Portainer v2.0.0 Release Notes

Release Date: 2020-08-31 // over 2 years ago
  • 2.0

    🚀 Kubernetes support has landed! You can now manage the deployment of applications atop Kubernetes clusters using the familiar Portainer UX. This release is a big one & introduces a total of 101 changes to Portainer, meaning it needs to be tested in your environment before upgrading your production instances of Portainer 1.xx to Portainer 2.0.

    NOTE: There are a number of breaking changes, and changes to functionality that require analysis, specifically a re-engineering of the application templates feature, removal of support for VMWare VIC, and removal of support for externally defined endpoints.

    💥 Breaking Changes:

    • 🚀 We have released CE 2.0 as portainer/portainer-ce to ensure auto-updaters (like watchtower) don't expose users to risks by automatically updating on release.
    • ⬆️ Extensions have now been removed; there is now no ability to use RBAC, Registry Manager, or External Authentication extensions in CE 2.0 (Extension customers will be communicated directly with a free license for the upcoming Portainer Business Edition). EXTENSION USERS, DO NOT UPGRADE TO PORTAINER CE 2.0
    • 👷 Host jobs are now an edge-exclusive feature: #3745
    • ⚠ Support for external endpoints has been removed along with the --external-endpoints flag. WARNING: migrating to this version with external endpoints defined will render them un-manageable: #3832
    • 👌 Support for VIC environments has been removed: #3834
    • ⏪ The --no-snapshot flag has been removed, instances migrating with this flag will revert to default snapshot interval: #3804
    • 🚚 The --no-auth flag was removed as part of support for setting a custom timeout: #3846
    • 📈 The --no-analytics flag will be kept to allow migration of instances running a previous version of Portainer with this flag enabled, to version 2.0 where enabling this flag will have no effect.
    • 🔄 Changed templates syntax to support versioning, a migration tool can be found here for your convenience: #3708
    • 🔀 The --sync-interval flag was removed as part of the removal of external endpoints: #3832
    • Removed template management features & the --templates-file flag. NOTE: Users will no longer be able to create container templates via UI: #3707

    🔒 Security:

    • 🔒 Enforced the security setting "disable the use of bind mounts" when set via API: #4106
    • Disabled Container Capabilities for non-admins: #4105
    • Enforce use of TLS 1.2 and recommended ciphers: #4070
    • Prevent non-admin users from running containers using the host namespace PID: #4068
    • ➕ Added a setting to disable the creation of stacks by non-admin users: #4067
    • ➕ Added a setting to disable device mapping by non admin users: #4066
    • Ensure users cannot create privileged containers via the API: #4065
    • 🔒 Disabled ability for a regular user to re-create/edit/duplicate containers if a related security setting is enabled: #4069


    • 👍 Introduce support for Kubernetes: #1637
    • ➕ Added the ability to apply taints and labels to nodes: #4005
    • ➕ Added the ability to expose an application via ingress: #4004
    • ➕ Added the ability to set placement constraints/preferences when deploying/editing an application: #4003
    • ➕ Added the ability to set the auto-scale policy of an application: #4002
    • ➕ Added the ability to use existing volumes when creating an application: #4001
    • ➕ Added the ability to download application/stack logs: #3998
    • ➕ Added support for multi-container pod applications: #4010
    • ➕ Added a link to the kubernetes endpoint configuration in the sidebar: #4179
    • ➕ Added checks when reducing the Quota assigned to a RP: #4144
    • ➕ Added form validation for placement constraints: #4213
    • ✨ Enhanced the used by column for volumes: #4012
    • 👍 Allow an administrator user to see which node the API is running on: #3996
    • 👍 Allow an administrator user to see which node hosts the leader components for kube-scheduler and kube-controller-manager: #3995
    • 👍 Allow an administrator user to see the status of the underlying cluster components: #3992
    • 👍 Allow any user to see the provisioner associated to any volume: #3997
    • 👍 Allow any user to inspect the tolerations and affinities associated to an application deployed inside or outside of Portainer: #3994
    • 👍 Allow any user to see the underlying workload associated to an application: #3993
    • 👍 Allow any user to see how an application (deployed inside or outside of Portainer) is exposed through an Ingress resource: #3991
    • 👍 Allow any user to inspect the auto-scaling policy (if any) associated to an application deployed inside or outside of Portainer.: #3989
    • 👍 Allow any user to see which application is using a volume directly in the volume list view: #3988
    • 👍 Allow any user to list all the storage used in their cluster with the total size used for each storage.: #3999
    • Prevent resource assignment when editing a resource pool, if not permitted at creation time: #4206
    • Prevent admins from making changes to "system" namespaces: #4145
    • 🚀 Prevent deployment/editing of resources inside a system namespace: #4000
    • Prevent submitting invalid data via environment variables: #4045
    • 🛠 Fixed port mapping not showing in the port mapping datatable: #3990
    • 🛠 Fixed enabling auto-scaling policy on an application so as to default to the current instance count: #4183
    • 🛠 Fixed LDAP Auth not working with underscore Usernames: #4141
    • ✂ Removed the kubernetes RC banner: #4204

    📈 Analytics:

    • 📈 Replaced Google Analytics with our own custom telemetry leveraging Matomo: #3742

    After careful consideration of GDPR rules and the GDPR compliance recommendations provided by Matomo (the telemetry tool we are using for analytics) it was determined we will use the opt-out data collection mechanism. The reason for this assessment is that we are not collecting ANY personally identifiable data (all data is anonymized), and the data we collect is solely for our Legitimate business interests, and is not sold or provided to any 3rd parties.

    For the sake of clarity, we do not collect ANY user identifiable or personal information at any time, all statistics collected are anonymous and we have no way of identifying the Portainer instances reporting, nor the users using the application.

    PLEASE ALSO NOTE: The --no-analytics flag will be kept to allow migration of instances running a previous version of Portainer with this flag enabled, to version 2.0 where enabling this flag will have no effect.

    📚 For more information, please refer to our updated privacy policy

    Authentication & UAC:

    • ↔ Integrated the external authentication extension: #4150
    • Ensure a unique identifier for volumes and UAC: #3869
    • ➕ Add the ability to set a custom user session timeout: #3846
    • 👍 Allow setting access on gitlab registries when there are multiple defined: #3839
    • ✂ Remove the code snippet associated to authentication login retry: #3516

    Home & Dashboard:

    • 🛠 Fixed error thrown when moving from app templates view to home view & endpoints not loaded: #4228
    • 🛠 Fixed endpoint tags not being shown in the dashboard: #4218


    • ➕ Add support for custom templates: #3861


    • ➕ Added a parent route /docker/ to docker routes: #4178
    • ➕ Add the ability to access different endpoints via Portainer URL: #454

    Azure ACI:

    • 🚀 Always allocate a Public IP for containers deployed via ACI: #4040
    • Provide a simple ACI container instance details view: #3960
    • 🔦 Expose the public IP associated to an ACI container: #3959


    • ➕ Added the ability to stop & start stacks: #1639


    • ➕ Added the ability to edit a service's networks: #1807


    • 🛠 Fix MacVLAN IP address exclusion: #3918
    • 👌 Support excluding multiple IP addresses for a MacVLAN network: #3954


    • ➕ Add a new CLI flag to automatically enable Edge compute features: #3915
    • ➕ Add the ability to override the Edge endpoint checking interval at the endpoint level: #3843
    • Hide the URL associated to Edge endpoints in the endpoint list: #3637


    • ✂ Removed the Registry Management extension: #4149
    • ✂ Removed the RBAC extension: #4151


    • ➕ Added default/override UX for Entrypoint & CMD, updated placeholder for CMD and added support for specifying entrypoint via CMD: #3604, #4018, #2284
    • 🛠 Fixed issue when recreating a container that was previously on the bridge with mapped ports, and changing the network to container: #2316
    • 🛠 Fixed issue with resetting container resource limits to unlimited: #2679
    • 🛠 Fixed issue with adding extra hosts: #3237
    • 👌 Support publishing the same ports/port ranges on multiple IP addresses: #3523


    • ⚡️ Update the endpoint initialization view to only show local Docker/Kubernetes and agent options: #4014
    • 🔄 Changed the "about" page from being static content, to a sidebar menu option that redirects to our official help/about page: #4254
    • 🛠 Fixed improper grammar in Create Container, Create Stack, Create Edge Stack views: #4160
    • 🛠 Fixed sizing of checkboxes to correctly match their icon: #3971
    • Ignore protocol and trailing slash when entered in registry URLs: #3965
    • Auto-select the username field on the login view: #3953
    • 🔒 Renamed security settings to Docker security settings: #4198
    • 👉 Make node label inputs wide to support larger values: #3214
    • Sort volumes alphabetically: #3635
    • 👉 Use correct icons for Containers and Volumes: #3596
    • ➕ Add missing s to the command copied by the edge endpoint copy command button: #3880

    👉 Users

    • Prevent the removal of the original administrator user: #3882
    • ➕ Add the ability to change the username of a user: #3831


    • Replaced cookie usage with localstorage: #4064

    🐳 Dockerfile:

    • 🏁 Introduce workaround to support running develop build on Windows platform: #4043
    • 🔦 Expose port 8000 for edge agent: #3963


    • Automatically detect the platform where an agent is running: #4129


    • ⬆️ Upgraded to angularjs 1.8: #4072
    • 💻 Implemented a custom version of rdash-ui: #3743
    • ⚡️ Updated go-ldap to support ARM platforms: #3244

Previous changes from v1.24.1

  • 1.24.1

    🚀 This release focuses on security, with multiple fixes as well as the introduction of new administrative security settings.

    🔒 Security

    • 🔒 Disable the ability to re-create/edit/duplicate a container, if related security setting is enabled: #4032
    • ➕ Add a setting to disable device mapping for non admin users: #3958
    • Prevent non-admin users from running containers with host namespace pid: #3936
    • Ensure users cannot create privileged containers via the API: #3931
    • ➕ Add a setting to disable the creation of stacks for non-admin users: #3930
    • 👉 Use TLS1.2 protocol when running Portainer with --ssl: #2359

    🗄 Deprecated features reminder

    📚 The following features are considered deprecated in 1.24.* versions, and will be removed in a future version of Portainer. They will no longer receive enhancements or support. Refer to our documentation for up-to-date removal information.

    • --external-endpoints
    • 🔀 --sync-interval
    • --no-auth
    • --templates-file
    • --no-snapshot


    • ➕ Add the ability to update an expired license with a new valid license: #4080


    • ✂ Remove cookie usage to comply with upcoming sameSite change in FireFox: #3847
    • 🔄 Change filters from cookies to local storage to avoid sending large requests: #3190


    • 🛠 Fix table sort reverting to default setting: #3049

    Registry Manager

    • Correctly hide empty GitLab repositories after deleting them via RM extension: #3760