coleshaw
commented
1 year ago Should be able to set it up outside of Docker / NFS / etc, so it is still available even if the other nodes have problems. From a thread with Harry:
But according to this post, it is recommended to isolate it:
In production setups, we often recommend a separate "Portainer Server node" that runs the Portainer Server container and nothing else, with your production Swarm cluster running the Portainer Agent (which doesn't use any storage so isn't affected in the same way). Your Portainer Server node could be a Docker Standalone VPS, for example, completely separate from the Swarm. It's worth noting also that if the Portainer Server container goes down, this doesn't affect any of your other container deployments, as Portainer is acting as an "orchestrator" of sorts, meaning your running services don't rely on Portainer being there to function. If we wanted to try that, we could set up another node, though it's not quite clear to me from the documentation how you configure a standalone portainer to talk to the swarm nodes (except that you have to leave several ports open). But must be possible somehow, perhaps using the edge agents as described here.
Also, from the second link, seems like 4 CPUs is a good configuration -- also matches what I'm seeing in production. 2 CPUs just doesn't cut it.
Would be nice if portainer were served directly, instead of going through edge-apache. That way in case of failure, we can still manage the swarm.
@hgputnam , would this make SSL cert management more difficult? Or you would just use the same cert in two locations?