Assign docker to a customer
Dockers seems in onyx only available for a admin.
It shoudle be available for our customers to.
While we wish it as much as you do, this is not possible to deliver Docker at customer level at the moment as customers can gain root-level access through the Docker CT and it will be an ultimate security breach.
The only generic way to deliver such function is wrapping all containers of a customer into a sort of VM similarly to Kubernetes “pods”, but Plesk itself runs in VM commonly and cannot produce extra tier of VMs. So we are very much limited by Docker itself and we are exploring how we can overcome it.
If you wish to continue conversation, please join talk.plesk.com
Daniel Hendricks commented
It would be nice to "assign" a Docker to a customer so that they may restart it and/or maybe change/see certain environmental variables. For example, I create Redis containers, and it would be nice if the customer could see the exposed port, restart it if necessary, and also be able to change the REDIS_PASSWORD environmental variable as desired.
Of course, I wouldn't want them to be able to change all environmental variables, so perhaps a checkbox that would allow me to allow it to be user-controlled (and thus show up on their panel) would be nice.
Hello, containers don’t really need limiting by cgroups for resources, but there is no way to limit containers from security perspective once ssh access to container is granted. So it is not available to customers for security reasons
Leonard Niehaus commented
Yes customers should be able to create docker containers in their subscription. The usage of the containers can be limited by Cgroups.