Table of contents
Portainer is Universal Container Management System and a definitive open-source UI solution for Kubernetes, Docker, and ACI. It abstracts all the complexity traditionally associated with orchestration engines behind a simple "click-to-configure" interface, making Kubernetes accessible to everyone without forcing anyone to compromise on functionality or capability.
Portainer simplifies container operations so you can deliver software to more places, faster.
What are Containers
Containers are packages of software that contain all of the necessary elements to run in any environment. In this way, containers virtualize the operating system and run anywhere, from a private data center to the public cloud or even on a developer's personal laptop.
To learn more check out my blog on "Introduction to Virtualization, Hypervisor, and Container".
Get Started with Portainer
Portainer is available in two separate editions, Business edition(BE) and Community Edition(CE).
The community edition is free and supported by the open-source software community.
The business edition has fully supported products that add security, audit, and automation features which are required by most organizations. Get started with a Demo here.
We will be installing and using the Community Edition.
Before you go ahead and Install, Portainer Community Edition, check the requirements and prerequisites.
Get a new installation according to your requirements and OS you are using. You can set up a new Installation from here.
Adding an Environment to an existing installation
If you want to add another environment to your existing Portainer installation, first select the type of environment you would like to add then follow this page for installation.
Portainer is a ‘universal’ service delivery platform for containerized applications. It can be deployed inside any Kubernetes, Docker, or Docker Swarm environment and, once deployed, can be used to simplify the deployment of containerized apps, triage performance problems, and manage platform governance.
Portainer can be deployed on-prem, in the cloud, across the hybrid cloud, and at the edge, uniquely giving users visibility of multiple container environments through a single interface.
Portainer is accessed through any web browser over HTTPS. Role permission is all controlled via the fully integrated RBAC engine to ensure no one gets access to functionality they shouldn’t have. Portainer CE supports basic RBAC with 2 roles and Portainer Busines Edition supports a far richer set of roles.
The Kubernetes compatible API, which is part of both Portainer CE and Portainer BE, allows Portainer to be used as the security conduit between third-party developer tools and clusters. It enables developers to use any tool they like whilst having their access permissions managed by Portainer.
Features of Portainer
1. Application Deployment
Portainer has its own simplified GUI, which makes it easy for users to get started. For advanced users, Portainer incorporates an API that allows it to connect to CI/CD tools or third-party dashboards/deployment tools.
Portainer helps developers deploy cloud-native applications into containers simply, quickly, and securely.
Manual deployment options
Portainer aims to provide contained as a service and provides users with limited to zero knowledge of containers use "Click to deploy" bootstrap for getting commonly used applications up and running fast.
For application templates, a user simply needs to deploy an application, tune/configure it as they wish then save it to be used as a "click to deploy" template.
Portainer supports HELM charts for Kubernetes clusters and provides users with the ability to deploy any application that is made available via the Bitnami HELM repo.
Code-based deployment is for more experienced users who want to exert a tighter degree of control over the deployment of their application is also present.
Automated deployment options
Portainer can also function as a Continous Deployment system and allows DevOps professionals to connect Portainer to their Git repositories.
Portainer will automatically deploy any application defined in the repository and make sure that changes made in the Git repo are propagated to the running application. This is a very powerful feature.
To monitor container-based apps properly you need to have direct and deep visibility into the underlying container platform. Containers can crash and be rescheduled in seconds, often meaning failures could go unnoticed by end-users, but this doesn’t mean there isn’t a problem.
Portainer is able to display your application logs, either at an individual container/pod level or via an aggregated service/application view. Logs remain visible for the life of the container and are presented to the user via the Portainer GUI. Portainer even allows the logs to be saved locally to allow for in-depth forensic analysis.
Portainer also includes a cluster visualizer, allowing the user to quickly see which components of their applications are running on which physical hosts. This feature can be used to validate that load balancing is working as expected or that any placement constraints have been honored.
Portainer includes the ability to display an interactive console for every container/pod running in the environment, this is a great troubleshooting tool when you need to know exactly what is going on and be able to triage directly in the running application environment.
Portainer displays the real-time performance of all applications running on the cluster through a dashboard. It incorporates a live stream of CPU/RAM/Disk/Network stats for each container/pod in the stack.
3. Governance and Security
Orchestration platforms like Kubernetes are insecure by default, which is a problem for any organization looking to deploy K8s at any scale.
Portainer helps Platform Engineers secure their environments by allowing them to control who can do what, logging who does what, and providing the ability to backup and restore the Portainer configuration database. RBAC and oAuth are cornerstones of the Governance framework.
At its core, Portainer is a powerful policy and governance platform and an essential element in the IT stack.
Portainer provides a super-simple “click to configure” interface for OAuth, allowing for instant connection to Azure AD, GitHub Auth, and Google Auth; whilst both Portainer Business and Portainer Community support the “custom” OAuth field, allowing manual connection to any other OAuth compliant source.
What a user can see and what they can do inside Portainer is controlled based on a combination of their own assigned access control and the access control of their team(s).
Portainer provides administrators with the ability to enable or disable user access to each risky technology component which helps to manage the risk. Of course, a fully secured environment can still run applications; however, these applications would need to have been built with this level of security control in mind.
Portainer provides a log of all user authentication requests, and journals the success or failure of each login as a record of when users engaged with Portainer. This log is retained for one week before being purged. The authentication log is primarily designed to alert admins if brute-force password login bots are attempting to log in as a user.
Backup and Restore
Portainer is an infrastructure component, and as it provides a gateway between users and the container platforms, it holds a great deal of configuration information. All of the user access control information, the connection information for deployment locations, and all application deployment definition files are held within the Portainer database.
4. Platform Management
Portainer's platform management functionality allows engineers to both configure the orchestrator and then set up configuration 'rules' which define what users of the platform (typically developers) can and can't do inside the environment.
Portainer lets you define any number of container registries - public or private, secure or open - and then allows you to assign access to users.
Only authorized users are able to pull/push from any given registry which makes Portainer a great way to secure access to your internal container image repositories and a simple way to define and secure access across your organization.
Managing persistent storage is a challenge in any containerized environment, given the differing needs of applications. Portainer makes the provisioning and management of storage very straightforward for users.
Docker provisioning - Portainer supports the creation of persistent volumes against either a local path on a docker host, a CIFS share, or an NFS mount.
Volume Browsing - Portainer provides authorized users with the ability to browse the persistent volumes attached to containers. Users can interact directly with the volume content, either uploading/downloading files or renaming/deleting.
Kubernetes capacity management - In a Kubernetes environment, Portainer allows users to specify the maximum size of their requested volume when created.
Making sure applications are properly networked within clusters is critical and Portainer makes it easy. For Docker, you can create and use an additional bridge, overlay, or MACVLAN network. For Kubernetes, you can configure and use Ingress and Load Balancers across the cluster.
Kubernetes: Application load balancing - Portainer allows users to publish their application via a Kubernetes Ingress controller (reverse proxy) which includes defining the HTTP routes, rewriting headers, or performing SSL offload.
Kubernetes: Network load balancing - Portainer allows users to publish their application via a Kubernetes Load Balancer (or Swarm Ingress), which provides enables their application to be globally visible across the cluster.
Kubernetes Cluster Access & Cluster Create - Integrated Kubectl into Portainer natively to help users troubleshoot Kubernetes applications without having to leave the Portainer UI.
Portainer as a proxy for third-party container environments - Ability for Portainer to be used as a secured authenticated proxy into third-party container environments in CE 2.9.1. This allows Platform and DevOps engineers to integrate Portainer seamlessly with third-party CI/CD tools and build secure, end-to-end automated delivery workflows.
Using a terminal or command prompt, create a portable_data disk by running the following command
docker volume create portainer_data
Data volume "portainer_data" is created on your hard drive which will store your configuration data. In the absence of it, data would be stored in the container and lost every time it restarted.
Start the Portainer container by using the command.
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer
If the docker image does not exist on your system, it will pull the docker image from the docker hub in layers. Now your Portainer is running.
Connect to Portainer
Connecting to Portainer is as simple as installing Portainer. Enter localhost:9000 in your browser to connect to Portainer. Enter a new password and confirm the new password.
After logging in, you will see this page. Portainer supports multiple options, we will choose Manage the Local Docker Environment.
After you connect to the local Docker Environment, you will find yourself inside this menu operating Portainer!✨
Click on the Local Docker instance to view the Docker dashboard which shows a high-level overview of all the Docker processes running currently.
Play around with the settings, you will find everything we have listed so far in the blog, in the menu section of the page.
- App templates - "Click to configure" templates.
- Containers - Available containers.
- Images - List of available images. You can even pull images from the docker hub.
- Host - Lists all the details about the host.
- Users - Add users, assign roles and add teams
- Settings - Enable and disable security settings. The settings are fairly intuitive, with the majority focusing on limiting what power is granted to non-administrators.
Portainer uses its own internal user management system by default, you can choose LDAP server or an OAuth provider. Set your preferred authentication method by selecting a method and then filling out the fields in the form.
Frequency Asked Questions
If you are still unsure about Portainer concepts, hop onto the Official Frequently asked questions page, there is a high probability your question has already been answered.
If you are having trouble installing, check out the Installation FAQ section to resolve your problems.
Want to know about upgrading your Portainer, check out the resource here.
If you are having trouble with setting up or using Portainer, you can check out the troubleshooting page here.
I encourage you to check out this section after you have understood what is Portainer. It would be a great way to start with open-source if you haven't and build your personal brand in the process of contributing.
Now, you have learned and understood about the universal container management system, Portainer. Go out and set it up for yourself or for your organization. I am a big advocate of learning and implementing and I advise you too to do the same.
Share your experience using Portainer as "Portainer Experiment Notes" by writing a blog about it, making a video, or a Twitter thread!
Working with a command line is cool but when you are working in an enterprise environment, a simple GUI which makes your job easy is a gift. Portainer is a very powerful tool in my opinion that lets you get started and get a lot of important stuff done.
I too learned a lot of use cases for Portainer in the process of writing an in-depth guide about it. Cheers to learning together!✨
Connect with Portainer
Feel free to ask any questions you have about the Portainer tool in the General channel in Slack or head over to Github. To make sure you get a timely and accurate response to your question, please ensure you include the following information:
- What version of Portainer are you running:
- If you're using Docker, Swarm, or K8S:
- What OS you're on (windows/Linux):
- Command used to start Portainer:
- What browser are you on:
- Are you using Portainer at Home or in a Commerical setup:
- Have you reviewed our technical documentation and knowledge base:
Forums are not just for you to ask questions, Portainer welcomes all engagement - if you see a question pop up that you can help with then jump in and build your personal, public profile.