Rancher and Kubernetes. The SUSE Rancher Hosted team manages all aspects from uptime, monitoring, logging and security to backups, restores and upgrades and enables teams to focus on business continuity SUSE Rancher SUSE Rancher has updated its logging capabilities and now utilizes Banzai Cloud Logging operator to power logging across the platform. Logging is easily deployed across each cluster in SUSE Rancher via Cluster Explorer, completely removing the need for any manual configuration. The logging operator utilizes Fluent Bit to query the Kubernetes API and enriches logs with metadata on pods

............................................................................50 4.6 Container Logging................................................................................................. containers. This data can be fed to an ELK (Elasticsearch, Logstash and Kibana) stack or Google Cloud logging for further analysis and visualization. 1.4 Kubernetes Components Kubernetes works in a master-node diagram, there are optional components such as: user interface, container resource monitoring and logging-related components. 1.5 Summary Kubernetes provides cluster management for containerized workloads

Place the configuration file for Kubernetes audit logging on each of the control plane nodes in the cluster. Rationale The Kubernetes API has audit logging capability that is the best way to track actions --set addLocal="false" 3.1.2 - Enable Rancher Audit logging Profile Applicability Level 1 Description Enable Rancher’s built-in audit logging capability. Rationale Rancher_Hardening_Guide.md 11/30/2018

Comparison 1.1 Features Benchmarking Features KubeSphere OpenShift Rancher Monitoring ※※※※※ ※※※※ ※※※ Logging ※※※※※ ※※※ ※※※ Events ※※※※※ ※※※※ ※※※ Auditing ※※※※※ ※※※※ ※※※ Alerting ※※※※ ※※※※※ ※※※※ Notification Simple metrics displayed only; Grafana and Prometheus required for displaying complex metrics Logging Built-in multi-tenant and multi-dimensional log retrieval system that supports on-disk log as the solution for 10 Application distribution to edge nodes with unified monitoring and logging available commercial solution required Rancher edge cluster Network and Storage Network Major

2 Etcd Node Configuration 2 Etcd Node Configuration Files 3 Control Plane Configuration 3.2 Logging 4 Worker Node Security Configuration 4.1 Worker Node Configuration Files 4.2 Kubelet 5 Kubernetes corresponding section of the CIS Kubernetes Benchmark v1.5. You can download the benchmark after logging in to CISecurity.org. Testing controls methodology Rancher and RKE install Kubernetes services present CIS Benchmark Rancher Self-Assessment Guide - v2.4 36 3 Control Plane Configuration 3.2 Logging 3.2.1 Ensure that a minimal audit policy is created (Scored) Result: PASS Remediation: Create

2 Etcd Node Configuration 2 Etcd Node Configuration Files 3 Control Plane Configuration 3.2 Logging 4 Worker Node Security Configuration 4.1 Worker Node Configuration Files 4.2 Kubelet 5 Kubernetes corresponding section of the CIS Kubernetes Benchmark v1.5. You can download the benchmark after logging in to CISecurity.org. Testing controls methodology Rancher and RKE install Kubernetes services CIS 1.5 Benchmark - Self-Assessment Guide - Rancher v2.5 36 3 Control Plane Configuration 3.2 Logging 3.2.1 Ensure that a minimal audit policy is created (Scored) Result: PASS Remediation: Create

Authorization 3.1.1 Client certificate authentication should not be used for users (Manual) 3.2 Logging 3.2.1 Ensure that a minimal audit policy is created (Automated) 3.2.2 Ensure that the audit policy corresponding section of the CIS Kubernetes Benchmark 1.6. You can download the benchmark after logging in to CISecurity.org. Testing controls methodology Rancher and RKE install Kubernetes services client certificates. Audit: CIS 1.6 Benchmark - Self-Assessment Guide - Rancher v2.5.4 102 3.2 Logging 3.2.1 Ensure that a minimal audit policy is created (Automated) Result: pass Remediation: Create

Policy Enforcement & Governance RBAC, OPA, Pod & Network Policies CIS Benchmarking Monitoring & Logging Centralized Audit Simplified Cluster Operations & Infrastructure Management (Run & Manage) GitOps

Node 64 GB 16VCPU Node 64 GB 16VCPU NS: Customer 2 Website 1 (4GB 2vCPU) NS: Customer 1 – Logging System (16GB 4vCPU) Customer 4 Wordpress Admin NS: Customer 4 Wordpress (4GB 2vCPU) https://Wordpress

corresponding section of the CIS Kubernetes Benchmark v1.4.0. You can download the benchmark after logging in to CISecurity.org. Testing controls methodology Rancher and RKE install Kubernetes services