Additonal cleanup

Signed-off-by: Derek Nola <[email protected]>

docs/security/hardening_guide.md

@@ -85,7 +85,11 @@ sudo useradd -r -c "etcd user" -s /sbin/nologin -M etcd -U
 Available with October 2023 releases (v1.25.15+rke2r1, v1.26.10+rke2r1, v1.27.7+rke2r1, v1.28.3+rke2r1)
 :::
 
-Using the generic `cis` profile will ensure that the cluster passes the CIS benchmark (rke2-cis-1.XX-profile-hardened) associated with the Kubernetes version that RKE2 is running. For example, RKE2 v1.28.XX with the `profile: cis` will pass the `rke2-cis-1.7-profile-hardedened` in Rancher. 
+```yaml
+profile: "cis"
+```
+
+Using the generic `cis` profile will ensure that the cluster passes the CIS benchmark (rke2-cis-1.XX-profile-hardened) associated with the Kubernetes version that RKE2 is running. For example, RKE2 v1.28.XX with the `profile: cis` will pass the `rke2-cis-1.7-profile-hardened` in Rancher. 
 
 Additionally, it ensures that upgrades to RKE2 do not require a change to existing configuration. Whatever changes are necessary to pass the newer associated CIS benchmark with automatically be applied.
 
@@ -144,10 +148,6 @@ When the `profile` flag is set it does the following:
 2. Applies network policies that allow the cluster to pass associated controls.
 3. Configures runtime pod security policies that allow the cluster to pass associated controls.
 
-:::note
-The only valid values for the profile flag are `cis-1.5` or `cis-1.6`.  
-The self-assessment guide for CIS v1.5 (`cis-1.5`) was removed from this documentation, since this version is applicable only to Kubernetes v1.15 which is not supported anymore. The profile, however, is still available in RKE2.
-:::
 
 </TabItem>
 </Tabs>

docs/security/pod_security_standards.md

@@ -12,9 +12,11 @@ This document applies to RKE2 v1.25 and newer, please refer to the [Pod Security
 
 Starting from Kubernetes version v1.25.0, Pod Security Policies (PSP) are totally removed from Kubernetes, and replaced by [Pod Security Admission (PSA)](https://kubernetes.io/docs/concepts/security/pod-security-admission/). A default Pod Security Admission config file will be added to the cluster upon startup as follows:
 
-* If running **with** the `profile: cis-1.23` or `profile: cis` option, RKE2 will apply a restricted pod security standard via a configuration file which will enforce `restricted` mode throughout the cluster with an exception to the `kube-system`, `cis-operator-system`, and `tigera-operator` namespaces to ensure successful operation of system pods.
+ If running with the `profile: cis-1.23` or `profile: cis` configuration:
+* RKE2 will apply a restricted pod security standard via a configuration file which will enforce `restricted` mode throughout the cluster with an exception to the `kube-system`, `cis-operator-system`, and `tigera-operator` namespaces to ensure successful operation of system pods.
 
-* If running **without** the `profile` option, RKE2 will apply a nonrestricted pod security standard via a configuration file which will enforce `privileged` mode throughout the cluster which allows a completely unrestricted mode to all pods in the cluster.
+If running without a `profile` configuration:
+* RKE2 will apply a nonrestricted pod security standard via a configuration file which will enforce `privileged` mode throughout the cluster which allows a completely unrestricted mode to all pods in the cluster.
 
 RKE2 will put this configuration file at `/etc/rancher/rke2/rke2-pss.yaml`, the content of the configuration file varies according to the cis mode which you started rke2: