From 00d55d7418e2c601dadb83f38a65d78e78e11d4b Mon Sep 17 00:00:00 2001 From: Matthias Date: Tue, 6 Nov 2018 01:27:57 +0100 Subject: [PATCH 1/2] Adds 2 slides dedicated to the portainer api. 2 major benefits of the API are 1. You will get a privilege management 2. You can use the API to deploy stacks on different swarms. --- slides/swarm/gui.md | 50 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/slides/swarm/gui.md b/slides/swarm/gui.md index 05796ba62..0d481df0f 100644 --- a/slides/swarm/gui.md +++ b/slides/swarm/gui.md @@ -49,3 +49,53 @@ What about web interfaces to control and manage Swarm? - Agent URL: `tasks.agent:9001` - Let's browse around the interface + +--- + +## Portainer API - Advanced privileges + +- setup a non administrative user + +- deploy an app template via portainer with only administrator rights + +- deploy an app template via portainer with rights for the created user + +- do `http POST :9000/api/auth Username="$USER" Password="$PASSWORD"` + +- now try to query the deployed stacks `http GET :9000/api/stacks "Authorization: Bearer $TOKEN"` + you will only see the stack with the user rights + +--- + +## Single GUI/API for multiple swarms + +- setup 2 swarms instead of one swarm with 3 nodes + +- install the portainer agent on both swarms + +``` +docker service create \ + --name portainer_agent \ + --network portainer_agent_network \ + --publish mode=host,target=9001,published=9001 \ + -e AGENT_CLUSTER_ADDR=tasks.portainer_agent \ + --mode global \ + --mount type=bind,src=//var/run/docker.sock,dst=/var/run/docker.sock \ + --mount type=bind,src=//var/lib/docker/volumes,dst=/var/lib/docker/volumes \ + portainer/agent +``` + +- now go to portainer and add both agents as endpoint + +- now you can deploy stacks via one api on multiple docker swarms + +- deploy a stack on swarm2 + +``` +http POST ':9000/api/stacks?method=repository&type=1&endpointId=2' \ + "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MiwidXNlcm5hbWUiOiJ1c2VyMSIsInJvbGUiOjIsImV4cCI6MTU0MTQ5MDg4OH0.9hVYxfSfdNAnQDRfEsH9-EcQkI9aL3beEmxJz8_6uOI" \ + Name="Voting" \ + RepositoryURL="https://github.com/BretFisher/example-voting-app" \ + ComposeFilePathInRepository="docker-stack.yml" \ + SwarmID="$SWARMID" +``` \ No newline at end of file From 8b1a7352d60d3912778097c5e7bc7cd78744cbf2 Mon Sep 17 00:00:00 2001 From: Matthias Date: Tue, 6 Nov 2018 01:44:00 +0100 Subject: [PATCH 2/2] Added an example for stacks you most likely want to restrict access to. --- slides/swarm/gui.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/slides/swarm/gui.md b/slides/swarm/gui.md index 0d481df0f..29fdb0764 100644 --- a/slides/swarm/gui.md +++ b/slides/swarm/gui.md @@ -65,6 +65,8 @@ What about web interfaces to control and manage Swarm? - now try to query the deployed stacks `http GET :9000/api/stacks "Authorization: Bearer $TOKEN"` you will only see the stack with the user rights +- you could prevent access for stacks like monitoring, log-forwarding and the portainer agent + --- ## Single GUI/API for multiple swarms