diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-6.3.0-rc.1.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-6.3.0-rc.1.tgz new file mode 100644 index 0000000000..61840748a3 Binary files /dev/null and b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-6.3.0-rc.1.tgz differ diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-6.3.0-rc.1.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-6.3.0-rc.1.tgz new file mode 100644 index 0000000000..c068fac038 Binary files /dev/null and b/assets/rancher-cis-benchmark/rancher-cis-benchmark-6.3.0-rc.1.tgz differ diff --git a/charts/rancher-cis-benchmark-crd/6.3.0-rc.1/Chart.yaml b/charts/rancher-cis-benchmark-crd/6.3.0-rc.1/Chart.yaml new file mode 100644 index 0000000000..888aab9846 --- /dev/null +++ b/charts/rancher-cis-benchmark-crd/6.3.0-rc.1/Chart.yaml @@ -0,0 +1,10 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd +apiVersion: v1 +description: Installs the CRDs for rancher-cis-benchmark. +name: rancher-cis-benchmark-crd +type: application +version: 6.3.0-rc.1 diff --git a/charts/rancher-cis-benchmark-crd/6.3.0-rc.1/README.md b/charts/rancher-cis-benchmark-crd/6.3.0-rc.1/README.md new file mode 100644 index 0000000000..f6d9ef621f --- /dev/null +++ b/charts/rancher-cis-benchmark-crd/6.3.0-rc.1/README.md @@ -0,0 +1,2 @@ +# rancher-cis-benchmark-crd +A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/packages/rancher-cis-benchmark/charts/crds/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/6.3.0-rc.1/templates/clusterscan.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-cis-benchmark/charts/crds/clusterscan.yaml rename to charts/rancher-cis-benchmark-crd/6.3.0-rc.1/templates/clusterscan.yaml diff --git a/packages/rancher-cis-benchmark/charts/crds/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/6.3.0-rc.1/templates/clusterscanbenchmark.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-cis-benchmark/charts/crds/clusterscanbenchmark.yaml rename to charts/rancher-cis-benchmark-crd/6.3.0-rc.1/templates/clusterscanbenchmark.yaml diff --git a/packages/rancher-cis-benchmark/charts/crds/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/6.3.0-rc.1/templates/clusterscanprofile.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-cis-benchmark/charts/crds/clusterscanprofile.yaml rename to charts/rancher-cis-benchmark-crd/6.3.0-rc.1/templates/clusterscanprofile.yaml diff --git a/packages/rancher-cis-benchmark/charts/crds/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/6.3.0-rc.1/templates/clusterscanreport.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/rancher-cis-benchmark/charts/crds/clusterscanreport.yaml rename to charts/rancher-cis-benchmark-crd/6.3.0-rc.1/templates/clusterscanreport.yaml diff --git a/packages/rancher-cis-benchmark/charts/Chart.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/Chart.yaml similarity index 95% rename from packages/rancher-cis-benchmark/charts/Chart.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/Chart.yaml index 4cac499669..62d062e13e 100644 --- a/packages/rancher-cis-benchmark/charts/Chart.yaml +++ b/charts/rancher-cis-benchmark/6.3.0-rc.1/Chart.yaml @@ -12,11 +12,11 @@ annotations: catalog.cattle.io/type: cluster-tool catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 -appVersion: v6.2.0 +appVersion: v6.3.0-rc.1 description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security name: rancher-cis-benchmark -version: 6.2.0 +version: 6.3.0-rc.1 diff --git a/packages/rancher-cis-benchmark/charts/README.md b/charts/rancher-cis-benchmark/6.3.0-rc.1/README.md similarity index 100% rename from packages/rancher-cis-benchmark/charts/README.md rename to charts/rancher-cis-benchmark/6.3.0-rc.1/README.md diff --git a/packages/rancher-cis-benchmark/charts/app-readme.md b/charts/rancher-cis-benchmark/6.3.0-rc.1/app-readme.md similarity index 99% rename from packages/rancher-cis-benchmark/charts/app-readme.md rename to charts/rancher-cis-benchmark/6.3.0-rc.1/app-readme.md index d4834a4824..4de6b0c1db 100644 --- a/packages/rancher-cis-benchmark/charts/app-readme.md +++ b/charts/rancher-cis-benchmark/6.3.0-rc.1/app-readme.md @@ -34,4 +34,4 @@ This chart installs the following components: | CIS | k3s | [k3s-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/master/package/cfg/k3s-cis-1.8-hardened) | k3s-v1.26+ | | CIS | eks | eks-1.2.0 | eks | | CIS | aks | aks-1.0 | aks | -| CIS | gke | gke-1.2.0 | gke | \ No newline at end of file +| CIS | gke | gke-1.2.0 | gke | diff --git a/packages/rancher-cis-benchmark/charts/templates/_helpers.tpl b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/_helpers.tpl similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/_helpers.tpl rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/_helpers.tpl diff --git a/packages/rancher-cis-benchmark/charts/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/alertingrule.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/alertingrule.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/alertingrule.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-aks-1.0.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-aks-1.0.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-aks-1.0.yaml diff --git a/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-cis-1.5.yaml new file mode 100644 index 0000000000..39e8b834a3 --- /dev/null +++ b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-cis-1.5.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: cis-1.5 +spec: + clusterProvider: "" + minKubernetesVersion: "1.15.0" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.7.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-cis-1.7.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.7.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-cis-1.7.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.8.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-cis-1.8.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.8.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-cis-1.8.yaml diff --git a/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-eks-1.0.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-eks-1.0.yaml new file mode 100644 index 0000000000..bd2e32cd3f --- /dev/null +++ b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-eks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: eks-1.0 +spec: + clusterProvider: eks + minKubernetesVersion: "1.15.0" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-eks-1.2.0.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-eks-1.2.0.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-eks-1.2.0.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-eks-1.2.0.yaml diff --git a/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-gke-1.0.yaml new file mode 100644 index 0000000000..72122e8c5e --- /dev/null +++ b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-gke-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: gke-1.0 +spec: + clusterProvider: gke + minKubernetesVersion: "1.15.0" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-gke-1.2.0.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-gke-1.2.0.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-gke-1.2.0.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-gke-1.2.0.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-k3s-cis-1.7-hardened.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.7-hardened.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-k3s-cis-1.7-hardened.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-k3s-cis-1.7-permissive.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.7-permissive.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-k3s-cis-1.7-permissive.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.8-hardened.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-k3s-cis-1.8-hardened.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.8-hardened.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-k3s-cis-1.8-hardened.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.8-permissive.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-k3s-cis-1.8-permissive.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.8-permissive.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-k3s-cis-1.8-permissive.yaml diff --git a/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.5-hardened.yaml new file mode 100644 index 0000000000..b5627f9664 --- /dev/null +++ b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-hardened +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.5-permissive.yaml new file mode 100644 index 0000000000..95f80c0f09 --- /dev/null +++ b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: rke-cis-1.5-permissive +spec: + clusterProvider: rke + minKubernetesVersion: "1.15.0" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.7-hardened.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.7-hardened.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.7-hardened.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.7-permissive.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.7-permissive.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.7-permissive.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.8-hardened.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.8-hardened.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.8-hardened.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.8-hardened.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.8-permissive.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.8-permissive.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.8-permissive.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke-cis-1.8-permissive.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke2-cis-1.7-hardened.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.7-hardened.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke2-cis-1.7-hardened.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke2-cis-1.7-permissive.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.7-permissive.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke2-cis-1.7-permissive.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.8-hardened.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke2-cis-1.8-hardened.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.8-hardened.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke2-cis-1.8-hardened.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.8-permissive.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke2-cis-1.8-permissive.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.8-permissive.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/benchmark-rke2-cis-1.8-permissive.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/cis-roles.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/cis-roles.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/cis-roles.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/configmap.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/configmap.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/configmap.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/configmap.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/deployment.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/deployment.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/deployment.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/deployment.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/network_policy_allow_all.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/network_policy_allow_all.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/network_policy_allow_all.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/patch_default_serviceaccount.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/patch_default_serviceaccount.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/patch_default_serviceaccount.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/rbac.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/rbac.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/rbac.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/rbac.yaml diff --git a/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-cis-1.5.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-cis-1.5.yml new file mode 100644 index 0000000000..d69ae9dd5b --- /dev/null +++ b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-cis-1.5.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: cis-1.5-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: cis-1.5 diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-cis-1.7.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-cis-1.7.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-cis-1.7.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-cis-1.7.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-cis-1.8.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-cis-1.8.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-cis-1.8.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-cis-1.8.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-k3s-cis-1.7-hardened.yml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.7-hardened.yml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-k3s-cis-1.7-hardened.yml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-k3s-cis-1.7-permissive.yml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.7-permissive.yml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-k3s-cis-1.7-permissive.yml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.8-hardened.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-k3s-cis-1.8-hardened.yml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.8-hardened.yml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-k3s-cis-1.8-hardened.yml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.8-permissive.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-k3s-cis-1.8-permissive.yml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.8-permissive.yml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-k3s-cis-1.8-permissive.yml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.7-hardened.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-1.7-hardened.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.7-hardened.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-1.7-hardened.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.7-permissive.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-1.7-permissive.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.7-permissive.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-1.7-permissive.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.8-hardened.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-1.8-hardened.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.8-hardened.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-1.8-hardened.yaml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.8-permissive.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-1.8-permissive.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.8-permissive.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-1.8-permissive.yaml diff --git a/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-custom.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-custom.yml new file mode 100644 index 0000000000..68e0507650 --- /dev/null +++ b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-custom.yml @@ -0,0 +1,11 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-custom +spec: + benchmarkVersion: rke-cis-1.5-permissive + skipTests: + - "1.1.20" + - "1.1.21" + diff --git a/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-hardened.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-hardened.yml new file mode 100644 index 0000000000..2a98193894 --- /dev/null +++ b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-hardened.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-hardened + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-permissive.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-permissive.yml new file mode 100644 index 0000000000..01266cf062 --- /dev/null +++ b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke-permissive.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: rke-profile-permissive + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: rke-cis-1.5-permissive diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke2-cis-1.7-hardened.yml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.7-hardened.yml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke2-cis-1.7-hardened.yml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke2-cis-1.7-permissive.yml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.7-permissive.yml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke2-cis-1.7-permissive.yml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.8-hardened.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke2-cis-1.8-hardened.yml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.8-hardened.yml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke2-cis-1.8-hardened.yml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.8-permissive.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke2-cis-1.8-permissive.yml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.8-permissive.yml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofile-rke2-cis-1.8-permissive.yml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofileaks.yml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofileaks.yml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofileaks.yml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofileeks.yml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofileeks.yml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofileeks.yml diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofilegke.yml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/scanprofilegke.yml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/scanprofilegke.yml diff --git a/packages/rancher-cis-benchmark/charts/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/serviceaccount.yaml similarity index 100% rename from packages/rancher-cis-benchmark/charts/templates/serviceaccount.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/templates/serviceaccount.yaml diff --git a/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/validate-install-crd.yaml new file mode 100644 index 0000000000..562295791b --- /dev/null +++ b/charts/rancher-cis-benchmark/6.3.0-rc.1/templates/validate-install-crd.yaml @@ -0,0 +1,17 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} +# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/packages/rancher-cis-benchmark/charts/values.yaml b/charts/rancher-cis-benchmark/6.3.0-rc.1/values.yaml similarity index 96% rename from packages/rancher-cis-benchmark/charts/values.yaml rename to charts/rancher-cis-benchmark/6.3.0-rc.1/values.yaml index 24a766cdef..c1499c8a5d 100644 --- a/packages/rancher-cis-benchmark/charts/values.yaml +++ b/charts/rancher-cis-benchmark/6.3.0-rc.1/values.yaml @@ -5,10 +5,10 @@ image: cisoperator: repository: rancher/cis-operator - tag: v1.0.15 + tag: v1.0.16-rc.1 securityScan: repository: rancher/security-scan - tag: v0.2.17 + tag: v0.2.18-rc.1 sonobuoy: repository: rancher/mirrored-sonobuoy-sonobuoy tag: v0.57.2 diff --git a/index.yaml b/index.yaml index 9895fd61ee..ce657a77c2 100755 --- a/index.yaml +++ b/index.yaml @@ -11950,6 +11950,32 @@ entries: - assets/rancher-backup-crd/rancher-backup-crd-1.0.200.tgz version: 1.0.200 rancher-cis-benchmark: + - annotations: + catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: CIS Benchmark + catalog.cattle.io/kube-version: '>= 1.27.0-0 < 1.31.0-0' + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 + catalog.cattle.io/rancher-version: '>= 2.9.0-0 < 2.10.0-0' + catalog.cattle.io/release-name: rancher-cis-benchmark + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/ui-component: rancher-cis-benchmark + apiVersion: v1 + appVersion: v6.3.0-rc.1 + created: "2024-10-09T21:32:56.866542684-03:00" + description: The cis-operator enables running CIS benchmark security scans on + a kubernetes cluster + digest: 026ef7ac5da4fb28a8a3f78d13cb5655eb604e59f43caf9831e6d4958211eb97 + icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg + keywords: + - security + name: rancher-cis-benchmark + urls: + - assets/rancher-cis-benchmark/rancher-cis-benchmark-6.3.0-rc.1.tgz + version: 6.3.0-rc.1 - annotations: catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match catalog.cattle.io/certified: rancher @@ -12706,6 +12732,20 @@ entries: - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz version: 1.0.100 rancher-cis-benchmark-crd: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cis-operator-system + catalog.cattle.io/release-name: rancher-cis-benchmark-crd + apiVersion: v1 + created: "2024-10-09T21:32:56.872665675-03:00" + description: Installs the CRDs for rancher-cis-benchmark. + digest: 2855470ee485f25c1ca18e1c5ed9b3870789f12f1e0ccda429eb73d3553f0e00 + name: rancher-cis-benchmark-crd + type: application + urls: + - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-6.3.0-rc.1.tgz + version: 6.3.0-rc.1 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" diff --git a/packages/rancher-cis-benchmark/generated-changes/overlay/crds/clusterscan.yaml b/packages/rancher-cis-benchmark/generated-changes/overlay/crds/clusterscan.yaml new file mode 100644 index 0000000000..73cf1652b2 --- /dev/null +++ b/packages/rancher-cis-benchmark/generated-changes/overlay/crds/clusterscan.yaml @@ -0,0 +1,149 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterscans.cis.cattle.io +spec: + group: cis.cattle.io + names: + kind: ClusterScan + plural: clusterscans + singular: clusterscan + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.lastRunScanProfileName + name: ClusterScanProfile + type: string + - jsonPath: .status.summary.total + name: Total + type: string + - jsonPath: .status.summary.pass + name: Pass + type: string + - jsonPath: .status.summary.fail + name: Fail + type: string + - jsonPath: .status.summary.skip + name: Skip + type: string + - jsonPath: .status.summary.warn + name: Warn + type: string + - jsonPath: .status.summary.notApplicable + name: Not Applicable + type: string + - jsonPath: .status.lastRunTimestamp + name: LastRunTimestamp + type: string + - jsonPath: .spec.scheduledScanConfig.cronSchedule + name: CronSchedule + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + scanProfileName: + nullable: true + type: string + scheduledScanConfig: + nullable: true + properties: + cronSchedule: + nullable: true + type: string + retentionCount: + type: integer + scanAlertRule: + nullable: true + properties: + alertOnComplete: + type: boolean + alertOnFailure: + type: boolean + type: object + type: object + scoreWarning: + enum: + - pass + - fail + nullable: true + type: string + type: object + status: + properties: + NextScanAt: + nullable: true + type: string + ScanAlertingRuleName: + nullable: true + type: string + conditions: + items: + properties: + lastTransitionTime: + nullable: true + type: string + lastUpdateTime: + nullable: true + type: string + message: + nullable: true + type: string + reason: + nullable: true + type: string + status: + nullable: true + type: string + type: + nullable: true + type: string + type: object + nullable: true + type: array + display: + nullable: true + properties: + error: + type: boolean + message: + nullable: true + type: string + state: + nullable: true + type: string + transitioning: + type: boolean + type: object + lastRunScanProfileName: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + observedGeneration: + type: integer + summary: + nullable: true + properties: + fail: + type: integer + notApplicable: + type: integer + pass: + type: integer + skip: + type: integer + total: + type: integer + warn: + type: integer + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/rancher-cis-benchmark/generated-changes/overlay/crds/clusterscanbenchmark.yaml b/packages/rancher-cis-benchmark/generated-changes/overlay/crds/clusterscanbenchmark.yaml new file mode 100644 index 0000000000..261a84efd4 --- /dev/null +++ b/packages/rancher-cis-benchmark/generated-changes/overlay/crds/clusterscanbenchmark.yaml @@ -0,0 +1,55 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterscanbenchmarks.cis.cattle.io +spec: + group: cis.cattle.io + names: + kind: ClusterScanBenchmark + plural: clusterscanbenchmarks + singular: clusterscanbenchmark + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.clusterProvider + name: ClusterProvider + type: string + - jsonPath: .spec.minKubernetesVersion + name: MinKubernetesVersion + type: string + - jsonPath: .spec.maxKubernetesVersion + name: MaxKubernetesVersion + type: string + - jsonPath: .spec.customBenchmarkConfigMapName + name: customBenchmarkConfigMapName + type: string + - jsonPath: .spec.customBenchmarkConfigMapNamespace + name: customBenchmarkConfigMapNamespace + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + clusterProvider: + nullable: true + type: string + customBenchmarkConfigMapName: + nullable: true + type: string + customBenchmarkConfigMapNamespace: + nullable: true + type: string + maxKubernetesVersion: + nullable: true + type: string + minKubernetesVersion: + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/rancher-cis-benchmark/generated-changes/overlay/crds/clusterscanprofile.yaml b/packages/rancher-cis-benchmark/generated-changes/overlay/crds/clusterscanprofile.yaml new file mode 100644 index 0000000000..b63d842fae --- /dev/null +++ b/packages/rancher-cis-benchmark/generated-changes/overlay/crds/clusterscanprofile.yaml @@ -0,0 +1,37 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterscanprofiles.cis.cattle.io +spec: + group: cis.cattle.io + names: + kind: ClusterScanProfile + plural: clusterscanprofiles + singular: clusterscanprofile + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + skipTests: + items: + nullable: true + type: string + nullable: true + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/rancher-cis-benchmark/generated-changes/overlay/crds/clusterscanreport.yaml b/packages/rancher-cis-benchmark/generated-changes/overlay/crds/clusterscanreport.yaml new file mode 100644 index 0000000000..544d825f4b --- /dev/null +++ b/packages/rancher-cis-benchmark/generated-changes/overlay/crds/clusterscanreport.yaml @@ -0,0 +1,40 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterscanreports.cis.cattle.io +spec: + group: cis.cattle.io + names: + kind: ClusterScanReport + plural: clusterscanreports + singular: clusterscanreport + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.lastRunTimestamp + name: LastRunTimestamp + type: string + - jsonPath: .spec.benchmarkVersion + name: BenchmarkVersion + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + benchmarkVersion: + nullable: true + type: string + lastRunTimestamp: + nullable: true + type: string + reportJSON: + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/rancher-cis-benchmark/package.yaml b/packages/rancher-cis-benchmark/package.yaml index 14f1a8f89f..5c2e8e6f2d 100644 --- a/packages/rancher-cis-benchmark/package.yaml +++ b/packages/rancher-cis-benchmark/package.yaml @@ -1,7 +1,13 @@ -url: local -version: 6.2.0 +url: https://github.com/rancher/cis-operator.git +version: 6.3.0-rc.1 +releaseBranch: release/v1.2 +subdirectory: chart additionalCharts: - workingDir: charts-crd + upstreamOptions: + url: https://github.com/rancher/cis-operator.git + releaseBranch: release/v1.2 + subdirectory: crds crdOptions: templateDirectory: crd-template crdDirectory: templates