Add portainer (#19)

* add portainer

* fix port

* fix port

* simpler

* add category

* add tmp

* move usages under value

* acls

* update app.yaml

* update lib and hashes

* update lib

* update lib

* update lib

* update lib

* update lib

* update lib

* update lib

* update lib

* update lib

* update lib

* update lib

* adapt to lib changes

* update lib

* adapt to lib changes

* update lib

* adapt to lib changes

* update lib

* adapt to lib changes

* update lib

* update file

* add portal/notes

* update lib

* update files

* update lib

* update lib

* fix typo

* fix portal

* update library

* hash

* sync library

ix-dev/community/portainer/README.md

@@ -0,0 +1,3 @@
+# Portainer
+
+[Portainer](https://www.portainer.io) is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments.

ix-dev/community/portainer/app.yaml

@@ -0,0 +1,52 @@
+app_version: 2.20.3
+capabilities:
+- description: Portainer is able to chown files.
+  name: CHOWN
+- description: Portainer is able to bypass permission checks.
+  name: DAC_OVERRIDE
+- description: Portainer is able to bypass permission checks for it's sub-processes.
+  name: FOWNER
+- description: Portainer is able to kill processes.
+  name: KILL
+- description: Portainer is able to set group ids.
+  name: SETGID
+- description: Portainer is able to set user ids.
+  name: SETUID
+- description: Portainer is able to set capabilities.
+  name: SETPCAP
+- description: Portainer is able to set file capabilities.
+  name: SETFCAP
+categories:
+- management
+description: Container management made easy
+home: https://www.portainer.io
+host_mounts:
+- description: Docker socket
+  host_path: /var/run/docker.sock
+icon: https://media.sys.truenas.net/apps/portainer/icons/icon.png
+keywords:
+- docker
+- compose
+- container
+lib_version: 1.0.0
+lib_version_hash: f2610d4386f9f2f65b1e69176effe945f2d9cc7b9489e6386de82f1f63986c4e
+maintainers:
+- email: [email protected]
+  name: truenas
+  url: https://www.truenas.com/
+name: portainer
+run_as_context:
+- description: Portainer runs as root user.
+  gid: 0
+  group_name: root
+  uid: 0
+  user_name: root
+screenshots:
+- https://media.sys.truenas.net/apps/portainer/screenshots/screenshot1.png
+- https://media.sys.truenas.net/apps/portainer/screenshots/screenshot2.png
+sources:
+- https://www.portainer.io
+- https://github.com/portainer/portainer
+title: Portainer
+train: community
+version: 1.0.0

ix-dev/community/portainer/item.yaml

@@ -0,0 +1,10 @@
+categories:
+- management
+icon_url: https://media.sys.truenas.net/apps/portainer/icons/icon.png
+screenshots:
+- https://media.sys.truenas.net/apps/portainer/screenshots/screenshot1.png
+- https://media.sys.truenas.net/apps/portainer/screenshots/screenshot2.png
+tags:
+- docker
+- compose
+- container

ix-dev/community/portainer/ix_values.yaml

@@ -0,0 +1,16 @@
+images:
+  image:
+    repository: portainer/portainer-ce
+    tag: 2.20.3
+  ee_image:
+    repository: portainer/portainer-ee
+    tag: 2.20.3
+
+consts:
+  run_as_user: 0
+  run_as_group: 0
+  portainer_container_name: portainer
+  data_path: /data
+  socket_path: /var/run/docker.sock
+  ssl_key_path: /certs/ssl/key.pem
+  ssl_cert_path: /certs/ssl/cert.pem

ix-dev/community/portainer/migrations/migration_helpers/cpu.py

@@ -0,0 +1,27 @@
+import math
+import re
+import os
+
+CPU_COUNT = os.cpu_count()
+
+NUMBER_REGEX = re.compile(r"^[1-9][0-9]$")
+FLOAT_REGEX = re.compile(r"^[0-9]+\.[0-9]+$")
+MILI_CPU_REGEX = re.compile(r"^[0-9]+m$")
+
+
+def transform_cpu(cpu) -> int:
+    result = 2
+    if NUMBER_REGEX.match(cpu):
+        result = int(cpu)
+    elif FLOAT_REGEX.match(cpu):
+        result = int(math.ceil(float(cpu)))
+    elif MILI_CPU_REGEX.match(cpu):
+        num = int(cpu[:-1])
+        num = num / 1000
+        result = int(math.ceil(num))
+
+    if CPU_COUNT is not None:
+        # Do not exceed the actual CPU count
+        result = min(result, CPU_COUNT)
+
+    return result

ix-dev/community/portainer/migrations/migration_helpers/dns_config.py

@@ -0,0 +1,9 @@
+def migrate_dns_config(dns_config):
+    if not dns_config:
+        return []
+
+    dns_opts = []
+    for opt in dns_config.get("options", []):
+        dns_opts.append(f"{opt['name']}:{opt['value']}")
+
+    return dns_opts

ix-dev/community/portainer/migrations/migration_helpers/kubernetes_secrets.py

@@ -0,0 +1,15 @@
+def get_value_from_secret(secrets={}, secret_name="", key=""):
+    if not secrets or not secret_name or not key:
+        raise ValueError("Expected [secrets], [secret_name] and [key] to be set")
+    for secret in secrets.items():
+        curr_secret_name = secret[0]
+        curr_data = secret[1]
+
+        if curr_secret_name.endswith(secret_name):
+            if not curr_data.get(key, None):
+                raise ValueError(
+                    f"Expected [{key}] to be set in secret [{curr_secret_name}]"
+                )
+            return curr_data[key]
+
+    raise ValueError(f"Secret [{secret_name}] not found")

ix-dev/community/portainer/migrations/migration_helpers/memory.py

@@ -0,0 +1,49 @@
+import re
+import math
+import psutil
+
+TOTAL_MEM = psutil.virtual_memory().total
+
+SINGLE_SUFFIX_REGEX = re.compile(r"^[1-9][0-9]*([EPTGMK])$")
+DOUBLE_SUFFIX_REGEX = re.compile(r"^[1-9][0-9]*([EPTGMK])i$")
+BYTES_INTEGER_REGEX = re.compile(r"^[1-9][0-9]*$")
+EXPONENT_REGEX = re.compile(r"^[1-9][0-9]*e[0-9]+$")
+
+SUFFIX_MULTIPLIERS = {
+    "K": 10**3,
+    "M": 10**6,
+    "G": 10**9,
+    "T": 10**12,
+    "P": 10**15,
+    "E": 10**18,
+}
+
+DOUBLE_SUFFIX_MULTIPLIERS = {
+    "Ki": 2**10,
+    "Mi": 2**20,
+    "Gi": 2**30,
+    "Ti": 2**40,
+    "Pi": 2**50,
+    "Ei": 2**60,
+}
+
+
+def transform_memory(memory):
+    result = 4096  # Default to 4GB
+
+    if re.match(SINGLE_SUFFIX_REGEX, memory):
+        suffix = memory[-1]
+        result = int(memory[:-1]) * SUFFIX_MULTIPLIERS[suffix]
+    elif re.match(DOUBLE_SUFFIX_REGEX, memory):
+        suffix = memory[-2:]
+        result = int(memory[:-2]) * DOUBLE_SUFFIX_MULTIPLIERS[suffix]
+    elif re.match(BYTES_INTEGER_REGEX, memory):
+        result = int(memory)
+    elif re.match(EXPONENT_REGEX, memory):
+        result = int(float(memory))
+
+    result = math.ceil(result)
+    result = min(result, TOTAL_MEM)
+    # Convert to Megabytes
+    result = result / 1024 / 1024
+    return int(result)

ix-dev/community/portainer/migrations/migration_helpers/resources.py

@@ -0,0 +1,59 @@
+from .memory import transform_memory, TOTAL_MEM
+from .cpu import transform_cpu, CPU_COUNT
+
+
+def migrate_resources(resources, gpus=None, system_gpus=None):
+    gpus = gpus or {}
+    system_gpus = system_gpus or []
+
+    result = {
+        "limits": {
+            "cpus": (CPU_COUNT or 2) / 2,
+            "memory": {TOTAL_MEM / 1024 / 1024},
+        }
+    }
+
+    if resources.get("limits", {}).get("cpu", ""):
+        result["limits"].update(
+            {"cpus": transform_cpu(resources.get("limits", {}).get("cpu", ""))}
+        )
+    if resources.get("limits", {}).get("memory", ""):
+        result["limits"].update(
+            {"memory": transform_memory(resources.get("limits", {}).get("memory", ""))}
+        )
+
+    gpus_result = {}
+    for gpu in gpus.items() if gpus else []:
+        kind = gpu[0].lower()  # Kind of gpu (amd, nvidia, intel)
+        count = gpu[1]  # Number of gpus user requested
+
+        if count == 0:
+            continue
+
+        if "amd" in kind or "intel" in kind:
+            gpus_result.update({"use_all_gpus": True})
+        elif "nvidia" in kind:
+            sys_gpus = [
+                gpu_item
+                for gpu_item in system_gpus
+                if gpu_item.get("error") is None
+                and gpu_item.get("vendor", None) is not None
+                and gpu_item.get("vendor", "").upper() == "NVIDIA"
+            ]
+            for sys_gpu in sys_gpus:
+                if count == 0:  # We passed # of gpus that user previously requested
+                    break
+                guid = sys_gpu.get("vendor_specific_config", {}).get("uuid", "")
+                pci_slot = sys_gpu.get("pci_slot", "")
+                if not guid or not pci_slot:
+                    continue
+
+                gpus_result.update(
+                    {"nvidia_gpu_selection": {pci_slot: {"uuid": guid, "use_gpu": True}}}
+                )
+                count -= 1
+
+    if gpus_result:
+        result.update({"gpus": gpus_result})
+
+    return result

ix-dev/community/portainer/migrations/migration_helpers/storage.py

@@ -0,0 +1,115 @@
+def migrate_storage_item(storage_item, include_read_only=False):
+    if not storage_item:
+        raise ValueError("Expected [storage_item] to be set")
+
+    result = {}
+    if storage_item["type"] == "ixVolume":
+        result = migrate_ix_volume_type(storage_item)
+    elif storage_item["type"] == "hostPath":
+        result = migrate_host_path_type(storage_item)
+    elif storage_item["type"] == "emptyDir":
+        result = migrate_empty_dir_type(storage_item)
+    elif storage_item["type"] == "smb-pv-pvc":
+        result = migrate_smb_pv_pvc_type(storage_item)
+
+    mount_path = storage_item.get("mountPath", "")
+    if mount_path:
+        result.update({"mount_path": mount_path})
+
+    if include_read_only:
+        result.update({"read_only": storage_item.get("readOnly", False)})
+    return result
+
+
+def migrate_smb_pv_pvc_type(smb_pv_pvc):
+    smb_config = smb_pv_pvc.get("smbConfig", {})
+    if not smb_config:
+        raise ValueError("Expected [smb_pv_pvc] to have [smbConfig] set")
+
+    return {
+        "type": "cifs",
+        "cifs_config": {
+            "server": smb_config["server"],
+            "share": smb_config["share"],
+            "domain": smb_config.get("domain", ""),
+            "username": smb_config["username"],
+            "password": smb_config["password"],
+        },
+    }
+
+
+def migrate_empty_dir_type(empty_dir):
+    empty_dir_config = empty_dir.get("emptyDirConfig", {})
+    if not empty_dir_config:
+        raise ValueError("Expected [empty_dir] to have [emptyDirConfig] set")
+
+    if empty_dir_config.get("medium", "") == "Memory":
+        # Convert Gi to Mi
+        size = empty_dir_config.get("size", 0.5) * 1024
+        return {
+            "type": "tmpfs",
+            "tmpfs_config": {"size": size},
+        }
+
+    return {"type": "temporary"}
+
+
+def migrate_ix_volume_type(ix_volume):
+    vol_config = ix_volume.get("ixVolumeConfig", {})
+    if not vol_config:
+        raise ValueError("Expected [ix_volume] to have [ixVolumeConfig] set")
+
+    result = {
+        "type": "ix_volume",
+        "ix_volume_config": {
+            "acl_enable": vol_config.get("aclEnable", False),
+            "dataset_name": vol_config.get("datasetName", ""),
+        },
+    }
+
+    if vol_config.get("aclEnable", False):
+        result["ix_volume_config"].update(
+            {"acl_entries": migrate_acl_entries(vol_config["aclEntries"])}
+        )
+
+    return result
+
+
+def migrate_host_path_type(host_path):
+    path_config = host_path.get("hostPathConfig", {})
+    if not path_config:
+        raise ValueError("Expected [host_path] to have [hostPathConfig] set")
+
+    result = {
+        "type": "host_path",
+        "host_path_config": {
+            "acl_enable": path_config.get("aclEnable", False),
+        },
+    }
+
+    if path_config.get("aclEnable", False):
+        result["host_path_config"].update(
+            {"acl": migrate_acl_entries(path_config.get("acl", {}))}
+        )
+    else:
+        result["host_path_config"].update({"path": path_config["hostPath"]})
+
+    return result
+
+
+def migrate_acl_entries(acl_entries: dict) -> dict:
+    entries = []
+    for entry in acl_entries.get("entries", []):
+        entries.append(
+            {
+                "access": entry["access"],
+                "id": entry["id"],
+                "id_type": entry["id_type"],
+            }
+        )
+
+    return {
+        "entries": entries,
+        "options": {"force": acl_entries.get("force", False)},
+        "path": acl_entries["path"],
+    }