Recall the picture of a secured Swarm cluster from Chapter 4, Creating a Production-Grade Swarm; we'll explain the security aspects found in a Docker Swarm model cluster.
We have the Orchestrator as one of the main parts of a Docker Swarm manager. Diogo Monica, a member of the Docker Security team, mentioned in his Orchestration Least Privileged presentation, in Berlin 2016, that each component in the orchestration must have a limitation of what it can do.
Node management: A cluster operator may instruct an Orchestrator to perform actions for a set of nodes
Task assignment: The Orchestrator is also responsible for assigning tasks to each node
Cluster state reconciliation: The Orchestrator maintains the state of the cluster by reconciling each state to the desired state
Resource management: The Orchestrator offers and revokes resources for submitted tasks
An Orchestrator with the least privilege will make the system secure and a least privilege Orchestrator is defined based...