portainer-mcp/DOCKER.md

# Docker Deployment Guide for Portainer MCP Servers

This guide covers how to build and run the Portainer MCP servers using Docker containers.

## Prerequisites

- Docker Engine 20.10+
- Docker Compose 2.0+
- Portainer Business Edition instance
- Valid Portainer API key

## Quick Start

1. **Clone the repository**
   ```bash
   git clone https://github.com/yourusername/portainer-mcp.git
   cd portainer-mcp
   ```

2. **Create environment file**
   ```bash
   cp .env.example .env
   # Edit .env with your Portainer credentials
   nano .env  # or use your preferred editor
   ```

3. **Pull images (or build locally)**
   ```bash
   # Option A: Pull from registry (recommended)
   docker-compose pull
   
   # Option B: Build locally
   ./build-docker.sh all
   ```

4. **Start all services**
   ```bash
   docker-compose up -d
   ```

## Individual Container Management

### Building Containers

Build all containers:
```bash
./build-docker.sh all
```

Build specific container:
```bash
./build-docker.sh core
./build-docker.sh docker
./build-docker.sh kubernetes
# etc...
```

### Running Containers

Run all services:
```bash
docker-compose up -d
```

Run specific service:
```bash
docker-compose up -d portainer-core
docker-compose up -d portainer-docker
# etc...
```

View logs:
```bash
docker-compose logs -f portainer-core
docker-compose logs -f portainer-docker
# etc...
```

Stop services:
```bash
docker-compose down
```

## Container Details

Each MCP server runs in its own container with the following configuration:

| Service | Container Name | Port | Purpose |
|---------|---------------|------|---------|
| portainer-core | portainer-mcp-core | 3000 | User management, teams, RBAC |
| portainer-environments | portainer-mcp-environments | 3001 | Environment management |
| portainer-docker | portainer-mcp-docker | 3002 | Docker operations |
| portainer-kubernetes | portainer-mcp-kubernetes | 3003 | Kubernetes management |
| portainer-stacks | portainer-mcp-stacks | 3004 | Stack deployment |
| portainer-edge | portainer-mcp-edge | 3005 | Edge computing |
| portainer-gitops | portainer-mcp-gitops | 3006 | GitOps automation |

## Environment Variables

All containers use a shared `.env` file for configuration. The docker-compose.yml file is configured to automatically load environment variables from this file using the `env_file` directive.

```yaml
# docker-compose.yml snippet
services:
  portainer-core:
    image: git.oe74.net/adelorenzo/portainer-mcp/portainer-core:latest
    env_file:
      - .env
```

See `.env.example` for a complete list of available environment variables with detailed documentation and troubleshooting tips.

### Key Variables:
- `PORTAINER_URL` - Your Portainer instance URL (required)
- `PORTAINER_API_KEY` - Your Portainer API token (required)
- `PORTAINER_INSECURE` - Set to true for self-signed certificates
- `HTTP_TIMEOUT` - Request timeout in seconds
- `MAX_RETRIES` - Number of retry attempts

## Docker Compose Configuration

The `docker-compose.yml` file defines all services with:
- Individual port mappings
- Shared environment variables
- Automatic restart policies
- Isolated network for inter-container communication

## Production Deployment

For production environments, consider:

1. **Use Docker Swarm or Kubernetes**
   ```bash
   # Deploy as stack in Swarm
   docker stack deploy -c docker-compose.yml portainer-mcp
   ```

2. **Enable health checks**
   Add to each service in docker-compose.yml:
   ```yaml
   healthcheck:
     test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
     interval: 30s
     timeout: 10s
     retries: 3
   ```

3. **Use secrets for API keys**
   ```yaml
   secrets:
     portainer_api_key:
       external: true
   ```

4. **Configure resource limits**
   ```yaml
   deploy:
     resources:
       limits:
         cpus: '0.5'
         memory: 256M
   ```

## Troubleshooting

### Container won't start
- Check logs: `docker-compose logs portainer-<service>`
- Verify environment variables in `.env`
- Ensure Portainer URL is accessible from container

### Connection errors
- For self-signed certificates, set `PORTAINER_INSECURE=true`
- Check network connectivity: `docker exec portainer-mcp-core curl https://your-portainer-url`

### Permission errors
- Verify API key has required permissions
- Check Portainer RBAC settings

## Security Considerations

1. **Never commit `.env` file** - It contains sensitive credentials
2. **Use read-only mounts** where possible
3. **Run containers as non-root user** (already configured)
4. **Enable TLS** for MCP connections in production
5. **Regularly update** base images and dependencies

## Advanced Configuration

### Custom Network
```yaml
networks:
  portainer-mcp:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16
```

### Volume Mounts
For persistent logs or configuration:
```yaml
volumes:
  - ./logs:/app/logs
  - ./config:/app/config:ro
```

### Multi-stage Builds
The Dockerfiles use single-stage builds for simplicity. For smaller images:
```dockerfile
FROM python:3.11-slim AS builder
# Build stage...

FROM python:3.11-slim
# Runtime stage...
```

## Integration with Claude Desktop

When running in Docker, configure Claude Desktop to connect to the containerized servers:

```json
{
  "mcpServers": {
    "portainer-core": {
      "url": "http://localhost:3000"
    },
    "portainer-docker": {
      "url": "http://localhost:3002"
    }
    // ... other servers
  }
}
```

## Monitoring

Monitor container health and resource usage:
```bash
# View resource usage
docker stats

# Check container health
docker ps --format "table {{.Names}}\t{{.Status}}"

# Export metrics
docker-compose ps --format json
```