mirror of https://github.com/portainer/k8s.git
Compare commits
No commits in common. "master" and "portainer-1.0.10" have entirely different histories.
master
...
portainer-
|
|
@ -5,26 +5,21 @@ on:
|
|||
paths:
|
||||
- 'charts/**'
|
||||
- '.github/**'
|
||||
pull_request:
|
||||
branches:
|
||||
- master
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
KUBE_SCORE_VERSION: 1.10.0
|
||||
HELM_VERSION: v3.10.1
|
||||
HELM_VERSION: v3.4.1
|
||||
|
||||
jobs:
|
||||
lint-test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
uses: actions/checkout@v1
|
||||
|
||||
- name: Set up Helm
|
||||
uses: azure/setup-helm@v4.2.0
|
||||
uses: azure/setup-helm@v1
|
||||
with:
|
||||
version: ${{ env.HELM_VERSION }}
|
||||
|
||||
|
|
@ -45,14 +40,12 @@ jobs:
|
|||
--enable-optional-test container-security-context-privileged
|
||||
|
||||
# python is a requirement for the chart-testing action below (supports yamllint among other tests)
|
||||
- uses: actions/setup-python@v5.3.0
|
||||
- uses: actions/setup-python@v2
|
||||
with:
|
||||
python-version: 3.13.1
|
||||
python-version: 3.7
|
||||
|
||||
- name: Set up chart-testing
|
||||
uses: helm/chart-testing-action@v2.6.1
|
||||
with:
|
||||
version: v3.10.1
|
||||
uses: helm/chart-testing-action@v2.0.1
|
||||
|
||||
- name: Run chart-testing (list-changed)
|
||||
id: list-changed
|
||||
|
|
@ -66,42 +59,32 @@ jobs:
|
|||
run: ct lint --config .ci/ct-config.yaml
|
||||
|
||||
# Refer to https://github.com/kubernetes-sigs/kind/releases when updating the node_images
|
||||
- name: Create 1.29 kind cluster
|
||||
uses: helm/kind-action@v1.12.0
|
||||
- name: Create 1.20 kind cluster
|
||||
uses: helm/kind-action@v1.1.0
|
||||
with:
|
||||
node_image: kindest/node:v1.29.14@sha256:8703bd94ee24e51b778d5556ae310c6c0fa67d761fae6379c8e0bb480e6fea29
|
||||
cluster_name: kubernetes-1.29
|
||||
node_image: kindest/node:v1.20.2@sha256:8f7ea6e7642c0da54f04a7ee10431549c0257315b3a634f6ef2fecaaedb19bab
|
||||
cluster_name: kubernetes-1.20
|
||||
if: steps.list-changed.outputs.changed == 'true'
|
||||
|
||||
- name: Run chart-testing (install) against 1.29
|
||||
- name: Run chart-testing (install) against 1.20
|
||||
run: ct install --config .ci/ct-config.yaml
|
||||
|
||||
- name: Create 1.30 kind cluster
|
||||
uses: helm/kind-action@v1.12.0
|
||||
- name: Create 1.19 kind cluster
|
||||
uses: helm/kind-action@v1.1.0
|
||||
with:
|
||||
node_image: kindest/node:v1.30.10@sha256:4de75d0e82481ea846c0ed1de86328d821c1e6a6a91ac37bf804e5313670e507
|
||||
cluster_name: kubernetes-1.30
|
||||
node_image: kindest/node:v1.19.7@sha256:a70639454e97a4b733f9d9b67e12c01f6b0297449d5b9cbbef87473458e26dca
|
||||
cluster_name: kubernetes-1.19
|
||||
if: steps.list-changed.outputs.changed == 'true'
|
||||
|
||||
- name: Run chart-testing (install) against 1.30
|
||||
- name: Run chart-testing (install) against 1.19
|
||||
run: ct install --config .ci/ct-config.yaml
|
||||
|
||||
- name: Create 1.31 kind cluster
|
||||
uses: helm/kind-action@v1.12.0
|
||||
- name: Create 1.18 kind cluster
|
||||
uses: helm/kind-action@v1.1.0
|
||||
with:
|
||||
node_image: kindest/node:v1.31.6@sha256:28b7cbb993dfe093c76641a0c95807637213c9109b761f1d422c2400e22b8e87
|
||||
cluster_name: kubernetes-1.31
|
||||
node_image: kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4
|
||||
cluster_name: kubernetes-1.18
|
||||
if: steps.list-changed.outputs.changed == 'true'
|
||||
|
||||
- name: Run chart-testing (install) against 1.31
|
||||
run: ct install --config .ci/ct-config.yaml
|
||||
|
||||
- name: Create 1.32 kind cluster
|
||||
uses: helm/kind-action@v1.12.0
|
||||
with:
|
||||
node_image: kindest/node:v1.32.2@sha256:f226345927d7e348497136874b6d207e0b32cc52154ad8323129352923a3142f
|
||||
cluster_name: kubernetes-1.32
|
||||
if: steps.list-changed.outputs.changed == 'true'
|
||||
|
||||
- name: Run chart-testing (install) against 1.32
|
||||
- name: Run chart-testing (install) against 1.18
|
||||
run: ct install --config .ci/ct-config.yaml
|
||||
|
|
@ -11,11 +11,9 @@ on:
|
|||
|
||||
jobs:
|
||||
build:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
pages: write
|
||||
pull-requests: write
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
|
||||
|
|
|
|||
|
|
@ -16,16 +16,16 @@ type: application
|
|||
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
version: 1.0.10
|
||||
|
||||
version: 2.33.2
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application.
|
||||
appVersion: ce-latest-ee-2.33.2
|
||||
appVersion: ce-latest-ee-2.0.0
|
||||
|
||||
sources:
|
||||
- https://github.com/portainer/k8s
|
||||
|
||||
maintainers:
|
||||
- name: Portainer
|
||||
email: platform-team@portainer.io
|
||||
url: https://www.portainer.io
|
||||
- name: funkypenguin
|
||||
email: davidy@funkypenguin.co.nz
|
||||
url: https://www.funkypenguin.co.nz
|
||||
|
|
@ -64,26 +64,19 @@ The following table lists the configurable parameters of the Portainer chart and
|
|||
| `nodeSelector` | Used to apply a nodeSelector to the deployment | `{}` |
|
||||
| `serviceAccount.annotations` | Annotations to add to the service account | `null` |
|
||||
| `serviceAccount.name` | The name of the service account to use | `portainer-sa-clusteradmin` |
|
||||
| `localMgmt` | Enables or disables the creation of SA, Roles in local cluster where Portainer runs, only change when you don't need to manage the local cluster through this Portainer instance | `true` |
|
||||
| `service.type` | Service Type for the main Portainer Service; ClusterIP, NodePort and LoadBalancer | `LoadBalancer` |
|
||||
| `service.httpPort` | HTTP port for accessing Portainer Web | `9000` |
|
||||
| `service.httpNodePort` | Static NodePort for accessing Portainer Web. Specify only if the type is NodePort | `30777` |
|
||||
| `service.edgePort` | TCP port for accessing Portainer Edge | `8000` |
|
||||
| `service.edgeNodePort` | Static NodePort for accessing Portainer Edge. Specify only if the type is NodePort | `30776` |
|
||||
| `service.annotations` | Annotations to add to the service | `{}` |
|
||||
| `feature.flags` | Enable one or more features separated by spaces. For instance, `--feat=open-amt` | `nil` |
|
||||
| `ingress.enabled` | Create an ingress for Portainer | `false` |
|
||||
| `ingress.ingressClassName` | For Kubernetes >= 1.18 you should specify the ingress-controller via the field `ingressClassName`. For instance, `nginx` | `nil` |
|
||||
| `ingress.annotations` | Annotations to add to the ingress. For instane, `kubernetes.io/ingress.class: nginx` | `{}` |
|
||||
| `ingress.hosts.host` | URL for Portainer Web. For instance, `portainer.example.io` | `nil` |
|
||||
| `ingress.hosts.paths.path` | Path for the Portainer Web. | `/` |
|
||||
| `ingress.hosts.paths.port` | Port for the Portainer Web. | `9000` |
|
||||
| `ingress.tls` | TLS support on ingress. Must create a secret with TLS certificates in advance | `[]` |
|
||||
| `resources` | Portainer resource requests and limits | `{}` |
|
||||
| `tls.force` | Force Portainer to be configured to use TLS only | `false` |
|
||||
| `tls.existingSecret` | Mount the existing TLS secret into the pod | `""` |
|
||||
| `mtls.enable` | Option to specicy mtls Certs to be used by Portainer | `false` |
|
||||
| `mtls.existingSecret` | Mount the existing mtls secret into the pod | `""` |
|
||||
| `persistence.enabled` | Whether to enable data persistence | `true` |
|
||||
| `persistence.existingClaim` | Name of an existing PVC to use for data persistence | `nil` |
|
||||
| `persistence.size` | Size of the PVC used for persistence | `10Gi` |
|
||||
|
|
@ -91,3 +84,5 @@ The following table lists the configurable parameters of the Portainer chart and
|
|||
| `persistence.storageClass` | StorageClass to apply to PVC used for persistence | `default` |
|
||||
| `persistence.accessMode` | AccessMode for persistence | `ReadWriteOnce` |
|
||||
| `persistence.selector` | Selector for persistence | `nil` |
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,27 +1,21 @@
|
|||
1. Get the application URL by running these commands:
|
||||
{{- if .Values.ingress.enabled }}
|
||||
{{- range $host := .Values.ingress.hosts }}
|
||||
{{- range .paths }}
|
||||
Use the URL below to access the application
|
||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ if .port }}:{{ .port }}{{ else }}{{ end }}{{.path}}
|
||||
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ if .port }}:{{ .port }}{{ else }}:9000{{ end }}{{.path}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else if contains "NodePort" .Values.service.type }}
|
||||
Get the application URL by running these commands:
|
||||
{{- if .Values.tls.force }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "portainer.fullname" . }})
|
||||
{{- else }}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ include "portainer.fullname" . }})
|
||||
{{- end}}
|
||||
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "portainer.fullname" . }})
|
||||
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
|
||||
echo https://$NODE_IP:$NODE_PORT
|
||||
echo http://$NODE_IP:$NODE_PORT
|
||||
{{- else if contains "LoadBalancer" .Values.service.type }}
|
||||
Get the application URL by running these commands:
|
||||
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
|
||||
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "portainer.fullname" . }}'
|
||||
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "portainer.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
|
||||
echo https://$SERVICE_IP:{{ .Values.service.httpsPort }}
|
||||
echo http://$SERVICE_IP:{{ .Values.service.httpPort }}
|
||||
{{- else if contains "ClusterIP" .Values.service.type }}
|
||||
Get the application URL by running these commands:
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "portainer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].me$ echo "Visit http://127.0.0.1:9443 to use your application"
|
||||
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9443:9443
|
||||
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "portainer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
|
||||
echo "Visit http://127.0.0.1:9000 to use your application"
|
||||
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9000:9000
|
||||
{{- end }}
|
||||
|
|
|
|||
|
|
@ -72,16 +72,3 @@ Provide a pre-defined claim or a claim based on the Release
|
|||
{{- template "portainer.fullname" . }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Generate a right Ingress apiVersion
|
||||
*/}}
|
||||
{{- define "ingress.apiVersion" -}}
|
||||
{{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
networking.k8s.io/v1
|
||||
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
networking.k8s.io/v1beta1
|
||||
{{- else -}}
|
||||
extensions/v1
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -18,31 +18,16 @@ spec:
|
|||
labels:
|
||||
{{- include "portainer.selectorLabels" . | nindent 8 }}
|
||||
spec:
|
||||
nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }}
|
||||
tolerations: {{- toYaml .Values.tolerations | nindent 8 -}}
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 -}}
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.localMgmt }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "portainer.serviceAccountName" . }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if .Values.persistence.enabled }}
|
||||
- name: "data"
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ template "portainer.pvcName" . }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.existingSecret }}
|
||||
- name: certs
|
||||
secret:
|
||||
secretName: {{ .Values.tls.existingSecret }}
|
||||
{{- end }}
|
||||
{{- if .Values.mtls.existingSecret }}
|
||||
- name: mtlscerts
|
||||
secret:
|
||||
secretName: {{ .Values.mtls.existingSecret }}
|
||||
{{- end }}
|
||||
- name: "data"
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ template "portainer.pvcName" . }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
{{- if .Values.enterpriseEdition.enabled }}
|
||||
|
|
@ -52,150 +37,26 @@ spec:
|
|||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- end }}
|
||||
args:
|
||||
{{- if .Values.tls.force }}
|
||||
- --http-disabled
|
||||
{{- end }}
|
||||
{{- if .Values.tls.existingSecret }}
|
||||
- --tlscert=/certs/tls.crt
|
||||
- --tlskey=/certs/tls.key
|
||||
{{- end }}
|
||||
{{- if .Values.mtls.existingSecret }}
|
||||
- --mtlscacert=/certs/mtls/mtlsca.crt
|
||||
- --mtlscert=/certs/mtls/mtlscert.crt
|
||||
- --mtlskey=/certs/mtls/mtlskey.key
|
||||
{{- end }}
|
||||
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
|
||||
- '--tunnel-port={{ .Values.service.edgeNodePort }}'
|
||||
{{- end }}
|
||||
{{- if and .Values.trusted_origins.enabled (not (empty .Values.trusted_origins.domains)) }}
|
||||
- '--trusted-origins={{ .Values.trusted_origins.domains | trim | quote }}'
|
||||
{{- end }}
|
||||
{{- range .Values.feature.flags }}
|
||||
- {{ . | squote }}
|
||||
{{- end }}
|
||||
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
|
||||
args: [ '--tunnel-port','{{ .Values.service.edgeNodePort }}' ]
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{- if .Values.persistence.enabled }}
|
||||
- name: data
|
||||
mountPath: /data
|
||||
{{- end }}
|
||||
{{- if .Values.tls.existingSecret }}
|
||||
- name: certs
|
||||
mountPath: /certs
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if .Values.mtls.existingSecret }}
|
||||
- name: mtlscerts
|
||||
mountPath: /certs/mtls
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
ports:
|
||||
{{- if not .Values.tls.force }}
|
||||
- name: http
|
||||
containerPort: 9000
|
||||
protocol: TCP
|
||||
{{- end }}
|
||||
- name: https
|
||||
containerPort: 9443
|
||||
protocol: TCP
|
||||
- name: tcp-edge
|
||||
containerPort: 8000
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
failureThreshold: 5
|
||||
initialDelaySeconds: 45
|
||||
periodSeconds: 30
|
||||
httpGet:
|
||||
path: /
|
||||
{{- if .Values.tls.force }}
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
{{- else }}
|
||||
{{- if .Values.enterpriseEdition.enabled }}
|
||||
{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+$" .Values.enterpriseEdition.image.tag }}
|
||||
{{- if eq (semver .Values.enterpriseEdition.image.tag | (semver "2.7.0").Compare) -1 }}
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
{{- else }}
|
||||
port: 9000
|
||||
scheme: HTTP
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{- if eq .Values.enterpriseEdition.image.tag "latest" }}
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
{{- else }}
|
||||
port: 9000
|
||||
scheme: HTTP
|
||||
{{- end }}
|
||||
{{- end}}
|
||||
{{- else }}
|
||||
{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+$" .Values.image.tag }}
|
||||
{{- if eq (semver .Values.image.tag | (semver "2.6.0").Compare) -1 }}
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
{{- else }}
|
||||
port: 9000
|
||||
scheme: HTTP
|
||||
{{- end}}
|
||||
{{- else }}
|
||||
{{- if eq .Values.image.tag "latest" }}
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
{{- else }}
|
||||
port: 9000
|
||||
scheme: HTTP
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
readinessProbe:
|
||||
failureThreshold: 5
|
||||
initialDelaySeconds: 45
|
||||
periodSeconds: 30
|
||||
httpGet:
|
||||
path: /
|
||||
{{- if .Values.tls.force }}
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
{{- else }}
|
||||
{{- if .Values.enterpriseEdition.enabled }}
|
||||
{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+$" .Values.enterpriseEdition.image.tag }}
|
||||
{{- if eq (semver .Values.enterpriseEdition.image.tag | (semver "2.7.0").Compare) -1 }}
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
{{- else }}
|
||||
port: 9000
|
||||
scheme: HTTP
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
{{- if eq .Values.enterpriseEdition.image.tag "latest" }}
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
{{- else }}
|
||||
port: 9000
|
||||
scheme: HTTP
|
||||
{{- end }}
|
||||
{{- end}}
|
||||
{{- else }}
|
||||
{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+$" .Values.image.tag }}
|
||||
{{- if eq (semver .Values.image.tag | (semver "2.6.0").Compare) -1 }}
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
{{- else }}
|
||||
port: 9000
|
||||
scheme: HTTP
|
||||
{{- end}}
|
||||
{{- else }}
|
||||
{{- if eq .Values.image.tag "latest" }}
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
{{- else }}
|
||||
port: 9000
|
||||
scheme: HTTP
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,10 @@
|
|||
{{- if .Values.ingress.enabled -}}
|
||||
{{- $fullName := include "portainer.fullname" . -}}
|
||||
{{- $tlsforced := .Values.tls.force -}}
|
||||
{{- $apiVersion := include "ingress.apiVersion" . -}}
|
||||
apiVersion: {{ $apiVersion }}
|
||||
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- else -}}
|
||||
apiVersion: extensions/v1beta1
|
||||
{{- end }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ $fullName }}
|
||||
|
|
@ -14,9 +16,6 @@ metadata:
|
|||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with .Values.ingress.ingressClassName }}
|
||||
ingressClassName: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls }}
|
||||
tls:
|
||||
{{- range .Values.ingress.tls }}
|
||||
|
|
@ -34,27 +33,9 @@ spec:
|
|||
paths:
|
||||
{{- range .paths }}
|
||||
- path: {{ .path | default "/" }}
|
||||
{{- if eq $apiVersion "networking.k8s.io/v1" }}
|
||||
pathType: Prefix
|
||||
{{- end }}
|
||||
backend:
|
||||
{{- if eq $apiVersion "networking.k8s.io/v1" }}
|
||||
service:
|
||||
name: {{ $fullName }}
|
||||
port:
|
||||
{{- if $tlsforced }}
|
||||
number: {{ .port | default 9443 }}
|
||||
{{- else }}
|
||||
number: {{ .port | default 9000 }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
serviceName: {{ $fullName }}
|
||||
{{- if $tlsforced }}
|
||||
servicePort: {{ .port | default 9443 }}
|
||||
{{- else }}
|
||||
servicePort: {{ .port | default 9000 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -3,6 +3,4 @@ apiVersion: v1
|
|||
kind: Namespace
|
||||
metadata:
|
||||
name: portainer
|
||||
labels:
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
{{ end }}
|
||||
|
|
@ -1,4 +1,3 @@
|
|||
{{- if .Values.persistence.enabled -}}
|
||||
{{- if not .Values.persistence.existingClaim -}}
|
||||
---
|
||||
kind: "PersistentVolumeClaim"
|
||||
|
|
@ -7,6 +6,11 @@ metadata:
|
|||
name: {{ template "portainer.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
{{- if .Values.persistence.storageClass }}
|
||||
volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass | quote }}
|
||||
{{- else }}
|
||||
volume.alpha.kubernetes.io/storage-class: "generic"
|
||||
{{- end }}
|
||||
{{- if .Values.persistence.annotations }}
|
||||
{{ toYaml .Values.persistence.annotations | indent 2 }}
|
||||
{{ end }}
|
||||
|
|
@ -19,12 +23,8 @@ spec:
|
|||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
{{- if .Values.persistence.storageClass }}
|
||||
storageClassName: {{ .Values.persistence.storageClass | quote }}
|
||||
{{ end }}
|
||||
{{- if .Values.persistence.selector }}
|
||||
selector:
|
||||
{{ toYaml .Values.persistence.selector | indent 4 }}
|
||||
{{ end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -1,4 +1,3 @@
|
|||
{{- if .Values.localMgmt }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
|
|
@ -13,4 +12,3 @@ subjects:
|
|||
- kind: ServiceAccount
|
||||
namespace: {{ .Release.Namespace }}
|
||||
name: {{ include "portainer.serviceAccountName" . }}
|
||||
{{- end }}
|
||||
|
|
@ -15,7 +15,6 @@ metadata:
|
|||
spec:
|
||||
type: {{ .Values.service.type }}
|
||||
ports:
|
||||
{{- if not .Values.tls.force }}
|
||||
- port: {{ .Values.service.httpPort }}
|
||||
targetPort: 9000
|
||||
protocol: TCP
|
||||
|
|
@ -23,15 +22,7 @@ spec:
|
|||
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.httpNodePort))) }}
|
||||
nodePort: {{ .Values.service.httpNodePort}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- port: {{ .Values.service.httpsPort }}
|
||||
targetPort: 9443
|
||||
protocol: TCP
|
||||
name: https
|
||||
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.httpsNodePort))) }}
|
||||
nodePort: {{ .Values.service.httpsNodePort}}
|
||||
{{- end }}
|
||||
{{- if (eq .Values.service.type "NodePort") }}
|
||||
{{- if (eq .Values.service.type "NodePort") }}
|
||||
- port: {{ .Values.service.edgeNodePort }}
|
||||
targetPort: {{ .Values.service.edgeNodePort }}
|
||||
{{- else }}
|
||||
|
|
@ -42,6 +33,6 @@ spec:
|
|||
name: edge
|
||||
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
|
||||
nodePort: {{ .Values.service.edgeNodePort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
selector:
|
||||
{{- include "portainer.selectorLabels" . | nindent 4 }}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
{{- if .Values.localMgmt }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
|
@ -10,4 +9,3 @@ metadata:
|
|||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -9,81 +9,44 @@ enterpriseEdition:
|
|||
enabled: false
|
||||
image:
|
||||
repository: portainer/portainer-ee
|
||||
tag: 2.33.2
|
||||
tag: 2.0.0
|
||||
pullPolicy: Always
|
||||
|
||||
image:
|
||||
repository: portainer/portainer-ce
|
||||
tag: 2.33.2
|
||||
tag: latest
|
||||
pullPolicy: Always
|
||||
|
||||
imagePullSecrets: []
|
||||
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
|
||||
serviceAccount:
|
||||
annotations: {}
|
||||
name: portainer-sa-clusteradmin
|
||||
|
||||
# This flag provides the ability to enable or disable RBAC-related resources during the deployment of the Portainer application
|
||||
# If you are using Portainer to manage the K8s cluster it is deployed to, this flag must be set to true
|
||||
localMgmt: true
|
||||
|
||||
service:
|
||||
# Set the httpNodePort and edgeNodePort only if the type is NodePort
|
||||
# For Ingress, set the type to be ClusterIP and set ingress.enabled to true
|
||||
# For Cloud Providers, set the type to be LoadBalancer
|
||||
type: NodePort
|
||||
httpPort: 9000
|
||||
httpsPort: 9443
|
||||
httpNodePort: 30777
|
||||
httpsNodePort: 30779
|
||||
edgePort: 8000
|
||||
edgeNodePort: 30776
|
||||
annotations: {}
|
||||
|
||||
tls:
|
||||
# If set, Portainer will be configured to use TLS only
|
||||
force: false
|
||||
# If set, will mount the existing secret into the pod
|
||||
existingSecret: ""
|
||||
|
||||
trusted_origins:
|
||||
# If set, Portainer will be configured to trust the domains specified in domains
|
||||
enabled: false
|
||||
# specify (in a comma-separated list) the domain(s) used to access Portainer when it is behind a reverse proxy
|
||||
# example: portainer.mydomain.com,portainer.example.com
|
||||
domains: ""
|
||||
|
||||
mtls:
|
||||
# If set, Portainer will be configured to use mTLS only
|
||||
enable: false
|
||||
# If set, will mount the existing secret into the pod
|
||||
existingSecret: ""
|
||||
|
||||
feature:
|
||||
flags: []
|
||||
|
||||
ingress:
|
||||
enabled: false
|
||||
ingressClassName: ""
|
||||
annotations: {}
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# Only use below if tls.force=true
|
||||
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
|
||||
# Note: Hosts and paths are of type array
|
||||
hosts:
|
||||
- host:
|
||||
paths: []
|
||||
# - path: "/"
|
||||
tls: []
|
||||
|
||||
resources: {}
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
size: "10Gi"
|
||||
annotations: {}
|
||||
storageClass:
|
||||
existingClaim:
|
||||
|
|
|
|||
|
|
@ -1,25 +0,0 @@
|
|||
version: '3.3'
|
||||
services:
|
||||
agent:
|
||||
image: portainer/agent:2.0.0
|
||||
ports:
|
||||
- target: 9001
|
||||
published: 9001
|
||||
protocol: tcp
|
||||
volumes:
|
||||
- type: npipe
|
||||
source: \\.\pipe\docker_engine
|
||||
target: \\.\pipe\docker_engine
|
||||
- type: bind
|
||||
source: C:\ProgramData\docker\volumes
|
||||
target: C:\ProgramData\docker\volumes
|
||||
networks:
|
||||
- agent_network
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints: [node.platform.os == windows]
|
||||
|
||||
networks:
|
||||
agent_network:
|
||||
driver: overlay
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
version: '3.2'
|
||||
|
||||
services:
|
||||
agent:
|
||||
image: portainer/agent:2.0.0
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /var/lib/docker/volumes:/var/lib/docker/volumes
|
||||
ports:
|
||||
- target: 9001
|
||||
published: 9001
|
||||
protocol: tcp
|
||||
mode: host
|
||||
networks:
|
||||
- portainer_agent
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints: [node.platform.os == linux]
|
||||
|
||||
networks:
|
||||
portainer_agent:
|
||||
driver: overlay
|
||||
attachable: true
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
version: '3.3'
|
||||
services:
|
||||
agent:
|
||||
image: portainer/agent:2.4.0
|
||||
ports:
|
||||
- target: 9001
|
||||
published: 9001
|
||||
protocol: tcp
|
||||
volumes:
|
||||
- type: npipe
|
||||
source: \\.\pipe\docker_engine
|
||||
target: \\.\pipe\docker_engine
|
||||
- type: bind
|
||||
source: C:\ProgramData\docker\volumes
|
||||
target: C:\ProgramData\docker\volumes
|
||||
networks:
|
||||
- agent_network
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints: [node.platform.os == windows]
|
||||
|
||||
networks:
|
||||
agent_network:
|
||||
driver: overlay
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
version: '3.2'
|
||||
|
||||
services:
|
||||
agent:
|
||||
image: portainer/agent:2.4.0
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /var/lib/docker/volumes:/var/lib/docker/volumes
|
||||
ports:
|
||||
- target: 9001
|
||||
published: 9001
|
||||
protocol: tcp
|
||||
mode: host
|
||||
networks:
|
||||
- portainer_agent
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints: [node.platform.os == linux]
|
||||
|
||||
networks:
|
||||
portainer_agent:
|
||||
driver: overlay
|
||||
attachable: true
|
||||
|
|
@ -1,25 +0,0 @@
|
|||
version: '3.3'
|
||||
services:
|
||||
agent:
|
||||
image: portainer/agent:2.33.2
|
||||
ports:
|
||||
- target: 9001
|
||||
published: 9001
|
||||
protocol: tcp
|
||||
volumes:
|
||||
- type: npipe
|
||||
source: \\.\pipe\docker_engine
|
||||
target: \\.\pipe\docker_engine
|
||||
- type: bind
|
||||
source: C:\ProgramData\docker\volumes
|
||||
target: C:\ProgramData\docker\volumes
|
||||
networks:
|
||||
- agent_network
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints: [node.platform.os == windows]
|
||||
|
||||
networks:
|
||||
agent_network:
|
||||
driver: overlay
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
version: '3.2'
|
||||
|
||||
services:
|
||||
agent:
|
||||
image: portainer/agent:2.33.2
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- /var/lib/docker/volumes:/var/lib/docker/volumes
|
||||
ports:
|
||||
- target: 9001
|
||||
published: 9001
|
||||
protocol: tcp
|
||||
mode: host
|
||||
networks:
|
||||
- portainer_agent
|
||||
deploy:
|
||||
mode: global
|
||||
placement:
|
||||
constraints: [node.platform.os == linux]
|
||||
|
||||
networks:
|
||||
portainer_agent:
|
||||
driver: overlay
|
||||
attachable: true
|
||||
|
|
@ -65,7 +65,7 @@ spec:
|
|||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.33.2
|
||||
image: portainer/agent:2.0.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
|
|
|
|||
|
|
@ -1,95 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: portainer-crb-clusteradmin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
# Optional: can be added to expose the agent port 80 to associate an Edge key.
|
||||
# ---
|
||||
# apiVersion: v1
|
||||
# kind: Service
|
||||
# metadata:
|
||||
# name: portainer-agent
|
||||
# namespace: portainer
|
||||
# spec:
|
||||
# type: LoadBalancer
|
||||
# selector:
|
||||
# app: portainer-agent
|
||||
# ports:
|
||||
# - name: http
|
||||
# protocol: TCP
|
||||
# port: 80
|
||||
# targetPort: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: portainer-agent
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: portainer-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: portainer-agent
|
||||
spec:
|
||||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.0.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: INFO
|
||||
- name: KUBERNETES_POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: EDGE
|
||||
value: "1"
|
||||
- name: AGENT_CLUSTER_ADDR
|
||||
value: "portainer-agent"
|
||||
- name: EDGE_ID
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: portainer-agent-edge-id
|
||||
key: edge.id
|
||||
- name: EDGE_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: portainer-agent-edge-key
|
||||
key: edge.key
|
||||
ports:
|
||||
- containerPort: 9001
|
||||
protocol: TCP
|
||||
- containerPort: 80
|
||||
protocol: TCP
|
||||
|
|
@ -1,80 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: portainer-crb-clusteradmin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
selector:
|
||||
app: portainer-agent
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 9001
|
||||
targetPort: 9001
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent-headless
|
||||
namespace: portainer
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: portainer-agent
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: portainer-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: portainer-agent
|
||||
spec:
|
||||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.0.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: DEBUG
|
||||
- name: AGENT_CLUSTER_ADDR
|
||||
value: "portainer-agent-headless"
|
||||
- name: KUBERNETES_POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
ports:
|
||||
- containerPort: 9001
|
||||
protocol: TCP
|
||||
|
|
@ -1,81 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: portainer-crb-clusteradmin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
type: NodePort
|
||||
selector:
|
||||
app: portainer-agent
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 9001
|
||||
targetPort: 9001
|
||||
nodePort: 30778
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent-headless
|
||||
namespace: portainer
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: portainer-agent
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: portainer-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: portainer-agent
|
||||
spec:
|
||||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.0.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: DEBUG
|
||||
- name: AGENT_CLUSTER_ADDR
|
||||
value: "portainer-agent-headless"
|
||||
- name: KUBERNETES_POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
ports:
|
||||
- containerPort: 9001
|
||||
protocol: TCP
|
||||
|
|
@ -1,100 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: portainer-crb-clusteradmin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
# Optional: can be added to expose the agent port 80 to associate an Edge key.
|
||||
# ---
|
||||
# apiVersion: v1
|
||||
# kind: Service
|
||||
# metadata:
|
||||
# name: portainer-agent
|
||||
# namespace: portainer
|
||||
# spec:
|
||||
# type: LoadBalancer
|
||||
# selector:
|
||||
# app: portainer-agent
|
||||
# ports:
|
||||
# - name: http
|
||||
# protocol: TCP
|
||||
# port: 80
|
||||
# targetPort: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: portainer-agent
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: portainer-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: portainer-agent
|
||||
spec:
|
||||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.10.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: INFO
|
||||
- name: KUBERNETES_POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: EDGE
|
||||
value: "1"
|
||||
- name: AGENT_CLUSTER_ADDR
|
||||
value: "portainer-agent"
|
||||
- name: EDGE_ID
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: portainer-agent-edge
|
||||
key: edge.id
|
||||
- name: EDGE_INSECURE_POLL
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: portainer-agent-edge
|
||||
key: edge.insecure_poll
|
||||
- name: EDGE_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: portainer-agent-edge-key
|
||||
key: edge.key
|
||||
ports:
|
||||
- containerPort: 9001
|
||||
protocol: TCP
|
||||
- containerPort: 80
|
||||
protocol: TCP
|
||||
|
|
@ -1,80 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: portainer-crb-clusteradmin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
selector:
|
||||
app: portainer-agent
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 9001
|
||||
targetPort: 9001
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent-headless
|
||||
namespace: portainer
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: portainer-agent
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: portainer-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: portainer-agent
|
||||
spec:
|
||||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.10.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: INFO
|
||||
- name: AGENT_CLUSTER_ADDR
|
||||
value: "portainer-agent-headless"
|
||||
- name: KUBERNETES_POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
ports:
|
||||
- containerPort: 9001
|
||||
protocol: TCP
|
||||
|
|
@ -1,81 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: portainer-crb-clusteradmin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
type: NodePort
|
||||
selector:
|
||||
app: portainer-agent
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 9001
|
||||
targetPort: 9001
|
||||
nodePort: 30778
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent-headless
|
||||
namespace: portainer
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: portainer-agent
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: portainer-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: portainer-agent
|
||||
spec:
|
||||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.4.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: INFO
|
||||
- name: AGENT_CLUSTER_ADDR
|
||||
value: "portainer-agent-headless"
|
||||
- name: KUBERNETES_POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
ports:
|
||||
- containerPort: 9001
|
||||
protocol: TCP
|
||||
|
|
@ -1,95 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: portainer-crb-clusteradmin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
# Optional: can be added to expose the agent port 80 to associate an Edge key.
|
||||
# ---
|
||||
# apiVersion: v1
|
||||
# kind: Service
|
||||
# metadata:
|
||||
# name: portainer-agent
|
||||
# namespace: portainer
|
||||
# spec:
|
||||
# type: LoadBalancer
|
||||
# selector:
|
||||
# app: portainer-agent
|
||||
# ports:
|
||||
# - name: http
|
||||
# protocol: TCP
|
||||
# port: 80
|
||||
# targetPort: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: portainer-agent
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: portainer-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: portainer-agent
|
||||
spec:
|
||||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.4.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: INFO
|
||||
- name: KUBERNETES_POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: EDGE
|
||||
value: "1"
|
||||
- name: AGENT_CLUSTER_ADDR
|
||||
value: "portainer-agent"
|
||||
- name: EDGE_ID
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: portainer-agent-edge-id
|
||||
key: edge.id
|
||||
- name: EDGE_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: portainer-agent-edge-key
|
||||
key: edge.key
|
||||
ports:
|
||||
- containerPort: 9001
|
||||
protocol: TCP
|
||||
- containerPort: 80
|
||||
protocol: TCP
|
||||
|
|
@ -1,80 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: portainer-crb-clusteradmin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
selector:
|
||||
app: portainer-agent
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 9001
|
||||
targetPort: 9001
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent-headless
|
||||
namespace: portainer
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: portainer-agent
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: portainer-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: portainer-agent
|
||||
spec:
|
||||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.4.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: INFO
|
||||
- name: AGENT_CLUSTER_ADDR
|
||||
value: "portainer-agent-headless"
|
||||
- name: KUBERNETES_POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
ports:
|
||||
- containerPort: 9001
|
||||
protocol: TCP
|
||||
|
|
@ -1,81 +0,0 @@
|
|||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: portainer-crb-clusteradmin
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: portainer-sa-clusteradmin
|
||||
namespace: portainer
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
type: NodePort
|
||||
selector:
|
||||
app: portainer-agent
|
||||
ports:
|
||||
- name: http
|
||||
protocol: TCP
|
||||
port: 9001
|
||||
targetPort: 9001
|
||||
nodePort: 30778
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: portainer-agent-headless
|
||||
namespace: portainer
|
||||
spec:
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: portainer-agent
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: portainer-agent
|
||||
namespace: portainer
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: portainer-agent
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: portainer-agent
|
||||
spec:
|
||||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.4.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: INFO
|
||||
- name: AGENT_CLUSTER_ADDR
|
||||
value: "portainer-agent-headless"
|
||||
- name: KUBERNETES_POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
ports:
|
||||
- containerPort: 9001
|
||||
protocol: TCP
|
||||
|
|
@ -64,7 +64,7 @@ spec:
|
|||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.33.2
|
||||
image: portainer/agent:2.0.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ spec:
|
|||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.33.2
|
||||
image: portainer/agent:2.0.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
|
|
|
|||
|
|
@ -1,80 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# Script used to deploy the Portainer Edge agent inside a Kubernetes cluster.
|
||||
|
||||
# Requires:
|
||||
# curl
|
||||
# kubectl
|
||||
|
||||
### COLOR OUTPUT ###
|
||||
|
||||
ESeq="\x1b["
|
||||
RCol="$ESeq"'0m' # Text Reset
|
||||
|
||||
# Regular Bold Underline High Intensity BoldHigh Intens Background High Intensity Backgrounds
|
||||
Bla="$ESeq"'0;30m'; BBla="$ESeq"'1;30m'; UBla="$ESeq"'4;30m'; IBla="$ESeq"'0;90m'; BIBla="$ESeq"'1;90m'; On_Bla="$ESeq"'40m'; On_IBla="$ESeq"'0;100m';
|
||||
Red="$ESeq"'0;31m'; BRed="$ESeq"'1;31m'; URed="$ESeq"'4;31m'; IRed="$ESeq"'0;91m'; BIRed="$ESeq"'1;91m'; On_Red="$ESeq"'41m'; On_IRed="$ESeq"'0;101m';
|
||||
Gre="$ESeq"'0;32m'; BGre="$ESeq"'1;32m'; UGre="$ESeq"'4;32m'; IGre="$ESeq"'0;92m'; BIGre="$ESeq"'1;92m'; On_Gre="$ESeq"'42m'; On_IGre="$ESeq"'0;102m';
|
||||
Yel="$ESeq"'0;33m'; BYel="$ESeq"'1;33m'; UYel="$ESeq"'4;33m'; IYel="$ESeq"'0;93m'; BIYel="$ESeq"'1;93m'; On_Yel="$ESeq"'43m'; On_IYel="$ESeq"'0;103m';
|
||||
Blu="$ESeq"'0;34m'; BBlu="$ESeq"'1;34m'; UBlu="$ESeq"'4;34m'; IBlu="$ESeq"'0;94m'; BIBlu="$ESeq"'1;94m'; On_Blu="$ESeq"'44m'; On_IBlu="$ESeq"'0;104m';
|
||||
Pur="$ESeq"'0;35m'; BPur="$ESeq"'1;35m'; UPur="$ESeq"'4;35m'; IPur="$ESeq"'0;95m'; BIPur="$ESeq"'1;95m'; On_Pur="$ESeq"'45m'; On_IPur="$ESeq"'0;105m';
|
||||
Cya="$ESeq"'0;36m'; BCya="$ESeq"'1;36m'; UCya="$ESeq"'4;36m'; ICya="$ESeq"'0;96m'; BICya="$ESeq"'1;96m'; On_Cya="$ESeq"'46m'; On_ICya="$ESeq"'0;106m';
|
||||
Whi="$ESeq"'0;37m'; BWhi="$ESeq"'1;37m'; UWhi="$ESeq"'4;37m'; IWhi="$ESeq"'0;97m'; BIWhi="$ESeq"'1;97m'; On_Whi="$ESeq"'47m'; On_IWhi="$ESeq"'0;107m';
|
||||
|
||||
printSection() {
|
||||
echo -e "${BIYel}>>>> ${BIWhi}${1}${RCol}"
|
||||
}
|
||||
|
||||
info() {
|
||||
echo -e "${BIWhi}${1}${RCol}"
|
||||
}
|
||||
|
||||
success() {
|
||||
echo -e "${BIGre}${1}${RCol}"
|
||||
}
|
||||
|
||||
error() {
|
||||
echo -e "${BIRed}${1}${RCol}"
|
||||
}
|
||||
|
||||
errorAndExit() {
|
||||
echo -e "${BIRed}${1}${RCol}"
|
||||
exit 1
|
||||
}
|
||||
|
||||
### !COLOR OUTPUT ###
|
||||
|
||||
main() {
|
||||
if [[ $# -lt 2 ]]; then
|
||||
error "Not enough arguments"
|
||||
error "Usage: ${0} <EDGE_ID> <EDGE_KEY> <EDGE_INSECURE_POLL:optional>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
local EDGE_ID="$1"
|
||||
local EDGE_KEY="$2"
|
||||
local EDGE_INSECURE_POLL="$3"
|
||||
|
||||
[[ "$(command -v curl)" ]] || errorAndExit "Unable to find curl binary. Please ensure curl is installed before running this script."
|
||||
[[ "$(command -v kubectl)" ]] || errorAndExit "Unable to find kubectl binary. Please ensure kubectl is installed before running this script."
|
||||
|
||||
info "Downloading agent manifest..."
|
||||
curl -L https://portainer.github.io/k8s/deploy/manifests/agent/ee/portainer-agent-ee210-edge-k8s.yaml -o portainer-agent-edge-k8s.yaml || errorAndExit "Unable to download agent manifest"
|
||||
|
||||
info "Creating Portainer namespace..."
|
||||
kubectl create namespace portainer
|
||||
|
||||
info "Creating agent configuration..."
|
||||
kubectl create configmap portainer-agent-edge --from-literal="edge.id=$EDGE_ID" --from-literal="edge.insecure_poll=$EDGE_INSECURE_POLL" -n portainer
|
||||
|
||||
info "Creating agent secret..."
|
||||
kubectl create secret generic portainer-agent-edge-key "--from-literal=edge.key=$EDGE_KEY" -n portainer
|
||||
|
||||
info "Deploying agent..."
|
||||
kubectl apply -f portainer-agent-edge-k8s.yaml || errorAndExit "Unable to deploy agent manifest"
|
||||
|
||||
success "Portainer Edge agent successfully deployed"
|
||||
exit 0
|
||||
}
|
||||
|
||||
main "$@"
|
||||
|
|
@ -1,76 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# Script used to deploy the Portainer Edge agent inside a Kubernetes cluster.
|
||||
|
||||
# Requires:
|
||||
# curl
|
||||
# kubectl
|
||||
|
||||
### COLOR OUTPUT ###
|
||||
|
||||
ESeq="\x1b["
|
||||
RCol="$ESeq"'0m' # Text Reset
|
||||
|
||||
# Regular Bold Underline High Intensity BoldHigh Intens Background High Intensity Backgrounds
|
||||
Bla="$ESeq"'0;30m'; BBla="$ESeq"'1;30m'; UBla="$ESeq"'4;30m'; IBla="$ESeq"'0;90m'; BIBla="$ESeq"'1;90m'; On_Bla="$ESeq"'40m'; On_IBla="$ESeq"'0;100m';
|
||||
Red="$ESeq"'0;31m'; BRed="$ESeq"'1;31m'; URed="$ESeq"'4;31m'; IRed="$ESeq"'0;91m'; BIRed="$ESeq"'1;91m'; On_Red="$ESeq"'41m'; On_IRed="$ESeq"'0;101m';
|
||||
Gre="$ESeq"'0;32m'; BGre="$ESeq"'1;32m'; UGre="$ESeq"'4;32m'; IGre="$ESeq"'0;92m'; BIGre="$ESeq"'1;92m'; On_Gre="$ESeq"'42m'; On_IGre="$ESeq"'0;102m';
|
||||
Yel="$ESeq"'0;33m'; BYel="$ESeq"'1;33m'; UYel="$ESeq"'4;33m'; IYel="$ESeq"'0;93m'; BIYel="$ESeq"'1;93m'; On_Yel="$ESeq"'43m'; On_IYel="$ESeq"'0;103m';
|
||||
Blu="$ESeq"'0;34m'; BBlu="$ESeq"'1;34m'; UBlu="$ESeq"'4;34m'; IBlu="$ESeq"'0;94m'; BIBlu="$ESeq"'1;94m'; On_Blu="$ESeq"'44m'; On_IBlu="$ESeq"'0;104m';
|
||||
Pur="$ESeq"'0;35m'; BPur="$ESeq"'1;35m'; UPur="$ESeq"'4;35m'; IPur="$ESeq"'0;95m'; BIPur="$ESeq"'1;95m'; On_Pur="$ESeq"'45m'; On_IPur="$ESeq"'0;105m';
|
||||
Cya="$ESeq"'0;36m'; BCya="$ESeq"'1;36m'; UCya="$ESeq"'4;36m'; ICya="$ESeq"'0;96m'; BICya="$ESeq"'1;96m'; On_Cya="$ESeq"'46m'; On_ICya="$ESeq"'0;106m';
|
||||
Whi="$ESeq"'0;37m'; BWhi="$ESeq"'1;37m'; UWhi="$ESeq"'4;37m'; IWhi="$ESeq"'0;97m'; BIWhi="$ESeq"'1;97m'; On_Whi="$ESeq"'47m'; On_IWhi="$ESeq"'0;107m';
|
||||
|
||||
printSection() {
|
||||
echo -e "${BIYel}>>>> ${BIWhi}${1}${RCol}"
|
||||
}
|
||||
|
||||
info() {
|
||||
echo -e "${BIWhi}${1}${RCol}"
|
||||
}
|
||||
|
||||
success() {
|
||||
echo -e "${BIGre}${1}${RCol}"
|
||||
}
|
||||
|
||||
error() {
|
||||
echo -e "${BIRed}${1}${RCol}"
|
||||
}
|
||||
|
||||
errorAndExit() {
|
||||
echo -e "${BIRed}${1}${RCol}"
|
||||
exit 1
|
||||
}
|
||||
|
||||
### !COLOR OUTPUT ###
|
||||
|
||||
main() {
|
||||
if [[ $# -ne 2 ]]; then
|
||||
error "Not enough arguments"
|
||||
error "Usage: ${0} <EDGE_ID> <EDGE_KEY>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
[[ "$(command -v curl)" ]] || errorAndExit "Unable to find curl binary. Please ensure curl is installed before running this script."
|
||||
[[ "$(command -v kubectl)" ]] || errorAndExit "Unable to find kubectl binary. Please ensure kubectl is installed before running this script."
|
||||
|
||||
info "Downloading agent manifest..."
|
||||
curl -L https://portainer.github.io/k8s/deploy/manifests/agent/ee/portainer-agent-ee24-edge-k8s.yaml -o portainer-agent-edge-k8s.yaml || errorAndExit "Unable to download agent manifest"
|
||||
|
||||
info "Creating Portainer namespace..."
|
||||
kubectl create namespace portainer
|
||||
|
||||
info "Creating agent configuration..."
|
||||
kubectl create configmap portainer-agent-edge-id "--from-literal=edge.id=$1" -n portainer
|
||||
|
||||
info "Creating agent secret..."
|
||||
kubectl create secret generic portainer-agent-edge-key "--from-literal=edge.key=$2" -n portainer
|
||||
|
||||
info "Deploying agent..."
|
||||
kubectl apply -f portainer-agent-edge-k8s.yaml || errorAndExit "Unable to deploy agent manifest"
|
||||
|
||||
success "Portainer Edge agent successfully deployed"
|
||||
exit 0
|
||||
}
|
||||
|
||||
main "$@"
|
||||
|
|
@ -65,7 +65,7 @@ spec:
|
|||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.33.2
|
||||
image: portainer/agent:2.0.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ spec:
|
|||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.33.2
|
||||
image: portainer/agent:2.0.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ spec:
|
|||
serviceAccountName: portainer-sa-clusteradmin
|
||||
containers:
|
||||
- name: portainer-agent
|
||||
image: portainer/agent:2.33.2
|
||||
image: portainer/agent:2.0.0
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
|
|
|
|||
2
deploy/manifests/agent/ee/portainer-ee20-edge-agent-setup.sh → deploy/manifests/agent/portainer-edge-agent-setup.sh
Normal file → Executable file
2
deploy/manifests/agent/ee/portainer-ee20-edge-agent-setup.sh → deploy/manifests/agent/portainer-edge-agent-setup.sh
Normal file → Executable file
|
|
@ -55,7 +55,7 @@ main() {
|
|||
[[ "$(command -v kubectl)" ]] || errorAndExit "Unable to find kubectl binary. Please ensure kubectl is installed before running this script."
|
||||
|
||||
info "Downloading agent manifest..."
|
||||
curl -L https://portainer.github.io/k8s/deploy/manifests/agent/ee/portainer-agent-ee20-edge-k8s.yaml -o portainer-agent-edge-k8s.yaml || errorAndExit "Unable to download agent manifest"
|
||||
curl -L https://portainer.github.io/k8s/deploy/manifests/agent/portainer-agent-edge-k8s.yaml -o portainer-agent-edge-k8s.yaml || errorAndExit "Unable to download agent manifest"
|
||||
|
||||
info "Creating Portainer namespace..."
|
||||
kubectl create namespace portainer
|
||||
|
|
@ -14,7 +14,7 @@ metadata:
|
|||
labels:
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
---
|
||||
# Source: portainer/templates/pvc.yaml
|
||||
kind: "PersistentVolumeClaim"
|
||||
|
|
@ -28,7 +28,7 @@ metadata:
|
|||
io.portainer.kubernetes.application.stack: portainer
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
spec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
|
|
@ -44,15 +44,15 @@ metadata:
|
|||
labels:
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
namespace: portainer
|
||||
name: portainer-sa-clusteradmin
|
||||
- kind: ServiceAccount
|
||||
namespace: portainer
|
||||
name: portainer-sa-clusteradmin
|
||||
---
|
||||
# Source: portainer/templates/service.yaml
|
||||
apiVersion: v1
|
||||
|
|
@ -64,7 +64,7 @@ metadata:
|
|||
io.portainer.kubernetes.application.stack: portainer
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
|
|
@ -73,11 +73,6 @@ spec:
|
|||
protocol: TCP
|
||||
name: http
|
||||
nodePort: 30777
|
||||
- port: 9443
|
||||
targetPort: 9443
|
||||
protocol: TCP
|
||||
name: https
|
||||
nodePort: 30779
|
||||
- port: 30776
|
||||
targetPort: 30776
|
||||
protocol: TCP
|
||||
|
|
@ -97,7 +92,7 @@ metadata:
|
|||
io.portainer.kubernetes.application.stack: portainer
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
|
|
@ -116,15 +111,14 @@ spec:
|
|||
{}
|
||||
serviceAccountName: portainer-sa-clusteradmin
|
||||
volumes:
|
||||
- name: "data"
|
||||
persistentVolumeClaim:
|
||||
claimName: portainer
|
||||
- name: "data"
|
||||
persistentVolumeClaim:
|
||||
claimName: portainer
|
||||
containers:
|
||||
- name: portainer
|
||||
image: "portainer/portainer-ee:2.33.2"
|
||||
image: "portainer/portainer-ee:2.0.0"
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- '--tunnel-port=30776'
|
||||
args: [ '--tunnel-port','30776' ]
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
|
|
@ -132,21 +126,17 @@ spec:
|
|||
- name: http
|
||||
containerPort: 9000
|
||||
protocol: TCP
|
||||
- name: https
|
||||
containerPort: 9443
|
||||
protocol: TCP
|
||||
- name: tcp-edge
|
||||
containerPort: 8000
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
port: 9000
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
port: 9000
|
||||
resources:
|
||||
{}
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ metadata:
|
|||
labels:
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
---
|
||||
# Source: portainer/templates/pvc.yaml
|
||||
kind: "PersistentVolumeClaim"
|
||||
|
|
@ -28,7 +28,7 @@ metadata:
|
|||
io.portainer.kubernetes.application.stack: portainer
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
spec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
|
|
@ -44,15 +44,15 @@ metadata:
|
|||
labels:
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
namespace: portainer
|
||||
name: portainer-sa-clusteradmin
|
||||
- kind: ServiceAccount
|
||||
namespace: portainer
|
||||
name: portainer-sa-clusteradmin
|
||||
---
|
||||
# Source: portainer/templates/service.yaml
|
||||
apiVersion: v1
|
||||
|
|
@ -64,7 +64,7 @@ metadata:
|
|||
io.portainer.kubernetes.application.stack: portainer
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
|
|
@ -72,10 +72,6 @@ spec:
|
|||
targetPort: 9000
|
||||
protocol: TCP
|
||||
name: http
|
||||
- port: 9443
|
||||
targetPort: 9443
|
||||
protocol: TCP
|
||||
name: https
|
||||
- port: 8000
|
||||
targetPort: 8000
|
||||
protocol: TCP
|
||||
|
|
@ -94,7 +90,7 @@ metadata:
|
|||
io.portainer.kubernetes.application.stack: portainer
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
|
|
@ -113,14 +109,13 @@ spec:
|
|||
{}
|
||||
serviceAccountName: portainer-sa-clusteradmin
|
||||
volumes:
|
||||
- name: "data"
|
||||
persistentVolumeClaim:
|
||||
claimName: portainer
|
||||
- name: "data"
|
||||
persistentVolumeClaim:
|
||||
claimName: portainer
|
||||
containers:
|
||||
- name: portainer
|
||||
image: "portainer/portainer-ee:2.33.2"
|
||||
image: "portainer/portainer-ee:2.0.0"
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
|
|
@ -128,21 +123,17 @@ spec:
|
|||
- name: http
|
||||
containerPort: 9000
|
||||
protocol: TCP
|
||||
- name: https
|
||||
containerPort: 9443
|
||||
protocol: TCP
|
||||
- name: tcp-edge
|
||||
containerPort: 8000
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
port: 9000
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
port: 9000
|
||||
resources:
|
||||
{}
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ metadata:
|
|||
labels:
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
---
|
||||
# Source: portainer/templates/pvc.yaml
|
||||
kind: "PersistentVolumeClaim"
|
||||
|
|
@ -28,7 +28,7 @@ metadata:
|
|||
io.portainer.kubernetes.application.stack: portainer
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
spec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
|
|
@ -44,15 +44,15 @@ metadata:
|
|||
labels:
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
namespace: portainer
|
||||
name: portainer-sa-clusteradmin
|
||||
- kind: ServiceAccount
|
||||
namespace: portainer
|
||||
name: portainer-sa-clusteradmin
|
||||
---
|
||||
# Source: portainer/templates/service.yaml
|
||||
apiVersion: v1
|
||||
|
|
@ -64,7 +64,7 @@ metadata:
|
|||
io.portainer.kubernetes.application.stack: portainer
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
|
|
@ -72,10 +72,6 @@ spec:
|
|||
targetPort: 9000
|
||||
protocol: TCP
|
||||
name: http
|
||||
- port: 9443
|
||||
targetPort: 9443
|
||||
protocol: TCP
|
||||
name: https
|
||||
- port: 8000
|
||||
targetPort: 8000
|
||||
protocol: TCP
|
||||
|
|
@ -94,7 +90,7 @@ metadata:
|
|||
io.portainer.kubernetes.application.stack: portainer
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
|
|
@ -113,14 +109,13 @@ spec:
|
|||
{}
|
||||
serviceAccountName: portainer-sa-clusteradmin
|
||||
volumes:
|
||||
- name: "data"
|
||||
persistentVolumeClaim:
|
||||
claimName: portainer
|
||||
- name: "data"
|
||||
persistentVolumeClaim:
|
||||
claimName: portainer
|
||||
containers:
|
||||
- name: portainer
|
||||
image: "portainer/portainer-ce:2.33.2"
|
||||
image: "portainer/portainer-ce:latest"
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
|
|
@ -128,21 +123,17 @@ spec:
|
|||
- name: http
|
||||
containerPort: 9000
|
||||
protocol: TCP
|
||||
- name: https
|
||||
containerPort: 9443
|
||||
protocol: TCP
|
||||
- name: tcp-edge
|
||||
containerPort: 8000
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
port: 9000
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
port: 9000
|
||||
resources:
|
||||
{}
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ metadata:
|
|||
labels:
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
---
|
||||
# Source: portainer/templates/pvc.yaml
|
||||
kind: "PersistentVolumeClaim"
|
||||
|
|
@ -28,7 +28,7 @@ metadata:
|
|||
io.portainer.kubernetes.application.stack: portainer
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
spec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
|
|
@ -44,15 +44,15 @@ metadata:
|
|||
labels:
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
namespace: portainer
|
||||
name: portainer-sa-clusteradmin
|
||||
- kind: ServiceAccount
|
||||
namespace: portainer
|
||||
name: portainer-sa-clusteradmin
|
||||
---
|
||||
# Source: portainer/templates/service.yaml
|
||||
apiVersion: v1
|
||||
|
|
@ -64,7 +64,7 @@ metadata:
|
|||
io.portainer.kubernetes.application.stack: portainer
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
spec:
|
||||
type: NodePort
|
||||
ports:
|
||||
|
|
@ -73,11 +73,6 @@ spec:
|
|||
protocol: TCP
|
||||
name: http
|
||||
nodePort: 30777
|
||||
- port: 9443
|
||||
targetPort: 9443
|
||||
protocol: TCP
|
||||
name: https
|
||||
nodePort: 30779
|
||||
- port: 30776
|
||||
targetPort: 30776
|
||||
protocol: TCP
|
||||
|
|
@ -97,7 +92,7 @@ metadata:
|
|||
io.portainer.kubernetes.application.stack: portainer
|
||||
app.kubernetes.io/name: portainer
|
||||
app.kubernetes.io/instance: portainer
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.33.2"
|
||||
app.kubernetes.io/version: "ce-latest-ee-2.0.0"
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
|
|
@ -116,15 +111,14 @@ spec:
|
|||
{}
|
||||
serviceAccountName: portainer-sa-clusteradmin
|
||||
volumes:
|
||||
- name: "data"
|
||||
persistentVolumeClaim:
|
||||
claimName: portainer
|
||||
- name: "data"
|
||||
persistentVolumeClaim:
|
||||
claimName: portainer
|
||||
containers:
|
||||
- name: portainer
|
||||
image: "portainer/portainer-ce:2.33.2"
|
||||
image: "portainer/portainer-ce:latest"
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- '--tunnel-port=30776'
|
||||
args: [ '--tunnel-port','30776' ]
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
|
|
@ -132,21 +126,17 @@ spec:
|
|||
- name: http
|
||||
containerPort: 9000
|
||||
protocol: TCP
|
||||
- name: https
|
||||
containerPort: 9443
|
||||
protocol: TCP
|
||||
- name: tcp-edge
|
||||
containerPort: 8000
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
port: 9000
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: 9443
|
||||
scheme: HTTPS
|
||||
port: 9000
|
||||
resources:
|
||||
{}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue