https://rancher.com/ logo
#rke2
Title
# rke2
b

brave-rainbow-31093

05/18/2023, 4:58 PM
Hi folks. I deployed a downstream cluster(rke2 1.25.7) following the rke2 hardening guide https://ranchermanager.docs.rancher.com/pages-for-subheaders/rke2-hardening-guide. The management cluster is also rke2 1.25.7 and rancher version is 2.7.3.
Copy code
spec:
  defaultPodSecurityAdmissionConfigurationTemplateName: rancher-restricted
  rkeConfig:
    machineSelectorConfig:
      - config:
          profile: cis-1.23
          protect-kernel-defaults: true
Then I tried CIS scan using
rke2-cis-1.23-profile-hardened
profile following this guide https://ranchermanager.docs.rancher.com/pages-for-subheaders/cis-scan-guides and got this result. Is this expected result? PS: CIS benchmark app version is 4.0.0
9 Views