Restrict access to docker swarm (manager / configuration)

With docker v1.12.3 creating a swarm is as simple as

docker swarm init --advertise-addr <MANAGER-IP>

  • How to deploy docker container to Cloud Foundry?
  • crontab not executing on centos7 container
  • How to detect fully interactive shell in bash from docker?
  • Error Setting up Containerized Sensu-server and client, to monitor Docker
  • Can't access service running in docker
  • Dockerized multi-node Cassandra cluster with CDH
  • Is there a way to restrict access to certain ‘areas’ of the swarm. E.g. I create a manager on a specific machine with an static IP address and I want to give the registration/security token to other developers to join the swarm. But at this point my system get compromised meaning if I do not want that other people (by purpose/or not) demote or activate the manager.

    Is there any solution to this? I could not find any solution to my question.

    Thanks, Jan

  • Docker installation failed
  • Jenkins in Docker: Unable to resolve VCS host
  • Docker on Windows Server 2016 & microsoft-build-tools
  • How can I run a docker container and commit the changes once a script completes?
  • Invalid type in docker-compose volume
  • Docker / Postgres: Mounting an existing database within a dockerized Postgresql
  • One Solution collect form web for “Restrict access to docker swarm (manager / configuration)”

    First of all, You give them worker join token. So they join as workers, and cant do anything.

    Secondly, You can change the token, after they joined, so they cant join more systems.

    And I think you need to review your intentions of the swarm mode, its actually intended to provide service availbality/scaling across multiple docker hosts. All those hosts should be managed by you, not your developers.

    Promoting a node to Manager:
    docker node promote <node name>

    Promotes a node to manager. This command targets a docker engine that is a manager in the swarm.

    Source.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.