Assign docker to a customer
Dockers seems in onyx only available for a admin.
It shoudle be available for our customers to.
While we wish it as much as you do, this is not possible to deliver Docker at customer level at the moment as customers can gain root-level access through the Docker CT and it will be an ultimate security breach.
The only generic way to deliver such function is wrapping all containers of a customer into a sort of VM similarly to Kubernetes “pods”, but Plesk itself runs in VM commonly and cannot produce extra tier of VMs. So we are very much limited by Docker itself and we are exploring how we can overcome it.
If you wish to continue conversation, please join talk.plesk.com
the most important features, I would like to see delegated to subscription owners would be maintaining the proxy forwarding rule per domain of their subscription and starting, stopping, seeing status of a container assigned to them.
Storm Moran commented
Hey I'd like to see if you guys would work with the pleasant staff over at https://portainer.io currently I myself am using portainer to manage my docker containers in a swarm management and I'm quite positive that the staff over at portainer.io may be able too help figure something out regarding this matter - > https://discord.io/portainer-io if you guys use discord at all as some of their staff are located easier on discord itself as well
I'm currently running Plesk (Web Host) on Ubuntu 18.04 x64
with docker swarm setup and my main plesk server as my master as well like i stated portainer does offer alot more security based features if you two can take the time to maybe work on a extension 😊that would be my suggestion as more users can simply pay- and install
Ive attached screenshots of how portainer works there is a free Client Edition And Business Edition as well
Daniel Hendricks commented
It would be nice to "assign" a Docker to a customer so that they may restart it and/or maybe change/see certain environmental variables. For example, I create Redis containers, and it would be nice if the customer could see the exposed port, restart it if necessary, and also be able to change the REDIS_PASSWORD environmental variable as desired.
Of course, I wouldn't want them to be able to change all environmental variables, so perhaps a checkbox that would allow me to allow it to be user-controlled (and thus show up on their panel) would be nice.
Hello, containers don’t really need limiting by cgroups for resources, but there is no way to limit containers from security perspective once ssh access to container is granted. So it is not available to customers for security reasons
Leonard Niehaus commented
Yes customers should be able to create docker containers in their subscription. The usage of the containers can be limited by Cgroups.