Security and Compliance
As Kubernetes adoption continues to grow inside an enterprise, IT organizations need visibility and control to ensure the proper security and compliance requirements are met.
Management Across The Platform
Ensuring Security and Compliance
Rancher enables IT administrators to specify centralized security and access control policies. Rancher adds a user authentication layer to any Kubernetes cluster so access to all clusters will be authenticated through a single source such as Active Directory. Rancher integrates with all layers of the technology stack, including Kubernetes RBAC, node configuration, network policy management, and cloud security configuration. Rancher distributes the centralized security policy to all layers of the technology stack to enforce the security and compliance policies.
Identity of users, the groups they belong to, and the projects they work on
The applications (including container images) to be deployed
Public cloud providers, private cloud installations, VMware clusters, and bare metal servers.
Proper configuration of Linux and Windows nodes
Network security and isolation
Rancher provide a centralized authentication gateway for all Kubernetes clusters under management. The IT admin can configure the gateway to authenticate against a single source such as GitHub, Active Directory, LDAP, or SAML providers. This is particularly useful when, for example, an organization leverages a public Kubernetes service like GKE and does not want the employees to have to use personal Google credentials to access GKE clusters.
Centralized RBAC Policies
IT administrators can create RBAC policies once and have Rancher distribute and enforce these policies across all clusters. An RBAC policy is a set of permissions granted to users to act upon resources in a cluster.
Rancher integrates with many elements in the technology stack to enforce security policies.
Rancher relies on container registries to scan container images.
Pod security policies
Rancher integrates with Kubernetes pod security policies to ensure, for example, only signed images can be run on certain clusters.
Rancher integrates with Kubernetes RBAC policies to ensure users are only able to perform authorized operations.
Rancher integrates with CNI network plugins (like Canal) to ensure tenant isolation and network access control.