Restrict access to docker swarm (manager / configuration)
With docker v1.12.3 creating a swarm is as simple as
docker swarm init --advertise-addr <MANAGER-IP>
Is there a way to restrict access to certain ‘areas’ of the swarm. E.g. I create a manager on a specific machine with an static IP address and I want to give the registration/security token to other developers to join the swarm. But at this point my system get compromised meaning if I do not want that other people (by purpose/or not) demote or activate the manager.
Is there any solution to this? I could not find any solution to my question.
One Solution collect form web for “Restrict access to docker swarm (manager / configuration)”
First of all, You give them
worker join token. So they join as
workers, and cant do anything.
Secondly, You can change the
token, after they joined, so they cant join more systems.
And I think you need to review your intentions of the
swarm mode, its actually intended to provide service availbality/scaling across multiple
docker hosts. All those
hosts should be managed by you, not your developers.
Promoting a node to Manager:
docker node promote <node name>
manager. This command targets a docker engine that is a manager in the