Why not include beszel agent?
-
Out of curiousity, why is it not possible to include the beszel agent in the same app package as the beszel hub?
-
@hakunamatata beszel agent requires access to docker. We have a docker addon that can give apps access to Docker but this means the app will have access to your entire Cloudron infrastructure if the agent is pre-included. It can inspect any app, do anything on the server. We don't monitor upstream apps or code bases (only track releases and package them up). It's a big security risk.
In general, the docker addon is meant only for custom apps (which then changes the trust model, it's up to the end user).
-
@girish thank you for the explanation. With that in mind, are there any plans to include similar functionality natively in a future Cloudron release? i.e. an easy way to see the CPU, RAM, storage, network usage of each of the apps installed on your Cloudron instance, receive notifications/alerts when usage is above a certain user-defined threshold etc.
Currently we can sort of do some of this in Cloudron 8 but one needs to go to each app individually which is abit cumbersome and app resource alerting functionality does not presently exist to my knowledge. Like if my CPU is overheating, Cloudron currently will not reporting anything.
If the concern from the Cloudron team is that the beszel agent theoretically introduces security risk as the upstream codebase has not been reviewed in its entirety, would it be possible to take advantage of the wonderful work already done for the beszel agent and fork it into something that you review once and then natively integrate into cloudron? (I'm asking this as a non-developer)
