non-proprietary security policy document may be freely reproduced and distributed in its entirety without modification. Rancher Kubernetes Cryptographic Library FIPS 140-2 Non-Proprietary Security Policy CA 94042 rancher.com Corsec Security, Inc. 13921 Park Center Rd., Ste. 460 Herndon, VA 20171 corsec.com +1 703.276.6050 FIPS 140-2 Security Policy Rancher Kubernetes Cryptographic Specification Name Date [140] FIPS 140-2, Security Requirements for Cryptographic Modules 12/3/2002 [140AA] FIPS 140-2 Annex A: Approved Security Functions 6/10/2019 [140AC] FIPS 140-2 Annex

- Rancher v2.4 with Kubernetes v1.15 Controls 1 Master Node Security Configuration 1.1 Master Node Configuration Files 1.2 API Server 1.3 Controller Manager 1.4 Scheduler 2 Etcd Node Configuration 3.2 Logging 4 Worker Node Security Configuration 4.1 Worker Node Configuration Files 4.2 Kubelet 5 Kubernetes Policies 5.1 RBAC and Service Accounts 5.2 Pod Security Policies 5.3 Network Policies download a PDF version of this document Overview This document is a companion to the Rancher v2.4 security hardening guide. The hardening guide provides prescriptive guidance for hardening a production installation

- Rancher v2.5 with Kubernetes v1.15 Controls 1 Master Node Security Configuration 1.1 Master Node Configuration Files 1.2 API Server 1.3 Controller Manager 1.4 Scheduler 2 Etcd Node Configuration 3.2 Logging 4 Worker Node Security Configuration 4.1 Worker Node Configuration Files 4.2 Kubelet 5 Kubernetes Policies 5.1 RBAC and Service Accounts 5.2 Pod Security Policies CIS 1.5 Benchmark download a PDF version of this document Overview This document is a companion to the Rancher v2.5 security hardening guide. The hardening guide provides prescriptive guidance for hardening a production installation

solutions to help them build applications quickly without compromising reliability, agility and security. Relying on upstream Kubernetes isn't enough for teams deploying Kubernetes into production production. Basic Kubernetes installations are plagued by a lack of central visibility, inconsistent security practices and complex management processes. Therefore, Kubernetes management platforms need to confidently DevOps efficiencies with simplified cluster operations • Consistent Security Policy and User Management: best-practice security policy enforcement and advanced user management on any infrastructure

600 (Automated) 1.1.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictive (Automated) 1.1.2 Ensure that the API server pod specification file ownership is set 18 Ensure that the controller-manager.conf file ownership is set to root:root (Automated) 1.2 API Server 1.2.1 Ensure that the --anonymous-auth argument is set to false (Automated) 1.2.2 Ensure that the Ensure that encryption providers are appropriately configured (Automated) 1.2.35 Ensure that the API Server only makes use of Strong Cryptographic Ciphers (Automated) 1.3 Controller Manager 1.3.1 Ensure

Cloud Edge Support & Services Catalog Security Storage Governance The platform for managing all Kubernetes distributions Linux SLE Desktop / POS SLE Server SLES for SAP Applications SLES for HPC SUSE Linux Enterprise Compliance Security Availability Management The most adaptable Linux operating system Other Linux Datacenter Edge Block Storage Container Security I.a.a.S Copyright © SUSE 2021 when managing multiple workloads Scale environments at speed without compromising compliance and security with easy access to open-source tools Opportunity to build a new innovative revenue streams with

on software development. Kubernetes orchestration provides capabilities such as auto scaling, security, and management of containerized applications. A persistent and stable data store is required Data Client for PowerFlex SDS Storage Data Server for PowerFlex SLES SUSE Linux Enterprise Server SSD Solid-State Disk TLS Transport Layer Security VLAN Virtual Local Area Network VM Virtual to run Kubernetes on-premises, in the cloud, and at the edge. It addresses the operational and security challenges of managing multiple Kubernetes clusters anywhere. SUSE Rancher also provides IT operators

e kube-api s e c t i on u n d e r services: services: kube_api: always_pull_images: true pod_security_policy: true service_node_port_range: 30000-32767 event_rate_limit: enabled: true 8 audit_log: e kube-api s e c t i on u n d e r services: services: kube_api: always_pull_images: true pod_security_policy: true service_node_port_range: 30000-32767 event_rate_limit: enabled: true audit_log: ingress: provider: nginx kubernetes_version: v1.14.9-rancher1-1 monitoring: provider: metrics-server # # If you are using calico on AWS # # network: # plugin: calico # calico_network_provider:

※※※ Multi-tenant Management ※※※※ ※※※ ※※※ Authentication and Authorization ※※※※ ※※※※※ ※※※※※ Security ※※※※ ※※※※※ ※※ Windows Container ※ ※※※※ ※※※※ 5 Support Commercial Services and Support ※※※※※ of Kubernetes-native and Kubernetes-based container management platform via UI and API; Security policy configurations across multiple clusters Edge computing Deep integration with KubeEdge; traffic topology based on Weave between different tenants and projects; Multi-tenanc y and Security Multi-tenancy and permission management Isolation of tenants in workspaces and tenant quota

profile intend to: offer practical advice appropriate for the environment; deliver an obvious security benefit; and not alter the functionality or utility of the environment beyond an acceptable margin more of the following characteristics: are intended for use in environments or use cases where security is paramount act as a defense in depth measure may negatively impact the utility or performance Set up the EventRateLimit admission control plugin to prevent clients from overwhelming the API server. The settings below are intended as an initial value and may need to be adjusted for larger clusters