Node 3 16 GiB 4 >120 GiB Worker Node 4 64 GiB 16 >120 GiB 2.2 Software requirements The following list contains the software components needed to install SAP Data Intelligence 3.3 on RKE 2: SUSE Linux of DI 3.3, for example to enable backup. If you forgot to note it down, the following command will list the service port: $ kubectl -n sap-slcbridge get svc 12 SAP Data Intelligence 3 on Rancher Kubernetes same title as a previous version if the original publisher of that version gives permission. B. List on the Title Page, as authors, one or more persons or entities responsible for authorship of the

as a best practice reference architecture. RKE supports x509 authentication strategy, and also a list of SANs can be defined to add to the Kubernetes API Server PKI certificates. The optional load balancer Update, and List for CustomResourceDefinitions. • Get, Create, and Update ClusterRoleBinding for 'cluster-admin' role. • Create and Update for the PowerProtect namespace. • Get, List, Create, Update Update, Delete, and List. • Get, List, Create, Update, and Delete for all kinds of resources inside the PowerProtect namespace. • Get, List, and Watch for all the namespaces in the cluster and PV, PVC

that you'll use as cluster nodes. Ensure the OS and kernel versions on the cluster nodes are on the list of supported OSes and kernels (see the CN2 Tested Integrations matrix at https://www.juniper.net/ 37 4. Verify that the analytics components are installed and running. helm -n contrail-analytics list kubectl get pods -n contrail-analytics 5. After you install Contrail Analytics, you can access Grafana contrail-vrouter-nodes 3. On the central cluster, delete the namespaces of the distributed workload cluster. List the namespaces and delete all namespaces associated with the distributed workload cluster. kubectl

Program CO Cryptographic Officer CSP Critical Security Parameter CVL Component Validation List DRBG Deterministic Random Number Generator DTR Derived Test Requirements ECDSA Elliptic Curve below for a list of the supported Approved algorithms and Table 8 for allowed algorithms. The non-Approved mode is entered when a non-Approved algorithm is invoked. See Table 9 for a list of non-Approved Library Page 12 of 16 7.4 Cryptographic Key Management The table below provides a complete list of Private Keys and CSPs used by the module: Table 10 - Keys and CSPs Supported Key/CSP Name

features are only available on a small list of "approved" cluster types. RKE, one of SUSE's CNCF-certified Kubernetes distributions, is included in this list. 3.1.9 Centralized Audit • SUSE Rancher: application catalog. 3.3.1.2 OpenShift OpenShift integrates with Red Hat’s Operator Hub, a curated list of applications that meet Red Hat’s requirements for inclusion. OpenShift also includes a developer

visibility into the infrastructure on which Kubernetes clusters are running. The infrastructure menu will list various resources as displayed below: ©Rancher Labs 2017. All rights Reserved. 15 DEPLOYING container, and view the container logs: If you click on any single container from the list, you will see detailed, vital information about that container such as CPU, memory, network and disk DEPLOYING AND SCALING KUBERNETES WITH RANCHER We will first look at a couple of use cases from this list, then some parameters that can be fine- tuned to alter behavior of Deployments. First, let’s create

that the log is going to the appropriate destination, as set by auditLog.destination sidecar: 1. List pods: kubectl get pods -n cattle-system 2. Tail logs: kubectl logs -n cattle-system -c rancher-audit-log resources to provision the nodes. Audit In the Rancher UI select Global Select Node Drivers Review the list of node drivers that are in an Active state. Remediation If a disallowed node driver is active,

5.1.2 Minimize access to secrets (Manual) Result: warn Remediation: Where possible, remove get, list and watch access to secret objects in the cluster. Audit: 5.1.3 Minimize wildcard use in Roles and Remediation: Follow the Kubernetes documentation and apply security contexts to your pods. For a suggested list of security contexts, you may refer to the CIS Security Benchmark for Docker Containers. Audit:

Ensure that the encryption provider is set to aescbc (Scored) Notes Only the first provider in the list is active. Audit grep -A 1 providers: /etc/kubernetes/encryption.yaml | grep aescbc Returned Value: