pivot deployer to in-cluster concourse

[pauldougan]

What

Answer the following questions:

• Assuming a cluster has already been created, could the deployer pipeline (on BigConcourse) move itself into the in-cluster concourse.
• What would the impact be of letting the in-cluster concourse assume the deployer role (ie would it need it's own nodegroup?)
• Would this be preferable (security wise) than the BigConcourse?
• What happens when the deployer has to redeploy the node that the deploy job is running on (ie rolling the ci node group)?
• If rolling the ci node group causes problems, any ideas how to solve it?

Why

The big concourse is fast becoming an attractive target for a malicious actor as it is capable of assuming the "deployer" roles from each account (and deployer is basically admin since it need to do AllTheThings)

[samcrang]

I'm closing this because it's old and I think we're broadly okay with the idea of Big Concourse™ currently.