Replies: 2 comments
-
|
@zypriafl Definitely MicroOS comes hardened, auto bans abusive IP and most of the system is read-only. The control-plane can be put behind an LB. We can also close all ports (and reopen them if needed) including the SSH one after cluster deployment. We are basically isolating the cluster entirely apart from the LBs, control plane, and ingress. In the next major release, we are planning to add support for RKE2, aka Government RKE which passed all kinds of sec certifications. About Kube-Bench, user submission would be very welcome! (If it can be installed via helm, we can definitely guide the process as we install almost 99% of our addons via Rancher helmchart definitions). |
Beta Was this translation helpful? Give feedback.
-
|
We will list them in the readme ASAP, but PR is most welcome too! |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Description
Hello,
We looking for all list of security-related defaults / decisions that come with the Cluster. It would be nice to add a "Security" section to the readme. We see that MicroOS is used which already comes with some benefits (see https://get.opensuse.org/microos).
Is there more things that would be worth to mention?
I see that you considered using Kube-bench. Is it possible the see the result of this on a Cluster created with defaults (#564)?
Beta Was this translation helpful? Give feedback.
All reactions