Introduction to Portainer
Start here 👉🏽https://www.portainer.io/
Documentation 👉🏽https://docs.portainer.io/
Portainer installation
In this demo, I will be running Kubernetes 1.22 using kind
Which is compatible with portainer 2.11.1
Let's go ahead with a local docker install:
cd kubernetes\portainer
mkdir volume-ce
docker run -d -p 9443:9443 -p 8000:8000 --name portainer-ce `
--restart=always `
-v /var/run/docker.sock:/var/run/docker.sock `
-v ${PWD}/volume-ce:/data `
portainer/portainer-ce:2.11.1
SSL & DOMAIN
We can also upload SSL certificates for our portainer.
In this demo, portainer will issue self signed certificates.
We will need a domain for our portainer server so our clusters can contact it.
Let's use nip.io to create a public endpoint for portainer.
Create Kubernetes Cluster
Let's start by creating a local kind cluster
For local clusters, we can use the public endpoint Agent.
We can get a public endpoint for the portainer agent by:
- Ingress
- LoadBalancer
- NodePort
So we'll deploy portainer agent with NodePort for local
For production environments, I would recommend not to expose the portainer agent.
In this case, for Production, we'll use the portainer edge agent.
To get NodePort exposed in kind, we'll open a host port with a kind.yaml config
kind create cluster --name local --config kind.yaml
Manage Kubernetes Environments
The portainer UI gives us a one line command to deploy the portainer agent.
Note that in the video, we pick the node port option.
Local: Portainer Agent
I download the YAML from here to take a closer look at what it is deploying
Deploy the portainer agent in my kind cluster:
kubectl apply -f portainer-agent-ce211-k8s-nodeport.yaml
See the agent:
kubectl -n portainer get pods
See the service with the endpoint it exposes:
kubectl -n portainer get svc
Now since we dont have a public load balancer and using nodeport, our service will be exposed on the node IP.
Since the Kubernetes node is our local machine, we should be able to access the portainer agent on <computer-IP>:30778
We can obtain our local IP with ipconfig
The IP and NodePort will be used to connect our portainer server to the new agent.
Production: Portainer Edge Agent
For the Edge agent, we get the command in the portainer UI.
Once deployed, we can see the egde agent in our AKS cluster:
kubectl -n portainer get pods
Helm
Let's showcase how to deploy helm charts.
Most folks would have helm charts for their ingress controllers, monitoring, logging and other
platform dependencies.
Let's add Kubernetes NGINX Ingress repo:
https://kubernetes.github.io/ingress-nginx
GitOps
So from the Application menu, we can add an application from a git repository.
Let's add this repo:
https://github.com/marcel-dempers/docker-development-youtube-series
We also specify all our manifests path that portainer needs to deploy:
- kubernetes/portainer/example-application/deployment.yaml
- kubernetes/portainer/example-application/configmap.yaml
- kubernetes/portainer/example-application/service.yaml
- kubernetes/portainer/example-application/ingress.yaml
Portainer will now poll our repo and deploy any updates, GitOps style!
Oauth Setup example | Business edition
Here are the values I used for the Oauth settings:
| Field | Value |
|---|---|
| Client ID | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
| Client secret | xxxxxxxxxxxxxxxxxxxx |
| Authorization URL | https://login.microsoftonline.com/<tenant-id>/oauth2/authorize |
| Access token URL | https://login.microsoftonline.com/<tenant-id>/oauth2/token |
| Resource URL | https://login.microsoftonline.com/<tenant-id>/openid/userinfo |
| Redirect URL | https://localhost:9443/ |
| Logout URL | https://login.microsoftonline.com/<tenant-id>/oauth2/logout |
| User identifier | unique_name |
| Scopes | openid profile |