首页 文库资料 文章资讯  上传文档  发布文章  登录账户

分类

全部云计算&大数据(9)rancher(9)

语言

全部英语(9)

格式

全部PDF文档 PDF(9)
 
本次搜索耗时 0.019 秒,为您找到相关结果约 9 个.

  • pdf文档 CIS 1.6 Benchmark - Self-Assessment Guide - Rancher v2.5.4

    set (Manual) 1.2.13 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used (Manual) 1.2.14 Ensure that the admission control plugin ServiceAccount is set (Automated) plugin NamespaceLifecycle is set (Automated) 1.2.16 Ensure that the admission control plugin PodSecurityPolicy is set (Automated) 1.2.17 Ensure that the admission control plugin NodeRestriction is set (Automated) --audit-log-maxage=30 --etcd- servers=https://192.168.1.225:2379 --runtime-config=policy/ v1beta1/podsecuritypolicy=true --bind-address=0.0.0.0 --tls- cipher- suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    0 码力 | 132 页 | 1.12 MB | 1 年前
    3

  • pdf文档 Rancher CIS Kubernetes v.1.4.0 Benchmark Self Assessment

    SecurityContextDeny is set (Not Scored) Notes This SHOULD NOT be set if you are using a PodSecurityPolicy (PSP). From the CIS Benchmark document: This admission controller should only be used where admission control plugin PodSecurityPolicy is set (Scored) Audit docker inspect kube-apiserver | jq -e '.[0].Args[] | match("--enable-admission-plugins=.*(PodSecurityPolicy).*").captures[].string' Returned Value: PodSecurityPolicy Result: Pass 1.1.25 - Ensure that the --service-account-key-file argument is set as appropriate (Scored) Audit docker inspect kube-apiserver | jq -e '.[0].Args[]
    0 码力 | 47 页 | 302.56 KB | 1 年前
    3

  • pdf文档 Hardening Guide - Rancher v2.3.3+

    c or e d ) 7 • 1. 1. 24 - E n s u r e t h at t h e ad m i s s i on c on t r ol p l u gi n PodSecurityPolicy i s s e t ( S c or e d ) • 1. 1. 30 E n s u r e t h at t h e AP I S e r v e r on l y m ak e DefaultTolerationSeconds,AlwaysPullImages,DenyEscalatingExec,NodeRestriction,EventRateLimit,PodSecurityPolicy --encryption-provider-config=/etc/kubernetes/ssl/encryption.yaml --admission-control-config DefaultTolerationSeconds,AlwaysPullImages,DenyEscalatingExec,NodeRestriction,EventRateLimit,PodSecurityPolicy" profiling: "false" service-account-lookup: "true" tls-cipher-suites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    0 码力 | 44 页 | 279.78 KB | 1 年前
    3

  • pdf文档 Rancher Hardening Guide Rancher v2.1.x

    --service-account-lookup argument is set to true (Scored) 1.1.24 - Ensure that the admission control plugin PodSecurityPolicy is set (Scored) 1.1.34 - Ensure that the --experimental-encryption-provider-config argument kind: Group name: system:authenticated --- apiVersion: extensions/v1beta1 kind: PodSecurityPolicy metadata: name: restricted spec: requiredDropCapabilities: - NET_RAW DefaultTolerationSeconds,AlwaysPullImages,Den yEscalatingExec,NodeRestriction,EventRateLimit,PodSecurityPolicy" experimental-encryption-provider-config: /etc/kubernetes/encryption.yaml ad
    0 码力 | 24 页 | 336.27 KB | 1 年前
    3

  • pdf文档 CIS Benchmark Rancher Self-Assessment Guide - v2.4

    the --enable-admission-plugins parameter to a value that includes PodSecurityPolicy: --enable-admission-plugins=...,PodSecurityPolicy,... Then restart the API Server. Audit: /bin/ps -ef | grep kube-apiserver Tai ntNodesByCondition,PersistentVolumeClaimResize,PodSecurityPoli cy,EventRateLimit' has 'PodSecurityPolicy' 1.2.17 Ensure that the admission control plugin NodeRes triction is set (Scored) Result:
    0 码力 | 54 页 | 447.77 KB | 1 年前
    3

  • pdf文档 CIS 1.5 Benchmark - Self-Assessment Guide - Rancher v2.5

    the --enable-admission-plugins parameter to a value that includes PodSecurityPolicy: --enable-admission-plugins=...,PodSecurityPolicy,... Then restart the API Server. Audit: /bin/ps -ef | grep kube-apiserver Tai ntNodesByCondition,PersistentVolumeClaimResize,PodSecurityPoli cy,EventRateLimit' has 'PodSecurityPolicy' 1.2.17 Ensure that the admission control plugin NodeRes triction is set (Scored) Result:
    0 码力 | 54 页 | 447.97 KB | 1 年前
    3

  • pdf文档 Rancher Hardening Guide v2.3.5

    kind: Group name: system:authenticated --- apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: restricted spec: requiredDropCapabilities: - NET_RAW Group name: system:authenticated --- apiVersion: extensions/v1beta1 kind: PodSecurityPolicy metadata: name: restricted spec: requiredDropCapabilities: -
    0 码力 | 21 页 | 191.56 KB | 1 年前
    3

  • pdf文档 Rancher Hardening Guide v2.4

    system:authenticated --- apiVersion: policy/v1beta1 Hardening Guide v2.4 10 kind: PodSecurityPolicy metadata: name: restricted spec: requiredDropCapabilities: - NET_RAW Group name: system:authenticated --- apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: restricted spec: requiredDropCapabilities: -
    0 码力 | 22 页 | 197.27 KB | 1 年前
    3

  • pdf文档 SUSE Rancher and RKE Kubernetes cluster using CSI Driver on DELL EMC PowerFlex

    [+] Cluster domain [cluster.local]: [+] Service Cluster IP Range [10.43.0.0/16]: [+] Enable PodSecurityPolicy [n]: [+] Cluster Network CIDR [10.42.0.0/16]: [+] Cluster DNS Service IP [10.43.0.10]: [+]
    0 码力 | 45 页 | 3.07 MB | 1 年前
    3
共 9 条
  • 1
前往
相关搜索词
CIS1.6BenchmarkSelfAssessmentGuideRancherv25.4Kubernetes1.4Hardening3.31.53.5SUSEandRKEclusterusingCSIDriveronDELLEMCPowerFlex