Different permissions for different containers

[lonix1]

I know how to use this with traefik. I've found some samples how to use it with portainer.

But on a single server I'm using both traefik and portainer. That means I must expose many endpoints (because portainer wants them), and traefik therefore sees them too. From the samples I've seen, that includes the very powerful POST.

Is this the correct approach - or can I set different permissions for different containers?

If not currently possible, please consider this a feature request?

[lonix1]

If not possible, a workaround is to have one tecnativa container for traefik and one for portainer.

But that feels like massive overkill. Running docker stats shows the tecnativa container takes only a few megs of RAM - which is impressive given there's an entire proxy embedded in there - but under load I doubt it would fare well. Anyone have any insights into this from a production system?

[sammcj]

This would be really useful, I have some containers where it's absolutely fine for anything to restart them, but others where I wouldn't want to allow that.

[hell-g]

I am in the same situation and am trying to solve this with several instances of the docker-socket-proxy. Unfortunately, I am only able to access the Docker socket with the original instance of docker-socket-proxy. All the other instances fail to access the socket and therefore, the containers behind it cannot fulfill their purpose.
Can you give me a hint how to configure it to have several instances of the docker-socket-proxy running in parallel?
Obviously, having the possibility to configure access to different endpoints for different containers within one proxy instance would be best. But for now a workaround would be great.
Thanks a lot!

[polarathene]

For those asking for such feature, it'd probably be useful to suggest how that might look config wise if it existed.