public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-04-16 11:25:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove RKE1 references in rancher-security-best-practices.md

Browse Source
This commit is contained in:
LucasSaintarbor
2025-07-24 09:13:33 -07:00
parent 7c297ad550
commit fbec5d7ebf
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/reference-guides/rancher-security/rancher-security-best-practices.md
View File

@@ -25,6 +25,6 @@ If you require such features, combine Layer 7 firewalls with [external authentic
You should protect the following ports behind an [external load balancer](../../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) that has SSL offload enabled:
- **K3s:** Port 6443, used by the Kubernetes API.
- **RKE and RKE2:** Port 6443, used by the Kubernetes API, and port 9345, used for node registration.
- **RKE2:** Port 6443, used by the Kubernetes API, and port 9345, used for node registration.
These ports have TLS SAN certificates which list nodes' public IP addresses. An attacker could use that information to gain unauthorized access or monitor activity on the cluster. Protecting these ports helps mitigate against nodes' public IP addresses being disclosed to potential attackers.

2
versioned_docs/version-2.12/reference-guides/rancher-security/rancher-security-best-practices.md
View File

@@ -25,6 +25,6 @@ If you require such features, combine Layer 7 firewalls with [external authentic
You should protect the following ports behind an [external load balancer](../../how-to-guides/new-user-guides/kubernetes-resources-setup/load-balancer-and-ingress-controller/layer-4-and-layer-7-load-balancing.md#layer-4-load-balancer) that has SSL offload enabled:
- **K3s:** Port 6443, used by the Kubernetes API.
- **RKE and RKE2:** Port 6443, used by the Kubernetes API, and port 9345, used for node registration.
- **RKE2:** Port 6443, used by the Kubernetes API, and port 9345, used for node registration.
These ports have TLS SAN certificates which list nodes' public IP addresses. An attacker could use that information to gain unauthorized access or monitor activity on the cluster. Protecting these ports helps mitigate against nodes' public IP addresses being disclosed to potential attackers.