What are the requirements when it comes to the cluster communicating with either management or Docker hosts? Do you need an internal or separate network to isolate the cluster traffic?
Can you easily lock a cluster member down to only your cluster? Is the cluster communication encrypted; what information about your cluster could be exposed; does this make it a target for hackers?
What external access does the cluster need to APIs, such as your public cloud providers? How securely are any API/access credentials stored?