Secrets Management at Scale with Vault & Rancher 24. June Robert de Bock Senior DevOps Engineer Adfinis robert.debock@adfinis.com Kapil Arora Senior Solution Engineer HashiCorp kapil@hashicorp.com Infrastructure Management (Run & Manage) GitOps Continuous Delivery Cluster Templates & Config Enforcement K8s Version Management Node Pool Management Cluster Provisioning & Lifecycle Management Platform Amazon EKS Azure AKS Google GKE Cloud Datacenter Edge Branch Dev Secret Management in Kubernetes 16 17 18 Secret Management Challenges ● Secrets sprawl ● Secrets rotation ● X.509 certificates, SSH

............................................................................ 6 1.3.3 Secret Management .............................................................................................. ......................................................................... 6 1.3.5 Container Management and Scaling ......................................................................... 6 1.3.6 .............................................................................. 7 1.3.10 Log Management ..............................................................................................

Cloud Native Contrail Networking Installation and Life Cycle Management Guide for Rancher RKE2 Published 2023-09-08 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 this publication without notice. Cloud Native Contrail Networking Installation and Life Cycle Management Guide for Rancher RKE2 Copyright © 2023 Juniper Networks, Inc. All rights reserved. The information 6 Deployment Models | 11 Single Cluster Deployment | 11 Multi-Cluster Deployment | 12 System Requirements | 15 2 Install Overview | 17 Before You Install | 18 Install Single Cluster

Extensions SUSE Manager SUSE Linux Enterprise Compliance Security Availability Management The most adaptable Linux operating system Other Linux Datacenter Edge Block Storage Container Security I.a.a.S Copyright provisioning time - from hours to minutes — 35% reduction in cloud costs — 35% reduction in management time “Provisioning a new environment now takes a matter of minutes, whereas before it would take environment — The Ondat data platform is used by SunnyVision as the basis for its database as a service (DBaaS) “Secrets management has always been one of the most difficult issues in Kubernetes,” Romuald

Enterprise Kubernetes Management Platforms Red Hat OpenShift 4.9, VMware Tanzu 1.4, Google Anthos 1.10 and SUSE Rancher 2.6 A Buyer’s Guide to Enterprise Kubernetes Management Platforms Copyright ........................................ 39 A Buyer’s Guide to Enterprise Kubernetes Management Platforms Copyright © SUSE 2022 3 1 Executive Summary Organizations modernizing their infrastructure lack of central visibility, inconsistent security practices and complex management processes. Therefore, Kubernetes management platforms need to confidently deliver: • Simplified Cluster Operations:

development. Kubernetes orchestration provides capabilities such as auto scaling, security, and management of containerized applications. A persistent and stable data store is required to run containerized can survive the lifetime of a pod or the node it is running on. SUSE Rancher is a Kubernetes management platform that simplifies the cluster installation and operations, whether they are on-premises Driver on DELL EMC PowerFlex White Paper Term Definition DD Data Domain DNS Domain Name System DDVE PowerProtect DD Virtual Edition FQDN Fully Qualified Domain Name MDM Meta Data Manager

Application Template ※※※※ ※※※※※ ※※※※ CI/CD Pipeline ※※※※※ ※※※※※ ※※※ Application Lifecycle Management ※※※※※ ※ ※ Metering & Billing ※※※※※ ※ ※ Grayscale Release ※※※※※ ※※※ ※※※ 4 Traffic Governance Multi-cluster Management ※※※※ ※※※ ※※※※※ Edge Computing ※※※※※ ※※ ※※※※※ Network ※※※※※ ※※※※※ ※※※※ Storage ※※※※※ ※※※※※ ※※※※※ Network Policy and Management ※※※※※ ※※※※※ ※※※ Multi-tenant Management ※※※※ easy-to-use installation tool RancherD, an easy-to-use installation tool, available Operating system support All major Linux operating systems supported Coupled to Red Hat underlying infrastructure

Description Configure a restrictive pod security policy (PSP) as the default and create role bindings for system level services to use the less restrictive default PSP. Rationale To address the following controls restrictive default PSP needs to be applied as the default. Role bindings need to be in place to allow system services to still function. 1.7.1 - Do not admit privileged containers (Not Scored) 1.7.2 - Do cattle-system namespace exists: kubectl get ns |grep cattle Verify that the roles exist: kubectl get role default-psp-role -n ingress-nginx kubectl get role default-psp-role -n cattle-system kubectl

Cryptography 3/14/2007 [SP 800-57 P1 r5] NIST SP 800-57 Part 1 Rev. 5, Recommendation for Key Management: Part 1 – General 5/4/2020 [SP 800-67 r2] NIST SP 800-67 Rev. 2, Recommendation for the Triple NIST National Institute of Standards and Technology OE Operating Environment OS Operating System PCT Pairwise Consistency Test RSA Rivest, Shamir, Adleman algorithm SHA/SHS Secure Hash Algorithm/Standard .........................................................9 7 Cryptographic Algorithms & Key Management ................................................................10 7.1 Approved Cryptographic

have a fully supported setup, there are two Kubernetes clusters required. One runs SUSE Rancher Management server and the other runs the actual workload, which for the purpose of this guide is SAP Data Minimum sizing of the nodes needs to be as shown below: Server Role Count RAM CPU Disk space Management Workstation 1 16 GiB 4 >100 GiB Master Node 3 16 GiB 4 >120 GiB Worker Node 4 32 GiB 8 >120 GiB Minimum sizing of the nodes needs to be as shown below: Server Role Count RAM CPU Disk space Management Workstation 1 16 GiB 4 >100 GiB Master Node 3 16 GiB 4 >120 GiB Worker Node 4 64 GiB 16 >120