Restrict access to docker swarm (manager / configuration)

With docker v1.12.3 creating a swarm is as simple as

docker swarm init --advertise-addr <MANAGER-IP>

  • Error response from daemon: Unexpected status code 404
  • Docker container rake file error
  • How to inject external environment variables to jenkins configuration and pipeline jobs?
  • Docker memory overhead
  • Why are Docker container images so large?
  • Check for updated package via yum in Dockerfile
  • Is there a way to restrict access to certain ‘areas’ of the swarm. E.g. I create a manager on a specific machine with an static IP address and I want to give the registration/security token to other developers to join the swarm. But at this point my system get compromised meaning if I do not want that other people (by purpose/or not) demote or activate the manager.

    Is there any solution to this? I could not find any solution to my question.

    Thanks, Jan

  • Unable to clean up <none> repository
  • How do I add a package to an already existing image?
  • set docker container env from daemon configuration file
  • gcloud docker authentication x509 error
  • debug spring-boot in docker
  • Install R on windows nanoserver image using powershell
  • One Solution collect form web for “Restrict access to docker swarm (manager / configuration)”

    First of all, You give them worker join token. So they join as workers, and cant do anything.

    Secondly, You can change the token, after they joined, so they cant join more systems.

    And I think you need to review your intentions of the swarm mode, its actually intended to provide service availbality/scaling across multiple docker hosts. All those hosts should be managed by you, not your developers.

    Promoting a node to Manager:
    docker node promote <node name>

    Promotes a node to manager. This command targets a docker engine that is a manager in the swarm.

    Source.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.