Portainer
/
portainer-docs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into patch-1

pull/127/head
samdulam 2021-03-26 12:21:56 +13:00 committed by GitHub
parent fb45bb64a3 e220267817
commit baf23d7ff6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
40 changed files with 5383 additions and 5290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
.github/workflows/mkdocs.yml vendored
View File

@ -1,42 +1,42 @@
name: Publish docs via GitHub Pages
on:
push:
branches:
- master
jobs:
deploy:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: '3.8'
- name: Upgrade pip
run: |
# install pip=>20.1 to use "pip cache dir"
python3 -m pip install --upgrade pip
- name: Get pip cache dir
id: pip-cache
run: echo "::set-output name=dir::$(pip cache dir)"
- name: Cache dependencies
uses: actions/cache@v2
with:
path: ${{ steps.pip-cache.outputs.dir }}
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Install dependencies
run: python3 -m pip install mkdocs mkdocs-material fontawesome_markdown mkdocs-redirects
- run: mkdocs build
- name: Deploy
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./site
name: Publish docs via GitHub Pages
on:
push:
branches:
- master
jobs:
deploy:
runs-on: ubuntu-18.04
steps:
- uses: actions/checkout@v2
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: '3.8'
- name: Upgrade pip
run: |
# install pip=>20.1 to use "pip cache dir"
python3 -m pip install --upgrade pip
- name: Get pip cache dir
id: pip-cache
run: echo "::set-output name=dir::$(pip cache dir)"
- name: Cache dependencies
uses: actions/cache@v2
with:
path: ${{ steps.pip-cache.outputs.dir }}
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Install dependencies
run: python3 -m pip install mkdocs mkdocs-material fontawesome_markdown mkdocs-redirects
- run: mkdocs build
- name: Deploy
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./site

26
docs/archive/1.23.2/API.md
View File

@ -1,13 +1,13 @@
API
===
Portainer exposes an HTTP API that you can use to automate everything
you do via the Portainer UI.
Documentation
-------------
The API documentation is available on
[Swaggerhub](https://app.swaggerhub.com/apis/deviantony/Portainer/1.23.2/)
and you can also find some examples
[here](https://gist.github.com/deviantony/77026d402366b4b43fa5918d41bc42f8).
API
===
Portainer exposes an HTTP API that you can use to automate everything
you do via the Portainer UI.
Documentation
-------------
The API documentation is available on
[Swaggerhub](https://app.swaggerhub.com/apis/deviantony/Portainer/1.23.2/)
and you can also find some examples
[here](https://gist.github.com/deviantony/77026d402366b4b43fa5918d41bc42f8).

604
docs/archive/1.23.2/agent.md
View File

@ -1,302 +1,302 @@
Agent
=====
Purpose
-------
The Portainer Agent is a workaround for a Docker API limitation when
using the Docker API to manage a Docker environment. The user
interactions with specific resources (containers, networks, volumes and
images) are limited to those available on the node targeted by the
Docker API request.
Docker Swarm mode introduces a concept which is the clustering of Docker
nodes. It also adds services, tasks, configs and secrets which are
cluster-aware resources. Cluster-aware means that you can query for a
list of services or inspect a task inside any node on the cluster, as
long as youre executing the Docker API request on a manager node.
Containers, networks, volumes and images are node specific resources,
not cluster-aware. When you, for example, want to list all the volumes
available on a node inside your cluster, you will need to send a query
to that specific node.
The purpose of the agent aims to allow previously node specific
resources to be cluster-aware. All while keeping the Docker API request
format. As aforementioned, this means that you only need to execute one
Docker API request to retrieve all these resources from every node
inside the cluster. In all bringing a better Docker user experience when
managing Swarm clusters.
Deployment
----------
Instructions on how to deploy the Agent and how to connect it to
Portainer.
### Deploy it as a stack
Have a look at the deployment documentation Inside a Swarm cluster to
quickly deploy the agent and a Portainer instance inside a Swarm cluster
via `docker stack deploy`.
### Manual deployment
Overall, the setup consists of the following steps:
- Step 1: Create a new overlay network in your Swarm cluster for the
Agent.
- Step 2: Deploy the Agent as a global service in your cluster
(connected to the overlay network).
- Step 3: Connect your Portainer instance to any of the agents by
using the Agent's IP:PORT as an endpoint.
**Note**: This setup assumes that you are executing the following
instructions on a Swarm manager node.
*Step 1*, creating a new overlay network in your Swarm cluster:
$ docker network create --driver overlay --attachable portainer_agent_network
*Step 2*, deploying the Agent as a global service in your cluster:
$ docker service create \
--name portainer_agent \
--network portainer_agent_network \
--mode global \
--constraint 'node.platform.os == linux' \
--mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
--mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes \
portainer/agent
*Step 3*, deploying the Portainer instance as a service:
$ docker service create \
--name portainer \
--network portainer_agent_network \
--publish 9000:9000 \
--publish 8000:8000 \
--replicas=1 \
--constraint 'node.role == manager' \
portainer/portainer -H "tcp://tasks.portainer_agent:9001" --tlsskipverify
*Step 4*, deploying the Agent for all Windows Server nodes
Because of Docker limitation you need to deploy the Agent to all Windows
Server nodes by running following command on each of them.
$ docker run -d --name portainer_agent --restart always --network portainer_agent_network -e AGENT_CLUSTER_ADDR=tasks.portainer_agent --mount type=npipe,source=\\.\pipe\docker_engine,target=\\.\pipe\docker_engine portainer/agent:windows1803-amd64
**Note**: If you're using Windows server 1803, you might need to open up
DNS ports to support the DNS resolution of tasks.portainer\_agent. See:
<https://success.docker.com/article/swarm-internal-dns-is-inaccessible-on-windows-server-1803>
### Connecting an existing Portainer instance to an agent
If you want to connect an existing Portainer instance to an agent, you
can choose the **Agent** environment type when creating a new endpoint.
Ensure when deploying the agent, that you expose the Agent's port inside
your Swarm cluster, and that the mode is set to **host** (default port
is 9001):
$ docker service create \
--name portainer_agent \
--network portainer_agent_network \
--publish mode=host,target=9001,published=9001 \
--mode global \
--mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
--mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes \
portainer/agent
**Note**: Please be aware that this could potentially open up the Agent
for use by anybody in case the Docker host is reachable from the
internet. Publishing the Agent port 9001 in host mode basically means
opening up this port in the Docker hosts firewall for all interfaces.
Therefore it is highly recommended to use the `AGENT_SECRET` environment
variable to define a shared secret, see Shared secret. The Agent
implements the [Trust On First Use
(TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) principle, so
only the first Portainer to connect will be able to use it, but you want
to avoid an attacker beating you to it.
You can then use the address of any node in your cluster (with the agent
port) inside the Agent URL field.
Alternatively, you can deploy the agent using the following stack:
<pre><code>
version: '3.2'
services:
agent:
image: portainer/agent
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
ports:
- target: 9001
published: 9001
protocol: tcp
mode: host
networks:
- portainer_agent
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
networks:
portainer_agent:
driver: overlay
attachable: true
</code></pre>
**Note**: In case you are running only a single Agent cluster in the
same Swarm overlay network as your Portainer instance, you can just omit
publishing the Agent port 9001. Portainer and the Agents will be able to
communicate with each other inside the same overlay network and there is
no need for the Agents to be accessible from the outside.
Configuration
-------------
You can use variant agent configurations to achieve different setups or
enable specific features.
### Shared secret
By default, the agent will register the first Portainer instance that
connects to it and prevent connections from any other instance after
that.
To bypass this security mechanism, Portainer and the agent can be
configured at deployment time to use a shared secret. This configuration
allows multiple Portainer instances to connect to the same agent
endpoint.
The `AGENT_SECRET` environment variable can be used to define the shared
secret.
When deploying the agent as a service:
$ docker service create \
--name portainer_agent \
--network portainer_agent_network \
--publish mode=host,target=9001,published=9001 \
-e AGENT_SECRET=mysecrettoken \
--mode global \
--mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
--mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes \
portainer/agent
Via a stack file:
<pre><code>
version: '3.2'
services:
agent:
image: portainer/agent
environment:
AGENT_SECRET: mysecrettoken
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
ports:
- target: 9001
published: 9001
protocol: tcp
mode: host
networks:
- portainer_agent
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
networks:
portainer_agent:
driver: overlay
attachable: true
</code></pre>
The `AGENT_SECRET` must be specified when deploying Portainer as well:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -e AGENT_SECRET=mysecrettoken -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer
### Enable host management features
The following features are disabled by default for security reasons:
- Ability to manage the filesystem of the host where the agent is
running
- Ability to retrieve hardware information about the host where the
agent is running (PCI devices/disks)
In order to enable these features, the agent must be configured properly
by:
- Enabling the host management features via the `CAP_HOST_MANAGEMENT`
environment variable
- Bind-mounting the root of the host in the agent container (must be
bind-mounted in `/host`)
Example when deploying the agent via a stack file:
<pre><code>
version: '3.2'
services:
agent:
image: portainer/agent
environment:
CAP_HOST_MANAGEMENT: 1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
- /:/host
ports:
- target: 9001
published: 9001
protocol: tcp
mode: host
networks:
- portainer_agent
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
networks:
portainer_agent:
driver: overlay
attachable: true
</code></pre>
### Available options
You can change the configuration of the agent by using environment
variables.
The following environment variables can be tuned:
- AGENT\_PORT: Agent port (default: `9001`)
- LOG\_LEVEL: Agent log level (default: `INFO`)
- AGENT\_CLUSTER\_ADDR: Address used by each agent to form a cluster.
- AGENT\_SECRET: Shared secret used to authorize Portainer instances
to connect to the agent
- CAP\_HOST\_MANAGEMENT: Enable host management features by setting
the value to `1`
Usage
-----
### API
If you want to use the Portainer API to query containers running on a
specific node inside a Swarm cluster and when using the Portainer agent
setup, you can specify the `X-PortainerAgent-Target` header in the HTTP
request to target a specific node in the cluster. The value must be set
to the name of a specific node that can be retrieved via the `NodeName`
property when querying cluster resources (containers, volumes...).
Agent
=====
Purpose
-------
The Portainer Agent is a workaround for a Docker API limitation when
using the Docker API to manage a Docker environment. The user
interactions with specific resources (containers, networks, volumes and
images) are limited to those available on the node targeted by the
Docker API request.
Docker Swarm mode introduces a concept which is the clustering of Docker
nodes. It also adds services, tasks, configs and secrets which are
cluster-aware resources. Cluster-aware means that you can query for a
list of services or inspect a task inside any node on the cluster, as
long as youre executing the Docker API request on a manager node.
Containers, networks, volumes and images are node specific resources,
not cluster-aware. When you, for example, want to list all the volumes
available on a node inside your cluster, you will need to send a query
to that specific node.
The purpose of the agent aims to allow previously node specific
resources to be cluster-aware. All while keeping the Docker API request
format. As aforementioned, this means that you only need to execute one
Docker API request to retrieve all these resources from every node
inside the cluster. In all bringing a better Docker user experience when
managing Swarm clusters.
Deployment
----------
Instructions on how to deploy the Agent and how to connect it to
Portainer.
### Deploy it as a stack
Have a look at the deployment documentation Inside a Swarm cluster to
quickly deploy the agent and a Portainer instance inside a Swarm cluster
via `docker stack deploy`.
### Manual deployment
Overall, the setup consists of the following steps:
- Step 1: Create a new overlay network in your Swarm cluster for the
Agent.
- Step 2: Deploy the Agent as a global service in your cluster
(connected to the overlay network).
- Step 3: Connect your Portainer instance to any of the agents by
using the Agent's IP:PORT as an endpoint.
**Note**: This setup assumes that you are executing the following
instructions on a Swarm manager node.
*Step 1*, creating a new overlay network in your Swarm cluster:
$ docker network create --driver overlay --attachable portainer_agent_network
*Step 2*, deploying the Agent as a global service in your cluster:
$ docker service create \
--name portainer_agent \
--network portainer_agent_network \
--mode global \
--constraint 'node.platform.os == linux' \
--mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
--mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes \
portainer/agent
*Step 3*, deploying the Portainer instance as a service:
$ docker service create \
--name portainer \
--network portainer_agent_network \
--publish 9000:9000 \
--publish 8000:8000 \
--replicas=1 \
--constraint 'node.role == manager' \
portainer/portainer -H "tcp://tasks.portainer_agent:9001" --tlsskipverify
*Step 4*, deploying the Agent for all Windows Server nodes
Because of Docker limitation you need to deploy the Agent to all Windows
Server nodes by running following command on each of them.
$ docker run -d --name portainer_agent --restart always --network portainer_agent_network -e AGENT_CLUSTER_ADDR=tasks.portainer_agent --mount type=npipe,source=\\.\pipe\docker_engine,target=\\.\pipe\docker_engine portainer/agent:windows1803-amd64
**Note**: If you're using Windows server 1803, you might need to open up
DNS ports to support the DNS resolution of tasks.portainer\_agent. See:
<https://success.docker.com/article/swarm-internal-dns-is-inaccessible-on-windows-server-1803>
### Connecting an existing Portainer instance to an agent
If you want to connect an existing Portainer instance to an agent, you
can choose the **Agent** environment type when creating a new endpoint.
Ensure when deploying the agent, that you expose the Agent's port inside
your Swarm cluster, and that the mode is set to **host** (default port
is 9001):
$ docker service create \
--name portainer_agent \
--network portainer_agent_network \
--publish mode=host,target=9001,published=9001 \
--mode global \
--mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
--mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes \
portainer/agent
**Note**: Please be aware that this could potentially open up the Agent
for use by anybody in case the Docker host is reachable from the
internet. Publishing the Agent port 9001 in host mode basically means
opening up this port in the Docker hosts firewall for all interfaces.
Therefore it is highly recommended to use the `AGENT_SECRET` environment
variable to define a shared secret, see Shared secret. The Agent
implements the [Trust On First Use
(TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) principle, so
only the first Portainer to connect will be able to use it, but you want
to avoid an attacker beating you to it.
You can then use the address of any node in your cluster (with the agent
port) inside the Agent URL field.
Alternatively, you can deploy the agent using the following stack:
<pre><code>
version: '3.2'
services:
agent:
image: portainer/agent
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
ports:
- target: 9001
published: 9001
protocol: tcp
mode: host
networks:
- portainer_agent
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
networks:
portainer_agent:
driver: overlay
attachable: true
</code></pre>
**Note**: In case you are running only a single Agent cluster in the
same Swarm overlay network as your Portainer instance, you can just omit
publishing the Agent port 9001. Portainer and the Agents will be able to
communicate with each other inside the same overlay network and there is
no need for the Agents to be accessible from the outside.
Configuration
-------------
You can use variant agent configurations to achieve different setups or
enable specific features.
### Shared secret
By default, the agent will register the first Portainer instance that
connects to it and prevent connections from any other instance after
that.
To bypass this security mechanism, Portainer and the agent can be
configured at deployment time to use a shared secret. This configuration
allows multiple Portainer instances to connect to the same agent
endpoint.
The `AGENT_SECRET` environment variable can be used to define the shared
secret.
When deploying the agent as a service:
$ docker service create \
--name portainer_agent \
--network portainer_agent_network \
--publish mode=host,target=9001,published=9001 \
-e AGENT_SECRET=mysecrettoken \
--mode global \
--mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \
--mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes \
portainer/agent
Via a stack file:
<pre><code>
version: '3.2'
services:
agent:
image: portainer/agent
environment:
AGENT_SECRET: mysecrettoken
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
ports:
- target: 9001
published: 9001
protocol: tcp
mode: host
networks:
- portainer_agent
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
networks:
portainer_agent:
driver: overlay
attachable: true
</code></pre>
The `AGENT_SECRET` must be specified when deploying Portainer as well:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -e AGENT_SECRET=mysecrettoken -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer
### Enable host management features
The following features are disabled by default for security reasons:
- Ability to manage the filesystem of the host where the agent is
running
- Ability to retrieve hardware information about the host where the
agent is running (PCI devices/disks)
In order to enable these features, the agent must be configured properly
by:
- Enabling the host management features via the `CAP_HOST_MANAGEMENT`
environment variable
- Bind-mounting the root of the host in the agent container (must be
bind-mounted in `/host`)
Example when deploying the agent via a stack file:
<pre><code>
version: '3.2'
services:
agent:
image: portainer/agent
environment:
CAP_HOST_MANAGEMENT: 1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
- /:/host
ports:
- target: 9001
published: 9001
protocol: tcp
mode: host
networks:
- portainer_agent
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
networks:
portainer_agent:
driver: overlay
attachable: true
</code></pre>
### Available options
You can change the configuration of the agent by using environment
variables.
The following environment variables can be tuned:
- AGENT\_PORT: Agent port (default: `9001`)
- LOG\_LEVEL: Agent log level (default: `INFO`)
- AGENT\_CLUSTER\_ADDR: Address used by each agent to form a cluster.
- AGENT\_SECRET: Shared secret used to authorize Portainer instances
to connect to the agent
- CAP\_HOST\_MANAGEMENT: Enable host management features by setting
the value to `1`
Usage
-----
### API
If you want to use the Portainer API to query containers running on a
specific node inside a Swarm cluster and when using the Portainer agent
setup, you can specify the `X-PortainerAgent-Target` header in the HTTP
request to target a specific node in the cluster. The value must be set
to the name of a specific node that can be retrieved via the `NodeName`
property when querying cluster resources (containers, volumes...).

416
docs/archive/1.23.2/configuration.md
View File

@ -1,208 +1,208 @@
Configuration
=============
Portainer can be easily tuned using CLI flags.
Admin password
--------------
### `From the command line`
Portainer allows you to specify a bcrypt encrypted password from the
command line for the admin account. You need to generate the bcrypt
encrypted password first.
You can generate the encrypted password with the following command:
<pre><code>$ htpasswd -nb -B admin <password> | cut -d ":" -f 2</code></pre>
or if your system does not provide htpasswd you can use a docker
container with the command:
<pre><code>$ docker run --rm httpd:2.4-alpine htpasswd -nbB admin "password" | cut -d ":" -f 2</code></pre>
To specify the admin password from the command line, start Portainer with the <code>--admin-password</code> flag:
<pre><code>$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --admin-password='$2y$05$qFHAlNAH0A.6oCDe1/4W.ueCWC/iTfBMXIHBI97QYfMWlMCJ7N.a6'</code></pre>
### `Inside a file`
You can also store the plaintext password inside a file and use the <code>--admin-password-file</code> flag:
<pre><code>$ echo -n mypassword > /tmp/portainer_password</code></pre>
<pre><code>$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/portainer_password:/tmp/portainer_password portainer/portainer --admin-password-file /tmp/portainer_password</code></pre>
This works well with Swarm & Docker secrets too:
<pre><code>$ echo -n mypassword | docker secret create portainer-pass -</code></pre>
<pre><code>$ docker service create \
--name portainer \
--secret portainer-pass \
--publish 9000:9000 \
--publish 8000:8000 \
--replicas=1 \
--constraint 'node.role == manager' \
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
portainer/portainer \
--admin-password-file '/run/secrets/portainer-pass' \
-H unix:///var/run/docker.sock</code></pre>
<b>Note</b>: This will automatically create an administrator account called **admin** with the specified password.
Hiding specific containers
--------------------------
Portainer allows you to hide containers with a specific label by using the <code>-l</code> flag.
For example, take a container started with the label *owner=acme* (note
that this is an example label, you can define your own labels):
<pre><code>
$ docker run -d --label owner=acme nginx
</code></pre>
To hide this container, simply add the `-l owner=acme` option on the CLI
when starting Portainer:
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer -l owner=acme
</code></pre>
Note that the `-l` flag can be repeated multiple times to specify
multiple labels:
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer -l owner=acme -l service=secret
</code></pre>
Use your own logo
-----------------
You do not like our logo? Want to make Portainer more corporate? Don't
worry, you can easily switch for an external logo (it must be exactly
155px by 55px) using the `--logo` flag:
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --logo "https://www.docker.com/sites/all/themes/docker/assets/images/brand-full.svg"
</code></pre>
Use your own templates
----------------------
Portainer allows you to rapidly deploy containers using App Templates.
By default [Portainer
templates](https://raw.githubusercontent.com/portainer/portainer/master/templates.json)
will be used but you can also define your own templates.
Note: at the moment, templates are only loaded once at first Portainer
startup. If you already deployed a Portainer instance and want to use
your own templates after this, you'll need to clear any existing
templates (default templates) via the HTTP API.
There are two ways to specify your own templates:
### Bind-mount your own templates
Using the --template-file flag you can specify the path to your own
template file on the file-system. By default, it points to
/templates.json on both Linux and Windows hosts.
For example, you can mount your own template file inside the container:
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/my/templates.json:/templates.json portainer/portainer
</code></pre>
Or using the --template-file to specify a specific path to the templates
file:
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/template/folder:/templates portainer/portainer --template-file /templates/templates.json
</code></pre>
### Host your template file
Using the --templates flag you can specify an URL where the template
file can be accessed via HTTP.
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --templates http://my-host.my-domain/templates.json
</code></pre>
For more information about hosting your own template definitions see
Templates \<templates\>
Use an external endpoint source
-------------------------------
Portainer gives you the option to define all the endpoints available in
the UI from a JSON file.
You just need to start Portainer with the `--external-endpoints` flag
and specify the path to the JSON file in the container.
Note: when using the external endpoint management, endpoint management
will be disabled in the UI.
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /tmp/endpoints:/endpoints portainer/portainer --external-endpoints /endpoints/endpoints.json
</code></pre>
For more information about the endpoint definition format see
External endpoints \<external\_endpoints\>
Available flags
---------------
The following CLI flags are available:
- `--admin-password`: Specify a bcrypt hashed password for the admin
user
- `--admin-password-file`: Path to the file containing the password
for the admin user
- `--bind`, `-p`: Address and port to serve Portainer (default:
`:9000`)
- `--data`, `-d`: Directory where Portainer data will be stored
(default: `/data` on Linux, `C:\data` on Windows)
- `--external-endpoints`: Enable external endpoint management by
specifying the path to a JSON endpoint source in a file
- `--hide-label`, `-l`: Hide containers with a specific label in the
UI
- `--host`, `-H`: Docker daemon endpoint
- `--logo`: URL to a picture to be displayed as a logo in the UI, use
Portainer logo if not specified
- `--no-analytics`: Disable analytics (default: `false`)
- `--no-snapshot`: Disable periodic endpoint snapshot (default:
`false`)
- `--snapshot-interval`: Time interval between two endpoint snapshot
jobs expressed as a string, e.g. `30s`, `5m`, `1h`... as supported
by the [time.ParseDuration
method](https://golang.org/pkg/time/#ParseDuration) (default: `5m`)
- `--ssl`: Secure Portainer instance using SSL (default: `false`)
- `--sslcert`: Path to the SSL certificate used to secure the
Portainer instance (default: `/certs/portainer.crt`,
`C:\certs\portainer.crt` on Windows)
- `--sslkey`: Path to the SSL key used to secure the Portainer
instance (default: `/certs/portainer.key`, `C:\certs\portainer.key`
on Windows)
- `--sync-interval`: Time interval between two endpoint
synchronization requests expressed as a string, e.g. `30s`, `5m`,
`1h`... as supported by the [time.ParseDuration
method](https://golang.org/pkg/time/#ParseDuration) (default: `60s`)
- `--templates`, `-t`: URL to templates (apps) definitions
- `--template-file`: Path on disk to templates (apps) definitions
(default: `/templates.json`)
- `--tlscacert`: Path to the CA (default: `/certs/ca.pem` on Linux,
`C:\certs\ca.pem` on Windows)
- `--tlscert`: Path to the TLS certificate file (default:
`/certs/cert.pem`, `C:\certs\cert.pem` on Windows)
- `--tlskey`: Path to the TLS key (default: `/certs/key.pem`,
`C:\certs\key.pem` on Windows)
- `--tlsverify`: TLS support (default: `false`)
- `--tunnel-port`: Specify an alternate tunnel port to use with the
Edge agent. Use `--tunnel-port 8001` with `-p 8001:8001` to make the
Edge agent communicate on port 8001
Configuration
=============
Portainer can be easily tuned using CLI flags.
Admin password
--------------
### `From the command line`
Portainer allows you to specify a bcrypt encrypted password from the
command line for the admin account. You need to generate the bcrypt
encrypted password first.
You can generate the encrypted password with the following command:
<pre><code>$ htpasswd -nb -B admin <password> | cut -d ":" -f 2</code></pre>
or if your system does not provide htpasswd you can use a docker
container with the command:
<pre><code>$ docker run --rm httpd:2.4-alpine htpasswd -nbB admin "password" | cut -d ":" -f 2</code></pre>
To specify the admin password from the command line, start Portainer with the <code>--admin-password</code> flag:
<pre><code>$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --admin-password='$2y$05$qFHAlNAH0A.6oCDe1/4W.ueCWC/iTfBMXIHBI97QYfMWlMCJ7N.a6'</code></pre>
### `Inside a file`
You can also store the plaintext password inside a file and use the <code>--admin-password-file</code> flag:
<pre><code>$ echo -n mypassword > /tmp/portainer_password</code></pre>
<pre><code>$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/portainer_password:/tmp/portainer_password portainer/portainer --admin-password-file /tmp/portainer_password</code></pre>
This works well with Swarm & Docker secrets too:
<pre><code>$ echo -n mypassword | docker secret create portainer-pass -</code></pre>
<pre><code>$ docker service create \
--name portainer \
--secret portainer-pass \
--publish 9000:9000 \
--publish 8000:8000 \
--replicas=1 \
--constraint 'node.role == manager' \
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
portainer/portainer \
--admin-password-file '/run/secrets/portainer-pass' \
-H unix:///var/run/docker.sock</code></pre>
<b>Note</b>: This will automatically create an administrator account called **admin** with the specified password.
Hiding specific containers
--------------------------
Portainer allows you to hide containers with a specific label by using the <code>-l</code> flag.
For example, take a container started with the label *owner=acme* (note
that this is an example label, you can define your own labels):
<pre><code>
$ docker run -d --label owner=acme nginx
</code></pre>
To hide this container, simply add the `-l owner=acme` option on the CLI
when starting Portainer:
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer -l owner=acme
</code></pre>
Note that the `-l` flag can be repeated multiple times to specify
multiple labels:
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer -l owner=acme -l service=secret
</code></pre>
Use your own logo
-----------------
You do not like our logo? Want to make Portainer more corporate? Don't
worry, you can easily switch for an external logo (it must be exactly
155px by 55px) using the `--logo` flag:
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --logo "https://www.docker.com/sites/all/themes/docker/assets/images/brand-full.svg"
</code></pre>
Use your own templates
----------------------
Portainer allows you to rapidly deploy containers using App Templates.
By default [Portainer
templates](https://raw.githubusercontent.com/portainer/portainer/master/templates.json)
will be used but you can also define your own templates.
Note: at the moment, templates are only loaded once at first Portainer
startup. If you already deployed a Portainer instance and want to use
your own templates after this, you'll need to clear any existing
templates (default templates) via the HTTP API.
There are two ways to specify your own templates:
### Bind-mount your own templates
Using the --template-file flag you can specify the path to your own
template file on the file-system. By default, it points to
/templates.json on both Linux and Windows hosts.
For example, you can mount your own template file inside the container:
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/my/templates.json:/templates.json portainer/portainer
</code></pre>
Or using the --template-file to specify a specific path to the templates
file:
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /path/to/template/folder:/templates portainer/portainer --template-file /templates/templates.json
</code></pre>
### Host your template file
Using the --templates flag you can specify an URL where the template
file can be accessed via HTTP.
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --templates http://my-host.my-domain/templates.json
</code></pre>
For more information about hosting your own template definitions see
Templates \<templates\>
Use an external endpoint source
-------------------------------
Portainer gives you the option to define all the endpoints available in
the UI from a JSON file.
You just need to start Portainer with the `--external-endpoints` flag
and specify the path to the JSON file in the container.
Note: when using the external endpoint management, endpoint management
will be disabled in the UI.
<pre><code>
$ docker run -d -p 9000:9000 -p 8000:8000 -v /tmp/endpoints:/endpoints portainer/portainer --external-endpoints /endpoints/endpoints.json
</code></pre>
For more information about the endpoint definition format see
External endpoints \<external\_endpoints\>
Available flags
---------------
The following CLI flags are available:
- `--admin-password`: Specify a bcrypt hashed password for the admin
user
- `--admin-password-file`: Path to the file containing the password
for the admin user
- `--bind`, `-p`: Address and port to serve Portainer (default:
`:9000`)
- `--data`, `-d`: Directory where Portainer data will be stored
(default: `/data` on Linux, `C:\data` on Windows)
- `--external-endpoints`: Enable external endpoint management by
specifying the path to a JSON endpoint source in a file
- `--hide-label`, `-l`: Hide containers with a specific label in the
UI
- `--host`, `-H`: Docker daemon endpoint
- `--logo`: URL to a picture to be displayed as a logo in the UI, use
Portainer logo if not specified
- `--no-analytics`: Disable analytics (default: `false`)
- `--no-snapshot`: Disable periodic endpoint snapshot (default:
`false`)
- `--snapshot-interval`: Time interval between two endpoint snapshot
jobs expressed as a string, e.g. `30s`, `5m`, `1h`... as supported
by the [time.ParseDuration
method](https://golang.org/pkg/time/#ParseDuration) (default: `5m`)
- `--ssl`: Secure Portainer instance using SSL (default: `false`)
- `--sslcert`: Path to the SSL certificate used to secure the
Portainer instance (default: `/certs/portainer.crt`,
`C:\certs\portainer.crt` on Windows)
- `--sslkey`: Path to the SSL key used to secure the Portainer
instance (default: `/certs/portainer.key`, `C:\certs\portainer.key`
on Windows)
- `--sync-interval`: Time interval between two endpoint
synchronization requests expressed as a string, e.g. `30s`, `5m`,
`1h`... as supported by the [time.ParseDuration
method](https://golang.org/pkg/time/#ParseDuration) (default: `60s`)
- `--templates`, `-t`: URL to templates (apps) definitions
- `--template-file`: Path on disk to templates (apps) definitions
(default: `/templates.json`)
- `--tlscacert`: Path to the CA (default: `/certs/ca.pem` on Linux,
`C:\certs\ca.pem` on Windows)
- `--tlscert`: Path to the TLS certificate file (default:
`/certs/cert.pem`, `C:\certs\cert.pem` on Windows)
- `--tlskey`: Path to the TLS key (default: `/certs/key.pem`,
`C:\certs\key.pem` on Windows)
- `--tlsverify`: TLS support (default: `false`)
- `--tunnel-port`: Specify an alternate tunnel port to use with the
Edge agent. Use `--tunnel-port 8001` with `-p 8001:8001` to make the
Edge agent communicate on port 8001

142
docs/archive/1.23.2/contribute.md
View File

@ -1,71 +1,71 @@
Contribute
==========
Use the following instructions and guidelines to contribute to the
Portainer project.
Build Portainer locally
-----------------------
### Requirements
Ensure you have [Docker](https://docs.docker.com/engine/installation/),
[Node.js](https://nodejs.org/en/) \>= 6, [yarn](https://yarnpkg.com) and
[Golang (\>= 1.11)](https://golang.org/) installed on your system.
### Build
Checkout the project, set up the project inside your `$GOPATH` and go
inside the root directory:
``` {.sourceCode .bash}
$ git clone https://github.com/portainer/portainer.git
$ mkdir -p ${GOPATH}/src/github.com/portainer
$ ln -s ${PWD}/portainer ${GOPATH}/src/github.com/portainer/portainer
$ cd portainer
```
Install dependencies with yarn:
``` {.sourceCode .bash}
$ yarn
```
Build and run the project:
``` {.sourceCode .bash}
$ yarn start
```
Access Portainer at [<http://localhost:9000>](http://localhost:9000)
> **tip**
>
> The frontend application will be updated when you save your changes to
> any of the sources (app/\*\*/\*.js, assets/css/app.css or index.html).
> Just refresh the browser.
Contribution guidelines
-----------------------
Please follow the contribution guidelines on [the
repository](https://github.com/portainer/portainer/blob/develop/CONTRIBUTING.md).
Contributing to the documentation
---------------------------------
Checkout the project and go inside the root directory:
``` {.sourceCode .bash}
$ git clone https://github.com/portainer/portainer-docs.git
$ cd portainer-docs
```
Update the documentation and trigger a local build:
``` {.sourceCode .bash}
$ docker run --rm -v ${PWD}/docs:/src portainer/docbuilder:latest make html
```
This will create a local folder docs/build/html where you will find the
generated static files for the documentation.
Contribute
==========
Use the following instructions and guidelines to contribute to the
Portainer project.
Build Portainer locally
-----------------------
### Requirements
Ensure you have [Docker](https://docs.docker.com/engine/installation/),
[Node.js](https://nodejs.org/en/) \>= 6, [yarn](https://yarnpkg.com) and
[Golang (\>= 1.11)](https://golang.org/) installed on your system.
### Build
Checkout the project, set up the project inside your `$GOPATH` and go
inside the root directory:
``` {.sourceCode .bash}
$ git clone https://github.com/portainer/portainer.git
$ mkdir -p ${GOPATH}/src/github.com/portainer
$ ln -s ${PWD}/portainer ${GOPATH}/src/github.com/portainer/portainer
$ cd portainer
```
Install dependencies with yarn:
``` {.sourceCode .bash}
$ yarn
```
Build and run the project:
``` {.sourceCode .bash}
$ yarn start
```
Access Portainer at [<http://localhost:9000>](http://localhost:9000)
> **tip**
>
> The frontend application will be updated when you save your changes to
> any of the sources (app/\*\*/\*.js, assets/css/app.css or index.html).
> Just refresh the browser.
Contribution guidelines
-----------------------
Please follow the contribution guidelines on [the
repository](https://github.com/portainer/portainer/blob/develop/CONTRIBUTING.md).
Contributing to the documentation
---------------------------------
Checkout the project and go inside the root directory:
``` {.sourceCode .bash}
$ git clone https://github.com/portainer/portainer-docs.git
$ cd portainer-docs
```
Update the documentation and trigger a local build:
``` {.sourceCode .bash}
$ docker run --rm -v ${PWD}/docs:/src portainer/docbuilder:latest make html
```
This will create a local folder docs/build/html where you will find the
generated static files for the documentation.

456
docs/archive/1.23.2/deployment.md
View File

@ -1,228 +1,228 @@
Deployment
==========
Portainer is built to run on Docker and is really simple to deploy.
Portainer deployment scenarios can be executed on any platform unless
specified.
Quick start
-----------
If you are running Linux, deploying Portainer is as simple as:
$ docker volume create portainer_data
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer
Voilà, you can now use Portainer by accessing the port 9000 on the
server where Portainer is running.
Inside a Swarm cluster
----------------------
Before deploying Portainer inside your Swarm cluster, you should ensure
that Docker and your Swarm are configured correctly. You can refer to
the Troubleshooting section to ensure you have correctly configured your
environment.
Following the above, you are ready to deploy Portainer inside a Swarm
cluster using our recommended agent-enabled deployment. **Note**: This
setup will assume that you're executing the following instructions on a
Swarm manager node.
$ curl -L https://downloads.portainer.io/portainer-agent-stack.yml -o portainer-agent-stack.yml
$ docker stack deploy --compose-file=portainer-agent-stack.yml portainer
Have a look at the Agent section to find more details on how to connect
an existing Portainer instance to a manually deployed Portainer agent.
Persist Portainer data
----------------------
By default, Portainer store its data inside the container in the `/data`
folder on Linux (`C:\\data` on Windows).
You'll need to persist Portainer data to keep your changes after
restart/upgrade of the Portainer container. You can use a bind mount on
Linux to persist the data on the Docker host folder:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v /path/on/host/data:/data portainer/portainer
### Windows
Docker for Windows 10 supports running both Linux and Windows containers
and you need to use a different start command depending on which
container type you are using. Windows Server supports only native
Windows containers.
**Note:** You must create the folder in which you want the data to be
persisted before running the following command. For example, if you want
the data to persist in C:ProgramDataPortainer you need to create the
Portainer directory within C:ProgramData as it does not exist by
default.
Example for Linux containers:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v C:\ProgramData\Portainer:/data portainer/portainer
Example for native Windows containers:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine -v C:\ProgramData\Portainer:C:\data portainer/portainer
### Docker Swarm service
If you deployed Portainer as a Docker Swarm service:
$ docker service create \
--name portainer \
--publish 9000:9000 \
--publish 8000:8000 \
--replicas=1 \
--constraint 'node.role == manager' \
--mount type=bind,src=//path/on/host/data,dst=/data \
portainer/portainer
**Note**: The Swarm service example will persist Portainer data in
`/path/on/host/data` for each host in the cluster. If the container is
re-scheduled on another node, existing Portainer data might not be
available. Persisting data across all nodes of a Swarm cluster is
outside the scope of this documentation.
Advanced deployment
-------------------
Advanced Portainer deployment scenarios.
### Declaring the Docker environment to manage upon deployment
You can specify the initial environment you want Portainer to manage via
the CLI, use the `-H` flag and the `tcp://` protocol to connect to a
remote Docker environment:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v portainer_data:/data portainer/portainer -H tcp://<REMOTE_HOST>:<REMOTE_PORT>
Ensure you replace `REMOTE_HOST` and `REMOTE_PORT` with the address/port
of the Docker server you want to manage.
You can also bind mount the Docker socket to manage a local Docker
environment (**only possible on environments where the Unix socket is
available**):
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer -H unix:///var/run/docker.sock
If your Docker environment is protected using TLS, you'll need to ensure
that you have access to CA, the certificate and the public key used to
access your Docker engine.
You can upload the required files via the Portainer UI or use the
`--tlsverify` flag on the CLI.
Portainer will try to use the following paths to the files specified
previously (on Linux, see the configuration section for details about
Windows):
- CA: `/certs/ca.pem`
- certificate: `/certs/cert.pem`
- public key: `/certs/key.pem`
You must ensure these files are present in the container using a bind
mount:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /path/to/certs:/certs -v portainer_data:/data portainer/portainer -H tcp://<DOCKER_HOST>:<DOCKER_PORT> --tlsverify
You can also use the `--tlscacert`, `--tlscert` and `--tlskey` flags if
you want to change the default path to the CA, certificate and key file
respectively:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer -v /path/to/certs:/certs portainer/portainer -H tcp://<DOCKER_HOST>:<DOCKER_PORT> --tlsverify --tlscacert /certs/myCa.pem --tlscert /certs/myCert.pem --tlskey /certs/myKey.pem
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /path/to/certs:/certs -v portainer_data:/data portainer/portainer -H tcp://<DOCKER_HOST>:<DOCKER_PORT> --tlsverify --tlscacert /certs/myCa.pem --tlscert /certs/myCert.pem --tlskey /certs/myKey.pem
### Secure Portainer using SSL
By default, Portainer's web interface and API is exposed over HTTP. This
is not secured, it's recommended to enable SSL in a production
environment.
To do so, you can use the following flags `--ssl`, `--sslcert` and
`--sslkey`:
$ docker run -d -p 443:9000 -p 8000:8000 --name portainer --restart always -v ~/local-certs:/certs -v portainer_data:/data portainer/portainer --ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key
You can use the following commands to generate the required files:
$ openssl genrsa -out portainer.key 2048
$ openssl ecparam -genkey -name secp384r1 -out portainer.key
$ openssl req -new -x509 -sha256 -key portainer.key -out portainer.crt -days 3650
Note that [Certbot](https://certbot.eff.org/) could be used as well to
generate a certificate and a key. However, because Docker has issues
with [symlinks](https://github.com/portainer/portainer/issues/2302), if
you use Certbot, you will need to pass both the "live" and "archive"
directories as volumes (shown below).
docker run -d -p 9000:9000 -p 8000:8000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /root/portainer/data:/data \
-v /etc/letsencrypt/live/<redacted>:/certs/live/<redacted>:ro \
-v /etc/letsencrypt/archive/<redacted>:/certs/archive/<redacted>:ro \
--name portainer \
portainer/portainer:1.13.4 --ssl --sslcert /certs/live/<redacted>/cert.pem --sslkey /certs/live/<redacted>/privkey.pem
### Deploy Portainer via docker-compose
You can use [docker-compose](https://docs.docker.com/compose/) to deploy
Portainer.
Here is an example compose file:
<pre><code>
version: '2'
services:
portainer:
image: portainer/portainer
command: -H unix:///var/run/docker.sock
restart: always
ports:
- 9000:9000
- 8000:8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
volumes:
portainer_data:
</code></pre>
[Click here](https://downloads.portainer.io/docker-compose.yml) to
download the Compose file.
### Deploy Portainer without Docker
Portainer binaries are available on each release page: [Portainer
releases](https://github.com/portainer/portainer/releases)
Download and extract the binary to a location on disk:
$ cd /opt
$ wget https://github.com/portainer/portainer/releases/download/1.23.2/portainer-1.23.2-linux-amd64.tar.gz
$ tar xvpfz portainer-1.23.2-linux-amd64.tar.gz
Then just use the portainer binary as you would use CLI flags with
Docker.
**Note**: Portainer will try to write its data into the /data folder by
default. You must ensure this folder exists first (or change the path it
will use via the `--data`, see below).
$ mkdir /data
$ cd /opt/portainer
$ ./portainer --template-file "${PWD}/templates.json"
You can use the `-p` flag to serve Portainer on another port:
$ ./portainer -p :8080
You can change the folder used by Portainer to store its data with the
`--data` flag:
$ ./portainer --data /opt/portainer-data
Deployment
==========
Portainer is built to run on Docker and is really simple to deploy.
Portainer deployment scenarios can be executed on any platform unless
specified.
Quick start
-----------
If you are running Linux, deploying Portainer is as simple as:
$ docker volume create portainer_data
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer
Voilà, you can now use Portainer by accessing the port 9000 on the
server where Portainer is running.
Inside a Swarm cluster
----------------------
Before deploying Portainer inside your Swarm cluster, you should ensure
that Docker and your Swarm are configured correctly. You can refer to
the Troubleshooting section to ensure you have correctly configured your
environment.
Following the above, you are ready to deploy Portainer inside a Swarm
cluster using our recommended agent-enabled deployment. **Note**: This
setup will assume that you're executing the following instructions on a
Swarm manager node.
$ curl -L https://downloads.portainer.io/portainer-agent-stack.yml -o portainer-agent-stack.yml
$ docker stack deploy --compose-file=portainer-agent-stack.yml portainer
Have a look at the Agent section to find more details on how to connect
an existing Portainer instance to a manually deployed Portainer agent.
Persist Portainer data
----------------------
By default, Portainer store its data inside the container in the `/data`
folder on Linux (`C:\\data` on Windows).
You'll need to persist Portainer data to keep your changes after
restart/upgrade of the Portainer container. You can use a bind mount on
Linux to persist the data on the Docker host folder:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v /path/on/host/data:/data portainer/portainer
### Windows
Docker for Windows 10 supports running both Linux and Windows containers
and you need to use a different start command depending on which
container type you are using. Windows Server supports only native
Windows containers.
**Note:** You must create the folder in which you want the data to be
persisted before running the following command. For example, if you want
the data to persist in C:ProgramDataPortainer you need to create the
Portainer directory within C:ProgramData as it does not exist by
default.
Example for Linux containers:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v C:\ProgramData\Portainer:/data portainer/portainer
Example for native Windows containers:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine -v C:\ProgramData\Portainer:C:\data portainer/portainer
### Docker Swarm service
If you deployed Portainer as a Docker Swarm service:
$ docker service create \
--name portainer \
--publish 9000:9000 \
--publish 8000:8000 \
--replicas=1 \
--constraint 'node.role == manager' \
--mount type=bind,src=//path/on/host/data,dst=/data \
portainer/portainer
**Note**: The Swarm service example will persist Portainer data in
`/path/on/host/data` for each host in the cluster. If the container is
re-scheduled on another node, existing Portainer data might not be
available. Persisting data across all nodes of a Swarm cluster is
outside the scope of this documentation.
Advanced deployment
-------------------
Advanced Portainer deployment scenarios.
### Declaring the Docker environment to manage upon deployment
You can specify the initial environment you want Portainer to manage via
the CLI, use the `-H` flag and the `tcp://` protocol to connect to a
remote Docker environment:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v portainer_data:/data portainer/portainer -H tcp://<REMOTE_HOST>:<REMOTE_PORT>
Ensure you replace `REMOTE_HOST` and `REMOTE_PORT` with the address/port
of the Docker server you want to manage.
You can also bind mount the Docker socket to manage a local Docker
environment (**only possible on environments where the Unix socket is
available**):
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer -H unix:///var/run/docker.sock
If your Docker environment is protected using TLS, you'll need to ensure
that you have access to CA, the certificate and the public key used to
access your Docker engine.
You can upload the required files via the Portainer UI or use the
`--tlsverify` flag on the CLI.
Portainer will try to use the following paths to the files specified
previously (on Linux, see the configuration section for details about
Windows):
- CA: `/certs/ca.pem`
- certificate: `/certs/cert.pem`
- public key: `/certs/key.pem`
You must ensure these files are present in the container using a bind
mount:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /path/to/certs:/certs -v portainer_data:/data portainer/portainer -H tcp://<DOCKER_HOST>:<DOCKER_PORT> --tlsverify
You can also use the `--tlscacert`, `--tlscert` and `--tlskey` flags if
you want to change the default path to the CA, certificate and key file
respectively:
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer -v /path/to/certs:/certs portainer/portainer -H tcp://<DOCKER_HOST>:<DOCKER_PORT> --tlsverify --tlscacert /certs/myCa.pem --tlscert /certs/myCert.pem --tlskey /certs/myKey.pem
$ docker run -d -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /path/to/certs:/certs -v portainer_data:/data portainer/portainer -H tcp://<DOCKER_HOST>:<DOCKER_PORT> --tlsverify --tlscacert /certs/myCa.pem --tlscert /certs/myCert.pem --tlskey /certs/myKey.pem
### Secure Portainer using SSL
By default, Portainer's web interface and API is exposed over HTTP. This
is not secured, it's recommended to enable SSL in a production
environment.
To do so, you can use the following flags `--ssl`, `--sslcert` and
`--sslkey`:
$ docker run -d -p 443:9000 -p 8000:8000 --name portainer --restart always -v ~/local-certs:/certs -v portainer_data:/data portainer/portainer --ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key
You can use the following commands to generate the required files:
$ openssl genrsa -out portainer.key 2048
$ openssl ecparam -genkey -name secp384r1 -out portainer.key
$ openssl req -new -x509 -sha256 -key portainer.key -out portainer.crt -days 3650
Note that [Certbot](https://certbot.eff.org/) could be used as well to
generate a certificate and a key. However, because Docker has issues
with [symlinks](https://github.com/portainer/portainer/issues/2302), if
you use Certbot, you will need to pass both the "live" and "archive"
directories as volumes (shown below).
docker run -d -p 9000:9000 -p 8000:8000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /root/portainer/data:/data \
-v /etc/letsencrypt/live/<redacted>:/certs/live/<redacted>:ro \
-v /etc/letsencrypt/archive/<redacted>:/certs/archive/<redacted>:ro \
--name portainer \
portainer/portainer:1.13.4 --ssl --sslcert /certs/live/<redacted>/cert.pem --sslkey /certs/live/<redacted>/privkey.pem
### Deploy Portainer via docker-compose
You can use [docker-compose](https://docs.docker.com/compose/) to deploy
Portainer.
Here is an example compose file:
<pre><code>
version: '2'
services:
portainer:
image: portainer/portainer
command: -H unix:///var/run/docker.sock
restart: always
ports:
- 9000:9000
- 8000:8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
volumes:
portainer_data:
</code></pre>
[Click here](https://downloads.portainer.io/docker-compose.yml) to
download the Compose file.
### Deploy Portainer without Docker
Portainer binaries are available on each release page: [Portainer
releases](https://github.com/portainer/portainer/releases)
Download and extract the binary to a location on disk:
$ cd /opt
$ wget https://github.com/portainer/portainer/releases/download/1.23.2/portainer-1.23.2-linux-amd64.tar.gz
$ tar xvpfz portainer-1.23.2-linux-amd64.tar.gz
Then just use the portainer binary as you would use CLI flags with
Docker.
**Note**: Portainer will try to write its data into the /data folder by
default. You must ensure this folder exists first (or change the path it
will use via the `--data`, see below).
$ mkdir /data
$ cd /opt/portainer
$ ./portainer --template-file "${PWD}/templates.json"
You can use the `-p` flag to serve Portainer on another port:
$ ./portainer -p :8080
You can change the folder used by Portainer to store its data with the
`--data` flag:
$ ./portainer --data /opt/portainer-data

240
docs/archive/1.23.2/external_endpoints.md
View File

@ -1,121 +1,121 @@
External endpoints
==================
External endpoint definitions are written in JSON.
It must consist of an array with every endpoint definition consisting of
one element.
<pre><code>
[
{
"Name": "my-first-endpoint",
"URL": "tcp://myendpoint.mydomain:2375"
},
{
"Name": "my-second-endpoint",
"URL": "tcp://mysecondendpoint.mydomain:2375",
"TLS": true,
"TLSSkipVerify": true,
"TLSCACert": "/tmp/ca.pem",
"TLSCert": "/tmp/cert.pem",
"TLSKey": "/tmp/key.pem"
}
]
</code></pre>
Endpoint definition format
--------------------------
An endpoint element must be a valid [JSON](http://www.json.org/) object.
Example:
<pre><code>
{
"Name": "my-secure-endpoint",
"URL": "tcp://myendpoint.mydomain:2375",
"TLS": true,
"TLSCACert": "/tmp/ca.pem",
"TLSCert": "/tmp/cert.pem",
"TLSKey": "/tmp/key.pem"
}
</code></pre>
It is composed of multiple fields, some mandatory and some optionals.
### `Name`
Name of the endpoint. Used to check if an endpoint already exists in the
database during a synchronization request. It will also be displayed in
the UI.
This field is **mandatory**.
### `URL`
How to reach the endpoint.
Protocol **must** be specified, only `tcp://` and `unix://` are
supported at the moment. Any definition not using one of these 2
protocols will be skipped.
This field is **mandatory**.
### `TLS`
Specify this field to true if you need to use TLS to connect to the
endpoint. Defaults to `false`. When applying the true value to this
field, Portainer will expect the TLSCACertPath, TLSCertPath and
TLSKeyPath fields to be defined too.
This field is **optional**.
### `TLSSkipVerify`
Specify this field to true if you want to skip server verification.
Defaults to `false`.
This field is **optional**.
### `TLSCACert`
Path to the CA used to connect to the endpoint.
This field is **optional**.
### `TLSCert`
Path to the certificate used to connect to the endpoint.
This field is **optional**.
### `TLSKey`
Path to the key used to connect to the endpoint.
This field is **optional**.
Endpoint synchronization
------------------------
When using the `--external-endpoints` flag, Portainer will read the
specified JSON file at startup and automatically create the endpoints.
Portainer will then read the file based on the interval defined in
`--sync-interval` (every `60s` by default) and will automatically do the
following:
- For each endpoint in the database, it will automatically merge any
configuration find in the file using the enpoint name as the
comparison key
- If an endpoint exists in the database but is not present in the
file, it will be removed from the database
- If an endpoint exists in the file but not in the database it will be
created in the database
When using external endpoint management, endpoint management will via
the UI will be disabled to avoid any possible configuration overwrite
(the endpoints view is still accessible but will only display the list
of endpoints without giving the possibility to create/update endpoints).
External endpoints
==================
External endpoint definitions are written in JSON.
It must consist of an array with every endpoint definition consisting of
one element.
<pre><code>
[
{
"Name": "my-first-endpoint",
"URL": "tcp://myendpoint.mydomain:2375"
},
{
"Name": "my-second-endpoint",
"URL": "tcp://mysecondendpoint.mydomain:2375",
"TLS": true,
"TLSSkipVerify": true,
"TLSCACert": "/tmp/ca.pem",
"TLSCert": "/tmp/cert.pem",
"TLSKey": "/tmp/key.pem"
}
]
</code></pre>
Endpoint definition format
--------------------------
An endpoint element must be a valid [JSON](http://www.json.org/) object.
Example:
<pre><code>
{
"Name": "my-secure-endpoint",
"URL": "tcp://myendpoint.mydomain:2375",
"TLS": true,
"TLSCACert": "/tmp/ca.pem",
"TLSCert": "/tmp/cert.pem",
"TLSKey": "/tmp/key.pem"
}
</code></pre>
It is composed of multiple fields, some mandatory and some optionals.
### `Name`
Name of the endpoint. Used to check if an endpoint already exists in the
database during a synchronization request. It will also be displayed in
the UI.
This field is **mandatory**.
### `URL`
How to reach the endpoint.
Protocol **must** be specified, only `tcp://` and `unix://` are
supported at the moment. Any definition not using one of these 2
protocols will be skipped.
This field is **mandatory**.
### `TLS`
Specify this field to true if you need to use TLS to connect to the
endpoint. Defaults to `false`. When applying the true value to this
field, Portainer will expect the TLSCACertPath, TLSCertPath and
TLSKeyPath fields to be defined too.
This field is **optional**.
### `TLSSkipVerify`
Specify this field to true if you want to skip server verification.
Defaults to `false`.
This field is **optional**.
### `TLSCACert`
Path to the CA used to connect to the endpoint.
This field is **optional**.
### `TLSCert`
Path to the certificate used to connect to the endpoint.
This field is **optional**.
### `TLSKey`
Path to the key used to connect to the endpoint.
This field is **optional**.
Endpoint synchronization
------------------------
When using the `--external-endpoints` flag, Portainer will read the
specified JSON file at startup and automatically create the endpoints.
Portainer will then read the file based on the interval defined in
`--sync-interval` (every `60s` by default) and will automatically do the
following:
- For each endpoint in the database, it will automatically merge any
configuration find in the file using the enpoint name as the
comparison key
- If an endpoint exists in the database but is not present in the
file, it will be removed from the database
- If an endpoint exists in the file but not in the database it will be
created in the database
When using external endpoint management, endpoint management will via
the UI will be disabled to avoid any possible configuration overwrite
(the endpoints view is still accessible but will only display the list
of endpoints without giving the possibility to create/update endpoints).
A simple warning message will be displayed in the endpoints view.

624
docs/archive/1.23.2/faq.md
View File

@ -1,312 +1,312 @@
FAQ
===
How do I reset my Portainer password?
-------------------------------------
At this stage, you cannot reset your password using Portainer if you
have forgotten it. You can however ask another Portainer admin to reset
the password for you.
There is an open feature request for this functionality which can be
tracked on our GitHub repository
[here.](https://github.com/portainer/portainer/issues/512)
Why are my stacks showing as Limited in Portainer?
=================================================
A **Limited** stack as the name implies has limited functionality. This
includes browsing through to related services from the Stack Details
view, or deleting the stack. A stack could show as Limited in Portainer,
either because the stack was deployed outside of Portainer (Portainer
doesn't have a copy of the Stack file) or because the Portainer database
has been lost (the volume it is on isn't persisted and/or highly
available).
A **Total control** stack in Portainer brings you added functionality
such as editing and updating a stack, duplicating the stack or migrating
the stack. If you wish to have a Total control stack , you will need to
deploy it within Portainer so that the file is kept in the database &
ensure that the database is persisted and/or highly available.
Why is my version number not matching the latest version?
---------------------------------------------------------
If you have recently updated your version of Portainer, this is an
indication that your browser is holding onto the previous version number
of Portainer in it's cache. To properly clear your cache, you will need
to go into the browser settings and empty the cache.
**Note:** You can use `Ctrl + shift + R` on most browsers to load the
specific page without cache, however you will need to repeat this on
each page of Portainer to load the changes.
Can I activate my extension licenses without an internet connection?
--------------------------------------------------------------------
Currently, it is not possible to activate extensions offline as
Portainer runs a license check against our license verification server.
There is a feature request open for this offline activation
functionality which can be tracked on our GitHub repository
[here.](https://github.com/portainer/portainer/issues/3080)
My licenses/extensions don't activate, what do I do?
----------------------------------------------------
- As stated above, Portainer needs internet access to activate
extensions. One way to test is to run a busybox container and see if
it can reach the internet via ping or curl.
- If Portainer can reach the internet then this is not the problem. If
you have access to the Portainer data filesystem you can check
whether the extension binaries have been downloaded. Navigate to the
filesystem in use by Portainer and check the bin directory to make
sure the extension has been downloaded. If there is no extensions
present, then there is an issue with Portainer downloading the
extension.
- If the extensions are present, then you may have a permissions issue
and they may not be able to run. Check to make sure that they are
executable.
**Note:** Open Media Vault mounts filesystems & shared volumes with the
`noexec` flag by default, meaning Portainer extensions can't be enabled.
To fix this, remove `noexec` from the `OMV_FSTAB_MNTOPS_EXT4` variable.
If the filesystem or shared volume is already mounted, modify the
variable in the fstab section of `/etc/openmediavault/config.xml`,
otherwise modify the variable in `/etc/default/openmediavault`.
Users have access to an endpoint, but they cannot see anything. Why?
--------------------------------------------------------------------
- By default all resources inside an endpoint are assigned to
administrator only for security reasons. To give non-admin users
access you can use the **access control** widget within each
resource to assign users ownership, or you can make the resource
public to give all users access.
- Alternatively, when using the Role Based Access Control (RBAC)
extension you can assign users and teams a role at the endpoint
level. You can read more about the RBAC extension and it's features
[here.](https://www.portainer.io/product/rbac/)
**Note:** The RBAC extension requires Portainer version 1.21.0 or newer.
Portainer lost it's configuration, why?
---------------------------------------
**Portainer as a Container:** If you have not created a persistent
volume for your Portainer container, then Portainer data will be stored
inside the Docker container. If the container is then restarted, you
will lose all of your data.
**Portainer as a Service:** If you have not created a persistent volume
for your Portainer service, then Portainer data will be stored inside
the Docker container created by the service. If the service is updated,
you may lose your Portainer configuration.
[See
Deployment](https://portainer.readthedocs.io/en/stable/deployment.html)
on how to create a persistent volume. If you have a persistent volume,
then the issue may be that Portainer is not constrained to the node
where the data is persisted. **See the below section for more info**.
How do I make sure Portainer stays where my data is persisted?
--------------------------------------------------------------
Our recommended deployment stack file constrains Portainer to a manager
node, when you have multiple managers this will potentially become a
problem. Each stack or service **update** action could move the
Portainer container between them, and you may see Portainer appear as a
fresh install.
**The solution is to constrain your Portainer container to the node
where your Portainer data is being persisted.**
- Step 1: Following deployment of [our stack
file](https://portainer.readthedocs.io/en/stable/deployment.html#inside-a-swarm-cluster)
you will need to find the hostname of the node where the Portainer
volume is being persisted. Within Portainer, navigate to the volumes
view and note down the hostname of your Portainer volume. In this
example the hostname is **owner**.
Alternatively you can run `docker node ls` and note down the hostname of
the node where your Portainer data is persisted.
![Viewing hostname of Portainer volume] (assets/Viewing-hostname-of-Portainer-volume.png)
- Step 2: Navigate to the Service details view for your Portainer
service & navigate to placement constraints.
![Navigating to placement constraints for your Portainer
service](assets/Navigating-to-placement-constraints-for-your-Portainer-service.png)
- Step 3: Click the placement constraints button to add a new
constraint and fill in **node.hostname** for the name and the
hostname you gathered previously for the value.
- Step 4. Click the Apply changes button to apply your constraint.
![Applying the additional
constraint](assets/Applying-the-additional-constraint.png)
Why doesn't Portainer support compose version 3 on a standalone (non-swarm) host?
---------------------------------------------------------------------------------
Portainer uses the library Libcompose to deploy stacks on a standalone
host, this library has been depreciated by Docker and the repository for
it sits unmaintained. You can view this repository
[here.](https://github.com/portainer/portainer/issues/2054)
How do I get the logs from Portainer?
-------------------------------------
You can either get the logs for Portainer from Portainer's own GUI or
from the Docker CLI on the command line.
**Getting Portainer's logs from within Portainer**
- Step 1. Navigate to the Container view and click on the logs button
for your Portainer container.
![Navigating to the Container logs view for the Portainer
container](assets/Navigating-to-the-Container-logs-view-for-the-Portainer-container.png)
- Step 2. Click on the copy button to copy the logs of the Portainer
container to your clipboard.
![Copying the logs of the Portainer
container](assets/Copying-the-logs-of-the-Portainer-container.png)
**Getting Portainer's logs from the Docker CLI**
- Step 1. Navigate to the commandline of a Docker manager node/
non-swarm Docker host and enter `docker ps -a` to list all of the
Docker containers.
- Step 2. Note down the **CONTAINER\_ID** attribute of your Portainer
container.
- Step 3. Enter the following command and the logs of the Portainer
container will output to the commandline: docker container logs
**CONTAINER\_ID**
Published ports in the services view redirect me to *<about:blank#blocked>*, what can I do?
-------------------------------------------------------------------------------------------
If you deployed the recommended agent stack or manage the **local**
endpoint, you will need to set a public IP on your endpoint for
published ports to work on services in Portainer.
**How to set the public IP of an endpoint:**
- Step 1: Go to endpoints view
- Step 2: Click on your endpoint to see it's details
- Fill in the Public IP field for your endpoint like below:
*For an agent endpoint, add the IP of one of the nodes from your
cluster*
![Setting public IP of Agent
endpoint](assets/Setting-public-IP-of-Agent-endpoint.png)
*For the local endpoint add the IP of the host*
![Setting public IP of local
endpoint](assets/Setting-public-IP-of-local-endpoint.png)
Clicking on the published port in the Services view should now correctly
redirect you to the published port of your service in the browser.
External endpoints are not working in the latest Portainer version, is this a bug?
----------------------------------------------------------------------------------
We are aware that the `--external-endpoint` feature is not working in
some of the latest versions of Portainer. If you require use of external
endpoints, we recommend rolling back to Portainer version 1.21.0 until a
fix has been released.
Where can I find the source code of the Portainer agent?
--------------------------------------------------------
The Portainer agent is now open source! You can find it's source code
[here.](https://github.com/portainer/agent)
My host is using SELinux, can I use Portainer ?
-----------------------------------------------
If you want to manage a local Docker environment with **SELinux**
enabled, you'll need to pass the `--privileged` flag to the Docker run
command when deploying Portainer:
$ docker run -d --privileged -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer
You can also have a look at this helper:
<https://github.com/dpw/selinux-dockersock>.
How can I use Portainer behind a proxy?
---------------------------------------
With Portainer behind a proxy, some features requiring access to the
Internet (such as Apps Templates) might be unavailable. When running
Portainer as a container, you can set the `HTTP_PROXY` and `HTTPS_PROXY`
env vars to specify which proxy should be used: :
$ docker run -d -p 9000:9000 -p 8000:8000 -e HTTP_PROXY=my.proxy.domain:7777 portainer/portainer
For examples on how to configure a reverse proxy to work with Portainer,
you can refer to our example repo
[here.](https://github.com/portainer/portainer-compose)
**Note:** these are in no way production ready, and are intended solely
for demonstration purposes.
How can I expose the Docker API over TCP so that Portainer can communicate with my environment?
-----------------------------------------------------------------------------------------------
Portainer strongly recommend to deploy Portainer using our agent enabled
deployment due to the risk involved with exposing the Docker API. If for
whatever reason it is not possible to configure Portainer with the
Agent, you can configure Portainer to communicate with the Docker API
over the network (usually on TCP 2375, 2376 with TLS). Refer to [Daemon
socket
option](https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option)
in the Docker Reference and to Docker Engine on Windows.
How can I set up Portainer on Windows Server 2016?
--------------------------------------------------
[This is a great blog
post](https://blog.airdesk.com/2017/10/windows-containers-portainer-gui.html)
which gives instructions on how to set up Portainer on Windows Server
2016.
**Note:** this is applicable to Windows Server 2016 only.
How can I play with Portainer outside of the public demo?
---------------------------------------------------------
You can deploy Portainer as a stack in
[Play-with-Docker.](http://play-with-docker.com/?stack=https://raw.githubusercontent.com/portainer/portainer-compose/master/docker-stack.yml&stack_name=portainer)
Exposed ports in the container view redirects me to 0.0.0.0, what can I do?
---------------------------------------------------------------------------
In order for Portainer to be able to redirect you to your Docker host IP
address and not the **0.0.0.0** address, you will have to change the
configuration of your Docker daemon and add the `--ip` option. **Note:**
that you will have to restart your Docker daemon for the changes to be
taken in effect.
Have a look at the [Docker
documentation](https://docs.docker.com/engine/reference/commandline/dockerd/)
for more details.
How do I troubleshoot Portainer?
--------------------------------
- Depending on your issue, make sure you first check the Portainer
documentation and our user guides to ensure everything is configured
correctly.
- The next thing is to check the logs of Portainer & the Portainer
Agent. For instructions on how to do this, refer to the Portainer
logs section above.
- If you cannot see anything wrong with your configuration or anything
in the container logs, then the next step is to [troubleshoot your
environment.](https://portainer.readthedocs.io/en/stable/troubleshooting.html)
Make sure that Docker is running with the command `docker version`.
FAQ
===
How do I reset my Portainer password?
-------------------------------------
At this stage, you cannot reset your password using Portainer if you
have forgotten it. You can however ask another Portainer admin to reset
the password for you.
There is an open feature request for this functionality which can be
tracked on our GitHub repository
[here.](https://github.com/portainer/portainer/issues/512)
Why are my stacks showing as Limited in Portainer?
=================================================
A **Limited** stack as the name implies has limited functionality. This
includes browsing through to related services from the Stack Details
view, or deleting the stack. A stack could show as Limited in Portainer,
either because the stack was deployed outside of Portainer (Portainer
doesn't have a copy of the Stack file) or because the Portainer database
has been lost (the volume it is on isn't persisted and/or highly
available).
A **Total control** stack in Portainer brings you added functionality
such as editing and updating a stack, duplicating the stack or migrating
the stack. If you wish to have a Total control stack , you will need to
deploy it within Portainer so that the file is kept in the database &
ensure that the database is persisted and/or highly available.
Why is my version number not matching the latest version?
---------------------------------------------------------
If you have recently updated your version of Portainer, this is an
indication that your browser is holding onto the previous version number
of Portainer in it's cache. To properly clear your cache, you will need
to go into the browser settings and empty the cache.
**Note:** You can use `Ctrl + shift + R` on most browsers to load the
specific page without cache, however you will need to repeat this on
each page of Portainer to load the changes.
Can I activate my extension licenses without an internet connection?
--------------------------------------------------------------------
Currently, it is not possible to activate extensions offline as
Portainer runs a license check against our license verification server.
There is a feature request open for this offline activation
functionality which can be tracked on our GitHub repository
[here.](https://github.com/portainer/portainer/issues/3080)
My licenses/extensions don't activate, what do I do?
----------------------------------------------------
- As stated above, Portainer needs internet access to activate
extensions. One way to test is to run a busybox container and see if
it can reach the internet via ping or curl.
- If Portainer can reach the internet then this is not the problem. If
you have access to the Portainer data filesystem you can check
whether the extension binaries have been downloaded. Navigate to the
filesystem in use by Portainer and check the bin directory to make
sure the extension has been downloaded. If there is no extensions
present, then there is an issue with Portainer downloading the
extension.
- If the extensions are present, then you may have a permissions issue
and they may not be able to run. Check to make sure that they are
executable.
**Note:** Open Media Vault mounts filesystems & shared volumes with the
`noexec` flag by default, meaning Portainer extensions can't be enabled.
To fix this, remove `noexec` from the `OMV_FSTAB_MNTOPS_EXT4` variable.
If the filesystem or shared volume is already mounted, modify the
variable in the fstab section of `/etc/openmediavault/config.xml`,
otherwise modify the variable in `/etc/default/openmediavault`.
Users have access to an endpoint, but they cannot see anything. Why?
--------------------------------------------------------------------
- By default all resources inside an endpoint are assigned to
administrator only for security reasons. To give non-admin users
access you can use the **access control** widget within each
resource to assign users ownership, or you can make the resource
public to give all users access.
- Alternatively, when using the Role Based Access Control (RBAC)
extension you can assign users and teams a role at the endpoint
level. You can read more about the RBAC extension and it's features
[here.](https://www.portainer.io/product/rbac/)
**Note:** The RBAC extension requires Portainer version 1.21.0 or newer.
Portainer lost it's configuration, why?
---------------------------------------
**Portainer as a Container:** If you have not created a persistent
volume for your Portainer container, then Portainer data will be stored
inside the Docker container. If the container is then restarted, you
will lose all of your data.
**Portainer as a Service:** If you have not created a persistent volume
for your Portainer service, then Portainer data will be stored inside
the Docker container created by the service. If the service is updated,
you may lose your Portainer configuration.
[See
Deployment](https://portainer.readthedocs.io/en/stable/deployment.html)
on how to create a persistent volume. If you have a persistent volume,
then the issue may be that Portainer is not constrained to the node
where the data is persisted. **See the below section for more info**.
How do I make sure Portainer stays where my data is persisted?
--------------------------------------------------------------
Our recommended deployment stack file constrains Portainer to a manager
node, when you have multiple managers this will potentially become a
problem. Each stack or service **update** action could move the
Portainer container between them, and you may see Portainer appear as a
fresh install.
**The solution is to constrain your Portainer container to the node
where your Portainer data is being persisted.**
- Step 1: Following deployment of [our stack
file](https://portainer.readthedocs.io/en/stable/deployment.html#inside-a-swarm-cluster)
you will need to find the hostname of the node where the Portainer
volume is being persisted. Within Portainer, navigate to the volumes
view and note down the hostname of your Portainer volume. In this
example the hostname is **owner**.
Alternatively you can run `docker node ls` and note down the hostname of
the node where your Portainer data is persisted.
![Viewing hostname of Portainer volume] (assets/Viewing-hostname-of-Portainer-volume.png)
- Step 2: Navigate to the Service details view for your Portainer
service & navigate to placement constraints.
![Navigating to placement constraints for your Portainer
service](assets/Navigating-to-placement-constraints-for-your-Portainer-service.png)
- Step 3: Click the placement constraints button to add a new
constraint and fill in **node.hostname** for the name and the
hostname you gathered previously for the value.
- Step 4. Click the Apply changes button to apply your constraint.
![Applying the additional
constraint](assets/Applying-the-additional-constraint.png)
Why doesn't Portainer support compose version 3 on a standalone (non-swarm) host?
---------------------------------------------------------------------------------
Portainer uses the library Libcompose to deploy stacks on a standalone
host, this library has been depreciated by Docker and the repository for
it sits unmaintained. You can view this repository
[here.](https://github.com/portainer/portainer/issues/2054)
How do I get the logs from Portainer?
-------------------------------------
You can either get the logs for Portainer from Portainer's own GUI or
from the Docker CLI on the command line.
**Getting Portainer's logs from within Portainer**
- Step 1. Navigate to the Container view and click on the logs button
for your Portainer container.
![Navigating to the Container logs view for the Portainer
container](assets/Navigating-to-the-Container-logs-view-for-the-Portainer-container.png)
- Step 2. Click on the copy button to copy the logs of the Portainer
container to your clipboard.
![Copying the logs of the Portainer
container](assets/Copying-the-logs-of-the-Portainer-container.png)
**Getting Portainer's logs from the Docker CLI**
- Step 1. Navigate to the commandline of a Docker manager node/
non-swarm Docker host and enter `docker ps -a` to list all of the
Docker containers.
- Step 2. Note down the **CONTAINER\_ID** attribute of your Portainer
container.
- Step 3. Enter the following command and the logs of the Portainer
container will output to the commandline: docker container logs
**CONTAINER\_ID**
Published ports in the services view redirect me to *<about:blank#blocked>*, what can I do?
-------------------------------------------------------------------------------------------
If you deployed the recommended agent stack or manage the **local**
endpoint, you will need to set a public IP on your endpoint for
published ports to work on services in Portainer.
**How to set the public IP of an endpoint:**
- Step 1: Go to endpoints view
- Step 2: Click on your endpoint to see it's details
- Fill in the Public IP field for your endpoint like below:
*For an agent endpoint, add the IP of one of the nodes from your
cluster*
![Setting public IP of Agent
endpoint](assets/Setting-public-IP-of-Agent-endpoint.png)
*For the local endpoint add the IP of the host*
![Setting public IP of local
endpoint](assets/Setting-public-IP-of-local-endpoint.png)
Clicking on the published port in the Services view should now correctly
redirect you to the published port of your service in the browser.
External endpoints are not working in the latest Portainer version, is this a bug?
----------------------------------------------------------------------------------
We are aware that the `--external-endpoint` feature is not working in
some of the latest versions of Portainer. If you require use of external
endpoints, we recommend rolling back to Portainer version 1.21.0 until a
fix has been released.
Where can I find the source code of the Portainer agent?
--------------------------------------------------------
The Portainer agent is now open source! You can find it's source code
[here.](https://github.com/portainer/agent)
My host is using SELinux, can I use Portainer ?
-----------------------------------------------
If you want to manage a local Docker environment with **SELinux**
enabled, you'll need to pass the `--privileged` flag to the Docker run
command when deploying Portainer:
$ docker run -d --privileged -p 9000:9000 -p 8000:8000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer
You can also have a look at this helper:
<https://github.com/dpw/selinux-dockersock>.
How can I use Portainer behind a proxy?
---------------------------------------
With Portainer behind a proxy, some features requiring access to the
Internet (such as Apps Templates) might be unavailable. When running
Portainer as a container, you can set the `HTTP_PROXY` and `HTTPS_PROXY`
env vars to specify which proxy should be used: :
$ docker run -d -p 9000:9000 -p 8000:8000 -e HTTP_PROXY=my.proxy.domain:7777 portainer/portainer
For examples on how to configure a reverse proxy to work with Portainer,
you can refer to our example repo
[here.](https://github.com/portainer/portainer-compose)
**Note:** these are in no way production ready, and are intended solely
for demonstration purposes.
How can I expose the Docker API over TCP so that Portainer can communicate with my environment?
-----------------------------------------------------------------------------------------------
Portainer strongly recommend to deploy Portainer using our agent enabled
deployment due to the risk involved with exposing the Docker API. If for
whatever reason it is not possible to configure Portainer with the
Agent, you can configure Portainer to communicate with the Docker API
over the network (usually on TCP 2375, 2376 with TLS). Refer to [Daemon
socket
option](https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option)
in the Docker Reference and to Docker Engine on Windows.
How can I set up Portainer on Windows Server 2016?
--------------------------------------------------
[This is a great blog
post](https://blog.airdesk.com/2017/10/windows-containers-portainer-gui.html)
which gives instructions on how to set up Portainer on Windows Server
2016.
**Note:** this is applicable to Windows Server 2016 only.
How can I play with Portainer outside of the public demo?
---------------------------------------------------------
You can deploy Portainer as a stack in
[Play-with-Docker.](http://play-with-docker.com/?stack=https://raw.githubusercontent.com/portainer/portainer-compose/master/docker-stack.yml&stack_name=portainer)
Exposed ports in the container view redirects me to 0.0.0.0, what can I do?
---------------------------------------------------------------------------
In order for Portainer to be able to redirect you to your Docker host IP
address and not the **0.0.0.0** address, you will have to change the
configuration of your Docker daemon and add the `--ip` option. **Note:**
that you will have to restart your Docker daemon for the changes to be
taken in effect.
Have a look at the [Docker
documentation](https://docs.docker.com/engine/reference/commandline/dockerd/)
for more details.
How do I troubleshoot Portainer?
--------------------------------
- Depending on your issue, make sure you first check the Portainer
documentation and our user guides to ensure everything is configured
correctly.
- The next thing is to check the logs of Portainer & the Portainer
Agent. For instructions on how to do this, refer to the Portainer
logs section above.
- If you cannot see anything wrong with your configuration or anything
in the container logs, then the next step is to [troubleshoot your
environment.](https://portainer.readthedocs.io/en/stable/troubleshooting.html)
Make sure that Docker is running with the command `docker version`.

10
docs/archive/1.23.2/index.md
View File

@ -1,5 +1,5 @@
Portainer documentation
=======================
The Portainer documentation has been moved and is now available at
<https://www.portainer.io/documentation/>
Portainer documentation
=======================
The Portainer documentation has been moved and is now available at
<https://www.portainer.io/documentation/>

88
docs/archive/1.23.2/limitations.md
View File

@ -1,44 +1,44 @@
Limitations
===========
Information about supported platforms and Docker versions.
Docker
------
Portainer is compatible with the following versions of Docker:
- Docker \> 1.9
Portainer has partial support for the following versions of Docker:
- Docker 1.9
Portainer is **not** compatible with the following versions of Docker:
- Docker \< 1.9
Swarm
-----
Portainer is compatible with the following versions of Docker Swarm
standalone:
- Docker Swarm \>= 1.2.3
**Note:** this is not related to Docker Swarm mode, see
<https://docs.docker.com/swarm/swarm_at_scale/deploy-app/>
Supported platforms
-------------------
Portainer can be deployed on the following platforms:
- Linux amd64
- Linux arm
- Linux arm64
- Linux ppc64le
- Linux s390x
- Windows amd64
- Darwin amd64
Limitations
===========
Information about supported platforms and Docker versions.
Docker
------
Portainer is compatible with the following versions of Docker:
- Docker \> 1.9
Portainer has partial support for the following versions of Docker:
- Docker 1.9
Portainer is **not** compatible with the following versions of Docker:
- Docker \< 1.9
Swarm
-----
Portainer is compatible with the following versions of Docker Swarm
standalone:
- Docker Swarm \>= 1.2.3
**Note:** this is not related to Docker Swarm mode, see
<https://docs.docker.com/swarm/swarm_at_scale/deploy-app/>
Supported platforms
-------------------
Portainer can be deployed on the following platforms:
- Linux amd64
- Linux arm
- Linux arm64
- Linux ppc64le
- Linux s390x
- Windows amd64
- Darwin amd64

1202
docs/archive/1.23.2/templates.md
View File

File diff suppressed because it is too large Load Diff

102
docs/archive/1.23.2/troubleshooting.md
View File

@ -1,51 +1,51 @@
Troubleshooting
===============
Portainer is built to run on Docker. If Docker is not configured
correctly, then this can cause issues that appear to be coming from
Portainer.
Ensuring Docker is configured correctly
---------------------------------------
The first thing to look at whether Docker is actually functioning
correctly on your system.
$ docker version
The above command should have returned information about Docker running
on your system. Below is a snippet of what this may look like.
<pre><code>
$ Client: Docker Engine - Community
Version: 19.03.3
API version: 1.40
Go version: go1.12.10
Git commit: a872fc2f86
Built: Tue Oct 8 00:59:59 2019
OS/Arch: linux/amd64
Experimental: false
</code></pre>
Ensuring Docker Swarm is configured correctly
---------------------------------------------
All nodes will require the following ports to be open:
- 7946/tcp
- 7946/udp
- 4789/udp
For the manager node:
- 2377/tcp
Next, make sure you are using the `--advertise-addr` option.
- When creating the cluster via `docker swarm init`, use
`--advertise-addr` with either the private IP address or NIC name
directly (`--advertise-addr eth1` for example)
- When joining a cluster on worker nodes via `docker swarm join`, use
`--advertise-addr` the same as above with either private IP address
or NIC name directly
Troubleshooting
===============
Portainer is built to run on Docker. If Docker is not configured
correctly, then this can cause issues that appear to be coming from
Portainer.
Ensuring Docker is configured correctly
---------------------------------------
The first thing to look at whether Docker is actually functioning
correctly on your system.
$ docker version
The above command should have returned information about Docker running
on your system. Below is a snippet of what this may look like.
<pre><code>
$ Client: Docker Engine - Community
Version: 19.03.3
API version: 1.40
Go version: go1.12.10
Git commit: a872fc2f86
Built: Tue Oct 8 00:59:59 2019
OS/Arch: linux/amd64
Experimental: false
</code></pre>
Ensuring Docker Swarm is configured correctly
---------------------------------------------
All nodes will require the following ports to be open:
- 7946/tcp
- 7946/udp
- 4789/udp
For the manager node:
- 2377/tcp
Next, make sure you are using the `--advertise-addr` option.
- When creating the cluster via `docker swarm init`, use
`--advertise-addr` with either the private IP address or NIC name
directly (`--advertise-addr eth1` for example)
- When joining a cluster on worker nodes via `docker swarm join`, use
`--advertise-addr` the same as above with either private IP address
or NIC name directly

8
docs/archive/1.23.2/userguide.md
View File

@ -1,4 +1,4 @@
User guide
==========
WIP
User guide
==========
WIP

17
docs/css/extra.css
View File

@ -17,12 +17,20 @@
.md-header-nav__button.md-logo img, .md-header-nav__button.md-logo svg {
display: block;
width: rem;
height: 1.9rem;
width: 4rem;
height: 1.6rem;
fill: currentColor;
margin-top: -8px;
}
.md-header__button.md-logo img, .md-header__button.md-logo svg {
display: block;
width: 4rem;
height: 1.6rem;
fill: currentColor;
margin-top: -8px;
}
.md-header-nav__button.md-logo {
margin: .2rem;
padding: .4rem;
@ -148,7 +156,7 @@ color: #e86a25;
.md-grid {
max-width: 1440px;
}
/**
.tabbed-set {
display: flex;
position: relative;
@ -188,4 +196,5 @@ color: #333333;
.tabbed-set input:nth-child(n+1):checked + label + .tabbed-content {
display: block;
}
}
**/

78
docs/index.md
View File

@ -1,39 +1,39 @@
# :fontawesome-solid-door-open: Welcome
Welcome to the official Portainer Documentation.
This is an open source documentation project and all community contributions are welcome and encouraged.
For information about contributing to the Portainer documentation, see [Contribution guidelines](https://github.com/portainer/portainer-docs/blob/master/contributing.md).
## :fontawesome-solid-address-card: About Portainer
Portainer Community Edition 2.0 is the foundation of the Portainer world. With over half a million regular users, its a powerful, open-source toolset that allows you to easily build and manage containers in Docker, Swarm, Kubernetes and Azure ACI.
Portainer works by hiding the complexity that makes managing containers hard, behind an easy to use GUI. By negating the need for users to use CLI, write YAML or understand manifests, Portainer makes deploying apps and troubleshooting problems so simple, anyone can do it.
The Portainer development team is here to assist you on your container journey; you can engage with them any time through our community-based support channels.
## :fontawesome-solid-question-circle: Knowledge Base and FAQs
As the Portainer community continues to grow, we continue to support the community to the best of our ability.
To streamline our operations and allow us to focus on delivering the right support and features in the right areas at the right time we encourage you to refer to our comprehensive <b>[Knowledge Base](https://support.portainer.io)</B> for any queries you may have.
If you can't find what you're looking for Knowledge Base then please refer to one of the following support channels
## :material-comment-account: Support Channels
Being a free and opensource product, we have been heavily reliant on our community to provide "how to" support to our community, recently we have invested significant time in improving and updating our documentation found on this site and our [YouTube channel](https://www.youtube.com/channel/UC7diMJcrULjDseq5yhSUZgg). While we endeavour to cover as many scenarios as possible there may be some that our documentation doesnt cover.
* <b>QUESTIONS</b> should be posted to either [Github Issues](https://github.com/portainer/portainer/issues) or the [community Slack channel](https://portainer.slack.com/join/shared_invite/enQtNDk3ODQ5MjI2MjI4LTcwNGYxMWQ5OGViYWZkNDY2ZjY4YTMwMTgzYmU4YmNiOTU0MDcxYmJjNTIyYmQ0MTM5Y2QwNTg3NzNkMTk5MDg#/). While other platforms exist (Reddit, Discord, Stack Overflow) the Portainer team is less active in these.
* Suspected <b>BUGS</b> should be posted to Github and will be managed by our support and development teams as appropriate.
* <b>VULNERABILITIES</b> should be emailed to [security@portainer.io](mailto:security@portainer.io) and will be dealt with immediately.
* <B>ISSUES IN OUR DOCUMENTATION</B> can be raised through our [Github Documentation Channel](https://github.com/portainer/portainer-docs/issues), or you can follow the user contribution guidelines.
We will not provide support over email.
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}
# :fontawesome-solid-door-open: Welcome
Welcome to the official Portainer Documentation.
This is an open source documentation project and all community contributions are welcome and encouraged.
For information about contributing to the Portainer documentation, see [Contribution guidelines](https://github.com/portainer/portainer-docs/blob/master/contributing.md).
## :fontawesome-solid-address-card: About Portainer
Portainer Community Edition 2.0 is the foundation of the Portainer world. With over half a million regular users, its a powerful, open-source toolset that allows you to easily build and manage containers in Docker, Swarm, Kubernetes and Azure ACI.
Portainer works by hiding the complexity that makes managing containers hard, behind an easy to use GUI. By negating the need for users to use CLI, write YAML or understand manifests, Portainer makes deploying apps and troubleshooting problems so simple, anyone can do it.
The Portainer development team is here to assist you on your container journey; you can engage with them any time through our community-based support channels.
## :fontawesome-solid-question-circle: Knowledge Base and FAQs
As the Portainer community continues to grow, we continue to support the community to the best of our ability.
To streamline our operations and allow us to focus on delivering the right support and features in the right areas at the right time we encourage you to refer to our comprehensive <b>[Knowledge Base](https://support.portainer.io)</B> for any queries you may have.
If you can't find what you're looking for Knowledge Base then please refer to one of the following support channels
## :material-comment-account: Support Channels
Being a free and opensource product, we have been heavily reliant on our community to provide "how to" support to our community, recently we have invested significant time in improving and updating our documentation found on this site and our [YouTube channel](https://www.youtube.com/channel/UC7diMJcrULjDseq5yhSUZgg). While we endeavour to cover as many scenarios as possible there may be some that our documentation doesnt cover.
* <b>QUESTIONS</b> should be posted to either [Github Issues](https://github.com/portainer/portainer/issues) or the [community Slack channel](https://portainer.slack.com/join/shared_invite/enQtNDk3ODQ5MjI2MjI4LTcwNGYxMWQ5OGViYWZkNDY2ZjY4YTMwMTgzYmU4YmNiOTU0MDcxYmJjNTIyYmQ0MTM5Y2QwNTg3NzNkMTk5MDg#/). While other platforms exist (Reddit, Discord, Stack Overflow) the Portainer team is less active in these.
* Suspected <b>BUGS</b> should be posted to Github and will be managed by our support and development teams as appropriate.
* <b>VULNERABILITIES</b> should be emailed to [security@portainer.io](mailto:security@portainer.io) and will be dealt with immediately.
* <B>ISSUES IN OUR DOCUMENTATION</B> can be raised through our [Github Documentation Channel](https://github.com/portainer/portainer-docs/issues), or you can follow the user contribution guidelines.
We will not provide support over email.
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

84
docs/quickstart.md
View File

@ -1,42 +1,42 @@
# :fontawesome-solid-paper-plane: Installation
Portainer comes in two flavours Portainer CE and Portainer Business. Portainer CE is open source, free forever and used by more than 500,000 developers worldwide. Portainer Business builds on CE and adds business related functionality.
You can find a feature comparision [here](https://www.portainer.io/products){target=_blank}.
Choose a Portainer Edition that you would like to Deploy
=== "Portainer CE"
!!! Abstract ""
Portainer Application can be deployed to any of the following platforms, Click on your platform button to go to relevant Installation guide.
Requirements and Validated Configuration Matrix can be found [here](/v2.0/deploy/requirements/)
<br>
<br>
[Docker](../v2.0/deploy/ceinstalldocker/){: .md-button }
[Docker Swarm](../v2.0/deploy/ceinstallswarm/){: .md-button }
[Kubernetes](../v2.0/deploy/ceinstallk8s/){: .md-button }
=== "Portainer Business"
!!! Abstract ""
Portainer Business requires a valid License to run, this is added after install. To get a quote on a licence for your needs visit our [Product page](https://www.portainer.io/products/portainer-business-pricing), you can also acquire a 30 day trial license [here](https://www.portainer.io/cs/c/?cta_guid=e7ecf652-0dc4-4573-98fd-625c998881c0&signature=AAH58kHAbNkEVsCC-NRo1IbuaqqghzuG_w&pageId=34661871872&placement_guid=27c1272a-fd17-42e5-8434-995186df6b30&click=a2e34f07-577d-41f4-b431-766da3b248f1&hsutk=baf3ff7dd5eac1063485049de23c94b7&canon=https%3A%2F%2Fwww.portainer.io%2F&portal_id=4731999&redirect_url=APefjpGiR1deqnkdtUJaPieCYM8eTjZYGmfVDPkpMGDPEDgPhzoocs3Bp9amAcaosCVU6OO-1xfPkj8YCNwOIiead1AE0EhsVLiEAgTt-Ej87_LgEY_V9AJWxOLbPB8Tcerk5CRahbYj5gZStnziiPwX_gCm7u6VBOkMErpCVQvcpbtKt0e2hN4dnYY15o7Jawfk_fM8AIEy19Kf4T0WD7kQPuvYS7BFcuHisNBFs5Fu87085y9hNn4&__hstc=146943656.baf3ff7dd5eac1063485049de23c94b7.1611489451749.1612961821682.1612999980872.20&__hssc=146943656.1.1612999980872&__hsfp=3914124624&contentType=standard-page){target=_blank}.
Portainer Application can be deployed to any of the following platforms, Click on your platform button to go to relevant Installation guide.
Requirements and Validated Configuration Matrix can be found [here](/v2.0-be/deploy/requirements/)
<br>
<br>
[Docker](../v2.0-be/deploy/beinstalldocker/){: .md-button }
[Docker Swarm](../v2.0-be/deploy/beinstallswarm/){: .md-button }
[Kubernetes](../v2.0-be/deploy/beinstallk8s/){: .md-button }
<br>
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}
# :fontawesome-solid-paper-plane: Installation
Portainer comes in two flavours Portainer CE and Portainer Business. Portainer CE is open source, free forever and used by more than 500,000 developers worldwide. Portainer Business builds on CE and adds business related functionality.
You can find a feature comparision [here](https://www.portainer.io/products){target=_blank}.
Choose a Portainer Edition that you would like to Deploy
=== "Portainer CE"
!!! Abstract ""
Portainer Application can be deployed to any of the following platforms, Click on your platform button to go to relevant Installation guide.
Requirements and Validated Configuration Matrix can be found [here](/v2.0/deploy/requirements/)
<br>
<br>
[Docker](../v2.0/deploy/ceinstalldocker/){: .md-button }
[Docker Swarm](../v2.0/deploy/ceinstallswarm/){: .md-button }
[Kubernetes](../v2.0/deploy/ceinstallk8s/){: .md-button }
=== "Portainer Business"
!!! Abstract ""
Portainer Business requires a valid License to run, this is added after install. To get a quote on a licence for your needs visit our [Product page](https://www.portainer.io/products/portainer-business-pricing), you can also acquire a 30 day trial license [here](https://www.portainer.io/cs/c/?cta_guid=e7ecf652-0dc4-4573-98fd-625c998881c0&signature=AAH58kHAbNkEVsCC-NRo1IbuaqqghzuG_w&pageId=34661871872&placement_guid=27c1272a-fd17-42e5-8434-995186df6b30&click=a2e34f07-577d-41f4-b431-766da3b248f1&hsutk=baf3ff7dd5eac1063485049de23c94b7&canon=https%3A%2F%2Fwww.portainer.io%2F&portal_id=4731999&redirect_url=APefjpGiR1deqnkdtUJaPieCYM8eTjZYGmfVDPkpMGDPEDgPhzoocs3Bp9amAcaosCVU6OO-1xfPkj8YCNwOIiead1AE0EhsVLiEAgTt-Ej87_LgEY_V9AJWxOLbPB8Tcerk5CRahbYj5gZStnziiPwX_gCm7u6VBOkMErpCVQvcpbtKt0e2hN4dnYY15o7Jawfk_fM8AIEy19Kf4T0WD7kQPuvYS7BFcuHisNBFs5Fu87085y9hNn4&__hstc=146943656.baf3ff7dd5eac1063485049de23c94b7.1611489451749.1612961821682.1612999980872.20&__hssc=146943656.1.1612999980872&__hsfp=3914124624&contentType=standard-page){target=_blank}.
Portainer Application can be deployed to any of the following platforms, Click on your platform button to go to relevant Installation guide.
Requirements and Validated Configuration Matrix can be found [here](/v2.0-be/deploy/requirements/)
<br>
<br>
[Docker](../v2.0-be/deploy/beinstalldocker/){: .md-button }
[Docker Swarm](../v2.0-be/deploy/beinstallswarm/){: .md-button }
[Kubernetes](../v2.0-be/deploy/beinstallk8s/){: .md-button }
<br>
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

72
docs/releasenotes.md
View File

@ -1,36 +1,36 @@
# :material-page-next: Release Notes
Read about the new and enhanced features in our latest releases here.
=== "Portainer Business"
???+ Tip "Release 2.0.1"
#### Fixes
**Fix an issue preventing a user from creating Kuberneres resources if they have a `#!Ruby @` character in their username**
Users with a `#!Ruby @` character in their username were not able to create the following Kubernetes resources:
* Resource pool
* Application
* Configuration
**Fix platform issues with the Docker image for Portainer Business**
The Docker image can now be successfully deployed on the following platforms:
* Linux ARM64
* Linux ARM
**Minor update to the license server mechanism**
The license server mechanism has been updated.
<br>
???- Note "Release 2.0.0"
Initial Release of Portainer Business
=== "Portainer CE"
Latest release notes for Community Edition are availble [here](https://github.com/portainer/portainer/releases){target=_blank}
<br>
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}
# :material-page-next: Release Notes
Read about the new and enhanced features in our latest releases here.
=== "Portainer Business"
???+ Tip "Release 2.0.1"
#### Fixes
**Fix an issue preventing a user from creating Kuberneres resources if they have a `#!Ruby @` character in their username**
Users with a `#!Ruby @` character in their username were not able to create the following Kubernetes resources:
* Resource pool
* Application
* Configuration
**Fix platform issues with the Docker image for Portainer Business**
The Docker image can now be successfully deployed on the following platforms:
* Linux ARM64
* Linux ARM
**Minor update to the license server mechanism**
The license server mechanism has been updated.
<br>
???- Note "Release 2.0.0"
Initial Release of Portainer Business
=== "Portainer CE"
Latest release notes for Community Edition are availble [here](https://github.com/portainer/portainer/releases){target=_blank}
<br>
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

312
docs/v2.0-be/ad/nginx/rp-nginx.md
View File

@ -1,157 +1,157 @@
# Deploy Portainer behind NGINX Reverse Proxy
### Deploying in a Docker Standalone scenario
To deploy Portainer behind NGINX Proxy in a Docker standalone scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Server and NGINX Proxy.
<pre><code>
version: "2"
services:
nginx-proxy:
image: jwilder/nginx-proxy
restart: always
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
portainer:
image: portainer/portainer-ce:2.0.0
command: -H unix:///var/run/docker.sock
restart: always
networks:
- proxy
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
networks:
proxy:
volumes:
portainer_data:
</code></pre>
To setup and start working with this recipe, you need to change the VIRTUAL_HOST value. You can then run the following:
<pre><code>docker-compose up -d</code></pre>
Once complete, you will able to run <code> docker ps</code> and you will see an output similar to this:
<pre><code>CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
088da047e931 portainer/portainer-ce:2.0.0 "/portainer -H unix:…" 32 minutes ago Up 22 minutes 0.0.0.0:8000->8000/tcp, 9000/tcp nginx-port_portainer_1
1ec0594f8a01 jwilder/nginx-proxy "/app/docker-entrypo…" 32 minutes ago Up 22 minutes 0.0.0.0:80->80/tcp nginx-port_nginx-proxy_1</code></pre>
Once the deployment is complete you can browse <code>portainer.yourdomain.com</code>.
### Deploying in a Docker Swarm scenario
Deploying Portainer in Docker Swarm behind NGINX has similar steps to the Docker Standalone scenario.
First, you need to create a few networks. One for the agent and the communication with Portainer Server, and other to "expose" the Portainer container to the same network that the Reverse Proxy.
Before deploying, you need to create 2 elements: Networks and volumes.
1. First, create 2 networks for the agent to communicate with Portainer Server and other to "expose" the Portainer container to the same network that as the Reverse Proxy
<pre><code> docker network create -d overlay proxy</code></pre>
<pre><code> docker network create -d agent_network</code></pre>
2. Then create the volume:
<pre><code> docker volume create portainer_data</code></pre>
3. Save the below recipe as portainer.yml
<pre><code>version: '3.2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
networks:
- proxy
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
networks:
proxy:
external: true
agent_network:
external: true
volumes:
data:</code></pre>
4. To setup and start working with this recipe, you need to change the VIRTUAL_HOST value.
5. You're now ready to deploy Portainer by executing the following:
<pre><code> docker stack deploy portainer -c portainer.yml</code></pre>
6. To check the deployment you can run <code> docker service ls</code> and you will see an output similar to the following:
<pre><code>ID NAME MODE REPLICAS IMAGE PORTS
gy2bjxid0g4p portainer_agent global 1/1 portainer/agent:latest
jwvjp5bux4sz portainer_nginx-proxy replicated 1/1 jwilder/nginx-proxy:latest *:80->80/tcp
5nflcvoxl3c7 portainer_portainer replicated 1/1 portainer/portainer-ce:2.0.0 *:8000->8000/tcp</code></pre>
Once the services are running, you can browse the url specified (e.g. portainer.yourdomain.com) to access Portainer.
### Deploying in a Kubernetes scenario
WIP
## :material-note-text: Notes
# Deploy Portainer behind NGINX Reverse Proxy
### Deploying in a Docker Standalone scenario
To deploy Portainer behind NGINX Proxy in a Docker standalone scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Server and NGINX Proxy.
<pre><code>
version: "2"
services:
nginx-proxy:
image: jwilder/nginx-proxy
restart: always
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
portainer:
image: portainer/portainer-ce:2.0.0
command: -H unix:///var/run/docker.sock
restart: always
networks:
- proxy
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
networks:
proxy:
volumes:
portainer_data:
</code></pre>
To setup and start working with this recipe, you need to change the VIRTUAL_HOST value. You can then run the following:
<pre><code>docker-compose up -d</code></pre>
Once complete, you will able to run <code> docker ps</code> and you will see an output similar to this:
<pre><code>CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
088da047e931 portainer/portainer-ce:2.0.0 "/portainer -H unix:…" 32 minutes ago Up 22 minutes 0.0.0.0:8000->8000/tcp, 9000/tcp nginx-port_portainer_1
1ec0594f8a01 jwilder/nginx-proxy "/app/docker-entrypo…" 32 minutes ago Up 22 minutes 0.0.0.0:80->80/tcp nginx-port_nginx-proxy_1</code></pre>
Once the deployment is complete you can browse <code>portainer.yourdomain.com</code>.
### Deploying in a Docker Swarm scenario
Deploying Portainer in Docker Swarm behind NGINX has similar steps to the Docker Standalone scenario.
First, you need to create a few networks. One for the agent and the communication with Portainer Server, and other to "expose" the Portainer container to the same network that the Reverse Proxy.
Before deploying, you need to create 2 elements: Networks and volumes.
1. First, create 2 networks for the agent to communicate with Portainer Server and other to "expose" the Portainer container to the same network that as the Reverse Proxy
<pre><code> docker network create -d overlay proxy</code></pre>
<pre><code> docker network create -d agent_network</code></pre>
2. Then create the volume:
<pre><code> docker volume create portainer_data</code></pre>
3. Save the below recipe as portainer.yml
<pre><code>version: '3.2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
networks:
- proxy
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
networks:
proxy:
external: true
agent_network:
external: true
volumes:
data:</code></pre>
4. To setup and start working with this recipe, you need to change the VIRTUAL_HOST value.
5. You're now ready to deploy Portainer by executing the following:
<pre><code> docker stack deploy portainer -c portainer.yml</code></pre>
6. To check the deployment you can run <code> docker service ls</code> and you will see an output similar to the following:
<pre><code>ID NAME MODE REPLICAS IMAGE PORTS
gy2bjxid0g4p portainer_agent global 1/1 portainer/agent:latest
jwvjp5bux4sz portainer_nginx-proxy replicated 1/1 jwilder/nginx-proxy:latest *:80->80/tcp
5nflcvoxl3c7 portainer_portainer replicated 1/1 portainer/portainer-ce:2.0.0 *:8000->8000/tcp</code></pre>
Once the services are running, you can browse the url specified (e.g. portainer.yourdomain.com) to access Portainer.
### Deploying in a Kubernetes scenario
WIP
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

414
docs/v2.0-be/ad/traefik/rp-traefik.md
View File

@ -1,208 +1,208 @@
# Deploy Portainer behind Traefik Proxy
[Traefik Proxy](https://traefik.io/traefik/) is a reverse proxy and load balancing solution focused on micro services.
### Deploying in a Docker Standalone scenario
To deploy Portainer behind Traefik Proxy in a Docker standalone scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Traefik with SSL support and Portainer Server.
<pre><code>version: "3.3"
services:
traefik:
container_name: traefik
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --log.level=ERROR
- --certificatesresolvers.leresolver.acme.httpchallenge=true
- --certificatesresolvers.leresolver.acme.email=your-email #Set your email address here, is for the generation of SSL certificates with Let's Encrypt.
- --certificatesresolvers.leresolver.acme.storage=./acme.json
- --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./acme.json:/acme.json"
labels:
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
portainer:
image: portainer/portainer-ce:2.0.0
command: -H unix:///var/run/docker.sock
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
labels:
# Frontend
- "traefik.enable=true"
- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.frontend.entrypoints=websecure"
- "traefik.http.services.frontend.loadbalancer.server.port=9000"
- "traefik.http.routers.frontend.service=frontend"
- "traefik.http.routers.frontend.tls.certresolver=leresolver"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=websecure"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
- "traefik.http.routers.edge.tls.certresolver=leresolver"
volumes:
portainer_data:</code></pre>
Before you run this file in Docker you will need to create the <code>acme.json</code> file that will store the SSL certificates. Once it has been created you need to define the path of that file in the following sections:
In the volume and command section of the Traefik Proxy container
<pre><code>- "./acme.json:/acme.json"</code></pre>
<pre><code>- --certificatesresolvers.leresolver.acme.storage=./acme.json</code></pre>
You need to setup your email address for the registration with Let's Encrypt.
<pre><code>- --certificatesresolvers.leresolver.acme.email=your-email</code></pre>
Next, need to customize some labels in the Traefik container. The following labels need to be modified with the url that you want use to access Portainer.
<pre><code>- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"</code></pre>
<pre><code>- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"</code></pre>
After all this setup, you're ready to deploy Portainer:
<pre><code>docker-compose up -d</code></pre>
After the images have been downloaded and deployed you will able to access Portainer in the URL you defined earlier. Eg: <code>https://portainer.yourdomain.com</code>
This file also exists in [our repository on Github](https://github.com/portainer/portainer-compose/tree/master/traefik).
### Deploying in a Docker Swarm scenario
To deploy Portainer behind Traefik Proxy in a Docker Swarm scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Traefik with SSL support and Portainer Server.
Before deploying, you need to create 2 elements: Networks and volumes.
1. First, create 2 overlay networks:
<pre><code> docker network create -d overlay agent_network</code></pre>
<pre><code> docker network create -d overlay public</code></pre>
2. Then create the volume:
<pre><code> docker volume create portainer_data</code></pre>
3. Save the below recipe as portainer.yml
<pre><code>version: '3.2'
services:
traefik:
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=public
- --api
- --log.level=ERROR
ports:
- "80:80"
- "443:443"
networks:
- public
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
networks:
- public
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.portainer.entrypoints=web"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.service=portainer"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=web"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
networks:
public:
external: true
agent_network:
external: true
volumes:
data:
</code></pre>
4. Before you can deploy, you need to customize these labels to match the URL that you want.
<pre><code>- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"</code></pre>
<pre><code>- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"</code></pre>
5. You're now ready to deploy Portainer by executing the following:
<pre><code> docker stack deploy portainer -c portainer.yml</code></pre>
6. To check the deployment you can run <code> docker service ls</code> and you will see an output similar to the following:
<pre><code>ID NAME MODE REPLICAS IMAGE PORTS
lt21zrypsll6 portainer_agent global 1/1 portainer/agent:latest
m6912ynwdcd7 portainer_portainer replicated 1/1 portainer/portainer-ce:2.0.0
tw2nb4i640e4 portainer_traefik replicated 1/1 traefik:latest *:80->80/tcp, *:443->443/tcp</code></pre>
Once the services are running, you can browse the URL specified (e.g. portainer.yourdomain.com) to access Portainer.
### Deploying in a Kubernetes scenario
WIP
## :material-note-text: Notes
# Deploy Portainer behind Traefik Proxy
[Traefik Proxy](https://traefik.io/traefik/) is a reverse proxy and load balancing solution focused on micro services.
### Deploying in a Docker Standalone scenario
To deploy Portainer behind Traefik Proxy in a Docker standalone scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Traefik with SSL support and Portainer Server.
<pre><code>version: "3.3"
services:
traefik:
container_name: traefik
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --log.level=ERROR
- --certificatesresolvers.leresolver.acme.httpchallenge=true
- --certificatesresolvers.leresolver.acme.email=your-email #Set your email address here, is for the generation of SSL certificates with Let's Encrypt.
- --certificatesresolvers.leresolver.acme.storage=./acme.json
- --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./acme.json:/acme.json"
labels:
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
portainer:
image: portainer/portainer-ce:2.0.0
command: -H unix:///var/run/docker.sock
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
labels:
# Frontend
- "traefik.enable=true"
- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.frontend.entrypoints=websecure"
- "traefik.http.services.frontend.loadbalancer.server.port=9000"
- "traefik.http.routers.frontend.service=frontend"
- "traefik.http.routers.frontend.tls.certresolver=leresolver"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=websecure"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
- "traefik.http.routers.edge.tls.certresolver=leresolver"
volumes:
portainer_data:</code></pre>
Before you run this file in Docker you will need to create the <code>acme.json</code> file that will store the SSL certificates. Once it has been created you need to define the path of that file in the following sections:
In the volume and command section of the Traefik Proxy container
<pre><code>- "./acme.json:/acme.json"</code></pre>
<pre><code>- --certificatesresolvers.leresolver.acme.storage=./acme.json</code></pre>
You need to setup your email address for the registration with Let's Encrypt.
<pre><code>- --certificatesresolvers.leresolver.acme.email=your-email</code></pre>
Next, need to customize some labels in the Traefik container. The following labels need to be modified with the url that you want use to access Portainer.
<pre><code>- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"</code></pre>
<pre><code>- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"</code></pre>
After all this setup, you're ready to deploy Portainer:
<pre><code>docker-compose up -d</code></pre>
After the images have been downloaded and deployed you will able to access Portainer in the URL you defined earlier. Eg: <code>https://portainer.yourdomain.com</code>
This file also exists in [our repository on Github](https://github.com/portainer/portainer-compose/tree/master/traefik).
### Deploying in a Docker Swarm scenario
To deploy Portainer behind Traefik Proxy in a Docker Swarm scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Traefik with SSL support and Portainer Server.
Before deploying, you need to create 2 elements: Networks and volumes.
1. First, create 2 overlay networks:
<pre><code> docker network create -d overlay agent_network</code></pre>
<pre><code> docker network create -d overlay public</code></pre>
2. Then create the volume:
<pre><code> docker volume create portainer_data</code></pre>
3. Save the below recipe as portainer.yml
<pre><code>version: '3.2'
services:
traefik:
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=public
- --api
- --log.level=ERROR
ports:
- "80:80"
- "443:443"
networks:
- public
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
networks:
- public
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.portainer.entrypoints=web"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.service=portainer"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=web"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
networks:
public:
external: true
agent_network:
external: true
volumes:
data:
</code></pre>
4. Before you can deploy, you need to customize these labels to match the URL that you want.
<pre><code>- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"</code></pre>
<pre><code>- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"</code></pre>
5. You're now ready to deploy Portainer by executing the following:
<pre><code> docker stack deploy portainer -c portainer.yml</code></pre>
6. To check the deployment you can run <code> docker service ls</code> and you will see an output similar to the following:
<pre><code>ID NAME MODE REPLICAS IMAGE PORTS
lt21zrypsll6 portainer_agent global 1/1 portainer/agent:latest
m6912ynwdcd7 portainer_portainer replicated 1/1 portainer/portainer-ce:2.0.0
tw2nb4i640e4 portainer_traefik replicated 1/1 traefik:latest *:80->80/tcp, *:443->443/tcp</code></pre>
Once the services are running, you can browse the URL specified (e.g. portainer.yourdomain.com) to access Portainer.
### Deploying in a Kubernetes scenario
WIP
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

506
docs/v2.0-be/deploy/beinstalldocker.md
View File

@ -1,254 +1,254 @@
---
hide: toc
---
# :fontawesome-brands-docker: Deploying Portainer Business in Docker
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine or within a Swarm cluster. Due to the nature of Docker, there are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
Note that the recommended deployment mode when using Swarm is using the Portainer Agent.
By default, Portainer will expose the UI over the port `#!Ruby 9000` and expose a TCP tunnel server over the port `#!Ruby 8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0-be/deploy/requirements/).
## :fontawesome-solid-paper-plane: Portainer Deployment
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see Portainer and agent scenario below):
=== "Docker on Linux"
!!! Abstract ""
### Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest
```
### Portainer Agent Only Deployment
Run the following command to deploy the Agent in your Docker host.
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent:2.0.0
```
=== "Docker on Windows WSL"
!!! Abstract ""
Before you can deploy Portainer in Docker Standalone running in Windows, you need to install WSL. [Read this guide to know more about WSL/WSL2](https://docs.microsoft.com/en-us/windows/wsl/install-win10){target=_blank}
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see portainer and agent scenario below):
### Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest
```
### Portainer Agent Only Deployment
Run the following command to deploy the Agent in your Docker host.
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent:2.0.0
```
=== "Docker on Windows Container Service"
!!! Abstract ""
To run Portainer in a Windows Server/Desktop Environment, you need to create exceptions in the firewall. These, can be easy added trough PowerShell, running the following commands:
```PowerShell
netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
```
```PowerShell
netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
```
```PowerShell
netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
```
```PowerShell
netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
```
```PowerShell
netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
```
```PowerShell
netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
```
You also need to install Windows Container Host Service and Install Docker.
```PowerShell
Enable-WindowsOptionalFeature -Online -FeatureName containers -All
```
```PowerShell
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
```
```PowerShell
Install-Package -Name docker -ProviderName DockerMsftProvider
```
Lastly, you need to restart your Windows Server. After it has restarted, you're ready to deploy Portainer.
### Portainer Server Deployment
```PowerShell
docker volume create portainer_data
```
```PowerShell
docker run -d -p 9000:9000 --name portainer --restart always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine -v portainer_data:C:\data portainer/portainer-ee:latest
```
Now, you can navigate to http://localhost:9000 or the IP of the server and start using Portainer.
### Portainer Agent Only Deployment
To run Portainer Agent in a Windows Container scenario, you need to execute the following commands:
```PowerShell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine portainer/agent:2.0.0
```
??? Tip "Advanced Options"
# CLI Configuration Options
Portainer can be easily tuned using CLI flags.
## Admin password
### From the command line
Portainer allows you to specify a bcrypt encrypted password from the command line for the admin account. You need to generate the bcrypt encrypted password first.
You can generate the encrypted password with the following command if you have installed apache2-utils package:
```shell
htpasswd -nb -B admin "your-password" | cut -d ":" -f 2
```
If your system does not have the mentioned command, you can run a container to run the command:
```shell
docker run --rm httpd:2.4-alpine htpasswd -nbB admin "your-password" | cut -d ":" -f 2
```
To specify the admin password from the command line, start Portainer with the <code>--admin-password</code> flag:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --admin-password='$2y$05$8oz75U8m5tI/xT4P0NbSHeE7WyRzOWKRBprfGotwDkhBOGP/u802u'
```
### Inside a file
You can also store the plaintext password inside a file and use the <code>--admin-password-file</code> flag:
Add your password to a file running the following command:
```shell
echo -n mypassword > /tmp/portainer_password
```
Now you can start the Portainer container by running:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/portainer_password:/tmp/portainer_password portainer/portainer-ce --admin-password-file /tmp/portainer_password
```
This works well with Docker Swarm and Docker secrets too:
```shell
echo -n mypassword | docker secret create portainer-pass -
```
```shell
docker service create \
--name portainer \
--secret portainer-pass \
--publish 9000:9000 \
--publish 8000:8000 \
--replicas=1 \
--constraint 'node.role == manager' \
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
portainer/portainer-ce \
--admin-password-file '/run/secrets/portainer-pass' \
-H unix:///var/run/docker.sock
```
Note: This will automatically create an administrator account called admin with the specified password.
## Hiding specific containers
Portainer allows you to hide containers with a specific label by using the -l flag.
For example, take a container started with the label owner=acme (note that this is an example label, you can define your own labels):
```shell
docker run -d --label owner=acme nginx
```
To hide this container, simply add the -l owner=acme option on the CLI when starting Portainer:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce -l owner=acme
```
Note that the -l flag can be repeated multiple times to specify multiple labels:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce -l owner=acme -l service=secret
```
## Use your own logo
You do not like our logo? Want to make Portainer more corporate? Dont worry, you can easily switch for an external logo (it must be exactly 155px by 55px) using the <code>--logo flag</code>:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --logo "https://www.docker.com/sites/all/themes/docker/assets/images/brand-full.svg"
```
This can also be completed via the GUI in the Portaner Settings menu
## Use your own templates
Portainer allows you to rapidly deploy containers using App Templates.
By default Portainer templates will be used but you can also define your own templates.
Note: at the moment, templates are only loaded once at first Portainer startup. If you already deployed a Portainer instance and want to use your own templates after this, youll need to clear any existing templates (default templates) via the HTTP API.
Using the <code>--templates</code> flag you can specify an URL where the template file can be accessed via HTTP.
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --templates http://my-host.my-domain/templates.json
```
Suggestion: You can host your template files in [Github](https://www.github.com)
## Available flags
The following CLI flags are available:
* <code>--admin-password</code>: Specify a bcrypt hashed password for the admin user
* <code>--admin-password-file</code>: Path to the file containing the password for the admin user
* <code>--bind, -p</code>: Address and port to serve Portainer (default: :9000)
* <code>--data, -d</code>: Directory where Portainer data will be stored (default: /data on Linux, C:\data on Windows)
* <code>--edge-compute</code>: Automatically enable edge-compute features
* <code>--hide-label, -l</code>: Hide containers with a specific label in the UI
* <code>--host, -H</code>: Docker daemon endpoint
* <code>--logo</code>: URL to a picture to be displayed as a logo in the UI, use Portainer logo if not specified
* <code>--snapshot-interval</code>: Time interval between two endpoint snapshot jobs expressed as a string, e.g. 30s, 5m, 1h… as supported by the time.ParseDuration method (default: 5m)
* <code>--ssl</code>: Secure Portainer instance using SSL (default: false)
* <code>--sslcert</code>: Path to the SSL certificate used to secure the Portainer instance (default: /certs/portainer.crt, C:\certs\portainer.crt on Windows)
* <code>--sslkey</code>: Path to the SSL key used to secure the Portainer instance (default: /certs/portainer.key, C:\certs\portainer.key on Windows)
* <code>--templates, -t</code>: URL to templates (apps) definitions
* <code>--tlscacert</code>: Path to the CA (default: /certs/ca.pem on Linux, C:\certs\ca.pem on Windows)
* <code>--tlscert</code>: Path to the TLS certificate file (default: /certs/cert.pem, C:\certs\cert.pem on Windows)
* <code>--tlskey</code>: Path to the TLS key (default: /certs/key.pem, C:\certs\key.pem on Windows)
* <code>--tlsverify</code>: TLS support (default: false)
* <code>--tunnel-port</code>: Specify an alternate tunnel port to use with the Edge agent. Use --tunnel-port 8001 with -p 8001:8001 to make the Edge agent communicate on port 8001
<br>
## :material-note-text: Notes
---
hide: toc
---
# :fontawesome-brands-docker: Deploying Portainer Business in Docker
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine or within a Swarm cluster. Due to the nature of Docker, there are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
Note that the recommended deployment mode when using Swarm is using the Portainer Agent.
By default, Portainer will expose the UI over the port `#!Ruby 9000` and expose a TCP tunnel server over the port `#!Ruby 8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0-be/deploy/requirements/).
## :fontawesome-solid-paper-plane: Portainer Deployment
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see Portainer and agent scenario below):
=== "Docker on Linux"
!!! Abstract ""
### Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest
```
### Portainer Agent Only Deployment
Run the following command to deploy the Agent in your Docker host.
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent:2.0.0
```
=== "Docker on Windows WSL / Docker Desktop"
!!! Abstract ""
Before you can deploy Portainer in Docker Standalone running in Windows, you need to install WSL. [Read this guide to know more about WSL/WSL2](https://docs.microsoft.com/en-us/windows/wsl/install-win10){target=_blank}
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see portainer and agent scenario below):
### Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest
```
### Portainer Agent Only Deployment
Run the following command to deploy the Agent in your Docker host.
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent:2.0.0
```
=== "Docker on Windows Container Service"
!!! Abstract ""
To run Portainer in a Windows Server/Desktop Environment, you need to create exceptions in the firewall. These, can be easy added trough PowerShell, running the following commands:
```PowerShell
netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
```
```PowerShell
netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
```
```PowerShell
netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
```
```PowerShell
netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
```
```PowerShell
netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
```
```PowerShell
netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
```
You also need to install Windows Container Host Service and Install Docker.
```PowerShell
Enable-WindowsOptionalFeature -Online -FeatureName containers -All
```
```PowerShell
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
```
```PowerShell
Install-Package -Name docker -ProviderName DockerMsftProvider
```
Lastly, you need to restart your Windows Server. After it has restarted, you're ready to deploy Portainer.
### Portainer Server Deployment
```PowerShell
docker volume create portainer_data
```
```PowerShell
docker run -d -p 9000:9000 --name portainer --restart always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine -v portainer_data:C:\data portainer/portainer-ee:latest
```
Now, you can navigate to http://localhost:9000 or the IP of the server and start using Portainer.
### Portainer Agent Only Deployment
To run Portainer Agent in a Windows Container scenario, you need to execute the following commands:
```PowerShell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine portainer/agent:2.0.0
```
??? Tip "Advanced Options"
# CLI Configuration Options
Portainer can be easily tuned using CLI flags.
## Admin password
### From the command line
Portainer allows you to specify a bcrypt encrypted password from the command line for the admin account. You need to generate the bcrypt encrypted password first.
You can generate the encrypted password with the following command if you have installed apache2-utils package:
```shell
htpasswd -nb -B admin "your-password" | cut -d ":" -f 2
```
If your system does not have the mentioned command, you can run a container to run the command:
```shell
docker run --rm httpd:2.4-alpine htpasswd -nbB admin "your-password" | cut -d ":" -f 2
```
To specify the admin password from the command line, start Portainer with the <code>--admin-password</code> flag:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --admin-password='$2y$05$8oz75U8m5tI/xT4P0NbSHeE7WyRzOWKRBprfGotwDkhBOGP/u802u'
```
### Inside a file
You can also store the plaintext password inside a file and use the <code>--admin-password-file</code> flag:
Add your password to a file running the following command:
```shell
echo -n mypassword > /tmp/portainer_password
```
Now you can start the Portainer container by running:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/portainer_password:/tmp/portainer_password portainer/portainer-ce --admin-password-file /tmp/portainer_password
```
This works well with Docker Swarm and Docker secrets too:
```shell
echo -n mypassword | docker secret create portainer-pass -
```
```shell
docker service create \
--name portainer \
--secret portainer-pass \
--publish 9000:9000 \
--publish 8000:8000 \
--replicas=1 \
--constraint 'node.role == manager' \
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
portainer/portainer-ce \
--admin-password-file '/run/secrets/portainer-pass' \
-H unix:///var/run/docker.sock
```
Note: This will automatically create an administrator account called admin with the specified password.
## Hiding specific containers
Portainer allows you to hide containers with a specific label by using the -l flag.
For example, take a container started with the label owner=acme (note that this is an example label, you can define your own labels):
```shell
docker run -d --label owner=acme nginx
```
To hide this container, simply add the -l owner=acme option on the CLI when starting Portainer:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce -l owner=acme
```
Note that the -l flag can be repeated multiple times to specify multiple labels:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce -l owner=acme -l service=secret
```
## Use your own logo
You do not like our logo? Want to make Portainer more corporate? Dont worry, you can easily switch for an external logo (it must be exactly 155px by 55px) using the <code>--logo flag</code>:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --logo "https://www.docker.com/sites/all/themes/docker/assets/images/brand-full.svg"
```
This can also be completed via the GUI in the Portaner Settings menu
## Use your own templates
Portainer allows you to rapidly deploy containers using App Templates.
By default Portainer templates will be used but you can also define your own templates.
Note: at the moment, templates are only loaded once at first Portainer startup. If you already deployed a Portainer instance and want to use your own templates after this, youll need to clear any existing templates (default templates) via the HTTP API.
Using the <code>--templates</code> flag you can specify an URL where the template file can be accessed via HTTP.
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --templates http://my-host.my-domain/templates.json
```
Suggestion: You can host your template files in [Github](https://www.github.com)
## Available flags
The following CLI flags are available:
* <code>--admin-password</code>: Specify a bcrypt hashed password for the admin user
* <code>--admin-password-file</code>: Path to the file containing the password for the admin user
* <code>--bind, -p</code>: Address and port to serve Portainer (default: :9000)
* <code>--data, -d</code>: Directory where Portainer data will be stored (default: /data on Linux, C:\data on Windows)
* <code>--edge-compute</code>: Automatically enable edge-compute features
* <code>--hide-label, -l</code>: Hide containers with a specific label in the UI
* <code>--host, -H</code>: Docker daemon endpoint
* <code>--logo</code>: URL to a picture to be displayed as a logo in the UI, use Portainer logo if not specified
* <code>--snapshot-interval</code>: Time interval between two endpoint snapshot jobs expressed as a string, e.g. 30s, 5m, 1h… as supported by the time.ParseDuration method (default: 5m)
* <code>--ssl</code>: Secure Portainer instance using SSL (default: false)
* <code>--sslcert</code>: Path to the SSL certificate used to secure the Portainer instance (default: /certs/portainer.crt, C:\certs\portainer.crt on Windows)
* <code>--sslkey</code>: Path to the SSL key used to secure the Portainer instance (default: /certs/portainer.key, C:\certs\portainer.key on Windows)
* <code>--templates, -t</code>: URL to templates (apps) definitions
* <code>--tlscacert</code>: Path to the CA (default: /certs/ca.pem on Linux, C:\certs\ca.pem on Windows)
* <code>--tlscert</code>: Path to the TLS certificate file (default: /certs/cert.pem, C:\certs\cert.pem on Windows)
* <code>--tlskey</code>: Path to the TLS key (default: /certs/key.pem, C:\certs\key.pem on Windows)
* <code>--tlsverify</code>: TLS support (default: false)
* <code>--tunnel-port</code>: Specify an alternate tunnel port to use with the Edge agent. Use --tunnel-port 8001 with -p 8001:8001 to make the Edge agent communicate on port 8001
<br>
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

518
docs/v2.0-be/deploy/beinstallk8s.md
View File

@ -1,260 +1,260 @@
---
hide: toc
---
# :material-kubernetes: Deploying Portainer Business in Kubernetes
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine. There are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
By default, Portainer will expose the UI over the port `#!Ruby 9000` and expose a TCP tunnel server over the port `#!Ruby 8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0-be/deploy/requirements/).
## :fontawesome-solid-paper-plane: Portainer Deployment
---
### :material-list-status: Pre-Req Note:
Portainer requires data persistence, and as a result needs at least one storage-class available to use. Portainer will attempt to use the "default" storage class during deployment. If you do NOT have a storage class tagged as "default" the deployment will likely fail.
You can check if you have a default storage class by running:
```shell
kubectl get sc
```
and looking for a storage class with (default) after its name:
![defaultsc](assets/defaultsc.png)
```shell
kubectl patch storageclass <storage-class-name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
```
and replace <storage-class-name> with the name of your storage class
Example: `kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'`
Alternatively, if installing using our helm chart you can add the following option with helm install:
```shell
--set persistence.storageClass=<storage-class-name>
```
---
<br>
**To deploy Portainer within a Kubernetes cluster, you can either use our HELM chart, or our provided manifests.**
=== "Deploy using Helm"
!!! Abstract ""
### :fontawesome-solid-server: Portainer Server Deployment
Ensure you're using at least helm v3.2, which [includes support](https://github.com/helm/helm/pull/7648) for the `--create-namespace` argument.
First, add the Portainer helm repo running the following:
```shell
helm repo add portainer https://portainer.github.io/k8s/
```
```shell
helm repo update
```
Based on how you would like expose Portainer Service, Select an option below
=== "NodePort"
Using the following command, Portainer will be available on port 30777.
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
--set enterpriseEdition.enabled=true
```
=== "Ingress"
Using the following command, Poratainer service will be assigned a Cluster IP. You should use this with an Ingress, see Chart Configuration Options for Ingress related options.
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
--set enterpriseEdition.enabled=true \
--set service.type=ClusterIP
```
??? Hint "Example Deployment with Nginx Ingress"
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
--set enterpriseEdition.enabled=true \
--set service.type=ClusterIP \
-- set ingress.enabled=true \
-- set ingress.annotations='kubernetes.io/ingress.class: nginx' \
-- set ingress.hosts.host=portainer.example.io
=== "LoadBalancer"
Using the following command, Portainer will be available at an assigned LoadBalancer IP @ port 9000.
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
--set enterpriseEdition.enabled=true \
--set service.type=LoadBalancer
```
??? Note "Chart Configuration Options"
The following table lists the configurable parameters of the Portainer chart and their default values. The values file can be found under `deploy/helm/portainer/values.yaml`.
*The parameters will be keep updating.*
| Parameter | Description | Default |
| - | - | - |
| `replicaCount` | Number of Portainer service replicas (ALWAYS set to 1) | `1` |
| `image.repository` | Portainer Docker Hub repository | `portainer/portainer-ce` |
| `image.tag` | Tag for the Portainer image | `latest` |
| `image.pullPolicy` | Portainer image pulling policy | `IfNotPresent` |
| `imagePullSecrets` | If Portainer image requires to be in a private repository | `nil` |
| `nodeSelector` | Used to apply a nodeSelector to the deployment | `{}` |
| `serviceAccount.annotations` | Annotations to add to the service account | `null` |
| `serviceAccount.name` | The name of the service account to use | `portainer-sa-clusteradmin` |
| `service.type` | Service Type for the main Portainer Service; ClusterIP, NodePort and LoadBalancer | `LoadBalancer` |
| `service.httpPort` | HTTP port for accessing Portainer Web | `9000` |
| `service.httpNodePort` | Static NodePort for accessing Portainer Web. Specify only if the type is NodePort | `30777` |
| `service.edgePort` | TCP port for accessing Portainer Edge | `8000` |
| `service.edgeNodePort` | Static NodePort for accessing Portainer Edge. Specify only if the type is NodePort | `30776` |
| `service.annotations` | Annotations to add to the service | `{}` |
| `ingress.enabled` | Create an ingress for Portainer | `false` |
| `ingress.annotations` | Annotations to add to the ingress. For instane, `kubernetes.io/ingress.class: nginx` | `{}` |
| `ingress.hosts.host` | URL for Portainer Web. For instance, `portainer.example.io` | `nil` |
| `ingress.hosts.paths.path` | Path for the Portainer Web. | `/` |
| `ingress.hosts.paths.port` | Port for the Portainer Web. | `9000` |
| `ingress.tls` | TLS support on ingress. Must create a secret with TLS certificates in advance | `[]` |
| `resources` | Portainer resource requests and limits | `{}` |
| `persistence.enabled` | Whether to enable data persistence | `true` |
| `persistence.existingClaim` | Name of an existing PVC to use for data persistence | `nil` |
| `persistence.size` | Size of the PVC used for persistence | `10Gi` |
| `persistence.annotations` | Annotations to apply to PVC used for persistence | `{}` |
| `persistence.storageClass` | StorageClass to apply to PVC used for persistence | `default` |
| `persistence.accessMode` | AccessMode for persistence | `ReadWriteOnce` |
| `persistence.selector` | Selector for persistence | `nil` |
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Helm chart for Agent Only Deployments will be available soon.
In the mean time please head over to YAML Manifests tab.
=== "Deploy using YAML Manifests"
!!! Abstract ""
### :fontawesome-solid-server: Portainer Server Deployment
Based on how you would like expose Portainer Service, Select an option below
=== "NodePort"
Using the following command, Portainer will be available on port 30777.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-ee.yaml
```
=== "LoadBalancer"
Using the following command, Portainer will be available at an assigned LoadBalancer IP @ port 9000.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-lb-ee.yaml
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Choose one of the tabs below based on how you would like to expose the agent.
=== "NodePort"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on port 30778.
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-nodeport.yaml
```
=== "LoadBalancer"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on LoadBalancer assigned IP @ port 9001
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-lb.yaml
```
=== "Deploy on Windows WSL"
!!!Abstract ""
You can deploy Portainer in a Kubernetes environment in Windows using Docker Desktop.
!!! Note
This scenario is for testing purpose only.
### Enable Kubernetes in Docker Desktop
To enable Kubernetes in Docker Desktop, you need to open the dashboard of Docker Desktop. Right click the Docker icon in the system tray and click "dashboard"
![dashboard](assets/windows10-1.png)
Click Settings:
![settings](assets/windows10-2.png)
1. Select Kubernetes 2. Select 'Enable Kubernetes' 3. Click 'Apply and Restart'.
![kubernetes](assets/windows10-3.png)
After a few minutes, you will see that Kubernetes is running:
![kubernetes_running](assets/windows10-4.png)
### :fontawesome-solid-server: Portainer Server Deployment
Based on how you would like expose Portainer Service, Select an option below
=== "NodePort"
Using the following command, Portainer will be available on port 30777.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-ee.yaml
```
=== "LoadBalancer"
Using the following command, Portainer will be available at an assigned LoadBalancer IP @ port 9000.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-lb-ee.yaml
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Choose one of the tabs below based on how you would like to expose the agent.
=== "NodePort"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on port 30778.
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-nodeport.yaml
```
=== "LoadBalancer"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on LoadBalancer assigned IP @ port 9001
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-lb.yaml
```
---
???+ Tip "Regarding Persisting Data"
The charts/manifests will create a persistent volume for storing Portainer data, using the default StorageClass.
In some Kubernetes clusters (microk8s), the default Storage Class simply creates hostPath volumes, which are not explicitly tied to a particular node. In a multi-node cluster, this can create an issue when the pod is terminated and rescheduled on a different node, "leaving" all the persistent data behind and starting the pod with an "empty" volume.
While this behaviour is inherently a limitation of using hostPath volumes, a suitable workaround is to use add a nodeSelector to the deployment, which effectively "pins" the portainer pod to a particular node.
The nodeSelector can be added in the following ways:
1. Edit your own values.yaml and set the value of nodeSelector like this:
nodeSelector: kubernetes.io/hostname: \<YOUR NODE NAME>
2. Explicictly set the target node when deploying/updating the helm chart on the CLI, by including `--set nodeSelector.kubernetes.io/hostname=<YOUR NODE NAME>`
3. If you've deployed Portainer via manifests, without Helm, run the following one-liner to "patch" the deployment, forcing the pod to always be scheduled on the node it's currently running on:
kubectl patch deployments -n portainer portainer -p '{"spec": {"template": {"spec": {"nodeSelector": {"kubernetes.io/hostname": "'$(kubectl get pods -n portainer -o jsonpath='{ ..nodeName }')'"}}}}}' || (echo Failed to identify current node of portainer pod; exit 1)
<br>
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}
---
hide: toc
---
# :material-kubernetes: Deploying Portainer Business in Kubernetes
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine. There are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
By default, Portainer will expose the UI over the port `#!Ruby 9000` and expose a TCP tunnel server over the port `#!Ruby 8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0-be/deploy/requirements/).
## :fontawesome-solid-paper-plane: Portainer Deployment
---
### :material-list-status: Pre-Req Note:
Portainer requires data persistence, and as a result needs at least one storage-class available to use. Portainer will attempt to use the "default" storage class during deployment. If you do NOT have a storage class tagged as "default" the deployment will likely fail.
You can check if you have a default storage class by running:
```shell
kubectl get sc
```
and looking for a storage class with (default) after its name:
![defaultsc](assets/defaultsc.png)
```shell
kubectl patch storageclass <storage-class-name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
```
and replace <storage-class-name> with the name of your storage class
Example: `kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'`
Alternatively, if installing using our helm chart you can add the following option with helm install:
```shell
--set persistence.storageClass=<storage-class-name>
```
---
<br>
**To deploy Portainer within a Kubernetes cluster, you can either use our HELM chart, or our provided manifests.**
=== "Deploy using Helm"
!!! Abstract ""
### :fontawesome-solid-server: Portainer Server Deployment
Ensure you're using at least helm v3.2, which [includes support](https://github.com/helm/helm/pull/7648) for the `--create-namespace` argument.
First, add the Portainer helm repo running the following:
```shell
helm repo add portainer https://portainer.github.io/k8s/
```
```shell
helm repo update
```
Based on how you would like expose Portainer Service, Select an option below
=== "NodePort"
Using the following command, Portainer will be available on port 30777.
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
--set enterpriseEdition.enabled=true
```
=== "Ingress"
Using the following command, Poratainer service will be assigned a Cluster IP. You should use this with an Ingress, see Chart Configuration Options for Ingress related options.
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
--set enterpriseEdition.enabled=true \
--set service.type=ClusterIP
```
??? Hint "Example Deployment with Nginx Ingress"
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
--set enterpriseEdition.enabled=true \
--set service.type=ClusterIP \
-- set ingress.enabled=true \
-- set ingress.annotations='kubernetes.io/ingress.class: nginx' \
-- set ingress.hosts.host=portainer.example.io
=== "LoadBalancer"
Using the following command, Portainer will be available at an assigned LoadBalancer IP @ port 9000.
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
--set enterpriseEdition.enabled=true \
--set service.type=LoadBalancer
```
??? Note "Chart Configuration Options"
The following table lists the configurable parameters of the Portainer chart and their default values. The values file can be found under `deploy/helm/portainer/values.yaml`.
*The parameters will be keep updating.*
| Parameter | Description | Default |
| - | - | - |
| `replicaCount` | Number of Portainer service replicas (ALWAYS set to 1) | `1` |
| `image.repository` | Portainer Docker Hub repository | `portainer/portainer-ce` |
| `image.tag` | Tag for the Portainer image | `latest` |
| `image.pullPolicy` | Portainer image pulling policy | `IfNotPresent` |
| `imagePullSecrets` | If Portainer image requires to be in a private repository | `nil` |
| `nodeSelector` | Used to apply a nodeSelector to the deployment | `{}` |
| `serviceAccount.annotations` | Annotations to add to the service account | `null` |
| `serviceAccount.name` | The name of the service account to use | `portainer-sa-clusteradmin` |
| `service.type` | Service Type for the main Portainer Service; ClusterIP, NodePort and LoadBalancer | `LoadBalancer` |
| `service.httpPort` | HTTP port for accessing Portainer Web | `9000` |
| `service.httpNodePort` | Static NodePort for accessing Portainer Web. Specify only if the type is NodePort | `30777` |
| `service.edgePort` | TCP port for accessing Portainer Edge | `8000` |
| `service.edgeNodePort` | Static NodePort for accessing Portainer Edge. Specify only if the type is NodePort | `30776` |
| `service.annotations` | Annotations to add to the service | `{}` |
| `ingress.enabled` | Create an ingress for Portainer | `false` |
| `ingress.annotations` | Annotations to add to the ingress. For instane, `kubernetes.io/ingress.class: nginx` | `{}` |
| `ingress.hosts.host` | URL for Portainer Web. For instance, `portainer.example.io` | `nil` |
| `ingress.hosts.paths.path` | Path for the Portainer Web. | `/` |
| `ingress.hosts.paths.port` | Port for the Portainer Web. | `9000` |
| `ingress.tls` | TLS support on ingress. Must create a secret with TLS certificates in advance | `[]` |
| `resources` | Portainer resource requests and limits | `{}` |
| `persistence.enabled` | Whether to enable data persistence | `true` |
| `persistence.existingClaim` | Name of an existing PVC to use for data persistence | `nil` |
| `persistence.size` | Size of the PVC used for persistence | `10Gi` |
| `persistence.annotations` | Annotations to apply to PVC used for persistence | `{}` |
| `persistence.storageClass` | StorageClass to apply to PVC used for persistence | `default` |
| `persistence.accessMode` | AccessMode for persistence | `ReadWriteOnce` |
| `persistence.selector` | Selector for persistence | `nil` |
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Helm chart for Agent Only Deployments will be available soon.
In the mean time please head over to YAML Manifests tab.
=== "Deploy using YAML Manifests"
!!! Abstract ""
### :fontawesome-solid-server: Portainer Server Deployment
Based on how you would like expose Portainer Service, Select an option below
=== "NodePort"
Using the following command, Portainer will be available on port 30777.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-ee.yaml
```
=== "LoadBalancer"
Using the following command, Portainer will be available at an assigned LoadBalancer IP @ port 9000.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-lb-ee.yaml
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Choose one of the tabs below based on how you would like to expose the agent.
=== "NodePort"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on port 30778.
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-nodeport.yaml
```
=== "LoadBalancer"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on LoadBalancer assigned IP @ port 9001
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-lb.yaml
```
=== "Deploy on Windows WSL / Docker Desktop"
!!!Abstract ""
You can deploy Portainer in a Kubernetes environment in Windows using Docker Desktop.
!!! Note
This scenario is for testing purpose only.
### Enable Kubernetes in Docker Desktop
To enable Kubernetes in Docker Desktop, you need to open the dashboard of Docker Desktop. Right click the Docker icon in the system tray and click "dashboard"
![dashboard](assets/windows10-1.png)
Click Settings:
![settings](assets/windows10-2.png)
1. Select Kubernetes 2. Select 'Enable Kubernetes' 3. Click 'Apply and Restart'.
![kubernetes](assets/windows10-3.png)
After a few minutes, you will see that Kubernetes is running:
![kubernetes_running](assets/windows10-4.png)
### :fontawesome-solid-server: Portainer Server Deployment
Based on how you would like expose Portainer Service, Select an option below
=== "NodePort"
Using the following command, Portainer will be available on port 30777.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-ee.yaml
```
=== "LoadBalancer"
Using the following command, Portainer will be available at an assigned LoadBalancer IP @ port 9000.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-lb-ee.yaml
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Choose one of the tabs below based on how you would like to expose the agent.
=== "NodePort"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on port 30778.
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-nodeport.yaml
```
=== "LoadBalancer"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on LoadBalancer assigned IP @ port 9001
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-lb.yaml
```
---
???+ Tip "Regarding Persisting Data"
The charts/manifests will create a persistent volume for storing Portainer data, using the default StorageClass.
In some Kubernetes clusters (microk8s), the default Storage Class simply creates hostPath volumes, which are not explicitly tied to a particular node. In a multi-node cluster, this can create an issue when the pod is terminated and rescheduled on a different node, "leaving" all the persistent data behind and starting the pod with an "empty" volume.
While this behaviour is inherently a limitation of using hostPath volumes, a suitable workaround is to use add a nodeSelector to the deployment, which effectively "pins" the portainer pod to a particular node.
The nodeSelector can be added in the following ways:
1. Edit your own values.yaml and set the value of nodeSelector like this:
nodeSelector: kubernetes.io/hostname: \<YOUR NODE NAME>
2. Explicictly set the target node when deploying/updating the helm chart on the CLI, by including `--set nodeSelector.kubernetes.io/hostname=<YOUR NODE NAME>`
3. If you've deployed Portainer via manifests, without Helm, run the following one-liner to "patch" the deployment, forcing the pod to always be scheduled on the node it's currently running on:
kubectl patch deployments -n portainer portainer -p '{"spec": {"template": {"spec": {"nodeSelector": {"kubernetes.io/hostname": "'$(kubectl get pods -n portainer -o jsonpath='{ ..nodeName }')'"}}}}}' || (echo Failed to identify current node of portainer pod; exit 1)
<br>
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}
<!-- {{ snippet('https://github.com/portainer/k8s.git', 'charts/portainer/README.md', '# Chart Configuration') }} -->

318
docs/v2.0-be/deploy/beinstallswarm.md
View File

@ -1,160 +1,160 @@
---
hide: toc
---
# :fontawesome-brands-docker: Deploying Portainer Business in Docker Swarm
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine or within a Swarm cluster. Due to the nature of Docker, there are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
Note that the recommended deployment mode when using Swarm is using the Portainer Agent.
By default, Portainer will expose the UI over the port `#!Ruby 9000` and expose a TCP tunnel server over the port `#!Ruby 8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0-be/deploy/requirements/).
## :fontawesome-solid-paper-plane: Portainer Deployment
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see Portainer and agent scenario below):
=== "Docker Swarm on Linux"
!!! Abstract ""
### Portainer Server Deployment
Deploying Portainer and the Portainer Agent to manage a Swarm cluster is easy! You can directly deploy Portainer as a service in your Docker cluster. Note that this method will automatically deploy a single instance of the Portainer Server, and deploy the Portainer Agent as a global service on every node in your cluster.
```shell
curl -L https://downloads.portainer.io/portainer-ee-agent-stack.yml -o portainer-agent-stack.yml
```
```shell
docker stack deploy -c portainer-agent-stack.yml portainer
```
<b>Note</b>: By default this stack doesn't enable Host Management Features, you need to enable from the UI of Portainer.
### Portainer Agent Only Deployment
Deploy Portainer Agent on a remote LINUX Swarm Cluster as a Swarm Service, run this command on a manager node in the remote cluster.
First create the network:
```shell
docker network create portainer_agent_network
```
The following step to deploy the Agent:
```shell
docker service create --name portainer_agent --network portainer_agent_network --publish mode=host,target=9001,published=9001 -e AGENT_CLUSTER_ADDR=tasks.portainer_agent --mode global --mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock --mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes --mount type=bind,src=/,dst=/host portainer/agent:2.0.0
```
=== "Docker Swarm on Windows WSL"
!!! Abstract ""
Before you can deploy Portainer in Docker Swarm running in Windows, you need to install WSL. [Read this guide to know more about WSL/WSL2](https://docs.microsoft.com/en-us/windows/wsl/install-win10){target=_blank}
Use the following Docker Swarmcommands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see portainer and agent scenario below):
### Portainer Server Deployment
Deploying Portainer and the Portainer Agent to manage a Swarm cluster is easy! You can directly deploy Portainer as a service in your Docker cluster. Note that this method will automatically deploy a single instance
of the Portainer Server, and deploys the Portainer Agent as a global service on every node in your cluster.
Remember to initiate the Docker Swarm mode when you use Docker Desktop. You can do this running the following command:
```shell
docker swarm init
```
The terminal will reply with this:
```shell
Swarm initialized: current node (15gbf4d66mvzk3die00sgirpf) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-096qbnf2b9yywagu5ht3731zlpkeqazgctffolntsiljfp0m34-c4snnxplgwq2bd1ohta8k48b9 192.168.65.3:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
```
Once this is done, you can continue with the installation running the following command:
```shell
curl -L https://downloads.portainer.io/portainer-ee-agent-stack.yml -o portainer-agent-stack.yml
```
```shell
docker stack deploy -c portainer-agent-stack.yml portainer
```
### Portainer Agent Only Deployment
Deploy Portainer Agent on a Swarm Cluster as a Swarm Service, run this command in a manager node in the cluster.
```shell
docker service create --name portainer_agent --network portainer_agent_network --publish mode=host,target=9001,published=9001 -e AGENT_CLUSTER_ADDR=tasks.portainer_agent --mode global --mount type=bind
src=//var/run/docker.sock,dst=/var/run/docker.sock --mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes -mount type=bind,src=/,dst=/host portainer/agent:2.0.0
```
=== "Docker Swarm on Windows Container Service"
!!! Abstract ""
To run Portainer in a Windows Server/Desktop Environment, you need to create exceptions in the firewall. These, can be easy added through PowerShell, running the following commands:
```shell
netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
```
```shell
netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
```
```shell
netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
```
```shell
netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
```
You also need to install Windows Container Host Service and Install Docker.
```shell
Enable-WindowsOptionalFeature -Online -FeatureName containers -All
```
```shell
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
```
```shell
Install-Package -Name docker -ProviderName DockerMsftProvider
```
Lastly, you need to restart your Windows Server. After it has restarted, you're ready to deploy Portainer.
### Portainer Server Deployment
You can use our YML manifest to run Portainer in Windows using Windows Containers. In Powershell, run:
```PowerShell
curl https://downloads.portainer.io/portainer_ee_windows_stack.yml -o portainer_windows_stack.yml
```
```PowerShell
docker stack deploy --compose-file=portainer_windows_stack.yml portainer
```
Now, you can navigate to http://localhost:9000 or the IP of the server and start using Portainer.
### Portainer Agent Only Deployment
To run Portainer Agent in a Windows Container scenario, you need to execute the following commands:
```PowerShell
curl -L https://downloads.portainer.io/agent-ee-stack-windows.yml -o agent-stack-windows.yml && docker stack deploy --compose-file=agent-stack-windows.yml portainer-agent
```
<br>
## :material-note-text: Notes
---
hide: toc
---
# :fontawesome-brands-docker: Deploying Portainer Business in Docker Swarm
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine or within a Swarm cluster. Due to the nature of Docker, there are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
Note that the recommended deployment mode when using Swarm is using the Portainer Agent.
By default, Portainer will expose the UI over the port `#!Ruby 9000` and expose a TCP tunnel server over the port `#!Ruby 8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0-be/deploy/requirements/).
## :fontawesome-solid-paper-plane: Portainer Deployment
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see Portainer and agent scenario below):
=== "Docker Swarm on Linux"
!!! Abstract ""
### Portainer Server Deployment
Deploying Portainer and the Portainer Agent to manage a Swarm cluster is easy! You can directly deploy Portainer as a service in your Docker cluster. Note that this method will automatically deploy a single instance of the Portainer Server, and deploy the Portainer Agent as a global service on every node in your cluster.
```shell
curl -L https://downloads.portainer.io/portainer-ee-agent-stack.yml -o portainer-agent-stack.yml
```
```shell
docker stack deploy -c portainer-agent-stack.yml portainer
```
<b>Note</b>: By default this stack doesn't enable Host Management Features, you need to enable from the UI of Portainer.
### Portainer Agent Only Deployment
Deploy Portainer Agent on a remote LINUX Swarm Cluster as a Swarm Service, run this command on a manager node in the remote cluster.
First create the network:
```shell
docker network create portainer_agent_network
```
The following step to deploy the Agent:
```shell
docker service create --name portainer_agent --network portainer_agent_network --publish mode=host,target=9001,published=9001 -e AGENT_CLUSTER_ADDR=tasks.portainer_agent --mode global --mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock --mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes --mount type=bind,src=/,dst=/host portainer/agent:2.0.0
```
=== "Docker Swarm on Windows WSL / Docker Desktop"
!!! Abstract ""
Before you can deploy Portainer in Docker Swarm running in Windows, you need to install WSL. [Read this guide to know more about WSL/WSL2](https://docs.microsoft.com/en-us/windows/wsl/install-win10){target=_blank}
Use the following Docker Swarmcommands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see portainer and agent scenario below):
### Portainer Server Deployment
Deploying Portainer and the Portainer Agent to manage a Swarm cluster is easy! You can directly deploy Portainer as a service in your Docker cluster. Note that this method will automatically deploy a single instance
of the Portainer Server, and deploys the Portainer Agent as a global service on every node in your cluster.
Remember to initiate the Docker Swarm mode when you use Docker Desktop. You can do this running the following command:
```shell
docker swarm init
```
The terminal will reply with this:
```shell
Swarm initialized: current node (15gbf4d66mvzk3die00sgirpf) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-096qbnf2b9yywagu5ht3731zlpkeqazgctffolntsiljfp0m34-c4snnxplgwq2bd1ohta8k48b9 192.168.65.3:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
```
Once this is done, you can continue with the installation running the following command:
```shell
curl -L https://downloads.portainer.io/portainer-ee-agent-stack.yml -o portainer-agent-stack.yml
```
```shell
docker stack deploy -c portainer-agent-stack.yml portainer
```
### Portainer Agent Only Deployment
Deploy Portainer Agent on a Swarm Cluster as a Swarm Service, run this command in a manager node in the cluster.
```shell
docker service create --name portainer_agent --network portainer_agent_network --publish mode=host,target=9001,published=9001 -e AGENT_CLUSTER_ADDR=tasks.portainer_agent --mode global --mount type=bind
src=//var/run/docker.sock,dst=/var/run/docker.sock --mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes -mount type=bind,src=/,dst=/host portainer/agent:2.0.0
```
=== "Docker Swarm on Windows Container Service"
!!! Abstract ""
To run Portainer in a Windows Server/Desktop Environment, you need to create exceptions in the firewall. These, can be easy added through PowerShell, running the following commands:
```shell
netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
```
```shell
netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
```
```shell
netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
```
```shell
netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
```
You also need to install Windows Container Host Service and Install Docker.
```shell
Enable-WindowsOptionalFeature -Online -FeatureName containers -All
```
```shell
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
```
```shell
Install-Package -Name docker -ProviderName DockerMsftProvider
```
Lastly, you need to restart your Windows Server. After it has restarted, you're ready to deploy Portainer.
### Portainer Server Deployment
You can use our YML manifest to run Portainer in Windows using Windows Containers. In Powershell, run:
```PowerShell
curl https://downloads.portainer.io/portainer_ee_windows_stack.yml -o portainer_windows_stack.yml
```
```PowerShell
docker stack deploy --compose-file=portainer_windows_stack.yml portainer
```
Now, you can navigate to http://localhost:9000 or the IP of the server and start using Portainer.
### Portainer Agent Only Deployment
To run Portainer Agent in a Windows Container scenario, you need to execute the following commands:
```PowerShell
curl -L https://downloads.portainer.io/agent-ee-stack-windows.yml -o agent-stack-windows.yml && docker stack deploy --compose-file=agent-stack-windows.yml portainer-agent
```
<br>
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

92
docs/v2.0-be/downgrade/be-to-ce.md
View File

@ -1,46 +1,46 @@
# Downgrade from Portainer Business to Portainer CE
If you have a running instance of Portainer Business and want to downgrade to Portainer CE, follow the instructions below.
1. Shutdown the Portainer Business instance
2. Backup Portainer Business data
3. Downgrade the Portainer Business database
4. Re-deploy a Portainer CE instance
# On Docker
## Shutdown the existing Portainer Business instance
Make sure that the Portainer Business instance is stopped before attempting any of the other steps.
Inside a Docker standalone environment it is as simple as:
<pre><code> docker stop portainer</code></pre>
Inside a Swarm environment, you can simply scale down the Portainer service to 0 replicas:
<pre><code> docker service scale portainer=0</code></pre>
## Backup your data
First make sure to create a copy of the Portainer data volume.
You can use the following command to backup the data of the Portainer Business instance, you might need to update this command to match the name of your Portainer container:
<pre><code> docker run --rm --volumes-from portainer -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /data</code></pre>
This will create a backup.tar file in your current folder containing the Portainer Business instance data backup.
## Downgrade the Portainer Business database
Use the following command to downgrade the Portainer database:
<pre><code> docker run -it --name portainer-database-rollback -v portainer_data:/data portainer/portainer-ee:latest --rollback-to-ce</code></pre>
## Redeploy a Portainer CE instance
After downgrading the database, you can now redeploy Portainer CE and re-use the existing Portainer Business data by following our instructions in [Deploying Portainer](/v2.0/deploy/linux).
# On Kubernetes
Work-in-progress.
# Downgrade from Portainer Business to Portainer CE
If you have a running instance of Portainer Business and want to downgrade to Portainer CE, follow the instructions below.
1. Shutdown the Portainer Business instance
2. Backup Portainer Business data
3. Downgrade the Portainer Business database
4. Re-deploy a Portainer CE instance
# On Docker
## Shutdown the existing Portainer Business instance
Make sure that the Portainer Business instance is stopped before attempting any of the other steps.
Inside a Docker standalone environment it is as simple as:
<pre><code> docker stop portainer</code></pre>
Inside a Swarm environment, you can simply scale down the Portainer service to 0 replicas:
<pre><code> docker service scale portainer=0</code></pre>
## Backup your data
First make sure to create a copy of the Portainer data volume.
You can use the following command to backup the data of the Portainer Business instance, you might need to update this command to match the name of your Portainer container:
<pre><code> docker run --rm --volumes-from portainer -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /data</code></pre>
This will create a backup.tar file in your current folder containing the Portainer Business instance data backup.
## Downgrade the Portainer Business database
Use the following command to downgrade the Portainer database:
<pre><code> docker run -it --name portainer-database-rollback -v portainer_data:/data portainer/portainer-ee:latest --rollback-to-ce</code></pre>
## Redeploy a Portainer CE instance
After downgrading the database, you can now redeploy Portainer CE and re-use the existing Portainer Business data by following our instructions in [Deploying Portainer](/v2.0/deploy/linux).
# On Kubernetes
Work-in-progress.

8
docs/v2.0-be/endpoints/api.md
View File

@ -44,7 +44,7 @@ This query will create an endpoint called <b>test-local</b> and will use the Doc
<pre><code> http --form POST :9000/api/endpoints \
"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE" \
Name="test-local" EndpointType=1</code></pre>
Name="test-local" EndpointCreationType=1</code></pre>
The response is a JSON object representing the endpoint:
@ -75,7 +75,7 @@ This query will create an endpoint called <b>test-remote</b> and will communicat
<pre><code> http --form POST :9000/api/endpoints \
"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE" \
Name="test-remote" URL="tcp://10.0.7.10:2375" EndpointType=1</code></pre>
Name="test-remote" URL="tcp://10.0.7.10:2375" EndpointCreationType=1</code></pre>
The response is a JSON object representing the endpoint:
@ -106,7 +106,7 @@ This query will create an endpoint called <b>test-remote-tls</b> and will commun
<pre><code> http --form POST :9000/api/endpoints \
"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE" \
Name="test-remote" URL="tcp://10.0.7.10:2376" EndpointType=1 TLS="true" TLSCACertFile@/path/to/ca.pem TLSCertFile@/path/to/cert.pem TLSKeyFile@/path/to/key.pem</code></pre>
Name="test-remote" URL="tcp://10.0.7.10:2376" EndpointCreationType=1 TLS="true" TLSCACertFile@/path/to/ca.pem TLSCertFile@/path/to/cert.pem TLSKeyFile@/path/to/key.pem</code></pre>
The response is a JSON object representing the endpoint:
@ -134,4 +134,4 @@ Retrieve this ID, it will be used to execute queries against the Docker engine f
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

314
docs/v2.0/ad/nginx/rp-nginx.md
View File

@ -1,157 +1,157 @@
# Deploy Portainer behind NGINX Reverse Proxy
### Deploying in a Docker Standalone scenario
To deploy Portainer behind NGINX Proxy in a Docker standalone scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Server and NGINX Proxy.
<pre><code>
version: "2"
services:
nginx-proxy:
image: jwilder/nginx-proxy
restart: always
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
portainer:
image: portainer/portainer-ce:2.0.0
command: -H unix:///var/run/docker.sock
restart: always
networks:
- proxy
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
networks:
proxy:
volumes:
portainer_data:
</code></pre>
To setup and start working with this recipe, you need to change the VIRTUAL_HOST value. You can then run the following:
<pre><code>docker-compose up -d</code></pre>
Once complete, you will able to run <code> docker ps</code> and you will see an output similar to this:
<pre><code>CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
088da047e931 portainer/portainer-ce:2.0.0 "/portainer -H unix:…" 32 minutes ago Up 22 minutes 0.0.0.0:8000->8000/tcp, 9000/tcp nginx-port_portainer_1
1ec0594f8a01 jwilder/nginx-proxy "/app/docker-entrypo…" 32 minutes ago Up 22 minutes 0.0.0.0:80->80/tcp nginx-port_nginx-proxy_1</code></pre>
Once the deployment is complete you can browse <code>portainer.yourdomain.com</code>.
### Deploying in a Docker Swarm scenario
Deploying Portainer in Docker Swarm behind NGINX has similar steps to the Docker Standalone scenario.
First, you need to create a few networks. One for the agent and the communication with Portainer Server and other to "expose" the Portainer container to the same network that the Reverse Proxy.
Before deploying, you need to create 2 elements: Networks and volumes.
1. First, create 2 networks for the agent to communicate with Portainer Server and other to "expose" the Portainer container to the same network that as the Reverse Proxy
<pre><code> docker network create -d overlay proxy</code></pre>
<pre><code> docker network create -d overlay agent_network</code></pre>
2. Then create the volume:
<pre><code> docker volume create portainer_data</code></pre>
3. Save the below recipe as portainer.yml
<pre><code>version: '3.2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
networks:
- proxy
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
networks:
proxy:
external: true
agent_network:
external: true
volumes:
data:
</code></pre>
4. To setup and start working with this recipe, you need to change the VIRTUAL_HOST value.
5. You're now ready to deploy Portainer by executing the following:
<pre><code> docker stack deploy portainer -c portainer.yml</code></pre>
6. To check the deployment you can run <code> docker service ls</code> and you will see an output similar to the following:
<pre><code>ID NAME MODE REPLICAS IMAGE PORTS
gy2bjxid0g4p portainer_agent global 1/1 portainer/agent:latest
jwvjp5bux4sz portainer_nginx-proxy replicated 1/1 jwilder/nginx-proxy:latest *:80->80/tcp
5nflcvoxl3c7 portainer_portainer replicated 1/1 portainer/portainer-ce:2.0.0 *:8000->8000/tcp</code></pre>
Once the services are running, you can browse the url specified (e.g. portainer.yourdomain.com) to access Portainer.
### Deploying in a Kubernetes scenario
WIP
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=\_blank}
# Deploy Portainer behind NGINX Reverse Proxy
### Deploying in a Docker Standalone scenario
To deploy Portainer behind NGINX Proxy in a Docker standalone scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Server and NGINX Proxy.
<pre><code>
version: "2"
services:
nginx-proxy:
image: jwilder/nginx-proxy
restart: always
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
portainer:
image: portainer/portainer-ce:2.0.0
command: -H unix:///var/run/docker.sock
restart: always
networks:
- proxy
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
networks:
proxy:
volumes:
portainer_data:
</code></pre>
To setup and start working with this recipe, you need to change the VIRTUAL_HOST value. You can then run the following:
<pre><code>docker-compose up -d</code></pre>
Once complete, you will able to run <code> docker ps</code> and you will see an output similar to this:
<pre><code>CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
088da047e931 portainer/portainer-ce:2.0.0 "/portainer -H unix:…" 32 minutes ago Up 22 minutes 0.0.0.0:8000->8000/tcp, 9000/tcp nginx-port_portainer_1
1ec0594f8a01 jwilder/nginx-proxy "/app/docker-entrypo…" 32 minutes ago Up 22 minutes 0.0.0.0:80->80/tcp nginx-port_nginx-proxy_1</code></pre>
Once the deployment is complete you can browse <code>portainer.yourdomain.com</code>.
### Deploying in a Docker Swarm scenario
Deploying Portainer in Docker Swarm behind NGINX has similar steps to the Docker Standalone scenario.
First, you need to create a few networks. One for the agent and the communication with Portainer Server and other to "expose" the Portainer container to the same network that the Reverse Proxy.
Before deploying, you need to create 2 elements: Networks and volumes.
1. First, create 2 networks for the agent to communicate with Portainer Server and other to "expose" the Portainer container to the same network that as the Reverse Proxy
<pre><code> docker network create -d overlay proxy</code></pre>
<pre><code> docker network create -d overlay agent_network</code></pre>
2. Then create the volume:
<pre><code> docker volume create portainer_data</code></pre>
3. Save the below recipe as portainer.yml
<pre><code>version: '3.2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
networks:
- proxy
ports:
- "80:80"
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "./vhost.d:/etc/nginx/vhost.d:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
environment:
- VIRTUAL_HOST=portainer.yourdomain.com
- VIRTUAL_PORT=9000
ports:
- 8000:8000
networks:
- proxy
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
networks:
proxy:
external: true
agent_network:
external: true
volumes:
data:
</code></pre>
4. To setup and start working with this recipe, you need to change the VIRTUAL_HOST value.
5. You're now ready to deploy Portainer by executing the following:
<pre><code> docker stack deploy portainer -c portainer.yml</code></pre>
6. To check the deployment you can run <code> docker service ls</code> and you will see an output similar to the following:
<pre><code>ID NAME MODE REPLICAS IMAGE PORTS
gy2bjxid0g4p portainer_agent global 1/1 portainer/agent:latest
jwvjp5bux4sz portainer_nginx-proxy replicated 1/1 jwilder/nginx-proxy:latest *:80->80/tcp
5nflcvoxl3c7 portainer_portainer replicated 1/1 portainer/portainer-ce:2.0.0 *:8000->8000/tcp</code></pre>
Once the services are running, you can browse the url specified (e.g. portainer.yourdomain.com) to access Portainer.
### Deploying in a Kubernetes scenario
WIP
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=\_blank}

414
docs/v2.0/ad/traefik/rp-traefik.md
View File

@ -1,208 +1,208 @@
# Deploy Portainer behind Traefik Proxy
[Traefik Proxy](https://traefik.io/traefik/) is a reverse proxy and load balancing solution focused on micro services.
### Deploying in a Docker Standalone scenario
To deploy Portainer behind Traefik Proxy in a Docker standalone scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Traefik with SSL support and Portainer Server.
<pre><code>version: "3.3"
services:
traefik:
container_name: traefik
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --log.level=ERROR
- --certificatesresolvers.leresolver.acme.httpchallenge=true
- --certificatesresolvers.leresolver.acme.email=your-email #Set your email address here, is for the generation of SSL certificates with Let's Encrypt.
- --certificatesresolvers.leresolver.acme.storage=./acme.json
- --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./acme.json:/acme.json"
labels:
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
portainer:
image: portainer/portainer-ce:2.0.0
command: -H unix:///var/run/docker.sock
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
labels:
# Frontend
- "traefik.enable=true"
- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.frontend.entrypoints=websecure"
- "traefik.http.services.frontend.loadbalancer.server.port=9000"
- "traefik.http.routers.frontend.service=frontend"
- "traefik.http.routers.frontend.tls.certresolver=leresolver"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=websecure"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
- "traefik.http.routers.edge.tls.certresolver=leresolver"
volumes:
portainer_data:</code></pre>
Before you run this file in Docker you will need to create the <code>acme.json</code> file that will store the SSL certificates. Once it has been created you need to define the path of that file in the following sections:
In the volume and command section of the Traefik Proxy container
<pre><code>- "./acme.json:/acme.json"</code></pre>
<pre><code>- --certificatesresolvers.leresolver.acme.storage=./acme.json</code></pre>
You need to setup your email address for the registration with Let's Encrypt.
<pre><code>- --certificatesresolvers.leresolver.acme.email=your-email</code></pre>
Next, need to customize some labels in the Traefik container. The following labels need to be modified with the url that you want use to access Portainer.
<pre><code>- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"</code></pre>
<pre><code>- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"</code></pre>
After all this setup, you're ready to deploy Portainer:
<pre><code>docker-compose up -d</code></pre>
After the images have been downloaded and deployed you will able to access Portainer in the URL you defined earlier. Eg: <code>https://portainer.yourdomain.com</code>
This file also exists in [our repository on Github](https://github.com/portainer/portainer-compose/tree/master/traefik).
### Deploying in a Docker Swarm scenario
To deploy Portainer behind Traefik Proxy in a Docker Swarm scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Traefik with SSL support and Portainer Server.
Before deploying, you need to create 2 elements: Networks and volumes.
1. First, create 2 overlay networks:
<pre><code> docker network create -d overlay agent_network</code></pre>
<pre><code> docker network create -d overlay public</code></pre>
2. Then create the volume:
<pre><code> docker volume create portainer_data</code></pre>
3. Save the below recipe as portainer.yml
<pre><code>version: '3.2'
services:
traefik:
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=public
- --api
- --log.level=ERROR
ports:
- "80:80"
- "443:443"
networks:
- public
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
networks:
- public
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.portainer.entrypoints=web"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.service=portainer"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=web"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
networks:
public:
external: true
agent_network:
external: true
volumes:
data:
</code></pre>
4. Before you can deploy, you need to customize this labels to match with the URL that you want.
<pre><code>- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"</code></pre>
<pre><code>- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"</code></pre>
5. You're now ready to deploy Portainer by executing the following:
<pre><code> docker stack deploy portainer -c portainer.yml</code></pre>
6. To check the deployment you can run <code> docker service ls</code> and you will see an output similar to the following:
<pre><code>ID NAME MODE REPLICAS IMAGE PORTS
lt21zrypsll6 portainer_agent global 1/1 portainer/agent:latest
m6912ynwdcd7 portainer_portainer replicated 1/1 portainer/portainer-ce:2.0.0
tw2nb4i640e4 portainer_traefik replicated 1/1 traefik:latest *:80->80/tcp, *:443->443/tcp</code></pre>
Once the services are running, you can browse the url specified (e.g. portainer.yourdomain.com) to access Portainer.
### Deploying in a Kubernetes scenario
WIP
## :material-note-text: Notes
# Deploy Portainer behind Traefik Proxy
[Traefik Proxy](https://traefik.io/traefik/) is a reverse proxy and load balancing solution focused on micro services.
### Deploying in a Docker Standalone scenario
To deploy Portainer behind Traefik Proxy in a Docker standalone scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Traefik with SSL support and Portainer Server.
<pre><code>version: "3.3"
services:
traefik:
container_name: traefik
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --log.level=ERROR
- --certificatesresolvers.leresolver.acme.httpchallenge=true
- --certificatesresolvers.leresolver.acme.email=your-email #Set your email address here, is for the generation of SSL certificates with Let's Encrypt.
- --certificatesresolvers.leresolver.acme.storage=./acme.json
- --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./acme.json:/acme.json"
labels:
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
portainer:
image: portainer/portainer-ce:2.0.0
command: -H unix:///var/run/docker.sock
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data
labels:
# Frontend
- "traefik.enable=true"
- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.frontend.entrypoints=websecure"
- "traefik.http.services.frontend.loadbalancer.server.port=9000"
- "traefik.http.routers.frontend.service=frontend"
- "traefik.http.routers.frontend.tls.certresolver=leresolver"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=websecure"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
- "traefik.http.routers.edge.tls.certresolver=leresolver"
volumes:
portainer_data:</code></pre>
Before you run this file in Docker you will need to create the <code>acme.json</code> file that will store the SSL certificates. Once it has been created you need to define the path of that file in the following sections:
In the volume and command section of the Traefik Proxy container
<pre><code>- "./acme.json:/acme.json"</code></pre>
<pre><code>- --certificatesresolvers.leresolver.acme.storage=./acme.json</code></pre>
You need to setup your email address for the registration with Let's Encrypt.
<pre><code>- --certificatesresolvers.leresolver.acme.email=your-email</code></pre>
Next, need to customize some labels in the Traefik container. The following labels need to be modified with the url that you want use to access Portainer.
<pre><code>- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"</code></pre>
<pre><code>- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"</code></pre>
After all this setup, you're ready to deploy Portainer:
<pre><code>docker-compose up -d</code></pre>
After the images have been downloaded and deployed you will able to access Portainer in the URL you defined earlier. Eg: <code>https://portainer.yourdomain.com</code>
This file also exists in [our repository on Github](https://github.com/portainer/portainer-compose/tree/master/traefik).
### Deploying in a Docker Swarm scenario
To deploy Portainer behind Traefik Proxy in a Docker Swarm scenario we will use a Docker Compose file. In the following docker-compose.yml you will find the configuration of the Portainer Traefik with SSL support and Portainer Server.
Before deploying, you need to create 2 elements: Networks and volumes.
1. First, create 2 overlay networks:
<pre><code> docker network create -d overlay agent_network</code></pre>
<pre><code> docker network create -d overlay public</code></pre>
2. Then create the volume:
<pre><code> docker volume create portainer_data</code></pre>
3. Save the below recipe as portainer.yml
<pre><code>version: '3.2'
services:
traefik:
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=public
- --api
- --log.level=ERROR
ports:
- "80:80"
- "443:443"
networks:
- public
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
networks:
- public
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.portainer.entrypoints=web"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.service=portainer"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=web"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
networks:
public:
external: true
agent_network:
external: true
volumes:
data:
</code></pre>
4. Before you can deploy, you need to customize this labels to match with the URL that you want.
<pre><code>- "traefik.http.routers.frontend.rule=Host(`portainer.yourdomain.com`)"</code></pre>
<pre><code>- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"</code></pre>
5. You're now ready to deploy Portainer by executing the following:
<pre><code> docker stack deploy portainer -c portainer.yml</code></pre>
6. To check the deployment you can run <code> docker service ls</code> and you will see an output similar to the following:
<pre><code>ID NAME MODE REPLICAS IMAGE PORTS
lt21zrypsll6 portainer_agent global 1/1 portainer/agent:latest
m6912ynwdcd7 portainer_portainer replicated 1/1 portainer/portainer-ce:2.0.0
tw2nb4i640e4 portainer_traefik replicated 1/1 traefik:latest *:80->80/tcp, *:443->443/tcp</code></pre>
Once the services are running, you can browse the url specified (e.g. portainer.yourdomain.com) to access Portainer.
### Deploying in a Kubernetes scenario
WIP
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

506
docs/v2.0/deploy/ceinstalldocker.md
View File

@ -1,254 +1,254 @@
---
hide:
- toc
---
# :fontawesome-brands-docker: Deploying Portainer CE in Docker
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine or within a Swarm cluster. Due to the nature of Docker, there are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
Note that the recommended deployment mode when using Swarm is using the Portainer Agent.
By default, Portainer will expose the UI over the port `#!Ruby 9000` and expose a TCP tunnel server over the port `#!Ruby 8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0/deploy/requirements).
## :fontawesome-solid-paper-plane: Portainer Deployment
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see Portainer and agent scenario below):
=== "Docker on Linux"
!!! Abstract ""
### :fontawesome-solid-server: Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Run the following command to deploy the Agent in your Docker host.
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent
```
=== "Docker on Windows WSL"
!!! Abstract ""
Before you can deploy Portainer in Docker Standalone running in Windows, you need to install WSL. [Read this guide to know more about WSL/WSL2](https://docs.microsoft.com/en-us/windows/wsl/install-win10){target=_blank}
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see portainer and agent scenario below):
### :fontawesome-solid-server: Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Run the following command to deploy the Agent in your Docker host.
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent
```
=== "Docker on Windows Container Service"
!!! Abstract ""
To run Portainer in a Windows Server/Desktop Environment, you need to create exceptions in the firewall. These, can be easy added trough PowerShell, running the following commands:
```shell
netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
```
```shell
netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
```
```shell
netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
```
```shell
netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
```
You also need to install Windows Container Host Service and Install Docker.
```shell
Enable-WindowsOptionalFeature -Online -FeatureName containers -All
```
```shell
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
```
```shell
Install-Package -Name docker -ProviderName DockerMsftProvider
```
Lastly, you need to restart your Windows Server. After it has restarted, you're ready to deploy Portainer.
### :fontawesome-solid-server: Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 9000:9000 --name portainer --restart always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine -v portainer_data:C:\data portainer/portainer-ce
```
Now, you can navigate to http://localhost:9000 or the IP of the server and start using Portainer.
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
To run Portainer Agent in a Windows Container scenario, you need to execute the following commands:
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine portainer/agent
```
??? Tip "Advanced Options"
# CLI Configuration Options
Portainer can be easily tuned using CLI flags.
## Admin password
### From the command line
Portainer allows you to specify a bcrypt encrypted password from the command line for the admin account. You need to generate the bcrypt encrypted password first.
You can generate the encrypted password with the following command if you have installed apache2-utils package:
```shell
htpasswd -nb -B admin "your-password" | cut -d ":" -f 2
```
If your system does not have the mentioned command, you can run a container to run the command:
```shell
docker run --rm httpd:2.4-alpine htpasswd -nbB admin "your-password" | cut -d ":" -f 2
```
To specify the admin password from the command line, start Portainer with the <code>--admin-password</code> flag:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --admin-password='$2y$05$8oz75U8m5tI/xT4P0NbSHeE7WyRzOWKRBprfGotwDkhBOGP/u802u'
```
### Inside a file
You can also store the plaintext password inside a file and use the <code>--admin-password-file</code> flag:
Add your password to a file running the following command:
```shell
echo -n mypassword > /tmp/portainer_password
```
Now you can start the Portainer container by running:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/portainer_password:/tmp/portainer_password portainer/portainer-ce --admin-password-file /tmp/portainer_password
```
This works well with Docker Swarm and Docker secrets too:
```shell
echo -n mypassword | docker secret create portainer-pass -
```
```shell
docker service create \
--name portainer \
--secret portainer-pass \
--publish 9000:9000 \
--publish 8000:8000 \
--replicas=1 \
--constraint 'node.role == manager' \
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
portainer/portainer-ce \
--admin-password-file '/run/secrets/portainer-pass' \
-H unix:///var/run/docker.sock
```
Note: This will automatically create an administrator account called admin with the specified password.
## Hiding specific containers
Portainer allows you to hide containers with a specific label by using the -l flag.
For example, take a container started with the label owner=acme (note that this is an example label, you can define your own labels):
```shell
docker run -d --label owner=acme nginx
```
To hide this container, simply add the -l owner=acme option on the CLI when starting Portainer:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce -l owner=acme
```
Note that the -l flag can be repeated multiple times to specify multiple labels:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce -l owner=acme -l service=secret
```
## Use your own logo
You do not like our logo? Want to make Portainer more corporate? Dont worry, you can easily switch for an external logo (it must be exactly 155px by 55px) using the <code>--logo flag</code>:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --logo "https://www.docker.com/sites/all/themes/docker/assets/images/brand-full.svg"
```
This can also be completed via the GUI in the Portaner Settings menu
## Use your own templates
Portainer allows you to rapidly deploy containers using App Templates.
By default Portainer templates will be used but you can also define your own templates.
Note: at the moment, templates are only loaded once at first Portainer startup. If you already deployed a Portainer instance and want to use your own templates after this, youll need to clear any existing templates (default templates) via the HTTP API.
Using the <code>--templates</code> flag you can specify an URL where the template file can be accessed via HTTP.
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --templates http://my-host.my-domain/templates.json
```
Suggestion: You can host your template files in [Github](https://www.github.com)
## Available flags
The following CLI flags are available:
* <code>--admin-password</code>: Specify a bcrypt hashed password for the admin user
* <code>--admin-password-file</code>: Path to the file containing the password for the admin user
* <code>--bind, -p</code>: Address and port to serve Portainer (default: :9000)
* <code>--data, -d</code>: Directory where Portainer data will be stored (default: /data on Linux, C:\data on Windows)
* <code>--edge-compute</code>: Automatically enable edge-compute features
* <code>--hide-label, -l</code>: Hide containers with a specific label in the UI
* <code>--host, -H</code>: Docker daemon endpoint
* <code>--logo</code>: URL to a picture to be displayed as a logo in the UI, use Portainer logo if not specified
* <code>--snapshot-interval</code>: Time interval between two endpoint snapshot jobs expressed as a string, e.g. 30s, 5m, 1h… as supported by the time.ParseDuration method (default: 5m)
* <code>--ssl</code>: Secure Portainer instance using SSL (default: false)
* <code>--sslcert</code>: Path to the SSL certificate used to secure the Portainer instance (default: /certs/portainer.crt, C:\certs\portainer.crt on Windows)
* <code>--sslkey</code>: Path to the SSL key used to secure the Portainer instance (default: /certs/portainer.key, C:\certs\portainer.key on Windows)
* <code>--templates, -t</code>: URL to templates (apps) definitions
* <code>--tlscacert</code>: Path to the CA (default: /certs/ca.pem on Linux, C:\certs\ca.pem on Windows)
* <code>--tlscert</code>: Path to the TLS certificate file (default: /certs/cert.pem, C:\certs\cert.pem on Windows)
* <code>--tlskey</code>: Path to the TLS key (default: /certs/key.pem, C:\certs\key.pem on Windows)
* <code>--tlsverify</code>: TLS support (default: false)
* <code>--tunnel-port</code>: Specify an alternate tunnel port to use with the Edge agent. Use --tunnel-port 8001 with -p 8001:8001 to make the Edge agent communicate on port 8001
<br>
## :material-note-text: Notes
---
hide:
- toc
---
# :fontawesome-brands-docker: Deploying Portainer CE in Docker
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine or within a Swarm cluster. Due to the nature of Docker, there are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
Note that the recommended deployment mode when using Swarm is using the Portainer Agent.
By default, Portainer will expose the UI over the port `#!Ruby 9000` and expose a TCP tunnel server over the port `#!Ruby 8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0/deploy/requirements).
## :fontawesome-solid-paper-plane: Portainer Deployment
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see Portainer and agent scenario below):
=== "Docker on Linux"
!!! Abstract ""
### :fontawesome-solid-server: Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Run the following command to deploy the Agent in your Docker host.
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent
```
=== "Docker on Windows WSL / Docker Desktop"
!!! Abstract ""
Before you can deploy Portainer in Docker Standalone running in Windows, you need to install WSL. [Read this guide to know more about WSL/WSL2](https://docs.microsoft.com/en-us/windows/wsl/install-win10){target=_blank}
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see portainer and agent scenario below):
### :fontawesome-solid-server: Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Run the following command to deploy the Agent in your Docker host.
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent
```
=== "Docker on Windows Container Service"
!!! Abstract ""
To run Portainer in a Windows Server/Desktop Environment, you need to create exceptions in the firewall. These, can be easy added trough PowerShell, running the following commands:
```shell
netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
```
```shell
netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
```
```shell
netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
```
```shell
netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
```
You also need to install Windows Container Host Service and Install Docker.
```shell
Enable-WindowsOptionalFeature -Online -FeatureName containers -All
```
```shell
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
```
```shell
Install-Package -Name docker -ProviderName DockerMsftProvider
```
Lastly, you need to restart your Windows Server. After it has restarted, you're ready to deploy Portainer.
### :fontawesome-solid-server: Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 9000:9000 --name portainer --restart always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine -v portainer_data:C:\data portainer/portainer-ce
```
Now, you can navigate to http://localhost:9000 or the IP of the server and start using Portainer.
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
To run Portainer Agent in a Windows Container scenario, you need to execute the following commands:
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine portainer/agent
```
??? Tip "Advanced Options"
# CLI Configuration Options
Portainer can be easily tuned using CLI flags.
## Admin password
### From the command line
Portainer allows you to specify a bcrypt encrypted password from the command line for the admin account. You need to generate the bcrypt encrypted password first.
You can generate the encrypted password with the following command if you have installed apache2-utils package:
```shell
htpasswd -nb -B admin "your-password" | cut -d ":" -f 2
```
If your system does not have the mentioned command, you can run a container to run the command:
```shell
docker run --rm httpd:2.4-alpine htpasswd -nbB admin "your-password" | cut -d ":" -f 2
```
To specify the admin password from the command line, start Portainer with the <code>--admin-password</code> flag:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --admin-password='$2y$05$8oz75U8m5tI/xT4P0NbSHeE7WyRzOWKRBprfGotwDkhBOGP/u802u'
```
### Inside a file
You can also store the plaintext password inside a file and use the <code>--admin-password-file</code> flag:
Add your password to a file running the following command:
```shell
echo -n mypassword > /tmp/portainer_password
```
Now you can start the Portainer container by running:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/portainer_password:/tmp/portainer_password portainer/portainer-ce --admin-password-file /tmp/portainer_password
```
This works well with Docker Swarm and Docker secrets too:
```shell
echo -n mypassword | docker secret create portainer-pass -
```
```shell
docker service create \
--name portainer \
--secret portainer-pass \
--publish 9000:9000 \
--publish 8000:8000 \
--replicas=1 \
--constraint 'node.role == manager' \
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
portainer/portainer-ce \
--admin-password-file '/run/secrets/portainer-pass' \
-H unix:///var/run/docker.sock
```
Note: This will automatically create an administrator account called admin with the specified password.
## Hiding specific containers
Portainer allows you to hide containers with a specific label by using the -l flag.
For example, take a container started with the label owner=acme (note that this is an example label, you can define your own labels):
```shell
docker run -d --label owner=acme nginx
```
To hide this container, simply add the -l owner=acme option on the CLI when starting Portainer:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce -l owner=acme
```
Note that the -l flag can be repeated multiple times to specify multiple labels:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce -l owner=acme -l service=secret
```
## Use your own logo
You do not like our logo? Want to make Portainer more corporate? Dont worry, you can easily switch for an external logo (it must be exactly 155px by 55px) using the <code>--logo flag</code>:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --logo "https://www.docker.com/sites/all/themes/docker/assets/images/brand-full.svg"
```
This can also be completed via the GUI in the Portaner Settings menu
## Use your own templates
Portainer allows you to rapidly deploy containers using App Templates.
By default Portainer templates will be used but you can also define your own templates.
Note: at the moment, templates are only loaded once at first Portainer startup. If you already deployed a Portainer instance and want to use your own templates after this, youll need to clear any existing templates (default templates) via the HTTP API.
Using the <code>--templates</code> flag you can specify an URL where the template file can be accessed via HTTP.
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --templates http://my-host.my-domain/templates.json
```
Suggestion: You can host your template files in [Github](https://www.github.com)
## Available flags
The following CLI flags are available:
* <code>--admin-password</code>: Specify a bcrypt hashed password for the admin user
* <code>--admin-password-file</code>: Path to the file containing the password for the admin user
* <code>--bind, -p</code>: Address and port to serve Portainer (default: :9000)
* <code>--data, -d</code>: Directory where Portainer data will be stored (default: /data on Linux, C:\data on Windows)
* <code>--edge-compute</code>: Automatically enable edge-compute features
* <code>--hide-label, -l</code>: Hide containers with a specific label in the UI
* <code>--host, -H</code>: Docker daemon endpoint
* <code>--logo</code>: URL to a picture to be displayed as a logo in the UI, use Portainer logo if not specified
* <code>--snapshot-interval</code>: Time interval between two endpoint snapshot jobs expressed as a string, e.g. 30s, 5m, 1h… as supported by the time.ParseDuration method (default: 5m)
* <code>--ssl</code>: Secure Portainer instance using SSL (default: false)
* <code>--sslcert</code>: Path to the SSL certificate used to secure the Portainer instance (default: /certs/portainer.crt, C:\certs\portainer.crt on Windows)
* <code>--sslkey</code>: Path to the SSL key used to secure the Portainer instance (default: /certs/portainer.key, C:\certs\portainer.key on Windows)
* <code>--templates, -t</code>: URL to templates (apps) definitions
* <code>--tlscacert</code>: Path to the CA (default: /certs/ca.pem on Linux, C:\certs\ca.pem on Windows)
* <code>--tlscert</code>: Path to the TLS certificate file (default: /certs/cert.pem, C:\certs\cert.pem on Windows)
* <code>--tlskey</code>: Path to the TLS key (default: /certs/key.pem, C:\certs\key.pem on Windows)
* <code>--tlsverify</code>: TLS support (default: false)
* <code>--tunnel-port</code>: Specify an alternate tunnel port to use with the Edge agent. Use --tunnel-port 8001 with -p 8001:8001 to make the Edge agent communicate on port 8001
<br>
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

518
docs/v2.0/deploy/ceinstallk8s.md
View File

@ -1,260 +1,260 @@
---
hide: toc
---
# :material-kubernetes: Deploying Portainer CE in Kubernetes
<div class="video-wrapper">
<iframe width="1280" height="720" src="https://www.youtube.com/embed/wxXi_bmX_Zw" frameborder="0" allowfullscreen></iframe>
</div>
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine. There are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
By default, Portainer will expose the UI over the port `#!Ruby 9000` and expose a TCP tunnel server over the port `#!Ruby 8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0/deploy/requirements).
## :fontawesome-solid-paper-plane: Portainer Deployment
---
### :material-list-status: Pre-Req Note:
Portainer requires data persistence, and as a result needs at least one storage-class available to use. Portainer will attempt to use the "default" storage class during deployment. If you do NOT have a storage class tagged as "default" the deployment will likely fail.
You can check if you have a default storage class by running:
```shell
kubectl get sc
```
and looking for a storage class with (default) after its name:
![defaultsc](assets/defaultsc.png)
```shell
kubectl patch storageclass <storage-class-name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
```
and replace <storage-class-name> with the name of your storage class
Example: `kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'`
Alternatively, if installing using our helm chart you can add the following option with helm install:
```shell
--set persistence.storageClass=<storage-class-name>
```
---
<br>
**To deploy Portainer within a Kubernetes cluster, you can either use our HELM chart, or our provided manifests.**
=== "Deploy using Helm"
!!! Abstract ""
### :fontawesome-solid-server: Portainer Server Deployment
Ensure you're using at least helm v3.2, which [includes support](https://github.com/helm/helm/pull/7648) for the `--create-namespace` argument.
First, add the Portainer helm repo running the following:
```shell
helm repo add portainer https://portainer.github.io/k8s/
```
```shell
helm repo update
```
Based on how you would like expose Portainer Service, Select an option below
=== "NodePort"
Using the following command, Portainer will be available on port 30777.
```shell
helm install --create-namespace -n portainer portainer portainer/portainer
```
=== "Ingress"
Using the following command, Poratainer service will be assigned a Cluster IP. You should use this with an Ingress, see Chart Configuration Options for Ingress related options.
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
--set service.type=ClusterIP
```
??? Hint "Example Deployment with Nginx Ingress"
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
-- set service.type=ClusterIP \
-- set ingress.enabled=true \
-- set ingress.annotations='kubernetes.io/ingress.class: nginx' \
-- set ingress.hosts.host=portainer.example.io
```
=== "LoadBalancer"
Using the following command, Portainer will be available at an assigned LoadBalancer IP @ port 9000.
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
--set service.type=LoadBalancer
```
??? Note "Chart Configuration Options"
The following table lists the configurable parameters of the Portainer chart and their default values. The values file can be found under `deploy/helm/portainer/values.yaml`.
*The parameters will be keep updating.*
| Parameter | Description | Default |
| - | - | - |
| `replicaCount` | Number of Portainer service replicas (ALWAYS set to 1) | `1` |
| `image.repository` | Portainer Docker Hub repository | `portainer/portainer-ce` |
| `image.tag` | Tag for the Portainer image | `latest` |
| `image.pullPolicy` | Portainer image pulling policy | `IfNotPresent` |
| `imagePullSecrets` | If Portainer image requires to be in a private repository | `nil` |
| `nodeSelector` | Used to apply a nodeSelector to the deployment | `{}` |
| `serviceAccount.annotations` | Annotations to add to the service account | `null` |
| `serviceAccount.name` | The name of the service account to use | `portainer-sa-clusteradmin` |
| `service.type` | Service Type for the main Portainer Service; ClusterIP, NodePort and LoadBalancer | `LoadBalancer` |
| `service.httpPort` | HTTP port for accessing Portainer Web | `9000` |
| `service.httpNodePort` | Static NodePort for accessing Portainer Web. Specify only if the type is NodePort | `30777` |
| `service.edgePort` | TCP port for accessing Portainer Edge | `8000` |
| `service.edgeNodePort` | Static NodePort for accessing Portainer Edge. Specify only if the type is NodePort | `30776` |
| `service.annotations` | Annotations to add to the service | `{}` |
| `ingress.enabled` | Create an ingress for Portainer | `false` |
| `ingress.annotations` | Annotations to add to the ingress. For instane, `kubernetes.io/ingress.class: nginx` | `{}` |
| `ingress.hosts.host` | URL for Portainer Web. For instance, `portainer.example.io` | `nil` |
| `ingress.hosts.paths.path` | Path for the Portainer Web. | `/` |
| `ingress.hosts.paths.port` | Port for the Portainer Web. | `9000` |
| `ingress.tls` | TLS support on ingress. Must create a secret with TLS certificates in advance | `[]` |
| `resources` | Portainer resource requests and limits | `{}` |
| `persistence.enabled` | Whether to enable data persistence | `true` |
| `persistence.existingClaim` | Name of an existing PVC to use for data persistence | `nil` |
| `persistence.size` | Size of the PVC used for persistence | `10Gi` |
| `persistence.annotations` | Annotations to apply to PVC used for persistence | `{}` |
| `persistence.storageClass` | StorageClass to apply to PVC used for persistence | `default` |
| `persistence.accessMode` | AccessMode for persistence | `ReadWriteOnce` |
| `persistence.selector` | Selector for persistence | `nil` |
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Helm chart for Agent Only Deployments will be available soon.
In the mean time please head over to YAML Manifests tab.
=== "Deploy using YAML Manifests"
!!! Abstract ""
### :fontawesome-solid-server: Portainer Server Deployment
Based on how you would like expose Portainer Service, Select an option below
=== "NodePort"
Using the following command, Portainer will be available on port 30777.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml
```
=== "LoadBalancer"
Using the following command, Portainer will be available at an assigned LoadBalancer IP @ port 9000.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-lb.yaml
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Choose one of the tabs below based on how you would like to expose the agent.
=== "NodePort"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on port 30778.
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-nodeport.yaml
```
=== "LoadBalancer"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on LoadBalancer assigned IP @ port 9001
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-lb.yaml
```
=== "Deploy on Windows WSL"
!!! Abstract ""
You can deploy Portainer in a Kubernetes environment in Windows using Docker Desktop.
!!! Note
This scenario is for testing purpose only.
### Enable Kubernetes in Docker Desktop
To enable Kubernetes in Docker Desktop, you need to open the dashboard of Docker Desktop. Right click the Docker icon in the system tray and click "dashboard"
![dashboard](assets/windows10-1.png)
Click Settings:
![settings](assets/windows10-2.png)
1. Select Kubernetes 2. Select 'Enable Kubernetes' 3. Click 'Apply and Restart'.
![kubernetes](assets/windows10-3.png)
After a few minutes, you will see that Kubernetes is running:
![kubernetes_running](assets/windows10-4.png)
### :fontawesome-solid-server: Portainer Server Deployment
Based on how you would like expose Portainer Service, Select an option below
=== "NodePort"
Using the following command, Portainer will be available on port 30777.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml
```
=== "LoadBalancer"
Using the following command, Portainer will be available at an assigned LoadBalancer IP @ port 9000.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-lb.yaml
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Choose one of the tabs below based on how you would like to expose the agent.
=== "NodePort"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on port 30778.
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-nodeport.yaml
```
=== "LoadBalancer"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on LoadBalancer assigned IP @ port 9001
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-lb.yaml
```
---
???+ Tip "Regarding Persisting Data"
The charts/manifests will create a persistent volume for storing Portainer data, using the default StorageClass.
In some Kubernetes clusters (microk8s), the default Storage Class simply creates hostPath volumes, which are not explicitly tied to a particular node. In a multi-node cluster, this can create an issue when the pod is terminated and rescheduled on a different node, "leaving" all the persistent data behind and starting the pod with an "empty" volume.
While this behaviour is inherently a limitation of using hostPath volumes, a suitable workaround is to use add a nodeSelector to the deployment, which effectively "pins" the portainer pod to a particular node.
The nodeSelector can be added in the following ways:
1. Edit your own values.yaml and set the value of nodeSelector like this:
nodeSelector: kubernetes.io/hostname: \<YOUR NODE NAME>
2. Explicictly set the target node when deploying/updating the helm chart on the CLI, by including `--set nodeSelector.kubernetes.io/hostname=<YOUR NODE NAME>`
3. If you've deployed Portainer via manifests, without Helm, run the following one-liner to "patch" the deployment, forcing the pod to always be scheduled on the node it's currently running on:
kubectl patch deployments -n portainer portainer -p '{"spec": {"template": {"spec": {"nodeSelector": {"kubernetes.io/hostname": "'$(kubectl get pods -n portainer -o jsonpath='{ ..nodeName }')'"}}}}}' || (echo Failed to identify current node of portainer pod; exit 1)
<br>
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}
---
hide: toc
---
# :material-kubernetes: Deploying Portainer CE in Kubernetes
<div class="video-wrapper">
<iframe width="1280" height="720" src="https://www.youtube.com/embed/wxXi_bmX_Zw" frameborder="0" allowfullscreen></iframe>
</div>
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine. There are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
By default, Portainer will expose the UI over the port `#!Ruby 9000` and expose a TCP tunnel server over the port `#!Ruby 8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0/deploy/requirements).
## :fontawesome-solid-paper-plane: Portainer Deployment
---
### :material-list-status: Pre-Req Note:
Portainer requires data persistence, and as a result needs at least one storage-class available to use. Portainer will attempt to use the "default" storage class during deployment. If you do NOT have a storage class tagged as "default" the deployment will likely fail.
You can check if you have a default storage class by running:
```shell
kubectl get sc
```
and looking for a storage class with (default) after its name:
![defaultsc](assets/defaultsc.png)
```shell
kubectl patch storageclass <storage-class-name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
```
and replace <storage-class-name> with the name of your storage class
Example: `kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'`
Alternatively, if installing using our helm chart you can add the following option with helm install:
```shell
--set persistence.storageClass=<storage-class-name>
```
---
<br>
**To deploy Portainer within a Kubernetes cluster, you can either use our HELM chart, or our provided manifests.**
=== "Deploy using Helm"
!!! Abstract ""
### :fontawesome-solid-server: Portainer Server Deployment
Ensure you're using at least helm v3.2, which [includes support](https://github.com/helm/helm/pull/7648) for the `--create-namespace` argument.
First, add the Portainer helm repo running the following:
```shell
helm repo add portainer https://portainer.github.io/k8s/
```
```shell
helm repo update
```
Based on how you would like expose Portainer Service, Select an option below
=== "NodePort"
Using the following command, Portainer will be available on port 30777.
```shell
helm install --create-namespace -n portainer portainer portainer/portainer
```
=== "Ingress"
Using the following command, Poratainer service will be assigned a Cluster IP. You should use this with an Ingress, see Chart Configuration Options for Ingress related options.
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
--set service.type=ClusterIP
```
??? Hint "Example Deployment with Nginx Ingress"
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
-- set service.type=ClusterIP \
-- set ingress.enabled=true \
-- set ingress.annotations='kubernetes.io/ingress.class: nginx' \
-- set ingress.hosts.host=portainer.example.io
```
=== "LoadBalancer"
Using the following command, Portainer will be available at an assigned LoadBalancer IP @ port 9000.
```shell
helm install --create-namespace -n portainer portainer portainer/portainer \
--set service.type=LoadBalancer
```
??? Note "Chart Configuration Options"
The following table lists the configurable parameters of the Portainer chart and their default values. The values file can be found under `deploy/helm/portainer/values.yaml`.
*The parameters will be keep updating.*
| Parameter | Description | Default |
| - | - | - |
| `replicaCount` | Number of Portainer service replicas (ALWAYS set to 1) | `1` |
| `image.repository` | Portainer Docker Hub repository | `portainer/portainer-ce` |
| `image.tag` | Tag for the Portainer image | `latest` |
| `image.pullPolicy` | Portainer image pulling policy | `IfNotPresent` |
| `imagePullSecrets` | If Portainer image requires to be in a private repository | `nil` |
| `nodeSelector` | Used to apply a nodeSelector to the deployment | `{}` |
| `serviceAccount.annotations` | Annotations to add to the service account | `null` |
| `serviceAccount.name` | The name of the service account to use | `portainer-sa-clusteradmin` |
| `service.type` | Service Type for the main Portainer Service; ClusterIP, NodePort and LoadBalancer | `LoadBalancer` |
| `service.httpPort` | HTTP port for accessing Portainer Web | `9000` |
| `service.httpNodePort` | Static NodePort for accessing Portainer Web. Specify only if the type is NodePort | `30777` |
| `service.edgePort` | TCP port for accessing Portainer Edge | `8000` |
| `service.edgeNodePort` | Static NodePort for accessing Portainer Edge. Specify only if the type is NodePort | `30776` |
| `service.annotations` | Annotations to add to the service | `{}` |
| `ingress.enabled` | Create an ingress for Portainer | `false` |
| `ingress.annotations` | Annotations to add to the ingress. For instane, `kubernetes.io/ingress.class: nginx` | `{}` |
| `ingress.hosts.host` | URL for Portainer Web. For instance, `portainer.example.io` | `nil` |
| `ingress.hosts.paths.path` | Path for the Portainer Web. | `/` |
| `ingress.hosts.paths.port` | Port for the Portainer Web. | `9000` |
| `ingress.tls` | TLS support on ingress. Must create a secret with TLS certificates in advance | `[]` |
| `resources` | Portainer resource requests and limits | `{}` |
| `persistence.enabled` | Whether to enable data persistence | `true` |
| `persistence.existingClaim` | Name of an existing PVC to use for data persistence | `nil` |
| `persistence.size` | Size of the PVC used for persistence | `10Gi` |
| `persistence.annotations` | Annotations to apply to PVC used for persistence | `{}` |
| `persistence.storageClass` | StorageClass to apply to PVC used for persistence | `default` |
| `persistence.accessMode` | AccessMode for persistence | `ReadWriteOnce` |
| `persistence.selector` | Selector for persistence | `nil` |
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Helm chart for Agent Only Deployments will be available soon.
In the mean time please head over to YAML Manifests tab.
=== "Deploy using YAML Manifests"
!!! Abstract ""
### :fontawesome-solid-server: Portainer Server Deployment
Based on how you would like expose Portainer Service, Select an option below
=== "NodePort"
Using the following command, Portainer will be available on port 30777.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml
```
=== "LoadBalancer"
Using the following command, Portainer will be available at an assigned LoadBalancer IP @ port 9000.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-lb.yaml
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Choose one of the tabs below based on how you would like to expose the agent.
=== "NodePort"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on port 30778.
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-nodeport.yaml
```
=== "LoadBalancer"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on LoadBalancer assigned IP @ port 9001
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-lb.yaml
```
=== "Deploy on Windows WSL / Docker Desktop"
!!! Abstract ""
You can deploy Portainer in a Kubernetes environment in Windows using Docker Desktop.
!!! Note
This scenario is for testing purpose only.
### Enable Kubernetes in Docker Desktop
To enable Kubernetes in Docker Desktop, you need to open the dashboard of Docker Desktop. Right click the Docker icon in the system tray and click "dashboard"
![dashboard](assets/windows10-1.png)
Click Settings:
![settings](assets/windows10-2.png)
1. Select Kubernetes 2. Select 'Enable Kubernetes' 3. Click 'Apply and Restart'.
![kubernetes](assets/windows10-3.png)
After a few minutes, you will see that Kubernetes is running:
![kubernetes_running](assets/windows10-4.png)
### :fontawesome-solid-server: Portainer Server Deployment
Based on how you would like expose Portainer Service, Select an option below
=== "NodePort"
Using the following command, Portainer will be available on port 30777.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml
```
=== "LoadBalancer"
Using the following command, Portainer will be available at an assigned LoadBalancer IP @ port 9000.
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-lb.yaml
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Choose one of the tabs below based on how you would like to expose the agent.
=== "NodePort"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on port 30778.
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-nodeport.yaml
```
=== "LoadBalancer"
Run the following command to deploy the Agent in your Kubernetes Cluster, agent will be available on LoadBalancer assigned IP @ port 9001
```shell
kubectl apply -n portainer -f https://downloads.portainer.io/portainer-agent-k8s-lb.yaml
```
---
???+ Tip "Regarding Persisting Data"
The charts/manifests will create a persistent volume for storing Portainer data, using the default StorageClass.
In some Kubernetes clusters (microk8s), the default Storage Class simply creates hostPath volumes, which are not explicitly tied to a particular node. In a multi-node cluster, this can create an issue when the pod is terminated and rescheduled on a different node, "leaving" all the persistent data behind and starting the pod with an "empty" volume.
While this behaviour is inherently a limitation of using hostPath volumes, a suitable workaround is to use add a nodeSelector to the deployment, which effectively "pins" the portainer pod to a particular node.
The nodeSelector can be added in the following ways:
1. Edit your own values.yaml and set the value of nodeSelector like this:
nodeSelector: kubernetes.io/hostname: \<YOUR NODE NAME>
2. Explicictly set the target node when deploying/updating the helm chart on the CLI, by including `--set nodeSelector.kubernetes.io/hostname=<YOUR NODE NAME>`
3. If you've deployed Portainer via manifests, without Helm, run the following one-liner to "patch" the deployment, forcing the pod to always be scheduled on the node it's currently running on:
kubectl patch deployments -n portainer portainer -p '{"spec": {"template": {"spec": {"nodeSelector": {"kubernetes.io/hostname": "'$(kubectl get pods -n portainer -o jsonpath='{ ..nodeName }')'"}}}}}' || (echo Failed to identify current node of portainer pod; exit 1)
<br>
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}
<!-- {{ snippet('https://github.com/portainer/k8s.git', 'charts/portainer/README.md', '# Chart Configuration') }} -->

320
docs/v2.0/deploy/ceinstallswarm.md
View File

@ -1,159 +1,163 @@
---
hide: toc
---
# :fontawesome-brands-docker: Deploying Portainer CE in Docker Swarm
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine or within a Swarm cluster. Due to the nature of Docker, there are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
Note that the recommended deployment mode when using Swarm is using the Portainer Agent.
By default, Portainer will expose the UI over the port `#!Ruby 9000` and expose a TCP tunnel server over the port `#!Ruby 8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0/deploy/requirements).
## :fontawesome-solid-paper-plane: Portainer Deployment
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see Portainer and agent scenario below):
=== "Docker Swarm on Linux"
!!! Abstract ""
### :fontawesome-solid-server: Portainer Server Deployment
Deploying Portainer and the Portainer Agent to manage a Swarm cluster is easy! You can directly deploy Portainer as a service in your Docker cluster. Note that this method will automatically deploy a single instance of the Portainer Server, and deploy the Portainer Agent as a global service on every node in your cluster.
```shell
curl -L https://downloads.portainer.io/portainer-agent-stack.yml -o portainer-agent-stack.yml
```
```shell
docker stack deploy -c portainer-agent-stack.yml portainer
```
<b>Note</b>: By default this stack doesn't enable Host Management Features, you need to enable from the UI of Portainer.
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Deploy Portainer Agent on a remote LINUX Swarm Cluster as a Swarm Service, run this command on a manager node in the remote cluster.
First create the network:
```shell
docker network create portainer_agent_network
```
The following step is deploy the Agent:
```shell
docker service create --name portainer_agent --network portainer_agent_network --publish mode=host,target=9001,published=9001 -e AGENT_CLUSTER_ADDR=tasks.portainer_agent --mode global --mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock --mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes --mount type=bind,src=/,dst=/host portainer/agent
```
=== "Docker Swarm on Windows WSL"
!!! Abstract ""
Before you can deploy Portainer in Docker Swarm running in Windows, you need to install WSL. [Read this guide to know more about WSL/WSL2](https://docs.microsoft.com/en-us/windows/wsl/install-win10){target=_blank}
Use the following Docker Swarmcommands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see portainer and agent scenario below):
### :fontawesome-solid-server: Portainer Server Deployment
Deploying Portainer and the Portainer Agent to manage a Swarm cluster is easy! You can directly deploy Portainer as a service in your Docker cluster. Note that this method will automatically deploy a single instance
of the Portainer Server, and deploys the Portainer Agent as a global service on every node in your cluster.
Remember to initiate the Docker Swarm mode when you use Docker Desktop. You can do this running the following command:
```shell
docker swarm init
```
The terminal will reply with this:
```shell
Swarm initialized: current node (15gbf4d66mvzk3die00sgirpf) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-096qbnf2b9yywagu5ht3731zlpkeqazgctffolntsiljfp0m34-c4snnxplgwq2bd1ohta8k48b9 192.168.65.3:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
```
Once this is done, you can continue with the installation running the following command:
```shell
curl -L https://downloads.portainer.io/portainer-agent-stack.yml -o portainer-agent-stack.yml
```
```shell
docker stack deploy -c portainer-agent-stack.yml portainer
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Deploy Portainer Agent on a Swarm Cluster as a Swarm Service, run this command in a manager node in the cluster.
```shell
docker service create --name portainer_agent --network portainer_agent_network --publish mode=host,target=9001,published=9001 -e AGENT_CLUSTER_ADDR=tasks.portainer_agent --mode global --mount type=bind
src=//var/run/docker.sock,dst=/var/run/docker.sock --mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes -mount type=bind,src=/,dst=/host portainer/agent
```
=== "Docker Swarm on Windows Container Service"
!!! Abstract ""
To run Portainer in a Windows Server/Desktop Environment, you need to create exceptions in the firewall. These, can be easy added through PowerShell, running the following commands:
```shell
netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
```
```shell
netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
```
```shell
netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
```
```shell
netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
```
You also need to install Windows Container Host Service and Install Docker.
```shell
Enable-WindowsOptionalFeature -Online -FeatureName containers -All
```
```shell
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
```
```shell
Install-Package -Name docker -ProviderName DockerMsftProvider
```
Lastly, you need to restart your Windows Server. After it has restarted, you're ready to deploy Portainer.
### :fontawesome-solid-server: Portainer Server Deployment
You can use our YML manifest to run Portainer in Windows using Windows Containers. In Powershell, run:
```PowerShell
curl https://downloads.portainer.io/portainer_windows_stack.yml -o portainer_windows_stack.yml
```
```PowerShell
docker stack deploy --compose-file=portainer_windows_stack.yml portainer
```
Now, you can navigate to http://localhost:9000 or the IP of the server and start using Portainer.
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
To run Portainer Agent in a Windows Container scenario, you need to execute the following commands:
```PowerShell
curl -L https://downloads.portainer.io/agent-stack-windows.yml -o agent-stack-windows.yml && docker stack deploy --compose-file=agent-stack-windows.yml portainer-agent
```
<br>
## :material-note-text: Notes
---
hide: toc
---
# :fontawesome-brands-docker: Deploying Portainer CE in Docker Swarm
<div class="video-wrapper">
<iframe width="1280" height="720" src="https://www.youtube.com/embed/L80QDuix5RE" frameborder="0" allowfullscreen></iframe>
</div>
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine or within a Swarm cluster. Due to the nature of Docker, there are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
Note that the recommended deployment mode when using Swarm is using the Portainer Agent.
By default, Portainer will expose the UI over the port `#!Ruby 9000` and expose a TCP tunnel server over the port `#!Ruby 8000`. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0/deploy/requirements).
## :fontawesome-solid-paper-plane: Portainer Deployment
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see Portainer and agent scenario below):
=== "Docker Swarm on Linux"
!!! Abstract ""
### :fontawesome-solid-server: Portainer Server Deployment
Deploying Portainer and the Portainer Agent to manage a Swarm cluster is easy! You can directly deploy Portainer as a service in your Docker cluster. Note that this method will automatically deploy a single instance of the Portainer Server, and deploy the Portainer Agent as a global service on every node in your cluster.
```shell
curl -L https://downloads.portainer.io/portainer-agent-stack.yml -o portainer-agent-stack.yml
```
```shell
docker stack deploy -c portainer-agent-stack.yml portainer
```
<b>Note</b>: By default this stack doesn't enable Host Management Features, you need to enable from the UI of Portainer.
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Deploy Portainer Agent on a remote LINUX Swarm Cluster as a Swarm Service, run this command on a manager node in the remote cluster.
First create the network:
```shell
docker network create portainer_agent_network
```
The following step is deploy the Agent:
```shell
docker service create --name portainer_agent --network portainer_agent_network --publish mode=host,target=9001,published=9001 -e AGENT_CLUSTER_ADDR=tasks.portainer_agent --mode global --mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock --mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes --mount type=bind,src=/,dst=/host portainer/agent
```
=== "Docker Swarm on Windows WSL / Docker Desktop"
!!! Abstract ""
Before you can deploy Portainer in Docker Swarm running in Windows, you need to install WSL. [Read this guide to know more about WSL/WSL2](https://docs.microsoft.com/en-us/windows/wsl/install-win10){target=_blank}
Use the following Docker Swarmcommands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see portainer and agent scenario below):
### :fontawesome-solid-server: Portainer Server Deployment
Deploying Portainer and the Portainer Agent to manage a Swarm cluster is easy! You can directly deploy Portainer as a service in your Docker cluster. Note that this method will automatically deploy a single instance
of the Portainer Server, and deploys the Portainer Agent as a global service on every node in your cluster.
Remember to initiate the Docker Swarm mode when you use Docker Desktop. You can do this running the following command:
```shell
docker swarm init
```
The terminal will reply with this:
```shell
Swarm initialized: current node (15gbf4d66mvzk3die00sgirpf) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-096qbnf2b9yywagu5ht3731zlpkeqazgctffolntsiljfp0m34-c4snnxplgwq2bd1ohta8k48b9 192.168.65.3:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
```
Once this is done, you can continue with the installation running the following command:
```shell
curl -L https://downloads.portainer.io/portainer-agent-stack.yml -o portainer-agent-stack.yml
```
```shell
docker stack deploy -c portainer-agent-stack.yml portainer
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Deploy Portainer Agent on a Swarm Cluster as a Swarm Service, run this command in a manager node in the cluster.
```shell
docker service create --name portainer_agent --network portainer_agent_network --publish mode=host,target=9001,published=9001 -e AGENT_CLUSTER_ADDR=tasks.portainer_agent --mode global --mount type=bind
src=//var/run/docker.sock,dst=/var/run/docker.sock --mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes -mount type=bind,src=/,dst=/host portainer/agent
```
=== "Docker Swarm on Windows Container Service"
!!! Abstract ""
To run Portainer in a Windows Server/Desktop Environment, you need to create exceptions in the firewall. These, can be easy added through PowerShell, running the following commands:
```shell
netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
```
```shell
netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
```
```shell
netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
```
```shell
netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
```
You also need to install Windows Container Host Service and Install Docker.
```shell
Enable-WindowsOptionalFeature -Online -FeatureName containers -All
```
```shell
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
```
```shell
Install-Package -Name docker -ProviderName DockerMsftProvider
```
Lastly, you need to restart your Windows Server. After it has restarted, you're ready to deploy Portainer.
### :fontawesome-solid-server: Portainer Server Deployment
You can use our YML manifest to run Portainer in Windows using Windows Containers. In Powershell, run:
```PowerShell
curl https://downloads.portainer.io/portainer_windows_stack.yml -o portainer_windows_stack.yml
```
```PowerShell
docker stack deploy --compose-file=portainer_windows_stack.yml portainer
```
Now, you can navigate to http://localhost:9000 or the IP of the server and start using Portainer.
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
To run Portainer Agent in a Windows Container scenario, you need to execute the following commands:
```PowerShell
curl -L https://downloads.portainer.io/agent-stack-windows.yml -o agent-stack-windows.yml && docker stack deploy --compose-file=agent-stack-windows.yml portainer-agent
```
<br>
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

56
docs/v2.0/deploy/roles.md
View File

@ -1,29 +1,29 @@
# Description of Roles
Portainer Business come with Role-Based Access Control features that refines the access privileges available natively within Portainer. The RBAC feature allows you to create fine-grained access for users across all resources and all endpoints defined within Portainer.
## Basics Understanding
* Role is a predefined set of privileges.
* Privileges define rights to perform actions.
* Users are assigned roles and each role has specific privileges.
* To assign privileges, you pair a user or team with a role and associate that pairing with an endpoint or endpoint group.
* A single user or team can have different roles for different endpoints in the Portainer inventory.
## Describing Roles
There are four types of roles:
* Endpoint Administrator: has complete control over the resources deployed within a given endpoint, but is not able to make any changes to the infrastructure that underpins an endpoint (i.e. no host management), nor are they able to make any changes to Portainer internal settings.
* Helpdesk: has read-only access over the resources deployed within a given endpoint but is not able to make any changes to any resource, nor open a console to a container, or make changes to a containers volumes.
* Standard User: has complete control over the resources that a user deploys, or if the user is a member of a team, complete control over the resources that users of that team deploy.
* Read-Only User: has read-only access over the resources they are entitled to see (resources created by members of their team, and public resources).
* The Administrator role sits outside of these four roles, and effectively acts as a “Global Admin”. A user assigned this role has complete control over Portainer settings, and all resources on every endpoint under Portainer control.
# Notes
# Description of Roles
Portainer Business come with Role-Based Access Control features that refines the access privileges available natively within Portainer. The RBAC feature allows you to create fine-grained access for users across all resources and all endpoints defined within Portainer.
## Basics Understanding
* Role is a predefined set of privileges.
* Privileges define rights to perform actions.
* Users are assigned roles and each role has specific privileges.
* To assign privileges, you pair a user or team with a role and associate that pairing with an endpoint or endpoint group.
* A single user or team can have different roles for different endpoints in the Portainer inventory.
## Describing Roles
There are four types of roles:
* Endpoint Administrator: has complete control over the resources deployed within a given endpoint, but is not able to make any changes to the infrastructure that underpins an endpoint (i.e. no host management), nor are they able to make any changes to Portainer internal settings.
* Helpdesk: has read-only access over the resources deployed within a given endpoint but is not able to make any changes to any resource, nor open a console to a container, or make changes to a containers volumes.
* Standard User: has complete control over the resources that a user deploys, or if the user is a member of a team, complete control over the resources that users of that team deploy.
* Read-Only User: has read-only access over the resources they are entitled to see (resources created by members of their team, and public resources).
* The Administrator role sits outside of these four roles, and effectively acts as a “Global Admin”. A user assigned this role has complete control over Portainer settings, and all resources on every endpoint under Portainer control.
# Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

540
docs/v2.0/deploy/singleinstalldocker.md
View File

@ -1,271 +1,271 @@
---
title: Combined Instructions Example
---
# :fontawesome-brands-docker: Deploying Portainer in Docker
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine or within a Swarm cluster. Due to the nature of Docker, there are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
Note that the recommended deployment mode when using Swarm is using the Portainer Agent.
By default, Portainer will expose the UI over the port 9000 and expose a TCP tunnel server over the port 8000. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0/deploy/requirements).
## :fontawesome-solid-paper-plane: Portainer Deployment
=== "Docker on Linux"
### :fontawesome-solid-server: Portainer Server Deployment
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see Portainer and agent scenario below):
```shell
docker volume create portainer_data
```
=== "Community Edition"
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
```
=== "Business Edition"
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Run the following command to deploy the Agent in your Docker host.
===! "Community Edition"
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent
```
=== "Business Edition"
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent:2.0.0
```
=== "Docker on Windows WSL"
Before you can deploy Portainer in Docker Standalone running in Windows, you need to install WSL. [Read this guide to know more about WSL/WSL2](https://docs.microsoft.com/en-us/windows/wsl/install-win10)
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see portainer and agent scenario below):
### :fontawesome-solid-server: Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Run the following command to deploy the Agent in your Docker host.
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent
```
=== "Docker on Windows Container Service"
To run Portainer in a Windows Server/Desktop Environment, you need to create exceptions in the firewall. These, can be easy added trough PowerShell, running the following commands:
```shell
netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
```
```shell
netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
```
```shell
netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
```
```shell
netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
```
You also need to install Windows Container Host Service and Install Docker.
```shell
Enable-WindowsOptionalFeature -Online -FeatureName containers -All
```
```shell
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
```
```shell
Install-Package -Name docker -ProviderName DockerMsftProvider
```
Lastly, you need to restart your Windows Server. After it has restarted, you're ready to deploy Portainer.
### :fontawesome-solid-server: Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 9000:9000 --name portainer --restart always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine -v portainer_data:C:\data portainer/portainer-ce
```
Now, you can navigate to http://localhost:9000 or the IP of the server and start using Portainer.
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
To run Portainer Agent in a Windows Container scenario, you need to execute the following commands:
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine portainer/agent
```
??? Tip "Advanced Options"
# CLI Configuration Options
Portainer can be easily tuned using CLI flags.
## Admin password
### From the command line
Portainer allows you to specify a bcrypt encrypted password from the command line for the admin account. You need to generate the bcrypt encrypted password first.
You can generate the encrypted password with the following command if you have installed apache2-utils package:
```shell
htpasswd -nb -B admin "your-password" | cut -d ":" -f 2
```
If your system does not have the mentioned command, you can run a container to run the command:
```shell
docker run --rm httpd:2.4-alpine htpasswd -nbB admin "your-password" | cut -d ":" -f 2
```
To specify the admin password from the command line, start Portainer with the <code>--admin-password</code> flag:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --admin-password='$2y$05$8oz75U8m5tI/xT4P0NbSHeE7WyRzOWKRBprfGotwDkhBOGP/u802u'
```
### Inside a file
You can also store the plaintext password inside a file and use the <code>--admin-password-file</code> flag:
Add your password to a file running the following command:
```shell
echo -n mypassword > /tmp/portainer_password
```
Now you can start the Portainer container by running:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/portainer_password:/tmp/portainer_password portainer/portainer-ce --admin-password-file /tmp/portainer_password
```
This works well with Docker Swarm and Docker secrets too:
```shell
echo -n mypassword | docker secret create portainer-pass -
```
```shell
docker service create \
--name portainer \
--secret portainer-pass \
--publish 9000:9000 \
--publish 8000:8000 \
--replicas=1 \
--constraint 'node.role == manager' \
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
portainer/portainer-ce \
--admin-password-file '/run/secrets/portainer-pass' \
-H unix:///var/run/docker.sock
```
Note: This will automatically create an administrator account called admin with the specified password.
## Hiding specific containers
Portainer allows you to hide containers with a specific label by using the -l flag.
For example, take a container started with the label owner=acme (note that this is an example label, you can define your own labels):
```shell
docker run -d --label owner=acme nginx
```
To hide this container, simply add the -l owner=acme option on the CLI when starting Portainer:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce -l owner=acme
```
Note that the -l flag can be repeated multiple times to specify multiple labels:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce -l owner=acme -l service=secret
```
## Use your own logo
You do not like our logo? Want to make Portainer more corporate? Dont worry, you can easily switch for an external logo (it must be exactly 155px by 55px) using the <code>--logo flag</code>:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --logo "https://www.docker.com/sites/all/themes/docker/assets/images/brand-full.svg"
```
This can also be completed via the GUI in the Portaner Settings menu
## Use your own templates
Portainer allows you to rapidly deploy containers using App Templates.
By default Portainer templates will be used but you can also define your own templates.
Note: at the moment, templates are only loaded once at first Portainer startup. If you already deployed a Portainer instance and want to use your own templates after this, youll need to clear any existing templates (default templates) via the HTTP API.
Using the <code>--templates</code> flag you can specify an URL where the template file can be accessed via HTTP.
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --templates http://my-host.my-domain/templates.json
```
Suggestion: You can host your template files in [Github](https://www.github.com)
## Available flags
The following CLI flags are available:
* <code>--admin-password</code>: Specify a bcrypt hashed password for the admin user
* <code>--admin-password-file</code>: Path to the file containing the password for the admin user
* <code>--bind, -p</code>: Address and port to serve Portainer (default: :9000)
* <code>--data, -d</code>: Directory where Portainer data will be stored (default: /data on Linux, C:\data on Windows)
* <code>--edge-compute</code>: Automatically enable edge-compute features
* <code>--hide-label, -l</code>: Hide containers with a specific label in the UI
* <code>--host, -H</code>: Docker daemon endpoint
* <code>--logo</code>: URL to a picture to be displayed as a logo in the UI, use Portainer logo if not specified
* <code>--snapshot-interval</code>: Time interval between two endpoint snapshot jobs expressed as a string, e.g. 30s, 5m, 1h… as supported by the time.ParseDuration method (default: 5m)
* <code>--ssl</code>: Secure Portainer instance using SSL (default: false)
* <code>--sslcert</code>: Path to the SSL certificate used to secure the Portainer instance (default: /certs/portainer.crt, C:\certs\portainer.crt on Windows)
* <code>--sslkey</code>: Path to the SSL key used to secure the Portainer instance (default: /certs/portainer.key, C:\certs\portainer.key on Windows)
* <code>--templates, -t</code>: URL to templates (apps) definitions
* <code>--tlscacert</code>: Path to the CA (default: /certs/ca.pem on Linux, C:\certs\ca.pem on Windows)
* <code>--tlscert</code>: Path to the TLS certificate file (default: /certs/cert.pem, C:\certs\cert.pem on Windows)
* <code>--tlskey</code>: Path to the TLS key (default: /certs/key.pem, C:\certs\key.pem on Windows)
* <code>--tlsverify</code>: TLS support (default: false)
* <code>--tunnel-port</code>: Specify an alternate tunnel port to use with the Edge agent. Use --tunnel-port 8001 with -p 8001:8001 to make the Edge agent communicate on port 8001
## :material-note-text: Notes
---
title: Combined Instructions Example
---
# :fontawesome-brands-docker: Deploying Portainer in Docker
Portainer is comprised of two elements, the Portainer Server, and the Portainer Agent. Both elements run as lightweight Docker containers on a Docker engine or within a Swarm cluster. Due to the nature of Docker, there are many possible deployment scenarios, however, we have detailed the most common below. Please use the scenario that matches your configuration.
Note that the recommended deployment mode when using Swarm is using the Portainer Agent.
By default, Portainer will expose the UI over the port 9000 and expose a TCP tunnel server over the port 8000. The latter is optional and is only required if you plan to use the Edge compute features with Edge agents.
To see the requirements, please, visit the page of [requirements](/v2.0/deploy/requirements).
## :fontawesome-solid-paper-plane: Portainer Deployment
=== "Docker on Linux"
### :fontawesome-solid-server: Portainer Server Deployment
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see Portainer and agent scenario below):
```shell
docker volume create portainer_data
```
=== "Community Edition"
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
```
=== "Business Edition"
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Run the following command to deploy the Agent in your Docker host.
===! "Community Edition"
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent
```
=== "Business Edition"
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent:2.0.0
```
=== "Docker on Windows WSL"
Before you can deploy Portainer in Docker Standalone running in Windows, you need to install WSL. [Read this guide to know more about WSL/WSL2](https://docs.microsoft.com/en-us/windows/wsl/install-win10)
Use the following Docker commands to deploy the Portainer Server; note the agent is not needed on standalone hosts, however it does provide additional functionality if used (see portainer and agent scenario below):
### :fontawesome-solid-server: Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce
```
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
Run the following command to deploy the Agent in your Docker host.
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker/volumes:/var/lib/docker/volumes portainer/agent
```
=== "Docker on Windows Container Service"
To run Portainer in a Windows Server/Desktop Environment, you need to create exceptions in the firewall. These, can be easy added trough PowerShell, running the following commands:
```shell
netsh advfirewall firewall add rule name="cluster_management" dir=in action=allow protocol=TCP localport=2377
```
```shell
netsh advfirewall firewall add rule name="node_communication_tcp" dir=in action=allow protocol=TCP localport=7946
```
```shell
netsh advfirewall firewall add rule name="node_communication_udp" dir=in action=allow protocol=UDP localport=7946
```
```shell
netsh advfirewall firewall add rule name="overlay_network" dir=in action=allow protocol=UDP localport=4789
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_tcp" dir=in action=allow protocol=TCP localport=53
```
```shell
netsh advfirewall firewall add rule name="swarm_dns_udp" dir=in action=allow protocol=UDP localport=53
```
You also need to install Windows Container Host Service and Install Docker.
```shell
Enable-WindowsOptionalFeature -Online -FeatureName containers -All
```
```shell
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
```
```shell
Install-Package -Name docker -ProviderName DockerMsftProvider
```
Lastly, you need to restart your Windows Server. After it has restarted, you're ready to deploy Portainer.
### :fontawesome-solid-server: Portainer Server Deployment
```shell
docker volume create portainer_data
```
```shell
docker run -d -p 9000:9000 --name portainer --restart always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine -v portainer_data:C:\data portainer/portainer-ce
```
Now, you can navigate to http://localhost:9000 or the IP of the server and start using Portainer.
### :fontawesome-solid-laptop: Portainer Agent Only Deployment
To run Portainer Agent in a Windows Container scenario, you need to execute the following commands:
```shell
docker run -d -p 9001:9001 --name portainer_agent --restart=always -v \\.\pipe\docker_engine:\\.\pipe\docker_engine portainer/agent
```
??? Tip "Advanced Options"
# CLI Configuration Options
Portainer can be easily tuned using CLI flags.
## Admin password
### From the command line
Portainer allows you to specify a bcrypt encrypted password from the command line for the admin account. You need to generate the bcrypt encrypted password first.
You can generate the encrypted password with the following command if you have installed apache2-utils package:
```shell
htpasswd -nb -B admin "your-password" | cut -d ":" -f 2
```
If your system does not have the mentioned command, you can run a container to run the command:
```shell
docker run --rm httpd:2.4-alpine htpasswd -nbB admin "your-password" | cut -d ":" -f 2
```
To specify the admin password from the command line, start Portainer with the <code>--admin-password</code> flag:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --admin-password='$2y$05$8oz75U8m5tI/xT4P0NbSHeE7WyRzOWKRBprfGotwDkhBOGP/u802u'
```
### Inside a file
You can also store the plaintext password inside a file and use the <code>--admin-password-file</code> flag:
Add your password to a file running the following command:
```shell
echo -n mypassword > /tmp/portainer_password
```
Now you can start the Portainer container by running:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v /tmp/portainer_password:/tmp/portainer_password portainer/portainer-ce --admin-password-file /tmp/portainer_password
```
This works well with Docker Swarm and Docker secrets too:
```shell
echo -n mypassword | docker secret create portainer-pass -
```
```shell
docker service create \
--name portainer \
--secret portainer-pass \
--publish 9000:9000 \
--publish 8000:8000 \
--replicas=1 \
--constraint 'node.role == manager' \
--mount type=bind,src=/var/run/docker.sock,dst=/var/run/docker.sock \
portainer/portainer-ce \
--admin-password-file '/run/secrets/portainer-pass' \
-H unix:///var/run/docker.sock
```
Note: This will automatically create an administrator account called admin with the specified password.
## Hiding specific containers
Portainer allows you to hide containers with a specific label by using the -l flag.
For example, take a container started with the label owner=acme (note that this is an example label, you can define your own labels):
```shell
docker run -d --label owner=acme nginx
```
To hide this container, simply add the -l owner=acme option on the CLI when starting Portainer:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce -l owner=acme
```
Note that the -l flag can be repeated multiple times to specify multiple labels:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce -l owner=acme -l service=secret
```
## Use your own logo
You do not like our logo? Want to make Portainer more corporate? Dont worry, you can easily switch for an external logo (it must be exactly 155px by 55px) using the <code>--logo flag</code>:
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --logo "https://www.docker.com/sites/all/themes/docker/assets/images/brand-full.svg"
```
This can also be completed via the GUI in the Portaner Settings menu
## Use your own templates
Portainer allows you to rapidly deploy containers using App Templates.
By default Portainer templates will be used but you can also define your own templates.
Note: at the moment, templates are only loaded once at first Portainer startup. If you already deployed a Portainer instance and want to use your own templates after this, youll need to clear any existing templates (default templates) via the HTTP API.
Using the <code>--templates</code> flag you can specify an URL where the template file can be accessed via HTTP.
```shell
docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer-ce --templates http://my-host.my-domain/templates.json
```
Suggestion: You can host your template files in [Github](https://www.github.com)
## Available flags
The following CLI flags are available:
* <code>--admin-password</code>: Specify a bcrypt hashed password for the admin user
* <code>--admin-password-file</code>: Path to the file containing the password for the admin user
* <code>--bind, -p</code>: Address and port to serve Portainer (default: :9000)
* <code>--data, -d</code>: Directory where Portainer data will be stored (default: /data on Linux, C:\data on Windows)
* <code>--edge-compute</code>: Automatically enable edge-compute features
* <code>--hide-label, -l</code>: Hide containers with a specific label in the UI
* <code>--host, -H</code>: Docker daemon endpoint
* <code>--logo</code>: URL to a picture to be displayed as a logo in the UI, use Portainer logo if not specified
* <code>--snapshot-interval</code>: Time interval between two endpoint snapshot jobs expressed as a string, e.g. 30s, 5m, 1h… as supported by the time.ParseDuration method (default: 5m)
* <code>--ssl</code>: Secure Portainer instance using SSL (default: false)
* <code>--sslcert</code>: Path to the SSL certificate used to secure the Portainer instance (default: /certs/portainer.crt, C:\certs\portainer.crt on Windows)
* <code>--sslkey</code>: Path to the SSL key used to secure the Portainer instance (default: /certs/portainer.key, C:\certs\portainer.key on Windows)
* <code>--templates, -t</code>: URL to templates (apps) definitions
* <code>--tlscacert</code>: Path to the CA (default: /certs/ca.pem on Linux, C:\certs\ca.pem on Windows)
* <code>--tlscert</code>: Path to the TLS certificate file (default: /certs/cert.pem, C:\certs\cert.pem on Windows)
* <code>--tlskey</code>: Path to the TLS key (default: /certs/key.pem, C:\certs\key.pem on Windows)
* <code>--tlsverify</code>: TLS support (default: false)
* <code>--tunnel-port</code>: Specify an alternate tunnel port to use with the Edge agent. Use --tunnel-port 8001 with -p 8001:8001 to make the Edge agent communicate on port 8001
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

3
docs/v2.0/deploy/ssl.md
View File

@ -8,6 +8,9 @@ To do so, you can use the following flags <code>--ssl</code>, <code>--sslcert</c
<pre><code>$ docker run -d -p 443:9000 -p 8000:8000 --name portainer --restart always -v /var/run/docker.sock:/var/run/docker.sock -v ~/local-certs:/certs -v portainer_data:/data portainer/portainer-ce --ssl --sslcert /certs/portainer.crt --sslkey /certs/portainer.key</code></pre>
!!! Note
Portainer expects the certificate in PEM format.
Now, you can navigate to https://$ip-docker-host
## :fontawesome-solid-lock: Securing Portainer using SSL with Docker Swarm

6
docs/v2.0/endpoints/api.md
View File

@ -44,7 +44,7 @@ This query will create an endpoint called <b>test-local</b> and will use the Doc
<pre><code> http --form POST :9000/api/endpoints \
"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE" \
Name="test-local" EndpointType=1</code></pre>
Name="test-local" EndpointCreationType=1</code></pre>
The response is a JSON object representing the endpoint:
@ -75,7 +75,7 @@ This query will create an endpoint called <b>test-remote</b> and will communicat
<pre><code> http --form POST :9000/api/endpoints \
"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE" \
Name="test-remote" URL="tcp://10.0.7.10:2375" EndpointType=1</code></pre>
Name="test-remote" URL="tcp://10.0.7.10:2375" EndpointCreationType=1</code></pre>
The response is a JSON object representing the endpoint:
@ -106,7 +106,7 @@ This query will create an endpoint called <b>test-remote-tls</b> and will commun
<pre><code> http --form POST :9000/api/endpoints \
"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE" \
Name="test-remote" URL="tcp://10.0.7.10:2376" EndpointType=1 TLS="true" TLSCACertFile@/path/to/ca.pem TLSCertFile@/path/to/cert.pem TLSKeyFile@/path/to/key.pem</code></pre>
Name="test-remote" URL="tcp://10.0.7.10:2376" EndpointCreationType=1 TLS="true" TLSCACertFile@/path/to/ca.pem TLSCertFile@/path/to/cert.pem TLSKeyFile@/path/to/key.pem</code></pre>
The response is a JSON object representing the endpoint:

70
docs/v2.0/upgrade/updBE.md Normal file
View File

@ -0,0 +1,70 @@
# :material-dip-switch: Switching from CE to Portainer Business
Full instructions on how to switch your environment from Portainer CE to Portainer Business are here. These steps should be followed where you have bought the product or you are running a Free Trial.
=== ":fontawesome-brands-docker: Switching on Docker"
!!! Abstract ""
Assuming you've used our recommended deployment scripts: when upgrading to the latest version of Portainer, use the following commands:
```shell
docker stop portainer
```
```shell
docker rm portainer
```
Those 2 commands will stop and remove the container respectively. Doing this will NOT remove your other applications/containers/etc.
Now that you have stopped and removed the old version of Portainer, you can run this command
```shell
docker run -d -p 8000:8000 -p 9000:9000 --name=portainer --restart=always --pull=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ee:latest
```
That will deploy the newest version of Portainer Business on your system.
Now you can return to Portainer and login (you might need to log out first). When you login for the first time you will be prompted to enter your License Key. Copy this from the email you received and paste it into the dialogue box.
You should notice that the bottom left corner now contains the words "Business Edition"
=== ":fontawesome-brands-docker: Switching on Docker Swarm"
!!! Abstract ""
Assuming you've used our recommended deployment scripts: when upgrading to the latest version of Portainer, use the following commands:
=== ":material-kubernetes: Switching on Kubernetes"
!!! Abstract ""
Upgrade method depends on the original install method used.
=== "NodePort"
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-ee.yaml
```
=== "LoadBalancer"
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-lb.yaml
```
That will deploy the newest version of Portainer Business on your system.
Now you can go return to Portainer and login (you might need to log out first). When you login for the first time you will be prompted to enter your License Key. Copy this from the email you received and paste it into the dialogue box.
You should notice that the bottom left corner now contains the words "Business Edition"
### How to Downgrade
Full steps on how to downgrade from Portainer Business to CE [are found here.](https://documentation.portainer.io/v2.0-be/downgrade/be-to-ce/)
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

1
docs/v2.0/upgrade/upddocker.md
View File

@ -99,3 +99,4 @@ docker run -d -p 9001:9001 --name portainer_agent --restart=always --pull=always
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

152
docs/v2.0/upgrade/updk8s.md
View File

@ -1,76 +1,76 @@
# :material-kubernetes: Upgrade Kubernetes Deployment
Steps to upgrade Portainer and or Portainer agent deployed into Kubernetes. Upgrade method depends on the original install method used.
## Using Helm
Add Portianer helm repo running the following, ignore any warning about the repo being there already.
```shell
helm repo add portainer https://portainer.github.io/k8s/
```
```shell
helm repo update
```
Run the command below to upgrade to latest version of Portainer
```shell
helm upgrade -n portainer portainer portainer/portainer --reuse-values
```
## Using YAML Manifest
### Method 1:
Easiest way to upgrade is to use Portainer UI and use manifest files..
Copy the contents of manifest file from
#### For NodePort
```shell
https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml
```
> ##### Agent Only
> https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml
#### For LoadBalancer
```shell
https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-lb.yaml
```
> ##### Agent Only
> https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/agent/portainer-agent-k8s-lb.yaml
Login to portainer, in Kubernetes endpoint where portainer is installed go to Applications --> Advanced Deployment. Paste the yaml content.
![alt Manifest Deployment](assets/k8s-manifest-nodeport.png "Manifest Deployment")
Paste the yaml content and click Deploy.
Portainer should come back to a login page in a few seconds.
![alt Manifest Deployment](assets/k8s-manifest-deploy.png "Manifest Deployment")
### Method 2:
#### For NodePort
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml
```
> ##### Agent Only
> kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml
#### For Load Balancer
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-lb.yaml
```
> ##### Agent Only
> kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/agent/portainer-agent-k8s-lb.yaml
Now you can go to portainer url and login. You should notice that the bottom left corner looks different than it did before. There is no more update nag and the version is no longer shown next to the Portainer logo.
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}
# :material-kubernetes: Upgrade Kubernetes Deployment
Steps to upgrade Portainer and or Portainer agent deployed into Kubernetes. Upgrade method depends on the original install method used.
## Using Helm
Add Portainer helm repo running the following, ignore any warning about the repo being there already.
```shell
helm repo add portainer https://portainer.github.io/k8s/
```
```shell
helm repo update
```
Run the command below to upgrade to latest version of Portainer
```shell
helm upgrade -n portainer portainer portainer/portainer --reuse-values
```
## Using YAML Manifest
### Method 1:
Easiest way to upgrade is to use Portainer UI and use manifest files..
Copy the contents of manifest file from
#### For NodePort
```shell
https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml
```
> ##### Agent Only
> https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml
#### For LoadBalancer
```shell
https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-lb.yaml
```
> ##### Agent Only
> https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/agent/portainer-agent-k8s-lb.yaml
Login to portainer, in Kubernetes endpoint where portainer is installed go to Applications --> Advanced Deployment. Paste the yaml content.
![alt Manifest Deployment](assets/k8s-manifest-nodeport.png "Manifest Deployment")
Paste the yaml content and click Deploy.
Portainer should come back to a login page in a few seconds.
![alt Manifest Deployment](assets/k8s-manifest-deploy.png "Manifest Deployment")
### Method 2:
#### For NodePort
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer.yaml
```
> ##### Agent Only
> kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/agent/portainer-agent-k8s-nodeport.yaml
#### For Load Balancer
```shell
kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/portainer/portainer-lb.yaml
```
> ##### Agent Only
> kubectl apply -n portainer -f https://raw.githubusercontent.com/portainer/k8s/master/deploy/manifests/agent/portainer-agent-k8s-lb.yaml
Now you can go to portainer url and login. You should notice that the bottom left corner looks different than it did before. There is no more update nag and the version is no longer shown next to the Portainer logo.
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

50
docs/v2.0/upgrade/updswarm.md
View File

@ -1,25 +1,25 @@
# :fontawesome-brands-docker: Upgrade a Docker Swarm Deployment
### Docker Swarm
Steps to upgrade Portainer and or Portainer agent deployed into Dcoker Swarm as a service.
Run the following on manager node of your docker swarm cluster
<pre><code>docker service ls </code></pre>
![alt dcokerservice](assets/docker service ls.png "Docker Service List")
Make note of the service names for Portainer
To upgrade Portainer to the latest version, run the command below (You may need to replace Service Name portainer_portainer to match your setup)
<pre><code>docker service update --image portainer/portainer-ce --force portainer_portainer </code></pre>
To upgrade Portainer Agent to the latest version, run the command below (You may need to replace Service Name portainer_agent to match your setup)
<pre><code>docker service update --image portainer/agent --force portainer_agent </code></pre>
That will deploy the newest version of Portainer on your system, using the persistent data and upgrade the DB
Now you can go to http://your-server-address:9000 and login. You should notice that the bottom left corner looks different than it did before. There is no more update nag and the version is no longer shown next to the Portainer logo.
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}
# :fontawesome-brands-docker: Upgrade a Docker Swarm Deployment
### Docker Swarm
Steps to upgrade Portainer and or Portainer agent deployed into Docker Swarm as a service.
Run the following on manager node of your docker swarm cluster
<pre><code>docker service ls </code></pre>
![alt dcokerservice](assets/docker service ls.png "Docker Service List")
Make note of the service names for Portainer
To upgrade Portainer to the latest version, run the command below (You may need to replace Service Name portainer_portainer to match your setup)
<pre><code>docker service update --image portainer/portainer-ce --force portainer_portainer </code></pre>
To upgrade Portainer Agent to the latest version, run the command below (You may need to replace Service Name portainer_agent to match your setup)
<pre><code>docker service update --image portainer/agent --force portainer_agent </code></pre>
That will deploy the newest version of Portainer on your system, using the persistent data and upgrade the DB
Now you can go to http://your-server-address:9000 and login. You should notice that the bottom left corner looks different than it did before. There is no more update nag and the version is no longer shown next to the Portainer logo.
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

37
docs/v2.0/upgrade/upgrade.md
View File

@ -1,16 +1,21 @@
# Portainer Version Upgrade Path
We have tested and validated Portainer Version Upgrades from 1.24.0 to the latest (2.1.1). Although un-tested, it is possible an upgrade path that has not been validated might work.
You are recommended to test any upgrade path, validated or non-validated on a non critical system before applying it to your active production systems.
You can find Requirements for different versions of Portainer [here](../../deploy/requirements/)
Upgrade Instructions for different deployments below...
[Docker](../upddocker/){: .md-button }
[DockerSwarm](../updswarm/){: .md-button }
[Kubernetes](../updk8s/){: .md-button }
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}
# Switch from CE to Portainer Business
Instructions to upgrade from CE to Portainer Business (including Free Trial Accounts) [can be found here.](../updBE/)
# Upgrade a Portainer Version
We have tested and validated Portainer Version Upgrades from 1.24.0 to the latest (2.1.1). Although un-tested, it is possible an upgrade path that has not been validated might work.
You are recommended to test any upgrade path, validated or non-validated on a non critical system before applying it to your active production systems.
You can find Requirements for different versions of Portainer [here](../../deploy/requirements/)
Upgrade Instructions for different deployments below...
[Docker](../upddocker/){: .md-button }
[DockerSwarm](../updswarm/){: .md-button }
[Kubernetes](../updk8s/){: .md-button }
## :material-note-text: Notes
[Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=_blank}

667
mkdocs.yml
View File

@ -1,333 +1,334 @@
site_name: Documentation
google_analytics: ['G-N7CY67ZGSW', 'documentation.portainer.io']
nav:
- Home: index.md
- Quick Start: quickstart.md
- Release Notes: releasenotes.md
- Install Guide:
- Community Edition:
- 'Requirements' : 'v2.0/deploy/requirements.md'
- 'Docker' : 'v2.0/deploy/ceinstalldocker.md'
- 'Docker Swarm' : 'v2.0/deploy/ceinstallswarm.md'
- 'Kubernetes' : 'v2.0/deploy/ceinstallk8s.md'
- 'Using SSL with Portainer' : 'v2.0/deploy/ssl.md'
- 'Initial Setup' : 'v2.0/deploy/initial.md'
- Business Edition:
- 'Requirements' : 'v2.0-be/deploy/requirements.md'
- 'Docker' : 'v2.0-be/deploy/beinstalldocker.md'
- 'Docker Swarm' : 'v2.0-be/deploy/beinstallswarm.md'
- 'Kubernetes' : 'v2.0-be/deploy/beinstallk8s.md'
- 'Using SSL with Portainer' : 'v2.0-be/deploy/ssl.md'
- 'Initial Setup' : 'v2.0-be/deploy/initial.md'
- Admin Guide:
- Community Edition:
- Managing Endpoints:
- 'Add Local Endpoint' : 'v2.0/endpoints/local.md'
- 'Add Docker Endpoint' : 'v2.0/endpoints/docker.md'
- 'Add Docker Swarm Endpoint' : 'v2.0/endpoints/swarm.md'
- 'Add Kubernetes Endpoint' : 'v2.0/endpoints/kubernetes.md'
- 'Add Edge Endpoint' : 'v2.0/endpoints/edge.md'
- 'Add ACI Endpoint' : 'v2.0/endpoints/aci.md'
- 'Creating Endpoints Groups and Endpoint Tags' : 'v2.0/endpoints/groupstags.md'
- 'Managing Endpoints Access' : 'v2.0/endpoints/access.md'
- 'Add Endpoint through Portainer API' : 'v2.0/endpoints/api.md'
- Authentication Sources:
- 'LDAP' : 'v2.0/auth/ldap.md'
- 'OAuth' : 'v2.0/auth/oauth.md'
- 'Internal' : 'v2.0/auth/internal.md'
- Managing Users & Teams:
- 'Create a User' : 'v2.0/users/create.md'
- 'Create a Team' : 'v2.0/users/create-team.md'
- 'Promote a User as Admin' : 'v2.0/users/promoting.md'
- 'Add a User to a Team' : 'v2.0/users/user-team.md'
- 'Reset User Password' : 'v2.0/users/reset-user.md'
- 'Reset Administrator Password' : 'v2.0/users/reset-admin.md'
- Registries:
- 'Connect to a Registry' : 'v2.0/registries/connect.md'
- 'Enable Docker Hub Authentication' : 'v2.0/registries/auth-docker-hub.md'
- Configuring Settings:
- 'Enable use of external load balancer' : 'v2.0/settings/lb.md'
- 'Security Options' : 'v2.0/settings/security.md'
- 'Enable Edge Computing' : 'v2.0/settings/edge.md'
- 'App Templates' : 'v2.0/settings/apps.md'
- 'Enable Host Management Features' : 'v2.0/settings/host_management.md'
- Advanced Deployments:
- 'Using Portainer with Reverse Proxies':
- 'Traefik' : 'v2.0/ad/traefik/rp-traefik.md'
- 'Nginx' : 'v2.0/ad/nginx/rp-nginx.md'
- Deprecated and Removed Features : 'v2.0/troubleshooting/deprecated.md'
- Business Edition:
- Managing Endpoints:
- 'Add Local Endpoint' : 'v2.0-be/endpoints/local.md'
- 'Add Docker Endpoint' : 'v2.0-be/endpoints/docker.md'
- 'Add Docker Swarm Endpoint' : 'v2.0-be/endpoints/swarm.md'
- 'Add Kubernetes Endpoint' : 'v2.0-be/endpoints/kubernetes.md'
- 'Add Edge Endpoint' : 'v2.0-be/endpoints/edge.md'
- 'Add ACI Endpoint' : 'v2.0-be/endpoints/aci.md'
- 'Creating Endpoints Groups and Endpoint Tags' : 'v2.0-be/endpoints/groupstags.md'
- 'Managing Endpoints Access' : 'v2.0-be/endpoints/access.md'
- 'Add Endpoint through Portainer API' : 'v2.0-be/endpoints/api.md'
- Licensing:
- 'Add or remove license key' : 'v2.0-be/licensing/licensing.md'
- Authentication Sources:
- 'Automatic User Provisioning' : 'v2.0-be/auth/auto.md'
- 'LDAP' : 'v2.0-be/auth/ldap.md'
- 'Active Directory' : 'v2.0-be/auth/ad.md'
- 'OAuth' : 'v2.0-be/auth/oauth.md'
- 'Internal' : 'v2.0-be/auth/internal.md'
- Managing Users & Teams:
- 'RBAC Overview' : 'v2.0-be/users/roles.md'
- 'Effective access viewer' : 'v2.0-be/users/viewer.md'
- 'Create a User' : 'v2.0-be/users/create.md'
- 'Create a Team' : 'v2.0-be/users/create-team.md'
- 'Promote a User as Admin' : 'v2.0-be/users/promoting.md'
- 'Add a User to a Team' : 'v2.0-be/users/user-team.md'
- 'Reset User Password' : 'v2.0-be/users/reset-user.md'
- 'Reset Administrator Password' : 'v2.0-be/users/reset-admin.md'
- Registries:
- 'Registry Management Overview' : 'v2.0-be/registries/description.md'
- 'Connect to a Registry' : 'v2.0-be/registries/connect.md'
- 'Enable Docker Hub Authentication' : 'v2.0-be/registries/auth-docker-hub.md'
- Configuring Settings:
- 'Enable use of external load balancer' : 'v2.0-be/settings/lb.md'
- 'Allow/Disallow over-commitment of resources' : 'v2.0-be/settings/overcommit.md'
- 'Limit usage of default namespace' : 'v2.0-be/settings/namespaces.md'
- 'Security Options' : 'v2.0-be/settings/security.md'
- 'Enable Edge Computing' : 'v2.0-be/settings/edge.md'
- 'App Templates' : 'v2.0-be/settings/apps.md'
- 'Enable Host Management Features' : 'v2.0-be/settings/host_management.md'
- Downgrading:
- 'Downgrade from BE to CE': 'v2.0-be/downgrade/be-to-ce.md'
- Advanced Deployments:
- 'Using Portainer with Reverse Proxies':
- 'Traefik' : 'v2.0-be/ad/traefik/rp-traefik.md'
- 'Nginx' : 'v2.0-be/ad/nginx/rp-nginx.md'
- Deprecated and Removed Features : 'v2.0-be/troubleshooting/deprecated.md'
- User Guide:
- Community Edition:
- Docker & Docker Swarm:
- 'Stacks':
- 'Add/Create a Stack' : 'v2.0/stacks/create.md'
- 'Create a template from a Stack' : 'v2.0/stacks/template.md'
- 'Duplicate / Migrate Stacks' : 'v2.0/stacks/duplicate_migration.md'
- 'Inspect a Stack' : 'v2.0/stacks/inspect.md'
- 'Webhooks':
- 'Configure a Webhook' : 'v2.0/webhooks/create.md'
- 'Containers':
- 'Create New Container' : 'v2.0/containers/create.md'
- 'Delete/Remove a Container' : 'v2.0/containers/delete.md'
- 'Inspect a Container' : 'v2.0/containers/inspect.md'
- 'View logs' : 'v2.0/containers/logs.md'
- 'View Container stats' : 'v2.0/containers/stats.md'
- 'Access container console' : 'v2.0/containers/console.md'
- 'Change Container Ownership' : 'v2.0/containers/ownership.md'
- 'Duplicate or Edit a Container' : 'v2.0/containers/duplicate-edit.md'
- 'App Templates':
- 'Deploy a Stack' : 'v2.0/templates/deploy_stack.md'
- 'Deploy an App (Container)' : 'v2.0/templates/deploy_container.md'
- 'Images':
- 'Pull images' : 'v2.0/images/pull.md'
- 'Import images' : 'v2.0/images/import.md'
- 'Export images' : 'v2.0/images/export.md'
- 'Build images' : 'v2.0/images/build.md'
- 'Networks':
- 'Add a Network' : 'v2.0/networks/add.md'
- 'Delete a Network' : 'v2.0/networks/delete.md'
- 'Services':
- 'Create a New Service' : 'v2.0/services/create.md'
- 'Scaling a Service' : 'v2.0/services/scale.md'
- 'View Service Logs' : 'v2.0/services/logs.md'
- 'Service Task Status' : 'v2.0/services/status.md'
- 'Configure Service Options' : 'v2.0/services/options.md'
- 'Rollback a Service' : 'v2.0/services/rollback.md'
- 'Volumes':
- 'Browse a Volume' : 'v2.0/volumes/browse.md'
- 'Create a Volume' : 'v2.0/volumes/create.md'
- 'Attach an Existing Volume' : 'v2.0/volumes/attaching.md'
- 'Delete a Volume' : 'v2.0/volumes/delete.md'
- 'Configs':
- 'Add custom configs' : 'v2.0/configs/add.md'
- 'Delete configs' : 'v2.0/configs/delete.md'
- 'Secrets':
- 'Add a new secret' : 'v2.0/secrets/add.md'
- 'Delete secrets' : 'v2.0/secrets/delete.md'
- Kubernetes:
- 'Applications':
- 'Deploy a new application' : 'v2.0/kubernetes/applications/create.md'
- 'Deploy from a Kubernetes Manifest' : 'v2.0/kubernetes/applications/manifest.md'
- 'Delete an Application' : 'v2.0/kubernetes/applications/delete.md'
- 'Inspect an Application' : 'v2.0/kubernetes/applications/inspect.md'
- 'Resource Pools':
- 'Create a Resource Pool' : 'v2.0/kubernetes/resource_pools/create.md'
- 'Manage Access' : 'v2.0/kubernetes/resource_pools/access.md'
- 'Delete a Resource Pool' : 'v2.0/kubernetes/resource_pools/delete.md'
- 'Volumes':
- 'Inspect a volume' : 'v2.0/kubernetes/volumes/inspect.md'
- 'Resize a volume' : 'v2.0/kubernetes/volumes/resize.md'
- 'Remove a volume' : 'v2.0/kubernetes/volumes/remove.md'
- 'Configurations':
- 'Add a configuration' : 'v2.0/kubernetes/configurations/create.md'
- 'Remove a configuration' : 'v2.0/kubernetes/configurations/remove.md'
- 'Cluster':
- 'Inspect cluster' : 'v2.0/kubernetes/cluster/inspect.md'
- ACI:
- 'About ACI' : 'v2.0/aci/aci.md'
- 'Add New Container' : 'v2.0/aci/add_container.md'
- 'Delete a Container' : 'v2.0/aci/delete_container.md'
- Edge:
- 'Add a Stack' : 'v2.0/edge/stacks.md'
- 'Add a Job' : 'v2.0/edge/jobs/add.md'
- 'Managing Edge Groups' : 'v2.0/edge/groups.md'
- Business Edition:
- Docker & Docker Swarm:
- 'Stacks':
- 'Add/Create a Stack' : 'v2.0-be/stacks/create.md'
- 'Create a template from a Stack' : 'v2.0-be/stacks/template.md'
- 'Duplicate / Migrate Stacks' : 'v2.0-be/stacks/duplicate_migration.md'
- 'Inspect a Stack' : 'v2.0-be/stacks/inspect.md'
- 'Webhooks':
- 'Configure a Webhook' : 'v2.0-be/webhooks/create.md'
- 'Containers':
- 'Create New Container' : 'v2.0-be/containers/create.md'
- 'Delete/Remove a Container' : 'v2.0-be/containers/delete.md'
- 'Inspect a Container' : 'v2.0-be/containers/inspect.md'
- 'View logs' : 'v2.0-be/containers/logs.md'
- 'View Container stats' : 'v2.0-be/containers/stats.md'
- 'Access container console' : 'v2.0-be/containers/console.md'
- 'Change Container Ownership' : 'v2.0-be/containers/ownership.md'
- 'Duplicate or Edit a Container' : 'v2.0-be/containers/duplicate-edit.md'
- 'App Templates':
- 'Deploy a Stack' : 'v2.0-be/templates/deploy_stack.md'
- 'Deploy an App (Container)' : 'v2.0-be/templates/deploy_container.md'
- 'Images':
- 'Pull images' : 'v2.0-be/images/pull.md'
- 'Import images' : 'v2.0-be/images/import.md'
- 'Export images' : 'v2.0-be/images/export.md'
- 'Build images' : 'v2.0-be/images/build.md'
- 'Networks':
- 'Add a Network' : 'v2.0-be/networks/add.md'
- 'Delete a Network' : 'v2.0-be/networks/delete.md'
- 'Services':
- 'Create a New Service' : 'v2.0-be/services/create.md'
- 'Scaling a Service' : 'v2.0-be/services/scale.md'
- 'View Service Logs' : 'v2.0-be/services/logs.md'
- 'Service Task Status' : 'v2.0-be/services/status.md'
- 'Configure Service Options' : 'v2.0-be/services/options.md'
- 'Rollback a Service' : 'v2.0-be/services/rollback.md'
- 'Volumes':
- 'Browse a Volume' : 'v2.0-be/volumes/browse.md'
- 'Create a Volume' : 'v2.0-be/volumes/create.md'
- 'Attach an Existing Volume' : 'v2.0-be/volumes/attaching.md'
- 'Delete a Volume' : 'v2.0-be/volumes/delete.md'
- 'Configs':
- 'Add custom configs' : 'v2.0-be/configs/add.md'
- 'Delete configs' : 'v2.0-be/configs/delete.md'
- 'Secrets':
- 'Add a new secret' : 'v2.0-be/secrets/add.md'
- 'Delete secrets' : 'v2.0-be/secrets/delete.md'
- Kubernetes:
- 'Applications':
- 'Deploy a new application' : 'v2.0-be/kubernetes/applications/create.md'
- 'Deploy from a Kubernetes Manifest' : 'v2.0-be/kubernetes/applications/manifest.md'
- 'Delete an Application' : 'v2.0-be/kubernetes/applications/delete.md'
- 'Inspect an Application' : 'v2.0-be/kubernetes/applications/inspect.md'
- 'Resource Pools':
- 'Create a Resource Pool' : 'v2.0-be/kubernetes/resource_pools/create.md'
- 'Manage Access' : 'v2.0-be/kubernetes/resource_pools/access.md'
- 'Delete a Resource Pool' : 'v2.0-be/kubernetes/resource_pools/delete.md'
- 'Volumes':
- 'Inspect a volume' : 'v2.0-be/kubernetes/volumes/inspect.md'
- 'Resize a volume' : 'v2.0-be/kubernetes/volumes/resize.md'
- 'Remove a volume' : 'v2.0-be/kubernetes/volumes/remove.md'
- 'Configurations':
- 'Add a configuration' : 'v2.0-be/kubernetes/configurations/create.md'
- 'Remove a configuration' : 'v2.0-be/kubernetes/configurations/remove.md'
- 'Cluster':
- 'Inspect cluster' : 'v2.0-be/kubernetes/cluster/inspect.md'
- ACI:
- 'About ACI' : 'v2.0-be/aci/aci.md'
- 'Add New Container' : 'v2.0-be/aci/add_container.md'
- 'Delete a Container' : 'v2.0-be/aci/delete_container.md'
- Edge:
- 'Add a Stack' : 'v2.0-be/edge/stacks.md'
- 'Add a Job' : 'v2.0-be/edge/jobs/add.md'
- 'Managing Edge Groups' : 'v2.0-be/edge/groups.md'
- Registries:
- 'Browse a Registry' : 'v2.0-be/registries/browse.md'
- 'Manage a Registry' : 'v2.0-be/registries/manage.md'
- Upgrading Portainer:
- 'Upgrade Path': 'v2.0/upgrade/upgrade.md'
- 'Upgrading on Docker': 'v2.0/upgrade/upddocker.md'
- 'Upgrading on DockerSwarm': 'v2.0/upgrade/updswarm.md'
- 'Upgrading on Kubernetes': 'v2.0/upgrade/updk8s.md'
- FAQs : 'https://support.portainer.io'
- Videos : 'https://www.youtube.com/channel/UC7diMJcrULjDseq5yhSUZgg/videos/" target="_blank'
- Older Releases:
- CE 1.23.2:
- 'Agent' : 'archive/1.23.2/agent.md'
- 'API' : 'archive/1.23.2/API.md'
- 'Configuration' : 'archive/1.23.2/configuration.md'
- 'Deployment' : 'archive/1.23.2/deployment.md'
- 'External Endpoints' : 'archive/1.23.2/external_endpoints.md'
- 'Limitations' : 'archive/1.23.2/limitations.md'
- 'Templates' : 'archive/1.23.2/templates.md'
- 'Troubleshooting' : 'archive/1.23.2/troubleshooting.md'
- 'User Guide' : 'archive/1.23.2/userguide.md'
- 'FAQ' : 'archive/1.23.2/faq.md'
- Contributing to Portainer:
- 'Instructions' : 'contributing/instructions.md'
- 'Install required tools on Mac OS' : 'contributing/tools-macos.md'
- 'Install required tools on Linux' : 'contributing/tools-linux.md'
extra_css:
- css/extra.css
theme:
font:
text: Raleway
features:
- instant
logo: assets/logo.png
favicon: assets/icon.webp
name: material
palette:
primary: light-blue
repo_name: portainer/portainer
repo_url: https://github.com/portainer/portainer-docs
markdown_extensions:
- attr_list
- admonition
- toc:
toc_depth: 0
- pymdownx.tabbed
- pymdownx.superfences
- pymdownx.details
- pymdownx.inlinehilite
- fontawesome_markdown
- meta
- pymdownx.emoji:
emoji_index: !!python/name:materialx.emoji.twemoji
emoji_generator: !!python/name:materialx.emoji.to_svg
plugins:
- search
- redirects:
redirect_maps:
'v2.0/deploy/linux.md': 'quickstart.md'
'v2.0/deploy/windows10.md': 'quickstart.md'
'v2.0-be/deploy/windowsserver.md': 'quickstart.md'
'v2.0-be/deploy/linux.md': 'quickstart.md'
'v2.0-be/deploy/windows10.md': 'quickstart.md'
'v2.0-be/deploy/windowsserver.md': 'quickstart.md'
extra:
social:
- icon: fontawesome/brands/twitter
link: https://twitter.com/portainerio
- icon: fontawesome/brands/linkedin
link: https://www.linkedin.com/company/portainer/
- icon: fontawesome/brands/youtube
link: https://www.youtube.com/channel/UC7diMJcrULjDseq5yhSUZgg
- icon: fontawesome/brands/facebook
link: https://www.facebook.com/portainerio/
- icon: fontawesome/brands/reddit
link: https://reddit.com/r/portainer
site_name: Documentation
google_analytics: ['G-N7CY67ZGSW', 'documentation.portainer.io']
nav:
- Home: index.md
- Quick Start: quickstart.md
- Release Notes: releasenotes.md
- Install Guide:
- Community Edition:
- 'Requirements' : 'v2.0/deploy/requirements.md'
- 'Docker' : 'v2.0/deploy/ceinstalldocker.md'
- 'Docker Swarm' : 'v2.0/deploy/ceinstallswarm.md'
- 'Kubernetes' : 'v2.0/deploy/ceinstallk8s.md'
- 'Using SSL with Portainer' : 'v2.0/deploy/ssl.md'
- 'Initial Setup' : 'v2.0/deploy/initial.md'
- Business Edition:
- 'Requirements' : 'v2.0-be/deploy/requirements.md'
- 'Docker' : 'v2.0-be/deploy/beinstalldocker.md'
- 'Docker Swarm' : 'v2.0-be/deploy/beinstallswarm.md'
- 'Kubernetes' : 'v2.0-be/deploy/beinstallk8s.md'
- 'Using SSL with Portainer' : 'v2.0-be/deploy/ssl.md'
- 'Initial Setup' : 'v2.0-be/deploy/initial.md'
- Admin Guide:
- Community Edition:
- Managing Endpoints:
- 'Add Local Endpoint' : 'v2.0/endpoints/local.md'
- 'Add Docker Endpoint' : 'v2.0/endpoints/docker.md'
- 'Add Docker Swarm Endpoint' : 'v2.0/endpoints/swarm.md'
- 'Add Kubernetes Endpoint' : 'v2.0/endpoints/kubernetes.md'
- 'Add Edge Endpoint' : 'v2.0/endpoints/edge.md'
- 'Add ACI Endpoint' : 'v2.0/endpoints/aci.md'
- 'Creating Endpoints Groups and Endpoint Tags' : 'v2.0/endpoints/groupstags.md'
- 'Managing Endpoints Access' : 'v2.0/endpoints/access.md'
- 'Add Endpoint through Portainer API' : 'v2.0/endpoints/api.md'
- Authentication Sources:
- 'LDAP' : 'v2.0/auth/ldap.md'
- 'OAuth' : 'v2.0/auth/oauth.md'
- 'Internal' : 'v2.0/auth/internal.md'
- Managing Users & Teams:
- 'Create a User' : 'v2.0/users/create.md'
- 'Create a Team' : 'v2.0/users/create-team.md'
- 'Promote a User as Admin' : 'v2.0/users/promoting.md'
- 'Add a User to a Team' : 'v2.0/users/user-team.md'
- 'Reset User Password' : 'v2.0/users/reset-user.md'
- 'Reset Administrator Password' : 'v2.0/users/reset-admin.md'
- Registries:
- 'Connect to a Registry' : 'v2.0/registries/connect.md'
- 'Enable Docker Hub Authentication' : 'v2.0/registries/auth-docker-hub.md'
- Configuring Settings:
- 'Enable use of external load balancer' : 'v2.0/settings/lb.md'
- 'Security Options' : 'v2.0/settings/security.md'
- 'Enable Edge Computing' : 'v2.0/settings/edge.md'
- 'App Templates' : 'v2.0/settings/apps.md'
- 'Enable Host Management Features' : 'v2.0/settings/host_management.md'
- Advanced Deployments:
- 'Using Portainer with Reverse Proxies':
- 'Traefik' : 'v2.0/ad/traefik/rp-traefik.md'
- 'Nginx' : 'v2.0/ad/nginx/rp-nginx.md'
- Deprecated and Removed Features : 'v2.0/troubleshooting/deprecated.md'
- Business Edition:
- Managing Endpoints:
- 'Add Local Endpoint' : 'v2.0-be/endpoints/local.md'
- 'Add Docker Endpoint' : 'v2.0-be/endpoints/docker.md'
- 'Add Docker Swarm Endpoint' : 'v2.0-be/endpoints/swarm.md'
- 'Add Kubernetes Endpoint' : 'v2.0-be/endpoints/kubernetes.md'
- 'Add Edge Endpoint' : 'v2.0-be/endpoints/edge.md'
- 'Add ACI Endpoint' : 'v2.0-be/endpoints/aci.md'
- 'Creating Endpoints Groups and Endpoint Tags' : 'v2.0-be/endpoints/groupstags.md'
- 'Managing Endpoints Access' : 'v2.0-be/endpoints/access.md'
- 'Add Endpoint through Portainer API' : 'v2.0-be/endpoints/api.md'
- Licensing:
- 'Add or remove license key' : 'v2.0-be/licensing/licensing.md'
- Authentication Sources:
- 'Automatic User Provisioning' : 'v2.0-be/auth/auto.md'
- 'LDAP' : 'v2.0-be/auth/ldap.md'
- 'Active Directory' : 'v2.0-be/auth/ad.md'
- 'OAuth' : 'v2.0-be/auth/oauth.md'
- 'Internal' : 'v2.0-be/auth/internal.md'
- Managing Users & Teams:
- 'RBAC Overview' : 'v2.0-be/users/roles.md'
- 'Effective access viewer' : 'v2.0-be/users/viewer.md'
- 'Create a User' : 'v2.0-be/users/create.md'
- 'Create a Team' : 'v2.0-be/users/create-team.md'
- 'Promote a User as Admin' : 'v2.0-be/users/promoting.md'
- 'Add a User to a Team' : 'v2.0-be/users/user-team.md'
- 'Reset User Password' : 'v2.0-be/users/reset-user.md'
- 'Reset Administrator Password' : 'v2.0-be/users/reset-admin.md'
- Registries:
- 'Registry Management Overview' : 'v2.0-be/registries/description.md'
- 'Connect to a Registry' : 'v2.0-be/registries/connect.md'
- 'Enable Docker Hub Authentication' : 'v2.0-be/registries/auth-docker-hub.md'
- Configuring Settings:
- 'Enable use of external load balancer' : 'v2.0-be/settings/lb.md'
- 'Allow/Disallow over-commitment of resources' : 'v2.0-be/settings/overcommit.md'
- 'Limit usage of default namespace' : 'v2.0-be/settings/namespaces.md'
- 'Security Options' : 'v2.0-be/settings/security.md'
- 'Enable Edge Computing' : 'v2.0-be/settings/edge.md'
- 'App Templates' : 'v2.0-be/settings/apps.md'
- 'Enable Host Management Features' : 'v2.0-be/settings/host_management.md'
- Downgrading:
- 'Downgrade from BE to CE': 'v2.0-be/downgrade/be-to-ce.md'
- Advanced Deployments:
- 'Using Portainer with Reverse Proxies':
- 'Traefik' : 'v2.0-be/ad/traefik/rp-traefik.md'
- 'Nginx' : 'v2.0-be/ad/nginx/rp-nginx.md'
- Deprecated and Removed Features : 'v2.0-be/troubleshooting/deprecated.md'
- User Guide:
- Community Edition:
- Docker & Docker Swarm:
- 'Stacks':
- 'Add/Create a Stack' : 'v2.0/stacks/create.md'
- 'Create a template from a Stack' : 'v2.0/stacks/template.md'
- 'Duplicate / Migrate Stacks' : 'v2.0/stacks/duplicate_migration.md'
- 'Inspect a Stack' : 'v2.0/stacks/inspect.md'
- 'Webhooks':
- 'Configure a Webhook' : 'v2.0/webhooks/create.md'
- 'Containers':
- 'Create New Container' : 'v2.0/containers/create.md'
- 'Delete/Remove a Container' : 'v2.0/containers/delete.md'
- 'Inspect a Container' : 'v2.0/containers/inspect.md'
- 'View logs' : 'v2.0/containers/logs.md'
- 'View Container stats' : 'v2.0/containers/stats.md'
- 'Access container console' : 'v2.0/containers/console.md'
- 'Change Container Ownership' : 'v2.0/containers/ownership.md'
- 'Duplicate or Edit a Container' : 'v2.0/containers/duplicate-edit.md'
- 'App Templates':
- 'Deploy a Stack' : 'v2.0/templates/deploy_stack.md'
- 'Deploy an App (Container)' : 'v2.0/templates/deploy_container.md'
- 'Images':
- 'Pull images' : 'v2.0/images/pull.md'
- 'Import images' : 'v2.0/images/import.md'
- 'Export images' : 'v2.0/images/export.md'
- 'Build images' : 'v2.0/images/build.md'
- 'Networks':
- 'Add a Network' : 'v2.0/networks/add.md'
- 'Delete a Network' : 'v2.0/networks/delete.md'
- 'Services':
- 'Create a New Service' : 'v2.0/services/create.md'
- 'Scaling a Service' : 'v2.0/services/scale.md'
- 'View Service Logs' : 'v2.0/services/logs.md'
- 'Service Task Status' : 'v2.0/services/status.md'
- 'Configure Service Options' : 'v2.0/services/options.md'
- 'Rollback a Service' : 'v2.0/services/rollback.md'
- 'Volumes':
- 'Browse a Volume' : 'v2.0/volumes/browse.md'
- 'Create a Volume' : 'v2.0/volumes/create.md'
- 'Attach an Existing Volume' : 'v2.0/volumes/attaching.md'
- 'Delete a Volume' : 'v2.0/volumes/delete.md'
- 'Configs':
- 'Add custom configs' : 'v2.0/configs/add.md'
- 'Delete configs' : 'v2.0/configs/delete.md'
- 'Secrets':
- 'Add a new secret' : 'v2.0/secrets/add.md'
- 'Delete secrets' : 'v2.0/secrets/delete.md'
- Kubernetes:
- 'Applications':
- 'Deploy a new application' : 'v2.0/kubernetes/applications/create.md'
- 'Deploy from a Kubernetes Manifest' : 'v2.0/kubernetes/applications/manifest.md'
- 'Delete an Application' : 'v2.0/kubernetes/applications/delete.md'
- 'Inspect an Application' : 'v2.0/kubernetes/applications/inspect.md'
- 'Resource Pools':
- 'Create a Resource Pool' : 'v2.0/kubernetes/resource_pools/create.md'
- 'Manage Access' : 'v2.0/kubernetes/resource_pools/access.md'
- 'Delete a Resource Pool' : 'v2.0/kubernetes/resource_pools/delete.md'
- 'Volumes':
- 'Inspect a volume' : 'v2.0/kubernetes/volumes/inspect.md'
- 'Resize a volume' : 'v2.0/kubernetes/volumes/resize.md'
- 'Remove a volume' : 'v2.0/kubernetes/volumes/remove.md'
- 'Configurations':
- 'Add a configuration' : 'v2.0/kubernetes/configurations/create.md'
- 'Remove a configuration' : 'v2.0/kubernetes/configurations/remove.md'
- 'Cluster':
- 'Inspect cluster' : 'v2.0/kubernetes/cluster/inspect.md'
- ACI:
- 'About ACI' : 'v2.0/aci/aci.md'
- 'Add New Container' : 'v2.0/aci/add_container.md'
- 'Delete a Container' : 'v2.0/aci/delete_container.md'
- Edge:
- 'Add a Stack' : 'v2.0/edge/stacks.md'
- 'Add a Job' : 'v2.0/edge/jobs/add.md'
- 'Managing Edge Groups' : 'v2.0/edge/groups.md'
- Business Edition:
- Docker & Docker Swarm:
- 'Stacks':
- 'Add/Create a Stack' : 'v2.0-be/stacks/create.md'
- 'Create a template from a Stack' : 'v2.0-be/stacks/template.md'
- 'Duplicate / Migrate Stacks' : 'v2.0-be/stacks/duplicate_migration.md'
- 'Inspect a Stack' : 'v2.0-be/stacks/inspect.md'
- 'Webhooks':
- 'Configure a Webhook' : 'v2.0-be/webhooks/create.md'
- 'Containers':
- 'Create New Container' : 'v2.0-be/containers/create.md'
- 'Delete/Remove a Container' : 'v2.0-be/containers/delete.md'
- 'Inspect a Container' : 'v2.0-be/containers/inspect.md'
- 'View logs' : 'v2.0-be/containers/logs.md'
- 'View Container stats' : 'v2.0-be/containers/stats.md'
- 'Access container console' : 'v2.0-be/containers/console.md'
- 'Change Container Ownership' : 'v2.0-be/containers/ownership.md'
- 'Duplicate or Edit a Container' : 'v2.0-be/containers/duplicate-edit.md'
- 'App Templates':
- 'Deploy a Stack' : 'v2.0-be/templates/deploy_stack.md'
- 'Deploy an App (Container)' : 'v2.0-be/templates/deploy_container.md'
- 'Images':
- 'Pull images' : 'v2.0-be/images/pull.md'
- 'Import images' : 'v2.0-be/images/import.md'
- 'Export images' : 'v2.0-be/images/export.md'
- 'Build images' : 'v2.0-be/images/build.md'
- 'Networks':
- 'Add a Network' : 'v2.0-be/networks/add.md'
- 'Delete a Network' : 'v2.0-be/networks/delete.md'
- 'Services':
- 'Create a New Service' : 'v2.0-be/services/create.md'
- 'Scaling a Service' : 'v2.0-be/services/scale.md'
- 'View Service Logs' : 'v2.0-be/services/logs.md'
- 'Service Task Status' : 'v2.0-be/services/status.md'
- 'Configure Service Options' : 'v2.0-be/services/options.md'
- 'Rollback a Service' : 'v2.0-be/services/rollback.md'
- 'Volumes':
- 'Browse a Volume' : 'v2.0-be/volumes/browse.md'
- 'Create a Volume' : 'v2.0-be/volumes/create.md'
- 'Attach an Existing Volume' : 'v2.0-be/volumes/attaching.md'
- 'Delete a Volume' : 'v2.0-be/volumes/delete.md'
- 'Configs':
- 'Add custom configs' : 'v2.0-be/configs/add.md'
- 'Delete configs' : 'v2.0-be/configs/delete.md'
- 'Secrets':
- 'Add a new secret' : 'v2.0-be/secrets/add.md'
- 'Delete secrets' : 'v2.0-be/secrets/delete.md'
- Kubernetes:
- 'Applications':
- 'Deploy a new application' : 'v2.0-be/kubernetes/applications/create.md'
- 'Deploy from a Kubernetes Manifest' : 'v2.0-be/kubernetes/applications/manifest.md'
- 'Delete an Application' : 'v2.0-be/kubernetes/applications/delete.md'
- 'Inspect an Application' : 'v2.0-be/kubernetes/applications/inspect.md'
- 'Resource Pools':
- 'Create a Resource Pool' : 'v2.0-be/kubernetes/resource_pools/create.md'
- 'Manage Access' : 'v2.0-be/kubernetes/resource_pools/access.md'
- 'Delete a Resource Pool' : 'v2.0-be/kubernetes/resource_pools/delete.md'
- 'Volumes':
- 'Inspect a volume' : 'v2.0-be/kubernetes/volumes/inspect.md'
- 'Resize a volume' : 'v2.0-be/kubernetes/volumes/resize.md'
- 'Remove a volume' : 'v2.0-be/kubernetes/volumes/remove.md'
- 'Configurations':
- 'Add a configuration' : 'v2.0-be/kubernetes/configurations/create.md'
- 'Remove a configuration' : 'v2.0-be/kubernetes/configurations/remove.md'
- 'Cluster':
- 'Inspect cluster' : 'v2.0-be/kubernetes/cluster/inspect.md'
- ACI:
- 'About ACI' : 'v2.0-be/aci/aci.md'
- 'Add New Container' : 'v2.0-be/aci/add_container.md'
- 'Delete a Container' : 'v2.0-be/aci/delete_container.md'
- Edge:
- 'Add a Stack' : 'v2.0-be/edge/stacks.md'
- 'Add a Job' : 'v2.0-be/edge/jobs/add.md'
- 'Managing Edge Groups' : 'v2.0-be/edge/groups.md'
- Registries:
- 'Browse a Registry' : 'v2.0-be/registries/browse.md'
- 'Manage a Registry' : 'v2.0-be/registries/manage.md'
- Upgrading Portainer:
- 'Upgrade Path': 'v2.0/upgrade/upgrade.md'
- 'Upgrade CE to Business': 'v2.0/upgrade/updBE.md'
- 'Upgrading on Docker': 'v2.0/upgrade/upddocker.md'
- 'Upgrading on DockerSwarm': 'v2.0/upgrade/updswarm.md'
- 'Upgrading on Kubernetes': 'v2.0/upgrade/updk8s.md'
- FAQs : 'https://support.portainer.io'
- Videos : 'https://www.youtube.com/channel/UC7diMJcrULjDseq5yhSUZgg/videos/" target="_blank'
- Older Releases:
- CE 1.23.2:
- 'Agent' : 'archive/1.23.2/agent.md'
- 'API' : 'archive/1.23.2/API.md'
- 'Configuration' : 'archive/1.23.2/configuration.md'
- 'Deployment' : 'archive/1.23.2/deployment.md'
- 'External Endpoints' : 'archive/1.23.2/external_endpoints.md'
- 'Limitations' : 'archive/1.23.2/limitations.md'
- 'Templates' : 'archive/1.23.2/templates.md'
- 'Troubleshooting' : 'archive/1.23.2/troubleshooting.md'
- 'User Guide' : 'archive/1.23.2/userguide.md'
- 'FAQ' : 'archive/1.23.2/faq.md'
- Contributing to Portainer:
- 'Instructions' : 'contributing/instructions.md'
- 'Install required tools on Mac OS' : 'contributing/tools-macos.md'
- 'Install required tools on Linux' : 'contributing/tools-linux.md'
extra_css:
- css/extra.css
theme:
font:
text: Raleway
features:
- instant
logo: assets/logo.png
favicon: assets/icon.webp
name: material
palette:
primary: light-blue
repo_name: portainer/portainer
repo_url: https://github.com/portainer/portainer-docs
markdown_extensions:
- attr_list
- admonition
- toc:
toc_depth: 0
- pymdownx.tabbed
- pymdownx.superfences
- pymdownx.details
- pymdownx.inlinehilite
- fontawesome_markdown
- meta
- pymdownx.emoji:
emoji_index: !!python/name:materialx.emoji.twemoji
emoji_generator: !!python/name:materialx.emoji.to_svg
plugins:
- search
- redirects:
redirect_maps:
'v2.0/deploy/linux.md': 'quickstart.md'
'v2.0/deploy/windows10.md': 'quickstart.md'
'v2.0-be/deploy/windowsserver.md': 'quickstart.md'
'v2.0-be/deploy/linux.md': 'quickstart.md'
'v2.0-be/deploy/windows10.md': 'quickstart.md'
'v2.0-be/deploy/windowsserver.md': 'quickstart.md'
extra:
social:
- icon: fontawesome/brands/twitter
link: https://twitter.com/portainerio
- icon: fontawesome/brands/linkedin
link: https://www.linkedin.com/company/portainer/
- icon: fontawesome/brands/youtube
link: https://www.youtube.com/channel/UC7diMJcrULjDseq5yhSUZgg
- icon: fontawesome/brands/facebook
link: https://www.facebook.com/portainerio/
- icon: fontawesome/brands/reddit
link: https://reddit.com/r/portainer

598
mkdocs.yml.bkp
View File

@ -1,299 +1,299 @@
site_name: Documentation
nav:
- Home: index.md
- Portainer CE 2.0 Admin Guide:
- Deploying Portainer:
- 'Requirements' : 'v2.0/deploy/requirements.md'
- 'CLI Options' : 'v2.0/deploy/cli.md'
- 'Deploying on Linux' : 'v2.0/deploy/linux.md'
- 'Deploying on Windows Server' : 'v2.0/deploy/windowsserver.md'
- 'Deploying on Windows 10' : 'v2.0/deploy/windows10.md'
- 'Using SSL with Portainer' : 'v2.0/deploy/ssl.md'
- 'Initial Setup' : 'v2.0/deploy/initial.md'
- Managing Endpoints:
- 'Add Local Endpoint' : 'v2.0/endpoints/local.md'
- 'Add Docker Endpoint' : 'v2.0/endpoints/docker.md'
- 'Add Docker Swarm Endpoint' : 'v2.0/endpoints/swarm.md'
- 'Add Kubernetes Endpoint' : 'v2.0/endpoints/kubernetes.md'
- 'Add Edge Endpoint' : 'v2.0/endpoints/edge.md'
- 'Add ACI Endpoint' : 'v2.0/endpoints/aci.md'
- 'Creating Endpoints Groups and Endpoint Tags' : 'v2.0/endpoints/groupstags.md'
- 'Managing Endpoints Access' : 'v2.0/endpoints/access.md'
- 'Add Endpoint through Portainer API' : 'v2.0/endpoints/api.md'
- Authentication Sources:
- 'LDAP' : 'v2.0/auth/ldap.md'
- 'OAuth' : 'v2.0/auth/oauth.md'
- 'Internal' : 'v2.0/auth/internal.md'
- Managing Users & Teams:
- 'Create a User' : 'v2.0/users/create.md'
- 'Create a Team' : 'v2.0/users/create-team.md'
- 'Promote a User as Admin' : 'v2.0/users/promoting.md'
- 'Add a User to a Team' : 'v2.0/users/user-team.md'
- 'Reset User Password' : 'v2.0/users/reset-user.md'
- 'Reset Administrator Password' : 'v2.0/users/reset-admin.md'
- Registries:
- 'Connect to a Registry' : 'v2.0/registries/connect.md'
- 'Enable Docker Hub Authentication' : 'v2.0/registries/auth-docker-hub.md'
- Configuring Settings:
- 'Enable use of external load balancer' : 'v2.0/settings/lb.md'
- 'Security Options' : 'v2.0/settings/security.md'
- 'Enable Edge Computing' : 'v2.0/settings/edge.md'
- 'App Templates' : 'v2.0/settings/apps.md'
- Advanced Deployments:
- 'Using Portainer with Reverse Proxies':
- 'Traefik' : 'v2.0/ad/traefik/rp-traefik.md'
- 'Nginx' : 'v2.0/ad/nginx/rp-nginx.md'
- FAQs : 'v2.0/troubleshooting/troubleshooting.md'
- Deprecated and Removed Features : 'v2.0/troubleshooting/deprecated.md'
- Portainer CE 2.0 User Guide:
- Docker & Docker Swarm:
- 'Stacks':
- 'Add/Create a Stack' : 'v2.0/stacks/create.md'
- 'Create a template from a Stack' : 'v2.0/stacks/template.md'
- 'Duplicate / Migrate Stacks' : 'v2.0/stacks/duplicate_migration.md'
- 'Inspect a Stack' : 'v2.0/stacks/inspect.md'
- 'Webhooks':
- 'Configure a Webhook' : 'v2.0/webhooks/create.md'
- 'Containers':
- 'Create New Container' : 'v2.0/containers/create.md'
- 'Delete/Remove a Container' : 'v2.0/containers/delete.md'
- 'Inspect a Container' : 'v2.0/containers/inspect.md'
- 'View logs' : 'v2.0/containers/logs.md'
- 'View Container stats' : 'v2.0/containers/stats.md'
- 'Access container console' : 'v2.0/containers/console.md'
- 'Change Container Ownership' : 'v2.0/containers/ownership.md'
- 'Duplicated/Edit a Container' : 'v2.0/containers/duplicate-edit.md'
- 'App Templates':
- 'Deploy an Stack' : 'v2.0/templates/deploy_stack.md'
- 'Deploy an App (Container)' : 'v2.0/templates/deploy_container.md'
- 'Images':
- 'Pull images' : 'v2.0/images/pull.md'
- 'Import images' : 'v2.0/images/import.md'
- 'Export images' : 'v2.0/images/export.md'
- 'Build images' : 'v2.0/images/build.md'
- 'Networks':
- 'Add a Network' : 'v2.0/networks/add.md'
- 'Delete a Network' : 'v2.0/networks/delete.md'
- 'Services':
- 'Create a New Service' : 'v2.0/services/create.md'
- 'Scaling a Service' : 'v2.0/services/scale.md'
- 'View Service Logs' : 'v2.0/services/logs.md'
- 'Service Task Status' : 'v2.0/services/status.md'
- 'Configure Service Options' : 'v2.0/services/options.md'
- 'Rollback a Service' : 'v2.0/services/rollback.md'
- 'Volumes':
- 'Browse a Volume' : 'v2.0/volumes/browse.md'
- 'Create a Volume' : 'v2.0/volumes/create.md'
- 'Attach an Existing Volume' : 'v2.0/volumes/attaching.md'
- 'Delete a Volume' : 'v2.0/volumes/delete.md'
- 'Configs':
- 'Add custom configs' : 'v2.0/configs/add.md'
- 'Delete configs' : 'v2.0/configs/delete.md'
- 'Secrets':
- 'Add a new secret' : 'v2.0/secrets/add.md'
- 'Delete secrets' : 'v2.0/secrets/delete.md'
- Kubernetes:
- 'Applications':
- 'Deploy a new application' : 'v2.0/kubernetes/applications/create.md'
- 'Deploy from a Kubernetes Manifest' : 'v2.0/kubernetes/applications/manifest.md'
- 'Delete an Application' : 'v2.0/kubernetes/applications/delete.md'
- 'Inspect an Application' : 'v2.0/kubernetes/applications/inspect.md'
- 'Resource Pools':
- 'Create a Resource Pool' : 'v2.0/kubernetes/resource_pools/create.md'
- 'Manage Access' : 'v2.0/kubernetes/resource_pools/access.md'
- 'Delete a Resource Pool' : 'v2.0/kubernetes/resource_pools/delete.md'
- 'Volumes':
- 'Inspect a volume' : 'v2.0/kubernetes/volumes/inspect.md'
- 'Resize a volume' : 'v2.0/kubernetes/volumes/resize.md'
- 'Remove a volume' : 'v2.0/kubernetes/volumes/remove.md'
- 'Configurations':
- 'Add a configuration' : 'v2.0/kubernetes/configurations/create.md'
- 'Remove a configuration' : 'v2.0/kubernetes/configurations/remove.md'
- 'Cluster':
- 'Inspect cluster' : 'v2.0/kubernetes/cluster/inspect.md'
- ACI:
- 'About ACI' : 'v2.0/aci/aci.md'
- 'Add New Container' : 'v2.0/aci/add_container.md'
- 'Delete a Container' : 'v2.0/aci/delete_container.md'
- Edge:
- 'Add a Stack' : 'v2.0/edge/stacks.md'
- 'Add a Job' : 'v2.0/edge/jobs/add.md'
- 'Managing Edge Groups' : 'v2.0/edge/groups.md'
- Portainer BE 2.0 Admin Guide:
- Deploying Portainer:
- 'Requirements' : 'v2.0-be/deploy/requirements.md'
- 'CLI Options' : 'v2.0-be/deploy/cli.md'
- 'Deploying on Linux' : 'v2.0-be/deploy/linux.md'
- 'Deploying on Windows Server' : 'v2.0-be/deploy/windowsserver.md'
- 'Deploying on Windows 10' : 'v2.0-be/deploy/windows10.md'
- 'Using SSL with Portainer' : 'v2.0-be/deploy/ssl.md'
- 'Initial Setup' : 'v2.0-be/deploy/initial.md'
- Managing Endpoints:
- 'Add Local Endpoint' : 'v2.0-be/endpoints/local.md'
- 'Add Docker Endpoint' : 'v2.0-be/endpoints/docker.md'
- 'Add Docker Swarm Endpoint' : 'v2.0-be/endpoints/swarm.md'
- 'Add Kubernetes Endpoint' : 'v2.0-be/endpoints/kubernetes.md'
- 'Add Edge Endpoint' : 'v2.0-be/endpoints/edge.md'
- 'Add ACI Endpoint' : 'v2.0-be/endpoints/aci.md'
- 'Creating Endpoints Groups and Endpoint Tags' : 'v2.0-be/endpoints/groupstags.md'
- 'Managing Endpoints Access' : 'v2.0-be/endpoints/access.md'
- 'Add Endpoint through Portainer API' : 'v2.0-be/endpoints/api.md'
- Licensing:
- 'Add or remove license key' : 'v2.0-be/licensing/licensing.md'
- Authentication Sources:
- 'Automatic User Provisioning' : 'v2.0-be/auth/auto.md'
- 'LDAP' : 'v2.0-be/auth/ldap.md'
- 'Active Directory' : 'v2.0-be/auth/ad.md'
- 'OAuth' : 'v2.0-be/auth/oauth.md'
- 'Internal' : 'v2.0-be/auth/internal.md'
- Managing Users & Teams:
- 'Description of RBAC' : 'v2.0-be/users/roles.md'
- 'Effective access viewer' : 'v2.0-be/users/viewer.md'
- 'Create a User' : 'v2.0-be/users/create.md'
- 'Create a Team' : 'v2.0-be/users/create-team.md'
- 'Promote a User as Admin' : 'v2.0-be/users/promoting.md'
- 'Add a User to a Team' : 'v2.0-be/users/user-team.md'
- 'Reset User Password' : 'v2.0-be/users/reset-user.md'
- 'Reset Administrator Password' : 'v2.0-be/users/reset-admin.md'
- Registries:
- 'Description of Registry Management' : 'v2.0-be/registries/description.md'
- 'Connect to a Registry' : 'v2.0-be/registries/connect.md'
- 'Enable Docker Hub Authentication' : 'v2.0-be/registries/auth-docker-hub.md'
- Configuring Settings:
- 'Enable use of external load balancer' : 'v2.0-be/settings/lb.md'
- 'Allow/Disallow over-commitment of resources' : 'v2.0-be/settings/overcommit.md'
- 'Limit usage of default namespace' : 'v2.0-be/settings/namespaces.md'
- 'Security Options' : 'v2.0-be/settings/security.md'
- 'Enable Edge Computing' : 'v2.0-be/settings/edge.md'
- 'App Templates' : 'v2.0-be/settings/apps.md'
- Advanced Deployments:
- 'Using Portainer with Reverse Proxies':
- 'Traefik' : 'v2.0-be/ad/traefik/rp-traefik.md'
- 'Nginx' : 'v2.0-be/ad/nginx/rp-nginx.md'
- FAQs : 'v2.0-be/troubleshooting/troubleshooting.md'
- Deprecated and Removed Features : 'v2.0-be/troubleshooting/deprecated.md'
- Portainer BE 2.0 User Guide:
- Docker & Docker Swarm:
- 'Stacks':
- 'Add/Create a Stack' : 'v2.0-be/stacks/create.md'
- 'Create a template from a Stack' : 'v2.0-be/stacks/template.md'
- 'Duplicate / Migrate Stacks' : 'v2.0-be/stacks/duplicate_migration.md'
- 'Inspect a Stack' : 'v2.0-be/stacks/inspect.md'
- 'Webhooks':
- 'Configure a Webhook' : 'v2.0-be/webhooks/create.md'
- 'Containers':
- 'Create New Container' : 'v2.0-be/containers/create.md'
- 'Delete/Remove a Container' : 'v2.0-be/containers/delete.md'
- 'Inspect a Container' : 'v2.0-be/containers/inspect.md'
- 'View logs' : 'v2.0-be/containers/logs.md'
- 'View Container stats' : 'v2.0-be/containers/stats.md'
- 'Access container console' : 'v2.0-be/containers/console.md'
- 'Change Container Ownership' : 'v2.0-be/containers/ownership.md'
- 'Duplicated/Edit a Container' : 'v2.0-be/containers/duplicate-edit.md'
- 'App Templates':
- 'Deploy an Stack' : 'v2.0-be/templates/deploy_stack.md'
- 'Deploy an App (Container)' : 'v2.0-be/templates/deploy_container.md'
- 'Images':
- 'Pull images' : 'v2.0-be/images/pull.md'
- 'Import images' : 'v2.0-be/images/import.md'
- 'Export images' : 'v2.0-be/images/export.md'
- 'Build images' : 'v2.0-be/images/build.md'
- 'Networks':
- 'Add a Network' : 'v2.0-be/networks/add.md'
- 'Delete a Network' : 'v2.0-be/networks/delete.md'
- 'Services':
- 'Create a New Service' : 'v2.0-be/services/create.md'
- 'Scaling a Service' : 'v2.0-be/services/scale.md'
- 'View Service Logs' : 'v2.0-be/services/logs.md'
- 'Service Task Status' : 'v2.0-be/services/status.md'
- 'Configure Service Options' : 'v2.0-be/services/options.md'
- 'Rollback a Service' : 'v2.0-be/services/rollback.md'
- 'Volumes':
- 'Browse a Volume' : 'v2.0-be/volumes/browse.md'
- 'Create a Volume' : 'v2.0-be/volumes/create.md'
- 'Attach an Existing Volume' : 'v2.0-be/volumes/attaching.md'
- 'Delete a Volume' : 'v2.0-be/volumes/delete.md'
- 'Configs':
- 'Add custom configs' : 'v2.0-be/configs/add.md'
- 'Delete configs' : 'v2.0-be/configs/delete.md'
- 'Secrets':
- 'Add a new secret' : 'v2.0-be/secrets/add.md'
- 'Delete secrets' : 'v2.0-be/secrets/delete.md'
- Kubernetes:
- 'Applications':
- 'Deploy a new application' : 'v2.0-be/kubernetes/applications/create.md'
- 'Deploy from a Kubernetes Manifest' : 'v2.0-be/kubernetes/applications/manifest.md'
- 'Delete an Application' : 'v2.0-be/kubernetes/applications/delete.md'
- 'Inspect an Application' : 'v2.0-be/kubernetes/applications/inspect.md'
- 'Resource Pools':
- 'Create a Resource Pool' : 'v2.0-be/kubernetes/resource_pools/create.md'
- 'Manage Access' : 'v2.0-be/kubernetes/resource_pools/access.md'
- 'Delete a Resource Pool' : 'v2.0-be/kubernetes/resource_pools/delete.md'
- 'Volumes':
- 'Inspect a volume' : 'v2.0-be/kubernetes/volumes/inspect.md'
- 'Resize a volume' : 'v2.0-be/kubernetes/volumes/resize.md'
- 'Remove a volume' : 'v2.0-be/kubernetes/volumes/remove.md'
- 'Configurations':
- 'Add a configuration' : 'v2.0-be/kubernetes/configurations/create.md'
- 'Remove a configuration' : 'v2.0-be/kubernetes/configurations/remove.md'
- 'Cluster':
- 'Inspect cluster' : 'v2.0-be/kubernetes/cluster/inspect.md'
- ACI:
- 'About ACI' : 'v2.0-be/aci/aci.md'
- 'Add New Container' : 'v2.0-be/aci/add_container.md'
- 'Delete a Container' : 'v2.0-be/aci/delete_container.md'
- Edge:
- 'Add a Stack' : 'v2.0-be/edge/stacks.md'
- 'Add a Job' : 'v2.0-be/edge/jobs/add.md'
- 'Managing Edge Groups' : 'v2.0-be/edge/groups.md'
- Registries:
- 'Browse a Registry' : 'v2.0-be/registries/browse.md'
- 'Manage a Registry' : 'v2.0-be/registries/manage.md'
- FAQs : 'v2.0-be/troubleshooting/troubleshooting.md'
- Videos : 'https://www.youtube.com/channel/UC7diMJcrULjDseq5yhSUZgg/videos'
- Older Releases:
- CE 1.23.2:
- 'Agent' : 'archive/1.23.2/agent.md'
- 'API' : 'archive/1.23.2/API.md'
- 'Configuration' : 'archive/1.23.2/configuration.md'
- 'Deployment' : 'archive/1.23.2/deployment.md'
- 'External Endpoints' : 'archive/1.23.2/external_endpoints.md'
- 'Limitations' : 'archive/1.23.2/limitations.md'
- 'Templates' : 'archive/1.23.2/templates.md'
- 'Troubleshooting' : 'archive/1.23.2/troubleshooting.md'
- 'User Guide' : 'archive/1.23.2/userguide.md'
- 'FAQ' : 'archive/1.23.2/faq.md'
- Contributing to Portainer:
- 'Instructions' : 'contributing/instructions.md'
- 'Install required tools on Mac OS' : 'contributing/tools-macos.md'
- 'Install required tools on Linux' : 'contributing/tools-linux.md'
extra_css:
- css/extra.css
extra_javascript:
- js/extrajs.js
theme:
font:
text: raleway
features:
- instant
logo: assets/logo.png
favicon: assets/icon.webp
name: material
palette:
primary: light-blue
repo_name: portainer/portainer
repo_url: https://github.com/portainer/portainer-docs
extra:
social:
- icon: fontawesome/brands/twitter
link: https://twitter.com/portainerio
- icon: fontawesome/brands/linkedin
link: https://www.linkedin.com/company/portainer/
- icon: fontawesome/brands/youtube
link: https://www.youtube.com/channel/UC7diMJcrULjDseq5yhSUZgg
- icon: fontawesome/brands/facebook
link: https://www.facebook.com/portainerio/
- icon: fontawesome/brands/reddit
link: https://reddit.com/r/portainer
site_name: Documentation
nav:
- Home: index.md
- Portainer CE 2.0 Admin Guide:
- Deploying Portainer:
- 'Requirements' : 'v2.0/deploy/requirements.md'
- 'CLI Options' : 'v2.0/deploy/cli.md'
- 'Deploying on Linux' : 'v2.0/deploy/linux.md'
- 'Deploying on Windows Server' : 'v2.0/deploy/windowsserver.md'
- 'Deploying on Windows 10' : 'v2.0/deploy/windows10.md'
- 'Using SSL with Portainer' : 'v2.0/deploy/ssl.md'
- 'Initial Setup' : 'v2.0/deploy/initial.md'
- Managing Endpoints:
- 'Add Local Endpoint' : 'v2.0/endpoints/local.md'
- 'Add Docker Endpoint' : 'v2.0/endpoints/docker.md'
- 'Add Docker Swarm Endpoint' : 'v2.0/endpoints/swarm.md'
- 'Add Kubernetes Endpoint' : 'v2.0/endpoints/kubernetes.md'
- 'Add Edge Endpoint' : 'v2.0/endpoints/edge.md'
- 'Add ACI Endpoint' : 'v2.0/endpoints/aci.md'
- 'Creating Endpoints Groups and Endpoint Tags' : 'v2.0/endpoints/groupstags.md'
- 'Managing Endpoints Access' : 'v2.0/endpoints/access.md'
- 'Add Endpoint through Portainer API' : 'v2.0/endpoints/api.md'
- Authentication Sources:
- 'LDAP' : 'v2.0/auth/ldap.md'
- 'OAuth' : 'v2.0/auth/oauth.md'
- 'Internal' : 'v2.0/auth/internal.md'
- Managing Users & Teams:
- 'Create a User' : 'v2.0/users/create.md'
- 'Create a Team' : 'v2.0/users/create-team.md'
- 'Promote a User as Admin' : 'v2.0/users/promoting.md'
- 'Add a User to a Team' : 'v2.0/users/user-team.md'
- 'Reset User Password' : 'v2.0/users/reset-user.md'
- 'Reset Administrator Password' : 'v2.0/users/reset-admin.md'
- Registries:
- 'Connect to a Registry' : 'v2.0/registries/connect.md'
- 'Enable Docker Hub Authentication' : 'v2.0/registries/auth-docker-hub.md'
- Configuring Settings:
- 'Enable use of external load balancer' : 'v2.0/settings/lb.md'
- 'Security Options' : 'v2.0/settings/security.md'
- 'Enable Edge Computing' : 'v2.0/settings/edge.md'
- 'App Templates' : 'v2.0/settings/apps.md'
- Advanced Deployments:
- 'Using Portainer with Reverse Proxies':
- 'Traefik' : 'v2.0/ad/traefik/rp-traefik.md'
- 'Nginx' : 'v2.0/ad/nginx/rp-nginx.md'
- FAQs : 'v2.0/troubleshooting/troubleshooting.md'
- Deprecated and Removed Features : 'v2.0/troubleshooting/deprecated.md'
- Portainer CE 2.0 User Guide:
- Docker & Docker Swarm:
- 'Stacks':
- 'Add/Create a Stack' : 'v2.0/stacks/create.md'
- 'Create a template from a Stack' : 'v2.0/stacks/template.md'
- 'Duplicate / Migrate Stacks' : 'v2.0/stacks/duplicate_migration.md'
- 'Inspect a Stack' : 'v2.0/stacks/inspect.md'
- 'Webhooks':
- 'Configure a Webhook' : 'v2.0/webhooks/create.md'
- 'Containers':
- 'Create New Container' : 'v2.0/containers/create.md'
- 'Delete/Remove a Container' : 'v2.0/containers/delete.md'
- 'Inspect a Container' : 'v2.0/containers/inspect.md'
- 'View logs' : 'v2.0/containers/logs.md'
- 'View Container stats' : 'v2.0/containers/stats.md'
- 'Access container console' : 'v2.0/containers/console.md'
- 'Change Container Ownership' : 'v2.0/containers/ownership.md'
- 'Duplicated/Edit a Container' : 'v2.0/containers/duplicate-edit.md'
- 'App Templates':
- 'Deploy an Stack' : 'v2.0/templates/deploy_stack.md'
- 'Deploy an App (Container)' : 'v2.0/templates/deploy_container.md'
- 'Images':
- 'Pull images' : 'v2.0/images/pull.md'
- 'Import images' : 'v2.0/images/import.md'
- 'Export images' : 'v2.0/images/export.md'
- 'Build images' : 'v2.0/images/build.md'
- 'Networks':
- 'Add a Network' : 'v2.0/networks/add.md'
- 'Delete a Network' : 'v2.0/networks/delete.md'
- 'Services':
- 'Create a New Service' : 'v2.0/services/create.md'
- 'Scaling a Service' : 'v2.0/services/scale.md'
- 'View Service Logs' : 'v2.0/services/logs.md'
- 'Service Task Status' : 'v2.0/services/status.md'
- 'Configure Service Options' : 'v2.0/services/options.md'
- 'Rollback a Service' : 'v2.0/services/rollback.md'
- 'Volumes':
- 'Browse a Volume' : 'v2.0/volumes/browse.md'
- 'Create a Volume' : 'v2.0/volumes/create.md'
- 'Attach an Existing Volume' : 'v2.0/volumes/attaching.md'
- 'Delete a Volume' : 'v2.0/volumes/delete.md'
- 'Configs':
- 'Add custom configs' : 'v2.0/configs/add.md'
- 'Delete configs' : 'v2.0/configs/delete.md'
- 'Secrets':
- 'Add a new secret' : 'v2.0/secrets/add.md'
- 'Delete secrets' : 'v2.0/secrets/delete.md'
- Kubernetes:
- 'Applications':
- 'Deploy a new application' : 'v2.0/kubernetes/applications/create.md'
- 'Deploy from a Kubernetes Manifest' : 'v2.0/kubernetes/applications/manifest.md'
- 'Delete an Application' : 'v2.0/kubernetes/applications/delete.md'
- 'Inspect an Application' : 'v2.0/kubernetes/applications/inspect.md'
- 'Resource Pools':
- 'Create a Resource Pool' : 'v2.0/kubernetes/resource_pools/create.md'
- 'Manage Access' : 'v2.0/kubernetes/resource_pools/access.md'
- 'Delete a Resource Pool' : 'v2.0/kubernetes/resource_pools/delete.md'
- 'Volumes':
- 'Inspect a volume' : 'v2.0/kubernetes/volumes/inspect.md'
- 'Resize a volume' : 'v2.0/kubernetes/volumes/resize.md'
- 'Remove a volume' : 'v2.0/kubernetes/volumes/remove.md'
- 'Configurations':
- 'Add a configuration' : 'v2.0/kubernetes/configurations/create.md'
- 'Remove a configuration' : 'v2.0/kubernetes/configurations/remove.md'
- 'Cluster':
- 'Inspect cluster' : 'v2.0/kubernetes/cluster/inspect.md'
- ACI:
- 'About ACI' : 'v2.0/aci/aci.md'
- 'Add New Container' : 'v2.0/aci/add_container.md'
- 'Delete a Container' : 'v2.0/aci/delete_container.md'
- Edge:
- 'Add a Stack' : 'v2.0/edge/stacks.md'
- 'Add a Job' : 'v2.0/edge/jobs/add.md'
- 'Managing Edge Groups' : 'v2.0/edge/groups.md'
- Portainer BE 2.0 Admin Guide:
- Deploying Portainer:
- 'Requirements' : 'v2.0-be/deploy/requirements.md'
- 'CLI Options' : 'v2.0-be/deploy/cli.md'
- 'Deploying on Linux' : 'v2.0-be/deploy/linux.md'
- 'Deploying on Windows Server' : 'v2.0-be/deploy/windowsserver.md'
- 'Deploying on Windows 10' : 'v2.0-be/deploy/windows10.md'
- 'Using SSL with Portainer' : 'v2.0-be/deploy/ssl.md'
- 'Initial Setup' : 'v2.0-be/deploy/initial.md'
- Managing Endpoints:
- 'Add Local Endpoint' : 'v2.0-be/endpoints/local.md'
- 'Add Docker Endpoint' : 'v2.0-be/endpoints/docker.md'
- 'Add Docker Swarm Endpoint' : 'v2.0-be/endpoints/swarm.md'
- 'Add Kubernetes Endpoint' : 'v2.0-be/endpoints/kubernetes.md'
- 'Add Edge Endpoint' : 'v2.0-be/endpoints/edge.md'
- 'Add ACI Endpoint' : 'v2.0-be/endpoints/aci.md'
- 'Creating Endpoints Groups and Endpoint Tags' : 'v2.0-be/endpoints/groupstags.md'
- 'Managing Endpoints Access' : 'v2.0-be/endpoints/access.md'
- 'Add Endpoint through Portainer API' : 'v2.0-be/endpoints/api.md'
- Licensing:
- 'Add or remove license key' : 'v2.0-be/licensing/licensing.md'
- Authentication Sources:
- 'Automatic User Provisioning' : 'v2.0-be/auth/auto.md'
- 'LDAP' : 'v2.0-be/auth/ldap.md'
- 'Active Directory' : 'v2.0-be/auth/ad.md'
- 'OAuth' : 'v2.0-be/auth/oauth.md'
- 'Internal' : 'v2.0-be/auth/internal.md'
- Managing Users & Teams:
- 'Description of RBAC' : 'v2.0-be/users/roles.md'
- 'Effective access viewer' : 'v2.0-be/users/viewer.md'
- 'Create a User' : 'v2.0-be/users/create.md'
- 'Create a Team' : 'v2.0-be/users/create-team.md'
- 'Promote a User as Admin' : 'v2.0-be/users/promoting.md'
- 'Add a User to a Team' : 'v2.0-be/users/user-team.md'
- 'Reset User Password' : 'v2.0-be/users/reset-user.md'
- 'Reset Administrator Password' : 'v2.0-be/users/reset-admin.md'
- Registries:
- 'Description of Registry Management' : 'v2.0-be/registries/description.md'
- 'Connect to a Registry' : 'v2.0-be/registries/connect.md'
- 'Enable Docker Hub Authentication' : 'v2.0-be/registries/auth-docker-hub.md'
- Configuring Settings:
- 'Enable use of external load balancer' : 'v2.0-be/settings/lb.md'
- 'Allow/Disallow over-commitment of resources' : 'v2.0-be/settings/overcommit.md'
- 'Limit usage of default namespace' : 'v2.0-be/settings/namespaces.md'
- 'Security Options' : 'v2.0-be/settings/security.md'
- 'Enable Edge Computing' : 'v2.0-be/settings/edge.md'
- 'App Templates' : 'v2.0-be/settings/apps.md'
- Advanced Deployments:
- 'Using Portainer with Reverse Proxies':
- 'Traefik' : 'v2.0-be/ad/traefik/rp-traefik.md'
- 'Nginx' : 'v2.0-be/ad/nginx/rp-nginx.md'
- FAQs : 'v2.0-be/troubleshooting/troubleshooting.md'
- Deprecated and Removed Features : 'v2.0-be/troubleshooting/deprecated.md'
- Portainer BE 2.0 User Guide:
- Docker & Docker Swarm:
- 'Stacks':
- 'Add/Create a Stack' : 'v2.0-be/stacks/create.md'
- 'Create a template from a Stack' : 'v2.0-be/stacks/template.md'
- 'Duplicate / Migrate Stacks' : 'v2.0-be/stacks/duplicate_migration.md'
- 'Inspect a Stack' : 'v2.0-be/stacks/inspect.md'
- 'Webhooks':
- 'Configure a Webhook' : 'v2.0-be/webhooks/create.md'
- 'Containers':
- 'Create New Container' : 'v2.0-be/containers/create.md'
- 'Delete/Remove a Container' : 'v2.0-be/containers/delete.md'
- 'Inspect a Container' : 'v2.0-be/containers/inspect.md'
- 'View logs' : 'v2.0-be/containers/logs.md'
- 'View Container stats' : 'v2.0-be/containers/stats.md'
- 'Access container console' : 'v2.0-be/containers/console.md'
- 'Change Container Ownership' : 'v2.0-be/containers/ownership.md'
- 'Duplicated/Edit a Container' : 'v2.0-be/containers/duplicate-edit.md'
- 'App Templates':
- 'Deploy an Stack' : 'v2.0-be/templates/deploy_stack.md'
- 'Deploy an App (Container)' : 'v2.0-be/templates/deploy_container.md'
- 'Images':
- 'Pull images' : 'v2.0-be/images/pull.md'
- 'Import images' : 'v2.0-be/images/import.md'
- 'Export images' : 'v2.0-be/images/export.md'
- 'Build images' : 'v2.0-be/images/build.md'
- 'Networks':
- 'Add a Network' : 'v2.0-be/networks/add.md'
- 'Delete a Network' : 'v2.0-be/networks/delete.md'
- 'Services':
- 'Create a New Service' : 'v2.0-be/services/create.md'
- 'Scaling a Service' : 'v2.0-be/services/scale.md'
- 'View Service Logs' : 'v2.0-be/services/logs.md'
- 'Service Task Status' : 'v2.0-be/services/status.md'
- 'Configure Service Options' : 'v2.0-be/services/options.md'
- 'Rollback a Service' : 'v2.0-be/services/rollback.md'
- 'Volumes':
- 'Browse a Volume' : 'v2.0-be/volumes/browse.md'
- 'Create a Volume' : 'v2.0-be/volumes/create.md'
- 'Attach an Existing Volume' : 'v2.0-be/volumes/attaching.md'
- 'Delete a Volume' : 'v2.0-be/volumes/delete.md'
- 'Configs':
- 'Add custom configs' : 'v2.0-be/configs/add.md'
- 'Delete configs' : 'v2.0-be/configs/delete.md'
- 'Secrets':
- 'Add a new secret' : 'v2.0-be/secrets/add.md'
- 'Delete secrets' : 'v2.0-be/secrets/delete.md'
- Kubernetes:
- 'Applications':
- 'Deploy a new application' : 'v2.0-be/kubernetes/applications/create.md'
- 'Deploy from a Kubernetes Manifest' : 'v2.0-be/kubernetes/applications/manifest.md'
- 'Delete an Application' : 'v2.0-be/kubernetes/applications/delete.md'
- 'Inspect an Application' : 'v2.0-be/kubernetes/applications/inspect.md'
- 'Resource Pools':
- 'Create a Resource Pool' : 'v2.0-be/kubernetes/resource_pools/create.md'
- 'Manage Access' : 'v2.0-be/kubernetes/resource_pools/access.md'
- 'Delete a Resource Pool' : 'v2.0-be/kubernetes/resource_pools/delete.md'
- 'Volumes':
- 'Inspect a volume' : 'v2.0-be/kubernetes/volumes/inspect.md'
- 'Resize a volume' : 'v2.0-be/kubernetes/volumes/resize.md'
- 'Remove a volume' : 'v2.0-be/kubernetes/volumes/remove.md'
- 'Configurations':
- 'Add a configuration' : 'v2.0-be/kubernetes/configurations/create.md'
- 'Remove a configuration' : 'v2.0-be/kubernetes/configurations/remove.md'
- 'Cluster':
- 'Inspect cluster' : 'v2.0-be/kubernetes/cluster/inspect.md'
- ACI:
- 'About ACI' : 'v2.0-be/aci/aci.md'
- 'Add New Container' : 'v2.0-be/aci/add_container.md'
- 'Delete a Container' : 'v2.0-be/aci/delete_container.md'
- Edge:
- 'Add a Stack' : 'v2.0-be/edge/stacks.md'
- 'Add a Job' : 'v2.0-be/edge/jobs/add.md'
- 'Managing Edge Groups' : 'v2.0-be/edge/groups.md'
- Registries:
- 'Browse a Registry' : 'v2.0-be/registries/browse.md'
- 'Manage a Registry' : 'v2.0-be/registries/manage.md'
- FAQs : 'v2.0-be/troubleshooting/troubleshooting.md'
- Videos : 'https://www.youtube.com/channel/UC7diMJcrULjDseq5yhSUZgg/videos'
- Older Releases:
- CE 1.23.2:
- 'Agent' : 'archive/1.23.2/agent.md'
- 'API' : 'archive/1.23.2/API.md'
- 'Configuration' : 'archive/1.23.2/configuration.md'
- 'Deployment' : 'archive/1.23.2/deployment.md'
- 'External Endpoints' : 'archive/1.23.2/external_endpoints.md'
- 'Limitations' : 'archive/1.23.2/limitations.md'
- 'Templates' : 'archive/1.23.2/templates.md'
- 'Troubleshooting' : 'archive/1.23.2/troubleshooting.md'
- 'User Guide' : 'archive/1.23.2/userguide.md'
- 'FAQ' : 'archive/1.23.2/faq.md'
- Contributing to Portainer:
- 'Instructions' : 'contributing/instructions.md'
- 'Install required tools on Mac OS' : 'contributing/tools-macos.md'
- 'Install required tools on Linux' : 'contributing/tools-linux.md'
extra_css:
- css/extra.css
extra_javascript:
- js/extrajs.js
theme:
font:
text: raleway
features:
- instant
logo: assets/logo.png
favicon: assets/icon.webp
name: material
palette:
primary: light-blue
repo_name: portainer/portainer
repo_url: https://github.com/portainer/portainer-docs
extra:
social:
- icon: fontawesome/brands/twitter
link: https://twitter.com/portainerio
- icon: fontawesome/brands/linkedin
link: https://www.linkedin.com/company/portainer/
- icon: fontawesome/brands/youtube
link: https://www.youtube.com/channel/UC7diMJcrULjDseq5yhSUZgg
- icon: fontawesome/brands/facebook
link: https://www.facebook.com/portainerio/
- icon: fontawesome/brands/reddit
link: https://reddit.com/r/portainer