Security / Unable to delete "Default admin"

I have a couple of questions about security. The first one is regarding clusters deployed using the Rancher 2.2.1 UI. Once a cluster is deployed, how secure is it? Are there any particular things I need to do myself in order to secure the cluster? What about firewall/ssh/fail2ban/etc for example? I love the ease with with I can deploy a cluster from the UI, but I am a bit worried about the security aspects of a newly deployed cluster.

The second question is about the “Default admin” user. When I installed Rancher I created a new admin account and deleted the default one. However after deploying a cluster a “Default admin” appeared again and I tried to delete it, but it’s stuck on “Removing”. What is this admin account? Why is it created when I deploy a cluster, if that’s correct? To be sure I have deleted the test cluster I was using and have created another one, which is currently being provisioned. I will report back once this is done on whether another admin account gets created, but I wanted anyway to ask if this is expected behavior. Thanks!

Yesterday I found this:

Maybe it helps you with the first question.

Thanks. That document is about hardening Rancher itself, which is useful too. I was wondering about hardening the clusters that I deploy with Rancher. Any tips?