docs: task driver resource isolation & security

2019-09-03 15:19:46 -07:00 · 2019-09-03 15:19:46 -07:00 · d4c9e1028f
parent 0f29dcc935
commit d4c9e1028f
1 changed files with 9 additions and 0 deletions
--- a/website/source/docs/drivers/index.html.md
+++ b/website/source/docs/drivers/index.html.md
@ -29,6 +29,15 @@ used in, and the resource isolation mechanisms available.
 For details on authoring a task driver plugin, please refer to the [plugin
 authoring guide][plugin_guide].

+Task driver resource isolation is intended to provide a degree of separation of
+Nomad client CPU / memory / storage between tasks. Resource isolation
+effectiveness is dependent upon individual task driver implementations and
+underlying client operating systems. Task drivers do include various security-
+related controls, but the Nomad client to task interface should not be
+considered a security boundary. See the [access control guide][acl_guide] for
+more information on how to protect Nomad cluster operations.
+
 [plugin]: /docs/configuration/plugin.html
 [docker_plugin]: /docs/drivers/docker.html#client-requirements
 [plugin_guide]: /docs/internals/plugins/index.html
+[acl_guide]: https://www.nomadproject.io/guides/security/acl.html