You can install portainer.io (see its demo , password tryportainer)
But in order to truly isolate third-party microservices, you can run them in your own virtual machine defined in your infrastructure. This virtual machine will run daemon dockers and services. As long as the virtual machine has access to the API, these containers with microservices will work fine and will not have access to anything directly from the infrastructure.
You need to correctly determine / the size of your virtual machine in order to allocate enough resources to run containers, each of which guarantees its own independent allocation of resources .