Merge branch 'master' into master

2023-08-31 09:57:02 +05:30 · 2023-08-31 09:57:02 +05:30 · 56de0fa9b2
parent 575d9c5448 50b1ba3f55
commit 56de0fa9b2
17 changed files with 91 additions and 54 deletions
--- a/.github/workflows/on-push-lint-charts.yml
+++ b/.github/workflows/on-push-lint-charts.yml
@ -62,32 +62,42 @@ jobs:
        run: ct lint --config .ci/ct-config.yaml

      # Refer to https://github.com/kubernetes-sigs/kind/releases when updating the node_images
-      - name: Create 1.20 kind cluster
-        uses: helm/kind-action@v1.2.0
+      - name: Create 1.23 kind cluster
+        uses: helm/kind-action@v1.4.0
        with:
-          node_image: kindest/node:v1.20.2@sha256:8f7ea6e7642c0da54f04a7ee10431549c0257315b3a634f6ef2fecaaedb19bab
-          cluster_name: kubernetes-1.20
+          node_image: kindest/node:v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61
+          cluster_name: kubernetes-1.23
        if: steps.list-changed.outputs.changed == 'true'

-      - name: Run chart-testing (install) against 1.20
+      - name: Run chart-testing (install) against 1.23
        run: ct install --config .ci/ct-config.yaml

-      - name: Create 1.19 kind cluster
-        uses: helm/kind-action@v1.2.0
+      - name: Create 1.24 kind cluster
+        uses: helm/kind-action@v1.4.0
        with:
-          node_image: kindest/node:v1.19.7@sha256:a70639454e97a4b733f9d9b67e12c01f6b0297449d5b9cbbef87473458e26dca
-          cluster_name: kubernetes-1.19
+          node_image: kindest/node:v1.24.12@sha256:1e12918b8bc3d4253bc08f640a231bb0d3b2c5a9b28aa3f2ca1aee93e1e8db16
+          cluster_name: kubernetes-1.24
        if: steps.list-changed.outputs.changed == 'true'

-      - name: Run chart-testing (install) against 1.19
+      - name: Run chart-testing (install) against 1.24
        run: ct install --config .ci/ct-config.yaml

-      - name: Create 1.18 kind cluster
-        uses: helm/kind-action@v1.2.0
+      - name: Create 1.25 kind cluster
+        uses: helm/kind-action@v1.4.0
        with:
-          node_image: kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4
-          cluster_name: kubernetes-1.18
+          node_image: kindest/node:v1.25.8@sha256:00d3f5314cc35327706776e95b2f8e504198ce59ac545d0200a89e69fce10b7f
+          cluster_name: kubernetes-1.25
        if: steps.list-changed.outputs.changed == 'true'

-      - name: Run chart-testing (install) against 1.18
+      - name: Run chart-testing (install) against 1.25
        run: ct install --config .ci/ct-config.yaml
+
+      - name: Create 1.26 kind cluster
+        uses: helm/kind-action@v1.4.0
+        with:
+          node_image: kindest/node:v1.26.3@sha256:61b92f38dff6ccc29969e7aa154d34e38b89443af1a2c14e6cfbd2df6419c66f
+          cluster_name: kubernetes-1.26
+        if: steps.list-changed.outputs.changed == 'true'
+
+      - name: Run chart-testing (install) against 1.26
+        run: ct install --config .ci/ct-config.yaml
--- a/charts/portainer/Chart.yaml
+++ b/charts/portainer/Chart.yaml
@ -17,16 +17,16 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.

-version: 1.0.38
+version: 1.0.44

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: ce-latest-ee-2.16.2
+appVersion: ce-latest-ee-2.18.4

 sources:
    - https://github.com/portainer/k8s

 maintainers:
-    - name: funkypenguin
-      email: davidy@funkypenguin.co.nz
-      url: https://www.funkypenguin.co.nz
+    - name: Portainer
+      email: platform-team@portainer.io
+      url: https://www.portainer.io
--- a/charts/portainer/README.md
+++ b/charts/portainer/README.md
@ -81,6 +81,8 @@ The following table lists the configurable parameters of the Portainer chart and
 | `resources` | Portainer resource requests and limits | `{}` |
 | `tls.force` | Force Portainer to be configured to use TLS only | `false` |
 | `tls.existingSecret` | Mount the existing TLS secret into the pod | `""` |
+| `mtls.enable` | Option to specicy mtls Certs to be used by Portainer | `false` |
+| `mtls.existingSecret` | Mount the existing mtls secret into the pod | `""` |
 | `persistence.enabled` | Whether to enable data persistence | `true` |
 | `persistence.existingClaim` | Name of an existing PVC to use for data persistence | `nil` |
 | `persistence.size` | Size of the PVC used for persistence | `10Gi` |
--- a/charts/portainer/templates/deployment.yaml
+++ b/charts/portainer/templates/deployment.yaml
@ -35,6 +35,11 @@ spec:
          secret:
            secretName: {{ .Values.tls.existingSecret }}
        {{- end }}
+        {{- if .Values.mtls.existingSecret }}
+        - name: mtlscerts
+          secret:
+            secretName: {{ .Values.mtls.existingSecret }}
+        {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          {{- if .Values.enterpriseEdition.enabled }}
@ -52,6 +57,11 @@ spec:
          - --sslcert=/certs/tls.crt
          - --sslkey=/certs/tls.key
          {{- end }}
+          {{- if .Values.mtls.existingSecret }}
+          - --mtlscacert=/certs/mtls/mtlsca.crt
+          - --mtlscert=/certs/mtls/mtlscert.crt
+          - --mtlskey=/certs/mtls/mtlskey.key
+          {{- end }}          
          {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
          - '--tunnel-port={{ .Values.service.edgeNodePort }}'
          {{- end }}
@ -68,6 +78,11 @@ spec:
              mountPath: /certs
              readOnly: true
            {{- end }}
+            {{- if .Values.mtls.existingSecret }}
+            - name: mtlscerts
+              mountPath: /certs/mtls
+              readOnly: true
+            {{- end }}
          ports:
            {{- if not .Values.tls.force }}
            - name: http
@ -81,6 +96,8 @@ spec:
              containerPort: 8000
              protocol: TCP
          livenessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 45
            httpGet:
              path: /
              {{- if .Values.tls.force }}
@ -126,6 +143,8 @@ spec:
                {{- end }}
              {{- end }}
          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 45
            httpGet:
              path: /
              {{- if .Values.tls.force }}
--- a/charts/portainer/values.yaml
+++ b/charts/portainer/values.yaml
@ -9,12 +9,12 @@ enterpriseEdition:
  enabled: false
  image:
    repository: portainer/portainer-ee
-    tag: 2.16.2
+    tag: 2.18.4
    pullPolicy: Always

 image:
  repository: portainer/portainer-ce
-  tag: 2.16.2
+  tag: 2.18.4
  pullPolicy: Always

 imagePullSecrets: []
@ -44,6 +44,12 @@ tls:
  # If set, will mount the existing secret into the pod
  existingSecret: ""

+mtls:
+  # If set, Portainer will be configured to use mTLS only
+  enable: false
+  # If set, will mount the existing secret into the pod
+  existingSecret: ""
+
 feature:
  flags: ""

--- a/deploy/manifests/agent/ee/agent-stack-windows.yml
+++ b/deploy/manifests/agent/ee/agent-stack-windows.yml
@ -1,7 +1,7 @@
 version: '3.3'
 services:
  agent:
-    image: portainer/agent:2.16.2
+    image: portainer/agent:2.18.4
    ports:
      - target: 9001
        published: 9001
--- a/deploy/manifests/agent/ee/agent-stack.yml
+++ b/deploy/manifests/agent/ee/agent-stack.yml
@ -2,7 +2,7 @@ version: '3.2'

 services:
  agent:
-    image: portainer/agent:2.16.2
+    image: portainer/agent:2.18.4
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
--- a/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml
@ -65,7 +65,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.16.2
+        image: portainer/agent:2.18.4
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml
@ -64,7 +64,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.16.2
+        image: portainer/agent:2.18.4
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml
@ -65,7 +65,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.16.2
+        image: portainer/agent:2.18.4
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/portainer-agent-edge-k8s.yaml
+++ b/deploy/manifests/agent/portainer-agent-edge-k8s.yaml
@ -65,7 +65,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.16.2
+        image: portainer/agent:2.18.4
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/portainer-agent-k8s-lb.yaml
+++ b/deploy/manifests/agent/portainer-agent-k8s-lb.yaml
@ -64,7 +64,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.16.2
+        image: portainer/agent:2.18.4
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml
+++ b/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml
@ -65,7 +65,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.16.2
+        image: portainer/agent:2.18.4
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/portainer/portainer-ee.yaml
+++ b/deploy/manifests/portainer/portainer-ee.yaml
@ -14,7 +14,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
@ -28,7 +28,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 spec:
  accessModes:
    - "ReadWriteOnce"
@ -44,7 +44,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
@ -64,7 +64,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 spec:
  type: NodePort
  ports:
@ -97,7 +97,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 spec:
  replicas: 1
  strategy:
@ -121,7 +121,7 @@ spec:
            claimName: portainer
      containers:
        - name: portainer
-          image: "portainer/portainer-ee:2.16.2"
+          image: "portainer/portainer-ee:2.18.4"
          imagePullPolicy: Always
          args:
            - '--tunnel-port=30776'
--- a/deploy/manifests/portainer/portainer-lb-ee.yaml
+++ b/deploy/manifests/portainer/portainer-lb-ee.yaml
@ -14,7 +14,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
@ -28,7 +28,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 spec:
  accessModes:
    - "ReadWriteOnce"
@ -44,7 +44,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
@ -64,7 +64,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 spec:
  type: LoadBalancer
  ports:
@ -94,7 +94,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 spec:
  replicas: 1
  strategy:
@ -118,7 +118,7 @@ spec:
            claimName: portainer
      containers:
        - name: portainer
-          image: "portainer/portainer-ee:2.16.2"
+          image: "portainer/portainer-ee:2.18.4"
          imagePullPolicy: Always
          args:
          volumeMounts:
--- a/deploy/manifests/portainer/portainer-lb.yaml
+++ b/deploy/manifests/portainer/portainer-lb.yaml
@ -14,7 +14,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
@ -28,7 +28,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 spec:
  accessModes:
    - "ReadWriteOnce"
@ -44,7 +44,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
@ -64,7 +64,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 spec:
  type: LoadBalancer
  ports:
@ -94,7 +94,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 spec:
  replicas: 1
  strategy:
@ -118,7 +118,7 @@ spec:
            claimName: portainer
      containers:
        - name: portainer
-          image: "portainer/portainer-ce:2.16.2"
+          image: "portainer/portainer-ce:2.18.4"
          imagePullPolicy: Always
          args:
          volumeMounts:
--- a/deploy/manifests/portainer/portainer.yaml
+++ b/deploy/manifests/portainer/portainer.yaml
@ -14,7 +14,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
@ -28,7 +28,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 spec:
  accessModes:
    - "ReadWriteOnce"
@ -44,7 +44,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
@ -64,7 +64,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 spec:
  type: NodePort
  ports:
@ -97,7 +97,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.16.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.4"
 spec:
  replicas: 1
  strategy:
@ -121,7 +121,7 @@ spec:
            claimName: portainer
      containers:
        - name: portainer
-          image: "portainer/portainer-ce:2.16.2"
+          image: "portainer/portainer-ce:2.18.4"
          imagePullPolicy: Always
          args:
            - '--tunnel-port=30776'