apiVersion: v1 kind: Namespace metadata: name: portainer --- apiVersion: v1 kind: ServiceAccount metadata: name: portainer-sa namespace: portainer --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: portainer-sa-clusteradmin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: portainer-sa namespace: portainer --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: portainer-data namespace: portainer spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: portainer namespace: portainer spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: portainer template: metadata: labels: app.kubernetes.io/name: portainer spec: serviceAccountName: portainer-sa containers: - name: portainer image: portainer/portainer-ce:2.20.3 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 9000 volumeMounts: - name: data mountPath: /data volumes: - name: data persistentVolumeClaim: claimName: portainer-data --- apiVersion: v1 kind: Service metadata: name: portainer namespace: portainer spec: type: ClusterIP selector: app.kubernetes.io/name: portainer ports: - name: http port: 9000 targetPort: http --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: portainer namespace: portainer annotations: cert-manager.io/cluster-issuer: letsencrypt-prod traefik.ingress.kubernetes.io/router.entrypoints: websecure spec: ingressClassName: traefik tls: - hosts: - portainer.rv32i.pl secretName: portainer-rv32i-pl-tls rules: - host: portainer.rv32i.pl http: paths: - path: / pathType: Prefix backend: service: name: portainer port: number: 9000