traveler/Netgrimoire
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

audit(gremlin): portainer-agent-stack FAIL 2026-04-03

Browse source
This commit is contained in:
traveler 2026-04-02 22:10:39 -05:00
parent be248ac505
commit ac42f05724
1 changed files with 67 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

67
Netgrimoire/Audits/portainer-agent-stack-2026-04-03.md Normal file
View file

@ -0,0 +1,67 @@
---
title: Audit - portainer-agent-stack.yml
description: Gremlin audit report 2026-04-03
published: true
date: 2026-04-03T03:10:38.984Z
tags: gremlin,audit
editor: markdown
dateCreated: 2026-04-03T03:10:38.984Z
---
# Audit Report — portainer-agent-stack.yml
**Date:** 2026-04-03
**File:** swarm/portainer-agent-stack.yml
**Type:** Docker Swarm
**Verdict:** FAIL
---
### Audit Results:
1. **Homepage labels**:
- `homepage.group`: Present
- `homepage.name`: Present
- `homepage.icon`: Present
- `homepage.href`: Present
- `homepage.description`: Present
2. **Uptime Kuma labels**:
- `kuma.prt.http.name`: Missing (Expected: "Portainer")
- `kuma.prt.http.url`: Missing (Expected: "http://portainer:9000")
3. **Caddy labels on exposed services**:
- `caddy=docker.netgrimoire.com`: Present
- `caddy.reverse_proxy="http://portainer:9000"`: Present
4. **Placement constraints**:
- `node.hostname == znas`: Present (Note: This constraint might not be ideal for a global service, but it's specified as per the file.)
5. **Volumes use `/DockerVol/<service>` path convention**:
- Volume `/DockerVol/portainer`: Present
- Volume `/var/run/docker.sock`: Absent (Not following the `/DockerVol/<service>` convention)
- Volume `/var/lib/docker/volumes`: Absent (Not following the `/DockerVol/<service>` convention)
6. **Network references external `netgrimoire` overlay**:
- `networks: netgrimoire`: Present
### Issues and Fixes:
- **Uptime Kuma labels**: Add the missing labels with the correct values.
```yaml
- kuma.prt.http.name="Portainer"
- kuma.prt.http.url=http://portainer:9000
```
- **Volume use `/DockerVol/<service>` path convention**: Adjust the volumes to follow the convention.
```yaml
volumes:
- /DockerVol/agent/var/run/docker.sock:/var/run/docker.sock
- /DockerVol/agent/var/lib/docker/volumes:/var/lib/docker/volumes
```
### Final Verdict:
VERDICT: FAIL
Reasons for failure include missing Uptime Kuma labels and non-conformity with the `/DockerVol/<service>` volume path convention.