and Security


Platform Management

The ability to set up, manage and configure a containerized environment is central to the Platform Manager's role. 

Portainer's platform management functionality allows engineers to both configure the orchestrator and then set up configuration 'rules' which define what users of the platform (typically developers) can and can't do inside the environment. 

platform management_registry management-67

Registry Management

Portainer lets you define any number of container registries - public or private, secure or open - and then allows you to assign access to users. Only authorized users are able to pull/push from any given registry which makes Portainer a great way to secure access to your internal container image repositories and a simple way to define and secure access across your organization.

Portainer lets you browse and interact with the remote registry, performing tasks such as image retagging, or deletion; this feature removes the need for additional 3rd party registry management tools as you can perform all essential image management functions from Portainer. Learn more about Registry Management.

Portainer BE Icons_storage management

Storage Management

Managing persistent storage is a challenge in any containerized environment, given the differing needs of applications. Portainer makes the provisioning and management of storage very straightforward for users. 

Docker provisioning

From a provisioning perspective, Portainer supports the creation of persistent volumes against either a local path on a docker host, or a CIFS share, or a NFS mount.

Volume Browsing

Portainer provides authorized users with the ability to browse the persistent volumes attached to containers. Users can interact directly with the volume content, either uploading/downloading files, or renaming/deleting.

Kubernetes capacity management

In a Kubernetes environment, Portainer allows users to specify the maximum size of their requested volume when created. It then allows the administrator to expand the capacity allocated to their persistent volume. In addition, Portainer displays all volumes for a given backend storage type so as to visually show the allocated capacity.

Portainer BE Icons_cluster management

Network Management

Making sure applications are properly networked within clusters is critical and Portainer makes it easy. For Docker, you can create and use additional bridge, overlay, or MACVLAN networks.  For Kubernetes, you can configure and use Ingress and Load Balancers across the cluster.

Kubernetes: Application load balancing

Portainer allows users to publish their application via a Kubernetes Ingress controller (reverse proxy) which includes defining the http routes, rewriting headers, or performing SSL offload.

Kubernetes: Network load balancing

Portainer allows users to publish their application via a Kubernetes Load Balancer (or Swarm Ingress), which provides enables their application to be globally visible across the cluster.

Velocity Icons_Edge Device management

Kubernetes Cluster Access & Cluster Create

We've integrated Kubectl into Portainer natively to help users troubleshoot Kubernetes applications without having to leave the Portainer UI, This also allows expert users to use advanced Kubernetes features and functions not yet supported inside Portainer.

If you are a user of Civo, Linode or Digital Ocean's managed cloud Kubernetes services you can now create clusters from within Portainer. Learn more.

Velocity Icons_Governance platform manag

Portainer as a proxy for third-party container environments

We’ve introduced the ability for Portainer to be used as a secured authenticated proxy into third-party container environments in CE 2.9.1. This allows Platform and DevOps engineers to integrate Portainer seamlessly with third-party CI/CD tools and build secure, end-to-end automated delivery workflows.

The new API proxy also allows Portainer users to retrieve the configuration files they need to connect the deployment/observability tools they like while reflecting the access and permissions set by their administrator. This unlocks a new 'Bring Your Own Tool' paradigm that we're particularly excited about.