Rancher 2.0 - compromised cluster and impact on other clusters


#1

I am setting up a CI/CD pipeline with gitlab at the moment.
Let’s say I would make 2 clusters called :

  • production
  • test
    The 2 clusters are running on seperate hosts, they don’t share any host.
    I would run test and build of containers image on my cluster tests, thus I would need to expose /var/run/docker.sock in my build containers/pods to access the docker command.
    If somebody manage to compromise my test cluster, will rancher be safe or compromised ? will my separate production cluster be safe or compromised ?
    Thank you for your input

#2

Hi! Have you found out by now?
This can depend on the way, how you installed Rancher. Does it run on its own cluster, on your TEST, or PRODUCTION cluster. In my personal opinion (no hard facts, not verified in any way!) anyone compromising the cluster which is running Rancher on it, can compromise Racher, too, and everything else.