Add a paragraph about possible security implication when using GitLab Runner in privileged mode43781-add-doc-for-kubernetes-cluster-security-docs

1 files changed, 14 insertions, 1 deletions

diff --git a/doc/user/project/clusters/index.md b/doc/user/project/clusters/index.md
index ca2bd07142a..a316cacd7f3 100644
--- a/doc/user/project/clusters/index.md
+++ b/doc/user/project/clusters/index.md
@@ -111,8 +111,21 @@ enable the Kubernetes cluster integration.
 
 ## Security implications
 
+The default cluster configuration grants access to a wide set of functionalities needed to successfully build and deploy a containerised application
+
+
 - same credentials for all the applications/accesses to the cluster
-- GitLab Runners deployed with privileged mode enabled (jobs can break isolation)
+
+### GitLab Runners
+
+GitLab Runners have privileged mode enabled by default, this allows the Runners to execute special commands, like Docker within Docker, which also help us provide instant support for [Auto Devops](https://docs.gitlab.com/ce/topics/autodevops/). This implies the containers are running in privileged mode and you should, therefore, be aware of some important details. 
+
+First of all our whole cluster security is based on a model where developers are trusted, so **only trusted users should be allowed to control your clusters**. The privileged flag gives all capabilities to the container, in other words, containers can do almost everything that the host can do, be aware of the inherent security risk associated with performing `docker run` operations on arbitrary images as they effectively have root access.
+
+#### How to disable privilege mode?
+
+....
+
 
 ## Installing applications