quartje/k43D
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

add portainer

Browse Source
This commit is contained in:
Bart Geesink 2023-09-17 11:10:32 +02:00
parent 86b55d67d0
commit 3332c3ff9c
21 changed files with 887 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
portainer/hassingress.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hassingress
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
haproxy.org/whitelist: "192.168.86.0/24,10.233.71.0/24"
spec:
ingressClassName: haproxy
rules:
- host: "home.geesink.org"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hasssvc
port:
number: 8123
tls:
-
secretName: hass-cert-prod
hosts:
- home.geesink.org

45
portainer/ingress_zoals_het_werkt Normal file
View File

@ -0,0 +1,45 @@
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: haproxy
meta.helm.sh/release-name: portainer
meta.helm.sh/release-namespace: portainer
creationTimestamp: "2023-05-31T18:17:22Z"
generation: 7
labels:
app.kubernetes.io/instance: portainer
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: portainer
app.kubernetes.io/version: ce-latest-ee-2.18.3
helm.sh/chart: portainer-1.0.43
name: portainer
namespace: portainer
resourceVersion: "17547843"
uid: 2471a902-9fad-49af-a56b-9d4173b562c9
spec:
ingressClassName: haproxy
rules:
- host: portainer.geesink.org
http:
paths:
- backend:
service:
name: portainer
port:
number: 9443
path: /
pathType: Prefix
tls:
- hosts:
- portainer.geesink.org
secretName: portainer-cert-prod
status:
loadBalancer:
ingress:
- ip: 10.86.0.100

6
portainer/install Normal file
View File

@ -0,0 +1,6 @@
helm upgrade --install --create-namespace -n portainer portainer portainer/portainer \
--set service.type=ClusterIP \
--set tls.force=true \
--set ingress.enabled=true \
--set ingress.ingressClassName=haproxy

BIN
portainer/portainer-1.0.43.tgz Normal file
View File

Binary file not shown.

22
portainer/portainer/.helmignore Normal file
View File

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

14
portainer/portainer/Chart.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: v2
appVersion: ce-latest-ee-2.18.3
description: Helm chart used to deploy the Portainer for Kubernetes
home: https://www.portainer.io
icon: https://github.com/portainer/portainer/raw/develop/app/assets/ico/apple-touch-icon.png
maintainers:
- email: platform-team@portainer.io
name: Portainer
url: https://www.portainer.io
name: portainer
sources:
- https://github.com/portainer/k8s
type: application
version: 1.0.43

92
portainer/portainer/README.md Normal file
View File

@ -0,0 +1,92 @@
# Deploy Portainer using Helm Chart
Before proceeding, ensure to create a namespace in advance.
For instance:
```bash
kubectl create namespace portainer
```
# Install the chart repository
```bash
helm repo add portainer https://portainer.github.io/k8s/
helm repo update
```
# Testing the Chart
Execute the following for testing the chart:
```bash
helm install --dry-run --debug portainer -n portainer deploy/helm/portainer
```
# Installing the Chart
Execute the following for installing the chart:
```bash
helm upgrade -i -n portainer portainer portainer/portainer
## Refer to the output NOTES on how-to access Portainer web
## An example is attached below
NOTES:
1. Get the application URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace portainer svc -w portainer'
export SERVICE_IP=$(kubectl get svc --namespace portainer portainer --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
echo http://$SERVICE_IP:9000
http://20.40.176.8:9000
```
# Deleting the Chart
Execute the following for deleting the chart:
```bash
## Delete the Helm Chart
helm delete -n portainer portainer
## Delete the Namespace
kubectl delete namespace portainer
```
# Chart Configuration
The following table lists the configurable parameters of the Portainer chart and their default values. The values file can be found under `deploy/helm/portainer/values.yaml`.
*The parameters will be keep updating.*
| Parameter | Description | Default |
| - | - | - |
| `replicaCount` | Number of Portainer service replicas (ALWAYS set to 1) | `1` |
| `image.repository` | Portainer Docker Hub repository | `portainer/portainer-ce` |
| `image.tag` | Tag for the Portainer image | `latest` |
| `image.pullPolicy` | Portainer image pulling policy | `IfNotPresent` |
| `imagePullSecrets` | If Portainer image requires to be in a private repository | `nil` |
| `nodeSelector` | Used to apply a nodeSelector to the deployment | `{}` |
| `serviceAccount.annotations` | Annotations to add to the service account | `null` |
| `serviceAccount.name` | The name of the service account to use | `portainer-sa-clusteradmin` |
| `service.type` | Service Type for the main Portainer Service; ClusterIP, NodePort and LoadBalancer | `LoadBalancer` |
| `service.httpPort` | HTTP port for accessing Portainer Web | `9000` |
| `service.httpNodePort` | Static NodePort for accessing Portainer Web. Specify only if the type is NodePort | `30777` |
| `service.edgePort` | TCP port for accessing Portainer Edge | `8000` |
| `service.edgeNodePort` | Static NodePort for accessing Portainer Edge. Specify only if the type is NodePort | `30776` |
| `service.annotations` | Annotations to add to the service | `{}` |
| `feature.flags` | Enable one or more features separated by spaces. For instance, `--feat=open-amt` | `nil` |
| `ingress.enabled` | Create an ingress for Portainer | `false` |
| `ingress.ingressClassName` | For Kubernetes >= 1.18 you should specify the ingress-controller via the field `ingressClassName`. For instance, `nginx` | `nil` |
| `ingress.annotations` | Annotations to add to the ingress. For instane, `kubernetes.io/ingress.class: nginx` | `{}` |
| `ingress.hosts.host` | URL for Portainer Web. For instance, `portainer.example.io` | `nil` |
| `ingress.hosts.paths.path` | Path for the Portainer Web. | `/` |
| `ingress.hosts.paths.port` | Port for the Portainer Web. | `9000` |
| `ingress.tls` | TLS support on ingress. Must create a secret with TLS certificates in advance | `[]` |
| `resources` | Portainer resource requests and limits | `{}` |
| `tls.force` | Force Portainer to be configured to use TLS only | `false` |
| `tls.existingSecret` | Mount the existing TLS secret into the pod | `""` |
| `mtls.enable` | Option to specicy mtls Certs to be used by Portainer | `false` |
| `mtls.existingSecret` | Mount the existing mtls secret into the pod | `""` |
| `persistence.enabled` | Whether to enable data persistence | `true` |
| `persistence.existingClaim` | Name of an existing PVC to use for data persistence | `nil` |
| `persistence.size` | Size of the PVC used for persistence | `10Gi` |
| `persistence.annotations` | Annotations to apply to PVC used for persistence | `{}` |
| `persistence.storageClass` | StorageClass to apply to PVC used for persistence | `default` |
| `persistence.accessMode` | AccessMode for persistence | `ReadWriteOnce` |
| `persistence.selector` | Selector for persistence | `nil` |

27
portainer/portainer/templates/NOTES.txt Normal file
View File

@ -0,0 +1,27 @@
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
Use the URL below to access the application
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ if .port }}:{{ .port }}{{ else }}{{ end }}{{.path}}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
Get the application URL by running these commands:
{{- if .Values.tls.force }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "portainer.fullname" . }})
{{- else }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ include "portainer.fullname" . }})
{{- end}}
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo https://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
Get the application URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "portainer.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "portainer.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo https://$SERVICE_IP:{{ .Values.service.httpsPort }}
{{- else if contains "ClusterIP" .Values.service.type }}
Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "portainer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].me$ echo "Visit http://127.0.0.1:9443 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9443:9443
{{- end }}

87
portainer/portainer/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,87 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "portainer.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "portainer.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "portainer.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "portainer.labels" -}}
helm.sh/chart: {{ include "portainer.chart" . }}
{{ include "portainer.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "portainer.selectorLabels" -}}
app.kubernetes.io/name: {{ include "portainer.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "portainer.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "portainer.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Provide a pre-defined claim or a claim based on the Release
*/}}
{{- define "portainer.pvcName" -}}
{{- if .Values.persistence.existingClaim }}
{{- .Values.persistence.existingClaim }}
{{- else -}}
{{- template "portainer.fullname" . }}
{{- end -}}
{{- end -}}
{{/*
Generate a right Ingress apiVersion
*/}}
{{- define "ingress.apiVersion" -}}
{{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.GitVersion -}}
networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
networking.k8s.io/v1beta1
{{- else -}}
extensions/v1
{{- end }}
{{- end -}}

193
portainer/portainer/templates/deployment.yaml Normal file
View File

@ -0,0 +1,193 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "portainer.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
io.portainer.kubernetes.application.stack: portainer
{{- include "portainer.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
strategy:
type: "Recreate"
selector:
matchLabels:
{{- include "portainer.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "portainer.selectorLabels" . | nindent 8 }}
spec:
nodeSelector: {{- toYaml .Values.nodeSelector | nindent 8 -}}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "portainer.serviceAccountName" . }}
volumes:
{{- if .Values.persistence.enabled }}
- name: "data"
persistentVolumeClaim:
claimName: {{ template "portainer.pvcName" . }}
{{- end }}
{{- if .Values.tls.existingSecret }}
- name: certs
secret:
secretName: {{ .Values.tls.existingSecret }}
{{- end }}
{{- if .Values.mtls.existingSecret }}
- name: mtlscerts
secret:
secretName: {{ .Values.mtls.existingSecret }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- if .Values.enterpriseEdition.enabled }}
image: "{{ .Values.enterpriseEdition.image.repository }}:{{ .Values.enterpriseEdition.image.tag }}"
imagePullPolicy: {{ .Values.enterpriseEdition.image.pullPolicy }}
{{- else }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- end }}
args:
{{- if .Values.tls.force }}
- --http-disabled
{{- end }}
{{- if .Values.tls.existingSecret }}
- --sslcert=/certs/tls.crt
- --sslkey=/certs/tls.key
{{- end }}
{{- if .Values.mtls.existingSecret }}
- --mtlscacert=/certs/mtls/mtlsca.crt
- --mtlscert=/certs/mtls/mtlscert.crt
- --mtlskey=/certs/mtls/mtlskey.key
{{- end }}
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
- '--tunnel-port={{ .Values.service.edgeNodePort }}'
{{- end }}
{{- if (not (empty .Values.feature.flags)) }}
- '{{ .Values.feature.flags }}'
{{- end }}
volumeMounts:
{{- if .Values.persistence.enabled }}
- name: data
mountPath: /data
{{- end }}
{{- if .Values.tls.existingSecret }}
- name: certs
mountPath: /certs
readOnly: true
{{- end }}
{{- if .Values.mtls.existingSecret }}
- name: mtlscerts
mountPath: /certs/mtls
readOnly: true
{{- end }}
ports:
{{- if not .Values.tls.force }}
- name: http
containerPort: 9000
protocol: TCP
{{- end }}
- name: https
containerPort: 9443
protocol: TCP
- name: tcp-edge
containerPort: 8000
protocol: TCP
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 45
httpGet:
path: /
{{- if .Values.tls.force }}
port: 9443
scheme: HTTPS
{{- else }}
{{- if .Values.enterpriseEdition.enabled }}
{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+$" .Values.enterpriseEdition.image.tag }}
{{- if eq (semver .Values.enterpriseEdition.image.tag | (semver "2.7.0").Compare) -1 }}
port: 9443
scheme: HTTPS
{{- else }}
port: 9000
scheme: HTTP
{{- end }}
{{- else }}
{{- if eq .Values.enterpriseEdition.image.tag "latest" }}
port: 9443
scheme: HTTPS
{{- else }}
port: 9000
scheme: HTTP
{{- end }}
{{- end}}
{{- else }}
{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+$" .Values.image.tag }}
{{- if eq (semver .Values.image.tag | (semver "2.6.0").Compare) -1 }}
port: 9443
scheme: HTTPS
{{- else }}
port: 9000
scheme: HTTP
{{- end}}
{{- else }}
{{- if eq .Values.image.tag "latest" }}
port: 9443
scheme: HTTPS
{{- else }}
port: 9000
scheme: HTTP
{{- end }}
{{- end }}
{{- end }}
{{- end }}
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 45
httpGet:
path: /
{{- if .Values.tls.force }}
port: 9443
scheme: HTTPS
{{- else }}
{{- if .Values.enterpriseEdition.enabled }}
{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+$" .Values.enterpriseEdition.image.tag }}
{{- if eq (semver .Values.enterpriseEdition.image.tag | (semver "2.7.0").Compare) -1 }}
port: 9443
scheme: HTTPS
{{- else }}
port: 9000
scheme: HTTP
{{- end }}
{{- else }}
{{- if eq .Values.enterpriseEdition.image.tag "latest" }}
port: 9443
scheme: HTTPS
{{- else }}
port: 9000
scheme: HTTP
{{- end }}
{{- end}}
{{- else }}
{{- if regexMatch "^[0-9]+\\.[0-9]+\\.[0-9]+$" .Values.image.tag }}
{{- if eq (semver .Values.image.tag | (semver "2.6.0").Compare) -1 }}
port: 9443
scheme: HTTPS
{{- else }}
port: 9000
scheme: HTTP
{{- end}}
{{- else }}
{{- if eq .Values.image.tag "latest" }}
port: 9443
scheme: HTTPS
{{- else }}
port: 9000
scheme: HTTP
{{- end }}
{{- end }}
{{- end }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}

60
portainer/portainer/templates/ingress.yaml Normal file
View File

@ -0,0 +1,60 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "portainer.fullname" . -}}
{{- $tlsforced := .Values.tls.force -}}
{{- $apiVersion := include "ingress.apiVersion" . -}}
apiVersion: {{ $apiVersion }}
kind: Ingress
metadata:
name: {{ $fullName }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "portainer.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .Values.ingress.ingressClassName }}
ingressClassName: {{ . }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path | default "/" }}
{{- if eq $apiVersion "networking.k8s.io/v1" }}
pathType: Prefix
{{- end }}
backend:
{{- if eq $apiVersion "networking.k8s.io/v1" }}
service:
name: {{ $fullName }}
port:
{{- if $tlsforced }}
number: {{ .port | default 9443 }}
{{- else }}
number: {{ .port | default 9000 }}
{{- end }}
{{- else }}
serviceName: {{ $fullName }}
{{- if $tlsforced }}
servicePort: {{ .port | default 9443 }}
{{- else }}
servicePort: {{ .port | default 9000 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

6
portainer/portainer/templates/namespace.yaml Normal file
View File

@ -0,0 +1,6 @@
{{ if .Values.createNamespace }}
apiVersion: v1
kind: Namespace
metadata:
name: portainer
{{ end }}

32
portainer/portainer/templates/pvc.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- if .Values.persistence.enabled -}}
{{- if not .Values.persistence.existingClaim -}}
---
kind: "PersistentVolumeClaim"
apiVersion: "v1"
metadata:
name: {{ template "portainer.fullname" . }}
namespace: {{ .Release.Namespace }}
annotations:
{{- if .Values.persistence.storageClass }}
volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass | quote }}
{{- else }}
volume.alpha.kubernetes.io/storage-class: "generic"
{{- end }}
{{- if .Values.persistence.annotations }}
{{ toYaml .Values.persistence.annotations | indent 2 }}
{{ end }}
labels:
io.portainer.kubernetes.application.stack: portainer
{{- include "portainer.labels" . | nindent 4 }}
spec:
accessModes:
- {{ default "ReadWriteOnce" .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.selector }}
selector:
{{ toYaml .Values.persistence.selector | indent 4 }}
{{ end }}
{{- end }}
{{- end }}

14
portainer/portainer/templates/rbac.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "portainer.fullname" . }}
labels:
{{- include "portainer.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ include "portainer.serviceAccountName" . }}

47
portainer/portainer/templates/service.yaml Normal file
View File

@ -0,0 +1,47 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "portainer.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
io.portainer.kubernetes.application.stack: portainer
{{- include "portainer.labels" . | nindent 4 }}
{{- if .Values.service.annotations }}
annotations:
{{- range $key, $value := .Values.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
{{- if not .Values.tls.force }}
- port: {{ .Values.service.httpPort }}
targetPort: 9000
protocol: TCP
name: http
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.httpNodePort))) }}
nodePort: {{ .Values.service.httpNodePort}}
{{- end }}
{{- end }}
- port: {{ .Values.service.httpsPort }}
targetPort: 9443
protocol: TCP
name: https
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.httpsNodePort))) }}
nodePort: {{ .Values.service.httpsNodePort}}
{{- end }}
{{- if (eq .Values.service.type "NodePort") }}
- port: {{ .Values.service.edgeNodePort }}
targetPort: {{ .Values.service.edgeNodePort }}
{{- else }}
- port: {{ .Values.service.edgePort }}
targetPort: {{ .Values.service.edgePort }}
{{- end }}
protocol: TCP
name: edge
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
nodePort: {{ .Values.service.edgeNodePort }}
{{- end }}
selector:
{{- include "portainer.selectorLabels" . | nindent 4 }}

11
portainer/portainer/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "portainer.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "portainer.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}

18
portainer/portainer/templates/tests/test-connection.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if not .Values.disableTest -}}
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "portainer.fullname" . }}-test-connection"
namespace: {{ .Release.Namespace }}
labels:
{{- include "portainer.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "portainer.fullname" . }}:{{ .Values.service.httpPort }}']
restartPolicy: Never
{{ end }}

77
portainer/portainer/values.yaml Normal file
View File

@ -0,0 +1,77 @@
# Default values for portainer.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
# If enterpriseEdition is enabled, then use the values below _instead_ of those in .image
enterpriseEdition:
enabled: false
image:
repository: portainer/portainer-ee
tag: 2.18.3
pullPolicy: Always
image:
repository: portainer/portainer-ce
tag: 2.18.3
pullPolicy: Always
imagePullSecrets: []
nodeSelector: {}
serviceAccount:
annotations: {}
name: portainer-sa-clusteradmin
service:
# Set the httpNodePort and edgeNodePort only if the type is NodePort
# For Ingress, set the type to be ClusterIP and set ingress.enabled to true
# For Cloud Providers, set the type to be LoadBalancer
type: NodePort
httpPort: 9000
httpsPort: 9443
httpNodePort: 30777
httpsNodePort: 30779
edgePort: 8000
edgeNodePort: 30776
annotations: {}
tls:
# If set, Portainer will be configured to use TLS only
force: false
# If set, will mount the existing secret into the pod
existingSecret: ""
mtls:
# If set, Portainer will be configured to use mTLS only
enable: false
# If set, will mount the existing secret into the pod
existingSecret: ""
feature:
flags: ""
ingress:
enabled: false
ingressClassName: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# Only use below if tls.force=true
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# Note: Hosts and paths are of type array
hosts:
- host:
paths: []
# - path: "/"
tls: []
resources: {}
persistence:
enabled: true
size: "10Gi"
annotations: {}
storageClass:
existingClaim:

81
portainer/values.yaml Normal file
View File

@ -0,0 +1,81 @@
# Default values for portainer.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
# If enterpriseEdition is enabled, then use the values below _instead_ of those in .image
enterpriseEdition:
enabled: true
image:
repository: portainer/portainer-ee
tag: 2.18.3
pullPolicy: Always
image:
repository: portainer/portainer-ce
tag: 2.18.3
pullPolicy: Always
imagePullSecrets: []
nodeSelector: {}
serviceAccount:
annotations: {}
name: portainer-sa-clusteradmin
service:
# Set the httpNodePort and edgeNodePort only if the type is NodePort
# For Ingress, set the type to be ClusterIP and set ingress.enabled to true
# For Cloud Providers, set the type to be LoadBalancer
type: ClusterIP
httpPort: 9000
httpsPort: 9443
annotations:
haproxy.org/server-ssl: "true"
tls:
# If set, Portainer will be configured to use TLS only
force: true
# If set, will mount the existing secret into the pod
existingSecret: ""
mtls:
# If set, Portainer will be configured to use mTLS only
enable: false
# If set, will mount the existing secret into the pod
existingSecret: ""
feature:
flags: ""
ingress:
enabled: true
ingressClassName: haproxy
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: haproxy
# kubernetes.io/ingress.class: nginx
# Only use below if tls.force=true
# nginx.ingress.kubernetes.io/backend-protocol: HTTPS
# Note: Hosts and paths are of type array
hosts:
- host: portainer.geesink.org
paths:
- path: "/"
tls:
- hosts:
- portainer.geesink.org
secretName: portainer-cert-prod
resources: {}
persistence:
enabled: true
size: "10Gi"
annotations: {}
storageClass:
existingClaim:

15
portainer/values.yaml.old Normal file
View File

@ -0,0 +1,15 @@
USER-SUPPLIED VALUES:
enterpriseEdition:
enabled: true
ingress:
annotations:
kubernetes.io/ingress.class: haproxy
enabled: true
hosts:
- host: portainer.geesink.org
paths:
- path: '"/"'
service:
type: ClusterIP
tls:
force: true

15
portainer/values2.yaml Normal file
View File

@ -0,0 +1,15 @@
USER-SUPPLIED VALUES:
enterpriseEdition:
enabled: true
ingress:
annotations:
kubernetes.io/ingress.class: haproxy
enabled: true
hosts:
- host: portainer.geesink.org
paths:
- path: '"/"'
service:
type: ClusterIP
tls:
force: true