From f040b0d1e20573663bbfccbfacf1ac3a0b6637f7 Mon Sep 17 00:00:00 2001
From: u1 <u1@rv32i.pl>
Date: Tue, 6 Jan 2026 00:50:08 +0000
Subject: [PATCH] feat(portainer): add portainer manifests for k3s

---
 kustomize/infra/portainer/portainer.yaml | 106 +++++++++++++++++++++++
 1 file changed, 106 insertions(+)
 create mode 100644 kustomize/infra/portainer/portainer.yaml

diff --git a/kustomize/infra/portainer/portainer.yaml b/kustomize/infra/portainer/portainer.yaml
new file mode 100644
index 0000000..8973c94
--- /dev/null
+++ b/kustomize/infra/portainer/portainer.yaml
@@ -0,0 +1,106 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: portainer
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: portainer-sa
+  namespace: portainer
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: portainer-sa-clusteradmin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: portainer-sa
+    namespace: portainer
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: portainer-data
+  namespace: portainer
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: portainer
+  namespace: portainer
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: portainer
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: portainer
+    spec:
+      serviceAccountName: portainer-sa
+      containers:
+        - name: portainer
+          image: portainer/portainer-ce:2.20.3
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 9000
+          volumeMounts:
+            - name: data
+              mountPath: /data
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: portainer-data
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: portainer
+  namespace: portainer
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: portainer
+  ports:
+    - name: http
+      port: 9000
+      targetPort: http
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: portainer
+  namespace: portainer
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+  ingressClassName: traefik
+  tls:
+    - hosts:
+        - portainer.rv32i.pl
+      secretName: portainer-rv32i-pl-tls
+  rules:
+    - host: portainer.rv32i.pl
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: portainer
+                port:
+                  number: 9000