swarmpit
swarmpit copied to clipboard
swarmpit
Add docker resource role management
Are there any details documented that explain how this will be implemented?
Wondering if this will be able to scope roles to specific service/stack names. ie) a user is only allowed to submit updates to stacks with the name 'some-stack-name' or stacks that match a regex. We have the use-case where multiple teams share the same cluster but should only be able to see and update certain stacks/services.
We use https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin in Jenkins to provide this sort of behavior. It allows you to scope Jenkins folders to certain roles.
Potential issues from our quick discussion with @lumir-mrkva :
- Bind docker sock only allowed for admin role (User role can't edit nor create service that binds docker sock
- We need to scan stackfiles if linked resources permitted
- We need to scan service if linked resources permitted
- Deploy to manager nodes only allowed to admin role
- Update node allowed only for admin
... more is coming for sure
@webchi Well, we didn't had capacity for such huge task yet, and current users are not really asking for this one to prioritize.
Can we have an option to simply disable authentication? Even if it just provides a read-only mode since I already have an OIDC Proxy in front.
Hello, I'm testing today and I'm really enjoying it, I just felt like a read-only user option, is there an option?
I have cluster swarm 3 managers and 8 workes
It would be nice a read only user. For now i can setup the visualizer service and the logs can be seen on Datadog
It would be nice a read only user. For now i can setup the visualizer service and the logs can be seen on Datadog
I have created a fork that allows "view only"/"read only" users to be created: https://github.com/NeilInnes/swarmpit_view_only
@NeilInnes do you think you can add the passwordless option? So there's no need for the user?