Security and Compliance

As Kubernetes adoption continues to grow inside an enterprise, IT organizations need visibility and control to ensure the proper security and compliance requirements are met.

Looking for more technical information?

Management Across The Platform

Ensuring Security and Compliance

Rancher enables IT administrators to specify centralized security and access control policies. Rancher adds a user authentication layer to any Kubernetes cluster so access to all clusters will be authenticated through a single source such as Active Directory. Rancher integrates with all layers of the technology stack, including Kubernetes RBAC, node configuration, network policy management, and cloud security configuration. Rancher distributes the centralized security policy to all layers of the technology stack to enforce the security and compliance policies.

Identity of users, the groups they belong to, and the projects they work on
The applications (including container images) to be deployed
Public cloud providers, private cloud installations, VMware clusters, and bare metal servers.
Proper configuration of Linux and Windows nodes
Network security and isolation

Authentication

Rancher provide a centralized authentication gateway for all Kubernetes clusters under management. The IT admin can configure the gateway to authenticate against a single source such as GitHub, Active Directory, LDAP, or SAML providers. This is particularly useful when, for example, an organization leverages a public Kubernetes service like GKE and does not want the employees to have to use personal Google credentials to access GKE clusters.

Centralized RBAC
Policies

IT administrators can create RBAC policies once and have Rancher distribute and enforce these policies across all clusters. An RBAC policy is a set of permissions granted to users to act upon resources in a cluster.

Security

Rancher integrates with many elements in the technology stack to enforce security policies.

Images security

Rancher relies on container registries to scan container images.

Pod security policies

Rancher integrates with Kubernetes pod security policies to ensure, for example, only signed images can be run on certain clusters.

Access control

Rancher integrates with Kubernetes RBAC policies to ensure users are only able to perform authorized operations.

Network security

Rancher integrates with CNI network plugins (like Canal) to ensure tenant isolation and network access control.

Security and Compliances Resources

101 More Security Best Practices for Kubernetes

Read how Rancher and RKE satisfy Kubernetes security recommendations from the CNCF.

Preventive Security for Enterprise Kubernetes Deployments

Watch the training to learn to tools identify security weaknesses and fix them before they are exploited by attackers.

Register for Advanced Training

Free, weekly advanced training sessions on infrastructure topics from Kubernetes security to CI/CD to storage and more.

Sign Up
快速开启您的Rancher之旅