Grant a developer access to view & debug his/her application

This article covers how to grant access to the Services UI from the main dashboard so a developer can view the stderr and stdout of their running container.
 

This is possible to achieve but only possible if you installed DC/OS 1.8+ with security mode strict.

Here is an example for an Application Group called /mygroup. All applications that are deployed beneath this group will be only readable for the developer when you assign him the following permissions:

dcos:adminrouter:ops:mesos          full
dcos:adminrouter:ops:slave          full
dcos:adminrouter:service:marathon   full

dcos:service:marathon:marathon:services:/mygroup    read

dcos:mesos:master:executor:app_id:/mygroup  read
dcos:mesos:master:framework:role            read
dcos:mesos:master:task:app_id:/mygroup      read

dcos:mesos:agent:executor:app_id:/mygroup   read
dcos:mesos:agent:framework:role             read
dcos:mesos:agent:sandbox:app_id:/mygroup    read
dcos:mesos:agent:task:app_id:/mygroup       read

A developer will not be able to see applications or access logs outside of this group mygroup.

You can read further more about permissions here:
https://docs.mesosphere.com/1.8/administration/id-and-access-mgt/permissions/master-agent-perms/

Have more questions? Submit a request

Comments

Powered by Zendesk