A reminder about scope
Out of the box, Docker API access is "all or nothing"
When someone has access to the Docker API, they can access everything
If your developers are using the Docker API to deploy on the dev cluster ...
... and the dev cluster is the same as the prod cluster ...
... it means that your devs have access to your production data, passwords, etc.
This can easily be avoided
Fine-grained API access control
A few solutions, by increasing order of flexibility:
Use separate clusters for different security perimeters
(And different credentials for each cluster)
- Add an extra layer of abstraction (sudo scripts, hooks, or full-blown PAAS)