Add doc for Kubernetes cluster security
GitLab Kubernetes integration is using legacy security, and the current implementation doesn't isolate deployments. So, the security model is "open", and it identifies two players:
- project users (administrators, developers, etc)
- external users (final users for the deployed application)
We need to document which is the current security model for clusters, which are the assumptions (developers are trusted), which are the limitations (no RBAC) and which security feature is "relaxed" (e.g., privileged mode for runners).
The documentation should also include best practices and manual procedures to enforce strict security (losing some of the functionalities) in case the specific scenario requires it (e.g., how to disable privileged mode for runners).
We need to add documentation that will be linked by https://gitlab.com/gitlab-org/gitlab-ce/issues/43780.
- what privileged mode is
- limitations (no Auto DevOps)
- how to manually enable it (and what it implies for security)
Doc should be at https://docs.gitlab.com/ee/user/project/clusters/#security-implications (please consider the corresponding page in the /help
application path instead).