Share this post
Business Edition is free. Here's what that means.
Portainer Business Edition is free forever for up to 3 nodes. No trial period. No credit card. No feature restrictions. You get everything - RBAC, GitOps, registry management, audit logs, Kubernetes provisioning, SSO integration - on day one, at no cost.
This surprises a lot of people. The assumption is that "Business Edition" means paid, and "Community Edition" means free. That's not quite right. Both editions cost nothing for small deployments. The difference is what you get.
Business Edition gives you more features for the same price as Community Edition: zero dollars.
If you're setting up Portainer for the first time, for a home lab, a small team, or any environment up to 3 nodes, Business Edition is the right choice. You're not upgrading early or making a commercial commitment, you're simply choosing the version with more capability.
So what is Community Edition for?
Community Edition exists for a specific and legitimate reason: it is fully open source under the zlib licence, with no license key, no telemetry, and no dependency on Portainer's licensing infrastructure. Every line of code is public.
That matters to a subset of users. Open-source-first organisations, security teams with strict supply chain policies, air-gapped deployments where outbound license validation isn't possible, and developers who want to contribute to or audit the codebase all have good reasons to prefer CE.
If that's you, Community Edition is the right choice. But if you're simply looking for the easiest or most capable place to start, it isn't.
What Business Edition adds
For anyone managing containers in a business context - even a small one - the Business Edition features aren't "enterprise extras." They're the practical tools you'll reach for within the first week.
Role-based access control
The moment more than one person needs access to your environments, you need RBAC. Community Edition has a simple user system. Business Edition extends it into a full role hierarchy: Administrator, Environment Administrator, Operator, Namespace Operator, Helpdesk, Standard User, and Read-Only. Roles are applied per-environment, so a user can hold different permissions across different clusters. Teams are mapped to roles directly, which means access scales without per-user configuration overhead.
GitOps with change windows
Community Edition supports basic stack deployments from Git. Business Edition adds a full GitOps engine: automatic updates via webhook or scheduled polling, change windows that restrict when reconciliation is allowed to happen, relative path support, and stored Git credentials for smoother CI/CD integration. For any team running production workloads, this is the difference between manual deployments and a repeatable, auditable release process.
SSO and directory integration
Business Edition integrates with Active Directory, LDAP, and OIDC-compatible identity providers including Azure AD, Okta, and Ping. Pre-built templates accelerate configuration, and automatic user provisioning with group-to-team matching means onboarding is handled by your existing directory rather than manually in Portainer. Community Edition supports LDAP and OAuth in a more limited form without the AD support or provider templates.
Registry management
Rather than switching to a separate tool to manage your container registries, Business Edition handles registry management directly from the Portainer interface. Image update notifications are built in, so you can see when new versions are available without checking another system.
Kubernetes provisioning and kubeconfig import
Business Edition can provision new Kubernetes clusters directly on KubeSolo and Talos. It can also install MicroK8s on bare metal or virtual machines from within the UI. For existing clusters, kubeconfig import significantly reduces the friction of connecting them to Portainer. Resource quotas, quota enforcement, pod security constraints, and rolling restarts are all available within BE - the features a Kubernetes environment needs to be production-grade.
Fleet Governance Policies
As your fleet grows beyond a handful of clusters, consistency becomes the hard problem. It's not enough to configure a security baseline once at onboarding, you need to know that baseline is still in place six months later, across every cluster, regardless of who has had access in between.
Fleet Governance Policies is a Business Edition feature that lets you define security, access, and configuration standards centrally and automatically enforce them across your entire container fleet - across clouds, regions, and deployment models.
There are four policy types: RBAC, Security, Setup, and Registry. These cover things like restricting privileged containers, enforcing namespace-level role assignments, setting storage class rules, and constraining which registries a cluster can pull from. Portainer ships with prebuilt templates for production and development environments so you're not starting from scratch.
The enforcement model is what sets this apart from point-in-time tooling. Policies are continuously active - not just applied at onboarding. If a policy is manually removed from an environment, the Portainer agent detects the drift and reinstalls it automatically. When you update a policy centrally, the change propagates to every connected environment with that policy attached. New clusters inherit policies immediately on connection.
The alternative approaches all have meaningful gaps. OPA Gatekeeper and Kyverno operate per-cluster and require separate management at scale. GitOps pipelines don't enforce anything when they're not running. Cloud-provider tools are siloed by vendor and don't extend to hybrid or on-premises environments. Custom internal platforms work, but someone has to build and maintain them.
Fleet Governance Policies is infrastructure-agnostic. The same controls apply everywhere a Portainer agent can run.
Fleet Governance Policies requires Business Edition and environments running Portainer Edge Agent version 2.37.0 or greater.
Audit logs and compliance
Business Edition includes authentication logs and activity logs viewable within the UI, plus Syslog export for centralised log aggregation. If your organisation has compliance requirements - and increasingly, most do - this is a prerequisite, not a nice-to-have.
Commercial support
Community Edition is not supported. Business Edition customers have access to Portainer's support team, with 9×5 and 24×7 SLA options available. For anyone running production infrastructure, this matters.
The decision, stated plainly
If the last two rows are requirements for your use case, choose Community Edition. For everyone else, Business Edition is the better starting point - and the same price.
Getting started
Take 3 nodes free - no credit card, no expiry, full Business Edition feature set.
If you're running more than 3 nodes or want to talk through your architecture, get in touch with the team.
For a full breakdown of features across all plans, visit the Portainer Features page.
