Merge pull request #151 from samdulam/upgrade-docs

access control and labels
2021-05-17 15:03:27 +12:00 · 2021-05-17 15:03:27 +12:00 · 2abc42c82d
parent 3b4b640e81 81e539d317
commit 2abc42c82d
11 changed files with 158 additions and 0 deletions
--- a/docs/v2.0-be/access/assets/AccessControl1.png
+++ b/docs/v2.0-be/access/assets/AccessControl1.png
--- a/docs/v2.0-be/access/assets/AccessControl2.png
+++ b/docs/v2.0-be/access/assets/AccessControl2.png
--- a/docs/v2.0-be/access/assets/AccessControl3.png
+++ b/docs/v2.0-be/access/assets/AccessControl3.png
--- a/docs/v2.0-be/access/inportainer.md
+++ b/docs/v2.0-be/access/inportainer.md
@ -0,0 +1,23 @@
 # :fontawesome-solid-users-cog: Access Control
 All docker or docker swarm resources created through Portainer except images have Access Control settings. You can set these at the time of creation or later on as needed. Any resources created through a stack or service will inherit the same access as the parent. Below are examples of different sets of Access Controls you can have.
 ### Administrators Only
 ![Access Control](assets/AccessControl1.png)
 The is an example Create Stack screen, deploys a stack with Access Control Enabled and only Portainer Administrators will have access to the Stack and any Resources created through the stack (eg. Containers/Services/Volumes/Networks/Secrets etc)
 ### Public
 ![Access Control](assets/AccessControl2.png)
 This is an example Create Service Screen, deploys a service with Access Control disabled. All Portainer Users will have access to the service and any resources created through the service (eg. Containers/Volumes/Networks/Secrets etc)
 ### Restricted to Specific Groups/Users
 ![Access Control](assets/AccessControl3.png)
 This is an example Create Container Screen, deploys a Container with Access Control Enabled. Once you select the Restricted option, you may select 'one or more teams' and or 'one or more users' to have access to the Resource.
 ## :material-note-text: Notes
 [Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=\_blank}
--- a/docs/v2.0-be/access/outofportainer.md
+++ b/docs/v2.0-be/access/outofportainer.md
@ -0,0 +1,53 @@
 # :fontawesome-solid-users-cog: Access Control
 Any resources deployed to docker or docker swarm outside of Portainer will be marked as external and you will have limited control over these resources. You can still enable Access Control on these using Labels.
 By default any resources deployed outside of Portainer has Administrator Only access. You can control access using Labels:
 | Label | Description | Notes |
 |-------|-------------|-------|
 | io.portainer.accesscontrol.public | All portainers users have access to the resource(s) | Takes precedence over team/user assignments |
 | io.portainer.accesscontrol.teams=dev,prod | Access restricted to Teams dev and prod only | Can be used in conjunction with io.portainer.accesscontrol.users |
 | io.portainer.accesscontrol.users=bob,adam | Access restricted to users bob and adam only | Can be used in conjunction with io.portainer.accesscontrol.teams |
 ## Examples
 1. Deploy a stack using docker-compose and restrict access to Teams `dev` and `prod`
    ```yaml
    version: '3.2'
    services:
        ltest:
            image: busybox:latest
            command: "ping localhost"
            labels:
                io.portainer.accesscontrol.teams: dev,prod
    ```
 2. Deploy a stack using docker cli and restrict access to Team `testers` and Users `bob` and `adam`
    ```yaml
    version: '3.2'
    services:
        ltest:
            image: busybox:latest
            command: "ping localhost"
            labels:
                io.portainer.accesscontrol.teams: testers
                io.portainer.accesscontrol.users: bob,adam
    ```
 3. Deploy a container using docker cli and make it accessible to all Portainer Users
    ```shell 
    docker run -d --label io.portainer.accesscontrol.public nginx:latest
    ```
 4. Deploy a container using docker cli and restrict access to Teams `dev` and `prod` and Users `bob`
    ```shell 
    docker run -d --label io.portainer.accesscontrol.teams=dev,prod --label io.portainer.accesscontrol.users=bob nginx:latest
    ```
 ## :material-note-text: Notes
 [Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=\_blank}
--- a/docs/v2.0/access/assets/AccessControl1.png
+++ b/docs/v2.0/access/assets/AccessControl1.png
--- a/docs/v2.0/access/assets/AccessControl2.png
+++ b/docs/v2.0/access/assets/AccessControl2.png
--- a/docs/v2.0/access/assets/AccessControl3.png
+++ b/docs/v2.0/access/assets/AccessControl3.png
--- a/docs/v2.0/access/inportainer.md
+++ b/docs/v2.0/access/inportainer.md
@ -0,0 +1,23 @@
 # :fontawesome-solid-users-cog: Access Control
 All docker or docker swarm resources created through Portainer except images have Access Control settings. You can set these at the time of creation or later on as needed. Any resources created through a stack or service will inherit the same access as the parent. Below are examples of different sets of Access Controls you can have.
 ### Administrators Only
 ![Access Control](assets/AccessControl1.png)
 The is an example Create Stack screen, deploys a stack with Access Control Enabled and only Portainer Administrators will have access to the Stack and any Resources created through the stack (eg. Containers/Services/Volumes/Networks/Secrets etc)
 ### Public
 ![Access Control](assets/AccessControl2.png)
 This is an example Create Service Screen, deploys a service with Access Control disabled. All Portainer Users will have access to the service and any resources created through the service (eg. Containers/Volumes/Networks/Secrets etc)
 ### Restricted to Specific Groups/Users
 ![Access Control](assets/AccessControl3.png)
 This is an example Create Container Screen, deploys a Container with Access Control Enabled. Once you select the Restricted option, you may select 'one or more teams' and or 'one or more users' to have access to the Resource.
 ## :material-note-text: Notes
 [Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=\_blank}
--- a/docs/v2.0/access/outofportainer.md
+++ b/docs/v2.0/access/outofportainer.md
@ -0,0 +1,53 @@
 # :fontawesome-solid-users-cog: Access Control
 Any resources deployed to docker or docker swarm outside of Portainer will be marked as external and you will have limited control over these resources. You can still enable Access Control on these using Labels.
 By default any resources deployed outside of Portainer has Administrator Only access. You can control access using Labels:
 | Label | Description | Notes |
 |-------|-------------|-------|
 | io.portainer.accesscontrol.public | All portainers users have access to the resource(s) | Takes precedence over team/user assignments |
 | io.portainer.accesscontrol.teams=dev,prod | Access restricted to Teams dev and prod only | Can be used in conjunction with io.portainer.accesscontrol.users |
 | io.portainer.accesscontrol.users=bob,adam | Access restricted to users bob and adam only | Can be used in conjunction with io.portainer.accesscontrol.teams |
 ## Examples
 1. Deploy a stack using docker-compose and restrict access to Teams `dev` and `prod`
    ```yaml
    version: '3.2'
    services:
        ltest:
            image: busybox:latest
            command: "ping localhost"
            labels:
                io.portainer.accesscontrol.teams: dev,prod
    ```
 2. Deploy a stack using docker cli and restrict access to Team `testers` and Users `bob` and `adam`
    ```yaml
    version: '3.2'
    services:
        ltest:
            image: busybox:latest
            command: "ping localhost"
            labels:
                io.portainer.accesscontrol.teams: testers
                io.portainer.accesscontrol.users: bob,adam
    ```
 3. Deploy a container using docker cli and make it accessible to all Portainer Users
    ```shell 
    docker run -d --label io.portainer.accesscontrol.public nginx:latest
    ```
 4. Deploy a container using docker cli and restrict access to Teams `dev` and `prod` and Users `bob`
    ```shell 
    docker run -d --label io.portainer.accesscontrol.teams=dev,prod --label io.portainer.accesscontrol.users=bob nginx:latest
    ```
 ## :material-note-text: Notes
 [Contribute to these docs](https://github.com/portainer/portainer-docs/blob/master/contributing.md){target=\_blank}
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -157,6 +157,9 @@ nav:
          - 'Secrets':
            - 'Add a new secret' : 'v2.0/secrets/add.md'
            - 'Delete secrets' : 'v2.0/secrets/delete.md'
          - 'Access Control':
            - 'Resources Deployed through Portainer': 'v2.0/access/inportainer.md'
            - 'Resources Deployed outside of Portainer': 'v2.0/access/outofportainer.md'
        - Kubernetes:
          - 'Applications':
            - 'Deploy a new application' : 'v2.0/kubernetes/applications/create.md'
@ -231,6 +234,9 @@ nav:
          - 'Secrets':
            - 'Add a new secret' : 'v2.0-be/secrets/add.md'
            - 'Delete secrets' : 'v2.0-be/secrets/delete.md'
          - 'Access Control':
            - 'Resources Deployed through Portainer': 'v2.0-be/access/inportainer.md'
            - 'Resources Deployed outside of Portainer': 'v2.0-be/access/outofportainer.md'
        - Kubernetes:
          - 'Applications':
            - 'Deploy a new application' : 'v2.0-be/kubernetes/applications/create.md'