Restrict services to worker nodes
Estimated reading time: 1 minuteThese are the docs for UCP version 2.2.4
To select a different version, use the selector below.
You can configure UCP to allow users to deploy and run services only in worker nodes. This ensures all cluster management functionality stays performant, and makes the cluster more secure.
If a user deploys a malicious service that can affect the node where it is running, it won’t be able to affect other nodes in the cluster, or any cluster management functionality.
To restrict users from deploying to manager nodes, log in with administrator credentials to the UCP web UI, navigate to the Admin Settings page, and choose Scheduler.
You can then choose if user services should be allowed to run on manager nodes or not.
Having a grant with the Scheduler
role against the /
collection takes
precedence over any other grants with Node Schedule
on subcollections.