You can read the show notes and listen to the podcast here
Michaela: Welcome back to the show. And today, we're gonna be looking at using Portainer doc IO for Docker container management and I'm here with Neil Cresswell. He's the co-founder of Portainer IO. And he also founded a Docker consulting company in New Zealand and he's got a cloud Docker fantastic company in Indonesia. Hope I’m [inaudible] [00:23].
Neil: Yeah, that’s right.
Michaela: And Portainer is the leading way of managing all your Docker instances. So if you've got ColdFusion apps running in Docker. This lets you manage all the containers, the images, you’ve got logs, consuls, how you create containers, look at the images you're creating them from. Basically everything to do with Docker you can do it from within here and it is open source. So it's free to get and it's been downloaded 240 million times ten million downloads a week of Portainer IO are happening. So it's a very popular thing. Well we'll check in out. We’ve gonna drill into some of the details this. And Neil is talking at into the box in April, so you can see him in full detail there. So welcome Neil.
Neil: thank you
Michaela: So just to help us understand what exactly is Portainer IO and do I need just keep the IO on the end of the name? I know there’s IO in your website.
Neil: No, you can drop that.
Neil: Yeah, that’s it. So the purpose behind Portainer was that provide a human friendly way of managing Docker. When I first got exposed to Docker I had months of migraines. It is an amazingly powerful tool. But it requires you to have a brain that’s the size of a planet to understand, and comprehend, remember all of the command line arguments. There's no command line pre-validation.
You simply have to know the commands, press enter, and hope you’re right. I found that for developers who are used to working in that kind of operating model you know… then Docker was gonna be very easy for them to use. But everybody else you have the other 95 percent of the people in IT that they needed a much simpler way to drive and interact with Docker. So that's why we created Portainer. It was a mechanism that the average IT person can interact with Docker and drive it fundamentally.
Michaela: So it's basically gives you a graphical user interface onto your whole Docker swarm of instances.
Neil: Yeah when the… so the initial command line you use to start Portainer should be the very last command line that you have to enter into Docker. Once one Portainer is up and running, you can do every single feature or function that you can do in a command line inside [inaudible] [02:56] U.I. and we've actually humanized that. We’ve humanized the inputs, we’ve humanized the responses, and the error messages so you know what's going on. And we make it very, very easy to create complex environments with a click of a mouse.
Michaela: So do you have to have hundreds of Docker containers to use Portainer or could you just have one container or?
Neil: No, so we support a standalone Docker host. So you can have a single instance of Docker running on a [inaudible] running Portainer and managing one or two containers with quite a few people running Portainer on the … systems at home. You can run it on Docker swarm and environment standing hundreds of hosts and thousands of containers that's pretty much every possible UI scenario you can imagine we've already covered. We actually even support the V.M. way and the right containers version of Docker. So you can even choose to run Portainer on top of … as well.
Michaela: So you can use it in your development environment, you can use it in production.
Michaela: It handles either way.
Neil: And an even better emitting you can have a single instance of Portainer that covers both [inaudible] and you can use our internal roll basics control Sigman environment between production and …
Michaela: Oh! So you can have multiple Docker swarms you manage through this?
Neil: Yes, so this is on to be a single UI to manage all of your Docker environments. So you don't have to have multiple copies of Portainer running. You can have a single copy and that one instance of Portainer can manage any number of pin points. So they are either any number of standalone Docker hosts. So any number of clusters.
Michaela: So just in theory in the future if the whole internet was running in Docker, you control the whole internet from one copy of Portainer.
Neil: In theory. That would make some enhancements to the U.S. But yes, in theory.
Michaela: Yeah, so let's just talk about some of the things that you can look out. I obviously you can get a list of all the containers you have. What can you see in those containers?
Neil: Well inside those containers they are simply running processes as you'd imagine. And if you want to interact with a container that is running, you would need to run Docker commands to attach to the running container or run a command inside it. We get the ability to very quickly launch a console and UI inside the container and you can run with it the command you want. You can see real time performance that you can see real time logs, you can pause the logs, you can expose the log files, you can very, very precisely manage a lot of running container.
Now obviously as we move forward containers are gonna become less relevant because with Docker swarm you're talking about services and stacks not containers. So we have very similar features for stacks and services. So you can manage and monitor a service or a stack.
Michaela: Great and for listeners who haven't really used Docker basically is a virtual machine. So you can think of Portainer as like a control center fuel, virtual data center you're implementing in Docker. Is that fair [inaudible] [06:33]?
Neil: That's the point. We give you the ability to manage the underlying Docker hosts that are running the containers as well as the containers that are running within the environment. So we can see the host, we can pause them for maintenance, you can see the resources. You can basically manage anything you like with that into the host as well as all of the containers themselves.
Michaela: And does it matter where those containers are located? You know which cloud service or?
Neil: No and that's actually the really good thing about Docker. Docker is a technology that runs above the line. So we're actually running the infrastructure is irrelevant. It can be inside your data [inaudible] [07:16], it can be in Google, it can be in Amazon, it can be in [inaudible], it can be anywhere. As long as the Docker hosts can route to each other, we can form a Docker cluster and that cluster can [inaudible] Portainer. Even better it doesn’t have to be the same operating system. You can have some of the hosts running windows, some are running Linux and though they'll still form a single cluster.
Michaela: And where does Portainer itself run? Is it in a Docker container itself or?
Neil: Of course, of course. And it's about ten megabytes in size. So for … we do. It's a very lean container that runs. It's based off the scratch by its image which means that there is nothing inside it though it is very, very secure, very small effects surface, very lean.
Michaela: Yeah, I imagine security is pretty important because if you're controlling all these containers, someone with evil intent can do naughty things if they could get in there.
Neil: What's intriguing is we have actually taken what is a relatively weak security model from Docker. Because with Docker security you all the actual Docker daemons. You either open it to everybody which means anybody who knows the IP address of the Docker host can cause havoc and you see that quite often with the crypto mining hijacks. But the only other option is that you actually secure the Docker daemon with the LS and then you have to share these TLS sets with all of your developers.
But again if you have the search, you can do anything. There is no way to partition a Docker host to say this user can do this and this user can do that. There’s no way. So we actually took that shortcoming and added that capability into Portainer. So as long as Portainer is the only system that has a TLS [inaudible] for your host, there is no chance of anyone getting into the host directly. All interactions will be via Portainer, and via [inaudible] and exit control. You have muted yourself.
Michaela: Sorry, a lot of hackers would love to get control of a bunch of Docker containers. So definitely a good thing.
Neil: There are some serious crypto hacking things out there where people are actually spending out Bitcoin miners on exposed Docker hosts and generating a lot of money. So you definitely do not want to be running Docker open. And even if you do actually security it…
Michaela: What! That's rather …
Neil: [Crosstalk] [10:03] be okay.
Michaela: That's a clever idea because the biggest cost involved in crypto mining is the electricity in the machine. So if you can steal someone else's Docker containers then you’ve got… It doesn't really matter how slow it takes you to generate those coins.
Neil: Yeah in effect I just saw on Twitter a little while ago that over themselves were hacked and someone actually injected their crypto miner on their Docker environment.
Neil: And it just comes back. You really, really have to be careful to adequately secure your environments and then secure it in such a way that no one has unlimited access to the Docker daemon. And the only way of doing that is with Portainer or what other paid options.
Michaela: Well and Portainer being free it seems to me be a better option.
Neil: Yeah and obviously there are some people who would like the benefits of docker in a prosecution with the full effects. You see pay option. Portainer is [inaudible] [10:05] complete the viable is technically equivalent … But yes [crosstalk].
Michaela: Great! Now you mentioned Stats earlier. Can you see the C.P.U. usage on each container, and how much memory it’s using, or what?
Neil: Absolutely, so we can see in real time the C.P.U. usage. We can see the memory usage, and we can see the [inaudible]. We can also see county running processes inside the container. And we can actually take action if we need to. We can clear or restart a container if need be.
Michaela: Now I know you said you can see the logs of what's going on in a container. What about if a process just dies? Do you get to get a post-mortem on the container to find out what happened or?
Neil: Kind of and it depends how well that person who built the original container image has built it. If they have built it and are accurately capturing their era logs then yes we would say that. If not, then obviously, we're also blind. A lot of it comes down through the quality of the actual container images and I always recommend that if people are using container images that other people have created, they have images created by Vinda as opposed to the community. That was credible at Vinda. There’s actually been a degree of diligence gone into ensuring that the container is correctly logging.
Michaela: Now if you kind of… if you see that a container has got a little out of control, can you kind of log into it, and kind of poke around yourself or?
Neil: Absolutely, so you can just bring up the consul and then you’re inside the console of the container and you can run any kind of command you want to. Or if you really just wanted to smash it with a hammer, you can click on the container and just click restart. And within a few seconds, it's date on and up again.
Michaela: Now can you automatically control when containers get started up based on load. Like some of the swarm solutions out there or is not part of this?
Neil: No, there’s no other scaling capability inside the Docker API. So Docker lets you manually scale up and scale down by running a command. But there’s no other scaling. That is something we're gonna add. We're gonna have extra integrations monitoring a performance and as performance changes, we wanna automatically scale. But at the moment no, it's [inaudible] [13:33].
Michaela: Okay, but great that you're gonna have that in the future. And then what about container creation? Can you control all that or do you have to go back to command line for that or?
Neil: No, the whole thing is [inaudible] [13:47]. So we basically let you build an image. So if you had created a Docker file and a Docker file is fundamentally a description of how to build an image. We will let you take that file and build an image from it. So you can go into Portainer images section and click build image, paste in your Docker file or link to it and it will build you an image.
From that image, you can then deploy the container or the [inaudible] service. You can scale it and you can commit any changes you make in that running and then a back as an image, you can push the image up to a [inaudible]. It's pretty much limitless. As I said before, once you run Portainer, there is absolutely no need to go back to the command line.
Michaela: Great! And what about volumes and networks? Can you control those too or?
Neil: Yes, so we have full control of any of the inbuilt volume management. So Docker volume management and Docker networking management. And we also integrate with the Docker plugins. So if there are any third party plugins for storage management or network management, you can also manage those from a Portainer. And we actually have released the integration with a company called Storage.com which is where you can actually now manage every element of the underlying physical storage from Portainer as well.
So not only can you manage your persistent volumes, that you can now also manage the underlying storage environment too. And we have a very similar aspiration to do that for networking as well. So using external network plugins be able to manage the physical networking as well as just the over lining networking.
Michaela: And then what about if you've got a cluster of containers; a swarm? Can you manage that or?
Neil: Absolutely, so you can manage the entire swarm instance which includes managing the managers. The tuning which is the leader managing the workers. You can train workers so that they… any running container is stopped and [inaudible] ask where. Or you can pause the workers so that no new containers are started. You can also apply labels to containers to host. So you can basically create some human friendly labels that say this host is has high memory, this host is licensed for remarks of Sequel or Oracle. And then when you start a container or a service, you can then apply a constraint that sees only start on a host that has this matching label. So that gives you very fine ground control.
Michaela: Well it sounds amazingly. How easy is it to install it?
Neil: A single command line. So it would take you not even three seconds to get it running. Docker run/ [inaudible] colon 9,000 Portainer and to get it running that is much basic. But yeah, it’s a single … come on line and up it comes.
Michaela: Now I know it's open source, but what about documentation or support? Does that exist at all or?
Neil: Yes, so we have everything documented on Portainer dot [inaudible] [17:18] the docs.io. So we have a … in there. We also have a … file of API. So anything you can do inside the UI, you can also do through RI and API. And that's all in … We also have a theory at the slack group; Portainer.slack.com, which is where most people would come for interactive support with us. And both myself and Anthony my fellow co-founder, we both actively answer support questions in there
Michaela: Great! So anything else we should know about Portainer?
Neil: We are aiming to… Well we have relatively grand aspirations to be this central hub of control. So we want to be the glue in the middle of every single Docker …the one that's this single UI that lets you manage not only your containers and your host and swarm, but also the physical infrastructure. But we also wanna have a single interphase … that is for monitoring the actual container availability and alerting on performance. We wanna be able to monitor security between containers.
We wanna be able to accurately manage centralized logging for all of the containers. We wanna have integrations with CICD. So we wanna be this hub in the middle of everything. So you only have to logon into Portainer as your single dashboard for your entire marker service platform. So much, much more than just being a simple Docker UI. We wanna be this marker service your coordinator UI.
Michaela: Well micro services are a very cool way for future development in software. So I think that’s exciting you doing that. Now are there any other competitors to Portainer or?
Neil: There are a few and there on nine. But there are. We've had a few full down in the past. When we first started they were shipped out impediments with the two really the active other products in the market as well as Docker UI. All three of those products now no longer really ceased to exist. There are a few other Docker swarms centric UI tools and they don't have anywhere near that the market penetration we do at this point in time. I'm hoping that we can keep reading the markets. Obviously, the market is still very focused on [inaudible] [20:15] so as opposed to swarm. We are very swarm centric at this stage.
Michaela: Does Portainer work with [inaudible] [20:21], or is it somewhere?
Neil: Not at all. Not at all.
Neil: And that's something we are considering. However there are so many … UIs out there we would have to have a real clear point of difference for that to be worthwhile.
Michaela: Makes sense. So you are really involved in the Docker world. You run a consulting company that helps people with Docker, you help found a Docker container, service provider, you co-founded Portainer.io. Why are you so proud to use Docker?
Neil: Because at that is simply amazing. It's just solves so many problems. I was working with V.M. based technologies for 20 years and I thought that was amazing. This is the whole next level at the takes away some many issues that people have around trying to share or standardize environments. Docker in my view is technology finally catching up with marketing. Marketing for a very long time has basically talked about hybrid cloud in the ability to move workload seamlessly between data [inaudible] [21:42] and environments.
It just wasn't really possible whereas with Docker, it’s completely possible. That makes a very, very easy for a spin off environments and scale, and it really does align well for this whole edge all mindset of let's try things … Docker let’s you do that. If you still stuck in a world of virtual machines, it's very much more legacy inspector and it's nowhere near as done in it.
Michaela: So what do you think it would take to make Docker even more alive this year?
Neil: I think that Docker is going to go crazy with the community supports. So with Docker communities and through their inner presidential products, I think it's going to really commoditize the whole orchestra layer. But the last almost two years, it's been this fall that … formal communities which is better. And it's so no real purpose. Each of them had their own unique strength and whiteness. So it rather being at the back links on swarm versus communities, that Docker said, “Well let's just run both of them.” Because that that is not a real value.
The real value is on everything around it. And we embrace and use this technology to build micro services as opposed to an argument around the orchestrator. So now that Docker kind of killed the argument, I think it’s gonna be much more focused on all of the ancillary products that help make Docker better and more partly interested and … operations as opposed to this thing that is that's the … at their request all of the if thing in the OPs thing then being told from this. Now OPs they were going to have to be empowered with tools to actually run this thing and the production.
Michaela: Now we mentioned earlier you're getting about ten million downloads every single week and there's 240 million downloads; a total of Porter IO. How does that compare to the total Docker universe? Is there any measurement of how many?
Neil: I have no idea. I obviously asked Docker many times if there was a better way to see download [inaudible] [24:07] and Docker had max's out at ten million downloads. So you can actually write and rank all of the Docker image providers. But basically it stops at ten million. So when we got over ten million, I asked Docker, “Is there a way to change your matrix so you can show when people are achieving 50 million, 100 million, 20 million, 500 million, a billion?” And there's not. So there's no easy way of saying who are the real winners with regards the market here.
Michaela: Yeah, it’s not like YouTube where you can have a billion downloads. It’s ten million and that it.
Neil: It's also very hard to monetize those downloads as well. You know Docker have a completely [inaudible] [24:57] anyone can download the images and without paying a single thing.
Neil: It would be very good for Docker there extends the Docker console concept so that it was… you could charge a token amount for a download because obviously we self-funded all of it [inaudible] capital. And that would be very nice to get at least a token amount on the every download to help us through the development.
Michaela: Maybe they need to create a Docker token and have an ICO and they can [crosstalk] Docker token soon.
Michaela: They can call it Docan maybe.
Neil: [Laughing] Dofin.
Michaela: Dofin, there you go. So I know you're going… you're flying a long way to Austin Texas from either New Zealand or Tecate.
Michaela: What are you looking forward to at into the box?
Neil: I am looking forward to sharing just how easy we can make Docker. It still astounds me how many people are using Docker either as standalone host mode if they let you embrace swarm, or if they happen by swarm they are really trying to figure out how best to use it. There are no real discrepancies. So I'm really hoping I can share my own experiences and also help people and use Portainer to and adhere to best practices for what the going services and bones and networks.
Michaela: If someone was thinking of trying this, what… I know Portainer itself is free. But what other costs will be involved in setting up a small developmental production set of instances?
Neil: Well not much at all. You can actually run this across some [inaudible] [26:52] APIs. So if you wanted a real … cost then go buy … API. Otherwise, you can just go to demo. [inaudible] . io and run online demo.
Michaela: So that's a free demo you get…
Neil: If you're online you can view you basically to use the environment it is not actually restricted anyway. And in fact, we quite often have users breaking out demo environment. But we chose not to actually look at them anyway. So you can fully experience what it's like to manage an environment. But every 30 minutes, it actually reads it. So you're free to do anything you like for 30 minutes then it’ll basically reset again.
Michaela: Got it, so you really can't mine too many Bitcoins at that time.
Michaela: Well great! So if people wanna find you online, what are the best ways to do that. So PortainnerIO Twitter feeds, Portainner.slack.com for support. We are very active on Twitter; very interactive, so you can ask us anything. There's also… we have a very good music community and those users have created a lot of blogs articles. They've created a lot of YouTube videos and we try to share those through [inaudible] [28:26]. So if you're just starting out and you wanna watch a video, either search for Portainer on YouTube or come to Twitter and you'll go see all of the links. I’ll put it out.
Michaela: Great! Well thanks so much for coming on the podcast today, Neil.
Neil: No problem, I can’t wait.