Deploy Portainer via docker swarm

Installation Guide

  1. Copy the portainer stack on the master node

curl -L https://downloads.portainer.io/portainer-ee-agent-stack.yml -o portainer-agent-stack.yml

2. Modify the portainer-agent-stack.yml file with the community edition & remove versions

# By default
  portainer:
    image: portainer/portainer-ee:<version>
	
# Modify to:
  portainer:
    image: portainer/portainer-ce

Note:

If you have already deployed this it will deploy the EE Database edition that is not compatible with CE

  • You will have to delete the portainer data:

By Default:

/var/lib/docker/volumes/portainer_data

To avoid this issue modify the volume to be in current working directory in portainer-agent-stack.yml

volumes:
      - ./portainer_data:/data

3. Deploy the stack

docker stack deploy -c portainer-agent-stack.yml portainer

By Default this will install the portainer agent on all the subnodes and should be available on port 9000

4. Secure with SSL

  • Create overlay network

docker network create --driver overlay portainer
  • Generate Certificate

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout portainer.key -out portainer.crt
  • Create Secrets for Key and CRT

# Syntax:
# docker secret create <secret_name> <file_name>
docker secret create portainer.cer portainer.crt
docker secret create portainer.key portainer.key
  • Modify Swarm file

Example:

version: '3.2'

services:
  agent:
    image: portainer/agent
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - agent_network
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == linux]

  portainer:
    image: portainer/portainer-ce
    command: -H tcp://tasks.agent:9001 --tlsskipverify --ssl --sslcert /run/secrets/portainer.cer --sslkey /run/secrets/portainer.key
    ports:
      - "9000:9000"
      - "8000:8000"
    volumes:
      - portainer_data:/data
    networks:
      - agent_network
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.role == manager]
    secrets:
      - portainer.cer
      - portainer.key

networks:
  agent_network:
    driver: overlay
    attachable: true
  portainer:
    external: true

volumes:
  portainer_data:

secrets:
  portainer.cer:
    external: true
  portainer.key:
    external: true
  • Run deployment again

docker stack deploy -c portainer-agent-stack.yml portainer

Resources:

Last updated