l at i on of R an c h e r v 2. 3. 3+ w i t h K u b e r n e t e s v 1. 14, v 1. 15 an d v 1. 16. I t ou t l i n e s t h e c on fi gu r at i on s an d c on t r ol s r e q u i r e d t o ad d r e s s K u b om t h e C e n t e r f or I n f or m at i on S e c u r i t y ( C I S ) . F or m or e d e t ai l ab ou t e v al u at i n g a h ar d e n e d c l u s t e r agai n s t t h e offi c i al C I S b e n c h - m t e s . A p r ofi l e i s a s e t of c on fi gu r at i on s t h at p r ov i d e a c e r t ai n am ou n t of h ar d e n i n g. G e n e r al l y , t h e m or e h ar d e n e d an e n v i r on m e n t i s

the terms and conditions of the End User License Agreement ("EULA") posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions Rancher RKE2 Cluster | 59 Configure a Server Node | 59 Configure an Agent Node | 63 Configure Repository Credentials | 66 Prepare a Cluster Node for DPDK | 67 Juniper CN2 Technology Previews implemented by a CNI plug-in and vRouter on every node. Integrating a full-fledged vRouter alongside the workloads provides CN2 the flexibility to support a wide range of networking requirements, from small

Managed Services 3 3 1 2 Multi-Cluster Management 4 3 2 2 Edge Support 4 3 2 1 Integrated Public Cloud Support 4 2 2 2 Bare Metal, OpenStack & vSphere 4 3 2 2 Import Existing 4 2 Cluster Upgrades & Version Management 4 4 2 2 Storage Support 4 4 4 3 Arm Support 4 2 1 0 Airgap Support 4 3 2 0 Etcd Backup and Restore 4 2 3 1 A Buyer’s Guide to infrastructure. Feature SUSE Rancher OpenShift Tanzu Anthos Active Directory and LDAP Support 4 4 4 2 Pod and Network Security Policies 4 3 2 2 Configurable Adherence to CIS 4

.................................................................... 9 2.2 Native Kubernetes Support in Rancher ........................................................................ 9 2.3 Setting .............................................................40 4.2 Rancher Private Registry Support for Kubernetes .......................................................41 4.3 Container Monitoring ..............................................................................45 4.5 Ingress Support ................................................................................................

Role Count RAM CPU Disk space Management Workstation 1 16 GiB 4 >100 GiB Master Node 3 16 GiB 4 >120 GiB Worker Node 4 32 GiB 8 >120 GiB 5 SAP Data Intelligence 3 on Rancher Kubernetes Engine 2 using Role Count RAM CPU Disk space Management Workstation 1 16 GiB 4 >100 GiB Master Node 3 16 GiB 4 >120 GiB Worker Node 4 64 GiB 16 >120 GiB 2.2 Software requirements The following list contains the software documentation: Release Note for SAP DI 3 (https://launchpad.support.sap.com/#/notes/2871970) Release Note for SAP SLC Bridge (https://launchpad.support.sap.com/#/ notes/2589449) Installation Guide at help

containerized applications within a Kubernetes cluster, that can survive the lifetime of a pod or the node it is running on. SUSE Rancher is a Kubernetes management platform that simplifies the cluster resources together or independently, one node at a time as per your requirements. • Shared platform for heterogeneous workloads The platform can support a broad range of operating environments simultaneously container platforms with a unified underlying infrastructure platform and management. It can also support heterogeneous workloads with varying requirements on a flexible shared infrastructure platform

Release ※※※※※ ※※※ ※※※ 4 Traffic Governance ※※※※※ ※※※ ※※※ Tracing ※※※※※ ※※※ ※※※ Multicloud Support ※※※※※ ※※※ ※※※※※ Multi-cluster Management ※※※※ ※※※ ※※※※※ Edge Computing ※※※※※ ※※ ※※※※※ Network ※※※※ ※※※※※ ※※※※※ Security ※※※※ ※※※※※ ※※ Windows Container ※ ※※※※ ※※※※ 5 Support Commercial Services and Support ※※※※※ ※※※※ ※※※※ 1.2 Metrics Details Product Overview Overview Product name installation tool RancherD, an easy-to-use installation tool, available Operating system support All major Linux operating systems supported Coupled to Red Hat underlying infrastructure,

Leadership in Linux & Kubernetes Hybrid Cloud Infrastructure Dev Datacenter Branch Cloud Edge Support & Services Catalog Security Storage Governance The platform for managing all Kubernetes distributions approach 7 Maintain customer satisfaction with access to deep expertise from SUSE’s highly rated support organization Ensure you’re able to offer and meet Service Level Agreements (SLAs) for emerging invoicing based on usage • Backed by SUSE/Rancher -all products come with SUSE/Rancher L1, L2, and L3 support • Access to enterprise grade open-source software – no vendor lock-in • More than just subscriptions

2.1.8 - Ensure that the --hostname-override argument is not set (Scored) Controls 1 - Master Node Security Configuration 1.1 - API Server 1.1.1 - Ensure that the --anonymous-auth argument is set inspect kube-apiserver | jq -e '.[0].Args[] | match("--authorization-mode=(Node|RBAC|,)+" Returned Value: --authorization-mode=Node,RBAC Result: Pass 1.1.20 - Ensure that the --token-auth-file parameter /kube-node.pem Audit ( --etcd-keyfile ) docker inspect kube-apiserver | jq -e '.[0].Args[] | match("--etcd-keyfile=.*").string' Returned Value: --etcd-keyfile=/etc/kubernetes/ssl/kube-node-key.pem

set to false (Scored) Rancher_Hardening_Guide.md 11/30/2018 5 / 24 Audit On each control plane node, run: stat /etc/kubernetes/audit.yaml Ensure that: The file is present The file mode is 0600 This privilege should only be granted to a few people who are responsible for the availability and support of Rancher and the clusters that it manages. Audit The following script uses the Rancher API to Configuration 3.4.1 - Ensure only approved node drivers are active Rancher_Hardening_Guide.md 11/30/2018 21 / 24 Profile Applicability Level 1 Description Ensure that node drivers that are not needed or approved