Skip to content

Commit

Permalink
Merge pull request #73 from portainer/add-ssl
Browse files Browse the repository at this point in the history 
Update chart to support BYO SSL certificates
  • Loading branch information
@samdulam
samdulam authored Sep 27, 2021
2 parents 143789a + a158f55 commit 0190fa9
Show file tree
Hide file tree
Showing 10 changed files with 121 additions and 45 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/on-push-lint-charts.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ jobs:

# Refer to https://github.com/kubernetes-sigs/kind/releases when updating the node_images
- name: Create 1.20 kind cluster
uses: helm/kind-action@v1.1.0
uses: helm/kind-action@v1.2.0
with:
node_image: kindest/node:v1.20.2@sha256:8f7ea6e7642c0da54f04a7ee10431549c0257315b3a634f6ef2fecaaedb19bab
cluster_name: kubernetes-1.20
Expand All @@ -70,7 +70,7 @@ jobs:
run: ct install --config .ci/ct-config.yaml

- name: Create 1.19 kind cluster
uses: helm/kind-action@v1.1.0
uses: helm/kind-action@v1.2.0
with:
node_image: kindest/node:v1.19.7@sha256:a70639454e97a4b733f9d9b67e12c01f6b0297449d5b9cbbef87473458e26dca
cluster_name: kubernetes-1.19
Expand All @@ -80,7 +80,7 @@ jobs:
run: ct install --config .ci/ct-config.yaml

- name: Create 1.18 kind cluster
uses: helm/kind-action@v1.1.0
uses: helm/kind-action@v1.2.0
with:
node_image: kindest/node:v1.18.15@sha256:5c1b980c4d0e0e8e7eb9f36f7df525d079a96169c8a8f20d8bd108c0d0889cc4
cluster_name: kubernetes-1.18
Expand Down
2 changes: 1 addition & 1 deletion charts/portainer/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: 1.0.16
version: 1.0.17

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
Expand Down
10 changes: 5 additions & 5 deletions charts/portainer/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,17 @@
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
Get the application URL by running these commands:
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "portainer.fullname" . }})
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ include "portainer.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
echo https://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
Get the application URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "portainer.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "portainer.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.httpPort }}
echo http://$SERVICE_IP:{{ .Values.service.httpsPort }}
{{- else if contains "ClusterIP" .Values.service.type }}
Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "portainer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].me$ echo "Visit http://127.0.0.1:9000 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9000:9000
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "portainer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].me$ echo "Visit http://127.0.0.1:9443 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 9443:9443
{{- end }}
32 changes: 26 additions & 6 deletions charts/portainer/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,14 @@ spec:
{{- end }}
serviceAccountName: {{ include "portainer.serviceAccountName" . }}
volumes:
- name: "data"
persistentVolumeClaim:
claimName: {{ template "portainer.pvcName" . }}
- name: "data"
persistentVolumeClaim:
claimName: {{ template "portainer.pvcName" . }}
{{- if .Values.tls.existingSecret }}
- name: certs
secret:
secretName: {{ .Values.tls.existingSecret }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- if .Values.enterpriseEdition.enabled }}
Expand All @@ -37,26 +42,41 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- end }}
args:
{{- if .Values.tls.existingSecret }}
- --sslcert=/certs/tls.crt
- --sslkey=/certs/tls.key
{{- end }}
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
args: [ '--tunnel-port','{{ .Values.service.edgeNodePort }}' ]
- '--tunnel-port={{ .Values.service.edgeNodePort }}'
{{- end }}
volumeMounts:
- name: data
mountPath: /data
{{- if .Values.tls.existingSecret }}
- name: certs
mountPath: /certs
readOnly: true
{{- end }}
ports:
- name: http
containerPort: 9000
protocol: TCP
- name: https
containerPort: 9443
protocol: TCP
- name: tcp-edge
containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
readinessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
resources:
{{- toYaml .Values.resources | nindent 12 }}
11 changes: 9 additions & 2 deletions charts/portainer/templates/service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,14 @@ spec:
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.httpNodePort))) }}
nodePort: {{ .Values.service.httpNodePort}}
{{- end }}
{{- if (eq .Values.service.type "NodePort") }}
- port: {{ .Values.service.httpsPort }}
targetPort: 9443
protocol: TCP
name: https
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.httpsNodePort))) }}
nodePort: {{ .Values.service.httpsNodePort}}
{{- end }}
{{- if (eq .Values.service.type "NodePort") }}
- port: {{ .Values.service.edgeNodePort }}
targetPort: {{ .Values.service.edgeNodePort }}
{{- else }}
Expand All @@ -33,6 +40,6 @@ spec:
name: edge
{{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.edgeNodePort))) }}
nodePort: {{ .Values.service.edgeNodePort }}
{{- end }}
{{- end }}
selector:
{{- include "portainer.selectorLabels" . | nindent 4 }}
7 changes: 7 additions & 0 deletions charts/portainer/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,21 @@ service:
# For Cloud Providers, set the type to be LoadBalancer
type: NodePort
httpPort: 9000
httpsPort: 9443
httpNodePort: 30777
httpsNodePort: 30779
edgePort: 8000
edgeNodePort: 30776
annotations: {}

tls:
# If set, will mount the existing secret into the pod
existingSecret: ""

ingress:
enabled: false
annotations: {}
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
hosts:
- host:
paths: []
Expand Down
25 changes: 18 additions & 7 deletions deploy/manifests/portainer/portainer-ee.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,11 @@ spec:
protocol: TCP
name: http
nodePort: 30777
- port: 9443
targetPort: 9443
protocol: TCP
name: https
nodePort: 30779
- port: 30776
targetPort: 30776
protocol: TCP
Expand Down Expand Up @@ -111,32 +116,38 @@ spec:
{}
serviceAccountName: portainer-sa-clusteradmin
volumes:
- name: "data"
persistentVolumeClaim:
claimName: portainer
- name: "data"
persistentVolumeClaim:
claimName: portainer
containers:
- name: portainer
image: "portainer/portainer-ee:2.7.0"
imagePullPolicy: Always
args: [ '--tunnel-port','30776' ]
args:
- '--tunnel-port=30776'
volumeMounts:
- name: data
mountPath: /data
mountPath: /data
ports:
- name: http
containerPort: 9000
protocol: TCP
- name: https
containerPort: 9443
protocol: TCP
- name: tcp-edge
containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
readinessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
resources:
{}

24 changes: 17 additions & 7 deletions deploy/manifests/portainer/portainer-lb-ee.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,10 @@ spec:
targetPort: 9000
protocol: TCP
name: http
- port: 9443
targetPort: 9443
protocol: TCP
name: https
- port: 8000
targetPort: 8000
protocol: TCP
Expand Down Expand Up @@ -109,31 +113,37 @@ spec:
{}
serviceAccountName: portainer-sa-clusteradmin
volumes:
- name: "data"
persistentVolumeClaim:
claimName: portainer
- name: "data"
persistentVolumeClaim:
claimName: portainer
containers:
- name: portainer
image: "portainer/portainer-ee:2.7.0"
imagePullPolicy: Always
imagePullPolicy: Always
args:
volumeMounts:
- name: data
mountPath: /data
mountPath: /data
ports:
- name: http
containerPort: 9000
protocol: TCP
- name: https
containerPort: 9443
protocol: TCP
- name: tcp-edge
containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
readinessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
resources:
{}

24 changes: 17 additions & 7 deletions deploy/manifests/portainer/portainer-lb.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,10 @@ spec:
targetPort: 9000
protocol: TCP
name: http
- port: 9443
targetPort: 9443
protocol: TCP
name: https
- port: 8000
targetPort: 8000
protocol: TCP
Expand Down Expand Up @@ -109,31 +113,37 @@ spec:
{}
serviceAccountName: portainer-sa-clusteradmin
volumes:
- name: "data"
persistentVolumeClaim:
claimName: portainer
- name: "data"
persistentVolumeClaim:
claimName: portainer
containers:
- name: portainer
image: "portainer/portainer-ce:latest"
imagePullPolicy: Always
imagePullPolicy: Always
args:
volumeMounts:
- name: data
mountPath: /data
mountPath: /data
ports:
- name: http
containerPort: 9000
protocol: TCP
- name: https
containerPort: 9443
protocol: TCP
- name: tcp-edge
containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
readinessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
resources:
{}

25 changes: 18 additions & 7 deletions deploy/manifests/portainer/portainer.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,11 @@ spec:
protocol: TCP
name: http
nodePort: 30777
- port: 9443
targetPort: 9443
protocol: TCP
name: https
nodePort: 30779
- port: 30776
targetPort: 30776
protocol: TCP
Expand Down Expand Up @@ -111,32 +116,38 @@ spec:
{}
serviceAccountName: portainer-sa-clusteradmin
volumes:
- name: "data"
persistentVolumeClaim:
claimName: portainer
- name: "data"
persistentVolumeClaim:
claimName: portainer
containers:
- name: portainer
image: "portainer/portainer-ce:latest"
imagePullPolicy: Always
args: [ '--tunnel-port','30776' ]
args:
- '--tunnel-port=30776'
volumeMounts:
- name: data
mountPath: /data
mountPath: /data
ports:
- name: http
containerPort: 9000
protocol: TCP
- name: https
containerPort: 9443
protocol: TCP
- name: tcp-edge
containerPort: 8000
protocol: TCP
livenessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
readinessProbe:
httpGet:
path: /
port: 9000
port: 9443
scheme: HTTPS
resources:
{}

0 comments on commit 0190fa9

Please sign in to comment.