--- apiVersion: v1 kind: Namespace metadata: name: portainer --- apiVersion: v1 kind: ServiceAccount metadata: name: portainer-sa namespace: portainer --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: portainer-admin-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: portainer-sa namespace: portainer --- apiVersion: v1 kind: PersistentVolume metadata: name: portainer-pv labels: type: local spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce storageClassName: local-pvs local: path: /home/ansible/k3s/makhiwane/portainer nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/hostname operator: In values: - lead persistentVolumeReclaimPolicy: Retain --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: portainer-pvc namespace: portainer spec: accessModes: - ReadWriteOnce storageClassName: local-pvs resources: requests: storage: 10Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: portainer namespace: portainer spec: replicas: 1 selector: matchLabels: app: portainer template: metadata: labels: app: portainer spec: serviceAccountName: portainer-sa containers: - name: portainer image: portainer/portainer-ce:2.33.2 ports: - containerPort: 9000 - containerPort: 9443 volumeMounts: - name: data mountPath: /data volumes: - name: data persistentVolumeClaim: claimName: portainer-pvc --- apiVersion: v1 kind: Service metadata: name: portainer namespace: portainer spec: type: ClusterIP selector: app: portainer ports: - name: http protocol: TCP port: 9000 targetPort: 9000 - name: https protocol: TCP port: 9443 targetPort: 9443 --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: portainer-dashboard namespace: portainer spec: entryPoints: - websecure routes: - match: Host(`portainer.apps.mngoma.lab`) kind: Rule services: - name: portainer port: 9000 scheme: http tls: {}