.existingSecret }}
- --sslcert=/certs/tls.crt
- --sslkey=/certs/tls.key
{{- end }}
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
args: [ '--tunnel-port','{{ .Values.service.edgeNodePort }}' ]
- '--tunnel-port={{ .Values.service.edgeNodePort }}'
{{- end }}
volumeMounts:
- name: data
mountPath: /data
{{- if .Values.tls.existingSecret }}
- name: certs
mountPath: /certs
readOnly: true
{{- end }}
ports:
- name: http
containerPort: 9000
protocol: TCP
- name: https
containerPort: 9443
protocol: TCP
- name: tcp-edge
containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
readinessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
resources:
{{- toYaml .Values.resources | nindent 12 }}

11
charts/portainer/templates/service.yaml
View File

@ -22,7 +22,14 @@ spec:
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.httpNodePort))) }}
nodePort: {{ .Values.service.httpNodePort}}
{{- end }}
{{- if (eq .Values.service.type "NodePort") }}
- port: {{ .Values.service.httpsPort }}
targetPort: 9443
protocol: TCP
name: https
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.httpsNodePort))) }}
nodePort: {{ .Values.service.httpsNodePort}}
{{- end }}
{{- if (eq .Values.service.type "NodePort") }}
- port: {{ .Values.service.edgeNodePort }}
targetPort: {{ .Values.service.edgeNodePort }}
{{- else }}
@ -33,6 +40,6 @@ spec:
name: edge
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
nodePort: {{ .Values.service.edgeNodePort }}
{{- end }}
{{- end }}
selector:
{{- include "portainer.selectorLabels" . | nindent 4 }}

7
charts/portainer/values.yaml
View File

@ -31,14 +31,21 @@ service:
# For Cloud Providers, set the type to be LoadBalancer
type: NodePort
httpPort: 9000
httpsPort: 9443
httpNodePort: 30777
httpsNodePort: 30779
edgePort: 8000
edgeNodePort: 30776
annotations: {}
tls:
# If set, will mount the existing secret into the pod
existingSecret: ""
ingress:
enabled: false
annotations: {}
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
hosts:
- host:
paths: []

25
deploy/manifests/portainer/portainer-ee.yaml
View File

@ -73,6 +73,11 @@ spec:
protocol: TCP
name: http
nodePort: 30777
- port: 9443
targetPort: 9443
protocol: TCP
name: https
nodePort: 30779
- port: 30776
targetPort: 30776
protocol: TCP
@ -111,32 +116,38 @@ spec:
{}
serviceAccountName: portainer-sa-clusteradmin
volumes:
- name: "data"
persistentVolumeClaim:
claimName: portainer
- name: "data"
persistentVolumeClaim:
claimName: portainer
containers:
- name: portainer
image: "portainer/portainer-ee:2.7.0"
imagePullPolicy: Always
args: [ '--tunnel-port','30776' ]
args:
- '--tunnel-port=30776'
volumeMounts:
- name: data
mountPath: /data
mountPath: /data
ports:
- name: http
containerPort: 9000
protocol: TCP
- name: https
containerPort: 9443
protocol: TCP
- name: tcp-edge
containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
readinessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
resources:
{}

24
deploy/manifests/portainer/portainer-lb-ee.yaml
View File

@ -72,6 +72,10 @@ spec:
targetPort: 9000
protocol: TCP
name: http
- port: 9443
targetPort: 9443
protocol: TCP
name: https
- port: 8000
targetPort: 8000
protocol: TCP
@ -109,31 +113,37 @@ spec:
{}
serviceAccountName: portainer-sa-clusteradmin
volumes:
- name: "data"
persistentVolumeClaim:
claimName: portainer
- name: "data"
persistentVolumeClaim:
claimName: portainer
containers:
- name: portainer
image: "portainer/portainer-ee:2.7.0"
imagePullPolicy: Always
imagePullPolicy: Always
args:
volumeMounts:
- name: data
mountPath: /data
mountPath: /data
ports:
- name: http
containerPort: 9000
protocol: TCP
- name: https
containerPort: 9443
protocol: TCP
- name: tcp-edge
containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
readinessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
resources:
{}

24
deploy/manifests/portainer/portainer-lb.yaml
View File

@ -72,6 +72,10 @@ spec:
targetPort: 9000
protocol: TCP
name: http
- port: 9443
targetPort: 9443
protocol: TCP
name: https
- port: 8000
targetPort: 8000
protocol: TCP
@ -109,31 +113,37 @@ spec:
{}
serviceAccountName: portainer-sa-clusteradmin
volumes:
- name: "data"
persistentVolumeClaim:
claimName: portainer
- name: "data"
persistentVolumeClaim:
claimName: portainer
containers:
- name: portainer
image: "portainer/portainer-ce:latest"
imagePullPolicy: Always
imagePullPolicy: Always
args:
volumeMounts:
- name: data
mountPath: /data
mountPath: /data
ports:
- name: http
containerPort: 9000
protocol: TCP
- name: https
containerPort: 9443
protocol: TCP
- name: tcp-edge
containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
readinessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
resources:
{}

25
deploy/manifests/portainer/portainer.yaml
View File

@ -73,6 +73,11 @@ spec:
protocol: TCP
name: http
nodePort: 30777
- port: 9443
targetPort: 9443
protocol: TCP
name: https
nodePort: 30779
- port: 30776
targetPort: 30776
protocol: TCP
@ -111,32 +116,38 @@ spec:
{}
serviceAccountName: portainer-sa-clusteradmin
volumes:
- name: "data"
persistentVolumeClaim:
claimName: portainer
- name: "data"
persistentVolumeClaim:
claimName: portainer
containers:
- name: portainer
image: "portainer/portainer-ce:latest"
imagePullPolicy: Always
args: [ '--tunnel-port','30776' ]
args:
- '--tunnel-port=30776'
volumeMounts:
- name: data
mountPath: /data
mountPath: /data
ports:
- name: http
containerPort: 9000
protocol: TCP
- name: https
containerPort: 9443
protocol: TCP
- name: tcp-edge
containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
readinessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
resources:
{}