2026-04-22 01:21:55 +00:00
8 changed files with 59 additions and 9 deletions
--- a/packages/mosaic/framework/tools/portainer/README.md
+++ b/packages/mosaic/framework/tools/portainer/README.md
@@ -13,6 +13,14 @@ export PORTAINER_URL="https://portainer.example.com:9443"
 export PORTAINER_API_KEY="your-api-key-here"
 ```

+If your Portainer instance uses a self-signed TLS certificate (e.g. internal LAN), set:
+
+```bash
+export PORTAINER_INSECURE=1
+```
+
+This passes `-k` to all curl calls, bypassing certificate verification. Do not set this against public/production instances.
+
 You can add these to your shell profile (`~/.bashrc`, `~/.zshrc`) or use a `.env` file.

 ### Creating an API Key
--- a/packages/mosaic/framework/tools/portainer/endpoint-list.sh
+++ b/packages/mosaic/framework/tools/portainer/endpoint-list.sh
@@ -46,8 +46,14 @@ fi
 # Remove trailing slash from URL
 PORTAINER_URL="${PORTAINER_URL%/}"

+# TLS options
+CURL_OPTS=()
+if [ "${PORTAINER_INSECURE:-0}" = "1" ]; then
+    CURL_OPTS+=(-k)
+fi
+
 # Fetch endpoints
-response=$(curl -s -w "\n%{http_code}" \
+response=$(curl -s "${CURL_OPTS[@]}" -w "\n%{http_code}" \
    -H "X-API-Key: ${PORTAINER_API_KEY}" \
    "${PORTAINER_URL}/api/endpoints")

--- a/packages/mosaic/framework/tools/portainer/stack-list.sh
+++ b/packages/mosaic/framework/tools/portainer/stack-list.sh
@@ -52,8 +52,14 @@ fi
 # Remove trailing slash from URL
 PORTAINER_URL="${PORTAINER_URL%/}"

+# TLS options
+CURL_OPTS=()
+if [ "${PORTAINER_INSECURE:-0}" = "1" ]; then
+    CURL_OPTS+=(-k)
+fi
+
 # Fetch stacks
-response=$(curl -s -w "\n%{http_code}" \
+response=$(curl -s "${CURL_OPTS[@]}" -w "\n%{http_code}" \
    -H "X-API-Key: ${PORTAINER_API_KEY}" \
    "${PORTAINER_URL}/api/stacks")

--- a/packages/mosaic/framework/tools/portainer/stack-logs.sh
+++ b/packages/mosaic/framework/tools/portainer/stack-logs.sh
@@ -64,12 +64,18 @@ fi
 # Remove trailing slash from URL
 PORTAINER_URL="${PORTAINER_URL%/}"

+# TLS options
+CURL_OPTS=()
+if [ "${PORTAINER_INSECURE:-0}" = "1" ]; then
+    CURL_OPTS+=(-k)
+fi
+
 # Function to make API requests
 api_request() {
    local method="$1"
    local endpoint="$2"

-    curl -s -w "\n%{http_code}" -X "$method" \
+    curl -s "${CURL_OPTS[@]}" -w "\n%{http_code}" -X "$method" \
        -H "X-API-Key: ${PORTAINER_API_KEY}" \
        "${PORTAINER_URL}${endpoint}"
 }
@@ -165,7 +171,7 @@ fi
 # Note: Docker API returns raw log stream, not JSON
 if [[ "$FOLLOW" == "true" ]]; then
    # Stream logs
-    curl -s -N \
+    curl -s "${CURL_OPTS[@]}" -N \
        -H "X-API-Key: ${PORTAINER_API_KEY}" \
        "${PORTAINER_URL}/api/endpoints/${ENDPOINT_ID}/docker/containers/${CONTAINER_ID}/logs?${params}" | \
        # Docker log format has 8-byte header per line, strip it
@@ -175,7 +181,7 @@ if [[ "$FOLLOW" == "true" ]]; then
        done
 else
    # Get logs (non-streaming)
-    curl -s \
+    curl -s "${CURL_OPTS[@]}" \
        -H "X-API-Key: ${PORTAINER_API_KEY}" \
        "${PORTAINER_URL}/api/endpoints/${ENDPOINT_ID}/docker/containers/${CONTAINER_ID}/logs?${params}" | \
        # Docker log format has 8-byte header per line, attempt to strip it
--- a/packages/mosaic/framework/tools/portainer/stack-redeploy.sh
+++ b/packages/mosaic/framework/tools/portainer/stack-redeploy.sh
@@ -63,13 +63,19 @@ fi
 # Remove trailing slash from URL
 PORTAINER_URL="${PORTAINER_URL%/}"

+# TLS options
+CURL_OPTS=()
+if [ "${PORTAINER_INSECURE:-0}" = "1" ]; then
+    CURL_OPTS+=(-k)
+fi
+
 # Function to make API requests
 api_request() {
    local method="$1"
    local endpoint="$2"
    local data="${3:-}"

-    local args=(-s -w "\n%{http_code}" -X "$method" -H "X-API-Key: ${PORTAINER_API_KEY}")
+    local args=(-s "${CURL_OPTS[@]}" -w "\n%{http_code}" -X "$method" -H "X-API-Key: ${PORTAINER_API_KEY}")

    if [[ -n "$data" ]]; then
        args+=(-H "Content-Type: application/json" -d "$data")
--- a/packages/mosaic/framework/tools/portainer/stack-start.sh
+++ b/packages/mosaic/framework/tools/portainer/stack-start.sh
@@ -54,12 +54,18 @@ fi
 # Remove trailing slash from URL
 PORTAINER_URL="${PORTAINER_URL%/}"

+# TLS options
+CURL_OPTS=()
+if [ "${PORTAINER_INSECURE:-0}" = "1" ]; then
+    CURL_OPTS+=(-k)
+fi
+
 # Function to make API requests
 api_request() {
    local method="$1"
    local endpoint="$2"

-    curl -s -w "\n%{http_code}" -X "$method" \
+    curl -s "${CURL_OPTS[@]}" -w "\n%{http_code}" -X "$method" \
        -H "X-API-Key: ${PORTAINER_API_KEY}" \
        "${PORTAINER_URL}${endpoint}"
 }
--- a/packages/mosaic/framework/tools/portainer/stack-status.sh
+++ b/packages/mosaic/framework/tools/portainer/stack-status.sh
@@ -57,12 +57,18 @@ fi
 # Remove trailing slash from URL
 PORTAINER_URL="${PORTAINER_URL%/}"

+# TLS options
+CURL_OPTS=()
+if [ "${PORTAINER_INSECURE:-0}" = "1" ]; then
+    CURL_OPTS+=(-k)
+fi
+
 # Function to make API requests
 api_request() {
    local method="$1"
    local endpoint="$2"

-    curl -s -w "\n%{http_code}" -X "$method" \
+    curl -s "${CURL_OPTS[@]}" -w "\n%{http_code}" -X "$method" \
        -H "X-API-Key: ${PORTAINER_API_KEY}" \
        "${PORTAINER_URL}${endpoint}"
 }
--- a/packages/mosaic/framework/tools/portainer/stack-stop.sh
+++ b/packages/mosaic/framework/tools/portainer/stack-stop.sh
@@ -54,12 +54,18 @@ fi
 # Remove trailing slash from URL
 PORTAINER_URL="${PORTAINER_URL%/}"

+# TLS options
+CURL_OPTS=()
+if [ "${PORTAINER_INSECURE:-0}" = "1" ]; then
+    CURL_OPTS+=(-k)
+fi
+
 # Function to make API requests
 api_request() {
    local method="$1"
    local endpoint="$2"

-    curl -s -w "\n%{http_code}" -X "$method" \
+    curl -s "${CURL_OPTS[@]}" -w "\n%{http_code}" -X "$method" \
        -H "X-API-Key: ${PORTAINER_API_KEY}" \
        "${PORTAINER_URL}${endpoint}"
 }