Skip to main content
Version: v2.6

Self-Assessment and Hardening Guides for Rancher v2.6

Rancher provides specific security hardening guides for each supported Rancher's Kubernetes distributions.

Rancher Kubernetes Distributions

Rancher uses the following Kubernetes distributions:

  • RKE, Rancher Kubernetes Engine, is a CNCF-certified Kubernetes distribution that runs entirely within Docker containers.
  • RKE2 is a fully conformant Kubernetes distribution that focuses on security and compliance within the U.S. Federal Government sector.
  • K3s is a fully conformant, lightweight Kubernetes distribution. It is easy to install, with half the memory of upstream Kubernetes, all in a binary of less than 100 MB.

To harden a Kubernetes cluster outside of Rancher's distributions, refer to your Kubernetes provider docs.

Hardening Guides and Benchmark Versions

These guides have been tested along with the Rancher v2.6 release. Each self-assessment guide is accompanied with a hardening guide and tested on a specific Kubernetes version and CIS benchmark version. If a CIS benchmark has not been validated for your Kubernetes version, you can choose to use the existing guides until a newer version is added.

RKE Guides

Kubernetes VersionCIS Benchmark VersionSelf Assessment GuideHardening Guides
Kubernetes v1.18 up to v1.23CIS v1.6LinkLink
note
  • CIS v1.20 benchmark version for Kubernetes v1.19 and v1.20 is not yet released as a profile in Rancher's CIS Benchmark chart.

RKE2 Guides

TypeKubernetes VersionCIS Benchmark VersionSelf Assessment GuideHardening Guides
Rancher provisioned RKE2 clusterKubernetes v1.21 up to v1.23CIS v1.6LinkLink
Standalone RKE2Kubernetes v1.21 up to v1.23CIS v1.6LinkLink

K3s Guides

Kubernetes VersionCIS Benchmark VersionSelf Assessment GuideHardening Guides
Kubernetes v1.21 and v1.22CIS v1.6LinkLink

Rancher with SELinux

Security-Enhanced Linux (SELinux) is a security enhancement to Linux. After being historically used by government agencies, SELinux is now industry standard and is enabled by default on RHEL and CentOS.

To use Rancher with SELinux, we recommend installing the rancher-selinux RPM according to the instructions on this page.