public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-05-16 18:13:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rancher-26175: add known issues with hardened cluster

Browse Source
This commit is contained in:
Nelson Roberts
2020-03-26 16:33:20 -07:00
committed by Denise
parent 5b6ac23316
commit befe490e2c
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/rancher/v2.x/en/security/hardening-2.3.5/_index.md
+4
View File
@@ -22,6 +22,10 @@ This document provides prescriptive guidance for hardening a production installa
For more detail about evaluating a hardened cluster against the official CIS benchmark, refer to the [CIS Benchmark Rancher Self-Assessment Guide - Rancher v2.3.5]({{< baseurl >}}/rancher/v2.x/en/security/benchmark-2.3.5/).
#### Known Issues
Rancher **exec shell** and **view logs** for pods are **not** functional in a cis 1.5 hardened setup when only public ip is provided when registering custom nodes.
### Configure Kernel Runtime Parameters
The following `sysctl` configuration is recommended for all nodes type in the cluster. Set the following parameters in `/etc/sysctl.d/90-kubelet.conf`: