Mahesh Moholkar's Blog

A beginner's Guide to Portainer

A beginner's Guide to Portainer

Mahesh Moholkar's photo
Mahesh Moholkar
·

6 min read

Table of contents

What is Portainer?

Portainer is a centralized service that allows you to manage the containerized application.

We can simply run Portainer, it gives us a user interface to manage local containers. We can also run Portainer as a server and plug agents into all our environments, whether it's Microsoft Azure, Docker virtual machines, Swarm clusters, or a Kubernetes cluster. It simplifies the management of these container environments. Today we deep dive into Portainer. Portainer eases the pain and burden of managing containers and container orchestrated environments. It achieves this by reducing the need for command-line interfaces, terminals, and YAML files. Portainer helps people manage containers on their local machines and in cloud environments.

Why Portainer?

Kubernetes and containers have solved a lot of problems. The technology has helped us build portable, immutable cloud-native applications but for many folks, it has introduced a huge barrier to entry like working with terminals, complicated YAML files, API contracts, command-line interfaces, and having to learn commands. Now adopting containers and orchestrators can introduce a steep learning curve and for some people, it can introduce pitfalls. To solve this Portainer comes into the picture.

Portainer Architecture

Blank diagram.png

Now for the architecture, the Portainer server it's our central point of operations.

  • Portainer runs in a container and can run on a virtual machine or in a Kubernetes cluster.
  • For developers, portainer is great because it gives you a UI to manage all your local docker containers, images, volumes, and more so you don't need the command line for operations.
  • You can even use it to manage local or private environments by deploying the Portainer agent.
  • The agent can run on docker machines, Docker swarm clusters, or Kubernetes clusters in local private networks.
  • Portainer can talk to agents using either an ingress service type load balancer or node port.
  • Portainer provides an edge agent so you can manage Docker containers on virtual machines, docker swarm clusters, or Kubernetes clusters.
  • The edge agent allows you to change the direction of communication via a tunnel.

Features of Portainer

Application Deployment

Portainer has its own simplified GUI, which makes it easy for users to get started. For advanced users, Portainer incorporates an API that allows it to connect to CI/CD tools or third-party dashboards/deployment tools.

Platform Management

Portainer's platform management functionality allows engineers to both configure the orchestrator and then set up configuration 'rules' which define what users of the platform can and can't do inside the environment.

Governance and Security

Portainer helps Platform Engineers secure their environments by allowing them to control who can do what, logging who does what, and providing the ability to backup and restore the Portainer configuration database. RBAC and oAuth are cornerstones of the Governance framework.

Observability

To monitor container-based apps properly you need to have direct and deep visibility into the underlying container platform. Containers can crash and be rescheduled in seconds, often meaning failures could go unnoticed by end-users, but this doesn’t mean there isn’t a problem. Through its close integration with the underlying container platforms, Portainer is able to help users not only identify issues in the application deployment but also identify issues in the container platform itself and provide a live visualization of what’s running where and how.

How To Install Portainer?

Portainer consists of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine. You can install Portainer on Linux, Docker Desktop/WSL, or Windows Container Service.

To get started, you will need:

For Linux

  • The latest version of Docker is installed and working.
  • sudo access on the machine that will host your Portainer Server instance.

For Windows

  • The latest version of Docker Desktop is installed and working.
  • Windows Subsystem for Linux (WSL) installed.
  • Administrator access on the machine that will host your Portainer Server instance.

By default, Portainer Server will expose the UI over port 9443 and expose a TCP tunnel server over port 8000. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.

Deployment

First, create the volume that Portainer Server will use to store its database:

docker volume create portainer_data

Then, download and install the Portainer Server container:

docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer

Logging In

Now that the installation is complete, you can log into your Portainer Server instance by opening a web browser and going to:

https://localhost:9000

The default user name is admin as this is the first time you have logged in, you will be asked to create a new password and confirm it.

Untitled.png

On the next screen, select Local and click Connect

Untitled.png

Home

The Home page is the first page you will see after logging into Portainer. This page provides an overview of your environments.

Untitled.png

View the dashboard by clicking on the Local Docker instance, which shows an overview of all the Docker processes running currently.

Untitled.png

Securing Your Portainer

  • Portainer is an exceptionally privileged piece of software. It has near root-level access to container infrastructure. So securing the portainer should be a priority before exposing it to the internet. You can change the password and other settings in the Users tab.

Untitled.png

  • Use a nonstandard complex password. Don't use admin or root for username. Change it to something unique. Avoid using dictionary-based words.
  • Use a secure external authentication mechanism. You can use LDAP, Microsoft active directory, or OAuth.
  • Since mid-2021 portainer added support for HTTPS on port 9443 along with HTTP using port 9000.
  • It is strongly recommended to switch to HTTPS and turn off HTTP. You can go to settings UI and under SSL certificate you can toggle the force HTTPS option.

    Be sure to check that you can access the portainer on HTTPS before turning off HTTP.

  • Consider using VPN to access the portainer. Also, consider network acls on your firewall, whitelist trusted IPs, or geo-block all countries that won't need access.

Deploy Your First Container

Click Add Container in the Containers menu.

Untitled2.png

Now fill the required fields as shown in the picture.

Untitled.png

Name - nginx

Image - nginx:latest

Click on publish a new network port to add a manual port.

Host - 8888

Container - 80

And click Deploy the container.

Leave other options as default. You can change them as your need.

You can see that the container is running successfully.

Untitled.png

You can click on the port under published ports to see the website running.

pxPtxo5jZ.png

containersKubernetes