[Feature Request] Add --cap-add and --cap-drop equivalents in Portainer #468
Assignees
Labels
Projects
Milestone
Comments
deviantony
added
area/container-creation
kind/enhancement
|
You can add this functionality via a stack in a compose file but then you loose a lot of the power of Portainer for adhoc service definitions, such as the config and secret management. I am stuck between the stacks and services ui options and really need the cap-add and cap-drop added to the services ui options. |
|
+1 for this |
|
For those interested to test this feature, it's available with the preview image Feedback appreciated. |
|
Looking forward to this one. This will allow portainer.io to support netdata containers without having to drop into a command line. |
|
@WriteCodeEveryday well it's part of Portainer 1.19.2 :-) |
|
@deviantony greatest crossover update ever! |
SvenDowideit
pushed a commit
that referenced
this issue
Sep 17, 2021
* feat(git): Update git package [EE-787] (#385) Add an extra parameter to git.CloneRepository to pass a list of files and/or directories to keep it in the git checkout. * feat(git): Calculate directory checksum [EE-785] (#403) * feat(bolt): Add test scaffolding EE-872 (#407) * feat(stack): stack create updates to support Git auto sync EE-782 * feat(stack): add webhook endpoint EE-785 (#412) * feat(stacks): add new edit stack handler for updating Git-based stack EE-783 * remove the logic of stack redeployment * refine unit test * feat(stack): updated Add Stack view EE-778 (#400) * feat(git): add stack poller [EE-784] (#423) * apply repo config from EE-161 * update stack unit tests * remove gitconfig strust in portainer.go * add shared func and default git ref name * feat(stacks): save git auth if necessary when edit stack (#445) * integrate with EE-161 * cleanup * fix non-init datastore for stack handler * typo fix and paylaod renaming * clear git credentials when auth is off * stop stack's job before starting a new one * add env handling logic (#471) * set repo password to REDACTED in activity log * feat(stack): updated Edit Stack view EE-779 (#468) * feat(stack): added git auto update fieldset component * feat(stack): added git additional files component * feat(stack): updated Edit Stack view * feat(stack): refactoring create stack page * feat(stack): adding checking for additional files and auto update fields. * feat(stack): updated camel case in git form component * feat(stack): added ng form in auto update component for validation purpose * feat(stack): removed unused code. * feat(stack): changed repository username field not mandatory * feat(stack): fixed repo password issue * feat(stack): fixed copy text button in webhook. * feat(stack): display additional file in stack edit view * create migration func * fix: autoupdate issues [EE-1071] (#489) * fix: save git creds upon creation so that autoupdate can work later * fix: job not stopping after update * update validator to allow saving empty autoupdate * feat: change git clone behaviour [EE-1087] (#509) * feat(stack): stack redeploy form updates EE-1082 (#495) * feat(stacks): added explanation field in git form auth fieldset * feat(stack): stack redeploy form updates * feat(stack): added default repository mechanism. * update DB version * revert unexpected merge commit * fixed webhook typo * fixed warning message in edit stack view that has authentication ticked on * added directive 'focus-if' to make auto focus optional. * disabled auto focus on Edit Stack page in containers and services tables * stack autoupdate fixes (#523) * change /stacks/webhook -> /stacks/webhooks for consistency * fix: migrate only git stacks * fix build * fix: merge conflicts and failed tests * fix merge conflicts * feat(kube): change advance app creation [EE-1185] (#558) * fix(kube): change application labels (#564) * feat(k8s): git edit application view update EE-1196 (#557) * added git form info panel component * edit application view updates with git * fix(git): get wrapping class name * added kubernetes-app-git-form component Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com> * feat(kube): add endpoint to return kube stacks by id [EE-1186] (#569) * fix: labels in yaml * feat(k8s): web editor edit application view update EE-1197 (#575) * feat(k8s): web editor edit application view update EE-1197 * using enmu to show or hide application form fields * added web-editor-form component * using web-editor-form component * fixed typo * feat(k8s): add k8s app pull and redeploy handler (#565) * feat(k8s): added k8s app stack id and kind labels (#585) * feat(k8s): added k8s app stack id and kind labels * feat(k8s): updated API payloads for updating stack * feat(stack): add Matomo analytics (#601) * feat(k8s): added app deployment type to app detail page (#592) * payload updates * separated update stack function in docker n kube * feat(stack): support update k8s advanced application stack EE-1187 * feat(stack): sanitise Git credentials in stack response payload EE-1337 (#628) * hide git credentials in response * fix: store kube stack git auth Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com> * add stack ID lable when redeploy * init git auth struct if necessary * modify k8s stack update logic * fixed content editor not update issue. * removed duplicate module definition * fix: use full Stack obj on kube app details page * refactor: tidy up * fixed web editor confirmation message typo. EE-1501 * fixed redeploy issue * fix(k8s): updated matomo analytics code * fixed issue auth detail not remembered (#676) * show status in buttons * using 'button-spinner' to show spin in buttons * removed onChangeRef function. * moved submit buttons from kube app creation page to kube git form component. * added namespace property back to kube app form * fix(stack): failed to pull and redeploy compose format k8s stack * removed duplicated name field. * fix(k8s): file content overridden when deployment failed with compose format EE-1548 * updated API response to get IsComposeFormat and show appropriate text. * removed console log * not display creation source for external application * error message updates for different file type * added confirmation modal to advanced app created by web editor * stop showing confirmation modal when updating application * disable rollback button when application type is not applicatiom form * added analytics-on directive to pull and redeploy button * fix(kube): don't valide resource control access for kube (#730) * added question marks to k8s app confirmation modal * removed unused function. Co-authored-by: dbuduev <dbuduev@gmail.com> Co-authored-by: Hui <arris_li@hotmail.com> Co-authored-by: fhanportainer <79428273+fhanportainer@users.noreply.github.com> Co-authored-by: Felix Han <felix.han@portainer.io> Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com>
xAt0mZ
pushed a commit
that referenced
this issue
Aug 25, 2022
* feat(git): Update git package [EE-787] (#385) Add an extra parameter to git.CloneRepository to pass a list of files and/or directories to keep it in the git checkout. * feat(git): Calculate directory checksum [EE-785] (#403) * feat(bolt): Add test scaffolding EE-872 (#407) * feat(stack): stack create updates to support Git auto sync EE-782 * feat(stack): add webhook endpoint EE-785 (#412) * feat(stacks): add new edit stack handler for updating Git-based stack EE-783 * remove the logic of stack redeployment * refine unit test * feat(stack): updated Add Stack view EE-778 (#400) * feat(git): add stack poller [EE-784] (#423) * apply repo config from EE-161 * update stack unit tests * remove gitconfig strust in portainer.go * add shared func and default git ref name * feat(stacks): save git auth if necessary when edit stack (#445) * integrate with EE-161 * cleanup * fix non-init datastore for stack handler * typo fix and paylaod renaming * clear git credentials when auth is off * stop stack's job before starting a new one * add env handling logic (#471) * set repo password to REDACTED in activity log * feat(stack): updated Edit Stack view EE-779 (#468) * feat(stack): added git auto update fieldset component * feat(stack): added git additional files component * feat(stack): updated Edit Stack view * feat(stack): refactoring create stack page * feat(stack): adding checking for additional files and auto update fields. * feat(stack): updated camel case in git form component * feat(stack): added ng form in auto update component for validation purpose * feat(stack): removed unused code. * feat(stack): changed repository username field not mandatory * feat(stack): fixed repo password issue * feat(stack): fixed copy text button in webhook. * feat(stack): display additional file in stack edit view * create migration func * fix: autoupdate issues [EE-1071] (#489) * fix: save git creds upon creation so that autoupdate can work later * fix: job not stopping after update * update validator to allow saving empty autoupdate * feat: change git clone behaviour [EE-1087] (#509) * feat(stack): stack redeploy form updates EE-1082 (#495) * feat(stacks): added explanation field in git form auth fieldset * feat(stack): stack redeploy form updates * feat(stack): added default repository mechanism. * update DB version * revert unexpected merge commit * fixed webhook typo * fixed warning message in edit stack view that has authentication ticked on * added directive 'focus-if' to make auto focus optional. * disabled auto focus on Edit Stack page in containers and services tables * stack autoupdate fixes (#523) * change /stacks/webhook -> /stacks/webhooks for consistency * fix: migrate only git stacks * fix build * fix: merge conflicts and failed tests * fix merge conflicts * feat(kube): change advance app creation [EE-1185] (#558) * fix(kube): change application labels (#564) * feat(k8s): git edit application view update EE-1196 (#557) * added git form info panel component * edit application view updates with git * fix(git): get wrapping class name * added kubernetes-app-git-form component Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com> * feat(kube): add endpoint to return kube stacks by id [EE-1186] (#569) * fix: labels in yaml * feat(k8s): web editor edit application view update EE-1197 (#575) * feat(k8s): web editor edit application view update EE-1197 * using enmu to show or hide application form fields * added web-editor-form component * using web-editor-form component * fixed typo * feat(k8s): add k8s app pull and redeploy handler (#565) * feat(k8s): added k8s app stack id and kind labels (#585) * feat(k8s): added k8s app stack id and kind labels * feat(k8s): updated API payloads for updating stack * feat(stack): add Matomo analytics (#601) * feat(k8s): added app deployment type to app detail page (#592) * payload updates * separated update stack function in docker n kube * feat(stack): support update k8s advanced application stack EE-1187 * feat(stack): sanitise Git credentials in stack response payload EE-1337 (#628) * hide git credentials in response * fix: store kube stack git auth Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com> * add stack ID lable when redeploy * init git auth struct if necessary * modify k8s stack update logic * fixed content editor not update issue. * removed duplicate module definition * removed duplicate module definition * fix: use full Stack obj on kube app details page * fix: use full Stack obj on kube app details page * refactor: tidy up * fixed web editor confirmation message typo. EE-1501 * feat(stack): update stack delete handler for kube stacks EE-1391 * fixed redeploy issue * fix(k8s): updated matomo analytics code * fixed issue auth detail not remembered (#676) * feat(k8s): add autoupdate logic for k8s stack EE-1390 * fix: same stack deployed multiple times (#683) * show status in buttons * using 'button-spinner' to show spin in buttons * removed onChangeRef function. * moved submit buttons from kube app creation page to kube git form component. * added namespace property back to kube app form * fix(stack): failed to pull and redeploy compose format k8s stack * feat(k8s): remove stack when delete kube app (#699) * feat(k8s): added endpoint binding. * feat(k8s): remove stack when delete kube app * only remove stack when stack id exists * remove application before stack * feat(k8s): support auto update in kube app (#682) * feat(k8s): parameterized title and palceholder in compose path field. * feat(k8s): support auto update when create advancded apps * moved formValus init to ctor. * updated API payload * corrected property names * feat(k8s): added auto update control to k8s app edit page (#698) * feat(k8s): renamed kubernetes-app-git-form * feat(k8s): added type property to git-form-info-panel component * feat(k8s): added auto update control to k8s app edit page * feat(k8s): added matomo analytics (#700) * feat(k8s): added matomo analytics * move event track code before calling the APIs. * removed debugging code * updated ManifestFile property name * feat(stack): support deploy k8s app with multi-files EE-1387 * removed duplicated name field. * fix: checkout manifests from nested directories (#707) * fix(k8s): file content overridden when deployment failed with compose format EE-1548 * updated API response to get IsComposeFormat and show appropriate text. * removed console log * not display creation source for external application * error message updates for different file type * fix(kube): use agent proxy for edge too * added confirmation modal to advanced app created by web editor * stop showing confirmation modal when updating application * disable rollback button when application type is not applicatiom form * fix(k8s): file content overridden when deployment failed with compose format EE-1556 * added analytics-on directive to pull and redeploy button * fix(kube): don't valide resource control access for kube (#730) * added missing question mark to k8s confirmation modal * assign AdditionalFiles to stack before deploy * fixed webhook format issue * added space in additional file list. * ignoring error on deletion * added question marks to k8s app confirmation modal * added RepositoryMechanismTypes constant * updated analytics functions * covert RepositoryMechanism to constant * fixed typo * removed unused function. * post tech review updates * fixed save settings n redeploy button * removed wrong file * feat(k8s): utilize user token for k8s auto update EE-1594 * feat(k8s): persist kub stack name EE-1630 * feat(k8s): support delete kub stack * fix(app): updated logic to delete stack for different kind apps. (#792) * fix(app): updated logic to delete stack for different kind apps. * fix(app): removed typo. * renamed variable * cleanup * func comment fix * added missing changes. * fixed stack id not found issue. * fix(k8s): fixed qusetion mark alignment issue in PAT field. (#763) * fix(k8s): fixed qusetion mark alignment issue in PAT field. * using display block to fix question mark alignment issue. * moved inline css to file. * fix(git-form: made auth input text full width * fix file persistance * add ignore deleted arg * Update api/exec/compose_stack.go Co-authored-by: Chaim Lev-Ari <chiptus@users.noreply.github.com> * Update api/http/handler/stacks/create_kubernetes_stack.go Co-authored-by: Chaim Lev-Ari <chiptus@users.noreply.github.com> * Update api/stacks/scheduled.go Co-authored-by: Chaim Lev-Ari <chiptus@users.noreply.github.com> * tech review updates * fix(k8s): added console error when deleting k8s service. * fix(console): added no-console config * fix: use stack editor as an owner when exists (#806) * fix(stack): remove stack when no app. (#840) * fix(stack): remove stack when no app. * support compose format in delete * tweak copy Co-authored-by: ArrisLee <arris_li@hotmail.com> Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com> Co-authored-by: dbuduev <dbuduev@gmail.com> Co-authored-by: Hui <arris_li@hotmail.com> Co-authored-by: Dmitry Salakhov <to@dimasalakhov.com> Co-authored-by: Chaim Lev-Ari <chiptus@gmail.com> Co-authored-by: Chaim Lev-Ari <chiptus@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
With creating Docker containers in the commandline, there is an option to specifically give or take a certain capability to or from a container. This is important to have accurate control over what a container is allowed to do. (see: https://docs.docker.com/engine/reference/run/)
In Portainer, when creating a container, there is no such option implemented yet.
Suggested solution
One could add all these capability keys to Portainer's create container section under "Security/Host" in form of checkboxes or some other UI element.
The text was updated successfully, but these errors were encountered: