SUSE logo
Resources
 SUSE® Rancher Manager
 Report Issue  
SCC (Recommended) GitHub Issue
 Contribute
Language
 English  中文

SUSE® Rancher Manager

    • Release Notes
    • About Rancher
      • What is SUSE® Rancher Prime?
      • Cloud Native
      • Overview
      • SUSE® Rancher Prime Architecture
        • Architecture Recommendations
        • Communicating with Downstream User Clusters
        • SUSE® Rancher Prime Server and Components
      • Kubernetes Concepts
      • Glossary
    • Installation and Upgrades
      • SUSE® Rancher Prime Deployment Quick Start Guides
        • Deploying SUSE® Rancher Prime Server
          • Helm CLI Quick Start
          • Cloud Native AWS Marketplace Quick Start
          • SUSE® Rancher Prime Equinix Metal Quick Start
        • Deploying Workloads
          • Workload with Ingress Quick Start
          • Workload with NodePort Quick Start
      • Installation Requirements
        • Installing Docker
        • Dockershim
        • Port Requirements
        • Helm Version Requirements
      • Best Practices for the SUSE® Rancher Prime Server
        • SUSE® Rancher Prime Deployment Strategy
        • Tips for Running SUSE® Rancher Prime
        • Tuning and Best Practices for SUSE® Rancher Prime at Scale
        • Tuning etcd for Large Installations
        • About High-availability Installations
        • Installing SUSE® Rancher Prime in a VMware vSphere Environment
        • Other Resources
      • Installation References
        • SUSE® Rancher Prime Helm Chart Options
        • TLS Settings
        • Feature Flags
      • Resources
        • Setting up the Bootstrap Password
        • Adding TLS Secrets
        • About Custom CA Root Certificates
        • Updating the SUSE® Rancher Prime Certificate
        • Upgrading Cert-Manager
      • Infrastructure Setup
        • Setting up Infrastructure for a High Availability SUSE® Rancher Prime: K3s Kubernetes Cluster
        • Setting up Infrastructure for a High Availability SUSE® Rancher Prime: RKE2 Kubernetes Cluster
        • Setting up Infrastructure for a High Availability RKE Kubernetes Cluster
        • Setting up Nodes in Amazon EC2
        • Setting up a MySQL Database in Amazon RDS
        • Setting up Amazon ELB Network Load Balancer
        • Docker Install with TLS Termination at Layer-7 NGINX Load Balancer
        • Setting up an NGINX Load Balancer
      • Setting up a Kubernetes Cluster for SUSE® Rancher Prime Server
        • Setting up a High-availability SUSE® Rancher Prime: K3s Kubernetes Cluster for SUSE® Rancher Prime
        • Setting up a High-availability SUSE® Rancher Prime: RKE2 Kubernetes Cluster for SUSE® Rancher Prime
        • Setting up a High-availability RKE Kubernetes Cluster
        • Installing SUSE® Rancher Prime on Azure Kubernetes Service
        • Installing SUSE® Rancher Prime on Amazon EKS
        • Installing SUSE® Rancher Prime on a Google Kubernetes Engine Cluster
        • Cloud Marketplace Integration
          • AWS Marketplace Integration
            • Prerequisites
            • Installing the Adapter
            • Uninstalling The Adapter
            • Common Issues
          • Supportconfig Bundle
      • Other Installation Methods
        • Air-Gapped Helm CLI Install
          • 1. Set up Infrastructure and Private Registry
          • 2. Collect and Publish Images to your Private Registry
          • 3. Install Kubernetes (Skip for Docker Installs)
          • 4. Install SUSE® Rancher Prime
          • Setting up Local System Charts for Air Gapped Installations
          • Upgrading in an Air-Gapped Environment
        • Installing SUSE® Rancher Prime behind an HTTP Proxy
          • 1. Set up Infrastructure
          • 2. Install Kubernetes
          • 3. Install SUSE® Rancher Prime
      • Install/Upgrade SUSE® Rancher Prime on a Kubernetes Cluster
      • Upgrades
      • Rollbacks
      • Troubleshooting the SUSE® Rancher Prime Server Kubernetes Cluster
        • Troubleshooting Certificates
        • SUSE® Rancher Prime HA
    • Rancher Administration
      • User Management
        • Configuring Authentication
          • Users and Groups
          • Local Authentication
          • External Authentication
            • JSON Web Token (JWT) Authentication
            • Configure Generic OIDC
            • Configure Active Directory (AD)
            • Configure Azure AD
            • Configure FreeIPA
            • Configure GitHub
            • Configure Google OAuth
            • Configure Keycloak (OIDC)
            • Configure Keycloak (SAML)
            • Configure Okta (SAML)
            • Configure PingIdentity (SAML)
            • Configuring Microsoft Active Directory Federation Service (SAML)
              • 1. Configuring Microsoft AD FS for SUSE® Rancher Prime
              • 2. Configuring SUSE® Rancher Prime for Microsoft AD FS
            • Configuring OpenLDAP
              • OpenLDAP Configuration Reference
            • Configuring Shibboleth (SAML)
              • Group Permissions with Shibboleth and OpenLDAP
          • Managing Role-Based Access Control (RBAC)
            • Global Permissions
            • Cluster and Project Roles
            • Custom Roles
            • Locked Roles
          • Enabling User Retention
        • User Settings
          • API Keys
          • Managing Node Templates
          • User Preferences
          • Managing Cloud Credentials
      • Global Configuration
        • Custom Branding
        • Configuring a Global Default Private Registry
        • About Provisioning Drivers
          • Cluster Drivers
          • Node Drivers
        • About RKE1 Templates
          • Access and Sharing
          • Applying Templates
          • Template Creator Permissions
          • Enforcing Templates
          • Example Scenarios
          • RKE Templates and Infrastructure
          • Creating and Revising RKE Templates
          • Overriding Template Settings
          • RKE1 Example YAML
      • Backup, Restore, and Disaster Recovery
        • Backup Restore Usage Guide
        • Backing up SUSE® Rancher Prime
          • Backup Configuration
          • Backup Storage Location Configuration
        • Restoring SUSE® Rancher Prime
          • Restore Configuration
        • Migrating SUSE® Rancher Prime to a New Cluster
        • Backup and Restore Examples
      • CLI
        • kubectl Utility
        • SUSE® Rancher Prime CLI
      • Enabling Experimental Features
        • UI Server-Side Pagination
        • Continuous Delivery
        • ClusterRole Aggregation
        • UI for Istio Virtual Services and Destination Rules
        • Running on ARM64 (Experimental)
        • Allowing Unsupported Storage Drivers
    • Cluster Deployment
      • Node Requirements for SUSE® Rancher Prime Managed Clusters
      • Checklist for Production-Ready Clusters
        • Recommended Cluster Architecture
        • Roles for Nodes in Kubernetes
        • Tips for Setting Up Containers
      • Setting up Clusters from Hosted Kubernetes Providers
        • Creating an AKS Cluster
          • AKS Cluster Configuration Reference
        • Creating an EKS Cluster
          • EKS Cluster Configuration Reference
        • Creating a GKE Cluster
          • GKE Cluster Configuration Reference
          • Private Clusters
        • Syncing Hosted Clusters
      • Setting up Cloud Providers
        • Setting up the Amazon Cloud Provider
        • Setting up the Azure Cloud Provider
        • Setting Up an In-tree VMware vSphere Cloud Provider
        • Setting Up an Out-of-tree VMware vSphere Cloud Provider
        • Setting up the Google Compute Engine Cloud Provider
        • Migrating Amazon In-tree to Out-of-tree
        • Migrating Azure In-tree to Out-of-tree
        • Migrating VMware vSphere In-tree to Out-of-tree
      • Launching Kubernetes with SUSE® Rancher Prime
      • SUSE® Rancher Prime Agents
      • Enabling Cluster Agent Scheduling Customization
      • Behavior Differences Between RKE1 and SUSE® Rancher Prime: RKE2
      • Launching Kubernetes on New Nodes in an Infrastructure Provider
        • Creating a DigitalOcean Cluster
          • DigitalOcean Machine Configuration
          • DigitalOcean Node Template Configuration
        • Creating an Amazon EC2 Cluster
          • EC2 Machine Configuration Reference
          • EC2 Node Template Configuration
        • Creating an Azure Cluster
          • Azure Machine Configuration
          • Azure Node Template Configuration
        • Creating a Nutanix AOS Cluster
          • Provisioning Kubernetes Clusters in Nutanix AOS
          • Nutanix Node Template Configuration
        • Creating a VMware vSphere Cluster
          • Best Practices for SUSE® Rancher Prime Managed VMware vSphere Clusters
          • Creating Credentials in the VMware vSphere Console
          • Creating a VMware vSphere Virtual Machine Template
          • Provisioning Kubernetes Clusters in VMware vSphere
          • VMware vSphere Node Template Configuration
          • Graceful Shutdown for VMware vSphere Virtual Machines
      • Launching Kubernetes on Existing Custom Nodes
        • SUSE® Rancher Prime Agent Options
          • Configuring Storage Classes in Azure
          • Networking Requirements for Host Gateway (L2bridge)
          • Launching Kubernetes on Windows Clusters
          • Windows and Linux Cluster Feature Parity
          • RKE1 to SUSE® Rancher Prime: RKE2 Windows Migration Guidance
      • Configuration
        • SUSE® Rancher Prime: K3s Cluster Configuration Reference
        • SUSE® Rancher Prime: RKE2 Cluster Configuration Reference
        • RKE Cluster Configuration Reference
      • Registering Existing Clusters
      • Registered Clusters
    • Cluster Administration
      • Manage Clusters
        • Best Practices for Disconnected Clusters
        • Access Clusters
          • Adding Users to Clusters
          • How the Authorized Cluster Endpoint Works
          • Access a Cluster with Kubectl and kubeconfig
        • Removing Kubernetes Components from Nodes
        • Create Kubernetes Persistent Volumes and Storage Classes
          • GlusterFS Volumes
          • How Persistent Storage Works
          • Dynamically Provisioning New Storage in SUSE® Rancher Prime
          • iSCSI Volumes
          • Setting up Existing Storage
          • Using an External Ceph Driver
            • NFS Storage
            • Creating Persistent Storage in Amazon’s EBS
          • Provisioning Storage Examples
            • VMware vSphere Storage
        • Cluster Autoscaler
          • Cluster Autoscaler with AWS EC2 Auto Scaling Groups
        • Cluster Templates
        • Nodes and Node Pools
        • Projects and Kubernetes Namespaces with SUSE® Rancher Prime
        • Certificate Rotation
        • Encryption Key Rotation
      • Kubernetes Resources Setup
        • Kubernetes Workloads and Pods
          • Deploying Workloads
          • Adding a Sidecar
          • Upgrading Workloads
          • Rolling Back Workloads
        • Horizontal Pod Autoscaler
          • Background Information on HPAs
          • Managing HPAs with the SUSE® Rancher Prime UI
          • Managing HPAs with kubectl
          • Testing HPAs with kubectl
        • Load Balancer and Ingress Controller Setup within SUSE® Rancher Prime
          • Layer 4 and Layer 7 Load Balancing
          • Adding Ingresses
          • Configuring an Ingress
        • Services
        • ConfigMaps
        • Kubernetes Registry and Container Image Registry
      • Upgrading and Rolling Back Kubernetes
        • Upgrading Kubernetes without Upgrading SUSE® Rancher Prime
        • Backing up a Cluster
        • Restoring a Cluster from Backup
      • Namespaces
      • Project Administration
        • Adding Users to Projects
        • Applying Pod Security Policies to Projects
        • Project Resource Quotas
          • How Resource Quotas Work in SUSE® Rancher Prime Projects
          • Overriding the Default Limit for a Namespace
          • Resource Quota Type Reference
          • Setting Container Default Resource Limits
      • Helm Charts and Apps
        • Creating Apps
        • Using OCI-Based Helm Chart Repositories
    • Security
      • SUSE® Rancher Prime Security Guides
      • Security Advisories and CVEs
      • Kubernetes Security Best Practices
      • SUSE® Rancher Prime Security Best Practices
      • SUSE® Rancher Prime Webhook
        • Rotation of Expired Webhook Certificates
        • Hardening the SUSE® Rancher Prime Webhook
        • About rancher-selinux
          • SELinux RPM
        • About rke2-selinux
      • Self-Assessment and Hardening Guides for SUSE® Rancher Prime
        • SUSE® Rancher Prime: K3s Hardening Guides
          • SUSE® Rancher Prime: K3s Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23
          • SUSE® Rancher Prime: K3s Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24
          • SUSE® Rancher Prime: K3s Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27
        • RKE Hardening Guides
          • RKE Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23
          • RKE Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24
          • RKE Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27
        • SUSE® Rancher Prime: RKE2 Hardening Guides
          • SUSE® Rancher Prime: RKE2 Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23
          • SUSE® Rancher Prime: RKE2 Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24
          • SUSE® Rancher Prime: RKE2 Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27
        • Upgrading a Hardened Custom/Imported Cluster to Kubernetes v1.25
      • CIS Scans
        • Roles-based Access Control
        • CIS Scan Guides
        • Install SUSE® Rancher Prime CIS Benchmark
        • Uninstall SUSE® Rancher Prime CIS Benchmark
        • Configuration
        • Creating a Custom Benchmark Version for Running a Cluster Scan
        • Skipped and Not Applicable Tests
        • Run a Scan
        • Run a Scan Periodically on a Schedule
        • Skip Tests
        • View Reports
        • Enable Alerting for SUSE® Rancher Prime CIS Benchmark
        • Configure Alerts for Periodic Scan on a Schedule
        • Create a Custom Benchmark Version for Running a Cluster Scan
        • Adding a Pod Security Policy
        • Assigning Pod Security Policies
        • Creating Pod Security Policies
      • Pod Security Standards (PSS) & Pod Security Admission (PSA)
      • Pod Security Admission (PSA) Configuration Templates
      • Sample PodSecurityConfiguration
      • Secrets
      • Opening Ports with firewalld
      • Encrypting HTTP Communication
    • Integrations
      • Kubernetes Distributions
      • SUSE® Rancher Prime Extensions
      • SUSE® Virtualization
        • Overview
      • SUSE® Storage
        • Overview
      • SUSE® Security
        • Overview
      • SUSE® Rancher Prime: Admission Policy Manager
      • SUSE® Rancher Prime: OS Manager
      • SUSE® Rancher Prime: Continous Delivery
        • Overview
        • SUSE® Rancher Prime: Continous Delivery Architecture
        • Using SUSE® Rancher Prime: Continous Delivery Behind a Proxy
        • Windows Support
      • SUSE Observability
      • Kubernetes on the Desktop with Rancher Desktop
      • SUSE® Rancher Prime: Cluster API
        • Overview
    • Observability
      • Cluster Tools for Logging, Monitoring, and Visibility
      • Project Tools for Logging, Monitoring, and Visibility
      • SUSE® Rancher Prime Integration with Logging Services
        • Logging Architecture
        • Logging Best Practices
        • Role-based Access Control for Logging
        • rancher-logging Helm Chart Options
        • Enabling the API Audit Log to Record System Events
        • Enabling the API Audit Log in Downstream Clusters
        • Working with Taints and Tolerations
        • Custom Resource Configuration
          • Flows and ClusterFlows
          • Outputs and ClusterOutputs
        • Troubleshooting
      • Monitoring and Dashboards
        • Monitoring Best Practices
        • Built-in Dashboards
        • How Monitoring Works
        • PromQL Expression Reference
        • Role-based Access Control
        • Windows Cluster Support for Monitoring V2
        • Enable Monitoring
        • Uninstall Monitoring
        • Setting up Monitoring for a Workload
          • Monitoring Configuration Examples
          • Helm Chart Options
          • Receiver Configuration
          • Route Configuration
          • ServiceMonitor and PodMonitor Configuration
          • Advanced Configuration
            • Alertmanager Configuration
            • Prometheus Configuration
            • Configuring PrometheusRules
        • Monitoring Configuration Guides
          • Debugging High Memory Usage
          • Persistent Grafana Dashboards
          • Customizing Grafana Dashboards
        • Prometheus Federator
          • Role-Based Access Control
          • Enable Prometheus Federator
          • Uninstall Prometheus Federator
          • Setting up Prometheus Federator for a Workload
          • Customizing Grafana Dashboards
          • Installing Project Monitors
      • Istio
        • Role-based Access Control
        • CPU and Memory Allocations
        • Disabling Istio
          • Enable Istio with Pod Security Policies
        • Configuration Options
          • Selectors and Scrape Configs
          • Additional Steps for Project Network Isolation
          • Additional Steps for Installing Istio on SUSE® Rancher Prime: RKE2 and SUSE® Rancher Prime: K3s Clusters
          • Enable Istio in the Cluster
          • Enable Istio in a Namespace
          • Set up Istio’s Components for Traffic Management
        • Istio Setup Guides
          • Generate and View Traffic from Istio
          • Set up the Istio Gateway
          • Add Deployments and Services with the Istio Sidecar
    • API
      • RK-API Quick Start Guide
      • Projects
      • API Reference
      • Using API Tokens
      • Extension API Server
      • Previous v3 SUSE® Rancher Prime API Guide
    • Troubleshooting
      • General Troubleshooting
      • Kubernetes Components
        • Troubleshooting Controlplane Nodes
        • Troubleshooting etcd Nodes
        • Troubleshooting nginx-proxy
        • Troubleshooting Worker Nodes and Generic Components
        • User ID Tracking in Audit Logs
        • Networking
        • Kubernetes Resources
        • DNS
    • FAQ
      • General FAQ
      • Deprecated Features in SUSE® Rancher Prime
      • Installing and Configuring kubectl
      • Dockershim FAQ
      • Technical FAQ
      • Security FAQ
      • Container Network Interface (CNI) Providers
      • SUSE® Rancher Prime is No Longer Needed
    • Contributing to SUSE® Rancher Prime
SUSE® Rancher Manager Latest
  • Cluster API
    • 0.20
    • 0.19
    • 0.18
    • 0.17
    • 0.16
    • 0.15
    • 0.14
    • 0.13
    • 0.12
    • 0.11
  • Continuous Delivery
    • 0.12
    • 0.11
    • 0.10
    • 0.9
  • K3s
    • Latest
  • OS Manager
    • 1.6
    • 1.5
  • Policy Manager
    • 1.26-next
    • 1.25
    • 1.24
    • 1.23
    • 1.22
    • 1.21
    • 1.20
    • 1.19
    • 1.18
    • 1.17
    • 1.16
  • RKE2
    • Latest
  • SUSE® Rancher Manager
    • Latest
    • v2.11
    • v2.10
    • v2.9
    • v2.8
  • SUSE® Security
    • 5.4
    • 5.3
  • SUSE® Storage
    • 1.10.0 (Dev)
    • 1.9.0 (Latest)
    • 1.8.0
    • 1.7.0
  • SUSE® Virtualization
    • v1.6 (Dev)
    • v1.5 (Latest)
    • v1.4
    • v1.3
  • SUSE® Rancher Manager
  • Security
  • CIS Scans
  • CIS Scan Guides
Latest v2.11 v2.10 v2.9 v2.8
Edit this Page

CIS Scan Guides

  • Install rancher-cis-benchmark

  • Uninstall rancher-cis-benchmark

  • Run a Scan

  • Run a Scan Periodically on a Schedule

  • Skip Tests

  • View Reports

  • Enable Alerting for rancher-cis-benchmark

  • Configure Alerts for Periodic Scan on a Schedule

  • Create a Custom Benchmark Version to Run

Roles-based Access Control Install SUSE® Rancher Prime CIS Benchmark