What can I do with Portainer?
Portainer is a one-stop shop for managing your containerized environments, providing a massive amount of functionality in both our Community and Business Editions. We often hear from our users, “Wow, I didn’t know Portainer could do that!” So here’s a list of what you can do with Portainer.
Community Edition
Our free and open source product
BUSINESS EDITION
Our premium edition built for organizations
Deploy containers
Create containers / stacks / services
- Using guided forms
The core reason why Portainer was created in the first place, form-based container creation makes it easier for a user that is not experienced with Docker to spin up a container, reducing the barrier to entry for containerization.
- From YAML files
- From a Git repository
- Relative path support for Git stacks (Docker/ Swarm only)
Often when deploying a stack you'll want to pre-populate your container's file system from your Git repository into pre-defined relative paths. In Portainer Business Edition, you can do this by enabling the relative path volume option on stack deployment and defining a local filesystem path for where to store the files.
Use Portainer app templates
The “vending machine for containers” approach, templates provide the user with easy “one-click” provisioning of containers based on preconfigured templates we (or others) supply, once again reducing the barrier to entry for containerization.
- Create your own templates
Extends the app templates system to allow users to provide their own templates, which is useful for an admin user preconfiguring custom container setups for their users.
- Use pre-made templates
Extends the app templates system.
Triage and remediate
View a container's status
Easily see which containers and services are running or stopped, healthy or unhealthy, from the list view and within the container or service details.
View container logs
When there are issues with a container, the first stop should always be the container’s logs. Portainer makes it easy for a user to view and search the logs of their containers through the UI without having to resort to a CLI command.
Access container consoles through Portainer
Alongside log viewing, the ability to connect to the console of a container can be very helpful when troubleshooting an issue with your container image. Console access via a GUI is much easier than a CLI command.
Adjust container resource assignments
Define the memory and CPU available to your containers on a per-container basis. Sliders within the UI make it easy to specify how much to reserve based on the total resource of the host.
Clean up unused objects in your environments
The Portainer UI makes it straightforward to identify the objects (containers, volumes, networks, etc) within your environment, and as a result makes it easy to spot things that could be removed, reducing clutter and resource usage on your environments.
Manage the lifecycles of your applications
Manually update through the UI
If your application is not managed using automation, or you simply need to manually make a change, you can do so through the Portainer UI as required.
Webhook support (Docker/ Swarm only)
Portainer provides the ability for you to trigger an action on your container, service or stack in response to an event, for example a push to your upstream repository. With webhooks you can redeploy your application automatically as part of your CI/CD flow, ensuring you're always up to date. You can even pass through environment variables to your deployment via the webhook which can be used as part of the deploy configuration.
GitOps
- Automate your updates
Take advantage of your existing automation and CI systems and trigger a redeploy of your container, stack or service through periodic automatic checks or through the use of a webhook.
- Store Git credentials
When you're using Git repositories to deploy your applications, you might find you're needing to reuse the same credentials for multiple deployments. In Portainer Business Edition, you can save your credentials for use in your deployments. Credentials are saved to your user account in Portainer, and are only usable by you.
- Set a change window
Don’t want your automatic updates to take place during work hours? With the change window feature you can set up a timeframe in which application updates are allowed to happen, and outside of this time frame automatic updates will not occur.
- Force redeployment (Docker/ Swarm only)
When your application is deployed from a Git repository, you can enable this feature to automatically keep it in sync with whatever is in the repo. This way, Git becomes your “source of truth”, so you can ensure you’re running the correct version of your application on your environments.
Platform Management
Use Portainer as a gateway/ proxy for other tooling
Leverage Portainer’s functionality within your own tooling with this feature. In BE, you can use this in combination with RBAC to limit what a user has access to, even through their own tools.
Manage container image registries
Using Portainer you can easily manage your image registries from one interface. With compatible registry types you can not only browse registries and their associated image repositories, but you can also manage and manipulate associated tags. With registry support for private Docker Hub accounts, AWS ECR, Quay,io, ProGet, Azure, Gitlab, and GitHub as well as custom Docker registries, all your images are available right in Portainer.
Update Portainer to latest version from in-app
Keep Portainer updated with a few clicks in the UI, instead of having to drop to the command line when a new version is released.
Docker management
- Manage Images
Push, pull, tag, build and browse the images on your environment easily through the Portainer UI.
- Manage Networks
View, create, update and manage the networks on your environment through the Portainer UI, and see what services are attached to those networks.
- Visual representation of Swarm nodes and services
Get a visual representation of your cluster and services through the Portainer UI, letting you identify the status of nodes as well as the services running (or not running) on them at a glance.
- Manage Swarm node availability
See which nodes are available in your Swarm cluster and easily change the availability of a node when needed (for example when maintenance is required on a node).
- Configure Docker security policies
Secure your Docker / Swarm environments to meet your needs by disabling functionality for non-administrator users through the Portainer UI.
- New image availability indicators
See at a glance whether your container images are up to date with what’s in the remote repository.
Kubernetes management
- Manage Volumes
Create, view and manage your volume configurations within the Portainer UI, including provisioner details and where volumes are attached.
- Manage Networking
View, create, update and manage the networking on your environment through the Portainer UI, including services and ingresses.
- Manage CPU and memory allocation
Specify the memory and CPU allocated to your applications through the Portainer UI. Sliders within the UI make it easy to specify how much to allocate.
- Use Portainer as a transparent Kubernetes API Gateway
Leverage Portainer’s functionality within your own tooling with this feature. In BE, you can use this in combination with RBAC to limit what a user has access to, even through their own tools.
- Kubernetes API Gateway: kubectl via Portainer
Drop to the kubectl command line without leaving Portainer if you need to run low-level commands, which access limited by the permission level of the user for added security.
- Create Kubernetes clusters on cloud providers
If you need to spin up a new Kubernetes cluster at a cloud provider, you can do so on-demand and to your specifications directly within Portainer.
- Create Kubernetes clusters on your own servers
With Portainer Business Edition, you can install and configure a MicroK8s Kubernetes cluster directly onto fresh servers from within the Portainer UI.
- Import existing Kube environments via kubeconfig
If you have an existing Kubernetes cluster you’d like to manage with Portainer, a kubeconfig file may be all you need. You can import the kubeconfig file and Portainer will then connect and deploy the Portainer Agent into your cluster, allowing you to connect and administer the cluster straight away.
- Automatically deploy manifests to new environments
When setting up a new environment, specify a manifest to deploy to that environment when it first joins to Portainer in order to get you up and running faster.
- Direct YAML editing
View and edit the YAML used for your Kubernetes deployment directly in the Portainer UI. Useful if a quick change to your application config is needed.
- Perform rolling restarts
When redeploying an application after making changes, you can choose to do a rolling restart instead of a basic “stop and restart” redeploy to reduce the amount of downtime for your application.
- Manage resource quotas and overcommitment
Portainer allows an administrator to disable resource overcommitment on the Kubernetes cluster, as well as determine the percentage of resources to allocate to running Kubernetes within the cluster. This helps you maintain the health of your cluster, and ensure the system won’t be compromised by resource-hungry applications or misconfigurations. Set a quota assignment per namespace to enforce resource limits, ensuring your workloads have what they need to run efficiently.
- Manage storage quotas
Specify the maximum amount of storage that a namespace can use in order to control resource usage across the cluster.
- Set load balancer quotas
Set per-namespace limits on the number of load balancers available, allowing admins to manage potential costs on their environments.
- Enforce admin-only ingress creation
Restrict ingress creation to admins only, ensuring that admins have more control over the resource allocation within their clusters while still providing regular users with the ability to use the admin-created ingresses for their deployments.
- Enforce code-based deployment
Control how your users can deploy applications on your cluster by restricting access to the form-based creation method to meet deployment policy requirements.
Secure and monitor access to your environments
User management
- Create users
- Create teams
- Specify roles for each user or group with Role-Based Access Control
With Portainer’s role-based access control (RBAC), you can configure fine-grained access controls for your environments, whether they’re Docker, Swarm or Kubernetes. There are multiple roles available to choose from, each with their own pre-defined set of privileges, targeted at a range of different user types. Users can be directly (or as part of teams) assigned roles and can be given levels of access on a per-environment basis.
Use an external authentication provider
- LDAP
Portainer can be configured to accept Lightweight Directory Access Protocol (LDAP) authentication if your organization has implemented LDAP or Active Directory authentication. When users attempt to log into Portainer, the application will authenticate them against your LDAP directory or Active Directory. If authentication is successful, the user is allowed to log into Portainer.
- Preconfigured OpenLDAP template
In Portainer Business Edition, we provide a pre-configured template for use with OpenLDAP, as well as the option to configure a custom LDAP setup.
- OAuth
Integrate your existing OAuth authentication system with Portainer to provide for central user management across your tooling.
- Preconfigured OAuth provider templates
With Business Edition we provide pre-filled templates for Microsoft, Google and GitHub OAuth providers..
- Active Directory
If you’re using an external authentication provider such as Azure Active Directory, Portainer comes with preconfigured defaults to help you set this up quickly and without fuss. If you find you need to adjust these defaults for your particular needs, you can do that too.
- AD user auto sync
When using a Microsoft Active Directory authentication provider, Portainer supports the auto-population of users within Portainer from Active Directory, based on the configuration you set.
- Hide internal authentication prompt
With external authentication configured, you can opt to hide the option to log in with Portainer’s internal authentication, enforcing that logins can only be processed by your authentication provider.
Secure your environments
- Restrict access to the default namespace (Kubernetes)
With Portainer, you can restrict access to the default namespace, forcing users to deploy applications on a separate namespace. This ensures that applications are allocated the resources they need without conflicting demands, as well as providing the security of separate namespaces.
- Enforce admin-only secret viewing (Kubernetes)
With Portainer Business Edition you can restrict the viewing and editing of secrets within a cluster to administrators only. Non-admins will still be able to reference the secrets, but not view their contents or change them through the Portainer UI.
- Set Pod Security constraints (Kubernetes)
Restrict the access that pods have to the underlying environment, improving security of your deployments and environment, on a per environment basis through the Portainer UI.
- Hide anonymous Docker Hub
By default the Docker Hub (anonymous) registry is available to all users. If you would prefer to hide this from the registry selection, you can do so with Portainer.
Security logging
- Notification log
Missed one of the pop up notifications, or need to look back on the history? In Portainer Business Edition we have a log of all the notifications your user has received, so you can easily check what you might have missed.
- Authentication logs
Portainer provides a log of all user authentication requests, and journals the success or failure of each login as a record of when users engaged with Portainer. This log is retained for one week before being purged.
- Activity logs
- Export Auth and Activity logs
Portainer can be configured to stream it's activity and authentication logs to an external Security Information and Event (SIEM) system using the Syslog format. This lets you centrally manage your logs and aids in compliancy.
Portainer backup
- Download Portainer backups
- Back up Portainer to S3-compatible storage
Ensuring your Portainer installation is backed up is crucially important in a production environment, and Portainer provide the ability to back up and restore your instance both as a local file and via S3 to AWS or S3-compatible providers such as MinIO.
- Schedule automatic Portainer backups
With Portainer Business Edition you can schedule automated backups to your S3-compatible bucket directly from within Portainer.
Edge / IIoT
Community Edition
Our free and open source product
BUSINESS EDITION
Our premium edition built for organizations
IoT Onboarding
Provision Edge environments
Configure environments with the Edge Agent in order to manage environments and devices that are in remote networks or with limited connectivity.
Bulk device onboarding to preconfigure multiple devices ahead of time
When you have a large number of Edge Devices to provision, setting up each device individually isn’t feasible. With Portainer, a deployment script can be pre-generated ready for connection to Portainer on deployment.
mTLS for Edge Agent Communications
With mutual TLS (mTLS), you can add an additional layer of security to the Edge Agent communications by encrypting the traffic with certificates from your own certification authority.
Preconfiguring devices
- FDO
Boot your devices from scratch with an automatic provision of the Edge Agent configured for your Portainer installation.
- OpenAMT
Boot your devices from scratch with an automatic provision of the Edge Agent configured for your Portainer installation.
Waiting Room feature for bulk onboarding devices
The Edge Devices Waiting Room functionality lets you pre-load Edge devices with a script to deploy the Edge Agent and connect back to the Portainer Server without having to pre-configure the environments. Newly connecting devices go into a "waiting room", where an admin user would approve or deny those devices connecting to the environment. This is extremely powerful if you're deploying a large number of devices and aren't able to manually configure each one when they're connected for the first time.
IoT Deployment
Edge Stacks
- Deploy Edge Stacks to multiple devices
- Deploy from private image registries
Using Portainer you can deploy your workloads to your Edge devices from private registries in the same way you would any public image.
- Deploy Edge Configurations that your Edge Stacks reference
Deploy a file or set of files to your Edge Devices (all devices, specific groups of devices, or individual devices) that you can then reference from your Edge Stacks. This is useful when you want to include configuration files or other similar references in your stacks but independent from the stack configuration itself.
- GitOps for Edge Stacks
- Use relative path volumes when deploying Edge Stacks
When deploying an Edge Stack, pre-populate your container's file system from your Git repository into pre-defined relative paths by enabling the relative path volume option on Edge Stack deployment and defining a local filesystem path for where to store the files.
- Use Edge Stack versioning to retain or roll back to older deployments
With Edge Stack versioning, Portainer retains a copy of your Edge Stack's previous configuration when you deploy an update. You can roll back to this configuration on demand if you run into issues with your deployment.
- Pre-pull images when deploying
Specify in your Edge stack to pre-pull needed images on deployments, which tells each device that it needs to successfully pull the images before proceeding with the deploy, reducing the amount of deployment issues you might run into.
- Retry deployment when deploying
With retry deployment enabled on your Edge Stack, Portainer will keep trying to redeploy your stack if it runs into deployment errors. This helps to avoid failed deployments when a connection to the edge device may be unstable or unreliable.
- Stagger your deployments and/or updates in groups
Choose to roll your Edge Stack updates out in a staggered manner across your devices, either in predefined group sizes or exponentially larger groups. You can specify how long to wait in between groups, and how to act if a deployment to a group fails.
Edge Templates
Pass-through host environment variables
Often across a fleet of Edge devices you may need to customize the configuration based on the specific device (for example, a physical location tag). The Portainer Edge Agent allows you to pass environment variables from the host through to the Edge Agent’s container environment, letting you take advantage of host options within your stacks.
IoT Management
Edge Groups
- Manually organize your Edge environments into groups
- Dynamically group Edge environments by tags
Edge Jobs
Run one-off or scheduled jobs on your Edge environment hosts via the Portainer UI (Docker Standalone only).
Manage Edge environments directly (via the tunnel functionality)
When you need to manage your Edge environment directly you can choose to open a secure tunnel between the Edge Agent and Portainer. Once established, the Edge Agent environment can be managed just like a standard Agent environment through Portainer.
Use async mode with your Edge environments
Portainer Edge Agents can be configured to function in async mode, disabling the tunnel between the agent and the Portainer Server and letting you define the communication intervals between the Edge Agents and the Portainer server. This lets you customize your communications to suit your requirements and restrictions.
Remotely update the Edge Agent installations via Portainer
With Portainer Business Edition you can remotely update your Edge Agent deployments directly within the Portainer interface, making sure you have the latest Portainer features and fixes on your environments no matter where they are in the world. Updates can be scheduled to run at a time that suits you best.
Frequently Asked Questions
Here's some of the common questions we get asked. If you don't find the answer you are looking for, please Contact Sales or Contact Us.
What do you mean by Node?
A “node” can be described as a “server” (whether this is an actual physical server, a VM, a Raspberry Pi, your desktop or laptop, an industrial computer, or an embedded computing device) that is capable of running containers (via Docker, Kubernetes or another orchestrator) which is either running the Portainer Server or is under the management of a Portainer Server installation.
View “What’s a Node for licensing purposes?” for more information.
We also offer a range of pricing for different node sizes:
- For Edge Compute nodes; Edge Server (<= 16 cores), Edge Gateway/ Industrial/PC (<= 10 cores), Edge Linux PLC/ Mini PC (<= 4 cores) or IoT Sensor nodes (<=1Ghz).
Do Docker, Swarm and Kubernetes require different licenses?
No. A single Portainer license supports container management across all orchestrators and environments.
What edition is right for me; Community Edition or Business Edition?
Portainer Community Edition is our free and open source version, most suited to individuals or small self-managing teams. It is community supported. CE is perfect for home lab use and learning how to manage containers.
Portainer Business Edition is our premium offering that includes features for Security, Access Management and Permission, and Auditing, making it more suitable for organizations.
For more information visit: Portainer Community Edition vs Portainer Business Edition, What's the Difference?
Can I move between Community Edition and Business Editions?
Upgrading from Community Edition to Business Edition is as simple as deploying the Portainer Business instance instead of Community Edition, reusing all of your existing database/settings.
Downgrading from Business Edition to Community Edition can be tricky. Please visit Can I downgrade from Portainer BE to Portainer CE on our Knowledge Base to ensure you follow the correct process.
