diff --git a/content/rancher/v2.x/en/security/benchmark-2.3/_index.md b/content/rancher/v2.x/en/security/benchmark-2.3/_index.md index 95051435f76..fa11bf78c6b 100644 --- a/content/rancher/v2.x/en/security/benchmark-2.3/_index.md +++ b/content/rancher/v2.x/en/security/benchmark-2.3/_index.md @@ -29,12 +29,6 @@ Scoring the commands is different in Rancher Labs than in the CIS Benchmark. Whe When performing the tests, you will need access to the Docker command line on the hosts of all three RKE roles. The commands also make use of the the `jq` command to provide human-readable formatting. -#### Known Scored Control Failures - -The following scored controls do not currently pass, and Rancher Labs is working towards addressing these through future enhancements to the product. - -- 1.1.21 - Ensure that the `--kubelet-certificate-authority` argument is set as appropriate (Scored) - ### Controls --- diff --git a/content/rancher/v2.x/en/security/hardening-2.3.5/_index.md b/content/rancher/v2.x/en/security/hardening-2.3.5/_index.md index 65532d7465e..ef3d4b471bd 100644 --- a/content/rancher/v2.x/en/security/hardening-2.3.5/_index.md +++ b/content/rancher/v2.x/en/security/hardening-2.3.5/_index.md @@ -118,6 +118,10 @@ metadata: name: default-allow-all spec: podSelector: {} + ingress: + - {} + egress: + - {} policyTypes: - Ingress - Egress diff --git a/content/rancher/v2.x/en/security/hardening-2.3/_index.md b/content/rancher/v2.x/en/security/hardening-2.3/_index.md index 3918cbefa70..dfa51e8eb20 100644 --- a/content/rancher/v2.x/en/security/hardening-2.3/_index.md +++ b/content/rancher/v2.x/en/security/hardening-2.3/_index.md @@ -1266,6 +1266,7 @@ services: anonymous-auth: "false" feature-gates: "RotateKubeletServerCertificate=true" tls-cipher-suites: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256" + generate_serving_certificate: true kube-api: pod_security_policy: true extra_args: