I am looking into twistlock and how I can integrate it with a rancher install. I have a quick question about how Rancher interacts with the docker.sock.
As twistlock can limit access to docker api calls based on roles and permissions set in the console from which it can pull from AD or LDAP, as what user does rancher execute the api calls on docker.sock to execute commands? As the superuser or the logged in rancher user?
If it uses the rancher user and rancher is connected to the same AD the twistlock defender should successfully apply policies, but if it is a root/superuser that would kind of negate the set policies.
Just looking into adding this into the rancher stack as I am working on a POC for a project I know I may have coming up and trying to prepare for the security audits and enterprise requirements. This is question really jumped out at me off the bat.
If this has been answered elsewhere I apologize didn’t see it after a quick search.