From 848fa370a12204c2e4c16f1935b215bc7a953046 Mon Sep 17 00:00:00 2001
From: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Date: Tue, 18 Oct 2022 22:59:24 +0200
Subject: [PATCH 1/3] make remove

---
 .../rancher-cis-benchmark-crd-3.0.0-rc7.tgz   | Bin 1466 -> 0 bytes
 .../rancher-cis-benchmark-3.0.0-rc7.tgz       | Bin 6604 -> 0 bytes
 .../3.0.0-rc7/Chart.yaml                      |  10 --
 .../3.0.0-rc7/README.md                       |   2 -
 .../3.0.0-rc7/templates/clusterscan.yaml      | 148 -----------------
 .../templates/clusterscanbenchmark.yaml       |  54 -------
 .../templates/clusterscanprofile.yaml         |  36 -----
 .../templates/clusterscanreport.yaml          |  39 -----
 .../3.0.0-rc7/Chart.yaml                      |  22 ---
 .../rancher-cis-benchmark/3.0.0-rc7/README.md |   9 --
 .../3.0.0-rc7/app-readme.md                   |  15 --
 .../3.0.0-rc7/templates/_helpers.tpl          |  27 ----
 .../3.0.0-rc7/templates/alertingrule.yaml     |  14 --
 .../templates/benchmark-aks-1.0.yaml          |   8 -
 .../templates/benchmark-cis-1.20.yaml         |   9 --
 .../templates/benchmark-cis-1.23.yaml         |   8 -
 .../templates/benchmark-cis-1.5.yaml          |   9 --
 .../templates/benchmark-cis-1.6.yaml          |   9 --
 .../templates/benchmark-eks-1.0.1.yaml        |   8 -
 .../templates/benchmark-gke-1.0.yaml          |   8 -
 .../benchmark-k3s-cis-1.20-hardened.yaml      |   9 --
 .../benchmark-k3s-cis-1.20-permissive.yaml    |   9 --
 .../benchmark-k3s-cis-1.23-hardened.yaml      |   8 -
 .../benchmark-k3s-cis-1.23-permissive.yaml    |   8 -
 .../benchmark-k3s-cis-1.6-hardened.yaml       |   9 --
 .../benchmark-k3s-cis-1.6-permissive.yaml     |   9 --
 .../benchmark-rke-cis-1.20-hardened.yaml      |   9 --
 .../benchmark-rke-cis-1.20-permissive.yaml    |   9 --
 .../benchmark-rke-cis-1.23-hardened.yaml      |   8 -
 .../benchmark-rke-cis-1.23-permissive.yaml    |   8 -
 .../benchmark-rke-cis-1.5-hardened.yaml       |   9 --
 .../benchmark-rke-cis-1.5-permissive.yaml     |   9 --
 .../benchmark-rke-cis-1.6-hardened.yaml       |   9 --
 .../benchmark-rke-cis-1.6-permissive.yaml     |   9 --
 .../benchmark-rke2-cis-1.20-hardened.yaml     |   9 --
 .../benchmark-rke2-cis-1.20-permissive.yaml   |   9 --
 .../benchmark-rke2-cis-1.23-hardened.yaml     |   8 -
 .../benchmark-rke2-cis-1.23-permissive.yaml   |   8 -
 .../benchmark-rke2-cis-1.5-hardened.yaml      |   9 --
 .../benchmark-rke2-cis-1.5-permissive.yaml    |   9 --
 .../benchmark-rke2-cis-1.6-hardened.yaml      |   9 --
 .../benchmark-rke2-cis-1.6-permissive.yaml    |   9 --
 .../3.0.0-rc7/templates/cis-roles.yaml        |  49 ------
 .../3.0.0-rc7/templates/configmap.yaml        |  18 ---
 .../templates/delete_rolebindings.yaml        |  27 ----
 .../3.0.0-rc7/templates/deployment.yaml       |  55 -------
 .../templates/network_policy_allow_all.yaml   |  15 --
 .../patch_default_serviceaccount.yaml         |  29 ----
 .../3.0.0-rc7/templates/psp.yaml              |  57 -------
 .../3.0.0-rc7/templates/rbac.yaml             | 151 ------------------
 .../templates/scanprofile-cis-1.20.yaml       |   9 --
 .../templates/scanprofile-cis-1.23.yaml       |   9 --
 .../templates/scanprofile-cis-1.6.yaml        |   9 --
 .../scanprofile-k3s-cis-1.20-hardened.yml     |   9 --
 .../scanprofile-k3s-cis-1.20-permissive.yml   |   9 --
 .../scanprofile-k3s-cis-1.23-hardened.yml     |   9 --
 .../scanprofile-k3s-cis-1.23-permissive.yml   |   9 --
 .../scanprofile-k3s-cis-1.6-hardened.yml      |   9 --
 .../scanprofile-k3s-cis-1.6-permissive.yml    |   9 --
 .../scanprofile-rke-1.20-hardened.yaml        |   9 --
 .../scanprofile-rke-1.20-permissive.yaml      |   9 --
 .../scanprofile-rke-1.23-hardened.yaml        |   9 --
 .../scanprofile-rke-1.23-permissive.yaml      |   9 --
 .../scanprofile-rke-1.6-hardened.yaml         |   9 --
 .../scanprofile-rke-1.6-permissive.yaml       |   9 --
 .../scanprofile-rke2-cis-1.20-hardened.yml    |   9 --
 .../scanprofile-rke2-cis-1.20-permissive.yml  |   9 --
 .../scanprofile-rke2-cis-1.23-hardened.yml    |   9 --
 .../scanprofile-rke2-cis-1.23-permissive.yml  |   9 --
 .../scanprofile-rke2-cis-1.6-hardened.yml     |   9 --
 .../scanprofile-rke2-cis-1.6-permissive.yml   |   9 --
 .../3.0.0-rc7/templates/scanprofileaks.yml    |   9 --
 .../3.0.0-rc7/templates/scanprofileeks.yml    |   9 --
 .../3.0.0-rc7/templates/scanprofilegke.yml    |   9 --
 .../3.0.0-rc7/templates/serviceaccount.yaml   |  14 --
 .../templates/validate-install-crd.yaml       |  17 --
 .../3.0.0-rc7/values.yaml                     |  49 ------
 index.yaml                                    |  40 -----
 78 files changed, 1364 deletions(-)
 delete mode 100644 assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc7.tgz
 delete mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc7.tgz
 delete mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc7/Chart.yaml
 delete mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc7/README.md
 delete mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscan.yaml
 delete mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscanbenchmark.yaml
 delete mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscanprofile.yaml
 delete mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscanreport.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/Chart.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/README.md
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/app-readme.md
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/_helpers.tpl
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/alertingrule.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-aks-1.0.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.20.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.23.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.5.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.6.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-eks-1.0.1.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-gke-1.0.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.20-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.20-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.23-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.23-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.6-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.6-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.20-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.20-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.23-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.23-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.5-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.5-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.6-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.6-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.20-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.20-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.23-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.23-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.5-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.5-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.6-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.6-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/cis-roles.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/configmap.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/delete_rolebindings.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/deployment.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/network_policy_allow_all.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/patch_default_serviceaccount.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/psp.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/rbac.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-cis-1.20.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-cis-1.23.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-cis-1.6.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.20-hardened.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.20-permissive.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.23-hardened.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.23-permissive.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.6-hardened.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.6-permissive.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.20-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.20-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.23-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.23-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.6-hardened.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.6-permissive.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.20-hardened.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.20-permissive.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.23-hardened.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.23-permissive.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.6-hardened.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.6-permissive.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofileaks.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofileeks.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofilegke.yml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/serviceaccount.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/templates/validate-install-crd.yaml
 delete mode 100644 charts/rancher-cis-benchmark/3.0.0-rc7/values.yaml

diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc7.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc7.tgz
deleted file mode 100644
index 98581195c33cd73c8a18606fa93e8ed89be1492a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1466
zcmV;r1x5NFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>(bK*7-&NIJ4bA85V10fyWa@@6ZZ7-K0>GgS$H=v6xd8BoE
zOsD_7BijkKu`vciu5;`QgCu_|+24LEt*t@wCF(vGrawo?mm%oKKG*)+=@K+KD+q&&
z1I=|^cRU&;zpm?+f8EQ$=)xNf2ZQ0zyL5*at~YkagA3*!>UbB64S~LJ5B61F-2cQt
zN<~0INi*p&#(^ME3x@+yfR0daIcgFQ0{scgxKcT6DSRL0guNjh<D1GM5<)Z)aGWs9
zHWi@;Qo3(ehA^zWL}P$pux~GY@xRH{9z@~`Y9o}KuqUtQqv2Xal>GlF4M7kXMoVPV
z*?Yqtl&;2ddQFaK72$+I6a|7OcdhsI?04w6j@#G#s`uK@w2jrrKVcXJKxp3bAU1^B
zaFBcH!S?v~+=1s6<A2}{hgawLKZWHZ2O@#r2&MgJoX4My4Z$a`_b8-4Vbj=<3TJ3k
ztU12N2O&ig0U;9jKw$MFjh`H0jKhUlM|96b$nC&|R&kUFL9R2sJ`p0uGOsDr9S51T
zMnSA0D7xq|X1KC}nT_r-mW5@4)z7B&<RuUW^^=t|t5j(NDGdwEwSey@YlGlc3rVP_
zDu_dw&8*M98YORmmJ{X}0*Z|jfT39|?L2R_dJqBLK$wC(-<8}_vLRV_Dk_Gwkc(Oe
zCJsZ;D~A+8P{6&<wX}kYz?cHk?Yf~A&;y9#lzv$^v;s1ZA}Rpgts7ba{S8_cfc{!H
zv;vZfu2Z$22gS#Eqlj&E?S!3i<z9qn2*Tou|ETV40FID5hA+{N1N1G!rb<4Dg~PRy
zcUgOpjGG-BE=)YvS-5A+x3OZEFk%1vn-1Yi4B@#`MJTUtKYkhB6`C1~w9WP;);P(<
znHH?AdR*$L5Lo4I#$+4>_Ce&LIBy$^%R_J6x7P6W6StOs3RV4$@C_@lrjbxu&6=uM
zQni;9!V20V5y`UIn|vLhrr9AA-F`2uf%WlOPE{BMNHw0;6P_y-Ajs`tR&ru}5LP-u
z&A%e28Uj^z8m=^2ff2HTIVj_Bv$fB1>YH!QY3bVbC3nrFvmo9v^ltDQ+0eMIVAcLn
zclXRSAs3czT}L%nGR@%?EEI%cB{`d@YnA(6gER@U)#y6D?GPu8A)WgBGxCA(_`X6k
z#_ocS>O><LC6DW)irroNNCq6y!&WKUDJVc|Se5#GVWI$59cMSxTIp>Gr(Scna_;b)
zXqj*{aC*^!O4(<P%ir>ht4|YM%42yC+9kG{r$?+`QKC+&B%A2lwj$ZyyJMQ##Jb<M
zsBi|@55gw<J@;gfqT=D~a%FN--0xC*eA?&AT1r=T6dGT<5b}ds%lhBCRNA5t*iio;
zT#d%1`rmLcbkFs_Q`oWVe=mgTun_p}88hjws0gl|zHVtSLhfYKy4C7Q_%D)Ks0fz&
zb}03PLjE4lQA;E=+4CzPf2tp_3p{*lfUh6013XWd^zszblFKKEHY%n&3_Q?X@;+*3
zpZU?>b+xQSx=zp4Tkg-P{G@LYJ9Jh>_)hUF!m&I2LpE0}^M90{M%ujwY{>uK<zQIK
z|AVW+_?-VwVaLw@8DToi{`q%j6}kV}VfUH;dlLAUP(6ZJ*%RkI8fsHGZ7ip3EvD>Q
z&}!B_w#SC8d}|B4gLl=Ph1I=wNVl?<`mZrkt-lIu(*N=0Wm*5n?)m$Vli0EKKP60u
z@;^%e>(oDU_xi`aBfaB4Se)1ol*o=*<4%e8+ui4z6Yk@W5dZc1Kl^a~{?i91^bhvY
z^!=|l8kD~Oy&QSx`rk?Hr!615Ub9)+$M_O7F<JsKvGF-=Y|v-(Roy4Guf4*vo$YLA
UJ6o0g7XSeN|FEsm<N!1P0E@)nJpcdz

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc7.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc7.tgz
deleted file mode 100644
index 5f9b4ff877ba0b4eedf35b8a6b20ec3d55675c16..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 6604
zcmXAucRUr|`@pZ2RYYXFi4dXetV>ymvO;`>G9p~E=QXokGlcAwolV?`tc;R9uB~uw
zF77x#eShblb6#gW=Q+>woY#4ubD%L)Opt#G+=d8SY3kp7rKuyW?Q>u1rG(L4YXd2J
zQ-k}`PmPSEb&MSytemZV4E5lOnl_G3kZtp=q*>|r!{~8?+|}vN*$(<%9_msVpW^4`
z$K@MWHa*2t4+`b3`tVt?ld?h_)wWK}PoAIjH$q;hMj0C9t2JhK8jH%Pky1|XW`)vH
z2WK=vmb_Kv3@jI3M)jC)^pMi7RqZDQdXT!e&F^^2N+K?@9rVH<fBZAJ>>n&;=t8Od
z>8DwaE9c*;b+JrQX*?-3G1aX(Srg7n9ak;CH+Mz5@C%59DOB8DbDR98rRPGuyQu3L
zakuPl(KW*<bIzxyXwlk(>*0(FSEGMWo!TFDSt=!x^t_2!x}`lDQ_gW@o}_Gb+U7zt
ztVs1pHZ!*bLAZWA7dV2EGe2Spxc@8dDQ&?fpLLL8`VI4|+(BQXX*H^fLTs#<L<J%l
zuM>?<B_XwZT5|TKb<9>u7X8bkA?Rz+LJ1TLKV_y}mBzy|WlegC>6TsQ?@!sS%J%}W
z3Zi~!f-T}Fh3;3zWm8ed;Vy3nu0J!;Z#M*o?X7AOWVtOaWsw-*x>thm>8tpT$u5<e
zv->V>&P{8fN95EgEm&s~v&yibrP~xys(q|hZe!2%|7wP?(Bx0_8S*S&wkm9kw#@xn
zuVMJ^`hNXUxPEY!yWGbK?_Y6lj&dC-xz-T}_tUttNye76A5?wGY1*-DU+zjvexJ-g
z<6CMvwk{s-9_F>+>v)1VepX9F^-7Za2$AXL16-(;moY%9o0o&kuh)(kZDk8-)STjN
z|6{^hG#!(-n_Z2HRAnW&@1Lhith|g$C4~-AQE)BZ@@Aq{#+oEV7DX4_&Q-4K*9f~E
zKcT>+*(siD66|g!^10jX?nFdi*xI?k15#4asO6X0NuQF(Dfkn*+$uHas%FP3Hk)(@
zdO7Ip2uVr0@kY#Sdge{L#A${F-N(zZPak$Hh}k>}TO{=tp#Jc}F^V&8{?O=g&}!bE
z@{`dBq)6DuTm*#1Ci1p9FA2AWXz*F2YmxAiON)uq>}RgmifS2bJLr^2&}90p&uW~R
zkrICyxV3m^%v_d(?e!W)`-5Bx_`40?s-_FnizM`!S+1)g!o{PXZRuEIRb3j%i}_3$
z8kAFBE5fZyp5K2ceso>#Y%+|YlGof_YAi0+Ki(+aDV6V<h_#-5YX4lU!GLktP@KC~
zI$a0>5&lcTVw0TJ`^K&7TM`C=B#)i7==*3X%nQoC7CYP0ko&flZI(FSF`WGq)uP@<
z+eN+U(KdLBWqe=!+>Zc%k=z`KdUu09?x*hodHa&mjp!0(UT%sx4HGSKnbgvU|9x|O
z<tA<0e+rvR=9*U@R^U@|XT^3VDtC@~){OZc6c)kf)8+q5rz=$JxT(*h^zfWVKmE^y
zKIiQxQW_A&v9%kdeCK{2xWyNKo%#sV+04O?h#N+<Ber1-4e{M0w{u>y%fE|$&>hmJ
z6Mg($>PM7eEBB1kp=4t<Joc6(*8RSs8rDFNuBK-_a1zsGnjR8qdgJpsk$mWGs-<io
zeb=gcI7N)_Fk{M%kN$(<A9CTXXm=PHEzYN4idZt!;?@RX4@#(_5o#l~S%E1|%{GFK
zjrrOJptJZbVtDdTQok-lD?)9i`*9>wUH4<<4-Q-7q~y8P@=#c#lD|v6-p$LpW=M-)
z=}xQuzddy*U8)Oe-{JUEaefX1GZbXif}i6*IpuaNXbIA|b3ATlu3et)zA3RvWc8^^
zT-Lh8A5J42cb%&1_vHp);5m~@4oOWQzTS9TYmh%YS&2|B_@-){&z#3(g??Jz`^WXw
z!yhic1igGFeyJ2Ip9ytj>!D3Is+*e&IB|?V3WailNeiU-gb-Jj-yx6tv>ew=#}wRS
zG5u7?fz@33QC}r_p^5W(@Azcdst%GmHgAWJ8ThGAR!2wnxo2s>*_%jvKZKdxXP#G~
zENfP?w$AEn&mSR&%EYK`&e5!vUF$asbv+bJ@<H3T!-YoTuGdJ!h7phn=4xj<GjrZ{
zRIBjHs=S?f%Wfus*Kx=9KS)|tZ(26)#a8@XM99Kh;K7vNKpq}YQR9g|xW-F@%{DQ@
zD|}4C?eTDNtyjdvC<QwH?d<OM4yqM)<kXNLIUA5g|GZMK*f23&nv>0A{gp78xZ>T9
z4|+py`q)L+60eEuo2u4s_yN`EPuWLE^vCQL7En(23I~f5v0emJU^RRL@u5?+t?731
z=X15y(mC&RC)>3{d^}EbU~~%Q!=d9%drg^sjA}MkZLDxsu}S7_8wN(x&_TsHjNt0J
zJcu-c6yc#r&odaS2@Xy5WDpc0w~ZmT4_?Cns5q;3I)nF+oGW5w%5OZ0EI5Oe1_K`)
zj5YQS$W#`=Lk-suC^!aDC;J{0$l-zO0)S%wHF4pg&!j;C;~|>k`60rTa}c;1;CIc4
zGQo1Eu&N)xl?|Y3@h}m(4OsUfqP;*$xdp%$)<BIN0jRr}5=#QCQI{a{WT*F+T!<sP
zxt(VqFB`zgOV$u`8Ygv#K+5-ooNII&U|zZS4P=;<7Rq``X&)+1q;C!7BGRjGcmiWy
zSrI^s>kD*pk@22lsVOIED7XoRXrJmQ;T}p;q#h!?2=J-hX)It@iNm9h7|KbM%nX;o
zV*LpUw!J$8T)iyM(Buv)U~vqCGQUy*Wj;gb<IvEZco0G8Fb8kQr49i33ECm3RWBT@
zto#5ZM8q%=d9i*Kb38Q1@)T}NwxuCOgxV147cW|{+eEajE)+byhi_ufb-wU`E9KA-
zKx(`Paf|hMv29-5UokBsGR(FGrnC>tY=99AF-KjO7tp&xDlU0j8!jWr4#BH7;w06D
zT0Do~)^<}J;`m}&TOR?`9YX~FIzP1pm6u96o}I!zA&7{%hC>jSD@sH@xr=XtlT9EU
z@YMlC6uRyZ5tpk(%z1eVmr|ZD?E;r3K<@;AU-H-o3CBSEWOf{Nt``T6XF*2*sAl-x
z3k;?Z<s_Tm_3*pKvk={3Fn^5dJR9A)aErhOLIvuR00P>G*!0o?@Jb=*Eiq?f9bmAi
z4=UMs*eF>I`y#`IxLzlS;0hv;0C#alf%(guD<GHy!flN*2jv{k&JbGv>>CK)$g<Av
zA|ylP&JZ-X3;o(ly8*8ZgcAm2SdkbaT3wd|(9c2kY7XI(U{hU<nBxr)3&ek8LfOv{
zNlU14$Z<X+K+ZvQ`-x@%#qj$(Ad`V8{0M9#8p{YBpaOAlG_e2YLB4+;^ws;02(WOW
z`MkM=TEp*R-=3gmIcD||yi;qa^p_(&d8RHZ#9mG!W+8w##=TRjq-KNa>b4m5o2Y~b
z{t2RVeQ0v}&?D;?c4j}*+erE7!zrhg_4I#zyMxL4{Kx*rX{@fGzmd0r^4IWa?)lL4
z0cv0L3ArT&M&dUe8LZ<V_<=jK<(kNh9p=6u!Ht=q>ZDcZ0KPP3nOF^M_zgxcG`U{Y
z<h67|b7oZMFds<JWv%0yIWr_oqRTVu*fPXi6Dre={*G1WtkZ=mJ@RT1s5vL~8$>;a
zO^Jb8k90MUlo?Pc{M!!r&1Zq?0Ma)XTePA;M;P_J^Zi@YF0-H`^nyYLZX1>Ka<1g`
z1%$j%7q2UbZK~B~3euFkN3-loroRO-)kJdh|MBV-EJLMND$l>Bf16eC<0_xrdlO3h
zR?`{}W#V37-qAK)$$#7ajMEf9^A}wN1WK=XiThNHAN-eAp@_EDMR)V_EztSMjLI~@
zzI=GBP8rML{F42Za4r{&fXmkg8aum{+@w#a52-VuFvdG$V549sp16zE@FbQnY|9-P
zU}l}NuwZ@c0Y|QUc=BH+Q~7(}Q`tznKU({dxc?ncv+F!F_X{B<dBXaG;)DmxMcG`+
zVua6syy0f>?jz-5DB@l5-4#+!x7pY+Dmy#9QZ{}`iJ>g_1wod6bGIwYAH7|cd=#uV
zb>tvRBvcj6F3S*EnybAp=OQ?A7jKKkKIi>WkViiQY?k2hfjfP&L5)r*UiEZ(?L2sW
zHg2y|#roYG^xhSf*5|H2UlpD{^?nrd5FhVpLvna*lXAbOY`CrLIKXEx?DohDeizrB
z&m>yn0?Nsc+ohc3RN#x;s`$PYZL2P2>vvpc*>A>bZzkOO_$IS?&8V-zu;xpg&TM7S
z{Y0$_Udokk5t1Wr110ILUQ0|0YUYYr$*Qik>QLB|lL!Ov_=|%EzOm$_X|JE}|2z9e
zX6vZh3(;Esahzw?*Ax7M?KNu?n;l!+#={Y+WEumSuGrJ!skW86Y2nX&4k5mNBK|Ez
zdO-`Z;Id7!AVvaA7P__$-aTx)*htnMFgnr}J%ZTSd$fd8^3fOG`M@y2kEC%vsP=_~
z$hk*1elA5N#pR1Ol=-G6dgRud(<X{!Uz%t1sTnm$|3EOkmu8|apj26SO~-nYSDc~E
zLS#Ku{los>z#(rHV{ehM4cl`^gQ5(55f$oXrw6t|OCl@|k9%LzJa{A%pAWS=7Ouhh
z)5xTW1vYp1V#hE;F)=bt#?@j(&x}W#F9zrT*7c6(kc%;?RvxE&w2{*H4`AA2P|UU)
z!K(S6Mjiv=5Ef0?BRus;Nt95!a@JbmZ+2g{{&m#0Vvnz@hnwI2=E3>=5N2!8YtmTE
z*%=*(Ac%^c**}N*oF{B&4noB|W);#`Oe%gmU)BrvNMP_eTVHN7P7|X~q`Lg{_URw2
zbwd1%g!ZlapSyo16NCk|H^=E^c15e<=>NWmzTPSEndF<Ws?E%M_RFYpbv;<B{&CX^
zC|VMax2{I@=Xs=+w+^0vk1p*g_WNNQ=5$=YI$W3v&zaA1e$ZXUG!4W7GT7AB)r%u;
z(D`1Ge-VIv=eRQu5)Z*8G91xZVu}m&Vsxeyni8=5zD&<gDQ(~BKz{=0UsnDdgRg{G
z;wT}#rUk-QP4_{*#*cS1XLmy7bEG$O&%MdCpKGrsk2fO4iJ5A<zxAd(P3gx;Y;dsF
z_Bk9{aS+(*+7n0IX*8BYZ3)eW{d3*VkGATQgFF{@>)fn`hHx1>OiM_)Nftg1fkvE}
z<dxUaMPk{?04(J=aSC<(CUI^&-<1!f+|I#Ji@yp(?(<(=;fijVE?KHMd0y5|Xz}Ql
z%<F+N6`fcF4h$oy)^ISdZN%;u`Oj#CBl+`LXvX|-0Gx(KfcvW%CQf7Qsh=WZ-iMT}
z@cmRQWP#@GQ^6lg`o8Jx-|nesg(Z+f00rG%if+E<as!NTZcm$+A?Y`Mla}WJ%{6zf
z&$K?B6Cz>P|NB(lB&Kh5?xi3--HJWgTszsdru(Jx7(YuMr%});_<@AqF{IU(DRFiB
z=_{J-J$lCOk8_&dMIt*LC018;O-K#WZL#Pz(ginm(Ygj*tCBS`vpZyL={*I!5!U;~
zKe92QPv#6v+i*-~`$jrrY@W6$?tHL}KFR&4>3b>8;vTw!c@DLx7-L$fD8W`|zf^0H
zsmjV$&hx)3^sD9Jy2Vm7v&!$r5WywdJ?d6XSMWv^S#Nx`C+HJUXi6piyk4VM*O~Qf
zfes9)Qs#COk?NtHRfOH?U6^F(HK+BFs*L3ucMCrKu@T`?47^`aT8@db;=i13q(~}g
zNge-QucBET$A7|JaWZk!SstD>W6{(Um)McWV!&iD+u-TWwl%uCVG9lLe@H**)%E?{
zXonw0$xJEPw*4yjC#}#=<SAF`AB}ne*s!j9_6R|ey51}dv2QO*hD*94ew*25DXcnD
z;X!p0w=G>VPF`Q{xM<?;<ZzLQY5Onky_3chS}Aj6&ZgP*377XK({e+eIPFU3Pv?^V
z3F`1K^mtg>zxB0x9PUkeu$imNk-_qgW);W!KC55xrBYOmTKvf?Ay8pv@l$WaAxEFg
zEoC>59esXu<-M_2oYZpEtYAMP^x>zmE4nb21%+W3?^(_1d;2T7j`%bmlyCs%@6^8K
zUm|i22io0m1f;DC9t&HRIXq!a*?!}yHu&vq^3ptpuY@Nrx`x_8nBjqZw!ss5JL&SD
zW&ud^2n%tcJ;W##z?@w`)FmSQhc)o^09<oX0KFxFpl%V5T4;u&z$Dd^5#U;I1T{NB
zFvc$-)_KXM$-XKP@YO0iIK=$NH3YBhEzoqX@yq^Kb<jll6&hUe_?4p4A7GnB8Fq}X
zUaBHM>2McRM&59U*fNuevk%h#gf#z_bAd1j-6q2BEEaI6=-{CW`2?s54k0Uah_c1O
zYH%nH6$~D6`J#9NbPZR)DeEC3h%k}^?$_@kq(gj9VSx&Vu*M0%YPbd%)&T^E!V!9x
zEUho_TUQ1^JMqZMV;E=ep2b|}&Kyt?4qiJ!OakcT-U*^ih`|92r-&(x;X}_?C7;Wg
z%VRCBq@E&v|FuY62fpTm7cyADp~V7Ro6KYjLH^HHk%XoVARWTL4RY_F%(ehty(pkF
zg}CTC8cTp1l3gfI9=`z+BM{JTFn@;Xta&qe0p?^Uh&k3X%pCZ6L8!b#i11^SRTKOS
zO~qadbQ~aW2*|F)3mo+!$xQ)g$Ec5rppq>s9Z=Z4lCCGqZFV!|(hb?f!~7|g?*q3J
zguC;_(9I3RD|yI?$J25$Zsli0=pm`{t^cP%kA2iW3nW^;WG#^T(?3i8n`v_c6igx7
zXk2ax9e`36$iN1mnE>0^oPUOg<0*o=I_xtnq6hHRSOO}MK-7>Z%?3y-B1Y(Ir)&r~
zeZqavXu)lR-_1dKqQLmp^NT|?E9s(M`UoSItv^C|DRd_BodF+lev0xVzNwyUBK|Kd
z^6n8Ib|adwQ{&j46{?F%5S{mA6V<bA6oCkrxCon#Oae^m5aH~ZA8;=f&sLBEQlI#v
z)!BeX%Nck9<~lCI@AKT#=?*u^@1kS$ijb8AUMbJxk-vv~tPzn;Y5TRar#vb9fZJgC
z6-7S-F<yXf0h^N>2HHDcZ{T|aQLxV!ig+I^g@*QB9%A-Y56-hoIc&SDjENYQawzaz
zS1y)z*g}lt6o|gPzzsze)Abx%1#6`b{xSZ`Wk1NMg?y$Kj-}<;U<F*+a0{MwuSc*d
z(VL!cKhZY73!+U$irvj5ds`=9(Z&L=en}9J;OW0CQiGSTNIv>_JFtM<%57B%`Hj%~
z<b7kvYXKo%`g9c5IHepm|1l5N30D;=n-zKAl3HN5_lCWj$w^p%H1J9k1lmxYT+T8n
zcB_jtAtT<#jip^m>srq_c^SnGBrS>f;<~I57ljY)9i|Umu`!aRfyLKV)#=U0Fj_Hb
zXZurzxI20kpju4qMMsBw8u8ID!9(zlkbR6^a8amVL8<SNn`<aS+M8Qd%GOoIBzsLO
zy*^~KVXu&UGoWFNO1SrMqC9ix^zyBZHeSWP<VcCIpWpqo)PtxbphLm-i68KTL5vtZ
z9;=jMRfk~agS!t6l$9**4b;+i%sMEl7$=I}y;L@SzLsWTN}D@qn91a6x9XX&q8c$J
zR~8z{*|?H%@m^Y#cs5n}i!=HR8TyqWh;S?G0cFY_Vrpym2RKpRIKk}>S<-`|;=q><
z2EX7xXGe2JZjy0dlmE@n-9DNBu^mzjA8J-MK93H5AX6K(!I8~_2yE09N=SZU*I?Sh
z{fN=ECEZKf{B41{+{nDq7OGi!u<w4lYpvwD@>V8=1y7HjV5ha?C6jQ{;e;SIDneKU
zX*;$h?UBrS(AK_<2JDfu`wngg&SjasTBujH8>@YuF%#v1jAdL+IY_OdsGO7~D_$)e
ze>;k+sG2TR6mVd8qVwy~r|F=P#L%~L-oY8wnW4)GKD1ry0E?3Qi*1d*$;dL$i+U$p
zHaE<_?N%sTk~qxFlT5|S#z@iX<nd5wbeP+&*n8db4Z*r{Yk&9t_)dOIhV!u|7@^{Q
z>w4WI(UF>Qt@_&FU(mjZR*_M!2o=>Pjr?;uWA1<Q`1>(&&4;fug3ap2PX`k1rZ0@v
zN=SKMhn&ytUeUKs`-cP@kx6A*?uph<WxmwjQtB$Mk@HT18nEl?d9LWGrmUEZe$?(&
z@jB%8>2*|J&x<^7UQh1GOj*8MdA-~0b?y1d_doLj52MrRX8ycvR2PRJe?+p#R4i*Q
zBtjUj7iH17=;=XwUtbc=R^-$VkJbwMqAS!f$Eg)(q$+YX<`?x>B;%6<r%k68@*GPF
z_sUs?-$S|Hb0`^1QMvm{p5r_1KQ}G5700vG#XkLUvfyVZY%W%-n31kmG0A7v{RB4q
zZ1b&4DoO9`F)~rH$;_7g-sRtFVV_`jQ&ADj?%Aqe$X0EFrOGdG(UEF>5lm)E`Ry)U
z)P0*xJ3^W+>*)Go1k<oKOOmf-xW~(Tb)OBrhO#n3t71cxg@2?}q51;(YMErZFKO+l
z&@;rPWQSd2@0Z|>RQb&t)UT^-n7Atw?l;7yHy7*YaXtBy?1OJ&2Gn%%uX<Yp%c~+)
zgEcq0>Pam-><QS(#b8mSWK)$-=^`s_oeZIpZrtZ3x9GiZZkW0ZyOE(iIck>iWP3jD
zPt60#wk>-B`D>P1le5giDtQ+9U$05H?maHN3L!+=Q!)PU)!g>ZJbS!baF?ZM4N5{9
c$h^%JxpU`Ehb|uR@8bsaw2Tixv`8TT2k6(7<NyEw

diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc7/Chart.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc7/Chart.yaml
deleted file mode 100644
index b25c959f2..000000000
--- a/charts/rancher-cis-benchmark-crd/3.0.0-rc7/Chart.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-annotations:
-  catalog.cattle.io/certified: rancher
-  catalog.cattle.io/hidden: "true"
-  catalog.cattle.io/namespace: cis-operator-system
-  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
-apiVersion: v1
-description: Installs the CRDs for rancher-cis-benchmark.
-name: rancher-cis-benchmark-crd
-type: application
-version: 3.0.0-rc7
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc7/README.md b/charts/rancher-cis-benchmark-crd/3.0.0-rc7/README.md
deleted file mode 100644
index f6d9ef621..000000000
--- a/charts/rancher-cis-benchmark-crd/3.0.0-rc7/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-# rancher-cis-benchmark-crd
-A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscan.yaml
deleted file mode 100644
index 3cbb0ffcd..000000000
--- a/charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscan.yaml
+++ /dev/null
@@ -1,148 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterscans.cis.cattle.io
-spec:
-  group: cis.cattle.io
-  names:
-    kind: ClusterScan
-    plural: clusterscans
-  scope: Cluster
-  versions:
-  - name: v1
-    served: true
-    storage: true
-    additionalPrinterColumns:
-    - jsonPath: .status.lastRunScanProfileName
-      name: ClusterScanProfile
-      type: string
-    - jsonPath: .status.summary.total
-      name: Total
-      type: string
-    - jsonPath: .status.summary.pass
-      name: Pass
-      type: string
-    - jsonPath: .status.summary.fail
-      name: Fail
-      type: string
-    - jsonPath: .status.summary.skip
-      name: Skip
-      type: string
-    - jsonPath: .status.summary.warn
-      name: Warn
-      type: string
-    - jsonPath: .status.summary.notApplicable
-      name: Not Applicable
-      type: string
-    - jsonPath: .status.lastRunTimestamp
-      name: LastRunTimestamp
-      type: string
-    - jsonPath: .spec.scheduledScanConfig.cronSchedule
-      name: CronSchedule
-      type: string
-    subresources:
-      status: {}
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            properties:
-              scanProfileName:
-                nullable: true
-                type: string
-              scheduledScanConfig:
-                nullable: true
-                properties:
-                  cronSchedule:
-                    nullable: true
-                    type: string
-                  retentionCount:
-                    type: integer
-                  scanAlertRule:
-                    nullable: true
-                    properties:
-                      alertOnComplete:
-                        type: boolean
-                      alertOnFailure:
-                        type: boolean
-                    type: object
-                type: object
-              scoreWarning:
-                enum:
-                - pass
-                - fail
-                nullable: true
-                type: string
-            type: object
-          status:
-            properties:
-              NextScanAt:
-                nullable: true
-                type: string
-              ScanAlertingRuleName:
-                nullable: true
-                type: string
-              conditions:
-                items:
-                  properties:
-                    lastTransitionTime:
-                      nullable: true
-                      type: string
-                    lastUpdateTime:
-                      nullable: true
-                      type: string
-                    message:
-                      nullable: true
-                      type: string
-                    reason:
-                      nullable: true
-                      type: string
-                    status:
-                      nullable: true
-                      type: string
-                    type:
-                      nullable: true
-                      type: string
-                  type: object
-                nullable: true
-                type: array
-              display:
-                nullable: true
-                properties:
-                  error:
-                    type: boolean
-                  message:
-                    nullable: true
-                    type: string
-                  state:
-                    nullable: true
-                    type: string
-                  transitioning:
-                    type: boolean
-                type: object
-              lastRunScanProfileName:
-                nullable: true
-                type: string
-              lastRunTimestamp:
-                nullable: true
-                type: string
-              observedGeneration:
-                type: integer
-              summary:
-                nullable: true
-                properties:
-                  fail:
-                    type: integer
-                  notApplicable:
-                    type: integer
-                  pass:
-                    type: integer
-                  skip:
-                    type: integer
-                  total:
-                    type: integer
-                  warn:
-                    type: integer
-                type: object
-            type: object
-        type: object
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscanbenchmark.yaml
deleted file mode 100644
index fd291f8c3..000000000
--- a/charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscanbenchmark.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterscanbenchmarks.cis.cattle.io
-spec:
-  group: cis.cattle.io
-  names:
-    kind: ClusterScanBenchmark
-    plural: clusterscanbenchmarks
-  scope: Cluster
-  versions:
-  - name: v1
-    served: true
-    storage: true
-    additionalPrinterColumns:
-    - jsonPath: .spec.clusterProvider
-      name: ClusterProvider
-      type: string
-    - jsonPath: .spec.minKubernetesVersion
-      name: MinKubernetesVersion
-      type: string
-    - jsonPath: .spec.maxKubernetesVersion
-      name: MaxKubernetesVersion
-      type: string
-    - jsonPath: .spec.customBenchmarkConfigMapName
-      name: customBenchmarkConfigMapName
-      type: string
-    - jsonPath: .spec.customBenchmarkConfigMapNamespace
-      name: customBenchmarkConfigMapNamespace
-      type: string
-    subresources:
-      status: {}
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            properties:
-              clusterProvider:
-                nullable: true
-                type: string
-              customBenchmarkConfigMapName:
-                nullable: true
-                type: string
-              customBenchmarkConfigMapNamespace:
-                nullable: true
-                type: string
-              maxKubernetesVersion:
-                nullable: true
-                type: string
-              minKubernetesVersion:
-                nullable: true
-                type: string
-            type: object
-        type: object
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscanprofile.yaml
deleted file mode 100644
index 1e75501b7..000000000
--- a/charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscanprofile.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterscanprofiles.cis.cattle.io
-spec:
-  group: cis.cattle.io
-  names:
-    kind: ClusterScanProfile
-    plural: clusterscanprofiles
-  scope: Cluster
-  versions:
-  - name: v1
-    served: true
-    storage: true
-    subresources:
-      status: {}
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            properties:
-              benchmarkVersion:
-                nullable: true
-                type: string
-              skipTests:
-                items:
-                  nullable: true
-                  type: string
-                nullable: true
-                type: array
-            type: object
-        type: object
-    additionalPrinterColumns:
-    - jsonPath: .spec.benchmarkVersion
-      name: BenchmarkVersion
-      type: string
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscanreport.yaml
deleted file mode 100644
index 6e8c0b7de..000000000
--- a/charts/rancher-cis-benchmark-crd/3.0.0-rc7/templates/clusterscanreport.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterscanreports.cis.cattle.io
-spec:
-  group: cis.cattle.io
-  names:
-    kind: ClusterScanReport
-    plural: clusterscanreports
-  scope: Cluster
-  versions:
-  - name: v1
-    served: true
-    storage: true
-    additionalPrinterColumns:
-    - jsonPath: .spec.lastRunTimestamp
-      name: LastRunTimestamp
-      type: string
-    - jsonPath: .spec.benchmarkVersion
-      name: BenchmarkVersion
-      type: string
-    subresources:
-      status: {}
-    schema:
-      openAPIV3Schema:
-        properties:
-          spec:
-            properties:
-              benchmarkVersion:
-                nullable: true
-                type: string
-              lastRunTimestamp:
-                nullable: true
-                type: string
-              reportJSON:
-                nullable: true
-                type: string
-            type: object
-        type: object
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/Chart.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/Chart.yaml
deleted file mode 100644
index 5a0d8cdbf..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/Chart.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-annotations:
-  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
-  catalog.cattle.io/certified: rancher
-  catalog.cattle.io/display-name: CIS Benchmark
-  catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
-  catalog.cattle.io/namespace: cis-operator-system
-  catalog.cattle.io/os: linux
-  catalog.cattle.io/permits-os: linux,windows
-  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
-  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
-  catalog.cattle.io/release-name: rancher-cis-benchmark
-  catalog.cattle.io/type: cluster-tool
-  catalog.cattle.io/ui-component: rancher-cis-benchmark
-apiVersion: v1
-appVersion: v3.0.0
-description: The cis-operator enables running CIS benchmark security scans on a kubernetes
-  cluster
-icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
-keywords:
-- security
-name: rancher-cis-benchmark
-version: 3.0.0-rc7
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/README.md b/charts/rancher-cis-benchmark/3.0.0-rc7/README.md
deleted file mode 100644
index 50beab58b..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/README.md
+++ /dev/null
@@ -1,9 +0,0 @@
-# Rancher CIS Benchmark Chart
-
-The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
-
-# Installation
-
-```
-helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
-```
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/app-readme.md b/charts/rancher-cis-benchmark/3.0.0-rc7/app-readme.md
deleted file mode 100644
index 5e495d605..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/app-readme.md
+++ /dev/null
@@ -1,15 +0,0 @@
-# Rancher CIS Benchmarks
-
-This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
-
-For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
-
-This chart installs the following components:
-
-- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
-- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
-- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
-- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
-- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
-    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
-    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/_helpers.tpl b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/_helpers.tpl
deleted file mode 100644
index b7bb00042..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/_helpers.tpl
+++ /dev/null
@@ -1,27 +0,0 @@
-{{/* Ensure namespace is set the same everywhere */}}
-{{- define "cis.namespace" -}}
-  {{- .Release.Namespace | default "cis-operator-system" -}}
-{{- end -}}
-
-{{- define "system_default_registry" -}}
-{{- if .Values.global.cattle.systemDefaultRegistry -}}
-{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
-{{- else -}}
-{{- "" -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Windows cluster will add default taint for linux nodes,
-add below linux tolerations to workloads could be scheduled to those linux nodes
-*/}}
-{{- define "linux-node-tolerations" -}}
-- key: "cattle.io/os"
-  value: "linux"
-  effect: "NoSchedule"
-  operator: "Equal"
-{{- end -}}
-
-{{- define "linux-node-selector" -}}
-kubernetes.io/os: linux
-{{- end -}}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/alertingrule.yaml
deleted file mode 100644
index 1787c88a0..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/alertingrule.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-{{- if .Values.alerts.enabled -}}
----
-apiVersion: monitoring.coreos.com/v1
-kind: PodMonitor
-metadata:
-  name: rancher-cis-pod-monitor
-  namespace: {{ template "cis.namespace" . }}
-spec:
-  selector:
-    matchLabels:
-      cis.cattle.io/operator: cis-operator
-  podMetricsEndpoints:
-  - port: cismetrics
-{{- end }}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-aks-1.0.yaml
deleted file mode 100644
index 1ac866253..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-aks-1.0.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: aks-1.0
-spec:
-  clusterProvider: aks
-  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.20.yaml
deleted file mode 100644
index 1203e5bcc..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.20.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: cis-1.20
-spec:
-  clusterProvider: ""
-  minKubernetesVersion: "1.19.0"
-  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.23.yaml
deleted file mode 100644
index 920b556ea..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.23.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: cis-1.23
-spec:
-  clusterProvider: ""
-  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.5.yaml
deleted file mode 100644
index c9e6075fb..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.5.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: cis-1.5
-spec:
-  clusterProvider: ""
-  minKubernetesVersion: "1.15.0"
-  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.6.yaml
deleted file mode 100644
index 4f5d66e92..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-cis-1.6.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: cis-1.6
-spec:
-  clusterProvider: ""
-  minKubernetesVersion: "1.16.0"
-  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-eks-1.0.1.yaml
deleted file mode 100644
index d1ba9d295..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-eks-1.0.1.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: eks-1.0.1
-spec:
-  clusterProvider: eks
-  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-gke-1.0.yaml
deleted file mode 100644
index 72122e8c5..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-gke-1.0.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: gke-1.0
-spec:
-  clusterProvider: gke
-  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.20-hardened.yaml
deleted file mode 100644
index 147cac390..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.20-hardened.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: k3s-cis-1.20-hardened
-spec:
-  clusterProvider: k3s
-  minKubernetesVersion: "1.19.0"
-  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.20-permissive.yaml
deleted file mode 100644
index d9584f722..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.20-permissive.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: k3s-cis-1.20-permissive
-spec:
-  clusterProvider: k3s
-  minKubernetesVersion: "1.19.0"
-  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.23-hardened.yaml
deleted file mode 100644
index ee153603b..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.23-hardened.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: k3s-cis-1.23-hardened
-spec:
-  clusterProvider: k3s
-  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.23-permissive.yaml
deleted file mode 100644
index 51f2186f3..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.23-permissive.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: k3s-cis-1.23-permissive
-spec:
-  clusterProvider: k3s
-  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.6-hardened.yaml
deleted file mode 100644
index 5160cf795..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.6-hardened.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: k3s-cis-1.6-hardened
-spec:
-  clusterProvider: k3s
-  minKubernetesVersion: "1.16.0"
-  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.6-permissive.yaml
deleted file mode 100644
index 10c075985..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-k3s-cis-1.6-permissive.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: k3s-cis-1.6-permissive
-spec:
-  clusterProvider: k3s
-  minKubernetesVersion: "1.16.0"
-  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.20-hardened.yaml
deleted file mode 100644
index 4924679cb..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.20-hardened.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke-cis-1.20-hardened
-spec:
-  clusterProvider: rke
-  minKubernetesVersion: "1.19.0"
-  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.20-permissive.yaml
deleted file mode 100644
index 2db66d7c6..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.20-permissive.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke-cis-1.20-permissive
-spec:
-  clusterProvider: rke
-  minKubernetesVersion: "1.19.0"
-  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.23-hardened.yaml
deleted file mode 100644
index f6a99698e..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.23-hardened.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke-cis-1.23-hardened
-spec:
-  clusterProvider: rke
-  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.23-permissive.yaml
deleted file mode 100644
index a26bd63cf..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.23-permissive.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke-cis-1.23-permissive
-spec:
-  clusterProvider: rke
-  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.5-hardened.yaml
deleted file mode 100644
index b9154f1ad..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.5-hardened.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke-cis-1.5-hardened
-spec:
-  clusterProvider: rke
-  minKubernetesVersion: "1.15.0"
-  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.5-permissive.yaml
deleted file mode 100644
index 9da65d55d..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.5-permissive.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke-cis-1.5-permissive
-spec:
-  clusterProvider: rke
-  minKubernetesVersion: "1.15.0"
-  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.6-hardened.yaml
deleted file mode 100644
index 77f8a31df..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.6-hardened.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke-cis-1.6-hardened
-spec:
-  clusterProvider: rke
-  minKubernetesVersion: "1.16.0"
-  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.6-permissive.yaml
deleted file mode 100644
index 600b8df35..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke-cis-1.6-permissive.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke-cis-1.6-permissive
-spec:
-  clusterProvider: rke
-  minKubernetesVersion: "1.16.0"
-  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.20-hardened.yaml
deleted file mode 100644
index b6cc88359..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.20-hardened.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke2-cis-1.20-hardened
-spec:
-  clusterProvider: rke2
-  minKubernetesVersion: "1.19.0"
-  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.20-permissive.yaml
deleted file mode 100644
index fd898bfe8..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.20-permissive.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke2-cis-1.20-permissive
-spec:
-  clusterProvider: rke2
-  minKubernetesVersion: "1.19.0"
-  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.23-hardened.yaml
deleted file mode 100644
index 90e356d72..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.23-hardened.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke2-cis-1.23-hardened
-spec:
-  clusterProvider: rke2
-  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.23-permissive.yaml
deleted file mode 100644
index deafdbda6..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.23-permissive.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke2-cis-1.23-permissive
-spec:
-  clusterProvider: rke2
-  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.5-hardened.yaml
deleted file mode 100644
index 20091ec2b..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.5-hardened.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke2-cis-1.5-hardened
-spec:
-  clusterProvider: rke2
-  minKubernetesVersion: "1.15.0"
-  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.5-permissive.yaml
deleted file mode 100644
index 9a86906b0..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.5-permissive.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke2-cis-1.5-permissive
-spec:
-  clusterProvider: rke2
-  minKubernetesVersion: "1.15.0"
-  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.6-hardened.yaml
deleted file mode 100644
index ea2549ef3..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.6-hardened.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke2-cis-1.6-hardened
-spec:
-  clusterProvider: rke2
-  minKubernetesVersion: "1.16.0"
-  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.6-permissive.yaml
deleted file mode 100644
index 0afdaaa19..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/benchmark-rke2-cis-1.6-permissive.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: rke2-cis-1.6-permissive
-spec:
-  clusterProvider: rke2
-  minKubernetesVersion: "1.16.0"
-  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/cis-roles.yaml
deleted file mode 100644
index 23c93dc65..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/cis-roles.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: cis-admin
-rules:
-  - apiGroups:
-      - cis.cattle.io
-    resources:
-      - clusterscanbenchmarks
-      - clusterscanprofiles
-      - clusterscans
-      - clusterscanreports
-    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
-  - apiGroups:
-      - catalog.cattle.io
-    resources: ["apps"]
-    resourceNames: ["rancher-cis-benchmark"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups:
-      - ""
-    resources:
-      - configmaps
-    verbs:
-      - '*'
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: cis-view
-rules:
-  - apiGroups:
-      - cis.cattle.io
-    resources:
-      - clusterscanbenchmarks
-      - clusterscanprofiles
-      - clusterscans
-      - clusterscanreports
-    verbs: ["get", "watch", "list"]
-  - apiGroups:
-      - catalog.cattle.io
-    resources: ["apps"]
-    resourceNames: ["rancher-cis-benchmark"]
-    verbs: ["get", "watch", "list"]
-  - apiGroups:
-      - ""
-    resources:
-      - configmaps
-    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/configmap.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/configmap.yaml
deleted file mode 100644
index 1a9cd1809..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/configmap.yaml
+++ /dev/null
@@ -1,18 +0,0 @@
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: default-clusterscanprofiles
-  namespace: {{ template "cis.namespace" . }}
-data:
-  # Default ClusterScanProfiles per cluster provider type
-  rke: |-
-    <1.21.0: rke-profile-permissive-1.20
-    >=1.21.0: rke-profile-permissive-1.23
-  rke2: |-
-    <1.21.0: rke2-cis-1.20-profile-permissive
-    >=1.21.0: rke2-cis-1.23-profile-permissive
-  eks: "eks-profile"
-  gke: "gke-profile"
-  aks: "aks-profile"
-  k3s: "k3s-cis-1.23-profile-permissive"
-  default: "cis-1.23-profile"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/delete_rolebindings.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/delete_rolebindings.yaml
deleted file mode 100644
index 9c9946464..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/delete_rolebindings.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: delete-rolebinding
-  annotations:
-    "helm.sh/hook": pre-upgrade
-    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed
-spec:
-  template:
-    spec:
-      serviceAccountName: cis-operator-serviceaccount
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.tolerations }}
-{{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
-      restartPolicy: Never
-      containers:
-      - name: delete-binding
-        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
-        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
-        command: ["kubectl", "delete", "clusterrolebinding", "cis-operator-rolebinding", "cis-operator-installer"]
-  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/deployment.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/deployment.yaml
deleted file mode 100644
index ab0bb3e24..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/deployment.yaml
+++ /dev/null
@@ -1,55 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: cis-operator
-  namespace: {{ template "cis.namespace" . }}
-  labels:
-    cis.cattle.io/operator: cis-operator
-spec:
-  selector:
-    matchLabels:
-      cis.cattle.io/operator: cis-operator
-  template:
-    metadata:
-      labels:
-        cis.cattle.io/operator: cis-operator
-    spec:
-      serviceAccountName: cis-operator-serviceaccount
-      containers:
-      - name: cis-operator
-        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
-        imagePullPolicy: Always
-        ports:
-        - name: cismetrics
-          containerPort: {{ .Values.alerts.metricsPort }}
-        env:
-        - name: SECURITY_SCAN_IMAGE
-          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
-        - name: SECURITY_SCAN_IMAGE_TAG
-          value: {{ .Values.image.securityScan.tag }}
-        - name: SONOBUOY_IMAGE
-          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
-        - name: SONOBUOY_IMAGE_TAG
-          value: {{ .Values.image.sonobuoy.tag }}
-        - name: CIS_ALERTS_METRICS_PORT
-          value: '{{ .Values.alerts.metricsPort }}'
-        - name: CIS_ALERTS_SEVERITY
-          value: {{ .Values.alerts.severity }}
-        - name: CIS_ALERTS_ENABLED
-          value: {{ .Values.alerts.enabled | default "false" | quote }}
-        - name: CLUSTER_NAME
-          value: '{{ .Values.global.cattle.clusterName }}'
-        resources:
-          {{- toYaml .Values.resources | nindent 12 }}
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.tolerations }}
-{{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-      {{- toYaml . | nindent 8 }}
-      {{- end }}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/network_policy_allow_all.yaml
deleted file mode 100644
index 6ed5d645e..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/network_policy_allow_all.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: default-allow-all
-  namespace: {{ template "cis.namespace" . }}
-spec:
-  podSelector: {}
-  ingress:
-  - {}
-  egress:
-  - {}
-  policyTypes:
-  - Ingress
-  - Egress
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/patch_default_serviceaccount.yaml
deleted file mode 100644
index e78a6bd08..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/patch_default_serviceaccount.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: patch-sa
-  annotations:
-    "helm.sh/hook": post-install, post-upgrade
-    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
-spec:
-  template:
-    spec:
-      serviceAccountName: cis-operator-serviceaccount
-      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-{{- if .Values.nodeSelector }}
-{{ toYaml .Values.nodeSelector | indent 8 }}
-{{- end }}
-      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-{{- if .Values.tolerations }}
-{{ toYaml .Values.tolerations | indent 8 }}
-{{- end }}
-      restartPolicy: Never
-      containers:
-      - name: sa
-        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
-        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
-        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
-        args: ["-n", {{ template "cis.namespace" . }}]
-
-  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/psp.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/psp.yaml
deleted file mode 100644
index c012e7a43..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/psp.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: cis-psp
-spec:
-  allowPrivilegeEscalation: true
-  allowedCapabilities:
-  - '*'
-  fsGroup:
-    rule: RunAsAny
-  hostIPC: true
-  hostNetwork: true
-  hostPID: true
-  hostPorts:
-  - max: 65535
-    min: 0
-  privileged: true
-  runAsUser:
-    rule: RunAsAny
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  volumes:
-  - '*'
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: cis-psp-role
-  namespace: {{ template "cis.namespace" . }}
-rules:
-- apiGroups:
-  - policy
-  resourceNames:
-  - cis-psp
-  resources:
-  - podsecuritypolicies
-  verbs:
-  - use
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: cis-psp-rolebinding
-  namespace: {{ template "cis.namespace" . }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: cis-psp-role
-subjects:
-- kind: ServiceAccount
-  name: cis-serviceaccount
-  namespace: {{ template "cis.namespace" . }}
-- kind: ServiceAccount
-  name: cis-operator-serviceaccount
-  namespace: {{ template "cis.namespace" . }}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/rbac.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/rbac.yaml
deleted file mode 100644
index 1c8b78d1b..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/rbac.yaml
+++ /dev/null
@@ -1,151 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/name: rancher-cis-benchmark
-    app.kubernetes.io/instance: release-name
-  name: cis-operator-clusterrole
-rules:
-- apiGroups:
-  - "cis.cattle.io"
-  resources:
-  - "*"
-  verbs:
-  - "*"
-- apiGroups:
-  - ""
-  resources:
-  - "pods"
-  - "services"
-  - "configmaps"
-  - "nodes"
-  - "serviceaccounts"
-  verbs:
-  - "get"
-  - "list"
-  - "create"
-  - "update"
-  - "watch"
-  - "patch"
-- apiGroups:
-  - "batch"
-  resources:
-  - "jobs"
-  verbs:
-  - "list"
-  - "create"
-  - "patch"
-  - "update"
-  - "watch"
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/name: rancher-cis-benchmark
-    app.kubernetes.io/instance: release-name
-  name: cis-scan-ns
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - "namespaces"
-  - "nodes"
-  verbs:
-  - "get"
-  - "list"
-  - "watch"
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: cis-operator-role
-  labels:
-    app.kubernetes.io/name: rancher-cis-benchmark
-    app.kubernetes.io/instance: release-name
-  namespace: {{ template "cis.namespace" . }}
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - "services"
-  verbs:
-  - "watch"
-  - "list"
-  - "get"
-  - "patch"
-- apiGroups:
-  - "batch"
-  resources:
-  - "jobs"
-  verbs:
-  - "watch"
-  - "list"
-  - "get"
-  - "delete"
-- apiGroups:
-  - ""
-  resources:
-  - "configmaps"
-  - "pods"
-  - "secrets"
-  verbs:
-  - "*"
-- apiGroups:
-  - "apps"
-  resources:
-  - "daemonsets"
-  verbs:
-  - "*"
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: rancher-cis-benchmark
-    app.kubernetes.io/instance: release-name
-  name: cis-operator-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cis-operator-clusterrole
-subjects:
-- kind: ServiceAccount
-  name: cis-operator-serviceaccount
-  namespace: {{ template "cis.namespace" . }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: cis-scan-ns
-  labels:
-    app.kubernetes.io/name: rancher-cis-benchmark
-    app.kubernetes.io/instance: release-name
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cis-scan-ns
-subjects:
-- kind: ServiceAccount
-  name: cis-serviceaccount
-  namespace: {{ template "cis.namespace" . }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: rancher-cis-benchmark
-    app.kubernetes.io/instance: release-name
-  name: cis-operator-rolebinding
-  namespace: {{ template "cis.namespace" . }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: cis-operator-role
-subjects:
-- kind: ServiceAccount
-  name: cis-serviceaccount
-  namespace: {{ template "cis.namespace" . }}
-- kind: ServiceAccount
-  name: cis-operator-serviceaccount
-  namespace: {{ template "cis.namespace" . }}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-cis-1.20.yaml
deleted file mode 100644
index 05263ce7d..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-cis-1.20.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: cis-1.20-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: cis-1.20
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-cis-1.23.yaml
deleted file mode 100644
index c59d8f51f..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-cis-1.23.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: cis-1.23-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: cis-1.23
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-cis-1.6.yaml
deleted file mode 100644
index 8a8d8bf88..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-cis-1.6.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: cis-1.6-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.20-hardened.yml
deleted file mode 100644
index a0b6cb6f6..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.20-hardened.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: k3s-cis-1.20-profile-hardened
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: k3s-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.20-permissive.yml
deleted file mode 100644
index 89885548d..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.20-permissive.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: k3s-cis-1.20-profile-permissive
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: k3s-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.23-hardened.yml
deleted file mode 100644
index 724412d3a..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.23-hardened.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: k3s-cis-1.23-profile-hardened
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: k3s-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.23-permissive.yml
deleted file mode 100644
index 9f9213de1..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.23-permissive.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: k3s-cis-1.23-profile-permissive
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: k3s-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.6-hardened.yml
deleted file mode 100644
index 095e977ab..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.6-hardened.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: k3s-cis-1.6-profile-hardened
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: k3s-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.6-permissive.yml
deleted file mode 100644
index 3b22a80c8..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-k3s-cis-1.6-permissive.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: k3s-cis-1.6-profile-permissive
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: k3s-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.20-hardened.yaml
deleted file mode 100644
index c36cf38c9..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.20-hardened.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke-profile-hardened-1.20
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.20-permissive.yaml
deleted file mode 100644
index cfeb4b34c..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.20-permissive.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke-profile-permissive-1.20
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.23-hardened.yaml
deleted file mode 100644
index 007331149..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.23-hardened.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke-profile-hardened-1.23
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.23-permissive.yaml
deleted file mode 100644
index 085b60dfa..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.23-permissive.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke-profile-permissive-1.23
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.6-hardened.yaml
deleted file mode 100644
index d38febd80..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.6-hardened.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke-profile-hardened-1.6
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.6-permissive.yaml
deleted file mode 100644
index d31b5b0d2..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke-1.6-permissive.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke-profile-permissive-1.6
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.20-hardened.yml
deleted file mode 100644
index decc9b651..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.20-hardened.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke2-cis-1.20-profile-hardened
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke2-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.20-permissive.yml
deleted file mode 100644
index 74c96ffc4..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.20-permissive.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke2-cis-1.20-profile-permissive
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke2-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.23-hardened.yml
deleted file mode 100644
index abc1c2a21..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.23-hardened.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke2-cis-1.23-profile-hardened
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke2-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.23-permissive.yml
deleted file mode 100644
index 51cc519ac..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.23-permissive.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke2-cis-1.23-profile-permissive
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke2-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.6-hardened.yml
deleted file mode 100644
index c7ac7f949..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.6-hardened.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke2-cis-1.6-profile-hardened
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke2-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.6-permissive.yml
deleted file mode 100644
index 96ca1345a..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofile-rke2-cis-1.6-permissive.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: rke2-cis-1.6-profile-permissive
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: rke2-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofileaks.yml
deleted file mode 100644
index ea7b25b40..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofileaks.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: aks-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: aks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofileeks.yml
deleted file mode 100644
index 3b4e34437..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofileeks.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: eks-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: eks-1.0.1
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofilegke.yml
deleted file mode 100644
index 2ddd0686f..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/scanprofilegke.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: gke-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/serviceaccount.yaml
deleted file mode 100644
index ec48ec622..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  namespace: {{ template "cis.namespace" . }}
-  name: cis-operator-serviceaccount
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  namespace: {{ template "cis.namespace" . }}
-  labels:
-    app.kubernetes.io/name: rancher-cis-benchmark
-    app.kubernetes.io/instance: release-name
-  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/templates/validate-install-crd.yaml
deleted file mode 100644
index 562295791..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/templates/validate-install-crd.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
-# {{- $found := dict -}}
-# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
-# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
-# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
-# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
-# {{- range .Capabilities.APIVersions -}}
-# {{- if hasKey $found (toString .) -}}
-# 	{{- set $found (toString .) true -}}
-# {{- end -}}
-# {{- end -}}
-# {{- range $_, $exists := $found -}}
-# {{- if (eq $exists false) -}}
-# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
-# {{- end -}}
-# {{- end -}}
-#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc7/values.yaml b/charts/rancher-cis-benchmark/3.0.0-rc7/values.yaml
deleted file mode 100644
index 27db01cc7..000000000
--- a/charts/rancher-cis-benchmark/3.0.0-rc7/values.yaml
+++ /dev/null
@@ -1,49 +0,0 @@
-# Default values for rancher-cis-benchmark.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-image:
-  cisoperator:
-    repository: rancher/cis-operator
-    tag: v1.0.10-rc2
-  securityScan:
-    repository: rancher/security-scan
-    tag: v0.2.9-rc4
-  sonobuoy:
-    repository: rancher/mirrored-sonobuoy-sonobuoy
-    tag: v0.56.7
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-## Node labels for pod assignment
-## Ref: https://kubernetes.io/docs/user-guide/node-selection/
-##
-nodeSelector: {}
-
-## List of node taints to tolerate (requires Kubernetes >= 1.6)
-tolerations: []
-
-affinity: {}
-
-global:
-  cattle:
-    systemDefaultRegistry: ""
-    clusterName: ""
-  kubectl:
-    repository: rancher/kubectl
-    tag: v1.20.2
-
-alerts:
-  enabled: false
-  severity: warning
-  metricsPort: 8080
diff --git a/index.yaml b/index.yaml
index 4960f118a..800eb520e 100755
--- a/index.yaml
+++ b/index.yaml
@@ -3421,32 +3421,6 @@ entries:
     - assets/rancher-backup-crd/rancher-backup-crd-1.0.200.tgz
     version: 1.0.200
   rancher-cis-benchmark:
-  - annotations:
-      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
-      catalog.cattle.io/certified: rancher
-      catalog.cattle.io/display-name: CIS Benchmark
-      catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
-      catalog.cattle.io/namespace: cis-operator-system
-      catalog.cattle.io/os: linux
-      catalog.cattle.io/permits-os: linux,windows
-      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
-      catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
-      catalog.cattle.io/release-name: rancher-cis-benchmark
-      catalog.cattle.io/type: cluster-tool
-      catalog.cattle.io/ui-component: rancher-cis-benchmark
-    apiVersion: v1
-    appVersion: v3.0.0
-    created: "2022-10-14T21:06:42.77523739+02:00"
-    description: The cis-operator enables running CIS benchmark security scans on
-      a kubernetes cluster
-    digest: e254d98add7979243b248ab7e5ceefe55bb32f1c8d0973d424373fd438915e04
-    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
-    keywords:
-    - security
-    name: rancher-cis-benchmark
-    urls:
-    - assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc7.tgz
-    version: 3.0.0-rc7
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -3761,20 +3735,6 @@ entries:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz
     version: 1.0.100
   rancher-cis-benchmark-crd:
-  - annotations:
-      catalog.cattle.io/certified: rancher
-      catalog.cattle.io/hidden: "true"
-      catalog.cattle.io/namespace: cis-operator-system
-      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
-    apiVersion: v1
-    created: "2022-10-14T21:06:42.777200088+02:00"
-    description: Installs the CRDs for rancher-cis-benchmark.
-    digest: acbfae01ff2e431687bff0edd2545d3af16ef779e7668f81736db01481de9028
-    name: rancher-cis-benchmark-crd
-    type: application
-    urls:
-    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc7.tgz
-    version: 3.0.0-rc7
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"

From 3d4a61d6724727ed4a91fd4593c23226612a7561 Mon Sep 17 00:00:00 2001
From: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Date: Tue, 18 Oct 2022 22:59:53 +0200
Subject: [PATCH 2/3] fix permissions for cis-serviceaccount

---
 .../rancher-cis-benchmark/charts/templates/rbac.yaml     | 9 +++++++++
 packages/rancher-cis-benchmark/charts/values.yaml        | 2 +-
 packages/rancher-cis-benchmark/package.yaml              | 2 +-
 release.yaml                                             | 4 ++--
 4 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/packages/rancher-cis-benchmark/charts/templates/rbac.yaml b/packages/rancher-cis-benchmark/charts/templates/rbac.yaml
index 1c8b78d1b..36dc55b29 100644
--- a/packages/rancher-cis-benchmark/charts/templates/rbac.yaml
+++ b/packages/rancher-cis-benchmark/charts/templates/rbac.yaml
@@ -46,11 +46,20 @@ metadata:
     app.kubernetes.io/instance: release-name
   name: cis-scan-ns
 rules:
+- apiGroups:
+  - "*"
+  resources:
+  - "podsecuritypolicies"
+  verbs: 
+  - "get"
+  - "list"
+  - "watch"
 - apiGroups:
   - ""
   resources:
   - "namespaces"
   - "nodes"
+  - "pods"
   verbs:
   - "get"
   - "list"
diff --git a/packages/rancher-cis-benchmark/charts/values.yaml b/packages/rancher-cis-benchmark/charts/values.yaml
index 27db01cc7..852711030 100644
--- a/packages/rancher-cis-benchmark/charts/values.yaml
+++ b/packages/rancher-cis-benchmark/charts/values.yaml
@@ -8,7 +8,7 @@ image:
     tag: v1.0.10-rc2
   securityScan:
     repository: rancher/security-scan
-    tag: v0.2.9-rc4
+    tag: v0.2.9-rc5
   sonobuoy:
     repository: rancher/mirrored-sonobuoy-sonobuoy
     tag: v0.56.7
diff --git a/packages/rancher-cis-benchmark/package.yaml b/packages/rancher-cis-benchmark/package.yaml
index 7959cae74..1b4ec27e6 100644
--- a/packages/rancher-cis-benchmark/package.yaml
+++ b/packages/rancher-cis-benchmark/package.yaml
@@ -1,5 +1,5 @@
 url: local
-version: 3.0.0-rc7
+version: 3.0.0-rc8
 additionalCharts:
   - workingDir: charts-crd
     crdOptions:
diff --git a/release.yaml b/release.yaml
index 438c0ff56..fb186b3c1 100644
--- a/release.yaml
+++ b/release.yaml
@@ -19,9 +19,9 @@ rancher-aks-operator-crd:
 rancher-alerting-drivers:
   - 101.0.0
 rancher-cis-benchmark:
-  - 3.0.0-rc7
+  - 3.0.0-rc8
 rancher-cis-benchmark-crd:
-  - 3.0.0-rc7
+  - 3.0.0-rc8
 rancher-csp-adapter:
   - 2.0.0+up2.0.0-rc1
 rancher-backup:

From eba3d83e60cc2ad1aa94c0d1897bd80e536aca8a Mon Sep 17 00:00:00 2001
From: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Date: Tue, 18 Oct 2022 23:09:31 +0200
Subject: [PATCH 3/3] make charts

---
 .../rancher-cis-benchmark-crd-3.0.0-rc8.tgz   | Bin 0 -> 1466 bytes
 .../rancher-cis-benchmark-3.0.0-rc8.tgz       | Bin 0 -> 6622 bytes
 .../3.0.0-rc8/Chart.yaml                      |  10 ++
 .../3.0.0-rc8/README.md                       |   2 +
 .../3.0.0-rc8/templates/clusterscan.yaml      | 148 ++++++++++++++++
 .../templates/clusterscanbenchmark.yaml       |  54 ++++++
 .../templates/clusterscanprofile.yaml         |  36 ++++
 .../templates/clusterscanreport.yaml          |  39 +++++
 .../3.0.0-rc8/Chart.yaml                      |  22 +++
 .../rancher-cis-benchmark/3.0.0-rc8/README.md |   9 +
 .../3.0.0-rc8/app-readme.md                   |  15 ++
 .../3.0.0-rc8/templates/_helpers.tpl          |  27 +++
 .../3.0.0-rc8/templates/alertingrule.yaml     |  14 ++
 .../templates/benchmark-aks-1.0.yaml          |   8 +
 .../templates/benchmark-cis-1.20.yaml         |   9 +
 .../templates/benchmark-cis-1.23.yaml         |   8 +
 .../templates/benchmark-cis-1.5.yaml          |   9 +
 .../templates/benchmark-cis-1.6.yaml          |   9 +
 .../templates/benchmark-eks-1.0.1.yaml        |   8 +
 .../templates/benchmark-gke-1.0.yaml          |   8 +
 .../benchmark-k3s-cis-1.20-hardened.yaml      |   9 +
 .../benchmark-k3s-cis-1.20-permissive.yaml    |   9 +
 .../benchmark-k3s-cis-1.23-hardened.yaml      |   8 +
 .../benchmark-k3s-cis-1.23-permissive.yaml    |   8 +
 .../benchmark-k3s-cis-1.6-hardened.yaml       |   9 +
 .../benchmark-k3s-cis-1.6-permissive.yaml     |   9 +
 .../benchmark-rke-cis-1.20-hardened.yaml      |   9 +
 .../benchmark-rke-cis-1.20-permissive.yaml    |   9 +
 .../benchmark-rke-cis-1.23-hardened.yaml      |   8 +
 .../benchmark-rke-cis-1.23-permissive.yaml    |   8 +
 .../benchmark-rke-cis-1.5-hardened.yaml       |   9 +
 .../benchmark-rke-cis-1.5-permissive.yaml     |   9 +
 .../benchmark-rke-cis-1.6-hardened.yaml       |   9 +
 .../benchmark-rke-cis-1.6-permissive.yaml     |   9 +
 .../benchmark-rke2-cis-1.20-hardened.yaml     |   9 +
 .../benchmark-rke2-cis-1.20-permissive.yaml   |   9 +
 .../benchmark-rke2-cis-1.23-hardened.yaml     |   8 +
 .../benchmark-rke2-cis-1.23-permissive.yaml   |   8 +
 .../benchmark-rke2-cis-1.5-hardened.yaml      |   9 +
 .../benchmark-rke2-cis-1.5-permissive.yaml    |   9 +
 .../benchmark-rke2-cis-1.6-hardened.yaml      |   9 +
 .../benchmark-rke2-cis-1.6-permissive.yaml    |   9 +
 .../3.0.0-rc8/templates/cis-roles.yaml        |  49 ++++++
 .../3.0.0-rc8/templates/configmap.yaml        |  18 ++
 .../templates/delete_rolebindings.yaml        |  27 +++
 .../3.0.0-rc8/templates/deployment.yaml       |  55 ++++++
 .../templates/network_policy_allow_all.yaml   |  15 ++
 .../patch_default_serviceaccount.yaml         |  29 ++++
 .../3.0.0-rc8/templates/psp.yaml              |  57 +++++++
 .../3.0.0-rc8/templates/rbac.yaml             | 160 ++++++++++++++++++
 .../templates/scanprofile-cis-1.20.yaml       |   9 +
 .../templates/scanprofile-cis-1.23.yaml       |   9 +
 .../templates/scanprofile-cis-1.6.yaml        |   9 +
 .../scanprofile-k3s-cis-1.20-hardened.yml     |   9 +
 .../scanprofile-k3s-cis-1.20-permissive.yml   |   9 +
 .../scanprofile-k3s-cis-1.23-hardened.yml     |   9 +
 .../scanprofile-k3s-cis-1.23-permissive.yml   |   9 +
 .../scanprofile-k3s-cis-1.6-hardened.yml      |   9 +
 .../scanprofile-k3s-cis-1.6-permissive.yml    |   9 +
 .../scanprofile-rke-1.20-hardened.yaml        |   9 +
 .../scanprofile-rke-1.20-permissive.yaml      |   9 +
 .../scanprofile-rke-1.23-hardened.yaml        |   9 +
 .../scanprofile-rke-1.23-permissive.yaml      |   9 +
 .../scanprofile-rke-1.6-hardened.yaml         |   9 +
 .../scanprofile-rke-1.6-permissive.yaml       |   9 +
 .../scanprofile-rke2-cis-1.20-hardened.yml    |   9 +
 .../scanprofile-rke2-cis-1.20-permissive.yml  |   9 +
 .../scanprofile-rke2-cis-1.23-hardened.yml    |   9 +
 .../scanprofile-rke2-cis-1.23-permissive.yml  |   9 +
 .../scanprofile-rke2-cis-1.6-hardened.yml     |   9 +
 .../scanprofile-rke2-cis-1.6-permissive.yml   |   9 +
 .../3.0.0-rc8/templates/scanprofileaks.yml    |   9 +
 .../3.0.0-rc8/templates/scanprofileeks.yml    |   9 +
 .../3.0.0-rc8/templates/scanprofilegke.yml    |   9 +
 .../3.0.0-rc8/templates/serviceaccount.yaml   |  14 ++
 .../templates/validate-install-crd.yaml       |  17 ++
 .../3.0.0-rc8/values.yaml                     |  49 ++++++
 index.yaml                                    |  40 +++++
 78 files changed, 1373 insertions(+)
 create mode 100644 assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc8.tgz
 create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc8.tgz
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc8/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc8/README.md
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscan.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanbenchmark.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanprofile.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanreport.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/README.md
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/app-readme.md
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/_helpers.tpl
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/alertingrule.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-aks-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.20.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.23.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.5.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-eks-1.0.1.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-gke-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/cis-roles.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/configmap.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/delete_rolebindings.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/deployment.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/network_policy_allow_all.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/psp.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/rbac.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.20.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.23.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileaks.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileeks.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofilegke.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/values.yaml

diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc8.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc8.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..0bbb18b8abd2d27293057541528d2badc2283ce3
GIT binary patch
literal 1466
zcmV;r1x5NFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI@PbDOvm&a?jtO@Gg(U^_|2Z>ihgP4BL0#>w@b*J5L<0f~{8
zTs=4UzuyQ*3>b{DvE7?`UlL2=TM54XR$9;?`2uyH3)7#W<ckpWQ=e=9?PLL(oF#<8
z#h&K6u6s2aC4XJlE&p{d2crvbG#m`CJnwqsUAW$rd+lB@cVEZbSZoONg}b+}^5Xs@
z22v^l5=xqJk1-AeftouUhyrwkddpFhcogW5S;m#hVGH5=D97v#=@{Qs4v`R|iGbsn
zS+=PNHIUMMvowTZ<s}*e1cQBh>8t;BuJ#}jUr`&O<d{8sJs%C%BBJE?Cus<Rz%W`M
zn@m3#_Na6<meXr;M9T=r45BCyJh^MV=NG?2$93Gk=I?r^ex_}#KK=>AC;&q9mItvR
z)P{rHNe?#1zvm7-uNeOWZ#cR<$Nw=bA2|>S{7xwCFXKGDGd2XDz21|M{+LZ-Ln@r2
zQL*Ou0Uw1FNd$yQ-~)lxk2HRAgfR{mW);yr6Ct+)=UT;4A_Te4^!h}I7|Xn-Q1={U
z(i#P^hM?%8$C%;D24*(8$5<AY306Ow*0YyD7}U>J&a6_U4Wu;8G1mgVpR5gnJ1r!k
zo~R%WWj3=u`(~8916qukV+bfVP5_3cv9$BN)9O(Kcne_)_HtKpOUZ_0-KnS;(n8K_
z9hf)_K`$Lr1VI7!A=lChDgt8)NO!A-RzQy+ic|Xks-YE-c@j|p=zi7E3g|D;vH<kw
zs-YE-RCJT7{VXUx&Ra!nt!pdnj4KZ!L_-i3SNwZ*X9IAA+%bHCejK2088%V!QOq5#
zmAuc|i)38ySaV_Gna;vJW4?_QyM!_O`=4|OUtkC?ohm|kbNA`%@V?N@Sfp*XC$Yjw
zF3z-IW!2+SM}@#DcQYpAAg~W27sYv7TU;J`?Y^~!ub;TJ{8OmvZ-j4Hfi;bU(rVU3
z#geMMq!3on=7~s_&EDjj05whbnds(wVGXR0FLI*7C_t+5w3_ftsQ^K42D6eA>%Fkj
z5o-1gIn@xTveR&-(F%-^70f{yhwH6<mQ&w+b52WFwkx@7CY=TGmZ5ix-^qr?O$DoV
zkGlI8t_eA}bn7~*xsquPuVA4d3@gdmL|v=g4;rLNkgZ17@okGZX$<Mq-ye|=gopPP
zqA_+CbWkT6!6<oHA64w`+D9_rfF3qV(N;kLTEnu`=L-`Bu<SUyq1H-oN;vhJyODGI
z=S0hdgMrhl4phoMYh3<@XIy=n=u#fbd(bYi)hs<?{elv8QYBeO-?SCU_TC-S)F#&5
zwnc?Az-|yW+3&a~dlD57XPYaNlj3fd+T+tMSJqOxvZK&=>O#m*YAx%3t5Ru;LSRGv
ze{emzD%Jn&|L6MOG3?OwzgNO^SO|Rof|+zzR0LN}Pg@#{kUQD5?zDOq{;OmbDuSiH
zElNG1kiW$<)Dj6z_WTOSpX&!~0}tOD;Ohr$0nZaAy*|aX<nkG!wTkH$1NU^7ypP)2
zXMXe#T`en-uG4e%hWm3YKj~Y<4xLpIzEk{)aO@6$pUqXv{2!&Kk#?^E8}h$*IT)7m
z|KNH!I_Ljm*rD@(Mwkw>fBxNBMecub*nQ^zkp%uVR1Y9l_Qd&shT0TP8_Ovhizz!6
zw3>B~?XY1h-`c|N;C*#xVRfet=~mWK|20Oc^;cm{`hRtKS=Rq6@BID8QS8wApAx1+
z`JX0$b?TqFJN>cmK=1hX7AN)-C9*@-xKpD2djIA2i2L{h#DBg1Pe0y#`25ic{k?rO
zegEr?2Bq(RFGt?F{&y7n--eG}Z`d^LV|)Rc7%hO9So@qdHt4h2vhI`GQ?KxBXFJ>3
U&Q@jr1^@v6|2qT`b^tU009w=3)&Kwi

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc8.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc8.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..1c8c7a5104a17bb4dd48cf4b136fcad931a84280
GIT binary patch
literal 6622
zcmXAuWmptU*MJw07HN=NBm@aTQ96}Y>5`BXP>`ilSh`E38|f}76_%0^Nl6iwP#Tu5
zjrn-qZ~mURPRupuo*8H?2_59W1@1uvtkiTxY}8(eJ@=J-Y%OXiVypM~jftM5n3kcT
z*b5`4w^q)!zWO>aS+&<r?;yM8J8laSX`{$#y@Hf^x5?MK-jYRGdHmk1xksAGUh`Xd
z+dn+o?;NT1WZ=(19GYixz31)cc^B|~sFig~`=UH1L+f-OD6b|Q=eoPx>3-nJ&?OW}
z;z&02Qt$y{=i4jG`+JXH`Hdw6IkzsbQAS?DS{Fued-0?FV}8AgaFPAf(TEQF#U%%k
zP5GybHny)K6x4p^d&*1KIsNOTvDC=yOBUh3D-^~m*f6l(5?XT7b+<Z{U`X&ucwe5l
zV)&}H<R7e8bV(E6^KQKRLvcabO2RkSX;%Dw-syY`BlQdL4eg8-<+}-IeBS+q_&!My
zt;f+UOlNHWe7AO58LpGg<>{+?+u-$`_q$y;Dq=*S5@~U!)<WEZ<V7M66xj>AVc}W<
z%g;E&Q^Tapska+b`EHHO%epEWAN$untM|2&e#OD<vSP_Eb>7i);mYe|&<V>|_Czhz
zc^Tz~5*sT_{Rm%td0VSCVA{lLOK>Q|=(Zq7T5p<Mk;1>)zYSV}anAygj#fw{hIP*T
z>w=r2M9zgS5?vou^XiGh;S@ozkHWn|cOicDZM7g;7tUEV@jKRZR>ex;dPxOnuIi_;
z68xv(DV-S}QVEkjJqa4sgcc-8pVk^AY1s@QLM~EVrhmpvz3X2+*pE>k)_C|%cBWe0
zdrQOQkMFeK+cSB8!)kzPU<{H-!{eI(*zWr5X;3sVw+ZeZuyzD9-I9s!ky91zkNr36
zEUOA-P~zaEQjyO^_&bi=wy?g}tt`44Om;xTO6jg}p7AlMB)RY&hegAXa+pTMjNr0b
z&*XXi4XaiY+vtsg8cOO1!_!(}5*N>@hAyP;81UARdvHW=XneTNyUchRRv4BjeyjAW
zUd+>%8V1G5+rI<QV+`IZ{5&f2k1Tf<D+Eb5;zAw2D}Icv;a0UlS5L2U7<aKz(ViSs
zgpa$QP$~qI)Nj;K6GsZAE0`-~>QnH(cNuhw|5F~DJV&BuM0fx}5+qj|)o;^B>a0*P
zkmP=Dvh2fKEOIMs#B+``kCN@CD!gUXqQGGvTtSQbrz>DsA|AX%JGx0zPUoQf7vEQD
z%Qx3cH${&d-@dRBuF9t)HK~#=Iz2S_+97<)@P+OKKJ$#>cF#!0Mgx7Jd+rz2a<Y&`
zIN=j{i^`jP5*#<ycl6BRx1N<cQVx=~wW{bPcrN_pcJXL@vrQ|lp+CPF-KjEo7)rYB
z`E_{noF?sysXx{TrKbPgf`AI$?;s0LSQ2GSiY!|WmpRIet*5fBWzh+5i<s|Uclw!p
z2G8J<s!Xi*RWRGsUJv2vB2b<0*4()~PW$3ngc7MGRO7i!BZ;27SrMsb{mJjyL+;En
z3H;6QO5zocapXr#(pg%+u&EB;9<DG^zSYD>j4Nf(GXwL-MsHU+q40#mR&n#Lvfmo>
zx{})Tt-Y2&=K0z4-!$9)m3av#UV40F_21V6XZKr8<_Or&6dX<$Nwci9g4Qo&UCbxx
z*B_<i@Th6Bx_)oVDKJ_zS`_Z;37qF^0nuLjf9`i32a}s#rJ4sf9wH0mf6jrXrls+@
z>-~2yeo17mP3@vERIirlgI8$H;6tjW^RB}LLVWUK<5$^CZ)iyzO<~aQx0vKUC$623
zjgI_50c;76chA+oAb3lw%|#B#xT?y35LNEf#Puk&>X5a{=*nap+eYj{pN>7&H#_Vq
z*0$oAc&}NWQ+NiC(fq25zf7tY`1!bbaH{<H#SV03Q)DL9L0N{<YW78z>W=HXrzbAD
z0^Y8_brnmO8w@<8OFC0WEgl4JJlG}sTi>Op_`!u?nTXxNTk(EIkVj078EiW;twpw?
zuUG2j=B<=Gt;Cqrz}dVt?wBg)E+?XdoPsldFWP@~&b*y$Z!Iv)mUSIp>-4@;eds11
zu74*gUUcN4p*2!bNBa88g2nR5hRi|1woknh@Q$?ac!x!z^5RugfOv4+(oL+8v|G!Q
z8Pl1Wl#yhef1T7)t!(|lqzhKVqXBiEs^!v(Mn3}>BOHVjtr?$H|7peaMU9yWXbAYR
zzZjC0;V$aU@obnV(-L}|k>Nlo;uhY#R?f?Te7hn2Ex4s@MvCS1Bh!<sYY$Qhj8mtX
zM+F9C3`fn-Eh_5E)abO!HNMP;IM`j^!`%8Q4zvr8c0UN50XyeccDOPo+xd<cnPJm)
zPgVc*cYBBm<ZpO$bCEvf0_*%a2kTNn%%#*{m}2j~Z1wko*?KR)>D~s=&*cODF!nTP
zHALf5p8fTu{B345k|bdm7^`>*KxFTH&IWKpj8O}wbrpim!)EJHsrGeapi^Do8y0$#
zI0C#VV8BsU9wCt8XNZ@qKY$J!4oILt;@C})t-ywX8i;`+nqwpj(=puaTI~81BfrCp
z6AzZUkgxp-T$z9c6AsFVK8Aj}L@aeP7yJQG`%C#<7J#5;O$X6&yE70=I|zb%cMM#z
zJ(2+OkB&k7avLVm)>a(7;cYnwc&y+!B!yBVk)@D`cW}tpbTPg)P#`^ca6R#|uonL*
z3#WWo{Jrda&?anYNbpuw8Mnij7shdpb|T~7fO}zKbExcdz^oXLK@LVuKr96L58*Cm
zXe9K^{R}ZHih<!bAHokV&ydwbGl?-6`ARH`vS|%iAz(BAvyu<NiZd5D>#u+dkz+(8
z$ZrB%y}(YJ5e%r_#$``;UFpOF;!GfWaV?Q;0<BC_1Hk4ch$kv%K_BNM6+@4KO)pS!
zF~c$b7<9fmPM%f}MH@-;A0hTH;UzRT0gJ+QYy)^A%*)X_(SYJ7$j>}QsA#i*^GqOY
zg~-HKLFq3o&M~0C{tSqRFkixNpka>`7R!5p4)z$V)n)?N4bMZkN7xF&m!&>Xe+|BO
z46vP<!12cEA-LTOFT&eap~s2W<K)F~aMAKufUXAV4ajQTbmChKtPA(Q0tH~?BmS2v
zYaa+~rhxpzjMV~)Q58D?=aP^D<hFlxaOWdeNWD+|fbtOX;}V{h4aAY)Es^IDT#K^H
zA&6J$F%H^-R}cp-PZ8ajmpE_H@<ib84Dm_9+F|RQ_5XnfdvJIL7B}nSV%G^KNVfli
z2fK&~$mu5<K=}vaa)CiwzPCFAVj;gT5F1261G(@foRK*H5g0^+<1^%YP{cGf2#Wq!
zUdGf5_%czD#u@Sg#21L+Q0;iju4mb&h%Y)H!07_~7^lTm{sE{q02P9%*oU|(bdE1a
zB|FY^6a)&}gRdPQn6Aqy2rlWQ#cur#aXpg1I)I_~Q~4$dXMcvWsRmhkt2@LJvnvsA
zS?6Qoo4T|#*PC1D<2#2H>w~0|ZqeECus)|<p;Oih7`5vQ?XeFRm%NA@KA4a_sK_Wt
zd>2WOHZG^U*X3O#z$imf_g*kp8U0z7xFWE&C%=4;`p$wps+u=#&gMARQyIE2cOI^3
z>23kdtjnW65+%z?LD$o4i5kabXHPI?3OD3Cr~lm=66bC2ElA|Ne}2QzqVO{&d#HQ=
zB;O>GNnf=Bo2XnUheqzKV}LWleg?2878iL6BYJUZZU_`TpA(~<#6ht^wI-!xzr5zT
zq#tc*Ci`nM<u{yApX%rj(0G<4GxYeAw<jWs2vZYvtTK#nJHkJyh^8chW2K>wf7t>d
zL@7x^i()LzTUtqp%^l<H;4q<M-S4~6yrS8cm}-(&mDRkFjbE8<9ND*U2Sv2Keimuu
zK3^WBGw{O0-ih$hS{d9TWebdBI}Dz7-7CCbc-*TR^7;xmO^s}VK)BO7oLO<EFrOdk
zy!H)<XEXeU@X#4*@TGWtN>P`+5hXKphX1WZh#{BI#(R(SNYXf1eq$~i<1V1_%bwkJ
zW{-4ITzOdna=)$2flRc&d$RRZB3{IgIU>tywWKuDW`*JzHFA2k3l&YUk<g3JkK`qw
zS|=Dtb`>BC>V@bC{xEC9qhuXw6LSocdbJ#K1b=goU6N<YNmk&rfQq8o#!uZ$ZFHxk
zWZ)FF1yLQ4uw2di@8h`9q{1DmREQ!c69scmCI-!iTB+u(SGA2LJt>UB^lfb(TM(Y`
zwSqyOI*)wKasM`Ac3HREsTtbK6;=ajF7Iv#+<3X#-WYA_9BxcbI=nFWdC@I{_Rgi0
zhX^}+^20G%vF~{S*UbGPuO`AhM6G{z^H<r>z6;IR^_bb)duT?O$2iLeeN1cni=pzz
zFppvJ)m*~Exjc)gZ#i^TCySro%bmq(-)Y#uo8{`f=e0lQbe1L<ol~%+Np4XK0upP|
z6<(j>DMaI-Iq`1C@ZQ3CfFzmx0!4SumE*+K$50t9(L5-HR_Gl{t?pPKM8^^pZ{`rk
z%t}KtMbZ7#3cqX($FZqK22OKnLYTl%2d!*G#e5CDduEBpsya_@IoHB1YS+fE)7Ekh
z<xE;$j{WYi@L5jZ+OjdR7g?3lG~B$ScWo=FYj3BUN-_9%mDCsUZM&Kv@H@sfT-*<@
zB6o%<<rkN}$-&|Nm-`qPV@378!55}X*=p<!2|Ql6n*QnqiZ(4BXZajZQ!kNdOCuH_
zcZx#7!6GFR=&Q0Zz5W$cGrZku5E4+uP}WgoQYQ>^9z(t|gSWK@cpt7@9i5KsO`p#~
zkM8BC3=Iw0yg`~_d<w7DCumfM$o}<Hy__Se;1*uWho7IVj>z4^|E@=AcH%Firn<*;
zcH{E|YI8P7o$u%N9;G<+ek}}{j}X}0|M<<3W~+X1M4SIjm4VxF7uk=J;S0EWTMF0w
z4ot)0&%et3#xD(=ZVl9l^Ks)s>anQjCYQLOG!I(NA0>mh^h-G1-<ZR%3od3}v9gIZ
zQy|hOv;-~hhC^CfE?pnD^M~*$WZ0-Xxi6|$wJ;oRYiB$hbp;d#M7;9fua}-gCfhvO
zU{(4oRgO|PQ{l^p&IEpo@?q+qm}Ok~r`LL#9`z8nqm1g)ne#F^pT>KQmjBZ62aS~d
zZ>qh)X_1HX9K31@d_L&oy!r^^`A1zr6m|Yx@?q*a_OnFzMbYT#<zavHJ74lLJkRE-
zl7CeIikt5bwtYswZ1*fszFxWjIB6xZbG?rd3wA&yjh)I-#I|TX+uIwfAt)uKz!mT{
zgH?C0z%V`}$ZP-|P5X22K?8O1JGg_F^m)fUHCBI!(GM2NvV1Q;oQBW)72Y)CL`bbf
zJ1_gsl_wH&zanfxxG6bqLG~SY*X|ugaW~8c9*wAz7iNz8Pd_2=CZN2#DOIqsnp0~^
zB9xJoZdCWNZwlq$)aZ%YJ{mbg`P`a(@(i<ZBVM(rn=c3Nu1Cn1w{+C$^DnI3QV%Kd
zFA^q6e5wTZYs-RB{`EKb8`78H>Eu3R-z+no!^xzDp!3#S<QBs0Y!ckDVz2F5C`~>T
ze{Mw6nNAqK5W1Pk#6v$6&->8x{U`66JlW5M=t#;<_E4Xudj=d4FZE=~sWXUYMSg{_
zJ?`cD_x4W8c6^T<RriU-vf5(3)!aJ*1iipU7Q60=>?CrJ0Gd3ZSM?w?hOY^jjLQGQ
z<7)s#O-p=^z~6oyjf!7Z%f9^OSUPupTF(Fe<um2PSGNRcn%N$lgy9)fMqb~VgGwg(
z49zM6Xr(C({T-=WbHz3HV80jo)fNYN_2~5Go4tIPw#F|u?4SW2Pbr2)t+)aN8t2Cp
zRq#&lqxrfI2vZMKPZBgPxc+>E((`>AO%G%y{$aRc;gluNRqKS+*Hl)PSQX&Z;xOpx
zp890n$`R1??8d{|ky6PCF19bfrwx?bxm8-#a;)zOrWS55o<zaho1a!}<)O`BE%gn*
z^fg=GWI0qAE<QSSoioaM@fqec_WSRniL^;KiNEyPg}7gJeDuXAYvYIfUfjnonF|M-
z;TrBA+12z}nTt=&E7YYOKD)5Oa2IT8M)mQYs~^yO_u-+TZEF<K2)ZSi5y<-mwM?Ch
zCfR;?#rfCd*}Pk9lxh25umd2aMUlXPC=w31{6t}qep(0yqt7xq@OR@&qi)PpS~OCM
z?}i8*c-?<QyOhQ<cTS&Ay}Ni^gb#@050F2>qY&l`d51JW&<n=8RxnT~8aozp4E)xD
zFL4%J5^`W5eiH692VP2qfr`YN#gq^<<`_ZLjsl+Oh-<*jz#x+ojUAHff@Z2H$X@^2
zjL_9zhhLEw<on}hMI1q7Z}8#u{NBSLuV!A@Fmt5t=(QfC$H!cwxic6+U&GE_9A(}(
zjxr95gr;6vG-07xSY&*G7fwDL3%!j-2v;7$-$z{{dvP0MfHmt}o<&g>1C`IcgtF|w
zNh*&3<eFr$V}Za`;x^MYj8BaKUJ+npgFPR(gW2#-%0(j`dFub*?6IKR#cB7N|L%fc
z$X^M{+_-(O+$p2Wtak9WybpwGg33o=_CMwi`ErpDjsk6%yNm&Wb}$INy9+WUK`Zqm
zD?mKbfc%MtMrr(yHIEV5ilS!-9SX}`fG3dyh}m%+jG*Zl9%?mK4IYOO?Si%kN7?Nl
zR3{t|X92Puc<+AK0fPFGHOQWV^j|^42riLzNB9c&!0`@T)*WXmD)A7IkM=t`5Gype
zFtcfgY-5mcVg*Uyeg^;Z7z4X;dW>jbgM97#wHc(UoeCnqL9~aisrMQ<%rP(wVUYF8
zqd&rmp14^jKyh7pECx=4h8g0WDJkQiC-@4N7>n*J<aG?BQ+=S{0>YQ_q8IaD&pJ>b
z{^z-T)^)GoWXJzm^y6U$ysh(Fu}6GsaNv}J#TnJXFxUA19JeMtG2V*M*OWz9z4<GA
zoA>~_y#_zS%)WwI{=dRg8%$&p@IqB&qpAk*F!{*6!&(@1<sAGNi?q9TFeZ+Mzg-7r
zC?)h;=1X#wdq5!fqBH&>F4656bl@_5K^=8*dw#vFyS8%L7MfkPVGNJ)CDtADQ0Ds`
z>jlsE+j4<7Ut<sh?5+)A7bNiE6@L^uQKttiSw0#(Kp>(2UCd<QKJ`?Yh3!hhG6kFA
z19RrfMQ1i;H=A{&J!N!Rnx_%z!a9sE^W~cJxKh{i?F0+%XT6U#TOFJtz<U@tH|ocd
zo030qYpk`7>iDa1LKQEyq~tVh8&SS%X5!d`T!O}5ycP=^M(H1Lv=vFV5e&u{wi(wz
zVeYRVa>gYaEmT%;TzbVd96zEpN{FWxF9igr^PROO@|VRqi?y)~CG7^E7!Mq2l#Je0
zakB<ekPtIA*R55}&cbf=uqNdtl(@5)zbT343<&v)pVTWsydoMPkrES<L%2@!!m8hg
zMql<LIcHB~3&YpR?UF#5$J3o^bUR=t_E;Qsf49UxMdk+vVI|*$TVP30wZqJk<Q45`
z<B#tQv!pm^o|w2+PhS<xWx64$v}H~eIM}r-hx~k-nDPrRsPv18eDNQ|i2U}^IwYa8
z+WsV|om$KZCeNde%Bf~G^f=nPXe2W}-Q!5FDIcgOuU&jAtD0VTf1Idd`s!c0g$emV
zTC~_bI(u91q}Sn*b0*QDQG!{A&u5?X=$2hhbxg9xTqXt}SA!OLSf3K79Kh#x?APJ`
zMWV;pbG!Ob@I*&mteJGHb+cw`%&rhGF^Y|kHc_s!_|-R}O6QT=s_EM?Axh#p_`>2+
zPcazlJ0-$*b4TAcH?q;#TZ_t}oRr*(RHTIW40jN>RfoqVGahtKT`6p36Pn%`(&kWL
zbRse)V%4OMWO6wTBV-Nm$o%+2d^KpV{<W%XG|XckeFkGI$i4WZRk$DLfvcE__DCcV
zwaptatfWtQWkXj^_t9|p3G~+&yN~BNgUTY)F9+I72|AS+erzohmey|Hq9mSrNhJjk
zz~CiZ{{>xgn@9l0F=(xS&#9+VDfxl$RJ%+8z7;n<r{ZbNwi@Y=c^iErt$c}^ylMk!
zoNU?ecOG(j9qikHsZdE!^C`9ZEQcYEzbOZYtiTC*6n$(SZy$wF(_6I13J0pUFCo6&
z)N`>?;UoEM0x^&kmdqUEQq<bjGw~}k4q`#xwE4=HSE;n&dZ<6(Xu8T-El?FQ@Nc3S
zkBLE?Svia+f#$c)CZ9vgZlU*cdt3Gc?SA_Fsl_&iGKXf4(I-4r&ak+p0GZ;b&4Rf5
zrH<U!kEd}GIs+OJeQbx+g;t~L_+tFYu5otty5D<)d3AIsl4wbW(z3ZeO~ecmezKC2
zYqRQiZTI{tl)g+O*lk)RN2xEa#xQhViqQY)ER!;lM4G!%)lroBaZ{P1V{f>RRK3)J
zx}t^R9TkHEVO|-oa?tM+_b(&4bstiiwx}<A?!UeDPRz)wA|%g)o*DG*6ff2ox8_I1
zc}E5yxipQ{D2uf{W}5p*nLaBx5^GA3yAV)nHj|J(&g$WBihB8`a=~x(=aY03#RB?L
z-DV31`BmfOH`bx5`-&9Qp8T0{Hq6m_xm4lWoIx=`Pv?@L;;H@vd>@`C`WsNMl}ae|
z3V);%Wc{Atfi*Ox4t}5aGyEQ*g83pETGx$d04;=>H!1YoVX(8unc`3T)<W+;`0oC%
zY0F;t^g!wsW6Q^VZid0~p*3eoZ}U%+-FdA`&c=8&SQ?_d&FD~zC*hDy)m=i4ajgy1
s5`Vv+X|HR)&hnU~m#ED#oQwE(S6A1vz;{4={gngoDq1!m8hDWZ1J68^Jpcdz

literal 0
HcmV?d00001

diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/Chart.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/Chart.yaml
new file mode 100644
index 000000000..0ba1da37b
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 3.0.0-rc8
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/README.md b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/README.md
new file mode 100644
index 000000000..f6d9ef621
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/README.md
@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscan.yaml
new file mode 100644
index 000000000..3cbb0ffcd
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscan.yaml
@@ -0,0 +1,148 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscans.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScan
+    plural: clusterscans
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .status.lastRunScanProfileName
+      name: ClusterScanProfile
+      type: string
+    - jsonPath: .status.summary.total
+      name: Total
+      type: string
+    - jsonPath: .status.summary.pass
+      name: Pass
+      type: string
+    - jsonPath: .status.summary.fail
+      name: Fail
+      type: string
+    - jsonPath: .status.summary.skip
+      name: Skip
+      type: string
+    - jsonPath: .status.summary.warn
+      name: Warn
+      type: string
+    - jsonPath: .status.summary.notApplicable
+      name: Not Applicable
+      type: string
+    - jsonPath: .status.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.scheduledScanConfig.cronSchedule
+      name: CronSchedule
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              scanProfileName:
+                nullable: true
+                type: string
+              scheduledScanConfig:
+                nullable: true
+                properties:
+                  cronSchedule:
+                    nullable: true
+                    type: string
+                  retentionCount:
+                    type: integer
+                  scanAlertRule:
+                    nullable: true
+                    properties:
+                      alertOnComplete:
+                        type: boolean
+                      alertOnFailure:
+                        type: boolean
+                    type: object
+                type: object
+              scoreWarning:
+                enum:
+                - pass
+                - fail
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              NextScanAt:
+                nullable: true
+                type: string
+              ScanAlertingRuleName:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                nullable: true
+                properties:
+                  error:
+                    type: boolean
+                  message:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                  transitioning:
+                    type: boolean
+                type: object
+              lastRunScanProfileName:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              summary:
+                nullable: true
+                properties:
+                  fail:
+                    type: integer
+                  notApplicable:
+                    type: integer
+                  pass:
+                    type: integer
+                  skip:
+                    type: integer
+                  total:
+                    type: integer
+                  warn:
+                    type: integer
+                type: object
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanbenchmark.yaml
new file mode 100644
index 000000000..fd291f8c3
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanbenchmark.yaml
@@ -0,0 +1,54 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanbenchmarks.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanBenchmark
+    plural: clusterscanbenchmarks
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.clusterProvider
+      name: ClusterProvider
+      type: string
+    - jsonPath: .spec.minKubernetesVersion
+      name: MinKubernetesVersion
+      type: string
+    - jsonPath: .spec.maxKubernetesVersion
+      name: MaxKubernetesVersion
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapName
+      name: customBenchmarkConfigMapName
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapNamespace
+      name: customBenchmarkConfigMapNamespace
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              clusterProvider:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapName:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapNamespace:
+                nullable: true
+                type: string
+              maxKubernetesVersion:
+                nullable: true
+                type: string
+              minKubernetesVersion:
+                nullable: true
+                type: string
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanprofile.yaml
new file mode 100644
index 000000000..1e75501b7
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanprofile.yaml
@@ -0,0 +1,36 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanprofiles.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanProfile
+    plural: clusterscanprofiles
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              skipTests:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+            type: object
+        type: object
+    additionalPrinterColumns:
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanreport.yaml
new file mode 100644
index 000000000..6e8c0b7de
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanreport.yaml
@@ -0,0 +1,39 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanreports.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanReport
+    plural: clusterscanreports
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              reportJSON:
+                nullable: true
+                type: string
+            type: object
+        type: object
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/Chart.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/Chart.yaml
new file mode 100644
index 000000000..60311c338
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: CIS Benchmark
+  catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+  catalog.cattle.io/release-name: rancher-cis-benchmark
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: rancher-cis-benchmark
+apiVersion: v1
+appVersion: v3.0.0
+description: The cis-operator enables running CIS benchmark security scans on a kubernetes
+  cluster
+icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+keywords:
+- security
+name: rancher-cis-benchmark
+version: 3.0.0-rc8
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/README.md b/charts/rancher-cis-benchmark/3.0.0-rc8/README.md
new file mode 100644
index 000000000..50beab58b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/README.md
@@ -0,0 +1,9 @@
+# Rancher CIS Benchmark Chart
+
+The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
+
+# Installation
+
+```
+helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
+```
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/app-readme.md b/charts/rancher-cis-benchmark/3.0.0-rc8/app-readme.md
new file mode 100644
index 000000000..5e495d605
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher CIS Benchmarks
+
+This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
+
+This chart installs the following components:
+
+- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
+- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
+- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
+- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
+- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
+    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
+    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/_helpers.tpl b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/_helpers.tpl
new file mode 100644
index 000000000..b7bb00042
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/_helpers.tpl
@@ -0,0 +1,27 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "cis.namespace" -}}
+  {{- .Release.Namespace | default "cis-operator-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/alertingrule.yaml
new file mode 100644
index 000000000..1787c88a0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/alertingrule.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.alerts.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: rancher-cis-pod-monitor
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  podMetricsEndpoints:
+  - port: cismetrics
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-aks-1.0.yaml
new file mode 100644
index 000000000..1ac866253
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-aks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: aks-1.0
+spec:
+  clusterProvider: aks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.20.yaml
new file mode 100644
index 000000000..1203e5bcc
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.20.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.20
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.23.yaml
new file mode 100644
index 000000000..920b556ea
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.23.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.23
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.5.yaml
new file mode 100644
index 000000000..c9e6075fb
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.5.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.5
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.6.yaml
new file mode 100644
index 000000000..4f5d66e92
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.6
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-eks-1.0.1.yaml
new file mode 100644
index 000000000..d1ba9d295
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-eks-1.0.1.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: eks-1.0.1
+spec:
+  clusterProvider: eks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-gke-1.0.yaml
new file mode 100644
index 000000000..72122e8c5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-gke-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: gke-1.0
+spec:
+  clusterProvider: gke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-hardened.yaml
new file mode 100644
index 000000000..147cac390
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.20-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-permissive.yaml
new file mode 100644
index 000000000..d9584f722
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.20-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-hardened.yaml
new file mode 100644
index 000000000..ee153603b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.23-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-permissive.yaml
new file mode 100644
index 000000000..51f2186f3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.23-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..5160cf795
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..10c075985
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-hardened.yaml
new file mode 100644
index 000000000..4924679cb
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.20-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-permissive.yaml
new file mode 100644
index 000000000..2db66d7c6
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.20-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-hardened.yaml
new file mode 100644
index 000000000..f6a99698e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.23-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-permissive.yaml
new file mode 100644
index 000000000..a26bd63cf
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.23-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..b9154f1ad
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..9da65d55d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..77f8a31df
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..600b8df35
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-hardened.yaml
new file mode 100644
index 000000000..b6cc88359
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.20-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-permissive.yaml
new file mode 100644
index 000000000..fd898bfe8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.20-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-hardened.yaml
new file mode 100644
index 000000000..90e356d72
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.23-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-permissive.yaml
new file mode 100644
index 000000000..deafdbda6
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.23-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..20091ec2b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..9a86906b0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..ea2549ef3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..0afdaaa19
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/cis-roles.yaml
new file mode 100644
index 000000000..23c93dc65
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/cis-roles.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-admin
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-view
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/configmap.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/configmap.yaml
new file mode 100644
index 000000000..1a9cd1809
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/configmap.yaml
@@ -0,0 +1,18 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-clusterscanprofiles
+  namespace: {{ template "cis.namespace" . }}
+data:
+  # Default ClusterScanProfiles per cluster provider type
+  rke: |-
+    <1.21.0: rke-profile-permissive-1.20
+    >=1.21.0: rke-profile-permissive-1.23
+  rke2: |-
+    <1.21.0: rke2-cis-1.20-profile-permissive
+    >=1.21.0: rke2-cis-1.23-profile-permissive
+  eks: "eks-profile"
+  gke: "gke-profile"
+  aks: "aks-profile"
+  k3s: "k3s-cis-1.23-profile-permissive"
+  default: "cis-1.23-profile"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/delete_rolebindings.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/delete_rolebindings.yaml
new file mode 100644
index 000000000..9c9946464
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/delete_rolebindings.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: delete-rolebinding
+  annotations:
+    "helm.sh/hook": pre-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      restartPolicy: Never
+      containers:
+      - name: delete-binding
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "delete", "clusterrolebinding", "cis-operator-rolebinding", "cis-operator-installer"]
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/deployment.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/deployment.yaml
new file mode 100644
index 000000000..ab0bb3e24
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/deployment.yaml
@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cis-operator
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    cis.cattle.io/operator: cis-operator
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  template:
+    metadata:
+      labels:
+        cis.cattle.io/operator: cis-operator
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      containers:
+      - name: cis-operator
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
+        imagePullPolicy: Always
+        ports:
+        - name: cismetrics
+          containerPort: {{ .Values.alerts.metricsPort }}
+        env:
+        - name: SECURITY_SCAN_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
+        - name: SECURITY_SCAN_IMAGE_TAG
+          value: {{ .Values.image.securityScan.tag }}
+        - name: SONOBUOY_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
+        - name: SONOBUOY_IMAGE_TAG
+          value: {{ .Values.image.sonobuoy.tag }}
+        - name: CIS_ALERTS_METRICS_PORT
+          value: '{{ .Values.alerts.metricsPort }}'
+        - name: CIS_ALERTS_SEVERITY
+          value: {{ .Values.alerts.severity }}
+        - name: CIS_ALERTS_ENABLED
+          value: {{ .Values.alerts.enabled | default "false" | quote }}
+        - name: CLUSTER_NAME
+          value: '{{ .Values.global.cattle.clusterName }}'
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/network_policy_allow_all.yaml
new file mode 100644
index 000000000..6ed5d645e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 000000000..e78a6bd08
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ template "cis.namespace" . }}]
+
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/psp.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/psp.yaml
new file mode 100644
index 000000000..c012e7a43
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/psp.yaml
@@ -0,0 +1,57 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: cis-psp
+spec:
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+  - '*'
+  fsGroup:
+    rule: RunAsAny
+  hostIPC: true
+  hostNetwork: true
+  hostPID: true
+  hostPorts:
+  - max: 65535
+    min: 0
+  privileged: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cis-psp-role
+  namespace: {{ template "cis.namespace" . }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - cis-psp
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cis-psp-rolebinding
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cis-psp-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/rbac.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/rbac.yaml
new file mode 100644
index 000000000..36dc55b29
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/rbac.yaml
@@ -0,0 +1,160 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-clusterrole
+rules:
+- apiGroups:
+  - "cis.cattle.io"
+  resources:
+  - "*"
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - "pods"
+  - "services"
+  - "configmaps"
+  - "nodes"
+  - "serviceaccounts"
+  verbs:
+  - "get"
+  - "list"
+  - "create"
+  - "update"
+  - "watch"
+  - "patch"
+- apiGroups:
+  - "batch"
+  resources:
+  - "jobs"
+  verbs:
+  - "list"
+  - "create"
+  - "patch"
+  - "update"
+  - "watch"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-scan-ns
+rules:
+- apiGroups:
+  - "*"
+  resources:
+  - "podsecuritypolicies"
+  verbs: 
+  - "get"
+  - "list"
+  - "watch"
+- apiGroups:
+  - ""
+  resources:
+  - "namespaces"
+  - "nodes"
+  - "pods"
+  verbs:
+  - "get"
+  - "list"
+  - "watch"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cis-operator-role
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  namespace: {{ template "cis.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - "services"
+  verbs:
+  - "watch"
+  - "list"
+  - "get"
+  - "patch"
+- apiGroups:
+  - "batch"
+  resources:
+  - "jobs"
+  verbs:
+  - "watch"
+  - "list"
+  - "get"
+  - "delete"
+- apiGroups:
+  - ""
+  resources:
+  - "configmaps"
+  - "pods"
+  - "secrets"
+  verbs:
+  - "*"
+- apiGroups:
+  - "apps"
+  resources:
+  - "daemonsets"
+  verbs:
+  - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-operator-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cis-scan-ns
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-scan-ns
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cis-operator-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.20.yaml
new file mode 100644
index 000000000..05263ce7d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.20.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.20-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.20
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.23.yaml
new file mode 100644
index 000000000..c59d8f51f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.23.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.23-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.23
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.6.yaml
new file mode 100644
index 000000000..8a8d8bf88
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.6-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-hardened.yml
new file mode 100644
index 000000000..a0b6cb6f6
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.20-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-permissive.yml
new file mode 100644
index 000000000..89885548d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.20-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-hardened.yml
new file mode 100644
index 000000000..724412d3a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.23-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-permissive.yml
new file mode 100644
index 000000000..9f9213de1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.23-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-hardened.yml
new file mode 100644
index 000000000..095e977ab
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-permissive.yml
new file mode 100644
index 000000000..3b22a80c8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-hardened.yaml
new file mode 100644
index 000000000..c36cf38c9
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.20
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-permissive.yaml
new file mode 100644
index 000000000..cfeb4b34c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.20
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-hardened.yaml
new file mode 100644
index 000000000..007331149
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.23
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-permissive.yaml
new file mode 100644
index 000000000..085b60dfa
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.23
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-hardened.yaml
new file mode 100644
index 000000000..d38febd80
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-permissive.yaml
new file mode 100644
index 000000000..d31b5b0d2
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-hardened.yml
new file mode 100644
index 000000000..decc9b651
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.20-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-permissive.yml
new file mode 100644
index 000000000..74c96ffc4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.20-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-hardened.yml
new file mode 100644
index 000000000..abc1c2a21
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.23-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-permissive.yml
new file mode 100644
index 000000000..51cc519ac
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.23-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-hardened.yml
new file mode 100644
index 000000000..c7ac7f949
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-permissive.yml
new file mode 100644
index 000000000..96ca1345a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileaks.yml
new file mode 100644
index 000000000..ea7b25b40
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileaks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: aks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: aks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileeks.yml
new file mode 100644
index 000000000..3b4e34437
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileeks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: eks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: eks-1.0.1
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofilegke.yml
new file mode 100644
index 000000000..2ddd0686f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofilegke.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: gke-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ec48ec622
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  name: cis-operator-serviceaccount
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..562295791
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/validate-install-crd.yaml
@@ -0,0 +1,17 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/values.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/values.yaml
new file mode 100644
index 000000000..852711030
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/values.yaml
@@ -0,0 +1,49 @@
+# Default values for rancher-cis-benchmark.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  cisoperator:
+    repository: rancher/cis-operator
+    tag: v1.0.10-rc2
+  securityScan:
+    repository: rancher/security-scan
+    tag: v0.2.9-rc5
+  sonobuoy:
+    repository: rancher/mirrored-sonobuoy-sonobuoy
+    tag: v0.56.7
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+affinity: {}
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+
+alerts:
+  enabled: false
+  severity: warning
+  metricsPort: 8080
diff --git a/index.yaml b/index.yaml
index 800eb520e..0a427270e 100755
--- a/index.yaml
+++ b/index.yaml
@@ -3421,6 +3421,32 @@ entries:
     - assets/rancher-backup-crd/rancher-backup-crd-1.0.200.tgz
     version: 1.0.200
   rancher-cis-benchmark:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: CIS Benchmark
+      catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+      catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+      catalog.cattle.io/release-name: rancher-cis-benchmark
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: rancher-cis-benchmark
+    apiVersion: v1
+    appVersion: v3.0.0
+    created: "2022-10-18T23:00:17.259715427+02:00"
+    description: The cis-operator enables running CIS benchmark security scans on
+      a kubernetes cluster
+    digest: 22d1116483cc01cbceba2f3733b120261af5279ed2b15d4a28d869a17a838720
+    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+    keywords:
+    - security
+    name: rancher-cis-benchmark
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc8.tgz
+    version: 3.0.0-rc8
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -3735,6 +3761,20 @@ entries:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz
     version: 1.0.100
   rancher-cis-benchmark-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+    apiVersion: v1
+    created: "2022-10-18T23:00:17.261637441+02:00"
+    description: Installs the CRDs for rancher-cis-benchmark.
+    digest: 25225ec34aac875d216fe72dd81788384dad7f6f2479c3ecbb814b8b7f1af5b3
+    name: rancher-cis-benchmark-crd
+    type: application
+    urls:
+    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc8.tgz
+    version: 3.0.0-rc8
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"