With docker v1.12.3 creating a swarm is as simple as
docker swarm init --advertise-addr <MANAGER-IP>
Is there a way to restrict access to certain 'areas' of the swarm. E.g. I create a manager on a specific machine with an static IP address and I want to give the registration/security token to other developers to join the swarm. But at this point my system get compromised meaning if I do not want that other people (by purpose/or not) demote or activate the manager.
Is there any solution to this? I could not find any solution to my question.
Thanks, Jan
First of all, You give them worker join token. So they join as workers, and cant do anything.
Secondly, You can change the token, after they joined, so they cant join more systems.
And I think you need to review your intentions of the swarm mode, its actually intended to provide service availbality/scaling across multiple docker hosts. All those hosts should be managed by you, not your developers.
Promoting a node to Manager:
docker node promote <node name>
Promotes a node to manager. This command targets a docker engine that is a manager in the swarm.