virtualized networks to connect, isolate, and secure cloud workloads and services seamlessly across private and public clouds. Cloud-Native Contrail Networking (CN2) brings this rich SDN feature set natively example, communicates with data plane components using XMPP, outside of regular Kubernetes REST channels. Because of this, the network control plane is indifferent to whether the data plane components

--etcd-keyfile arguments are set as appropriate (Automated) 1.2.30 Ensure that the --tls-cert-file and --tls-private- key-file arguments are set as appropriate (Automated) 1.2.31 Ensure that the --client-ca-file argument --use-service-account-credentials argument is set to true (Automated) 1.3.4 Ensure that the --service-account-private-key-file argument is set as appropriate (Automated) 1.3.5 Ensure that the --root-ca-file argument which ensures appropriate event capture (Automated) 4.2.10 Ensure that the --tls-cert-file and --tls-private- key-file arguments are set as appropriate (Automated) 4.2.11 Ensure that the --rotate-certificates

Clusters 4 3 3 3 Centralized Audit 4 3 3 2 Cluster Self-Service Provisioning 4 4 4 1 Private Registry & Image Management 3 4 4 2 Cluster Upgrades & Version Management 4 4 2 2 Storage Terraform and a set of scripts to deploy OCP4. Installation guides are provided for public and private cloud providers, along with guides for bare metal and "any other provider." Cloud provider installers 3.1.11 Private Registry and Image Management • SUSE Rancher: 3 • OpenShift: 4 • Tanzu: 4 • Anthos: 2 3.1.11.1 SUSE Rancher SUSE Rancher contains full support for private registries

Benchmark Rancher Self-Assessment Guide - v2.4 26 1.2.30 Ensure that the --tls-cert-file and --tls- private-key-file arguments are set as appropriate (Scored) Result: PASS Remediation: Follow the Kubernetes yaml on the master node and set the TLS certificate and private key file parameters. --tls-cert-file= --tls-private-key-file= Audit: /bin/ps -ef | | grep kube-apiserver | grep -v grep Expected result: '--tls-cert-file' is present AND '--tls-private-key-file' is present 1.2.31 Ensure that the --client-ca-file argument is set as appropriate (Scored)

Benchmark - Self-Assessment Guide - Rancher v2.5 26 1.2.30 Ensure that the --tls-cert-file and --tls- private-key-file arguments are set as appropriate (Scored) Result: PASS Remediation: Follow the Kubernetes yaml on the master node and set the TLS certificate and private key file parameters. --tls-cert-file= --tls-private-key-file= Audit: /bin/ps -ef | | grep kube-apiserver | grep -v grep Expected result: '--tls-cert-file' is present AND '--tls-private-key-file' is present 1.2.31 Ensure that the --client-ca-file argument is set as appropriate (Scored)

Returned Value: ServiceAccount Result: Pass 1.1.28 - Ensure that the --tls-cert-file and --tls-private-key- file arguments are set as appropriate (Scored) Audit ( --tls-cert-file ) docker inspect ) docker inspect kube-apiserver | jq -e '.[0].Args[] | match("--tls-private-key-file=.*").string' Returned Value: --tls-private-key-file=/etc/kubernetes/ssl/kube-apiserver-key.pem Result: Pass 1 the --service-account-private-key-file argument is set as appropriate (Scored) Audit docker inspect kube-controller-manager | jq -e '.[0].Args[] | match("--service-account-private-key-file=.*").string'

CTR_DRBG, RSA, ECDSA RSA, ECDSA private key User, CO Write/Execute Key Transport RSA RSA private key User, CO Write/Execute Key Agreement KAS ECC EC DH private key User, CO Write/Execute Key Generation CTR_DRBG, RSA, ECDSA RSA, ECDSA private key User, CO Write/Execute On-demand Self-test None None User, CO Execute Zeroization None All keys User, CO Write/Execute Show Page 12 of 16 7.4 Cryptographic Key Management The table below provides a complete list of Private Keys and CSPs used by the module: Table 10 - Keys and CSPs Supported Key/CSP Name Key Description

Bridge SAP Data Intelligence 3.3 Secure private registry for container images, for example https://documenta- tion.suse.com/sbp/all/single-html/SBP-Private-Registry/index.html Access to a storage solution SUSE Linux Enterprise Server 15 SP4. Check the storage requirements. Create a or get access to a private container registry. Get an SAP S-user to access software and documentation by SAP. Read the relevant 3.3 can start: Create a namespace for SAP Data Intelligence 3.3. Create an access to a secure private registry. Download and install SAP SLC Bridge. Download the stack.xml le for provisioning the

observability. SUSE Rancher lets you streamline cluster deployment on bare metal, edge devices, private clouds, public clouds, and vSphere and secures them using global security policies. Use Helm or $ ssh-keygen The following files are created after SSH key pairing: $HOME/.ssh/id_rsa (SSH private key, keep this secure) $HOME/.ssh/id_rsa.pub (SSH public key) 6. Run the following command [+] Cluster Level SSH Private Key Path [~/.ssh/id_rsa]: [+] Number of Hosts [1]: [+] SSH Address of host (1) [none]: 192.168.153.111 [+] SSH Port of host (1) [22]: [+] SSH Private Key Path of host (192

..............................................................................40 4.2 Rancher Private Registry Support for Kubernetes .......................................................41 4.3 specifying revision is helpful in some cases. 4.2 Rancher Private Registry Support for Kubernetes In Rancher, you can configure private registries, and then use container images from those registries registries for template definitions. Rancher supports Docker Hub, Quay.io or any other private registry. You can also configure an insecure or internal certificate registry, though these require bypassing