Assign docker to a customer
Dockers seems in onyx only available for a admin.
It shoudle be available for our customers to.
Toni D
shared this idea
While we wish it as much as you do, this is not possible to deliver Docker at customer level at the moment as customers can gain root-level access through the Docker CT and it will be an ultimate security breach. The only generic way to deliver such function is wrapping all containers of a customer into a sort of VM similarly to Kubernetes “pods”, but Plesk itself runs in VM commonly and cannot produce extra tier of VMs. So we are very much limited by Docker itself and we are exploring how we can overcome it. If you wish to continue conversation, please join talk.plesk.com Thank you
-- PD
-
Andre Brongniart commented
Plesk should Develop with k8s and provide a namespace per account. Namepsaces are isolated. Furthermore, using Vclusters you can create clusters within clusters.
Jelastic would be an interesting type solution with Plesk. The problem is that Jelastic licenses are very expensive and the base bare metal requirements are too high.
Right now with Plesk I provide docker services as addons and manage them myself while secure them. So the customers can only use a service that it provides, like Redis in docker, or any service that is secured by auth and tls so their applications can use the service via TCP connections but get no root access to the container. It's a managed docker service and they pay according to the used resources plus management cost included.
When there is a will there is a way. -
Nda-jiya Suberu commented
Any progress on overcoming this limitation?
-
Dr.McP
commented
the most important features, I would like to see delegated to subscription owners would be maintaining the proxy forwarding rule per domain of their subscription and starting, stopping, seeing status of a container assigned to them.
-
Storm Moran
commented
Hey I'd like to see if you guys would work with the pleasant staff over at https://portainer.io currently I myself am using portainer to manage my docker containers in a swarm management and I'm quite positive that the staff over at portainer.io may be able too help figure something out regarding this matter - > https://discord.io/portainer-io if you guys use discord at all as some of their staff are located easier on discord itself as well
I'm currently running Plesk (Web Host) on Ubuntu 18.04 x64
with docker swarm setup and my main plesk server as my master as well like i stated portainer does offer alot more security based features if you two can take the time to maybe work on a extension 😊that would be my suggestion as more users can simply pay- and installIve attached screenshots of how portainer works there is a free Client Edition And Business Edition as well
https://ibb.co/Q6QD88Q
https://ibb.co/FYfWv4f
https://ibb.co/VgYWbDv
https://ibb.co/f4HSWCc
https://ibb.co/wSrCNSm
https://ibb.co/9w32tzn -
Daniel Hendricks
commented
It would be nice to "assign" a Docker to a customer so that they may restart it and/or maybe change/see certain environmental variables. For example, I create Redis containers, and it would be nice if the customer could see the exposed port, restart it if necessary, and also be able to change the REDIS_PASSWORD environmental variable as desired.
Of course, I wouldn't want them to be able to change all environmental variables, so perhaps a checkbox that would allow me to allow it to be user-controlled (and thus show up on their panel) would be nice.
-
Hello, containers don’t really need limiting by cgroups for resources, but there is no way to limit containers from security perspective once ssh access to container is granted. So it is not available to customers for security reasons
-
Leonard Niehaus
commented
Yes customers should be able to create docker containers in their subscription. The usage of the containers can be limited by Cgroups.