Definitions Term Definition AES Advanced Encryption Standard API Application Programming Interface CAVP Cryptographic Algorithm Validation Program CKG Cryptographic Key Generation CMVP Cryptographic Module Specification The module is a software library providing a C-language application program interface (API) for use by other processes that require cryptographic functionality. All operations of the The Data Input interface consists of the input parameters of the API functions. The Data Output interface consists of the output parameters of the API functions. The Control Input interface consists of the

Users can also install OpenShift clusters from RedHat Advanced Cluster Management (RHACM) user interface to install OpenShift clusters and achieve day two operations. 3.1.1.3 Tanzu Tanzu Kubernetes • OpenShift: 3 • Tanzu: 3 • Anthos: 3 3.1.2.1 SUSE Rancher SUSE Rancher’s updated interface enables users to quickly deploy and begin managing Kubernetes clusters with almost no learning extensive training up front. The latest release of SUSE Rancher 2.6 also includes an integrated user interface for Harvester, the new, open and interoperable hyperconverged infrastructure solution from SUSE

cloud_provider: aws # # # To specify flannel interface # # network: # plugin: flannel # flannel_network_provider: # iface: eth1 # # # To specify flannel interface for canal plugin # # network: # plugin: cloud_provider: aws # # # To specify flannel interface # # network: # plugin: flannel # flannel_network_provider: # iface: eth1 # # # To specify flannel interface for canal plugin # # network: # plugin: cloud_provider: aws # # # To specify flannel interface # # network: # plugin: flannel # flannel_network_provider: # iface: eth1 # # # To specify flannel interface for canal plugin # # network: # plugin:

............................................................. 13 PowerFlex Container Storage Interface driver .......................................................................... 25 Steps to Term Definition CA Certificate Authority CNS Cloud Native Storage CSI Container Storage Interface Revisions We value your feedback Objective Audience Terminology Introduction Container Storage Interface driver 25 SUSE Rancher and RKE Kubernetes cluster using CSI Driver on DELL EMC PowerFlex White Paper PowerFlex Container Storage Interface driver The CSI driver

cluster. Internal Kubernetes components use log library to log data; kubectl (the command line interface) can be used to fetch log data from containers. This data can be fed to an ELK (Elasticsearch, components listed for master as shown in the above diagram, there are optional components such as: user interface, container resource monitoring and logging-related components. 1.5 Summary Kubernetes provides management (RBAC) for both teams and individuals for each environments. • Rancher’s intuitive user interface allows you to execute CRUD operations on all of Kubernetes objects such as pods, replication controllers

into and out of the pods in that namespace. To enforce network policies, a CNI (container network interface) plugin must be enabled. This guide uses canal to provide the policy enforcement. Additional information specify flannel interface Hardening Guide v2.3.5 18 # # network: # plugin: flannel # flannel_network_provider: # iface: eth1 # # # To specify flannel interface for canal plugin

into and out of the pods in that namespace. To enforce network policies, a CNI (container network interface) plugin must be enabled. This guide uses canal to provide the policy enforcement. Additional information # # # To specify flannel interface # # network: # plugin: flannel # flannel_network_provider: # iface: eth1 # # # To specify flannel interface for canal plugin # # network:

this rich SDN feature set natively to Kubernetes as a networking platform and container network interface (CNI) plug-in. Redesigned for cloud-native architectures, CN2 takes advantage of the benefits that per Kubernetes control plane node. contrail-k8s- kubemanager Control Plane Node This pod is the interface between Kubernetes resources and Contrail resources. It watches the kube- apiserver for changes controllers exchange routes with each other using iBGP, outside of the regular Kubernetes REST interface. For redundancy, the vRouter agents on worker nodes always establish XMPP communications with two

at container run time. Result: Pass (Not Applicable) 1.4.9 - Ensure that the Container Network Interface file permissions are set to 644 or more restrictive (Not Scored) Notes This is a manual check /etc/cni/net.d/calico-kubeconfig - 600 Result: Pass 1.4.10 - Ensure that the Container Network Interface file ownership is set to root:root (Not Scored) Notes This is a manual check. Audit ( /var Rancher allows users to set various Security Context options when launching pods via the GUI interface. 1.6.6 - Configure image provenance using the ImagePolicyWebhook admission controller (Not Scored)

1.1.9 Ensure that the Container Network Interface file permissions are set to 644 or more restrictive (Manual) 1.1.10 Ensure that the Container Network Interface file ownership is set to root:root (Manual) stat -c %U:%G /etc/kubernetes/manifests/etcd.yaml; fi' 1.1.9 Ensure that the Container Network Interface file permissions are set to 644 or more restrictive (Manual) Result: warn Remediation: Run the Audit: stat -c permissions=%a 1.1.10 Ensure that the Container Network Interface file ownership is set to root:root (Manual) Result: warn Remediation: Run the below command (based