Secrets Management at Scale with Vault & Rancher 24. June Robert de Bock Senior DevOps Engineer Adfinis robert.debock@adfinis.com Kapil Arora Senior Solution Engineer HashiCorp kapil@hashicorp.com managing many? How do we address: Networking, Security, Scheduling, Automation, etc? 6 Why Kubernetes ? Common compute platform across any infrastructure DEV DATA CENTER CLOUD BRANCH 5G / EDGE infrastructure capabilities Kubernetes architecture ● Controlplane: Manages the cluster and exposes an API for control ● Etcd: a key value store used as Kubernetes’ backing store for all cluster

Practices SAP SAP Data Intelligence 3 on Rancher Kubernetes Engine 2 using VMware vSAN and vSphere SUSE Linux Enterprise Server 15 SP4 Rancher Kubernetes Engine 2 SAP Data Intelligence 3 Dr. Ulrich Schairer Architect (SUSE) 1 SAP Data Intelligence 3 on Rancher Kubernetes Engine 2 using VMware vSAN and vSphere SAP Data Intelligence 3 on Rancher Kubernetes Engine 2 using VMware vSAN and vSphere Date: 2023-07-24 liable for possi- ble errors or the consequences thereof. 2 SAP Data Intelligence 3 on Rancher Kubernetes Engine 2 using VMware vSAN and vSphere Contents 1 Introduction 4 2 Requirements 5 3 Preparations

Rancher CIS Kubernetes v.1.4.0 Benchmark Self Assessment Rancher v2.2.x Version 1.1.0 - August 2019 Authors Taylor Price Overview The following document scores a Kubernetes 1.13.x RKE cluster provisioned provisioned according to the Rancher v2.2.x hardening guide against the CIS 1.4.0 Kubernetes benchmark. This document is a companion to the Rancher v2.2.x security hardening guide. The hardening guide the benchmark. Because Rancher and RKE install Kubernetes services as Docker containers, many of the control verification checks in the CIS Kubernetes Benchmark don't apply. This guide will walk through

and RKE Kubernetes cluster using CSI Driver on DELL EMC PowerFlex September 2021 H18899 White Paper Abstract This white paper describes the deployment of a SUSE Rancher Kubernetes Cluster above Kubernetes workloads with Dell EMC PowerProtect Data Manager. Dell Technologies Solutions PowerFlex Engineering Validated Copyright 2 SUSE Rancher and RKE Kubernetes cluster information is subject to change without notice. Contents 3 SUSE Rancher and RKE Kubernetes cluster using CSI Driver on DELL EMC PowerFlex White Paper Contents Executive Summary

may be freely reproduced and distributed in its entirety without modification. Rancher Kubernetes Cryptographic Library FIPS 140-2 Non-Proprietary Security Policy Document Version 1.1 460 Herndon, VA 20171 corsec.com +1 703.276.6050 FIPS 140-2 Security Policy Rancher Kubernetes Cryptographic Library Page 2 of 16 References Ref Full Specification Name Date [140] Hash Message Authentication Code (HMAC) 7/16/2008 FIPS 140-2 Security Policy Rancher Kubernetes Cryptographic Library Page 3 of 16 Acronyms and Definitions Term Definition AES Advanced

March 2017. 1 ©Rancher Labs 2017. All rights Reserved. 2 DEPLOYING AND SCALING KUBERNETES WITH RANCHER Contents Introduction ..................................................... .......................... 4 1.2 Kubernetes Concepts and Terminology ....................................................................... 4 1.3 Kubernetes Functionalities .................... ..................................................................................... 7 1.4 Kubernetes Components ...................................................................................

12 15 17 17 18 18 18 19 19 19 20 20 20 21 21 Contents CIS 1.6 Kubernetes Benchmark - Rancher v2.5.4 with Kubernetes v1.18 Controls 1.1 Etcd Node Configuration Files 1.1.11 Ensure that the etcd:etcd (Automated) 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated) 1.1.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 644 or more restrictive (Automated) 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 (Automated) 1.1.1 Ensure that the API server pod specification file permissions are set to 644

Acquired Rancher in 2020 1. Company Snapshot • Powering Innovation With Leadership in Linux & Kubernetes • Market Facts • Target Market • Key Benefits of SUSE Rancher for MSPs • Program Benefits for Leadership in Linux & Kubernetes Hybrid Cloud Infrastructure Dev Datacenter Branch Cloud Edge Support & Services Catalog Security Storage Governance The platform for managing all Kubernetes distributions and other industries Copyright © SUSE 2021 Key Benefits of SUSE Rancher for MSPs Deliver Kubernetes or Rancher–as– a–Service and enable customers to build faster Increase operational efficiency

EventRateLimit,PodSecurityPolicy --encryption-provider-config=/etc/kubernetes/ssl/encryption.yaml --admission-control-config-file=/etc/kubernetes/admission.yaml --audit-log-path=/var/log/kube-audit/audit-log --audit-log-maxbackup=10 --audit-log-maxsize=100 --audit-log-format=json --audit-policy-file=/etc/kubernetes/audit-policy.yaml --tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WI service_node_port_range: 30000-32767 event_rate_limit: enabled: true 8 audit_log: enabled: true secrets_encryption_config: enabled: true extra_args: anonymous-auth: "false" enable-admission-plugins:

1.x. It outlines the configurations and controls required to address CIS-Kubernetes benchmark controls. Rancher CIS-Kubernetes self assessment using RKE This document has been created by the Engineering Labs. Profile Definitions The following profile definitions agree with the CIS Benchmarks for Kubernetes. Level 1 Items in this profile intend to: offer practical advice appropriate for the environment; utility or performance of the technology Authors Jason Greathouse Bill Maxwell 1.1 - Rancher HA Kubernetes cluster host configuration 1.1.1 - Configure default sysctl settings on all hosts Profile Applicability