I’m scratching my head trying to find a solution to this problem.
The need is this one:
- We put in place a solution for a customer, then deliver the solution to the customer who’s the one who should be managing it.
However, since the customer cannot manage the server, we also offer the management (SysAdmin / Dev)
The plan is this :
- We cannot connect to the server.
When we need to operate the server, the customer enables us somewhere, and we can connect.
This is a legal requirement in our country (health organisation)
So far we have used one (actually a set of 2) VMs par customer, so customer were also isolated between each other.
But we have so many customer coming, we need to move that to containers.
So the need would be this one:
- I can manage and access the host VM as much as I want
But I cannot access the containers.
1.The data is unreachable from outside the container
- As the sysadmin, I cannot see the data.
Other customers who “escape” their container cannot see the data
2.I cannot “physically” connect to the container without the permission of the customer
docker exec -it <container> /bin/bash
would not be possible unless the customer lets me in.
For the first one, I’m thinking about a simple encryption of the data. The data would be seen unencrypted from inside the container, but encrypted from outside (performance ?)
For the second one, I don’t see how I can do it.
For example, allowing a user to access the docker socket would allow this user to access ALL the containers of all the customer. But I want to be able to access just one.
So please, if you have ideas on the technical challenge, let me know!
Thanks in advance