Practices SAP SAP Data Intelligence 3 on Rancher Kubernetes Engine 2 using VMware vSAN and vSphere SUSE Linux Enterprise Server 15 SP4 Rancher Kubernetes Engine 2 SAP Data Intelligence 3 Dr. Ulrich Schairer Architect (SUSE) 1 SAP Data Intelligence 3 on Rancher Kubernetes Engine 2 using VMware vSAN and vSphere SAP Data Intelligence 3 on Rancher Kubernetes Engine 2 using VMware vSAN and vSphere Date: 2023-07-24 liable for possi- ble errors or the consequences thereof. 2 SAP Data Intelligence 3 on Rancher Kubernetes Engine 2 using VMware vSAN and vSphere Contents 1 Introduction 4 2 Requirements 5 3 Preparations

Rancher CIS Kubernetes v.1.4.0 Benchmark Self Assessment Rancher v2.2.x Version 1.1.0 - August 2019 Authors Taylor Price Overview The following document scores a Kubernetes 1.13.x RKE cluster provisioned provisioned according to the Rancher v2.2.x hardening guide against the CIS 1.4.0 Kubernetes benchmark. This document is a companion to the Rancher v2.2.x security hardening guide. The hardening guide the benchmark. Because Rancher and RKE install Kubernetes services as Docker containers, many of the control verification checks in the CIS Kubernetes Benchmark don't apply. This guide will walk through

and RKE Kubernetes cluster using CSI Driver on DELL EMC PowerFlex September 2021 H18899 White Paper Abstract This white paper describes the deployment of a SUSE Rancher Kubernetes Cluster above Kubernetes workloads with Dell EMC PowerProtect Data Manager. Dell Technologies Solutions PowerFlex Engineering Validated Copyright 2 SUSE Rancher and RKE Kubernetes cluster information is subject to change without notice. Contents 3 SUSE Rancher and RKE Kubernetes cluster using CSI Driver on DELL EMC PowerFlex White Paper Contents Executive Summary

may be freely reproduced and distributed in its entirety without modification. Rancher Kubernetes Cryptographic Library FIPS 140-2 Non-Proprietary Security Policy Document Version 1.1 460 Herndon, VA 20171 corsec.com +1 703.276.6050 FIPS 140-2 Security Policy Rancher Kubernetes Cryptographic Library Page 2 of 16 References Ref Full Specification Name Date [140] Hash Message Authentication Code (HMAC) 7/16/2008 FIPS 140-2 Security Policy Rancher Kubernetes Cryptographic Library Page 3 of 16 Acronyms and Definitions Term Definition AES Advanced

发，团队可以快速将应用构建和部署到可提供横向扩展和硬件解耦的平台，为企业提供更高的敏捷性、弹性和云 间的可移植性。 https://12factor.net/zh_cn/ 云原生应用 传统的企业应用 可预测 不可预测 操作系统抽象化 依赖操作系统 合适的容量 过多容量 协作 孤立 持续交付 瀑布式开发 独立 依赖 自动化可扩展性 手动扩展 快速恢复 恢复缓慢 十二因素应用（Twelve-factor 一般应用普遍会有从配置文件、命令行参数或者环境变量中读取一些配置信息的需求，Kubernetes提供了 ConfigMap资源对象来实现配置管理，可以通过以下几种方式来使用ConfigMap配置Pod中的容器： • 容器 entrypoint 的命令行参数 • 容器的环境变量 • 在只读卷里面添加一个文件，应用读取 • 编写代码在 Pod 中运行，应用通过使用 Kubernetes API 来读取 © Copyright 编码格式的 Secret，用来存储密码、密钥等。 但也可以通过base64-decode解码得到原始数据，安全性较弱 • kubernetes.io/dockerconfigjson：用来存储私有docker registry 镜像库的认证信息 • kubernetes.io/service-account-token：使用ServiceAccount 资 源对象时，会默认创建一个对应的 Secret

................. 33 7.2. 镜像仓库 ................................................. 33 7.3. Kubernetes(k8s) .......................................... 33 1. 概要 1.1. 环境说明 系统相关的登录账号、密码信息如下： 自动重启：对应 Docker --restart 命令； g) 文件系统组：对应 Docker --group-add 命令； h) 停止超时：将会在容器上添加标签 annotation.io.kubernetes.pod.terminationGracePeriod=xx; 网络 l 使用主机网络 默认情况加，Pod 以及容器均使用 overlay 网络。某些场景下，需要使用主机网络来保证容 标签可理解为一种标记，给 Pod 打上标签后，Pod 的查询或者 service 的选择可以通过此标 签来过滤或者选择。Annotation，顾名思义，就是注解。Annotation 可以将 Kubernetes 资 源对象关联到任意的非标识性元数据。使用客户端（如工具和库）可以检索到这些元数据。 安全/主机设置 l 镜像拉取策略 默认为总是拉取，Pod 在配置升级或者重建时都会执行镜像拉取操作。如果设置为不存在则

12 15 17 17 18 18 18 19 19 19 20 20 20 21 21 Contents CIS 1.6 Kubernetes Benchmark - Rancher v2.5.4 with Kubernetes v1.18 Controls 1.1 Etcd Node Configuration Files 1.1.11 Ensure that the etcd:etcd (Automated) 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated) 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 644 or more restrictive (Automated) 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Automated) 1.1.1 Ensure that the API server pod specification file permissions are set to 644

March 2017. 1 ©Rancher Labs 2017. All rights Reserved. 2 DEPLOYING AND SCALING KUBERNETES WITH RANCHER Contents Introduction ..................................................... .......................... 4 1.2 Kubernetes Concepts and Terminology ....................................................................... 4 1.3 Kubernetes Functionalities .................... ..................................................................................... 7 1.4 Kubernetes Components ...................................................................................

Guide to Enterprise Kubernetes Management Platforms Red Hat OpenShift 4.9, VMware Tanzu 1.4, Google Anthos 1.10 and SUSE Rancher 2.6 A Buyer’s Guide to Enterprise Kubernetes Management Platforms ................................................... 39 A Buyer’s Guide to Enterprise Kubernetes Management Platforms Copyright © SUSE 2022 3 1 Executive Summary Organizations modernizing enterprises are creating new opportunities to unify their IT operations with containers and Kubernetes. The recent Forrester Wave report1 stated that these cloud native technologies are quickly becoming

6 14 29 33 34 34 37 37 38 38 42 49 49 50 52 Contents CIS Kubernetes Benchmark v1.5 - Rancher v2.4 with Kubernetes v1.15 Controls 1 Master Node Security Configuration 1.1 Master Node Configuration Logging 4 Worker Node Security Configuration 4.1 Worker Node Configuration Files 4.2 Kubelet 5 Kubernetes Policies 5.1 RBAC and Service Accounts 5.2 Pod Security Policies 5.3 Network Policies and CNI General Policies CIS Benchmark Rancher Self-Assessment Guide - v2.4 3 CIS Kubernetes Benchmark v1.5 - Rancher v2.4 with Kubernetes v1.15 Click here to download a PDF version of this document Overview