Status
Page cover image

Portainer and GitOps

Portainer

Link to App

Link to GitHub or Website

Portainer's hybrid & multi-cloud container management software supports Kubernetes, Docker, Swarm in any Data Center, Cloud, Network Edge or IIoT Device.

The main instance of Portainer is hosted on Espresso but each other Docker host also has the Portainer Edge Agent installed, which enable central management.

Flowchart

Drawing

As Portainer needs to be installed BEFORE we can use GitOps compose files, we do not use have a Compose file for it.

docker run -d \
  -p 8000:8000 \
  -p 9443:9443 \
  --name portainer \
  --restart=always \
  --label dockflare.enable=true \
  --label dockflare.hostname=### \
  --label dockflare.service=https://###:9443 \
  --label dockflare.access.policy=default_tld \
  --label dockflare.zonename=### \
  --label dockflare.no_tls_verify=true \
  --label com.centurylinklabs.watchtower.enable=true \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v portainer:/data \
  portainer/portainer-ce:lts

The above run command also enables the Watchtower to update Portainer. Watchtower (only enabled for containers with the watchtower enabled label) is deployed to all hosts as part of the 'all' edge stack. This ensures that Portainer is always up to date, as Portainer cannot update or manage itself.

Instances

Portainer

Port
Purpose

9443

SSL WebUI

8000

API Port

Host Volume
Container Volume
Purpose

/var/run/docker.sock

/var/run/docker.sock

Management of docker containers

portainer

/data

configuration

Integration
Purpose

Google OAuth

Enable authentication

Edge Agent

Port
Purpose

8000

API Port

Host Volume
Container Volume
Purpose

/var/run/docker.sock

/var/run/docker.sock

Management of docker containers

Integration
Purpose

Portainer

Central management

Managing Portainer

Tags and Groups

Applying a tag to a Portainer instance allows us to organize instances into groups which makes identifying each individual servers function easier as well as some automation.

Currently, we have 4 tags;

  • Production

  • Production Bare Metal

  • Production Synology

  • Test

Assigning one or any of these tags to a Portainer instance will add it to the group by the same name

Stacks

Stacks are Portainers take on Docker Compose. The Compose file can be managed directly in Portainer or via a third party service, such as GitHub. Refer to the GitOps documentation for more information

Edge Stacks

Edge Stacks are stacks that are assigned to groups, which are then pushed to any Portainer instance in that group.

Unfortunately, Edge Stacks cannot be managed centrally via GitHub but instead centrally managed in Portainer.

GitHub / GitOps

Private GitHub Repo

Public GitHub Repo

GitOps gives you tools and a framework to take DevOps practices, like collaboration, CI/CD, and version control, and apply them to infrastructure automation and application deployment. Developers can work in the code repositories they already know, while operations can put the other necessary pieces into place.

This app is hosted externally.

Specific files are sync'd from the private repo to public repo for documentation reference. Any files with secrets or identifiable information should not be sync'd across.

Integration
Repo
Purpose

Portainer

N/A

Portainer reads data in GitHub, pulling compose files and containers

Renovate Bot

Private

A bot that watches for container updates in the compose files and creates a merge request to update them

Mergify bot

Public

Merges pull requests in the 'approved' state

Auto Approve action

Public

Auto approves pull requests created by me

Sync Files action

Private

Sync's files from the private repo to the public repo

PreviousWebsitesNextAll Compose Stacks

Last updated

Was this helpful?