Portainer system architecture

A brief overview of the how Portainer works under the hood.

Portainer_Illustrations_Data sheets
portainer features_observability

How Portainer works

Portainer is a ‘universal’ service delivery platform for containerized applications. It can be deployed inside any Kubernetes, Docker or Docker Swarm environment and, once deployed, can be used to simplify deployment of containerized apps, triage performance problems and manage platform governance. Portainer can be deployed on-prem, in the cloud, across hybrid cloud and at the edge, uniquely giving users visibility of multiple container environments through a single interface.

Portainer is distro-independent and thus does not allow you to create clusters however that process is getting easier thanks to bootstrapping tools. Of course, cloud providers make this process completely invisible, which explains why we’re big fans of cloud providers like Digital Ocean

The Portainer platform consists of the Portainer Server and the Portainer Agent. Both the Server and the Agent run in containers inside your environment. An instance of the Agent must be deployed on every node in your cluster(s) and configured to talk back to the central Server for Portainer to operate. A different, lightweight version of the Agent is required for edge deployments to communicate back to the server across multiple networks.

For more on deploying the Server and the Agent view our install documentation.

Portainer is accessed through any web browser over HTTPS. Role permission are all controlled via the fully integrated RBAC engine to ensure no one gets access to functionality they shouldn’t have. Portainer CE supports basic RBAC with 2 roles and Portainer Busines Edition supports a far richer set of roles.