From 923e3504b7746a3678840f8ac9d83992083ad775 Mon Sep 17 00:00:00 2001
From: Hector Flores <flores.hector.carlos@gmail.com>
Date: Fri, 4 Apr 2025 00:47:15 -0600
Subject: [PATCH] Add Portainer to check the logs for docker containers and
 docker proxy to prevent users to remove, pause and restart containers.

---
 README.md          |  6 ++++++
 docker-compose.yml | 37 ++++++++++++++++++++++++++++++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1fcf269ca..f0b87065d 100644
--- a/README.md
+++ b/README.md
@@ -185,6 +185,12 @@ Use format '#GitHub_TaskNumber-# issue description' or 'Merge description'. Issu
  2.2 command line: `gradle jacocoTestReport`
 3. Pay attention that main local metric would be a little bit different from the one in Sonar cloud.
 
+### Container Management Platform:
+We use [portainer-ce](https://hub.docker.com/r/portainer/portainer-ce) as container management platform. For now, we only support read-only mode since the main purpose of using portainer it is to fetch the logs with the ability to log in with basic auth.
+Since portainer-ce does not have the ability to assign read-only permissions to user, we have deployed a proxy docker container called **docker_socket_proxy** and the actual docker portainer called **portainer_readonly**. For more info please go to [docker-compose.yml](./docker-compose-run.yml) file.
+The container will be deployed on port **9001** and you can access it on http://brainup.site:9001/. 
+Credentials to access portainer in read mode. user: **dev**, password: **mystrongpassword**
+
 ### Thanks companies for support
 - EPAM for Jira/Confluence, test instance and Jenkins, for contribution support program.
 - JetBrains for IDEA licenses
diff --git a/docker-compose.yml b/docker-compose.yml
index a2737bfef..73a50f519 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -42,6 +42,41 @@ services:
       - 80:80
     depends_on:
       - brn
+  docker_socket_proxy:
+    image: tecnativa/docker-socket-proxy
+    container_name: docker_socket_proxy
+    restart: always
+    environment:
+      CONTAINERS: 1
+      CONTAINERS_INSPECT: 1
+      CONTAINERS_LOGS: 1
+      INFO: 1
+      VERSION: 1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - portainer_ro_net
+
+  portainer_readonly:
+    image: portainer/portainer-ce
+    container_name: portainer_readonly
+    restart: always
+    ports:
+      - "9001:9000"
+    environment:
+      - LOG_LEVEL=INFO
+    volumes:
+      - portainer_ro_data:/data
+    networks:
+      - portainer_ro_net
+    depends_on:
+      - docker_socket_proxy
+    command: -H tcp://docker_socket_proxy:2375
 secrets:
   firebase_config_json:
-    file: ./src/main/resources/firebase-brainupspb-dev.json
\ No newline at end of file
+    file: ./src/main/resources/firebase-brainupspb-dev.json
+volumes:
+  portainer_ro_data:
+
+networks:
+  portainer_ro_net:
\ No newline at end of file