45 changed files with 148 additions and 1515 deletions
--- a/.ci/scripts/local-ct-lint.sh
+++ b/.ci/scripts/local-ct-lint.sh
--- a/.ci/scripts/local-kube-score.sh
+++ b/.ci/scripts/local-kube-score.sh
--- a/.github/workflows/on-push-lint-charts.yml
+++ b/.github/workflows/on-push-lint-charts.yml
@ -4,27 +4,22 @@ on:
  push:
    paths:
      - 'charts/**' 
-      - '.github/**'
+      - '.github/**'            
  pull_request:
    branches:
      - master
  workflow_dispatch:
 env:
  KUBE_SCORE_VERSION: 1.10.0
-  HELM_VERSION: v3.10.1
+  HELM_VERSION: v3.4.1
 jobs:
  lint-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v1
        with:
          fetch-depth: 0
      - name: Set up Helm
-        uses: azure/setup-helm@v4.2.0
+        uses: azure/setup-helm@v1
        with:
          version: ${{ env.HELM_VERSION }}
@ -45,14 +40,12 @@ jobs:
              --enable-optional-test container-security-context-privileged
      # python is a requirement for the chart-testing action below (supports yamllint among other tests)
-      - uses: actions/setup-python@v5.3.0
+      - uses: actions/setup-python@v2
        with:
-          python-version: 3.13.1
+          python-version: 3.7
      - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.6.1
+        uses: helm/chart-testing-action@v2.0.1
        with:
          version: v3.10.1
      - name: Run chart-testing (list-changed)
        id: list-changed
@ -66,42 +59,32 @@ jobs:
        run: ct lint --config .ci/ct-config.yaml
      # Refer to https://github.com/kubernetes-sigs/kind/releases when updating the node_images
-      - name: Create 1.29 kind cluster
+      - name: Create 1.20 kind cluster
-        uses: helm/kind-action@v1.12.0
+        uses: helm/kind-action@v1.1.0
        with:
-          node_image: kindest/node:v1.29.14@sha256:8703bd94ee24e51b778d5556ae310c6c0fa67d761fae6379c8e0bb480e6fea29
+          node_image: kindest/node:v1.20.2@sha256:8f7ea6e7642c0da54f04a7ee10431549c0257315b3a634f6ef2fecaaedb19bab
-          cluster_name: kubernetes-1.29
+          cluster_name: kubernetes-1.20
        if: steps.list-changed.outputs.changed == 'true'
-      - name: Run chart-testing (install) against 1.29
+      - name: Run chart-testing (install) against 1.20
        run: ct install --config .ci/ct-config.yaml
-      - name: Create 1.30 kind cluster
+      - name: Create 1.19 kind cluster
-        uses: helm/kind-action@v1.12.0
+        uses: helm/kind-action@v1.1.0
        with:
-          node_image: kindest/node:v1.30.10@sha256:4de75d0e82481ea846c0ed1de86328d821c1e6a6a91ac37bf804e5313670e507
+          node_image: kindest/node:v1.19.7@sha256:a70639454e97a4b733f9d9b67e12c01f6b0297449d5b9cbbef87473458e26dca
-          cluster_name: kubernetes-1.30
+          cluster_name: kubernetes-1.19
        if: steps.list-changed.outputs.changed == 'true'
-      - name: Run chart-testing (install) against 1.30
+      - name: Run chart-testing (install) against 1.19
        run: ct install --config .ci/ct-config.yaml
-      - name: Create 1.31 kind cluster
+      - name: Create 1.18 kind cluster
-        uses: helm/kind-action@v1.12.0
+        uses: helm/kind-action@v1.1.0
        with:
-          node_image: kindest/node:v1.31.6@sha256:28b7cbb993dfe093c76641a0c95807637213c9109b761f1d422c2400e22b8e87
+          node_image: kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4
-          cluster_name: kubernetes-1.31
+          cluster_name: kubernetes-1.18
        if: steps.list-changed.outputs.changed == 'true'
-      - name: Run chart-testing (install) against 1.31
+      - name: Run chart-testing (install) against 1.18
        run: ct install --config .ci/ct-config.yaml
      - name: Create 1.32 kind cluster
        uses: helm/kind-action@v1.12.0
        with:
          node_image: kindest/node:v1.32.2@sha256:f226345927d7e348497136874b6d207e0b32cc52154ad8323129352923a3142f
          cluster_name: kubernetes-1.32
        if: steps.list-changed.outputs.changed == 'true'
      - name: Run chart-testing (install) against 1.32
        run: ct install --config .ci/ct-config.yaml
--- a/.github/workflows/on-push-master-publish-chart.yml
+++ b/.github/workflows/on-push-master-publish-chart.yml
@ -11,11 +11,9 @@ on:
 jobs:
  build:
    runs-on: ubuntu-latest
-    permissions:
+
      contents: write
      pages: write
      pull-requests: write
    steps:
    - uses: actions/checkout@v2
@ -37,4 +35,4 @@ jobs:
      with:
        destination_branch: "gh-pages"
        github_token: "${{ secrets.GITHUB_TOKEN }}"
-        pr_allow_empty: false
+        pr_allow_empty: false        
--- a/charts/portainer/Chart.yaml
+++ b/charts/portainer/Chart.yaml
@ -16,16 +16,16 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 version: 1.0.10
 version: 2.33.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: ce-latest-ee-2.33.2
+appVersion: ce-latest-ee-2.0.0
 sources:
    - https://github.com/portainer/k8s
 maintainers:
-    - name: Portainer
+    - name: funkypenguin
-      email: platform-team@portainer.io
+      email: davidy@funkypenguin.co.nz
-      url: https://www.portainer.io
+      url: https://www.funkypenguin.co.nz
--- a/charts/portainer/README.md
+++ b/charts/portainer/README.md
@ -64,30 +64,25 @@ The following table lists the configurable parameters of the Portainer chart and
 | `nodeSelector` | Used to apply a nodeSelector to the deployment | `{}` |
 | `serviceAccount.annotations` | Annotations to add to the service account | `null` |
 | `serviceAccount.name` | The name of the service account to use | `portainer-sa-clusteradmin` |
 | `localMgmt` | Enables or disables the creation of SA, Roles in local cluster where Portainer runs, only change when you don't need to manage the local cluster through this Portainer instance  | `true` |
 | `service.type` | Service Type for the main Portainer Service; ClusterIP, NodePort and LoadBalancer | `LoadBalancer` |
 | `service.httpPort` | HTTP port for accessing Portainer Web | `9000` |
 | `service.httpNodePort` | Static NodePort for accessing Portainer Web. Specify only if the type is NodePort | `30777` |
 | `service.edgePort` | TCP port for accessing Portainer Edge | `8000` |
 | `service.edgeNodePort` | Static NodePort for accessing Portainer Edge. Specify only if the type is NodePort | `30776` |
 | `service.annotations` | Annotations to add to the service | `{}` |
 | `feature.flags` | Enable one or more features separated by spaces. For instance, `--feat=open-amt` | `nil` |
 | `ingress.enabled` | Create an ingress for Portainer | `false` |
 | `ingress.ingressClassName` | For Kubernetes >= 1.18 you should specify the ingress-controller via the field `ingressClassName`. For instance, `nginx` | `nil` |
 | `ingress.annotations` | Annotations to add to the ingress. For instane, `kubernetes.io/ingress.class: nginx` | `{}` |
 | `ingress.hosts.host` | URL for Portainer Web. For instance, `portainer.example.io` | `nil` |
 | `ingress.hosts.paths.path` | Path for the Portainer Web. | `/` |
 | `ingress.hosts.paths.port` | Port for the Portainer Web. | `9000` |
 | `ingress.tls` | TLS support on ingress. Must create a secret with TLS certificates in advance | `[]` |
 | `resources` | Portainer resource requests and limits | `{}` |
 | `tls.force` | Force Portainer to be configured to use TLS only | `false` |
 | `tls.existingSecret` | Mount the existing TLS secret into the pod | `""` |
 | `mtls.enable` | Option to specicy mtls Certs to be used by Portainer | `false` |
 | `mtls.existingSecret` | Mount the existing mtls secret into the pod | `""` |
 | `persistence.enabled` | Whether to enable data persistence | `true` |
 | `persistence.existingClaim` | Name of an existing PVC to use for data persistence | `nil` |
 | `persistence.size` | Size of the PVC used for persistence | `10Gi` |
 | `persistence.annotations` | Annotations to apply to PVC used for persistence | `{}` |
 | `persistence.storageClass` | StorageClass to apply to PVC used for persistence | `default` |
 | `persistence.accessMode` | AccessMode for persistence | `ReadWriteOnce` |
-| `persistence.selector` | Selector for persistence | `nil` |
+| `persistence.selector` | Selector for persistence | `nil` |
--- a/charts/portainer/templates/NOTES.txt
+++ b/charts/portainer/templates/NOTES.txt
@ -1,27 +1,21 @@
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
-  Use the URL below to access the application
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ if .port }}:{{ .port }}{{ else }}:9000{{ end }}{{.path}}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ if .port }}:{{ .port }}{{ else }}{{ end }}{{.path}}
  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
-  Get the application URL by running these commands:
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "portainer.fullname" . }})
  {{- if .Values.tls.force }}
    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "portainer.fullname" . }})
  {{- else }}
    export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ include "portainer.fullname" . }})  
  {{- end}}
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo https://$NODE_IP:$NODE_PORT
+  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
  Get the application URL by running these commands:
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "portainer.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "portainer.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo https://$SERVICE_IP:{{ .Values.service.httpsPort }}
+  echo http://$SERVICE_IP:{{ .Values.service.httpPort }}
 {{- else if contains "ClusterIP" .Values.service.type }}
-  Get the application URL by running these commands:
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "portainer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "portainer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].me$  echo "Visit http://127.0.0.1:9443 to use your application"
+  echo "Visit http://127.0.0.1:9000 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9443:9443
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9000:9000
 {{- end }}
--- a/charts/portainer/templates/_helpers.tpl
+++ b/charts/portainer/templates/_helpers.tpl
@ -71,17 +71,4 @@ Provide a pre-defined claim or a claim based on the Release
 {{- else -}}
 {{- template "portainer.fullname" . }}
 {{- end -}}
 {{- end -}}
 {{/*
 Generate a right Ingress apiVersion
 */}}
 {{- define "ingress.apiVersion" -}}
 {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion -}}
 networking.k8s.io/v1
 {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
 networking.k8s.io/v1beta1
 {{- else -}}
 extensions/v1
 {{- end }}
 {{- end -}}
--- a/charts/portainer/templates/deployment.yaml
+++ b/charts/portainer/templates/deployment.yaml
@ -18,31 +18,16 @@ spec:
      labels:
        {{- include "portainer.selectorLabels" . | nindent 8 }}
    spec:
-      nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }}
+      nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 -}}      
-      tolerations: {{- toYaml .Values.tolerations | nindent 8 -}}
+    {{- with .Values.imagePullSecrets }}
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
-      {{- end }}
+    {{- end }}
      {{- if .Values.localMgmt }}
      serviceAccountName: {{ include "portainer.serviceAccountName" . }}
      {{- end }}
      volumes:
-        {{- if .Values.persistence.enabled }}
+         - name: "data"
-        - name: "data"
+           persistentVolumeClaim:
-          persistentVolumeClaim:
+             claimName: {{ template "portainer.pvcName" . }}      
            claimName: {{ template "portainer.pvcName" . }}
        {{- end }}
        {{- if .Values.tls.existingSecret }}
        - name: certs
          secret:
            secretName: {{ .Values.tls.existingSecret }}
        {{- end }}
        {{- if .Values.mtls.existingSecret }}
        - name: mtlscerts
          secret:
            secretName: {{ .Values.mtls.existingSecret }}
        {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          {{- if .Values.enterpriseEdition.enabled }}
@ -52,150 +37,26 @@ spec:
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          {{- end }}
-          args: 
+      {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
-          {{- if .Values.tls.force }}
+          args:  [ '--tunnel-port','{{ .Values.service.edgeNodePort }}' ]
-          - --http-disabled
+      {{- end }}          
          {{- end }}
          {{- if .Values.tls.existingSecret }}
          - --tlscert=/certs/tls.crt
          - --tlskey=/certs/tls.key
          {{- end }}
          {{- if .Values.mtls.existingSecret }}
          - --mtlscacert=/certs/mtls/mtlsca.crt
          - --mtlscert=/certs/mtls/mtlscert.crt
          - --mtlskey=/certs/mtls/mtlskey.key
          {{- end }}          
          {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
          - '--tunnel-port={{ .Values.service.edgeNodePort }}'
          {{- end }}
          {{- if and .Values.trusted_origins.enabled (not (empty .Values.trusted_origins.domains)) }}
          - '--trusted-origins={{ .Values.trusted_origins.domains | trim | quote }}'
          {{- end }}
          {{- range .Values.feature.flags }}
          - {{ . | squote }}
          {{- end }}
          volumeMounts:
            {{- if .Values.persistence.enabled }}
            - name: data
              mountPath: /data
            {{- end }}
            {{- if .Values.tls.existingSecret }}
            - name: certs
              mountPath: /certs
              readOnly: true
            {{- end }}
            {{- if .Values.mtls.existingSecret }}
            - name: mtlscerts
              mountPath: /certs/mtls
              readOnly: true
            {{- end }}
          ports:
            {{- if not .Values.tls.force }}
            - name: http
              containerPort: 9000
              protocol: TCP
            {{- end }}
            - name: https
              containerPort: 9443
              protocol: TCP
            - name: tcp-edge
              containerPort: 8000
-              protocol: TCP
+              protocol: TCP              
          livenessProbe:
            failureThreshold: 5
            initialDelaySeconds: 45
            periodSeconds: 30
            httpGet:
              path: /
              {{- if .Values.tls.force }}
              port: 9443
              scheme: HTTPS
              {{- else }}
                {{- if .Values.enterpriseEdition.enabled }}
                  {{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+$" .Values.enterpriseEdition.image.tag }}
                    {{- if eq (semver .Values.enterpriseEdition.image.tag | (semver "2.7.0").Compare) -1 }}
              port: 9443
              scheme: HTTPS
                    {{- else }}
              port: 9000
              scheme: HTTP
                    {{- end }}
                  {{- else }}
                    {{- if eq .Values.enterpriseEdition.image.tag "latest" }}
              port: 9443
              scheme: HTTPS
                    {{- else }}
              port: 9000
              scheme: HTTP
                    {{- end }}
                  {{- end}}
                {{- else }}
                  {{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+$" .Values.image.tag }}
                    {{- if eq (semver .Values.image.tag | (semver "2.6.0").Compare) -1 }}
              port: 9443
              scheme: HTTPS
                    {{- else }}
              port: 9000
              scheme: HTTP
                    {{- end}}
                  {{- else }}
                    {{- if eq .Values.image.tag "latest" }}
              port: 9443
              scheme: HTTPS
                    {{- else }}
              port: 9000
              scheme: HTTP
                    {{- end }}
                  {{- end }}
                {{- end }}
              {{- end }}
          readinessProbe:
            failureThreshold: 5
            initialDelaySeconds: 45
            periodSeconds: 30
            httpGet:
              path: /
              {{- if .Values.tls.force }}
              port: 9443
              scheme: HTTPS
              {{- else }}
                {{- if .Values.enterpriseEdition.enabled }}
                  {{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+$" .Values.enterpriseEdition.image.tag }}
                    {{- if eq (semver .Values.enterpriseEdition.image.tag | (semver "2.7.0").Compare) -1 }}
              port: 9443
              scheme: HTTPS
                    {{- else }}
              port: 9000
              scheme: HTTP
                    {{- end }}
                  {{- else }}
                    {{- if eq .Values.enterpriseEdition.image.tag "latest" }}
              port: 9443
              scheme: HTTPS
                    {{- else }}
              port: 9000
              scheme: HTTP
                    {{- end }}
                  {{- end}}
                {{- else }}
                  {{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+$" .Values.image.tag }}
                    {{- if eq (semver .Values.image.tag | (semver "2.6.0").Compare) -1 }}
              port: 9443
              scheme: HTTPS
                    {{- else }}
              port: 9000
              scheme: HTTP
                    {{- end}}
                  {{- else }}
                    {{- if eq .Values.image.tag "latest" }}
              port: 9443
              scheme: HTTPS
                    {{- else }}
              port: 9000
              scheme: HTTP
                    {{- end }}
                  {{- end }}
                {{- end }}
              {{- end }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
--- a/charts/portainer/templates/ingress.yaml
+++ b/charts/portainer/templates/ingress.yaml
@ -1,8 +1,10 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "portainer.fullname" . -}}
-{{- $tlsforced := .Values.tls.force -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-{{- $apiVersion := include "ingress.apiVersion" . -}}
+apiVersion: networking.k8s.io/v1beta1
-apiVersion: {{ $apiVersion }}
+{{- else -}}
 apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
  name: {{ $fullName }}
@ -14,9 +16,6 @@ metadata:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 spec:
 {{- with .Values.ingress.ingressClassName }}
  ingressClassName: {{ . }}
 {{- end }}
 {{- if .Values.ingress.tls }}
  tls:
  {{- range .Values.ingress.tls }}
@ -34,27 +33,9 @@ spec:
        paths:
        {{- range .paths }}
          - path: {{ .path | default "/" }}
            {{- if eq $apiVersion "networking.k8s.io/v1" }}
            pathType: Prefix
            {{- end }}
            backend:
            {{- if eq $apiVersion "networking.k8s.io/v1" }}
              service:
                name: {{ $fullName }}
                port:
                {{- if $tlsforced }}
                  number: {{ .port | default 9443 }}
                {{- else }}
                  number: {{ .port | default 9000 }}
                {{- end }}
            {{- else }}
              serviceName: {{ $fullName }}
              {{- if $tlsforced }}
              servicePort: {{ .port | default 9443 }}
              {{- else }}
              servicePort: {{ .port | default 9000 }}
              {{- end }}
            {{- end }}
        {{- end }}
  {{- end }}
-{{- end }}
+{{- end }}
--- a/charts/portainer/templates/namespace.yaml
+++ b/charts/portainer/templates/namespace.yaml
@ -3,6 +3,4 @@ apiVersion: v1
 kind: Namespace
 metadata:
  name: portainer
  labels:
    pod-security.kubernetes.io/enforce: privileged
 {{ end }}
--- a/charts/portainer/templates/pvc.yaml
+++ b/charts/portainer/templates/pvc.yaml
@ -1,30 +1,30 @@
 {{- if .Values.persistence.enabled -}}
 {{- if not .Values.persistence.existingClaim -}}
 ---
 kind: "PersistentVolumeClaim"
 apiVersion: "v1"
 metadata:
  name: {{ template "portainer.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}  
  annotations:
  {{- if .Values.persistence.storageClass }}
    volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass | quote }}
  {{- else }}
    volume.alpha.kubernetes.io/storage-class: "generic"
  {{- end }}
  {{- if .Values.persistence.annotations }}
  {{ toYaml .Values.persistence.annotations | indent 2 }}  
  {{ end }}
  labels:
    io.portainer.kubernetes.application.stack: portainer
-    {{- include "portainer.labels" . | nindent 4 }}
+    {{- include "portainer.labels" . | nindent 4 }}  
 spec:
  accessModes:
    - {{ default "ReadWriteOnce" .Values.persistence.accessMode | quote }}
  resources:
    requests:
      storage: {{ .Values.persistence.size | quote }}
  {{- if .Values.persistence.storageClass }}
  storageClassName: {{ .Values.persistence.storageClass | quote }}
  {{ end }}
  {{- if .Values.persistence.selector }}
  selector:
 {{ toYaml .Values.persistence.selector | indent 4 }}
  {{ end }}
 {{- end }}
 {{- end }}
--- a/charts/portainer/templates/rbac.yaml
+++ b/charts/portainer/templates/rbac.yaml
@ -1,4 +1,3 @@
 {{- if .Values.localMgmt }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@ -12,5 +11,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  namespace: {{ .Release.Namespace }}
-  name: {{ include "portainer.serviceAccountName" . }}
+  name: {{ include "portainer.serviceAccountName" . }}
 {{- end }}
--- a/charts/portainer/templates/service.yaml
+++ b/charts/portainer/templates/service.yaml
@ -15,7 +15,6 @@ metadata:
 spec:
  type: {{ .Values.service.type }}
  ports:
    {{- if not .Values.tls.force }}
    - port: {{ .Values.service.httpPort }}
      targetPort: 9000
      protocol: TCP
@ -23,15 +22,7 @@ spec:
      {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.httpNodePort))) }}
      nodePort: {{ .Values.service.httpNodePort}}
      {{- end }}
-    {{- end }}
+      {{- if (eq .Values.service.type "NodePort") }}
    - port: {{ .Values.service.httpsPort }}
      targetPort: 9443
      protocol: TCP
      name: https
      {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.httpsNodePort))) }}
      nodePort: {{ .Values.service.httpsNodePort}}
      {{- end }}
    {{- if (eq .Values.service.type "NodePort") }}
    - port: {{ .Values.service.edgeNodePort }}
      targetPort: {{ .Values.service.edgeNodePort }}
      {{- else }}
@ -42,6 +33,6 @@ spec:
      name: edge
      {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
      nodePort: {{ .Values.service.edgeNodePort }}
-    {{- end }}
+      {{- end }}
  selector:
    {{- include "portainer.selectorLabels" . | nindent 4 }}
--- a/charts/portainer/templates/serviceaccount.yaml
+++ b/charts/portainer/templates/serviceaccount.yaml
@ -1,4 +1,3 @@
 {{- if .Values.localMgmt }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@ -10,4 +9,3 @@ metadata:
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 {{- end }}
--- a/charts/portainer/values.yaml
+++ b/charts/portainer/values.yaml
@ -9,81 +9,44 @@ enterpriseEdition:
  enabled: false
  image:
    repository: portainer/portainer-ee
-    tag: 2.33.2
+    tag: 2.0.0
    pullPolicy: Always
 image:
  repository: portainer/portainer-ce
-  tag: 2.33.2
+  tag: latest
  pullPolicy: Always
 imagePullSecrets: []
 nodeSelector: {}
 tolerations: []
 serviceAccount:
  annotations: {}
  name: portainer-sa-clusteradmin
 # This flag provides the ability to enable or disable RBAC-related resources during the deployment of the Portainer application
 # If you are using Portainer to manage the K8s cluster it is deployed to, this flag must be set to true 
 localMgmt: true
 service:
  # Set the httpNodePort and edgeNodePort only if the type is NodePort
  # For Ingress, set the type to be ClusterIP and set ingress.enabled to true
  # For Cloud Providers, set the type to be LoadBalancer
  type: NodePort
  httpPort: 9000
  httpsPort: 9443
  httpNodePort: 30777
  httpsNodePort: 30779
  edgePort: 8000
  edgeNodePort: 30776
  annotations: {}
 tls:
  # If set, Portainer will be configured to use TLS only
  force: false
  # If set, will mount the existing secret into the pod
  existingSecret: ""
 trusted_origins:
  # If set, Portainer will be configured to trust the domains specified in domains
    enabled: false
      # specify (in a comma-separated list) the domain(s) used to access Portainer when it is behind a reverse proxy
        # example: portainer.mydomain.com,portainer.example.com
    domains: ""
 mtls:
  # If set, Portainer will be configured to use mTLS only
  enable: false
  # If set, will mount the existing secret into the pod
  existingSecret: ""
 feature:
  flags: []
 ingress:
  enabled: false
  ingressClassName: ""
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # Only use below if tls.force=true
    # nginx.ingress.kubernetes.io/backend-protocol: HTTPS
  # Note: Hosts and paths are of type array
  hosts:
    - host:
      paths: []
      # - path: "/"
  tls: []
 resources: {}
 persistence:
  enabled: true
  size: "10Gi"
  annotations: {}
  storageClass:
  existingClaim:
--- a/deploy/manifests/agent/ee/agent-stack-ee20-windows.yml
+++ b/deploy/manifests/agent/ee/agent-stack-ee20-windows.yml
@ -1,25 +0,0 @@
 version: '3.3'
 services:
  agent:
    image: portainer/agent:2.0.0
    ports:
      - target: 9001
        published: 9001
        protocol: tcp
    volumes:
      - type: npipe
        source: \\.\pipe\docker_engine
        target: \\.\pipe\docker_engine
      - type: bind
        source: C:\ProgramData\docker\volumes
        target: C:\ProgramData\docker\volumes
    networks:
      - agent_network
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == windows]
 networks:
  agent_network:
    driver: overlay
--- a/deploy/manifests/agent/ee/agent-stack-ee20.yml
+++ b/deploy/manifests/agent/ee/agent-stack-ee20.yml
@ -1,24 +0,0 @@
 version: '3.2'
 services:
  agent:
    image: portainer/agent:2.0.0
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    ports:
      - target: 9001
        published: 9001
        protocol: tcp
        mode: host
    networks:
      - portainer_agent
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == linux]
 networks:
  portainer_agent:
    driver: overlay
    attachable: true
--- a/deploy/manifests/agent/ee/agent-stack-ee24-windows.yml
+++ b/deploy/manifests/agent/ee/agent-stack-ee24-windows.yml
@ -1,25 +0,0 @@
 version: '3.3'
 services:
  agent:
    image: portainer/agent:2.4.0
    ports:
      - target: 9001
        published: 9001
        protocol: tcp
    volumes:
      - type: npipe
        source: \\.\pipe\docker_engine
        target: \\.\pipe\docker_engine
      - type: bind
        source: C:\ProgramData\docker\volumes
        target: C:\ProgramData\docker\volumes
    networks:
      - agent_network
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == windows]
 networks:
  agent_network:
    driver: overlay
--- a/deploy/manifests/agent/ee/agent-stack-ee24.yml
+++ b/deploy/manifests/agent/ee/agent-stack-ee24.yml
@ -1,24 +0,0 @@
 version: '3.2'
 services:
  agent:
    image: portainer/agent:2.4.0
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    ports:
      - target: 9001
        published: 9001
        protocol: tcp
        mode: host
    networks:
      - portainer_agent
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == linux]
 networks:
  portainer_agent:
    driver: overlay
    attachable: true
--- a/deploy/manifests/agent/ee/agent-stack-windows.yml
+++ b/deploy/manifests/agent/ee/agent-stack-windows.yml
@ -1,25 +0,0 @@
 version: '3.3'
 services:
  agent:
    image: portainer/agent:2.33.2
    ports:
      - target: 9001
        published: 9001
        protocol: tcp
    volumes:
      - type: npipe
        source: \\.\pipe\docker_engine
        target: \\.\pipe\docker_engine
      - type: bind
        source: C:\ProgramData\docker\volumes
        target: C:\ProgramData\docker\volumes
    networks:
      - agent_network
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == windows]
 networks:
  agent_network:
    driver: overlay
--- a/deploy/manifests/agent/ee/agent-stack.yml
+++ b/deploy/manifests/agent/ee/agent-stack.yml
@ -1,24 +0,0 @@
 version: '3.2'
 services:
  agent:
    image: portainer/agent:2.33.2
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    ports:
      - target: 9001
        published: 9001
        protocol: tcp
        mode: host
    networks:
      - portainer_agent
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == linux]
 networks:
  portainer_agent:
    driver: overlay
    attachable: true
--- a/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml
@ -65,7 +65,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.33.2
+        image: portainer/agent:2.0.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/ee/portainer-agent-ee20-edge-k8s.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-ee20-edge-k8s.yaml
@ -1,95 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: portainer
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: portainer-crb-clusteradmin
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
 - kind: ServiceAccount
  name: portainer-sa-clusteradmin
  namespace: portainer
 # Optional: can be added to expose the agent port 80 to associate an Edge key.
 # ---
 # apiVersion: v1
 # kind: Service
 # metadata:
 #   name: portainer-agent
 #   namespace: portainer
 # spec:
 #   type: LoadBalancer
 #   selector:
 #     app: portainer-agent
 #   ports:
 #     - name: http
 #       protocol: TCP
 #       port: 80
 #       targetPort: 80
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  clusterIP: None
  selector:
    app: portainer-agent
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  selector:
    matchLabels:
      app: portainer-agent
  template:
    metadata:
      labels:
        app: portainer-agent
    spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
        image: portainer/agent:2.0.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
          value: INFO
        - name: KUBERNETES_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: EDGE
          value: "1"
        - name: AGENT_CLUSTER_ADDR
          value: "portainer-agent"
        - name: EDGE_ID
          valueFrom:
            configMapKeyRef:
              name: portainer-agent-edge-id
              key: edge.id
        - name: EDGE_KEY
          valueFrom:
            secretKeyRef:
              name: portainer-agent-edge-key
              key: edge.key
        ports:
        - containerPort: 9001
          protocol: TCP
        - containerPort: 80
          protocol: TCP
--- a/deploy/manifests/agent/ee/portainer-agent-ee20-k8s-lb.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-ee20-k8s-lb.yaml
@ -1,80 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: portainer
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
  name: portainer-crb-clusteradmin
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
 - kind: ServiceAccount
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  type: LoadBalancer
  selector:
    app: portainer-agent
  ports:
    - name: http
      protocol: TCP
      port: 9001
      targetPort: 9001
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent-headless
  namespace: portainer
 spec:
  clusterIP: None
  selector:
    app: portainer-agent
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  selector:
    matchLabels:
      app: portainer-agent
  template:
    metadata:
      labels:
        app: portainer-agent
    spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
        image: portainer/agent:2.0.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
          value: DEBUG
        - name: AGENT_CLUSTER_ADDR
          value: "portainer-agent-headless"
        - name: KUBERNETES_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        ports:
        - containerPort: 9001
          protocol: TCP
--- a/deploy/manifests/agent/ee/portainer-agent-ee20-k8s-nodeport.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-ee20-k8s-nodeport.yaml
@ -1,81 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: portainer
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: portainer-crb-clusteradmin
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
 - kind: ServiceAccount
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  type: NodePort
  selector:
    app: portainer-agent
  ports:
    - name: http
      protocol: TCP
      port: 9001
      targetPort: 9001
      nodePort: 30778
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent-headless
  namespace: portainer
 spec:
  clusterIP: None
  selector:
    app: portainer-agent
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  selector:
    matchLabels:
      app: portainer-agent
  template:
    metadata:
      labels:
        app: portainer-agent
    spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
        image: portainer/agent:2.0.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
          value: DEBUG
        - name: AGENT_CLUSTER_ADDR
          value: "portainer-agent-headless"
        - name: KUBERNETES_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        ports:
        - containerPort: 9001
          protocol: TCP
--- a/deploy/manifests/agent/ee/portainer-agent-ee210-edge-k8s.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-ee210-edge-k8s.yaml
@ -1,100 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: portainer
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: portainer-crb-clusteradmin
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
  - kind: ServiceAccount
    name: portainer-sa-clusteradmin
    namespace: portainer
 # Optional: can be added to expose the agent port 80 to associate an Edge key.
 # ---
 # apiVersion: v1
 # kind: Service
 # metadata:
 #   name: portainer-agent
 #   namespace: portainer
 # spec:
 #   type: LoadBalancer
 #   selector:
 #     app: portainer-agent
 #   ports:
 #     - name: http
 #       protocol: TCP
 #       port: 80
 #       targetPort: 80
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  clusterIP: None
  selector:
    app: portainer-agent
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  selector:
    matchLabels:
      app: portainer-agent
  template:
    metadata:
      labels:
        app: portainer-agent
    spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
        - name: portainer-agent
          image: portainer/agent:2.10.0
          imagePullPolicy: Always
          env:
            - name: LOG_LEVEL
              value: INFO
            - name: KUBERNETES_POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: EDGE
              value: "1"
            - name: AGENT_CLUSTER_ADDR
              value: "portainer-agent"
            - name: EDGE_ID
              valueFrom:
                configMapKeyRef:
                  name: portainer-agent-edge
                  key: edge.id
            - name: EDGE_INSECURE_POLL
              valueFrom:
                configMapKeyRef:
                  name: portainer-agent-edge
                  key: edge.insecure_poll
            - name: EDGE_KEY
              valueFrom:
                secretKeyRef:
                  name: portainer-agent-edge-key
                  key: edge.key
          ports:
            - containerPort: 9001
              protocol: TCP
            - containerPort: 80
              protocol: TCP
--- a/deploy/manifests/agent/ee/portainer-agent-ee210-k8s-lb.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-ee210-k8s-lb.yaml
@ -1,80 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: portainer
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: portainer-crb-clusteradmin
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
 - kind: ServiceAccount
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  type: LoadBalancer
  selector:
    app: portainer-agent
  ports:
    - name: http
      protocol: TCP
      port: 9001
      targetPort: 9001
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent-headless
  namespace: portainer
 spec:
  clusterIP: None
  selector:
    app: portainer-agent
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  selector:
    matchLabels:
      app: portainer-agent
  template:
    metadata:
      labels:
        app: portainer-agent
    spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
        image: portainer/agent:2.10.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
          value: INFO
        - name: AGENT_CLUSTER_ADDR
          value: "portainer-agent-headless"
        - name: KUBERNETES_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        ports:
        - containerPort: 9001
          protocol: TCP
--- a/deploy/manifests/agent/ee/portainer-agent-ee210-k8s-nodeport.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-ee210-k8s-nodeport.yaml
@ -1,81 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: portainer
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: portainer-crb-clusteradmin
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
 - kind: ServiceAccount
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  type: NodePort
  selector:
    app: portainer-agent
  ports:
    - name: http
      protocol: TCP
      port: 9001
      targetPort: 9001
      nodePort: 30778
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent-headless
  namespace: portainer
 spec:
  clusterIP: None
  selector:
    app: portainer-agent
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  selector:
    matchLabels:
      app: portainer-agent
  template:
    metadata:
      labels:
        app: portainer-agent
    spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
        image: portainer/agent:2.4.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
          value: INFO
        - name: AGENT_CLUSTER_ADDR
          value: "portainer-agent-headless"
        - name: KUBERNETES_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        ports:
        - containerPort: 9001
          protocol: TCP
--- a/deploy/manifests/agent/ee/portainer-agent-ee24-edge-k8s.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-ee24-edge-k8s.yaml
@ -1,95 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: portainer
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: portainer-crb-clusteradmin
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
 - kind: ServiceAccount
  name: portainer-sa-clusteradmin
  namespace: portainer
 # Optional: can be added to expose the agent port 80 to associate an Edge key.
 # ---
 # apiVersion: v1
 # kind: Service
 # metadata:
 #   name: portainer-agent
 #   namespace: portainer
 # spec:
 #   type: LoadBalancer
 #   selector:
 #     app: portainer-agent
 #   ports:
 #     - name: http
 #       protocol: TCP
 #       port: 80
 #       targetPort: 80
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  clusterIP: None
  selector:
    app: portainer-agent
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  selector:
    matchLabels:
      app: portainer-agent
  template:
    metadata:
      labels:
        app: portainer-agent
    spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
        image: portainer/agent:2.4.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
          value: INFO
        - name: KUBERNETES_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: EDGE
          value: "1"
        - name: AGENT_CLUSTER_ADDR
          value: "portainer-agent"
        - name: EDGE_ID
          valueFrom:
            configMapKeyRef:
              name: portainer-agent-edge-id
              key: edge.id
        - name: EDGE_KEY
          valueFrom:
            secretKeyRef:
              name: portainer-agent-edge-key
              key: edge.key
        ports:
        - containerPort: 9001
          protocol: TCP
        - containerPort: 80
          protocol: TCP
--- a/deploy/manifests/agent/ee/portainer-agent-ee24-k8s-lb.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-ee24-k8s-lb.yaml
@ -1,80 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: portainer
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: portainer-crb-clusteradmin
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
 - kind: ServiceAccount
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  type: LoadBalancer
  selector:
    app: portainer-agent
  ports:
    - name: http
      protocol: TCP
      port: 9001
      targetPort: 9001
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent-headless
  namespace: portainer
 spec:
  clusterIP: None
  selector:
    app: portainer-agent
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  selector:
    matchLabels:
      app: portainer-agent
  template:
    metadata:
      labels:
        app: portainer-agent
    spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
        image: portainer/agent:2.4.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
          value: INFO
        - name: AGENT_CLUSTER_ADDR
          value: "portainer-agent-headless"
        - name: KUBERNETES_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        ports:
        - containerPort: 9001
          protocol: TCP
--- a/deploy/manifests/agent/ee/portainer-agent-ee24-k8s-nodeport.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-ee24-k8s-nodeport.yaml
@ -1,81 +0,0 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: portainer
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: portainer-crb-clusteradmin
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
 - kind: ServiceAccount
  name: portainer-sa-clusteradmin
  namespace: portainer
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  type: NodePort
  selector:
    app: portainer-agent
  ports:
    - name: http
      protocol: TCP
      port: 9001
      targetPort: 9001
      nodePort: 30778
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: portainer-agent-headless
  namespace: portainer
 spec:
  clusterIP: None
  selector:
    app: portainer-agent
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: portainer-agent
  namespace: portainer
 spec:
  selector:
    matchLabels:
      app: portainer-agent
  template:
    metadata:
      labels:
        app: portainer-agent
    spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
        image: portainer/agent:2.4.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
          value: INFO
        - name: AGENT_CLUSTER_ADDR
          value: "portainer-agent-headless"
        - name: KUBERNETES_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        ports:
        - containerPort: 9001
          protocol: TCP
--- a/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml
@ -64,7 +64,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.33.2
+        image: portainer/agent:2.0.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml
@ -65,7 +65,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.33.2
+        image: portainer/agent:2.0.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/ee/portainer-edge-agent-setup.sh
+++ b/deploy/manifests/agent/ee/portainer-edge-agent-setup.sh
--- a/deploy/manifests/agent/ee/portainer-ee210-edge-agent-setup.sh
+++ b/deploy/manifests/agent/ee/portainer-ee210-edge-agent-setup.sh
@ -1,80 +0,0 @@
 #!/usr/bin/env bash
 # Script used to deploy the Portainer Edge agent inside a Kubernetes cluster.
 # Requires:
 # curl
 # kubectl
 ### COLOR OUTPUT ###
 ESeq="\x1b["
 RCol="$ESeq"'0m'    # Text Reset
 # Regular               Bold                    Underline               High Intensity          BoldHigh Intens         Background              High Intensity Backgrounds
 Bla="$ESeq"'0;30m';     BBla="$ESeq"'1;30m';    UBla="$ESeq"'4;30m';    IBla="$ESeq"'0;90m';    BIBla="$ESeq"'1;90m';   On_Bla="$ESeq"'40m';    On_IBla="$ESeq"'0;100m';
 Red="$ESeq"'0;31m';     BRed="$ESeq"'1;31m';    URed="$ESeq"'4;31m';    IRed="$ESeq"'0;91m';    BIRed="$ESeq"'1;91m';   On_Red="$ESeq"'41m';    On_IRed="$ESeq"'0;101m';
 Gre="$ESeq"'0;32m';     BGre="$ESeq"'1;32m';    UGre="$ESeq"'4;32m';    IGre="$ESeq"'0;92m';    BIGre="$ESeq"'1;92m';   On_Gre="$ESeq"'42m';    On_IGre="$ESeq"'0;102m';
 Yel="$ESeq"'0;33m';     BYel="$ESeq"'1;33m';    UYel="$ESeq"'4;33m';    IYel="$ESeq"'0;93m';    BIYel="$ESeq"'1;93m';   On_Yel="$ESeq"'43m';    On_IYel="$ESeq"'0;103m';
 Blu="$ESeq"'0;34m';     BBlu="$ESeq"'1;34m';    UBlu="$ESeq"'4;34m';    IBlu="$ESeq"'0;94m';    BIBlu="$ESeq"'1;94m';   On_Blu="$ESeq"'44m';    On_IBlu="$ESeq"'0;104m';
 Pur="$ESeq"'0;35m';     BPur="$ESeq"'1;35m';    UPur="$ESeq"'4;35m';    IPur="$ESeq"'0;95m';    BIPur="$ESeq"'1;95m';   On_Pur="$ESeq"'45m';    On_IPur="$ESeq"'0;105m';
 Cya="$ESeq"'0;36m';     BCya="$ESeq"'1;36m';    UCya="$ESeq"'4;36m';    ICya="$ESeq"'0;96m';    BICya="$ESeq"'1;96m';   On_Cya="$ESeq"'46m';    On_ICya="$ESeq"'0;106m';
 Whi="$ESeq"'0;37m';     BWhi="$ESeq"'1;37m';    UWhi="$ESeq"'4;37m';    IWhi="$ESeq"'0;97m';    BIWhi="$ESeq"'1;97m';   On_Whi="$ESeq"'47m';    On_IWhi="$ESeq"'0;107m';
 printSection() {
  echo -e "${BIYel}>>>> ${BIWhi}${1}${RCol}"
 }
 info() {
  echo -e "${BIWhi}${1}${RCol}"
 }
 success() {
  echo -e "${BIGre}${1}${RCol}"
 }
 error() {
  echo -e "${BIRed}${1}${RCol}"
 }
 errorAndExit() {
  echo -e "${BIRed}${1}${RCol}"
  exit 1
 }
 ### !COLOR OUTPUT ###
 main() {
  if [[ $# -lt 2 ]]; then
    error "Not enough arguments"
    error "Usage: ${0} <EDGE_ID> <EDGE_KEY> <EDGE_INSECURE_POLL:optional>"
    exit 1
  fi
  local EDGE_ID="$1"
  local EDGE_KEY="$2"
  local EDGE_INSECURE_POLL="$3"
  [[ "$(command -v curl)" ]] || errorAndExit "Unable to find curl binary. Please ensure curl is installed before running this script."
  [[ "$(command -v kubectl)" ]] || errorAndExit "Unable to find kubectl binary. Please ensure kubectl is installed before running this script."
  info "Downloading agent manifest..."
  curl -L https://portainer.github.io/k8s/deploy/manifests/agent/ee/portainer-agent-ee210-edge-k8s.yaml -o portainer-agent-edge-k8s.yaml || errorAndExit "Unable to download agent manifest"
  info "Creating Portainer namespace..."
  kubectl create namespace portainer
  info "Creating agent configuration..."
  kubectl create configmap portainer-agent-edge --from-literal="edge.id=$EDGE_ID" --from-literal="edge.insecure_poll=$EDGE_INSECURE_POLL"  -n portainer
  info "Creating agent secret..."
  kubectl create secret generic portainer-agent-edge-key "--from-literal=edge.key=$EDGE_KEY" -n portainer
  info "Deploying agent..."
  kubectl apply -f portainer-agent-edge-k8s.yaml || errorAndExit "Unable to deploy agent manifest"
  success "Portainer Edge agent successfully deployed"
  exit 0
 }
 main "$@"
--- a/deploy/manifests/agent/ee/portainer-ee24-edge-agent-setup.sh
+++ b/deploy/manifests/agent/ee/portainer-ee24-edge-agent-setup.sh
@ -1,76 +0,0 @@
 #!/usr/bin/env bash
 # Script used to deploy the Portainer Edge agent inside a Kubernetes cluster.
 # Requires:
 # curl
 # kubectl
 ### COLOR OUTPUT ###
 ESeq="\x1b["
 RCol="$ESeq"'0m'    # Text Reset
 # Regular               Bold                    Underline               High Intensity          BoldHigh Intens         Background              High Intensity Backgrounds
 Bla="$ESeq"'0;30m';     BBla="$ESeq"'1;30m';    UBla="$ESeq"'4;30m';    IBla="$ESeq"'0;90m';    BIBla="$ESeq"'1;90m';   On_Bla="$ESeq"'40m';    On_IBla="$ESeq"'0;100m';
 Red="$ESeq"'0;31m';     BRed="$ESeq"'1;31m';    URed="$ESeq"'4;31m';    IRed="$ESeq"'0;91m';    BIRed="$ESeq"'1;91m';   On_Red="$ESeq"'41m';    On_IRed="$ESeq"'0;101m';
 Gre="$ESeq"'0;32m';     BGre="$ESeq"'1;32m';    UGre="$ESeq"'4;32m';    IGre="$ESeq"'0;92m';    BIGre="$ESeq"'1;92m';   On_Gre="$ESeq"'42m';    On_IGre="$ESeq"'0;102m';
 Yel="$ESeq"'0;33m';     BYel="$ESeq"'1;33m';    UYel="$ESeq"'4;33m';    IYel="$ESeq"'0;93m';    BIYel="$ESeq"'1;93m';   On_Yel="$ESeq"'43m';    On_IYel="$ESeq"'0;103m';
 Blu="$ESeq"'0;34m';     BBlu="$ESeq"'1;34m';    UBlu="$ESeq"'4;34m';    IBlu="$ESeq"'0;94m';    BIBlu="$ESeq"'1;94m';   On_Blu="$ESeq"'44m';    On_IBlu="$ESeq"'0;104m';
 Pur="$ESeq"'0;35m';     BPur="$ESeq"'1;35m';    UPur="$ESeq"'4;35m';    IPur="$ESeq"'0;95m';    BIPur="$ESeq"'1;95m';   On_Pur="$ESeq"'45m';    On_IPur="$ESeq"'0;105m';
 Cya="$ESeq"'0;36m';     BCya="$ESeq"'1;36m';    UCya="$ESeq"'4;36m';    ICya="$ESeq"'0;96m';    BICya="$ESeq"'1;96m';   On_Cya="$ESeq"'46m';    On_ICya="$ESeq"'0;106m';
 Whi="$ESeq"'0;37m';     BWhi="$ESeq"'1;37m';    UWhi="$ESeq"'4;37m';    IWhi="$ESeq"'0;97m';    BIWhi="$ESeq"'1;97m';   On_Whi="$ESeq"'47m';    On_IWhi="$ESeq"'0;107m';
 printSection() {
  echo -e "${BIYel}>>>> ${BIWhi}${1}${RCol}"
 }
 info() {
  echo -e "${BIWhi}${1}${RCol}"
 }
 success() {
  echo -e "${BIGre}${1}${RCol}"
 }
 error() {
  echo -e "${BIRed}${1}${RCol}"
 }
 errorAndExit() {
  echo -e "${BIRed}${1}${RCol}"
  exit 1
 }
 ### !COLOR OUTPUT ###
 main() {
  if [[ $# -ne 2 ]]; then
    error "Not enough arguments"
    error "Usage: ${0} <EDGE_ID> <EDGE_KEY>"
    exit 1
  fi
  [[ "$(command -v curl)" ]] || errorAndExit "Unable to find curl binary. Please ensure curl is installed before running this script."
  [[ "$(command -v kubectl)" ]] || errorAndExit "Unable to find kubectl binary. Please ensure kubectl is installed before running this script."
  info "Downloading agent manifest..."
  curl -L https://portainer.github.io/k8s/deploy/manifests/agent/ee/portainer-agent-ee24-edge-k8s.yaml -o portainer-agent-edge-k8s.yaml || errorAndExit "Unable to download agent manifest"
  info "Creating Portainer namespace..."
  kubectl create namespace portainer
  info "Creating agent configuration..."
  kubectl create configmap portainer-agent-edge-id "--from-literal=edge.id=$1" -n portainer
  info "Creating agent secret..."
  kubectl create secret generic portainer-agent-edge-key "--from-literal=edge.key=$2" -n portainer
  info "Deploying agent..."
  kubectl apply -f portainer-agent-edge-k8s.yaml || errorAndExit "Unable to deploy agent manifest"
  success "Portainer Edge agent successfully deployed"
  exit 0
 }
 main "$@"
--- a/deploy/manifests/agent/portainer-agent-edge-k8s.yaml
+++ b/deploy/manifests/agent/portainer-agent-edge-k8s.yaml
@ -65,7 +65,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.33.2
+        image: portainer/agent:2.0.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/portainer-agent-k8s-lb.yaml
+++ b/deploy/manifests/agent/portainer-agent-k8s-lb.yaml
@ -64,7 +64,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.33.2
+        image: portainer/agent:2.0.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml
+++ b/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml
@ -65,7 +65,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.33.2
+        image: portainer/agent:2.0.0
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/ee/portainer-ee20-edge-agent-setup.sh
+++ b/deploy/manifests/agent/ee/portainer-ee20-edge-agent-setup.sh
@ -55,7 +55,7 @@ main() {
  [[ "$(command -v kubectl)" ]] || errorAndExit "Unable to find kubectl binary. Please ensure kubectl is installed before running this script."
  info "Downloading agent manifest..."
-  curl -L https://portainer.github.io/k8s/deploy/manifests/agent/ee/portainer-agent-ee20-edge-k8s.yaml -o portainer-agent-edge-k8s.yaml || errorAndExit "Unable to download agent manifest"
+  curl -L https://portainer.github.io/k8s/deploy/manifests/agent/portainer-agent-edge-k8s.yaml -o portainer-agent-edge-k8s.yaml || errorAndExit "Unable to download agent manifest"
  info "Creating Portainer namespace..."
  kubectl create namespace portainer
--- a/deploy/manifests/portainer/portainer-ee.yaml
+++ b/deploy/manifests/portainer/portainer-ee.yaml
@ -14,21 +14,21 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
 apiVersion: "v1"
 metadata:
  name: portainer
-  namespace: portainer
+  namespace: portainer  
  annotations:
    volume.alpha.kubernetes.io/storage-class: "generic"
  labels:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 spec:
  accessModes:
    - "ReadWriteOnce"
@ -44,15 +44,15 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
-  - kind: ServiceAccount
+- kind: ServiceAccount
-    namespace: portainer
+  namespace: portainer
-    name: portainer-sa-clusteradmin
+  name: portainer-sa-clusteradmin
 ---
 # Source: portainer/templates/service.yaml
 apiVersion: v1
@ -64,7 +64,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 spec:
  type: NodePort
  ports:
@ -73,11 +73,6 @@ spec:
      protocol: TCP
      name: http
      nodePort: 30777
    - port: 9443
      targetPort: 9443
      protocol: TCP
      name: https
      nodePort: 30779
    - port: 30776
      targetPort: 30776
      protocol: TCP
@ -97,7 +92,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 spec:
  replicas: 1
  strategy:
@ -116,15 +111,14 @@ spec:
        {}
      serviceAccountName: portainer-sa-clusteradmin
      volumes:
-        - name: "data"
+         - name: "data"
-          persistentVolumeClaim:
+           persistentVolumeClaim:
-            claimName: portainer
+             claimName: portainer      
      containers:
        - name: portainer
-          image: "portainer/portainer-ee:2.33.2"
+          image: "portainer/portainer-ee:2.0.0"
          imagePullPolicy: Always
-          args:
+          args:  [ '--tunnel-port','30776' ]          
            - '--tunnel-port=30776'
          volumeMounts:
            - name: data
              mountPath: /data
@ -132,21 +126,17 @@ spec:
            - name: http
              containerPort: 9000
              protocol: TCP
            - name: https
              containerPort: 9443
              protocol: TCP
            - name: tcp-edge
              containerPort: 8000
-              protocol: TCP
+              protocol: TCP              
          livenessProbe:
            httpGet:
              path: /
-              port: 9443
+              port: 9000
              scheme: HTTPS
          readinessProbe:
            httpGet:
              path: /
-              port: 9443
+              port: 9000
              scheme: HTTPS
          resources:
            {}
--- a/deploy/manifests/portainer/portainer-lb-ee.yaml
+++ b/deploy/manifests/portainer/portainer-lb-ee.yaml
@ -14,21 +14,21 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
 apiVersion: "v1"
 metadata:
  name: portainer
-  namespace: portainer
+  namespace: portainer  
  annotations:
    volume.alpha.kubernetes.io/storage-class: "generic"
  labels:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 spec:
  accessModes:
    - "ReadWriteOnce"
@ -44,15 +44,15 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
-  - kind: ServiceAccount
+- kind: ServiceAccount
-    namespace: portainer
+  namespace: portainer
-    name: portainer-sa-clusteradmin
+  name: portainer-sa-clusteradmin
 ---
 # Source: portainer/templates/service.yaml
 apiVersion: v1
@ -64,7 +64,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 spec:
  type: LoadBalancer
  ports:
@ -72,10 +72,6 @@ spec:
      targetPort: 9000
      protocol: TCP
      name: http
    - port: 9443
      targetPort: 9443
      protocol: TCP
      name: https
    - port: 8000
      targetPort: 8000
      protocol: TCP
@ -94,7 +90,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 spec:
  replicas: 1
  strategy:
@ -113,14 +109,13 @@ spec:
        {}
      serviceAccountName: portainer-sa-clusteradmin
      volumes:
-        - name: "data"
+         - name: "data"
-          persistentVolumeClaim:
+           persistentVolumeClaim:
-            claimName: portainer
+             claimName: portainer      
      containers:
        - name: portainer
-          image: "portainer/portainer-ee:2.33.2"
+          image: "portainer/portainer-ee:2.0.0"
-          imagePullPolicy: Always
+          imagePullPolicy: Always          
          args:
          volumeMounts:
            - name: data
              mountPath: /data
@ -128,21 +123,17 @@ spec:
            - name: http
              containerPort: 9000
              protocol: TCP
            - name: https
              containerPort: 9443
              protocol: TCP
            - name: tcp-edge
              containerPort: 8000
-              protocol: TCP
+              protocol: TCP              
          livenessProbe:
            httpGet:
              path: /
-              port: 9443
+              port: 9000
              scheme: HTTPS
          readinessProbe:
            httpGet:
              path: /
-              port: 9443
+              port: 9000
              scheme: HTTPS
          resources:
            {}
--- a/deploy/manifests/portainer/portainer-lb.yaml
+++ b/deploy/manifests/portainer/portainer-lb.yaml
@ -14,21 +14,21 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
 apiVersion: "v1"
 metadata:
  name: portainer
-  namespace: portainer
+  namespace: portainer  
  annotations:
    volume.alpha.kubernetes.io/storage-class: "generic"
  labels:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 spec:
  accessModes:
    - "ReadWriteOnce"
@ -44,15 +44,15 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
-  - kind: ServiceAccount
+- kind: ServiceAccount
-    namespace: portainer
+  namespace: portainer
-    name: portainer-sa-clusteradmin
+  name: portainer-sa-clusteradmin
 ---
 # Source: portainer/templates/service.yaml
 apiVersion: v1
@ -64,7 +64,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 spec:
  type: LoadBalancer
  ports:
@ -72,10 +72,6 @@ spec:
      targetPort: 9000
      protocol: TCP
      name: http
    - port: 9443
      targetPort: 9443
      protocol: TCP
      name: https
    - port: 8000
      targetPort: 8000
      protocol: TCP
@ -94,7 +90,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 spec:
  replicas: 1
  strategy:
@ -113,14 +109,13 @@ spec:
        {}
      serviceAccountName: portainer-sa-clusteradmin
      volumes:
-        - name: "data"
+         - name: "data"
-          persistentVolumeClaim:
+           persistentVolumeClaim:
-            claimName: portainer
+             claimName: portainer      
      containers:
        - name: portainer
-          image: "portainer/portainer-ce:2.33.2"
+          image: "portainer/portainer-ce:latest"
-          imagePullPolicy: Always
+          imagePullPolicy: Always          
          args:
          volumeMounts:
            - name: data
              mountPath: /data
@ -128,21 +123,17 @@ spec:
            - name: http
              containerPort: 9000
              protocol: TCP
            - name: https
              containerPort: 9443
              protocol: TCP
            - name: tcp-edge
              containerPort: 8000
-              protocol: TCP
+              protocol: TCP              
          livenessProbe:
            httpGet:
              path: /
-              port: 9443
+              port: 9000
              scheme: HTTPS
          readinessProbe:
            httpGet:
              path: /
-              port: 9443
+              port: 9000
              scheme: HTTPS
          resources:
            {}
--- a/deploy/manifests/portainer/portainer.yaml
+++ b/deploy/manifests/portainer/portainer.yaml
@ -14,21 +14,21 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
 apiVersion: "v1"
 metadata:
  name: portainer
-  namespace: portainer
+  namespace: portainer  
  annotations:
    volume.alpha.kubernetes.io/storage-class: "generic"
  labels:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 spec:
  accessModes:
    - "ReadWriteOnce"
@ -44,15 +44,15 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
 subjects:
-  - kind: ServiceAccount
+- kind: ServiceAccount
-    namespace: portainer
+  namespace: portainer
-    name: portainer-sa-clusteradmin
+  name: portainer-sa-clusteradmin
 ---
 # Source: portainer/templates/service.yaml
 apiVersion: v1
@ -64,7 +64,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 spec:
  type: NodePort
  ports:
@ -73,11 +73,6 @@ spec:
      protocol: TCP
      name: http
      nodePort: 30777
    - port: 9443
      targetPort: 9443
      protocol: TCP
      name: https
      nodePort: 30779
    - port: 30776
      targetPort: 30776
      protocol: TCP
@ -97,7 +92,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.33.2"
+    app.kubernetes.io/version: "ce-latest-ee-2.0.0"
 spec:
  replicas: 1
  strategy:
@ -116,15 +111,14 @@ spec:
        {}
      serviceAccountName: portainer-sa-clusteradmin
      volumes:
-        - name: "data"
+         - name: "data"
-          persistentVolumeClaim:
+           persistentVolumeClaim:
-            claimName: portainer
+             claimName: portainer      
      containers:
        - name: portainer
-          image: "portainer/portainer-ce:2.33.2"
+          image: "portainer/portainer-ce:latest"
          imagePullPolicy: Always
-          args:
+          args:  [ '--tunnel-port','30776' ]          
            - '--tunnel-port=30776'
          volumeMounts:
            - name: data
              mountPath: /data
@ -132,21 +126,17 @@ spec:
            - name: http
              containerPort: 9000
              protocol: TCP
            - name: https
              containerPort: 9443
              protocol: TCP
            - name: tcp-edge
              containerPort: 8000
-              protocol: TCP
+              protocol: TCP              
          livenessProbe:
            httpGet:
              path: /
-              port: 9443
+              port: 9000
              scheme: HTTPS
          readinessProbe:
            httpGet:
              path: /
-              port: 9443
+              port: 9000
              scheme: HTTPS
          resources:
            {}