diff --git a/.github/workflows/on-push-lint-charts.yml b/.github/workflows/on-push-lint-charts.yml index 0709074..3eae9e5 100644 --- a/.github/workflows/on-push-lint-charts.yml +++ b/.github/workflows/on-push-lint-charts.yml @@ -62,28 +62,8 @@ jobs: run: ct lint --config .ci/ct-config.yaml # Refer to https://github.com/kubernetes-sigs/kind/releases when updating the node_images - - name: Create 1.21 kind cluster - uses: helm/kind-action@v1.2.0 - with: - node_image: kindest/node:v1.21.14@sha256:9d9eb5fb26b4fbc0c6d95fa8c790414f9750dd583f5d7cee45d92e8c26670aa1 - cluster_name: kubernetes-1.21 - if: steps.list-changed.outputs.changed == 'true' - - - name: Run chart-testing (install) against 1.21 - run: ct install --config .ci/ct-config.yaml - - - name: Create 1.22 kind cluster - uses: helm/kind-action@v1.2.0 - with: - node_image: kindest/node:v1.22.15@sha256:7d9708c4b0873f0fe2e171e2b1b7f45ae89482617778c1c875f1053d4cef2e41 - cluster_name: kubernetes-1.22 - if: steps.list-changed.outputs.changed == 'true' - - - name: Run chart-testing (install) against 1.22 - run: ct install --config .ci/ct-config.yaml - - name: Create 1.23 kind cluster - uses: helm/kind-action@v1.2.0 + uses: helm/kind-action@v1.4.0 with: node_image: kindest/node:v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61 cluster_name: kubernetes-1.23 @@ -93,9 +73,9 @@ jobs: run: ct install --config .ci/ct-config.yaml - name: Create 1.24 kind cluster - uses: helm/kind-action@v1.2.0 + uses: helm/kind-action@v1.4.0 with: - node_image: kindest/node:v1.24.7@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315 + node_image: kindest/node:v1.24.12@sha256:1e12918b8bc3d4253bc08f640a231bb0d3b2c5a9b28aa3f2ca1aee93e1e8db16 cluster_name: kubernetes-1.24 if: steps.list-changed.outputs.changed == 'true' @@ -103,11 +83,21 @@ jobs: run: ct install --config .ci/ct-config.yaml - name: Create 1.25 kind cluster - uses: helm/kind-action@v1.2.0 + uses: helm/kind-action@v1.4.0 with: - node_image: kindest/node:v1.25.3@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1 + node_image: kindest/node:v1.25.8@sha256:00d3f5314cc35327706776e95b2f8e504198ce59ac545d0200a89e69fce10b7f cluster_name: kubernetes-1.25 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) against 1.25 + run: ct install --config .ci/ct-config.yaml + + - name: Create 1.26 kind cluster + uses: helm/kind-action@v1.4.0 + with: + node_image: kindest/node:v1.26.3@sha256:61b92f38dff6ccc29969e7aa154d34e38b89443af1a2c14e6cfbd2df6419c66f + cluster_name: kubernetes-1.26 + if: steps.list-changed.outputs.changed == 'true' + + - name: Run chart-testing (install) against 1.26 run: ct install --config .ci/ct-config.yaml \ No newline at end of file diff --git a/charts/portainer/Chart.yaml b/charts/portainer/Chart.yaml index ac9ad6d..686e24e 100644 --- a/charts/portainer/Chart.yaml +++ b/charts/portainer/Chart.yaml @@ -17,16 +17,16 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 1.0.40 +version: 1.0.41 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: ce-latest-ee-2.17.1 +appVersion: ce-latest-ee-2.18.1 sources: - https://github.com/portainer/k8s maintainers: - - name: funkypenguin - email: davidy@funkypenguin.co.nz - url: https://www.funkypenguin.co.nz + - name: Portainer + email: platform-team@portainer.io + url: https://www.portainer.io diff --git a/charts/portainer/templates/deployment.yaml b/charts/portainer/templates/deployment.yaml index c921c9a..fbd1898 100644 --- a/charts/portainer/templates/deployment.yaml +++ b/charts/portainer/templates/deployment.yaml @@ -35,6 +35,11 @@ spec: secret: secretName: {{ .Values.tls.existingSecret }} {{- end }} + {{- if .Values.mtls.existingSecret }} + - name: mtlscerts + secret: + secretName: {{ .Values.mtls.existingSecret }} + {{- end }} containers: - name: {{ .Chart.Name }} {{- if .Values.enterpriseEdition.enabled }} @@ -52,6 +57,11 @@ spec: - --sslcert=/certs/tls.crt - --sslkey=/certs/tls.key {{- end }} + {{- if .Values.mtls.existingSecret }} + - --mtlscacert=/certs/mtls/mtlsca.crt + - --mtlscert=/certs/mtls/mtlscert.crt + - --mtlskey=/certs/mtls/mtlskey.key + {{- end }} {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }} - '--tunnel-port={{ .Values.service.edgeNodePort }}' {{- end }} @@ -68,6 +78,11 @@ spec: mountPath: /certs readOnly: true {{- end }} + {{- if .Values.mtls.existingSecret }} + - name: mtlscerts + mountPath: /certs/mtls + readOnly: true + {{- end }} ports: {{- if not .Values.tls.force }} - name: http diff --git a/charts/portainer/values.yaml b/charts/portainer/values.yaml index 3174754..9a1a125 100644 --- a/charts/portainer/values.yaml +++ b/charts/portainer/values.yaml @@ -9,12 +9,12 @@ enterpriseEdition: enabled: false image: repository: portainer/portainer-ee - tag: 2.17.1 + tag: 2.18.1 pullPolicy: Always image: repository: portainer/portainer-ce - tag: 2.17.1 + tag: 2.18.1 pullPolicy: Always imagePullSecrets: [] @@ -44,6 +44,12 @@ tls: # If set, will mount the existing secret into the pod existingSecret: "" +mtls: + # If set, Portainer will be configured to use mTLS only + enable: false + # If set, will mount the existing secret into the pod + existingSecret: "" + feature: flags: "" diff --git a/deploy/manifests/agent/ee/agent-stack-windows.yml b/deploy/manifests/agent/ee/agent-stack-windows.yml index 0c162fe..38afbfa 100644 --- a/deploy/manifests/agent/ee/agent-stack-windows.yml +++ b/deploy/manifests/agent/ee/agent-stack-windows.yml @@ -1,7 +1,7 @@ version: '3.3' services: agent: - image: portainer/agent:2.17.1 + image: portainer/agent:2.18.1 ports: - target: 9001 published: 9001 diff --git a/deploy/manifests/agent/ee/agent-stack.yml b/deploy/manifests/agent/ee/agent-stack.yml index a11ebc4..9164592 100644 --- a/deploy/manifests/agent/ee/agent-stack.yml +++ b/deploy/manifests/agent/ee/agent-stack.yml @@ -2,7 +2,7 @@ version: '3.2' services: agent: - image: portainer/agent:2.17.1 + image: portainer/agent:2.18.1 volumes: - /var/run/docker.sock:/var/run/docker.sock - /var/lib/docker/volumes:/var/lib/docker/volumes diff --git a/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml b/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml index fcbda9f..d66092c 100644 --- a/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml +++ b/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml @@ -65,7 +65,7 @@ spec: serviceAccountName: portainer-sa-clusteradmin containers: - name: portainer-agent - image: portainer/agent:2.17.1 + image: portainer/agent:2.18.1 imagePullPolicy: Always env: - name: LOG_LEVEL diff --git a/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml b/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml index 3f3ce38..bd08eb0 100644 --- a/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml +++ b/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml @@ -64,7 +64,7 @@ spec: serviceAccountName: portainer-sa-clusteradmin containers: - name: portainer-agent - image: portainer/agent:2.17.1 + image: portainer/agent:2.18.1 imagePullPolicy: Always env: - name: LOG_LEVEL diff --git a/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml b/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml index 0a06c8b..d657b03 100644 --- a/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml +++ b/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml @@ -65,7 +65,7 @@ spec: serviceAccountName: portainer-sa-clusteradmin containers: - name: portainer-agent - image: portainer/agent:2.17.1 + image: portainer/agent:2.18.1 imagePullPolicy: Always env: - name: LOG_LEVEL diff --git a/deploy/manifests/agent/portainer-agent-edge-k8s.yaml b/deploy/manifests/agent/portainer-agent-edge-k8s.yaml index fcbda9f..d66092c 100644 --- a/deploy/manifests/agent/portainer-agent-edge-k8s.yaml +++ b/deploy/manifests/agent/portainer-agent-edge-k8s.yaml @@ -65,7 +65,7 @@ spec: serviceAccountName: portainer-sa-clusteradmin containers: - name: portainer-agent - image: portainer/agent:2.17.1 + image: portainer/agent:2.18.1 imagePullPolicy: Always env: - name: LOG_LEVEL diff --git a/deploy/manifests/agent/portainer-agent-k8s-lb.yaml b/deploy/manifests/agent/portainer-agent-k8s-lb.yaml index 3f3ce38..bd08eb0 100644 --- a/deploy/manifests/agent/portainer-agent-k8s-lb.yaml +++ b/deploy/manifests/agent/portainer-agent-k8s-lb.yaml @@ -64,7 +64,7 @@ spec: serviceAccountName: portainer-sa-clusteradmin containers: - name: portainer-agent - image: portainer/agent:2.17.1 + image: portainer/agent:2.18.1 imagePullPolicy: Always env: - name: LOG_LEVEL diff --git a/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml b/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml index 0a06c8b..d657b03 100644 --- a/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml +++ b/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml @@ -65,7 +65,7 @@ spec: serviceAccountName: portainer-sa-clusteradmin containers: - name: portainer-agent - image: portainer/agent:2.17.1 + image: portainer/agent:2.18.1 imagePullPolicy: Always env: - name: LOG_LEVEL diff --git a/deploy/manifests/portainer/portainer-ee.yaml b/deploy/manifests/portainer/portainer-ee.yaml index b183b4f..9e1a7d6 100644 --- a/deploy/manifests/portainer/portainer-ee.yaml +++ b/deploy/manifests/portainer/portainer-ee.yaml @@ -14,7 +14,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" --- # Source: portainer/templates/pvc.yaml kind: "PersistentVolumeClaim" @@ -28,7 +28,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" spec: accessModes: - "ReadWriteOnce" @@ -44,7 +44,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -64,7 +64,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" spec: type: NodePort ports: @@ -97,7 +97,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" spec: replicas: 1 strategy: @@ -121,7 +121,7 @@ spec: claimName: portainer containers: - name: portainer - image: "portainer/portainer-ee:2.17.1" + image: "portainer/portainer-ee:2.18.1" imagePullPolicy: Always args: - '--tunnel-port=30776' diff --git a/deploy/manifests/portainer/portainer-lb-ee.yaml b/deploy/manifests/portainer/portainer-lb-ee.yaml index 6213235..a7c57e8 100644 --- a/deploy/manifests/portainer/portainer-lb-ee.yaml +++ b/deploy/manifests/portainer/portainer-lb-ee.yaml @@ -14,7 +14,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" --- # Source: portainer/templates/pvc.yaml kind: "PersistentVolumeClaim" @@ -28,7 +28,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" spec: accessModes: - "ReadWriteOnce" @@ -44,7 +44,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -64,7 +64,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" spec: type: LoadBalancer ports: @@ -94,7 +94,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" spec: replicas: 1 strategy: @@ -118,7 +118,7 @@ spec: claimName: portainer containers: - name: portainer - image: "portainer/portainer-ee:2.17.1" + image: "portainer/portainer-ee:2.18.1" imagePullPolicy: Always args: volumeMounts: diff --git a/deploy/manifests/portainer/portainer-lb.yaml b/deploy/manifests/portainer/portainer-lb.yaml index 50a4679..4b7962a 100644 --- a/deploy/manifests/portainer/portainer-lb.yaml +++ b/deploy/manifests/portainer/portainer-lb.yaml @@ -14,7 +14,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" --- # Source: portainer/templates/pvc.yaml kind: "PersistentVolumeClaim" @@ -28,7 +28,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" spec: accessModes: - "ReadWriteOnce" @@ -44,7 +44,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -64,7 +64,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" spec: type: LoadBalancer ports: @@ -94,7 +94,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" spec: replicas: 1 strategy: @@ -118,7 +118,7 @@ spec: claimName: portainer containers: - name: portainer - image: "portainer/portainer-ce:2.17.1" + image: "portainer/portainer-ce:2.18.1" imagePullPolicy: Always args: volumeMounts: diff --git a/deploy/manifests/portainer/portainer.yaml b/deploy/manifests/portainer/portainer.yaml index 18e93c6..9a01e05 100644 --- a/deploy/manifests/portainer/portainer.yaml +++ b/deploy/manifests/portainer/portainer.yaml @@ -14,7 +14,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" --- # Source: portainer/templates/pvc.yaml kind: "PersistentVolumeClaim" @@ -28,7 +28,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" spec: accessModes: - "ReadWriteOnce" @@ -44,7 +44,7 @@ metadata: labels: app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -64,7 +64,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" spec: type: NodePort ports: @@ -97,7 +97,7 @@ metadata: io.portainer.kubernetes.application.stack: portainer app.kubernetes.io/name: portainer app.kubernetes.io/instance: portainer - app.kubernetes.io/version: "ce-latest-ee-2.17.1" + app.kubernetes.io/version: "ce-latest-ee-2.18.1" spec: replicas: 1 strategy: @@ -121,7 +121,7 @@ spec: claimName: portainer containers: - name: portainer - image: "portainer/portainer-ce:2.17.1" + image: "portainer/portainer-ce:2.18.1" imagePullPolicy: Always args: - '--tunnel-port=30776'