Practices SAP SAP Data Intelligence 3 on Rancher Kubernetes Engine 2 using VMware vSAN and vSphere SUSE Linux Enterprise Server 15 SP4 Rancher Kubernetes Engine 2 SAP Data Intelligence 3 Dr. Ulrich Schairer Architect (SUSE) 1 SAP Data Intelligence 3 on Rancher Kubernetes Engine 2 using VMware vSAN and vSphere SAP Data Intelligence 3 on Rancher Kubernetes Engine 2 using VMware vSAN and vSphere Date: 2023-07-24 liable for possi- ble errors or the consequences thereof. 2 SAP Data Intelligence 3 on Rancher Kubernetes Engine 2 using VMware vSAN and vSphere Contents 1 Introduction 4 2 Requirements 5 3 Preparations

Rancher CIS Kubernetes v.1.4.0 Benchmark Self Assessment Rancher v2.2.x Version 1.1.0 - August 2019 Authors Taylor Price Overview The following document scores a Kubernetes 1.13.x RKE cluster provisioned provisioned according to the Rancher v2.2.x hardening guide against the CIS 1.4.0 Kubernetes benchmark. This document is a companion to the Rancher v2.2.x security hardening guide. The hardening guide the benchmark. Because Rancher and RKE install Kubernetes services as Docker containers, many of the control verification checks in the CIS Kubernetes Benchmark don't apply. This guide will walk through

and RKE Kubernetes cluster using CSI Driver on DELL EMC PowerFlex September 2021 H18899 White Paper Abstract This white paper describes the deployment of a SUSE Rancher Kubernetes Cluster above Kubernetes workloads with Dell EMC PowerProtect Data Manager. Dell Technologies Solutions PowerFlex Engineering Validated Copyright 2 SUSE Rancher and RKE Kubernetes cluster information is subject to change without notice. Contents 3 SUSE Rancher and RKE Kubernetes cluster using CSI Driver on DELL EMC PowerFlex White Paper Contents Executive Summary

may be freely reproduced and distributed in its entirety without modification. Rancher Kubernetes Cryptographic Library FIPS 140-2 Non-Proprietary Security Policy Document Version 1.1 460 Herndon, VA 20171 corsec.com +1 703.276.6050 FIPS 140-2 Security Policy Rancher Kubernetes Cryptographic Library Page 2 of 16 References Ref Full Specification Name Date [140] Hash Message Authentication Code (HMAC) 7/16/2008 FIPS 140-2 Security Policy Rancher Kubernetes Cryptographic Library Page 3 of 16 Acronyms and Definitions Term Definition AES Advanced

................. 33 7.2. 镜像仓库 ................................................. 33 7.3. Kubernetes(k8s) .......................................... 33 1. 概要 1.1. 环境说明 系统相关的登录账号、密码信息如下： 16 5. 应用部署 5.1. 概述 用户通过 Rancher UI 交互页面进行应用部署。 5.2. 操作说明 具体操作说明如下： 5.2.1. 切换项目 进入 项目\工作负载 视图,通过页面左上角的下拉菜单切换到目标项目。 5.2.2. 部署服务 点击右侧部署服务按钮进入服务部署界面 填写应用名称 应用名称只允许最多 15 位的小写字母，数字或"-"，并以字母或数字开头和结尾。 -p 的方式映射的端口，只有 Pod 所在的节点 IP+端口才可以访问； c) ClusterIP： 为 service 配置 cluster IP 地址； d) L4 负载均衡： 此功能对应公有云的负载均衡器，内网环境或自定义云主机安装的集群请不要使用。 Page 18 环境变量 该步骤用于为应用运行设置相关的环境变量，这里设置的环境变量会通过容器平台传递给应

一般应用普遍会有从配置文件、命令行参数或者环境变量中读取一些配置信息的需求，Kubernetes提供了 ConfigMap资源对象来实现配置管理，可以通过以下几种方式来使用ConfigMap配置Pod中的容器： • 容器 entrypoint 的命令行参数 • 容器的环境变量 • 在只读卷里面添加一个文件，应用读取 • 编写代码在 Pod 中运行，应用通过使用 Kubernetes API 来读取 © Copyright 编码格式的 Secret，用来存储密码、密钥等。 但也可以通过base64-decode解码得到原始数据，安全性较弱 • kubernetes.io/dockerconfigjson：用来存储私有docker registry 镜像库的认证信息 • kubernetes.io/service-account-token：使用ServiceAccount 资 源对象时，会默认创建一个对应的 Secret Secret 对象，对应的Secret 会 自动挂载到Pod 目录 /run/secrets/kubernetes.io/serviceaccount © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 通过PV/PVC实现应用数据持久化 虽然可以通过ConfigMap和Secret来实现对应用的配置管理，但不管

12 15 17 17 18 18 18 19 19 19 20 20 20 21 21 Contents CIS 1.6 Kubernetes Benchmark - Rancher v2.5.4 with Kubernetes v1.18 Controls 1.1 Etcd Node Configuration Files 1.1.11 Ensure that the etcd:etcd (Automated) 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated) 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 644 or more restrictive (Automated) 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Automated) 1.1.1 Ensure that the API server pod specification file permissions are set to 644

March 2017. 1 ©Rancher Labs 2017. All rights Reserved. 2 DEPLOYING AND SCALING KUBERNETES WITH RANCHER Contents Introduction ..................................................... .......................... 4 1.2 Kubernetes Concepts and Terminology ....................................................................... 4 1.3 Kubernetes Functionalities .................... ..................................................................................... 7 1.4 Kubernetes Components ...................................................................................

Guide to Enterprise Kubernetes Management Platforms Red Hat OpenShift 4.9, VMware Tanzu 1.4, Google Anthos 1.10 and SUSE Rancher 2.6 A Buyer’s Guide to Enterprise Kubernetes Management Platforms ................................................... 39 A Buyer’s Guide to Enterprise Kubernetes Management Platforms Copyright © SUSE 2022 3 1 Executive Summary Organizations modernizing enterprises are creating new opportunities to unify their IT operations with containers and Kubernetes. The recent Forrester Wave report1 stated that these cloud native technologies are quickly becoming

6 14 29 33 34 34 37 37 38 38 42 49 49 50 52 Contents CIS Kubernetes Benchmark v1.5 - Rancher v2.4 with Kubernetes v1.15 Controls 1 Master Node Security Configuration 1.1 Master Node Configuration Logging 4 Worker Node Security Configuration 4.1 Worker Node Configuration Files 4.2 Kubelet 5 Kubernetes Policies 5.1 RBAC and Service Accounts 5.2 Pod Security Policies 5.3 Network Policies and CNI General Policies CIS Benchmark Rancher Self-Assessment Guide - v2.4 3 CIS Kubernetes Benchmark v1.5 - Rancher v2.4 with Kubernetes v1.15 Click here to download a PDF version of this document Overview