I am setting up a CI/CD pipeline with gitlab at the moment.
Let’s say I would make 2 clusters called :
- production
- test
The 2 clusters are running on seperate hosts, they don’t share any host.
I would run test and build of containers image on my cluster tests, thus I would need to expose /var/run/docker.sock in my build containers/pods to access the docker command.
If somebody manage to compromise my test cluster, will rancher be safe or compromised ? will my separate production cluster be safe or compromised ?
Thank you for your input