Information
Use authorization plugin to manage access to Docker daemon.
Rationale:
Dockers out-of-the-box authorization model is all or nothing. Any user with permission to access the Docker daemon can run any Docker client command. The same is true for callers using Dockers remote API to contact the daemon. If you require greater access control, you can create authorization plugins and add them to your Docker daemon configuration. Using an authorization plugin, a Docker administrator can configure granular access policies for managing access to Docker daemon.
Solution
Step 1: Install/Create an authorization plugin.
Step 2: Configure the authorization policy as desired.
Step 3: Start the docker daemon as below:
dockerd --authorization-plugin=<PLUGIN_ID>
Impact:
Each docker command specifically passes through authorization plugin mechanism. This might introduce a slight performance drop.
Default Value:
By default, authorization plugins are not set up.