我的书签
添加书签
移除书签Rancher v2.5 introduced the capability to deploy Rancher on any Kubernetes cluster. For that reason, we now provide separate security hardening guides for Rancher deployments on each of Rancher’s Kubernetes distributions.
Rancher has the following Kubernetes distributions:
- RKE, Rancher Kubernetes Engine, is a CNCF-certified Kubernetes distribution that runs entirely within Docker containers.
- K3s, is a fully conformant, lightweight Kubernetes distribution. It is easy to install, with half the memory of upstream Kubernetes, all in a binary of less than 100 MB.
- RKE2 is a fully conformant Kubernetes distribution that focuses on security and compliance within the U.S. Federal Government sector.
To harden a Kubernetes cluster outside of Rancher’s distributions, refer to your Kubernetes provider docs.
Guides
These guides have been tested along with the Rancher v2.5 release. Each self-assessment guide is accompanied with a hardening guide and tested on a specific Kubernetes version and CIS benchmark version. If a CIS benchmark has not been validated for your Kubernetes version, you can choose to use the existing guides until a newer version is added.
RKE Guides
| Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides |
|---|---|---|---|
| Kubernetes v1.15+ | CIS v1.5 | Link | Link |
| Kubernetes v1.18+ | CIS v1.6 | Link | Link |
RKE2 Guides
| Kubernetes Version | CIS Benchmark Version | Self Assessment Guide | Hardening Guides |
|---|---|---|---|
| Kubernetes v1.18 | CIS v1.5 | Link | Link |
| Kubernetes v1.20 | CIS v1.6 | Link | Link |
K3s Guides
The K3s security guides will be added soon.
