Internal Documentation
Status
  • πŸ‘‹Welcome
    • πŸ—‚οΈWhat is this?
    • πŸ•Quick Start
    • πŸ’ΈBilling
  • πŸ—ƒοΈExternal Links
    • πŸ—„οΈPublic Documentation
    • πŸ“‹Private GitHub
    • πŸ“‹Public GitHub
    • πŸ—»NetData
    • πŸ“ŠTrello
    • πŸ•°οΈService Monitoring
  • πŸ“Policies
    • Authentication, Access and Accounts
    • Issue and Project Tracking
    • Creation and Managment of Servers or Services
    • Monitoring and Alerting
    • External Access to Systems
    • Management of Documentation
  • πŸ“‹Processes
    • ❔Deploy new Container Stack
    • Limit Bandwidth to Container
    • ❔Create new Virtual Machine
    • Disaster Recovery
    • Port Forwarding or Tunneling a Service
    • Crowdsec Modules
    • Internal IP Range Change
    • SSH Keys
    • Increase Disk on VM
    • Add Wireguard Client
    • ❔New Domain
    • DNS Management
  • πŸ—ΊοΈService Overviews
    • Websites
    • Portainer and GitOps
      • All Compose Stacks
    • Content Creation
      • Davinci Resolve Server
    • Plex Suite
      • Monitarr
      • Declutarr
      • Tdarr
      • Maintainerr
      • Dashdot
      • Overseerr
      • Bazarr
      • Wizarr
      • Plex
      • Tautulli
      • MovieMatch
      • Prowlarr
      • Radarr
      • Sonarr
      • Lidarr
      • FlareSolverr
      • qBittorrent
      • SabNZBD
      • Huntarr
    • Pterodactyl
    • Home Automation & Physical Security
      • Google Assistant
      • Tuya Cloud
      • Home Assistant
    • Infrastructure
      • ❔Cloudflare
      • NextDNS
      • UniFi
      • Synology NAS
      • Proxmox VE
      • Vultr
      • ❔CyberPower PowerPanel & UPS
    • Maintenance & Monitoring
      • AutoHeal
      • Beszel
      • Proxmox Backup Server
      • Duplicati
      • Google Drive Sync
      • Ansible
      • UptimeKuma
      • NetbootXYZ
    • Security
      • Bitwarden
      • Google OpenID Auth
      • Wazuh
      • CrowdSec
    • Remote Access
      • Cloudflare Zero Trust
      • ❔UniFi - Wireguard
      • Kasm
    • Other Adhoc Apps
      • ISponsorBlockTV
      • Homebox
      • ❔Hosted Discord Bots
      • LibreChat
      • Imgur
      • Morphos
      • Zapier
      • EpicGames Free Games
      • GitBook
      • Trello
      • StirlingPDF
      • ❔MeTube
    • ❔OpenAI
  • πŸ–₯️Physical Hardware
    • Macaroni
    • Fettuccine
    • Linguine
    • UniFi
  • ‼️Troubleshooting
    • An Introduction...
    • UptimeKuma alerts
    • Portainer
    • Pterodactyl
  • πŸ“–-- Administration --
    • πŸ“ŽGitbook Templates
      • Guide - Root Page
      • Guide - New Docker App
      • Hardware Overview
      • App Overview - Externally Hosted
      • App Overview - Container
      • Miniguide - Compose
      • App Overview - Hosted Discord Bot
Powered by GitBook
On this page
  • Portainer
  • Flowchart
  • Instances
  • Managing Portainer
  • GitHub / GitOps

Was this helpful?

  1. Service Overviews

Portainer and GitOps

PreviousWebsitesNextAll Compose Stacks

Last updated 10 days ago

Was this helpful?

Portainer

Portainer's hybrid & multi-cloud container management software supports Kubernetes, Docker, Swarm in any Data Center, Cloud, Network Edge or IIoT Device.

The main instance of Portainer is hosted on Espresso but each other Docker host also has the Portainer Edge Agent installed, which enable central management.

Flowchart

As Portainer needs to be installed BEFORE we can use GitOps compose files, we do not use have a Compose file for it.

docker run -d --label=com.centurylinklabs.watchtower.enable=true \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /var/lib/docker/volumes:/var/lib/docker/volumes \
  -v /:/host \
  -v portainer_agent_data:/data \
  --restart always \
  -e EDGE=1 \
  -e EDGE_ID=REPLACE WITH ID \
  -e EDGE_KEY=REPLACE WITH KEY \
  -e EDGE_INSECURE_POLL=1 \
  --name portainer_edge_agent \
  portainer/agent:latest

The above run command also enables the Watchtower to update Portainer. Watchtower (only enabled for containers with the watchtower enabled label) is deployed to all hosts as part of the 'all' edge stack. This ensures that Portainer is always up to date, as Portainer cannot update or manage itself.

Instances

Portainer

Port
Purpose

9443

SSL WebUI

8000

API Port

Host Volume
Container Volume
Purpose

/var/run/docker.sock

/var/run/docker.sock

Management of docker containers

portainer

/data

configuration

Integration
Purpose

Google OAuth

Enable authentication

Edge Agent

Port
Purpose

8000

API Port

Host Volume
Container Volume
Purpose

/var/run/docker.sock

/var/run/docker.sock

Management of docker containers

Integration
Purpose

Portainer

Central management

Managing Portainer

Tags and Groups

Applying a tag to a Portainer instance allows us to organize instances into groups which makes identifying each individual servers function easier as well as some automation.

Currently, we have 4 tags;

  • Production

  • Production Bare Metal

  • Production Synology

  • Test

Assigning one or any of these tags to a Portainer instance will add it to the group by the same name

Stacks

Stacks are Portainers take on Docker Compose. The Compose file can be managed directly in Portainer or via a third party service, such as GitHub. Refer to the GitOps documentation for more information

Edge Stacks

Edge Stacks are stacks that are assigned to groups, which are then pushed to any Portainer instance in that group.

Unfortunately, Edge Stacks cannot be managed centrally via GitHub but instead centrally managed in Portainer.

GitHub / GitOps

GitOps gives you tools and a framework to take DevOps practices, like collaboration, CI/CD, and version control, and apply them to infrastructure automation and application deployment. Developers can work in the code repositories they already know, while operations can put the other necessary pieces into place.

This app is hosted externally

Integration
Repo
Purpose

Portainer

N/A

Portainer reads data in GitHub, pulling compose files and containers

Renovate Bot

Private

A bot that watches for container updates in the compose files and creates a merge request to update them

Public

Merges pull requests in the 'approved' state

Auto Approve action

Public

Auto approves pull requests created by me

Sync Files action

Private

Sync's files from the private repo to the public repo

πŸ—ΊοΈ
Page cover image
Private GitHub Repo
Public GitHub Repo
Mergify bot
Link to App
Link to GitHub or Website
Drawing