add CIS profiles for RKE RKE2 and K3s

packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.24.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.24
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.7.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.7
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.25.0"

packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.24-hardened.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.24-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.24-permissive.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.24-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.7-hardened.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.7-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.25.0"

packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.7-permissive.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.7-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.25.0"

packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.24-hardened.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.24-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.24-permissive.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.24-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.7-hardened.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.7-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.25.0"

packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.7-permissive.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.7-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.25.0"

packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.24-hardened.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.24-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.24-permissive.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.24-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.7-hardened.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.7-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.25.0"

packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.7-permissive.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.7-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.25.0"

packages/rancher-cis-benchmark/charts/templates/scanprofile-cis-1.24.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.24-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.24

packages/rancher-cis-benchmark/charts/templates/scanprofile-cis-1.7.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.7-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.7

packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.24-hardened.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.24-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.24-hardened

packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.24-permissive.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.24-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.24-permissive

packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.7-hardened.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.7-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.7-hardened

packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.7-permissive.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.7-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.7-permissive

packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.24-hardened.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.24
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.24-hardened

packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.24-permissive.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.24
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.24-permissive

packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.7-hardened.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.7
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.7-hardened

packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.7-permissive.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.7
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.7-permissive

packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.24-hardened.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.24-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.24-hardened

packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.24-permissive.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.24-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.24-permissive

packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.7-hardened.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.7-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.7-hardened

packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.7-permissive.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.7-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.7-permissive