Merge pull request #2169 from galal-hussein/fix_charts_psp_hardened

Fix charts psp hardened
2022-10-18 17:12:37 -07:00 · 2022-10-18 17:12:37 -07:00 · 108c669737
parent 9e992cb314 eba3d83e60
commit 108c669737
84 changed files with 33 additions and 15 deletions
--- a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc7.tgz
+++ b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc7.tgz
--- a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc8.tgz
+++ b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc8.tgz
--- a/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc7.tgz
+++ b/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc7.tgz
--- a/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc8.tgz
+++ b/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc8.tgz
--- a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/Chart.yaml
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/Chart.yaml
@ -7,4 +7,4 @@ apiVersion: v1
 description: Installs the CRDs for rancher-cis-benchmark.
 name: rancher-cis-benchmark-crd
 type: application
-version: 3.0.0-rc7
+version: 3.0.0-rc8
--- a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/README.md
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/README.md
--- a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscan.yaml
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscan.yaml
--- a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanbenchmark.yaml
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanbenchmark.yaml
--- a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanprofile.yaml
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanprofile.yaml
--- a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanreport.yaml
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanreport.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/Chart.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/Chart.yaml
@ -19,4 +19,4 @@ icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
 keywords:
 - security
 name: rancher-cis-benchmark
-version: 3.0.0-rc7
+version: 3.0.0-rc8
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/README.md
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/README.md
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/app-readme.md
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/app-readme.md
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/_helpers.tpl
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/_helpers.tpl
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/alertingrule.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/alertingrule.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-aks-1.0.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-aks-1.0.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.20.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.20.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.23.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.23.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.5.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.5.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.6.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.6.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-eks-1.0.1.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-eks-1.0.1.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-gke-1.0.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-gke-1.0.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/cis-roles.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/cis-roles.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/configmap.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/configmap.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/delete_rolebindings.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/delete_rolebindings.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/deployment.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/deployment.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/network_policy_allow_all.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/network_policy_allow_all.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/patch_default_serviceaccount.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/patch_default_serviceaccount.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/psp.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/psp.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/rbac.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/rbac.yaml
@ -46,11 +46,20 @@ metadata:
    app.kubernetes.io/instance: release-name
  name: cis-scan-ns
 rules:
+- apiGroups:
+  - "*"
+  resources:
+  - "podsecuritypolicies"
+  verbs: 
+  - "get"
+  - "list"
+  - "watch"
 - apiGroups:
  - ""
  resources:
  - "namespaces"
  - "nodes"
+  - "pods"
  verbs:
  - "get"
  - "list"
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.20.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.20.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.23.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.23.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.6.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.6.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-hardened.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-hardened.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-permissive.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-permissive.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-hardened.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-hardened.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-permissive.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-permissive.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-hardened.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-hardened.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-permissive.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-permissive.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-hardened.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-hardened.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-permissive.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-permissive.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-hardened.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-hardened.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-permissive.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-permissive.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-hardened.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-hardened.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-permissive.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-permissive.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-hardened.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-hardened.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-permissive.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-permissive.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileaks.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileaks.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileeks.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileeks.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofilegke.yml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofilegke.yml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/serviceaccount.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/serviceaccount.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/validate-install-crd.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/validate-install-crd.yaml
--- a/charts/rancher-cis-benchmark/3.0.0-rc8/values.yaml
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/values.yaml
@ -8,7 +8,7 @@ image:
    tag: v1.0.10-rc2
  securityScan:
    repository: rancher/security-scan
-    tag: v0.2.9-rc4
+    tag: v0.2.9-rc5
  sonobuoy:
    repository: rancher/mirrored-sonobuoy-sonobuoy
    tag: v0.56.7
--- a/index.yaml
+++ b/index.yaml
@ -3436,17 +3436,17 @@ entries:
      catalog.cattle.io/ui-component: rancher-cis-benchmark
    apiVersion: v1
    appVersion: v3.0.0
-    created: "2022-10-14T21:06:42.77523739+02:00"
+    created: "2022-10-18T23:00:17.259715427+02:00"
    description: The cis-operator enables running CIS benchmark security scans on
      a kubernetes cluster
-    digest: e254d98add7979243b248ab7e5ceefe55bb32f1c8d0973d424373fd438915e04
+    digest: 22d1116483cc01cbceba2f3733b120261af5279ed2b15d4a28d869a17a838720
    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
    keywords:
    - security
    name: rancher-cis-benchmark
    urls:
-    - assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc7.tgz
-    version: 3.0.0-rc7
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc8.tgz
+    version: 3.0.0-rc8
  - annotations:
      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
      catalog.cattle.io/certified: rancher
@ -3767,14 +3767,14 @@ entries:
      catalog.cattle.io/namespace: cis-operator-system
      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
    apiVersion: v1
-    created: "2022-10-14T21:06:42.777200088+02:00"
+    created: "2022-10-18T23:00:17.261637441+02:00"
    description: Installs the CRDs for rancher-cis-benchmark.
-    digest: acbfae01ff2e431687bff0edd2545d3af16ef779e7668f81736db01481de9028
+    digest: 25225ec34aac875d216fe72dd81788384dad7f6f2479c3ecbb814b8b7f1af5b3
    name: rancher-cis-benchmark-crd
    type: application
    urls:
-    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc7.tgz
-    version: 3.0.0-rc7
+    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc8.tgz
+    version: 3.0.0-rc8
  - annotations:
      catalog.cattle.io/certified: rancher
      catalog.cattle.io/hidden: "true"
--- a/packages/rancher-cis-benchmark/charts/templates/rbac.yaml
+++ b/packages/rancher-cis-benchmark/charts/templates/rbac.yaml
@ -46,11 +46,20 @@ metadata:
    app.kubernetes.io/instance: release-name
  name: cis-scan-ns
 rules:
+- apiGroups:
+  - "*"
+  resources:
+  - "podsecuritypolicies"
+  verbs: 
+  - "get"
+  - "list"
+  - "watch"
 - apiGroups:
  - ""
  resources:
  - "namespaces"
  - "nodes"
+  - "pods"
  verbs:
  - "get"
  - "list"
--- a/packages/rancher-cis-benchmark/charts/values.yaml
+++ b/packages/rancher-cis-benchmark/charts/values.yaml
@ -8,7 +8,7 @@ image:
    tag: v1.0.10-rc2
  securityScan:
    repository: rancher/security-scan
-    tag: v0.2.9-rc4
+    tag: v0.2.9-rc5
  sonobuoy:
    repository: rancher/mirrored-sonobuoy-sonobuoy
    tag: v0.56.7
--- a/packages/rancher-cis-benchmark/package.yaml
+++ b/packages/rancher-cis-benchmark/package.yaml
@ -1,5 +1,5 @@
 url: local
-version: 3.0.0-rc7
+version: 3.0.0-rc8
 additionalCharts:
  - workingDir: charts-crd
    crdOptions:
--- a/release.yaml
+++ b/release.yaml
@ -19,9 +19,9 @@ rancher-aks-operator-crd:
 rancher-alerting-drivers:
  - 101.0.0
 rancher-cis-benchmark:
-  - 3.0.0-rc7
+  - 3.0.0-rc8
 rancher-cis-benchmark-crd:
-  - 3.0.0-rc7
+  - 3.0.0-rc8
 rancher-csp-adapter:
  - 2.0.0+up2.0.0-rc1
 rancher-backup: