Portainer and GitOps

Portainer

Portainer's hybrid & multi-cloud container management software supports Kubernetes, Docker, Swarm in any Data Center, Cloud, Network Edge or IIoT Device.

The main instance of Portainer is hosted on Espresso but each other Docker host also has the Portainer Edge Agent installed, which enable central management.

Flowchart

As Portainer needs to be installed BEFORE we can use GitOps compose files, we do not use have a Compose file for it.

docker run -d --label=com.centurylinklabs.watchtower.enable=true \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /var/lib/docker/volumes:/var/lib/docker/volumes \
  -v /:/host \
  -v portainer_agent_data:/data \
  --restart always \
  -e EDGE=1 \
  -e EDGE_ID=REPLACE WITH ID \
  -e EDGE_KEY=REPLACE WITH KEY \
  -e EDGE_INSECURE_POLL=1 \
  --name portainer_edge_agent \
  portainer/agent:latest

The above run command also enables the Watchtower to update Portainer. Watchtower (only enabled for containers with the watchtower enabled label) is deployed to all hosts as part of the 'all' edge stack. This ensures that Portainer is always up to date, as Portainer cannot update or manage itself.

Instances

Portainer

Port

Purpose

9443

SSL WebUI

8000

API Port

Host Volume

Container Volume

Purpose

/var/run/docker.sock

Management of docker containers

portainer

/data

configuration

Integration

Purpose

Google OAuth

Enable authentication

Edge Agent

Port

Purpose

8000

API Port

Host Volume

Container Volume

Purpose

/var/run/docker.sock

Management of docker containers

Integration

Purpose

Portainer

Central management

Managing Portainer

Tags and Groups

Applying a tag to a Portainer instance allows us to organize instances into groups which makes identifying each individual servers function easier as well as some automation.

Currently, we have 4 tags;

Production
Production Bare Metal
Production Synology
Test

Assigning one or any of these tags to a Portainer instance will add it to the group by the same name

Stacks

Stacks are Portainers take on Docker Compose. The Compose file can be managed directly in Portainer or via a third party service, such as GitHub. Refer to the GitOps documentation for more information

Edge Stacks

Edge Stacks are stacks that are assigned to groups, which are then pushed to any Portainer instance in that group.

Unfortunately, Edge Stacks cannot be managed centrally via GitHub but instead centrally managed in Portainer.

GitHub / GitOps

Private GitHub Repo

Public GitHub Repo

GitOps gives you tools and a framework to take DevOps practices, like collaboration, CI/CD, and version control, and apply them to infrastructure automation and application deployment. Developers can work in the code repositories they already know, while operations can put the other necessary pieces into place.

This app is hosted externally

Integration

Repo

Purpose

Portainer

N/A

Portainer reads data in GitHub, pulling compose files and containers

Renovate Bot

Private

A bot that watches for container updates in the compose files and creates a merge request to update them

Mergify bot

Public

Merges pull requests in the 'approved' state

Auto Approve action

Public

Auto approves pull requests created by me

Sync Files action

Private

Sync's files from the private repo to the public repo

PreviousWebsites NextContent Creation

Last updated 1 year ago