Illumina Innovates with Rancher and Kubernetes
Rancher Labs supports responsible disclosure, and endeavours to resolve all issues in a reasonable time frame.
Please submit possible security issues by emailing firstname.lastname@example.org
Subscribe to the Rancher announcements forum for release updates.
The Rancher Hardening Guide is based off of controls and best practices found in the CIS Kubernetes Benchmark from the Center for Internet Security. The hardening guide provides prescriptive guidance for hardening a production installation of Rancher v2.1.x, v2.2.x and v.2.3.x. See Rancher’s Self Assessment of the CIS Kubernetes Benchmark for the full list of security controls.
The benchmark self-assessment is a companion to the Rancher security hardening guide. While the hardening guide shows you how to harden the cluster, the benchmark guide is meant to help you evaluate the level of security of the hardened cluster.
Because Rancher and RKE install Kubernetes services as Docker containers, many of the control verification checks in the CIS Kubernetes Benchmark don’t apply. This guide will walk through the various controls and provide updated example commands to audit compliance in Rancher created clusters. The original benchmark documents can be downloaded from the CIS website.
Rancher is committed to informing the community of security issues in our products. Rancher will publish CVEs (Common Vulnerabilities and Exposures) for issues we have resolved.