diff --git a/manuscript/images/portainer.png b/manuscript/images/portainer.png new file mode 100644 index 0000000..33481dc Binary files /dev/null and b/manuscript/images/portainer.png differ diff --git a/manuscript/recipies/portainer.md b/manuscript/recipies/portainer.md new file mode 100644 index 0000000..7cb638c --- /dev/null +++ b/manuscript/recipies/portainer.md @@ -0,0 +1,69 @@ +# Portainer + +[Portainer](https://portainer.io/) is a lightweight sexy UI for visualizing your docker environment. It also happens to integrate well with Docker Swarm clusters, which makes it a great fit for our stack. + +![Portainer Screenshot](../images/portainer.png) + +This is a "lightweight" recipe, because Portainer is so "lightweight". But it **is** shiny... + +## Ingredients + +1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md) +2. [Traefik](/ha-docker-swarm/traefik) configured per design +3. DNS entry for the hostname you intend to use, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP + +## Preparation + +### Setup data locations + +Create a folder to store portainer's persistent data: + +``` +mkdir /var/data/portainer +``` + +### Setup Docker Swarm + +Create a docker swarm config file in docker-compose syntax (v3), something like this: + +!!! tip + I share (_with my [patreon patrons](https://www.patreon.com/funkypenguin)_) a private "_premix_" git repository, which includes necessary docker-compose and env files for all published recipes. This means that patrons can launch any recipe with just a ```git pull``` and a ```docker stack deploy``` 👍 + + +``` +version: "3" + +services: + app: + image: portainer/portainer + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /var/data/portainer:/data + networks: + - traefik_public + deploy: + labels: + - traefik.frontend.rule=Host:portainer.funkypenguin.co.nz + - traefik.port=9000 + placement: + constraints: [node.role == manager] + command: -H unix:///var/run/docker.sock + +networks: + traefik_public: + external: true +``` + +## Serving + +### Launch Portainer stack + +Launch the Portainer stack by running ```docker stack deploy portainer -c ``` + +Log into your new instance at https://**YOUR-FQDN**. You'll be prompted to set your admin user/password. + +## Chef's Notes + +1. I wanted to use oauth2_proxy to provide an additional layer of security for Portainer, but the proxy seems to break the authentication mechanism, effectively making the stack **so** secure, that it can't be logged into! + +## Your comments? diff --git a/manuscript/recipies/template.md b/manuscript/recipies/template.md index 2daa957..e032c80 100644 --- a/manuscript/recipies/template.md +++ b/manuscript/recipies/template.md @@ -10,6 +10,7 @@ Details 1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md) 2. [Traefik](/ha-docker-swarm/traefik) configured per design +3. 3. DNS entry for the hostname you intend to use, pointed to your [keepalived](ha-docker-swarm/keepalived/) IP ## Preparation diff --git a/mkdocs.yml b/mkdocs.yml index ab0f6d0..98fa188 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -48,6 +48,7 @@ pages: - Piwik: recipies/piwik.md - Wekan: recipies/wekan.md - Tiny Tiny RSS: recipies/tiny-tiny-rss.md + - Portainer: recipies/portainer.md - Reference: - OAuth Proxy: reference/oauth_proxy.md - Data Layout: reference/data_layout.md