Self-Assessment and Hardening Guides for SUSE Rancher Prime
Rancher provides specific security hardening guides for each supported Rancher version’s Kubernetes distributions.
Rancher Kubernetes Distributions
Rancher uses the following Kubernetes distributions:
-
RKE, Rancher Kubernetes Engine, is a CNCF-certified Kubernetes distribution that runs entirely within Docker containers.
-
RKE2 is a fully conformant Kubernetes distribution that focuses on security and compliance within the U.S. Federal Government sector.
-
K3s is a fully conformant, lightweight Kubernetes distribution. It is easy to install, with half the memory requirement of upstream Kubernetes, all in a binary of less than 100 MB.
To harden a Kubernetes cluster that’s running a distribution other than those listed, refer to your Kubernetes provider docs.
Hardening Guides and Benchmark Versions
Each self-assessment guide is accompanied by a hardening guide. These guides were tested alongside the listed Rancher releases. Each self-assessment guides was tested on a specific Kubernetes version and CIS benchmark version. If a CIS benchmark has not been validated for your Kubernetes version, you can use the existing guides until a guide for your version is added.
RKE Guides
| Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides |
|---|---|---|---|
Kubernetes v1.25/v1.26/v1.27 |
CIS v1.7 |
Rancher with SELinux
Security-Enhanced Linux (SELinux) is a kernel module that adds extra access controls and security tools to Linux. Historically used by government agencies, SELinux is now industry-standard. SELinux is enabled by default on RHEL and CentOS.
To use Rancher with SELinux, we recommend installing the rancher-selinux RPM.