Automating & Hardening Kubernetes stuff

Hi everyone :slight_smile:

I do have some questions regarding automating and hardening Kubernetes via Rancher.
We’re working with Ansible and RKE and try to avoid clicking in the WebUI as much as possible.

  • How can I pass additional flags to the kube-api for example the “–anonymous-auth=false” flag?
  • What is the best (automated) method to supply a Network Policy?
  • Can I use rancher-cli to supply a PodSecurity Policy?

Do you know a method to automate all this? So for example writing an ansible playbook to create the k8 cluster with RKE supply the additional flag(s) to the kube-api, set pod/network security policy?

Thank you very much in advance!


Edit: We are using rancher 2.0
Edit2: We are using k8 v1.10