diff --git a/.github/workflows/on-push-lint-charts.yml b/.github/workflows/on-push-lint-charts.yml index c34daa6..3eae9e5 100644 --- a/.github/workflows/on-push-lint-charts.yml +++ b/.github/workflows/on-push-lint-charts.yml @@ -62,32 +62,42 @@ jobs: run: ct lint --config .ci/ct-config.yaml # Refer to https://github.com/kubernetes-sigs/kind/releases when updating the node_images - - name: Create 1.20 kind cluster - uses: helm/kind-action@v1.2.0 + - name: Create 1.23 kind cluster + uses: helm/kind-action@v1.4.0 with: - node_image: kindest/node:v1.20.2@sha256:8f7ea6e7642c0da54f04a7ee10431549c0257315b3a634f6ef2fecaaedb19bab - cluster_name: kubernetes-1.20 + node_image: kindest/node:v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61 + cluster_name: kubernetes-1.23 if: steps.list-changed.outputs.changed == 'true' - - name: Run chart-testing (install) against 1.20 + - name: Run chart-testing (install) against 1.23 run: ct install --config .ci/ct-config.yaml - - name: Create 1.19 kind cluster - uses: helm/kind-action@v1.2.0 + - name: Create 1.24 kind cluster + uses: helm/kind-action@v1.4.0 with: - node_image: kindest/node:v1.19.7@sha256:a70639454e97a4b733f9d9b67e12c01f6b0297449d5b9cbbef87473458e26dca - cluster_name: kubernetes-1.19 + node_image: kindest/node:v1.24.12@sha256:1e12918b8bc3d4253bc08f640a231bb0d3b2c5a9b28aa3f2ca1aee93e1e8db16 + cluster_name: kubernetes-1.24 if: steps.list-changed.outputs.changed == 'true' - - name: Run chart-testing (install) against 1.19 + - name: Run chart-testing (install) against 1.24 run: ct install --config .ci/ct-config.yaml - - name: Create 1.18 kind cluster - uses: helm/kind-action@v1.2.0 + - name: Create 1.25 kind cluster + uses: helm/kind-action@v1.4.0 with: - node_image: kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4 - cluster_name: kubernetes-1.18 + node_image: kindest/node:v1.25.8@sha256:00d3f5314cc35327706776e95b2f8e504198ce59ac545d0200a89e69fce10b7f + cluster_name: kubernetes-1.25 if: steps.list-changed.outputs.changed == 'true' - - name: Run chart-testing (install) against 1.18 + - name: Run chart-testing (install) against 1.25 run: ct install --config .ci/ct-config.yaml + + - name: Create 1.26 kind cluster + uses: helm/kind-action@v1.4.0 + with: + node_image: kindest/node:v1.26.3@sha256:61b92f38dff6ccc29969e7aa154d34e38b89443af1a2c14e6cfbd2df6419c66f + cluster_name: kubernetes-1.26 + if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (install) against 1.26 + run: ct install --config .ci/ct-config.yaml \ No newline at end of file diff --git a/charts/portainer/Chart.yaml b/charts/portainer/Chart.yaml index d3fb067..af5461b 100644 --- a/charts/portainer/Chart.yaml +++ b/charts/portainer/Chart.yaml @@ -17,16 +17,16 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 1.0.38 +version: 1.0.44 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: ce-latest-ee-2.16.2 +appVersion: ce-latest-ee-2.18.4 sources: - https://github.com/portainer/k8s maintainers: - - name: funkypenguin - email: davidy@funkypenguin.co.nz - url: https://www.funkypenguin.co.nz + - name: Portainer + email: platform-team@portainer.io + url: https://www.portainer.io diff --git a/charts/portainer/README.md b/charts/portainer/README.md index 080c144..5d581b9 100644 --- a/charts/portainer/README.md +++ b/charts/portainer/README.md @@ -81,6 +81,8 @@ The following table lists the configurable parameters of the Portainer chart and | `resources` | Portainer resource requests and limits | `{}` | | `tls.force` | Force Portainer to be configured to use TLS only | `false` | | `tls.existingSecret` | Mount the existing TLS secret into the pod | `""` | +| `mtls.enable` | Option to specicy mtls Certs to be used by Portainer | `false` | +| `mtls.existingSecret` | Mount the existing mtls secret into the pod | `""` | | `persistence.enabled` | Whether to enable data persistence | `true` | | `persistence.existingClaim` | Name of an existing PVC to use for data persistence | `nil` | | `persistence.size` | Size of the PVC used for persistence | `10Gi` | diff --git a/charts/portainer/templates/deployment.yaml b/charts/portainer/templates/deployment.yaml index c921c9a..67b59b5 100644 --- a/charts/portainer/templates/deployment.yaml +++ b/charts/portainer/templates/deployment.yaml @@ -35,6 +35,11 @@ spec: secret: secretName: {{ .Values.tls.existingSecret }} {{- end }} + {{- if .Values.mtls.existingSecret }} + - name: mtlscerts + secret: + secretName: {{ .Values.mtls.existingSecret }} + {{- end }} containers: - name: {{ .Chart.Name }} {{- if .Values.enterpriseEdition.enabled }} @@ -52,6 +57,11 @@ spec: - --sslcert=/certs/tls.crt - --sslkey=/certs/tls.key {{- end }} + {{- if .Values.mtls.existingSecret }} + - --mtlscacert=/certs/mtls/mtlsca.crt + - --mtlscert=/certs/mtls/mtlscert.crt + - --mtlskey=/certs/mtls/mtlskey.key + {{- end }} {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }} - '--tunnel-port={{ .Values.service.edgeNodePort }}' {{- end }} @@ -68,6 +78,11 @@ spec: mountPath: /certs readOnly: true {{- end }} + {{- if .Values.mtls.existingSecret }} + - name: mtlscerts + mountPath: /certs/mtls + readOnly: true + {{- end }} ports: {{- if not .Values.tls.force }} - name: http @@ -81,6 +96,8 @@ spec: containerPort: 8000 protocol: TCP livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 45 httpGet: path: / {{- if .Values.tls.force }} @@ -126,6 +143,8 @@ spec: {{- end }} {{- end }} readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 45 httpGet: path: / {{- if .Values.tls.force }} diff --git a/charts/portainer/values.yaml b/charts/portainer/values.yaml index 9fb6bc2..af9cf80 100644 --- a/charts/portainer/values.yaml +++ b/charts/portainer/values.yaml @@ -9,12 +9,12 @@ enterpriseEdition: enabled: false image: repository: portainer/portainer-ee - tag: 2.16.2 + tag: 2.18.4 pullPolicy: Always image: repository: portainer/portainer-ce - tag: 2.16.2 + tag: 2.18.4 pullPolicy: Always imagePullSecrets: [] @@ -44,6 +44,12 @@ tls: # If set, will mount the existing secret into the pod existingSecret: "" +mtls: + # If set, Portainer will be configured to use mTLS only + enable: false + # If set, will mount the existing secret into the pod + existingSecret: "" + feature: flags: "" diff --git a/deploy/manifests/agent/ee/agent-stack-windows.yml b/deploy/manifests/agent/ee/agent-stack-windows.yml index defb4d9..9a33e13 100644 --- a/deploy/manifests/agent/ee/agent-stack-windows.yml +++ b/deploy/manifests/agent/ee/agent-stack-windows.yml @@ -1,7 +1,7 @@ version: '3.3' services: agent: - image: portainer/agent:2.16.2 + image: portainer/agent:2.18.4 ports: - target: 9001 published: 9001 diff --git a/deploy/manifests/agent/ee/agent-stack.yml b/deploy/manifests/agent/ee/agent-stack.yml index 4bd50fc..80a81f7 100644 --- a/deploy/manifests/agent/ee/agent-stack.yml +++ b/deploy/manifests/agent/ee/agent-stack.yml @@ -2,7 +2,7 @@ version: '3.2' services: agent: - image: portainer/agent:2.16.2 + image: portainer/agent:2.18.4 volumes: - /var/run/docker.sock:/var/run/docker.sock - /var/lib/docker/volumes:/var/lib/docker/volumes diff --git a/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml b/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml index b6eb7e4..c606ae9 100644 --- a/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml +++ b/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml @@ -65,7 +65,7 @@ spec: serviceAccountName: portainer-sa-clusteradmin containers: - name: portainer-agent - image: portainer/agent:2.16.2 + image: portainer/agent:2.18.4 imagePullPolicy: Always env: - name: LOG_LEVEL diff --git a/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml b/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml index 5333153..c8bc9d0 100644 --- a/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml +++ b/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml @@ -64,7 +64,7 @@ spec: serviceAccountName: portainer-sa-clusteradmin containers: - name: portainer-agent - image: portainer/agent:2.16.2 + image: portainer/agent:2.18.4 imagePullPolicy: Always env: - name: LOG_LEVEL diff --git a/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml b/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml index e0a9311..a9bef57 100644 --- a/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml +++ b/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml @@ -65,7 +65,7 @@ spec: serviceAccountName: portainer-sa-clusteradmin containers: - name: portainer-agent - image: portainer/agent:2.16.2 + image: portainer/agent:2.18.4 imagePullPolicy: Always env: - name: LOG_LEVEL diff --git a/deploy/manifests/agent/portainer-agent-edge-k8s.yaml b/deploy/manifests/agent/portainer-agent-edge-k8s.yaml index b6eb7e4..c606ae9 100644 --- a/deploy/manifests/agent/portainer-agent-edge-k8s.yaml +++ b/deploy/manifests/agent/portainer-agent-edge-k8s.yaml @@ -65,7 +65,7 @@ spec: serviceAccountName: portainer-sa-clusteradmin containers: - name: portainer-agent - image: portainer/agent:2.16.2 + image: portainer/agent:2.18.4 imagePullPolicy: Always env: - name: LOG_LEVEL diff --git a/deploy/manifests/agent/portainer-agent-k8s-lb.yaml b/deploy/manifests/agent/portainer-agent-k8s-lb.yaml index 5333153..c8bc9d0 100644 --- a/deploy/manifests/agent/portainer-agent-k8s-lb.yaml +++ b/deploy/manifests/agent/portainer-agent-k8s-lb.yaml @@ -64,7 +64,7 @@ spec: serviceAccountName: portainer-sa-clusteradmin containers: - name: portainer-agent - image: portainer/agent:2.16.2 + image: portainer/agent:2.18.4 imagePullPolicy: Always env: - name: LOG_LEVEL diff --git a/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml b/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml index e0a9311..a9bef57 100644 --- a/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml +++ b/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml @@ -65,7 +65,7 @@ spec: serviceAccountName: portainer-sa-clusteradmin containers: - name: portainer-agent - image: portainer/agent:2.16.2 + image: portainer/agent:2.18.4 imagePullPolicy: Always env: - name: LOG_LEVEL diff --git a/deploy/manifests/portainer/portainer-ee.yaml b/deploy/manifests/portainer/portainer-ee.yaml index ded4dc6..f136582 100644 --- a/deploy/manifests/portainer/portainer-ee.yaml +++ b/deploy/manifests/portainer/portainer-ee.yaml @@ -14,7 +14,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" --- # Source: portainer/templates/pvc.yaml kind: "PersistentVolumeClaim" @@ -28,7 +28,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" spec: accessModes: - "ReadWriteOnce" @@ -44,7 +44,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -64,7 +64,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" spec: type: NodePort ports: @@ -97,7 +97,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" spec: replicas: 1 strategy: @@ -121,7 +121,7 @@ spec: claimName: portainer containers: - name: portainer - image: "portainer/portainer-ee:2.16.2" + image: "portainer/portainer-ee:2.18.4" imagePullPolicy: Always args: - '--tunnel-port=30776' diff --git a/deploy/manifests/portainer/portainer-lb-ee.yaml b/deploy/manifests/portainer/portainer-lb-ee.yaml index 674bcd9..1458444 100644 --- a/deploy/manifests/portainer/portainer-lb-ee.yaml +++ b/deploy/manifests/portainer/portainer-lb-ee.yaml @@ -14,7 +14,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" --- # Source: portainer/templates/pvc.yaml kind: "PersistentVolumeClaim" @@ -28,7 +28,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" spec: accessModes: - "ReadWriteOnce" @@ -44,7 +44,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -64,7 +64,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" spec: type: LoadBalancer ports: @@ -94,7 +94,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" spec: replicas: 1 strategy: @@ -118,7 +118,7 @@ spec: claimName: portainer containers: - name: portainer - image: "portainer/portainer-ee:2.16.2" + image: "portainer/portainer-ee:2.18.4" imagePullPolicy: Always args: volumeMounts: diff --git a/deploy/manifests/portainer/portainer-lb.yaml b/deploy/manifests/portainer/portainer-lb.yaml index 81bdd63..ebfdaf7 100644 --- a/deploy/manifests/portainer/portainer-lb.yaml +++ b/deploy/manifests/portainer/portainer-lb.yaml @@ -14,7 +14,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" --- # Source: portainer/templates/pvc.yaml kind: "PersistentVolumeClaim" @@ -28,7 +28,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" spec: accessModes: - "ReadWriteOnce" @@ -44,7 +44,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -64,7 +64,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" spec: type: LoadBalancer ports: @@ -94,7 +94,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" spec: replicas: 1 strategy: @@ -118,7 +118,7 @@ spec: claimName: portainer containers: - name: portainer - image: "portainer/portainer-ce:2.16.2" + image: "portainer/portainer-ce:2.18.4" imagePullPolicy: Always args: volumeMounts: diff --git a/deploy/manifests/portainer/portainer.yaml b/deploy/manifests/portainer/portainer.yaml index 847f96d..1c493e7 100644 --- a/deploy/manifests/portainer/portainer.yaml +++ b/deploy/manifests/portainer/portainer.yaml @@ -14,7 +14,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" --- # Source: portainer/templates/pvc.yaml kind: "PersistentVolumeClaim" @@ -28,7 +28,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" spec: accessModes: - "ReadWriteOnce" @@ -44,7 +44,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -64,7 +64,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" spec: type: NodePort ports: @@ -97,7 +97,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.16.2" + app.kubernetes.io/version: "ce-latest-ee-2.18.4" spec: replicas: 1 strategy: @@ -121,7 +121,7 @@ spec: claimName: portainer containers: - name: portainer - image: "portainer/portainer-ce:2.16.2" + image: "portainer/portainer-ce:2.18.4" imagePullPolicy: Always args: - '--tunnel-port=30776'