With docker v1.12.3 creating a swarm is as simple as
docker swarm init --advertise-addr <MANAGER-IP>
Is there a way to restrict access to certain 'areas' of the swarm. E.g. I create a manager on a specific machine with an static IP address and I want to give the registration/security token to other developers to join the swarm. But at this point my system get compromised meaning if I do not want that other people (by purpose/or not) demote or activate the manager.
Is there any solution to this? I could not find any solution to my question.
Thanks, Jan
First of all, You give them worker
join token. So they join as workers
, and cant do anything.
Secondly, You can change the token
, after they joined, so they cant join more systems.
And I think you need to review your intentions of the swarm mode
, its actually intended to provide service availbality/scaling across multiple docker hosts
. All those hosts
should be managed by you, not your developers.
Promoting a node to Manager:
docker node promote <node name>
Promotes a node
to manager
. This command targets a docker engine that is a manager in the swarm
.