Apply suggestions from code review

Co-authored-by: Sunil Singh <sunil.singh@suse.com>
2026-04-28 01:05:01 +00:00 · 2025-09-29 14:49:00 +02:00
parent 52a65bd4f4
commit b226c5cac0
8 changed files with 16 additions and 16 deletions
@@ -147,7 +147,7 @@ On AWS EC2, we should create a few objects to configure our system. We've define
    * Security group: `K8sMasterSg`. More info at [RKE2 ports (custom nodes tab)](../../../../getting-started/installation-and-upgrade/installation-requirements/port-requirements.md#downstream-kubernetes-cluster-nodes).
    * Tags:
      `kubernetes.io/cluster/<clusterID>: owned`
-    * User data: `K8sMasterUserData` Ubuntu 18.04(ami-0e11cbb34015ff725), installs Docker and add etcd+controlplane node to the k8s cluster.
+    * User data: `K8sMasterUserData` Ubuntu 18.04(ami-0e11cbb34015ff725), installs Docker and add etcd+controlplane node to the K8s cluster.

      ```sh
      #!/bin/bash -x
@@ -206,7 +206,7 @@ On AWS EC2, we should create a few objects to configure our system. We've define
    * `kubernetes.io/cluster/<clusterID>: owned`
    * `k8s.io/cluster-autoscaler/<clusterName>: true`
    * `k8s.io/cluster-autoscaler/enabled: true`
-  * User data: `K8sWorkerUserData` Ubuntu 18.04(ami-0e11cbb34015ff725), installs Docker and add worker node to the k8s cluster.
+  * User data: `K8sWorkerUserData` Ubuntu 18.04(ami-0e11cbb34015ff725), installs Docker and add worker node to the K8s cluster.

      ```sh
      #!/bin/bash -x
@@ -107,7 +107,7 @@ The `system` project:

 :::note

-In RKE2 clusters where the project network isolation option is enabled, the `system` project overrides the project network isolation option so that it can communicate with other projects, collect logs, and check health.
+In RKE2/K3s clusters where the project network isolation option is enabled, the `system` project overrides the project network isolation option so that it can communicate with other projects, collect logs, and check health.

 :::

@@ -29,7 +29,7 @@ The Benchmark version is included in the generated report.

 The Benchmark provides recommendations of two types: Automated and Manual. Recommendations marked as Manual in the Benchmark are not included in the generated report.

-Some tests are designated as "Not Applicable." These tests will not be run on any CIS scan because of the way that Rancher provisions RKE2 clusters. For information on how test results can be audited, and why some tests are designated to be not applicable, refer to Rancher's [self-assessment guide](../../reference-guides/rancher-security/rancher-security.md#the-cis-benchmark-and-self-assessment) for the corresponding Kubernetes version.
+Some tests are designated as "Not Applicable." These tests will not be run on any CIS scan because of the way that Rancher provisions RKE2/K3s clusters. For information on how test results can be audited, and why some tests are designated to be not applicable, refer to Rancher's [self-assessment guide](../../reference-guides/rancher-security/rancher-security.md#the-cis-benchmark-and-self-assessment) for the corresponding Kubernetes version.

 The report contains the following information:

@@ -75,11 +75,11 @@ The following profiles are available:

 You also have the ability to customize a profile by saving a set of tests to skip.

-All profiles will have a set of not applicable tests that will be skipped during the CIS scan. These tests are not applicable based on how a RKE2 cluster manages Kubernetes.
+All profiles will have a set of not applicable tests that will be skipped during the CIS scan. These tests are not applicable based on how a RKE2/K3s cluster manages Kubernetes.

-There are two types of RKE2 cluster scan profiles:
+There are two types of RKE2/K3s cluster scan profiles:

- **Permissive:** This profile has a set of tests that have been will be skipped as these tests will fail on a default RKE2 Kubernetes cluster. Besides the list of skipped tests, the profile will also not run the not applicable tests.
+- **Permissive:** This profile has a set of tests that have been will be skipped as these tests will fail on a default RKE2/K3s Kubernetes cluster. Besides the list of skipped tests, the profile will also not run the not applicable tests.
 - **Hardened:** This profile will not skip any tests, except for the non-applicable tests.

 The EKS and GKE cluster scan profiles are based on CIS Benchmark versions that are specific to those types of clusters.
@@ -7,7 +7,7 @@ description: To create a cluster with custom nodes, you’ll need to access serv
  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/reference-guides/cluster-configuration/rancher-server-configuration/use-existing-nodes"/>
 </head>

-When you create a custom cluster, Rancher uses RKE2 to create a Kubernetes cluster in on-prem bare-metal servers, on-prem virtual machines, or in any node hosted by an infrastructure provider.
+When you create a custom cluster, Rancher can use RKE2/K3s to create a Kubernetes cluster in on-prem bare-metal servers, on-prem virtual machines, or in any node hosted by an infrastructure provider.

 To use this option you'll need access to servers you intend to use in your Kubernetes cluster. Provision each server according to the [requirements](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md), which includes some hardware specifications and Docker. After you install Docker on each server, you willl also run the command provided in the Rancher UI on each server to turn each one into a Kubernetes node.