docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add restrict services to worker nodes

This commit is contained in:
Joao Fernandes 2017-01-30 12:49:38 -08:00
parent b1430732a8
commit 7a3e97c41f
4 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_data/toc.yaml
View File

@ -1141,6 +1141,8 @@ toc:
title: Store logs in an external system title: Store logs in an external system
- path: /datacenter/ucp/2.1/guides/admin/configure/only-allow-running-signed-images/ - path: /datacenter/ucp/2.1/guides/admin/configure/only-allow-running-signed-images/
title: Only allow running signed images title: Only allow running signed images
- path: /datacenter/ucp/2.1/guides/admin/configure/restrict-services-to-worker-nodes/
title: Restrict services to worker nodes
- path: /datacenter/ucp/2.1/guides/admin/configure/use-domain-names-to-access-services/ - path: /datacenter/ucp/2.1/guides/admin/configure/use-domain-names-to-access-services/
title: Use domain names to access services title: Use domain names to access services
- path: /datacenter/ucp/2.1/guides/admin/configure/external-auth/ - path: /datacenter/ucp/2.1/guides/admin/configure/external-auth/

2
datacenter/ucp/2.1/guides/admin/configure/add-labels-to-cluster-nodes.md
View File

@ -22,7 +22,7 @@ service to be scheduled on nodes that have an SSD storage.
## Apply labels to a node ## Apply labels to a node
Log in with administrator credentials in the UCP web UI, navigate to the Log in with administrator credentials in the **UCP web UI**, navigate to the
**Nodes** page, and choose the node you want to apply labels to. **Nodes** page, and choose the node you want to apply labels to.
Click the **Add label** button, and add one or more labels to the node. Click the **Add label** button, and add one or more labels to the node.

26
datacenter/ucp/2.1/guides/admin/configure/restrict-services-to-worker-nodes.md Normal file
View File

@ -0,0 +1,26 @@
---
title: Restrict services to worker nodes
description: Learn how to configure Universal Control Plane to only allow running services in worker nodes.
keywords: docker, ucp, configuration, worker
---
You can configure UCP to only allow users to deploy and run services in
worker nodes. This ensures all cluster management functionality stays
performant, and makes the cluster more secure.
If a user deploys a malicious service that can affect the node where it
is running, they won't be able to affect other nodes in the cluster, or
any cluster management functionality.
To restrict users from deploying to manager nodes, log in with adminstrator
credentials to the **UCP web UI**, navigate to the **Admin Settings**
page, and choose **Scheduler**.
![](../../images/restrict-services-to-worker-nodes-1.png){: .with-border}
You can then choose if user services should be allowed to run on manager nodes
or not.
## Where to go next
* [Use domain names to access your services](use-domain-names-to-access-services.md)

BIN
datacenter/ucp/2.1/guides/images/restrict-services-to-worker-nodes-1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 226 KiB