NIST National Institute of Standards and Technology OE Operating Environment OS Operating System PCT Pairwise Consistency Test RSA Rivest, Shamir, Adleman algorithm SHA/SHS Secure Hash Algorithm/Standard general-purpose computer (GPC) platforms detailed below: Table 1 - Tested Configurations # Operating System Processor Platform Compiler 1 CentOS 7.8 Intel® Xeon® Silver 4214R with PAA Dell PowerEdge Module conforms to [140IG] 6.1 Single Operator Mode and Concurrent Operators. Each approved operating system manages processes and threads in a logically separated manner. The module’s user is considered the

these cloud native technologies are quickly becoming the preferred way for global organizations to build and modernize their applications and services at scale. The potential of containers and Kubernetes value of cloud native technologies for developers, who will always look for solutions to help them build applications quickly without compromising reliability, agility and security. Relying on upstream For installations that want an even smaller attack surface, SUSE Rancher can utilize an operating system such as SLE Micro to help run Kubernetes in the most efficient way possible. Kubernetes from SUSE

............................................................................56 4.8 Kubernetes System Stack Upgrades in Rancher ........................................................57 5 Managing Services, Deployments, Secrets etc. The nodes section provides a quick overview of the nodes in the system: ©Rancher Labs 2017. All rights Reserved. 19 DEPLOYING AND SCALING KUBERNETES WITH Balancing services We have built the frontend service using NodePort in the earlier section; now let’s build the service using LoadBalancer type. The definition of service is same except “type” has value of

operations, whether they are on-premises, in the cloud, or at the edge, giving the DevOps team freedom to build and run containerized applications anywhere. The PowerFlex family offers key value propositions Driver on DELL EMC PowerFlex White Paper Term Definition DD Data Domain DNS Domain Name System DDVE PowerProtect DD Virtual Edition FQDN Fully Qualified Domain Name MDM Meta Data Manager architecture eliminates any hotspots and ensures consistency and simplicity over time. You can scale the system while linearly scaling performance from a minimum of four nodes to thousands of nodes, on-demand

Linux Enterprise Compliance Security Availability Management The most adaptable Linux operating system Other Linux Datacenter Edge Block Storage Container Security I.a.a.S Copyright © SUSE 2021 5 Benefits of SUSE Rancher for MSPs Deliver Kubernetes or Rancher–as– a–Service and enable customers to build faster Increase operational efficiency when managing multiple workloads Scale environments at speed without compromising compliance and security with easy access to open-source tools Opportunity to build a new innovative revenue streams with "Open" approach 7 Maintain customer satisfaction with access

6 Deployment Models | 11 Single Cluster Deployment | 11 Multi-Cluster Deployment | 12 System Requirements | 15 2 Install Overview | 17 Before You Install | 18 Install Single Cluster Contrail Networking Overview | 2 Terminology | 4 CN2 Components | 6 Deployment Models | 11 System Requirements | 15 Cloud-Native Contrail Networking Overview SUMMARY Learn about Cloud-Native clusters. The only requirement is that the data plane components are reachable. 14 System Requirements Table 3: System Requirements for Rancher RKE2 Installation with CN2 Machine CPU RAM Storage Notes

Description Configure a restrictive pod security policy (PSP) as the default and create role bindings for system level services to use the less restrictive default PSP. Rationale To address the following controls restrictive default PSP needs to be applied as the default. Role bindings need to be in place to allow system services to still function. 1.7.1 - Do not admit privileged containers (Not Scored) 1.7.2 - Do cattle-system namespace exists: kubectl get ns |grep cattle Verify that the roles exist: kubectl get role default-psp-role -n ingress-nginx kubectl get role default-psp-role -n cattle-system kubectl

root:root (Scored) Result: PASS Remediation: Run the below command (based on the file location on your system) on the master node. For example, chown -R root:root /etc/kubernetes/ssl Audit: stat -c %U:%G restrictive (Scored) Result: PASS Remediation: Run the below command (based on the file location on your system) on the master node. For example, chmod -R 644 /etc/kubernetes/ssl Audit Script: check_files_permissions 600 (Scored) Result: PASS Remediation: Run the below command (based on the file location on your system) on the master node. For example, CIS Benchmark Rancher Self-Assessment Guide - v2.4 13 chmod

root:root (Scored) Result: PASS Remediation: Run the below command (based on the file location on your system) on the master node. For example, chown -R root:root /etc/kubernetes/ssl Audit: stat -c %U:%G restrictive (Scored) Result: PASS Remediation: Run the below command (based on the file location on your system) on the master node. For example, chmod -R 644 /etc/kubernetes/ssl Audit Script: check_files_permissions 600 (Scored) Result: PASS Remediation: Run the below command (based on the file location on your system) on the master node. For example, CIS 1.5 Benchmark - Self-Assessment Guide - Rancher v2.5 13

command (based on the etcd data directory found above). For example, chown etcd:etcd /var/lib/etcd A system service account is required for etcd data directory ownership. Refer to Rancher's hardening guide (Automated) Result: pass Remediation: Run the below command (based on the file location on your system) on the master node. For example, chown -R root:root / etc/kubernetes/pki/ Audit: check_files_owner_in_dir Guide - Rancher v2.5.4 12 Remediation: Run the below command (based on the file location on your system) on the master node. For example, chmod -R 644 /etc/ kubernetes/pki/*.crt Audit: check_files_permissions