2.18.1 with mtls and updated test workflow (#128)

* 2.18.1 with mtls

* update tests

.github/workflows/on-push-lint-charts.yml

@@ -62,28 +62,8 @@ jobs:
         run: ct lint --config .ci/ct-config.yaml
 
       # Refer to https://github.com/kubernetes-sigs/kind/releases when updating the node_images
-      - name: Create 1.21 kind cluster
-        uses: helm/kind-action@v1.2.0
-        with:
-          node_image: kindest/node:v1.21.14@sha256:9d9eb5fb26b4fbc0c6d95fa8c790414f9750dd583f5d7cee45d92e8c26670aa1
-          cluster_name: kubernetes-1.21
-        if: steps.list-changed.outputs.changed == 'true'
-
-      - name: Run chart-testing (install) against 1.21
-        run: ct install --config .ci/ct-config.yaml
-
-      - name: Create 1.22 kind cluster
-        uses: helm/kind-action@v1.2.0
-        with:
-          node_image: kindest/node:v1.22.15@sha256:7d9708c4b0873f0fe2e171e2b1b7f45ae89482617778c1c875f1053d4cef2e41
-          cluster_name: kubernetes-1.22
-        if: steps.list-changed.outputs.changed == 'true'
-
-      - name: Run chart-testing (install) against 1.22
-        run: ct install --config .ci/ct-config.yaml
-
       - name: Create 1.23 kind cluster
-        uses: helm/kind-action@v1.2.0
+        uses: helm/kind-action@v1.4.0
         with:
           node_image: kindest/node:v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61
           cluster_name: kubernetes-1.23
@@ -93,9 +73,9 @@ jobs:
         run: ct install --config .ci/ct-config.yaml
 
       - name: Create 1.24 kind cluster
-        uses: helm/kind-action@v1.2.0
+        uses: helm/kind-action@v1.4.0
         with:
-          node_image: kindest/node:v1.24.7@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315
+          node_image: kindest/node:v1.24.12@sha256:1e12918b8bc3d4253bc08f640a231bb0d3b2c5a9b28aa3f2ca1aee93e1e8db16
           cluster_name: kubernetes-1.24
         if: steps.list-changed.outputs.changed == 'true'
 
@@ -103,11 +83,21 @@ jobs:
         run: ct install --config .ci/ct-config.yaml
 
       - name: Create 1.25 kind cluster
-        uses: helm/kind-action@v1.2.0
+        uses: helm/kind-action@v1.4.0
         with:
-          node_image: kindest/node:v1.25.3@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1
+          node_image: kindest/node:v1.25.8@sha256:00d3f5314cc35327706776e95b2f8e504198ce59ac545d0200a89e69fce10b7f
           cluster_name: kubernetes-1.25
         if: steps.list-changed.outputs.changed == 'true'
 
       - name: Run chart-testing (install) against 1.25
+        run: ct install --config .ci/ct-config.yaml
+
+      - name: Create 1.26 kind cluster
+        uses: helm/kind-action@v1.4.0
+        with:
+          node_image: kindest/node:v1.26.3@sha256:61b92f38dff6ccc29969e7aa154d34e38b89443af1a2c14e6cfbd2df6419c66f
+          cluster_name: kubernetes-1.26
+        if: steps.list-changed.outputs.changed == 'true'
+
+      - name: Run chart-testing (install) against 1.26
         run: ct install --config .ci/ct-config.yaml

charts/portainer/Chart.yaml

@@ -17,16 +17,16 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 
-version: 1.0.40
+version: 1.0.41
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: ce-latest-ee-2.17.1
+appVersion: ce-latest-ee-2.18.1
 
 sources:
     - https://github.com/portainer/k8s
 
 maintainers:
-    - name: funkypenguin
-      email: davidy@funkypenguin.co.nz
-      url: https://www.funkypenguin.co.nz
+    - name: Portainer
+      email: platform-team@portainer.io
+      url: https://www.portainer.io

charts/portainer/templates/deployment.yaml

@@ -35,6 +35,11 @@ spec:
           secret:
             secretName: {{ .Values.tls.existingSecret }}
         {{- end }}
+        {{- if .Values.mtls.existingSecret }}
+        - name: mtlscerts
+          secret:
+            secretName: {{ .Values.mtls.existingSecret }}
+        {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           {{- if .Values.enterpriseEdition.enabled }}
@@ -52,6 +57,11 @@ spec:
           - --sslcert=/certs/tls.crt
           - --sslkey=/certs/tls.key
           {{- end }}
+          {{- if .Values.mtls.existingSecret }}
+          - --mtlscacert=/certs/mtls/mtlsca.crt
+          - --mtlscert=/certs/mtls/mtlscert.crt
+          - --mtlskey=/certs/mtls/mtlskey.key
+          {{- end }}          
           {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
           - '--tunnel-port={{ .Values.service.edgeNodePort }}'
           {{- end }}
@@ -68,6 +78,11 @@ spec:
               mountPath: /certs
               readOnly: true
             {{- end }}
+            {{- if .Values.mtls.existingSecret }}
+            - name: mtlscerts
+              mountPath: /certs/mtls
+              readOnly: true
+            {{- end }}
           ports:
             {{- if not .Values.tls.force }}
             - name: http

charts/portainer/values.yaml

@@ -9,12 +9,12 @@ enterpriseEdition:
   enabled: false
   image:
     repository: portainer/portainer-ee
-    tag: 2.17.1
+    tag: 2.18.1
     pullPolicy: Always
 
 image:
   repository: portainer/portainer-ce
-  tag: 2.17.1
+  tag: 2.18.1
   pullPolicy: Always
 
 imagePullSecrets: []
@@ -44,6 +44,12 @@ tls:
   # If set, will mount the existing secret into the pod
   existingSecret: ""
 
+mtls:
+  # If set, Portainer will be configured to use mTLS only
+  enable: false
+  # If set, will mount the existing secret into the pod
+  existingSecret: ""
+
 feature:
   flags: ""
 

deploy/manifests/agent/ee/agent-stack-windows.yml

@@ -1,7 +1,7 @@
 version: '3.3'
 services:
   agent:
-    image: portainer/agent:2.17.1
+    image: portainer/agent:2.18.1
     ports:
       - target: 9001
         published: 9001

deploy/manifests/agent/ee/agent-stack.yml

@@ -2,7 +2,7 @@ version: '3.2'
 
 services:
   agent:
-    image: portainer/agent:2.17.1
+    image: portainer/agent:2.18.1
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - /var/lib/docker/volumes:/var/lib/docker/volumes

deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml

@@ -65,7 +65,7 @@ spec:
       serviceAccountName: portainer-sa-clusteradmin
       containers:
       - name: portainer-agent
-        image: portainer/agent:2.17.1
+        image: portainer/agent:2.18.1
         imagePullPolicy: Always
         env:
         - name: LOG_LEVEL

deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml

@@ -64,7 +64,7 @@ spec:
       serviceAccountName: portainer-sa-clusteradmin
       containers:
       - name: portainer-agent
-        image: portainer/agent:2.17.1
+        image: portainer/agent:2.18.1
         imagePullPolicy: Always
         env:
         - name: LOG_LEVEL

deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml

@@ -65,7 +65,7 @@ spec:
       serviceAccountName: portainer-sa-clusteradmin
       containers:
       - name: portainer-agent
-        image: portainer/agent:2.17.1
+        image: portainer/agent:2.18.1
         imagePullPolicy: Always
         env:
         - name: LOG_LEVEL

deploy/manifests/agent/portainer-agent-edge-k8s.yaml

@@ -65,7 +65,7 @@ spec:
       serviceAccountName: portainer-sa-clusteradmin
       containers:
       - name: portainer-agent
-        image: portainer/agent:2.17.1
+        image: portainer/agent:2.18.1
         imagePullPolicy: Always
         env:
         - name: LOG_LEVEL

deploy/manifests/agent/portainer-agent-k8s-lb.yaml

@@ -64,7 +64,7 @@ spec:
       serviceAccountName: portainer-sa-clusteradmin
       containers:
       - name: portainer-agent
-        image: portainer/agent:2.17.1
+        image: portainer/agent:2.18.1
         imagePullPolicy: Always
         env:
         - name: LOG_LEVEL

deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml

@@ -65,7 +65,7 @@ spec:
       serviceAccountName: portainer-sa-clusteradmin
       containers:
       - name: portainer-agent
-        image: portainer/agent:2.17.1
+        image: portainer/agent:2.18.1
         imagePullPolicy: Always
         env:
         - name: LOG_LEVEL

deploy/manifests/portainer/portainer-ee.yaml

@@ -14,7 +14,7 @@ metadata:
   labels:
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
@@ -28,7 +28,7 @@ metadata:
     io.portainer.kubernetes.application.stack: portainer
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 spec:
   accessModes:
     - "ReadWriteOnce"
@@ -44,7 +44,7 @@ metadata:
   labels:
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -64,7 +64,7 @@ metadata:
     io.portainer.kubernetes.application.stack: portainer
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 spec:
   type: NodePort
   ports:
@@ -97,7 +97,7 @@ metadata:
     io.portainer.kubernetes.application.stack: portainer
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 spec:
   replicas: 1
   strategy:
@@ -121,7 +121,7 @@ spec:
             claimName: portainer
       containers:
         - name: portainer
-          image: "portainer/portainer-ee:2.17.1"
+          image: "portainer/portainer-ee:2.18.1"
           imagePullPolicy: Always
           args:
           - '--tunnel-port=30776'          

deploy/manifests/portainer/portainer-lb-ee.yaml

@@ -14,7 +14,7 @@ metadata:
   labels:
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
@@ -28,7 +28,7 @@ metadata:
     io.portainer.kubernetes.application.stack: portainer
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 spec:
   accessModes:
     - "ReadWriteOnce"
@@ -44,7 +44,7 @@ metadata:
   labels:
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -64,7 +64,7 @@ metadata:
     io.portainer.kubernetes.application.stack: portainer
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 spec:
   type: LoadBalancer
   ports:
@@ -94,7 +94,7 @@ metadata:
     io.portainer.kubernetes.application.stack: portainer
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 spec:
   replicas: 1
   strategy:
@@ -118,7 +118,7 @@ spec:
             claimName: portainer
       containers:
         - name: portainer
-          image: "portainer/portainer-ee:2.17.1"
+          image: "portainer/portainer-ee:2.18.1"
           imagePullPolicy: Always
           args:          
           volumeMounts:

deploy/manifests/portainer/portainer-lb.yaml

@@ -14,7 +14,7 @@ metadata:
   labels:
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
@@ -28,7 +28,7 @@ metadata:
     io.portainer.kubernetes.application.stack: portainer
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 spec:
   accessModes:
     - "ReadWriteOnce"
@@ -44,7 +44,7 @@ metadata:
   labels:
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -64,7 +64,7 @@ metadata:
     io.portainer.kubernetes.application.stack: portainer
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 spec:
   type: LoadBalancer
   ports:
@@ -94,7 +94,7 @@ metadata:
     io.portainer.kubernetes.application.stack: portainer
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 spec:
   replicas: 1
   strategy:
@@ -118,7 +118,7 @@ spec:
             claimName: portainer
       containers:
         - name: portainer
-          image: "portainer/portainer-ce:2.17.1"
+          image: "portainer/portainer-ce:2.18.1"
           imagePullPolicy: Always
           args:          
           volumeMounts:

deploy/manifests/portainer/portainer.yaml

@@ -14,7 +14,7 @@ metadata:
   labels:
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
@@ -28,7 +28,7 @@ metadata:
     io.portainer.kubernetes.application.stack: portainer
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 spec:
   accessModes:
     - "ReadWriteOnce"
@@ -44,7 +44,7 @@ metadata:
   labels:
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -64,7 +64,7 @@ metadata:
     io.portainer.kubernetes.application.stack: portainer
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 spec:
   type: NodePort
   ports:
@@ -97,7 +97,7 @@ metadata:
     io.portainer.kubernetes.application.stack: portainer
     app.kubernetes.io/name: portainer
     app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.17.1"
+    app.kubernetes.io/version: "ce-latest-ee-2.18.1"
 spec:
   replicas: 1
   strategy:
@@ -121,7 +121,7 @@ spec:
             claimName: portainer
       containers:
         - name: portainer
-          image: "portainer/portainer-ce:2.17.1"
+          image: "portainer/portainer-ce:2.18.1"
           imagePullPolicy: Always
           args:
           - '--tunnel-port=30776'