Security and Compliance

As Kubernetes adoption continues to grow inside an enterprise, IT organizations need visibility and control to ensure the proper security and compliance requirements are met.

Looking for more technical information?

Read the Docs

Management Across The Platform

Ensuring Security and Compliance

Rancher enables IT administrators to specify centralized security and access control policies. Rancher adds a user authentication layer to any Kubernetes cluster so access to all clusters will be authenticated through a single source such as Active Directory. Rancher integrates with all layers of the technology stack, including Kubernetes RBAC, node configuration, network policy management, and cloud security configuration. Rancher distributes the centralized security policy to all layers of the technology stack to enforce the security and compliance policies.

Identity of users, the groups they belong to, and the projects they work on

The applications (including container images) to be deployed

Public cloud providers, private cloud installations, VMware clusters, and bare metal servers.

Proper configuration of Linux and Windows nodes

Network security and isolation

Authentication

Rancher provide a centralized authentication gateway for all Kubernetes clusters under management. The IT admin can configure the gateway to authenticate against a single source such as GitHub, Active Directory, LDAP, or SAML providers. This is particularly useful when, for example, an organization leverages a public Kubernetes service like GKE and does not want the employees to have to use personal Google credentials to access GKE clusters.

Centralized RBAC Policies

IT administrators can create RBAC policies once and have Rancher distribute and enforce these policies across all clusters. An RBAC policy is a set of permissions granted to users to act upon resources in a cluster.

Security

Rancher integrates with many elements in the technology stack to enforce security policies.

Images security

Rancher relies on container registries to scan container images.

Pod security policies

Rancher integrates with Kubernetes pod security policies to ensure, for example, only signed images can be run on certain clusters.

Access control

Rancher integrates with Kubernetes RBAC policies to ensure users are only able to perform authorized operations.

Network security

Rancher integrates with CNI network plugins (like Canal) to ensure tenant isolation and network access control.

Contact Us keyboard_arrow_up