Self-Assessment and Hardening Guides for Rancher

Rancher provides specific security hardening guides for each supported Rancher version’s Kubernetes distributions.

Rancher Kubernetes Distributions

Rancher uses the following Kubernetes distributions:

• RKE, Rancher Kubernetes Engine, is a CNCF-certified Kubernetes distribution that runs entirely within Docker containers.
• RKE2 is a fully conformant Kubernetes distribution that focuses on security and compliance within the U.S. Federal Government sector.
• K3s is a fully conformant, lightweight Kubernetes distribution. It is easy to install, with half the memory requirement of upstream Kubernetes, all in a binary of less than 100 MB.

To harden a Kubernetes cluster that’s running a distribution other than those listed, refer to your Kubernetes provider docs.

Hardening Guides and Benchmark Versions

Each self-assessment guide is accompanied by a hardening guide. These guides were tested alongside the listed Rancher releases. Each self-assessment guides was tested on a specific Kubernetes version and CIS benchmark version. If a CIS benchmark has not been validated for your Kubernetes version, you can use the existing guides until a guide for your version is added.

RKE Guides

RKE2 Guides

K3s Guides

Rancher with SELinux

Security-Enhanced Linux (SELinux) is a kernel module that adds extra access controls and security tools to Linux. Historically used by government agencies, SELinux is now industry-standard. SELinux is enabled by default on RHEL and CentOS.

To use Rancher with SELinux, we recommend installing the rancher-selinux RPM.