.................................................... 9 2.3 Setting Up a Rancher Kubernetes Environment ........................................................... 9 2.4 How Rancher Extends Kubernetes and simplified network management across the cluster. 2.3 Setting Up a Rancher Kubernetes Environment Setting up a Rancher server is easy. You can set one up by following instructions here, or if server, you should see a screen that looks like this: Let’s first add an environment for Kubernetes. An environment in Rancher is a logical entity for sharing deployments and resources with different

(Automated) 5.4 Secrets Management 5.4.1 Prefer using secrets as files over secrets as environment variables (Manual) 5.4.2 Consider external secret storage (Manual) 5.5 Extensible Admission Control Result: pass Remediation: Follow the documentation and create ServiceAccount objects as per your environment. Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml pass Remediation: Follow the documentation and create Pod Security Policy objects as per your environment. Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml

metal and "any other provider." Cloud provider installers require administrator access to the environment to create the resources but can operate without administrative access once installation is complete Kubernetes Management Platforms Copyright © SUSE 2022 8 The exception to these rules is if the environment uses Tanzu Mission Control (TMC), a VMware SaaS offering for cluster management. If so, then TMC premium ‘white-glove’ service available to organizations looking to manage scale their Kubernetes environment without needing to manage the operational complexities. SUSE Rancher Hosted is a fully managed

offer practical advice appropriate for the environment; deliver an obvious security benefit; and not alter the functionality or utility of the environment beyond an acceptable margin Level 2 Items Authentication Profile Applicability Level 1 Description When running Rancher in a production environment, configure an identity provider for authentication. Rationale Rancher supports several authentication select Global Select Security Select Authentication Ensure the authentication provider for your environment is active and configured correctly Remediation Configure the appropriate authentication provider

Random Number Generator NIST National Institute of Standards and Technology OE Operating Environment OS Operating System PCT Pairwise Consistency Test RSA Rivest, Shamir, Adleman algorithm Services, and Authentication 1 Finite State Model 1 Physical Security NA Operational Environment 1 Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance 1 Mitigation generation. The module requests a minimum number of 128 bits of entropy from its Operational Environment per each call. The output data path is provided by the data interfaces and is logically disconnected

vSAN environment is not in the scope of this document. Create the virtual machines for the RKE 2 cluster with SUSE Linux Enterprise Server 15 SP4 as operating system in the vSphere environment. Make 6.1 Backup It is good practice to keep backups of all relevant data to be able to restore the environment in case of a failure. To perform regular backups, follow the instructions as outlined in the respective

minutes — 35% reduction in cloud costs — 35% reduction in management time “Provisioning a new environment now takes a matter of minutes, whereas before it would take a few hours at least. All the time with Enhanced Kubernetes Security — Segregation of the encryption keys in our multi- tenant environment — The Ondat data platform is used by SunnyVision as the basis for its database as a service (DBaaS)

Result: PASS Remediation: Follow the documentation and create ServiceAccount objects as per your environment. Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml PASS Remediation: Follow the documentation and create Pod Security Policy objects as per your environment. Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml

Result: PASS Remediation: Follow the documentation and create ServiceAccount objects as per your environment. Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml PASS Remediation: Follow the documentation and create Pod Security Policy objects as per your environment. Then, edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml

solution is validated in engineering lab using two-layer PowerFlex system with VMware vSphere environment, but the reference architecture and the best practices that are demonstrated in this white paper the Kubernetes section. You can use the PowerProtect Data Manager to protect the Kubernetes environment by adding an RKE downstream cluster that is managed by the SUSE Rancher as an asset source and