Hi folks I deployed a downstream cluster rke2 1 25 7 followi Rancher Users #rke2

Hi folks. I deployed a downstream cluster(rke2 1.2...

brave-rainbow-31093

05/18/2023, 4:58 PM

Hi folks. I deployed a downstream cluster(rke2 1.25.7) following the rke2 hardening guide https://ranchermanager.docs.rancher.com/pages-for-subheaders/rke2-hardening-guide. The management cluster is also rke2 1.25.7 and rancher version is 2.7.3.

Copy code

spec:
  defaultPodSecurityAdmissionConfigurationTemplateName: rancher-restricted
  rkeConfig:
    machineSelectorConfig:
      - config:
          profile: cis-1.23
          protect-kernel-defaults: true

Then I tried CIS scan using

rke2-cis-1.23-profile-hardened

profile following this guide https://ranchermanager.docs.rancher.com/pages-for-subheaders/cis-scan-guides and got this result. Is this expected result? PS: CIS benchmark app version is 4.0.0

9 Views

Open in Slack

Previous Next