docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/ee/ucp/admin/configure/_site/restrict-services-to-worker...

21 lines
1.0 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<p>You can configure UCP to allow users to deploy and run services only in
worker nodes. This ensures all cluster management functionality stays
performant, and makes the cluster more secure.</p>
<p>If a user deploys a malicious service that can affect the node where it
is running, it wont be able to affect other nodes in the cluster, or
any cluster management functionality.</p>
<p>To restrict users from deploying to manager nodes, log in with administrator
credentials to the UCP web UI, navigate to the <strong>Admin Settings</strong>
page, and choose <strong>Scheduler</strong>.</p>
<p><img src="../../images/restrict-services-to-worker-nodes-1.png" alt="" class="with-border" /></p>
<p>You can then choose if user services should be allowed to run on manager nodes
or not.</p>
<p>Having a grant with the <code class="highlighter-rouge">Scheduler</code> role against the <code class="highlighter-rouge">/</code> collection takes
precedence over any other grants with <code class="highlighter-rouge">Node Schedule</code> on subcollections.</p>
Reference in New Issue View Git Blame Copy Permalink