Monday, September 25, 2023, Norbert Rothers
Some people may have multiple computers running Docker containers. I have already shown in a previous article that you can manage these containers nicely with Portainer.
However, if, like me, you have multiple computers on which services run via Docker, it is possible, but not very convenient, to install Portainer on all computers. Who wants to log in on every computer if this can be avoided?
The best option is the Portainer agent, which is also a Docker container, but only exists to establish a connection to a top-level Portainer instance.
All we have to do is start the agent on the host we want to manage. The Portainer Agent forms the interface from the Portainer to the Docker service of the host to be managed. The Master Portainer instance can be found on either a PC or a single board computer such as a Raspberry Pi.
The Portainer agent can be set up as follows:
docker run \ -d \ -p 9001:9001 \ --name portainer_agent \ --restart=always \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/lib/docker/volumes:/var/lib/docker/volumes \ portainer/agent
In this case, the agent is restarted automatically every time (always). Port 9001 is being used and you should make sure in advance that it is not being used by another service. If so, simply change the left of the two numbers “9001” in the script.
After installation, you can begin integrating the agent(s) into the master instance of Portainer. In previous versions of Portainer, the element was called Endpoints, and now the element is called Environments
So select “Environments” under “Settings”.
Then go to Add Environment
Portainer Agent usually appears pre-selected automatically
The name can be chosen arbitrarily but the IP address and port may need to be modified.
Our new service will then appear in the list:
You can now connect and make all the settings you can with your local instance of Portainer.
For the sake of completeness, it must be noted that it is also possible to use the Docker API. However, the open Docker API represents a potential attack point. Anyone can take over this connection. This is not possible with a Portiner agent. When you set up a new endpoint, the Portainer and the Portainer proxy exchange the certificate. After that, communications are only possible using this certificate.
More on the topic in the documentary Porttainer:
“Subtly charming coffee scholar. General zombie junkie. Introvert. Alcohol nerd. Travel lover. Twitter specialist. Freelance student.”