21 changed files with 68 additions and 98 deletions
--- a/.github/workflows/on-push-lint-charts.yml
+++ b/.github/workflows/on-push-lint-charts.yml
@ -12,19 +12,17 @@ on:

 env:
  KUBE_SCORE_VERSION: 1.10.0
-  HELM_VERSION: v3.10.1
+  HELM_VERSION: v3.4.1

 jobs:
  lint-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
+        uses: actions/checkout@v1
          
      - name: Set up Helm
-        uses: azure/setup-helm@v4.2.0
+        uses: azure/setup-helm@v1
        with:
          version: ${{ env.HELM_VERSION }}

@ -45,14 +43,12 @@ jobs:
              --enable-optional-test container-security-context-privileged

      # python is a requirement for the chart-testing action below (supports yamllint among other tests)
-      - uses: actions/setup-python@v5.3.0
+      - uses: actions/setup-python@v2
        with:
-          python-version: 3.13.1
+          python-version: 3.7

      - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.6.1
-        with:
-          version: v3.10.1
+        uses: helm/chart-testing-action@v2.0.1

      - name: Run chart-testing (list-changed)
        id: list-changed
@ -66,42 +62,42 @@ jobs:
        run: ct lint --config .ci/ct-config.yaml

      # Refer to https://github.com/kubernetes-sigs/kind/releases when updating the node_images
-      - name: Create 1.29 kind cluster
-        uses: helm/kind-action@v1.12.0
+      - name: Create 1.23 kind cluster
+        uses: helm/kind-action@v1.4.0
        with:
-          node_image: kindest/node:v1.29.14@sha256:8703bd94ee24e51b778d5556ae310c6c0fa67d761fae6379c8e0bb480e6fea29
-          cluster_name: kubernetes-1.29
+          node_image: kindest/node:v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61
+          cluster_name: kubernetes-1.23
        if: steps.list-changed.outputs.changed == 'true'

-      - name: Run chart-testing (install) against 1.29
+      - name: Run chart-testing (install) against 1.23
        run: ct install --config .ci/ct-config.yaml

-      - name: Create 1.30 kind cluster
-        uses: helm/kind-action@v1.12.0
+      - name: Create 1.24 kind cluster
+        uses: helm/kind-action@v1.4.0
        with:
-          node_image: kindest/node:v1.30.10@sha256:4de75d0e82481ea846c0ed1de86328d821c1e6a6a91ac37bf804e5313670e507
-          cluster_name: kubernetes-1.30
+          node_image: kindest/node:v1.24.12@sha256:1e12918b8bc3d4253bc08f640a231bb0d3b2c5a9b28aa3f2ca1aee93e1e8db16
+          cluster_name: kubernetes-1.24
        if: steps.list-changed.outputs.changed == 'true'

-      - name: Run chart-testing (install) against 1.30
+      - name: Run chart-testing (install) against 1.24
        run: ct install --config .ci/ct-config.yaml

-      - name: Create 1.31 kind cluster
-        uses: helm/kind-action@v1.12.0
+      - name: Create 1.25 kind cluster
+        uses: helm/kind-action@v1.4.0
        with:
-          node_image: kindest/node:v1.31.6@sha256:28b7cbb993dfe093c76641a0c95807637213c9109b761f1d422c2400e22b8e87
-          cluster_name: kubernetes-1.31
+          node_image: kindest/node:v1.25.8@sha256:00d3f5314cc35327706776e95b2f8e504198ce59ac545d0200a89e69fce10b7f
+          cluster_name: kubernetes-1.25
        if: steps.list-changed.outputs.changed == 'true'

-      - name: Run chart-testing (install) against 1.31
+      - name: Run chart-testing (install) against 1.25
        run: ct install --config .ci/ct-config.yaml

-      - name: Create 1.32 kind cluster
-        uses: helm/kind-action@v1.12.0
+      - name: Create 1.26 kind cluster
+        uses: helm/kind-action@v1.4.0
        with:
-          node_image: kindest/node:v1.32.2@sha256:f226345927d7e348497136874b6d207e0b32cc52154ad8323129352923a3142f
-          cluster_name: kubernetes-1.32
+          node_image: kindest/node:v1.26.3@sha256:61b92f38dff6ccc29969e7aa154d34e38b89443af1a2c14e6cfbd2df6419c66f
+          cluster_name: kubernetes-1.26
        if: steps.list-changed.outputs.changed == 'true'

-      - name: Run chart-testing (install) against 1.32
+      - name: Run chart-testing (install) against 1.26
        run: ct install --config .ci/ct-config.yaml
--- a/.github/workflows/on-push-master-publish-chart.yml
+++ b/.github/workflows/on-push-master-publish-chart.yml
@ -11,11 +11,9 @@ on:
      
 jobs:
  build:
+
    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pages: write
-      pull-requests: write
+
    steps:
    - uses: actions/checkout@v2

--- a/charts/portainer/Chart.yaml
+++ b/charts/portainer/Chart.yaml
@ -17,10 +17,11 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.

-version: 1.0.69
+version: 1.0.50
+
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: ce-latest-ee-2.27.9
+appVersion: ce-latest-ee-2.19.4

 sources:
    - https://github.com/portainer/k8s
--- a/charts/portainer/README.md
+++ b/charts/portainer/README.md
@ -64,7 +64,6 @@ The following table lists the configurable parameters of the Portainer chart and
 | `nodeSelector` | Used to apply a nodeSelector to the deployment | `{}` |
 | `serviceAccount.annotations` | Annotations to add to the service account | `null` |
 | `serviceAccount.name` | The name of the service account to use | `portainer-sa-clusteradmin` |
-| `localMgmt` | Enables or disables the creation of SA, Roles in local cluster where Portainer runs, only change when you don't need to manage the local cluster through this Portainer instance  | `true` |
 | `service.type` | Service Type for the main Portainer Service; ClusterIP, NodePort and LoadBalancer | `LoadBalancer` |
 | `service.httpPort` | HTTP port for accessing Portainer Web | `9000` |
 | `service.httpNodePort` | Static NodePort for accessing Portainer Web. Specify only if the type is NodePort | `30777` |
--- a/charts/portainer/templates/deployment.yaml
+++ b/charts/portainer/templates/deployment.yaml
@ -18,15 +18,12 @@ spec:
      labels:
        {{- include "portainer.selectorLabels" . | nindent 8 }}
    spec:
-      nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 }}
-      tolerations: {{- toYaml .Values.tolerations | nindent 8 -}}
+      nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 -}}
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
-      {{- if .Values.localMgmt }}
      serviceAccountName: {{ include "portainer.serviceAccountName" . }}
-      {{- end }}
      volumes:
        {{- if .Values.persistence.enabled }}
        - name: "data"
@ -68,9 +65,6 @@ spec:
          {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
          - '--tunnel-port={{ .Values.service.edgeNodePort }}'
          {{- end }}
-          {{- if and .Values.trusted_origins.enabled (not (empty .Values.trusted_origins.domains)) }}
-          - '--trusted-origins={{ .Values.trusted_origins.domains | trim | quote }}'
-          {{- end }}
          {{- range .Values.feature.flags }}
          - {{ . | squote }}
          {{- end }}
--- a/charts/portainer/templates/namespace.yaml
+++ b/charts/portainer/templates/namespace.yaml
@ -3,6 +3,4 @@ apiVersion: v1
 kind: Namespace
 metadata:
  name: portainer
-  labels:
-    pod-security.kubernetes.io/enforce: privileged
 {{ end }}
--- a/charts/portainer/templates/rbac.yaml
+++ b/charts/portainer/templates/rbac.yaml
@ -1,4 +1,3 @@
-{{- if .Values.localMgmt }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@ -13,4 +12,3 @@ subjects:
 - kind: ServiceAccount
  namespace: {{ .Release.Namespace }}
  name: {{ include "portainer.serviceAccountName" . }}
-{{- end }}
--- a/charts/portainer/templates/serviceaccount.yaml
+++ b/charts/portainer/templates/serviceaccount.yaml
@ -1,4 +1,3 @@
-{{- if .Values.localMgmt }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@ -10,4 +9,3 @@ metadata:
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
-{{- end }}
--- a/charts/portainer/values.yaml
+++ b/charts/portainer/values.yaml
@ -9,27 +9,22 @@ enterpriseEdition:
  enabled: false
  image:
    repository: portainer/portainer-ee
-    tag: 2.27.9
+    tag: 2.19.4
    pullPolicy: Always

 image:
  repository: portainer/portainer-ce
-  tag: 2.27.9
+  tag: 2.19.4
  pullPolicy: Always

 imagePullSecrets: []

 nodeSelector: {}
-tolerations: []

 serviceAccount:
  annotations: {}
  name: portainer-sa-clusteradmin

-# This flag provides the ability to enable or disable RBAC-related resources during the deployment of the Portainer application
-# If you are using Portainer to manage the K8s cluster it is deployed to, this flag must be set to true 
-localMgmt: true
-
 service:
  # Set the httpNodePort and edgeNodePort only if the type is NodePort
  # For Ingress, set the type to be ClusterIP and set ingress.enabled to true
@ -49,13 +44,6 @@ tls:
  # If set, will mount the existing secret into the pod
  existingSecret: ""

-trusted_origins:
-  # If set, Portainer will be configured to trust the domains specified in domains
-    enabled: false
-      # specify (in a comma-separated list) the domain(s) used to access Portainer when it is behind a reverse proxy
-        # example: portainer.mydomain.com,portainer.example.com
-    domains: ""
-
 mtls:
  # If set, Portainer will be configured to use mTLS only
  enable: false
--- a/deploy/manifests/agent/ee/agent-stack-windows.yml
+++ b/deploy/manifests/agent/ee/agent-stack-windows.yml
@ -1,7 +1,7 @@
 version: '3.3'
 services:
  agent:
-    image: portainer/agent:2.27.9
+    image: portainer/agent:2.19.4
    ports:
      - target: 9001
        published: 9001
--- a/deploy/manifests/agent/ee/agent-stack.yml
+++ b/deploy/manifests/agent/ee/agent-stack.yml
@ -2,7 +2,7 @@ version: '3.2'

 services:
  agent:
-    image: portainer/agent:2.27.9
+    image: portainer/agent:2.19.4
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
--- a/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-edge-k8s.yaml
@ -65,7 +65,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.27.9
+        image: portainer/agent:2.19.4
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-k8s-lb.yaml
@ -64,7 +64,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.27.9
+        image: portainer/agent:2.19.4
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml
+++ b/deploy/manifests/agent/ee/portainer-agent-k8s-nodeport.yaml
@ -65,7 +65,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.27.9
+        image: portainer/agent:2.19.4
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/portainer-agent-edge-k8s.yaml
+++ b/deploy/manifests/agent/portainer-agent-edge-k8s.yaml
@ -65,7 +65,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.27.9
+        image: portainer/agent:2.19.4
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/portainer-agent-k8s-lb.yaml
+++ b/deploy/manifests/agent/portainer-agent-k8s-lb.yaml
@ -64,7 +64,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.27.9
+        image: portainer/agent:2.19.4
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml
+++ b/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml
@ -65,7 +65,7 @@ spec:
      serviceAccountName: portainer-sa-clusteradmin
      containers:
      - name: portainer-agent
-        image: portainer/agent:2.27.9
+        image: portainer/agent:2.19.4
        imagePullPolicy: Always
        env:
        - name: LOG_LEVEL
--- a/deploy/manifests/portainer/portainer-ee.yaml
+++ b/deploy/manifests/portainer/portainer-ee.yaml
@ -14,7 +14,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
@ -28,7 +28,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 spec:
  accessModes:
    - "ReadWriteOnce"
@ -44,7 +44,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
@ -64,7 +64,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 spec:
  type: NodePort
  ports:
@ -97,7 +97,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 spec:
  replicas: 1
  strategy:
@ -121,7 +121,7 @@ spec:
            claimName: portainer
      containers:
        - name: portainer
-          image: "portainer/portainer-ee:2.27.9"
+          image: "portainer/portainer-ee:2.19.4"
          imagePullPolicy: Always
          args:
            - '--tunnel-port=30776'
--- a/deploy/manifests/portainer/portainer-lb-ee.yaml
+++ b/deploy/manifests/portainer/portainer-lb-ee.yaml
@ -14,7 +14,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
@ -28,7 +28,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 spec:
  accessModes:
    - "ReadWriteOnce"
@ -44,7 +44,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
@ -64,7 +64,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 spec:
  type: LoadBalancer
  ports:
@ -94,7 +94,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 spec:
  replicas: 1
  strategy:
@ -118,7 +118,7 @@ spec:
            claimName: portainer
      containers:
        - name: portainer
-          image: "portainer/portainer-ee:2.27.9"
+          image: "portainer/portainer-ee:2.19.4"
          imagePullPolicy: Always
          args:
          volumeMounts:
--- a/deploy/manifests/portainer/portainer-lb.yaml
+++ b/deploy/manifests/portainer/portainer-lb.yaml
@ -14,7 +14,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
@ -28,7 +28,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 spec:
  accessModes:
    - "ReadWriteOnce"
@ -44,7 +44,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
@ -64,7 +64,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 spec:
  type: LoadBalancer
  ports:
@ -94,7 +94,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 spec:
  replicas: 1
  strategy:
@ -118,7 +118,7 @@ spec:
            claimName: portainer
      containers:
        - name: portainer
-          image: "portainer/portainer-ce:2.27.9"
+          image: "portainer/portainer-ce:2.19.4"
          imagePullPolicy: Always
          args:
          volumeMounts:
--- a/deploy/manifests/portainer/portainer.yaml
+++ b/deploy/manifests/portainer/portainer.yaml
@ -14,7 +14,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 ---
 # Source: portainer/templates/pvc.yaml
 kind: "PersistentVolumeClaim"
@ -28,7 +28,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 spec:
  accessModes:
    - "ReadWriteOnce"
@ -44,7 +44,7 @@ metadata:
  labels:
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
@ -64,7 +64,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 spec:
  type: NodePort
  ports:
@ -97,7 +97,7 @@ metadata:
    io.portainer.kubernetes.application.stack: portainer
    app.kubernetes.io/name: portainer
    app.kubernetes.io/instance: portainer
-    app.kubernetes.io/version: "ce-latest-ee-2.27.9"
+    app.kubernetes.io/version: "ce-latest-ee-2.19.4"
 spec:
  replicas: 1
  strategy:
@ -121,7 +121,7 @@ spec:
            claimName: portainer
      containers:
        - name: portainer
-          image: "portainer/portainer-ce:2.27.9"
+          image: "portainer/portainer-ce:2.19.4"
          imagePullPolicy: Always
          args:
            - '--tunnel-port=30776'