From 1a83ec8f6a0f6971dd9b35ee16e0c894f3e7cd7c Mon Sep 17 00:00:00 2001
From: actions <actions@github.com>
Date: Mon, 12 Apr 2021 17:32:39 +0000
Subject: [PATCH] Merge pull request #1105 from MonzElmasry/fix_chart_version

fix rancher-cis-benchmark chart version
---
 .../rancher-cis-benchmark-1.0.400-rc02.tgz    | Bin 0 -> 4950 bytes
 ...rancher-cis-benchmark-crd-1.0.400-rc02.tgz | Bin 0 -> 1452 bytes
 .../1.0.400-rc02/Chart.yaml                   |  10 ++
 .../1.0.400-rc02/README.md                    |   2 +
 .../1.0.400-rc02/templates/clusterscan.yaml   | 149 ++++++++++++++++++
 .../templates/clusterscanbenchmark.yaml       |  55 +++++++
 .../templates/clusterscanprofile.yaml         |  37 +++++
 .../templates/clusterscanreport.yaml          |  40 +++++
 .../1.0.400-rc02/Chart.yaml                   |  18 +++
 .../1.0.400-rc02/README.md                    |   9 ++
 .../1.0.400-rc02/app-readme.md                |  15 ++
 .../1.0.400-rc02/templates/_helpers.tpl       |  23 +++
 .../1.0.400-rc02/templates/alertingrule.yaml  |  14 ++
 .../templates/benchmark-cis-1.5.yaml          |   8 +
 .../templates/benchmark-cis-1.6.yaml          |   8 +
 .../templates/benchmark-eks-1.0.yaml          |   8 +
 .../templates/benchmark-gke-1.0.yaml          |   8 +
 .../benchmark-rke-cis-1.5-hardened.yaml       |   8 +
 .../benchmark-rke-cis-1.5-permissive.yaml     |   8 +
 .../benchmark-rke-cis-1.6-hardened.yaml       |   8 +
 .../benchmark-rke-cis-1.6-permissive.yaml     |   8 +
 .../benchmark-rke2-cis-1.5-hardened.yaml      |   8 +
 .../benchmark-rke2-cis-1.5-permissive.yaml    |   8 +
 .../benchmark-rke2-cis-1.6-hardened.yaml      |   8 +
 .../benchmark-rke2-cis-1.6-permissive.yaml    |   8 +
 .../1.0.400-rc02/templates/cis-roles.yaml     |  49 ++++++
 .../1.0.400-rc02/templates/configmap.yaml     |  16 ++
 .../1.0.400-rc02/templates/deployment.yaml    |  57 +++++++
 .../templates/network_policy_allow_all.yaml   |  15 ++
 .../patch_default_serviceaccount.yaml         |  20 +++
 .../1.0.400-rc02/templates/rbac.yaml          |  43 +++++
 .../templates/scanprofile-cis-1.5.yml         |   9 ++
 .../templates/scanprofile-cis-1.6.yaml        |   9 ++
 .../scanprofile-rke-1.5-hardened.yml          |   9 ++
 .../scanprofile-rke-1.5-permissive.yml        |   9 ++
 .../scanprofile-rke-1.6-hardened.yaml         |   9 ++
 .../scanprofile-rke-1.6-permissive.yaml       |   9 ++
 .../scanprofile-rke2-cis-1.5-hardened.yml     |   9 ++
 .../scanprofile-rke2-cis-1.5-permissive.yml   |   9 ++
 .../scanprofile-rke2-cis-1.6-hardened.yml     |   9 ++
 .../scanprofile-rke2-cis-1.6-permissive.yml   |   9 ++
 .../1.0.400-rc02/templates/scanprofileeks.yml |   9 ++
 .../1.0.400-rc02/templates/scanprofilegke.yml |   9 ++
 .../templates/serviceaccount.yaml             |  14 ++
 .../templates/validate-install-crd.yaml       |  17 ++
 .../1.0.400-rc02/values.yaml                  |  45 ++++++
 index.yaml                                    |  36 +++++
 47 files changed, 888 insertions(+)
 create mode 100755 assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc02.tgz
 create mode 100755 assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc02.tgz
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/Chart.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/README.md
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscan.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscanbenchmark.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscanprofile.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscanreport.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/Chart.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/README.md
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/app-readme.md
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/_helpers.tpl
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/alertingrule.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-cis-1.5.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-cis-1.6.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-eks-1.0.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-gke-1.0.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.5-hardened.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.5-permissive.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.6-hardened.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.6-permissive.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.5-hardened.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.5-permissive.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.6-hardened.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.6-permissive.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/cis-roles.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/configmap.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/deployment.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/network_policy_allow_all.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/patch_default_serviceaccount.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/rbac.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-cis-1.5.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-cis-1.6.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.5-hardened.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.5-permissive.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.6-hardened.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.6-permissive.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.5-hardened.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.5-permissive.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.6-hardened.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.6-permissive.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofileeks.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofilegke.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/serviceaccount.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/validate-install-crd.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/values.yaml

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc02.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc02.tgz
new file mode 100755
index 0000000000000000000000000000000000000000..50311281ca517aa051ff1320fa8093b473decfd1
GIT binary patch
literal 4950
zcmV-c6RGSUiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PJ0TZ`(MN-+#}aVxT^Uwu?x9N#Yd7JqKjd+#<J4w@AACV9{rh
z($d)GV~JErDqdeU-{n5beX;{dNtR_herc?<T@8xH7Rezw<Zot3ieo{TKSJU9RJwg+
z{wN}1+&mi*p}Z-H!tWk|TCG;Advs*}wpy+7-*%^a{9XH~b$HxvwNFltziYLR4?ErO
zp!FD)ucJgNBED;Vc3tJpeI-N~<BBNCnd~(He4<Fmhn`QA3elsyNfO0f%A_J;*n_3h
z#q~w-_lPKew3LI7LeT-mATPc&TR>$TlBvr`ggrRBxP~9H3YO;A`D9Fd?163#k5LfC
zg)660VYIXempuq6Oa54z8Vi0)1C;LYRv4bMG|vwcsZdCtFxk9qFD)-HL?SWmz*0#q
zEtgQ&=TXcVGPSB4iRrH>B;~9Jx9tXr<HA?3<sCHwl)j*`GSA+Ra84+IjPyg4AQHwX
z8yfNE+(DwB2&$%F`Uji=fpOAD!BC;pjkeuyP+xN&DHY3Jv*~LsA-%N4X0k|$N;X42
z<g%$7pt;y?c=C4G7~^!pMId_(H?Oquki2fQUYbs}TCVV0oyJpx<{P5r`u~=M3ChPZ
z0BiJrr*(2v*8j)d!&?7WLC@ed4oDIzuwxDbE|z1_YdnMZBPxMPAn@Di<r{avMMRXs
z00uNfo#8e5ArT0-L{O`76o)=StTjUblqn8Vo(NDF#UW8By+(sZWQfN4P?>2g{S`o9
z%q3M^OmhX%Eb29rNs(cu1zq85-JGeGYoD;yjIvy=)_Mg_EwAGpW}G<V{e(|fbBU-B
zTwvg4S@REbEZbf0u+b1Gc_Mt2J-EAX06c?#AS5y&VK@bWK93?~0Whw#++>VC9ZVre
zM<_21gatZ7h~ySQ=|LfSP<+m$PkAB@Yk$P4k7hvCNLPcxvm;1C$$>IoXnQ5W9}(u;
zzd{)sp-lj?TPiq<kSPfhszwk}ZL$pSyeS7D6Mv+uzod+6b??E&K#ws5943U#^`uZN
zVYau*G;YAdkWVNZ8tx%wItvN@l}M8w=?WP7C?yfo1Ji$j5jVX@@DmYEp)ZJ$%|M}m
z=QB}1_fn=2RmRDA1^|AX^q}2pMd|klBQvb+&Z|qBcJWh!a?=tG#sj>@5Pdy)_2@Pf
z5A`fHt`&Uvz0n|p0cBK8ZSpYWeG;ZlmkQBNG3&jgn7qOvl}cCQI3_i<!*7knG|#le
zeHE^rpJ|3Uq;y(dr_mrG3fn#F9RxiXkWiul&@Bqn(g_jF4oieeP+z{|LiONP>s6~Z
z!`}ccxBt0zZr+SAj8RBW#XGwKYuA76PRahCoV44u{jY-V?wa4jIg^P%$X8U_#7nfA
zS&|4rtApuegaYCF=KX!+?#|U#i82I7FO>3<4!HN)u;~omm0b{dZ*#tX=C;gPvSzb|
zbx~~u_2;>YY^Ix(!;MIl<E#`NfcLBQT&;4=7FkP`YF;cBl&JwY|1O)(P7E-Vn168=
zdr|69^ZUj>C=2*RX8If^Gz@_RK`tIeC{xCCoAoMa>mm;tI!hlzK1m-JOpG?O6E4Of
zCxHZ?C!x*?(jQ@vglPN)HR2MB92*OxX%cUA;!T0M?UM^*)V8R&pw>3Xc#gfatbTxl
z0s5*3&Rc$+)~_Guz8yH{pAr%}bCP*#B>XjLo&GmY0%b#ygt+T^aE<<N9i6o2^?#>z
za$N8KRYE1bX?;R3bqFo$U3YH#DdJ4Kn3N4Yp9|#D^Lf;~Z8yf01wDAjgG-yE5uqXh
zQAE3#i<>+#58RYjnx5|F-QDG@!v*W&!To(huO@oNOHJKv<J_7J$Ty^qp|lTReh;rX
zQ$M98WXyw0>)f8RAm)@=uh@my__{uosqdTXt8YhLt;2s|lb1@j?H%u+1lHld(>W~R
zzul?#f2yG}y5}L2qx#G`D%U<?vt9W`e5Z3HM`-Hbyt6y&B3-jal>L<NF6T8nZLfXo
zwVZDSSziZji~nv__&=)gUj^+0|J|MO->vaqF>Q{29P6=d?FIiwwf%o0dR+Xcb7VFC
zaV%>G;7g*-@jo16h4?=@sqtS0Jud#!IkFo6!!g$Q|B`5P{EIPWdjRf;hyWP|n<;~}
z_&+M|{~dPQof`jD(BtBN*&JD|3`DIAo}6~We~cocQqtRv&IH!uzr6lG>KwLe{8vHy
z!~blK)EeN+rCspft-}7->;Fn<U-<7ng8i>|1NTq6;lBd=U%&rV3GEO6k75674X|(8
z3jdwmHUPHA|6%u}e*dQudUX6R&XEV<-+2)KuWJ17nRdkgRt~^={2!O?|6#j6|F4Ah
zi2n^8fLa4QCGCX&EjIvmvj6q@UnR6R{BO7c@F4m-E$_HS|6XZF{O{lXAJ_P=g7%32
z$FTpk2G}#L!@qtmc=%btAlBf&({7dD|7o?4YyZCzD&t@DiSLm_jkuuyV=n)B<5zN-
zF1X?$u6PBQ1QBHok%X9Dq#-f=QSc<rZ|1o3iYC3ip554=WtxTE$tR~=mKqB_pdl_z
zTl!F7%!RT^w<!9u2Ok_?AW`TXfRn^Q`YFH=?WdS1f8-oELsa_f#C`=Qq*6J*uk2?z
z-cPBo@WCN*EDeL%b8}@@r!B>2nmKRxb}dR{2`m#gX9GHnNL-Xlp8EXz=L?s?9%Z`R
zQk;B+v*j-~4_5PkY8_V7?zGnaXH#K+_P=$~DzE=rolgD!UnP|4Xfw)}BrXS<TU6L-
zgaUWDI^E_PZ^m~Pf~v5}c$e~o7)2f?A&t-{Kuu$8fL=ZH;7`{mssFIYh4u_GZBbzf
zVy-3XeE<3PwHdpXb*IR?(@KjJ_BR*G<`pdD?k>-bW7z`-$1+RSDtV}T<qT)7(+^Xz
z_iW&d0>jT-9j(KEfN{vD5wgz+2f7CThbKo1{{K<^{(m)8#Jl!CW`5i2eB@WSZG{{3
z+rS<mEL_sx=!*VhU--`&nDQy~PE$C?a$}|dSu@RN6t~pJQ{U$aQ*Rf9=B62l&5*U9
zGesyvQE<kV3fz(noCnY6WWF*?j+Xx2T^{Pe6!r=s_q<v7Fu1?(J(yLIA>7|TpKr;#
zBn;p2kowaeoQ4xJm3g{xpJyU1^ePLj06FDCu%X5Z?MS0j6e5w?31tb{?P3kr=V!lM
zUA+J8=KAdP?ajsI>5u1ys?x|cpCP|usKI#wZqk&S_oqKDZO#LgSkW(X|M~6DKm79Z
zZ~N$D8qjcE|K?h-Y1cB|E4p=daeZ_8=KSjY_08q^`>Tty>zj8!U%g-C{CwR!dHxXZ
z>+@gF_1HYv;*@O`9B)l?&)=T@@aFvWCLFVHD~0e_CK8_mf5NAPD_mODn_sTqpI_a)
zJ-u8$+{;5*6+#FWxh|{%HQn90p!jbj3Ug+&7?ghkqbxwCpxv2qnhS%Nvzi4HE{9>x
zsxbj3vr39gW~_^?Db)UIK1Uj!Wd-Lf1mi4A9+YwST8e=l3wbE>!z6ehrq&$))om^Y
z`PxYs583~9{vSg%;bMFf8@+x*!jMn&|J!(j>(+mV$7TQT@bI|y|0<#KhF&_}lnoa)
z^4{7cYvCVQ8Janw|KBmJQ_O?8K&k+g4F$?{chEe+@&h|R-%sOg6Y;{9F`v)v$ETL{
zmq_dIZ#KPiM`7M+-Bbsx!GHU3;r{ngyT*StRK|Z_kM|7o|IPbLkZvZ0D@g;O^!pJ2
z&IrTElcVN{^Rd%|m`j!Ye#C+Omc&Cr0$j}Q+QSytg4yYTc_<U#M+`7HfIbemK-WAr
zhc%S5TyM;;>OOxlCQwfem91#rYPWCgI?V{hQo1^GcJjPar!9@%yn1O?%4fZ3XZ5;l
zv1lnv(JAzK6cIfQJ~(Lwg>x`)=A~v2%S^ZQM>p30-~H1eiQ<vYa6LB)@A(+nKb<t@
z^nH4iVLUQ1G^Y(Na}L&84PC5H{4pO4-q47u9<*yczXh$+|K@=2Gk*tSo&G;LJ}Jk4
z?zHOrzm?FYhq--JWZj8wapR1{u{Xc!d-!K@mX$D8gK6Kf_|rN|_aMzXD%lxw>9o_H
zT$h%(*~9#dd;9b46(ae8vVgMT7bTf~+9v(^3J1C&nTQ_fV*_Auz*kFOCjEb*ugn10
za`PI0uIPfr-DahrM`@+pH-0_g;a%;_XF;)D$5#6k+w`z7P!9}&eU`p%v(b<);D4R|
zFP!hqBEW8G4c4yzTb*+Jr=yel{&yv`{rjKk$?WRrui44uvem)jsj)X-V?UvxqO1pw
z5(zrFbDz)6VoS}T?o&(f>!$7TzkLMQ9q`{htl$5xgdQLN-AeJ_t?~a^v<?1+iSAdt
z{JohTSd0J8NqPUjb6n%U5_(Mh7hkB#=1BV9)jk!$vY>NME!MAwcENw~^4BIBU@iU+
z7ta5>-FpAO651F37v8+AN&^($uY79Rehsue{<n?(wh8`QW&9u2zyDVaRbc<Sm7%|I
z=lrSV`nAw5_}?!2+b;J1s8z>*tA;AE|5a*$+Wv1vTjGCN1h~(R|9E)VU3mYej{jN>
zJu?0mZ%5@8dG9J<N#wbwmhP8NJL7+gO@OudKPvD4A02n<_z#uP-tj+o-?1_cP<sIz
z(vJA=?%n>^_^*Wag#Ydn+W&eNU<=wA|NFN8_4!{Vw0HbJh5fI00XC*B@Q-7;^{an|
z*5SW%QjY)FZXee1Un-%;#D5`<$)2&E{?6=E3-24CE$}}aZ+PBcrd{ygu7Cfb5_(Mh
z7eW^88UN|;%s#d7z5!Z`|DA69&eJ;lA1}mzYIo}R@6}K#-rLgaEoG!{9_eZQwV1O0
zdHgm!!QHD;AD?=RAEI^mza=3Jh{EhTl<SL)-}}jE4gTAQ$L08soldvj|Eq+anMgGQ
z7%F%XB7+wp=i?*>=b@`}4mgGTXbw2~-^-WK0{8yD@yvvt`P+aeEP&qMA)vl0BuG?Q
zqEq%Zngu_@u{XnaD49p7-<?J3<m}Gi%0vuaEH4NfB6w#cCVd)GMNxXE?=DjPCkr|0
z07gXqgww3P7m8miLD>+zmubF#D>Z2@i*}+4{E!7Jzu8v(?dAafhJR40q#n1F=Uj_k
z;HNx`>DpXN1b#}WzyO@9?9<uRYY9XknC%!g^x&OQnvm)fP$LAN3xP7`<^rcK0{(~y
zm4<uBvg$N7qS7XMX4<XoUg67AL+y*C<@*2X{PgwZxfeaod-Uu4zoSm+{HJ}?J+9Y(
zmC!S|vNHhAF0LWhoN%Tw)@Z!f=q$KzU_;eO5D8-jtQXg_^%-P=3c*BD2hM;LV!!2a
zd<hF+h)lE8;E&>vYL5!iFzcX3M1fBj^brC+VIe002417_3@)rLu#sOHA3uI<j4+IH
zZL)MagVzMt#*4AensE@pWhKwlgk~{3pL$fPqviM~aqJ2tL4=Q?1J>aGs9nDQ)jmEs
ztnpt7t-!z3(9cY54*EHG8~F2qHQ*_*6K&$*gJ$*O44Hm3-~ul6Cx!~HQwA?*Iz#^c
zVx&|od(Gx#GVy$xRpN0moc;V%bEZa`FTF<Nzqo+NItK$TBBKwqz8UceC=Q84)35;&
zl?Xflfddpeg(m_&1l%vwn_|H8dDPS?*@Nb7$NQs+%=`$B(P;X~v8lfxomBToTOkia
zKG9OpdW|z=O7<EJ7d{kq&8+SrRimVDs?KUHW_$@QEa>17VSyfwkR;3>Q8xU)|J7B0
z&?2%RUdo?*N=PQ$<}B|^P@IQW=Zb_$ARrT}P>-!1NQK(j<IHrA@c^YxnQA%yw4mBO
zI34IwxB7oT8I_|0J4K2;$dtdXY(f98RR1nq8@4W-nhJpG^4eW|@v-1~e|%{<1UR4!
zB}_)h^vEkghr@KD=k}>Md;3IUkUg}e1IV^2;WTTW9(ZF*0wAWdI(yb0(;HN_xp@$K
z-Qtwdibkhd%Wb#bF&offVncu$Jn5%dFAiWbqW(y;)sJUJ?>1Xfq;Swim$0b`j7A64
zPX|_UkYgGHWwz#=fd|XxIDr99@-Vf_dH{YR6^~}&c5F0LX6uPDuoY+RHgbz13@A|;
zPW6~4dKeT>=l5*9v`A+j%52F5r;FWQA?CdJGC|M#G8rSqH7ruqHiHci2@?!M{Z|(@
z8zrT&iisc*Diksuw$G98tmz99)`B?=Q7GNSt6c7GrrV#(l6ObqIHbO9WQa;?IGbLQ
z91Lbc8wXDMBMg!d56l#jdNpO^7F%Q$q3$(oEW8V&AYek6((<$RBP*r20XBy87WER*
za4A)s!AKq$MhxwYKqeD`R*)ZNox9|WDsI-jx`~-6w$SiV&cP*V=~UOx$%;ydMZOoN
z6#xs&=zq9EA9a7Ed341Sh1*z|mG#d}sOB@17!gK>+GjIqFU|5g%V*_e28kys6?rx+
zr$In99}<SsdBI9l@X==OnT>;wRv{qRV1e-4>E#=Z*l=z+&IQ<Dj-|EvU&w*3sivB0
U`bz2l0{{U3{}SGN7XZ8f0G31II{*Lx

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc02.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc02.tgz
new file mode 100755
index 0000000000000000000000000000000000000000..d59527f58916da787cc40d8974b0b5052f9dff14
GIT binary patch
literal 1452
zcmV;d1ylMTiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>(liD^AzGr@gCVj@SISx9!T}awV+gxtAYx=y%d!U{zd89QB
z)9HWj$Tnb%jWPI0Zo<AW(n{aj(zm<PVhxhdQFpm8-6={w4?#b7x%S_V=b*`1LKs|~
zD6Z?egML5xbzQgk>)!N+S6<(}zVTddIJ~)Xy@5OIUorPo!-q(02=tYEvaRCFy%GT_
z6#)q)&8Wi|2ZBJ&91cVQIzqkWs7X8t^hYe?O6jn<@O_jc_J(wfZ%T(q2+>5qal|a!
zRD>Ex>8@EC!mxCT#sI-!*G^sA-{ootBJl;a5lW8O!t3~GxE2v5?T^wB1c6~RM>d|k
zH|$C2axAA)XNZ;&ju=EyAb7HBoyE$o=eSPab-S9oz0SAZ)`O+m{|Un=07CPY2eBd4
zhJ!pR9@O~%aM0^-`+v{79$ftYERy#ehy;Eml(uD@=bw#r!G$+P0<ZHdq(5Tg*pLb*
zXjH5@zQ-paMdAh_68J!1gGlN`Io2453$t<Sj){=lf#CbeYzXePkc4`yf;dbgQJ4Mp
z@cHf@Xg*?&A)wee0T`OZ@_~cA*Xl_Gcn2YN7+cvKr#5o~5@qVOhP05g3TP9DA?T$;
ziXg}#KCashKq4?EhjG7ZHh_2nk$;R|R?P+w=2=8Jh=*0P0mMI`We(!6RkHzvRCJq$
z%W06`syjujpf~_EW5A;b(GZ0B_xqzvwHGo%?ifBtKMv5hoEa<mBxVlRN<L)$d2$uI
z3*a-Y;wZ^&IjX0V6Gk(Z`Ot=>NpBRy8iH+y=`d!viZ+zC9r09Wj+f!3i!x&W{?}n_
z0fF$7oRlh6g!1<O<Ckmu%ps(mj78ceUJ@&e1Sj*ym6VN1#%(*^wvsU!2Z7zp5wnMY
zg0iq!dC;95XarpKuvYRrxvQ-K-uu*6G!ja?;A0g_D#K5w+t4;kws2eQa^420X>#o2
z?R$4CV9`Izu?nLAsno{iF{erem~pZK$cCX<AB~gh)%0)VR7#H$mElUG4Lm~b@B(EV
z7W=wv9ewki>v+16W9VA?n3)?M;6Qiyl`PF~ci3{A?>wv+B;?GJs6DUbN~XDahgpI!
zETP+eD%!aHs6m<p)5hp>4%ITg#wAlre?~qKzND29je*&V!D|GwisS90@A9=x^hEt4
z*n7gq0VD^lVY#L8g^2=Kww7&BYo)8xKvi7a!==;mlilYRfTgt`mxScH*R9;c^0R$A
z!K`>{YzI|M4eAB@zoJB)J9rhRmZksfble*CY<g>c0NFa5H=k}3?GdM*XR)&Z^|O+D
zS@UW30@HL>1w~7`3tfv`32NQSF0<(sB2h4w@+P;*hLpA;AniHl{l8)TXHzO`Pzb82
z|MUhoH--Aob?<s`ssEfq&Qkwbv*z?dkiD~K$oE<;grB+ZR{dv7Q(FQEh5S99qLxT#
zvc<?@eyUQ}1H;$7z*Xv6V4m#4yVa_um*!6p6{=yi!%i}kl=2U>wi$bR&17w%s(7+t
z+xJ;TDbTm2``Vt>e|Zb(-#V?BDRY{ZkV_o74dhpSFld<nqx5Lr>~El&{O|RLgF^oA
z4f~h>f6gLj$^RK^+R6TFmhNWMcV(*6Gfw`mq>_BIdb{s4+Z30prK0__h#t|<q1C~f
zio>3I!x5F8R~?YgEDhto#z-~(DyT004|><d_&@NxOZ-2FoF)FJtZ66wxBd_C`SZyn
zS&pi7k}cMclucfyKASG2-R>X$lwU2?@qhB+_Wh?1PUxR(qwf1puiq<t|9R8*hL`w%
z4*6-%$BwsblIj?rgC<6EASQM`r;H8yY`U!ar1D$8;YBWTk&9fUO#Tl50RR6eqjkIh
GG5`R=Uh7@}

literal 0
HcmV?d00001

diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/Chart.yaml
new file mode 100755
index 000000000..1f4cbb170
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 1.0.400-rc02
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/README.md
new file mode 100755
index 000000000..f6d9ef621
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/README.md
@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscan.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscan.yaml
new file mode 100755
index 000000000..beca6e1f8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscan.yaml
@@ -0,0 +1,149 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscans.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.lastRunScanProfileName
+    name: ClusterScanProfile
+    type: string
+  - JSONPath: .status.summary.total
+    name: Total
+    type: string
+  - JSONPath: .status.summary.pass
+    name: Pass
+    type: string
+  - JSONPath: .status.summary.fail
+    name: Fail
+    type: string
+  - JSONPath: .status.summary.skip
+    name: Skip
+    type: string
+  - JSONPath: .status.summary.warn
+    name: Warn
+    type: string
+  - JSONPath: .status.summary.notApplicable
+    name: Not Applicable
+    type: string
+  - JSONPath: .status.lastRunTimestamp
+    name: LastRunTimestamp
+    type: string
+  - JSONPath: .spec.scheduledScanConfig.cronSchedule
+    name: CronSchedule
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScan
+    plural: clusterscans
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            scanProfileName:
+              nullable: true
+              type: string
+            scheduledScanConfig:
+              nullable: true
+              properties:
+                cronSchedule:
+                  nullable: true
+                  type: string
+                retentionCount:
+                  type: integer
+                scanAlertRule:
+                  nullable: true
+                  properties:
+                    alertOnComplete:
+                      type: boolean
+                    alertOnFailure:
+                      type: boolean
+                  type: object
+              type: object
+            scoreWarning:
+              enum:
+              - pass
+              - fail
+              nullable: true
+              type: string
+          type: object
+        status:
+          properties:
+            NextScanAt:
+              nullable: true
+              type: string
+            ScanAlertingRuleName:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            display:
+              nullable: true
+              properties:
+                error:
+                  type: boolean
+                message:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+                transitioning:
+                  type: boolean
+              type: object
+            lastRunScanProfileName:
+              nullable: true
+              type: string
+            lastRunTimestamp:
+              nullable: true
+              type: string
+            observedGeneration:
+              type: integer
+            summary:
+              nullable: true
+              properties:
+                fail:
+                  type: integer
+                notApplicable:
+                  type: integer
+                pass:
+                  type: integer
+                skip:
+                  type: integer
+                total:
+                  type: integer
+                warn:
+                  type: integer
+              type: object
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscanbenchmark.yaml
new file mode 100755
index 000000000..aa6fc2218
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscanbenchmark.yaml
@@ -0,0 +1,55 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanbenchmarks.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.clusterProvider
+    name: ClusterProvider
+    type: string
+  - JSONPath: .spec.minKubernetesVersion
+    name: MinKubernetesVersion
+    type: string
+  - JSONPath: .spec.maxKubernetesVersion
+    name: MaxKubernetesVersion
+    type: string
+  - JSONPath: .spec.customBenchmarkConfigMapName
+    name: customBenchmarkConfigMapName
+    type: string
+  - JSONPath: .spec.customBenchmarkConfigMapNamespace
+    name: customBenchmarkConfigMapNamespace
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanBenchmark
+    plural: clusterscanbenchmarks
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            clusterProvider:
+              nullable: true
+              type: string
+            customBenchmarkConfigMapName:
+              nullable: true
+              type: string
+            customBenchmarkConfigMapNamespace:
+              nullable: true
+              type: string
+            maxKubernetesVersion:
+              nullable: true
+              type: string
+            minKubernetesVersion:
+              nullable: true
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscanprofile.yaml
new file mode 100755
index 000000000..21bb68396
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscanprofile.yaml
@@ -0,0 +1,37 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanprofiles.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.benchmarkVersion
+    name: BenchmarkVersion
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanProfile
+    plural: clusterscanprofiles
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            benchmarkVersion:
+              nullable: true
+              type: string
+            skipTests:
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscanreport.yaml
new file mode 100755
index 000000000..017020a95
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc02/templates/clusterscanreport.yaml
@@ -0,0 +1,40 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanreports.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.lastRunTimestamp
+    name: LastRunTimestamp
+    type: string
+  - JSONPath: .spec.benchmarkVersion
+    name: BenchmarkVersion
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanReport
+    plural: clusterscanreports
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            benchmarkVersion:
+              nullable: true
+              type: string
+            lastRunTimestamp:
+              nullable: true
+              type: string
+            reportJSON:
+              nullable: true
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/Chart.yaml
new file mode 100755
index 000000000..5a5d2e9cd
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: CIS Benchmark
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+  catalog.cattle.io/release-name: rancher-cis-benchmark
+  catalog.cattle.io/ui-component: rancher-cis-benchmark
+apiVersion: v1
+appVersion: v1.0.4
+description: The cis-operator enables running CIS benchmark security scans on a kubernetes
+  cluster
+icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+keywords:
+- security
+name: rancher-cis-benchmark
+version: 1.0.400-rc02
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/README.md
new file mode 100755
index 000000000..50beab58b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/README.md
@@ -0,0 +1,9 @@
+# Rancher CIS Benchmark Chart
+
+The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
+
+# Installation
+
+```
+helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
+```
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/app-readme.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/app-readme.md
new file mode 100755
index 000000000..5e495d605
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher CIS Benchmarks
+
+This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
+
+This chart installs the following components:
+
+- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
+- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
+- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
+- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
+- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
+    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
+    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/_helpers.tpl b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/_helpers.tpl
new file mode 100755
index 000000000..67f4ce116
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/_helpers.tpl
@@ -0,0 +1,23 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "cis.namespace" -}}
+  {{- .Release.Namespace | default "cis-operator-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux_node_tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/alertingrule.yaml
new file mode 100755
index 000000000..1787c88a0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/alertingrule.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.alerts.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: rancher-cis-pod-monitor
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  podMetricsEndpoints:
+  - port: cismetrics
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-cis-1.5.yaml
new file mode 100755
index 000000000..39e8b834a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-cis-1.5.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.5
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-cis-1.6.yaml
new file mode 100755
index 000000000..93ba064f4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-cis-1.6.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.6
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-eks-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-eks-1.0.yaml
new file mode 100755
index 000000000..bd2e32cd3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-eks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: eks-1.0
+spec:
+  clusterProvider: eks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-gke-1.0.yaml
new file mode 100755
index 000000000..72122e8c5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-gke-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: gke-1.0
+spec:
+  clusterProvider: gke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.5-hardened.yaml
new file mode 100755
index 000000000..b5627f966
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.5-permissive.yaml
new file mode 100755
index 000000000..95f80c0f0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.6-hardened.yaml
new file mode 100755
index 000000000..d75de8154
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.6-permissive.yaml
new file mode 100755
index 000000000..52428f4a7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.5-hardened.yaml
new file mode 100755
index 000000000..3d83e9bd8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.5-permissive.yaml
new file mode 100755
index 000000000..f66aa8f6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.6-hardened.yaml
new file mode 100755
index 000000000..3593bf371
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.6-permissive.yaml
new file mode 100755
index 000000000..522f846ae
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/benchmark-rke2-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/cis-roles.yaml
new file mode 100755
index 000000000..23c93dc65
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/cis-roles.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-admin
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-view
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/configmap.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/configmap.yaml
new file mode 100755
index 000000000..620d9abfa
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/configmap.yaml
@@ -0,0 +1,16 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-clusterscanprofiles
+  namespace: {{ template "cis.namespace" . }}
+data:
+  # Default ClusterScanProfiles per cluster provider type
+  rke: |-
+    <1.16.0: rke-profile-permissive-1.5
+    >=1.16.0: rke-profile-permissive-1.6
+  rke2: |-
+    <1.20.0: rke2-cis-1.5-profile-permissive
+    >=1.20.0: rke2-cis-1.6-profile-permissive
+  eks: "eks-profile"
+  gke: "gke-profile"
+  default: "cis-1.6-profile"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/deployment.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/deployment.yaml
new file mode 100755
index 000000000..0d3c75e39
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/deployment.yaml
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cis-operator
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    cis.cattle.io/operator: cis-operator
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  template:
+    metadata:
+      labels:
+        cis.cattle.io/operator: cis-operator
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      containers:
+      - name: cis-operator
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
+        imagePullPolicy: Always
+        ports:
+        - name: cismetrics
+          containerPort: {{ .Values.alerts.metricsPort }}
+        env:
+        - name: SECURITY_SCAN_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
+        - name: SECURITY_SCAN_IMAGE_TAG
+          value: {{ .Values.image.securityScan.tag }}
+        - name: SONOBUOY_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
+        - name: SONOBUOY_IMAGE_TAG
+          value: {{ .Values.image.sonobuoy.tag }}
+        - name: CIS_ALERTS_METRICS_PORT
+          value: '{{ .Values.alerts.metricsPort }}'
+        - name: CIS_ALERTS_SEVERITY
+          value: {{ .Values.alerts.severity }}
+        - name: CIS_ALERTS_ENABLED
+          value: {{ .Values.alerts.enabled | default "false" | quote }}
+        - name: CLUSTER_NAME
+          value: {{ .Values.global.cattle.clusterName }}
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+      nodeSelector:
+        kubernetes.io/os: linux
+      {{- with .Values.nodeSelector }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      tolerations:
+      {{- include "linux_node_tolerations" . | nindent 8}}
+      {{- with .Values.tolerations }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/network_policy_allow_all.yaml
new file mode 100755
index 000000000..6ed5d645e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/patch_default_serviceaccount.yaml
new file mode 100755
index 000000000..1efa3ed1c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ template "cis.namespace" . }}]
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/rbac.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/rbac.yaml
new file mode 100755
index 000000000..816991f23
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/rbac.yaml
@@ -0,0 +1,43 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-operator-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cis-operator-installer
+subjects:
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-cis-1.5.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-cis-1.5.yml
new file mode 100755
index 000000000..d69ae9dd5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-cis-1.5.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.5-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.5
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-cis-1.6.yaml
new file mode 100755
index 000000000..8a8d8bf88
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.6-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.5-hardened.yml
new file mode 100755
index 000000000..4eabe158a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.5-permissive.yml
new file mode 100755
index 000000000..1f78751d1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.6-hardened.yaml
new file mode 100755
index 000000000..d38febd80
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.6-permissive.yaml
new file mode 100755
index 000000000..d31b5b0d2
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.5-hardened.yml
new file mode 100755
index 000000000..83eb3131e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.5-permissive.yml
new file mode 100755
index 000000000..40dc44bdf
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.6-hardened.yml
new file mode 100755
index 000000000..c7ac7f949
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.6-permissive.yml
new file mode 100755
index 000000000..96ca1345a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofile-rke2-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofileeks.yml
new file mode 100755
index 000000000..49c7e0246
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofileeks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: eks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: eks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofilegke.yml
new file mode 100755
index 000000000..2ddd0686f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/scanprofilegke.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: gke-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/serviceaccount.yaml
new file mode 100755
index 000000000..ec48ec622
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  name: cis-operator-serviceaccount
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/validate-install-crd.yaml
new file mode 100755
index 000000000..562295791
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/templates/validate-install-crd.yaml
@@ -0,0 +1,17 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/values.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/values.yaml
new file mode 100755
index 000000000..ff4a49495
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc02/values.yaml
@@ -0,0 +1,45 @@
+# Default values for rancher-cis-benchmark.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  cisoperator:
+    repository: rancher/cis-operator
+    tag: v1.0.4-rc1
+  securityScan:
+    repository: rancher/security-scan
+    tag: v0.2.3-rc1
+  sonobuoy:
+    repository: rancher/mirrored-sonobuoy-sonobuoy
+    tag: v0.16.3
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+
+alerts:
+  enabled: false
+  severity: warning
+  metricsPort: 8080
diff --git a/index.yaml b/index.yaml
index fd35a2206..9fe186a97 100755
--- a/index.yaml
+++ b/index.yaml
@@ -2061,6 +2061,28 @@ entries:
     urls:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.402-rc00.tgz
     version: 1.0.402-rc00
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: CIS Benchmark
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+      catalog.cattle.io/release-name: rancher-cis-benchmark
+      catalog.cattle.io/ui-component: rancher-cis-benchmark
+    apiVersion: v1
+    appVersion: v1.0.4
+    created: "2021-04-12T17:32:38.628448061Z"
+    description: The cis-operator enables running CIS benchmark security scans on
+      a kubernetes cluster
+    digest: ddf0cd7c9e58100f761681ea9f2e9b7a0961022e63b06241ccc6e4df3e37ae96
+    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+    keywords:
+    - security
+    name: rancher-cis-benchmark
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc02.tgz
+    version: 1.0.400-rc02
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -2229,6 +2251,20 @@ entries:
     urls:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.402-rc00.tgz
     version: 1.0.402-rc00
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+    apiVersion: v1
+    created: "2021-04-12T17:32:38.630282571Z"
+    description: Installs the CRDs for rancher-cis-benchmark.
+    digest: 2b98b8d77b68abf963f8170f3cda7bb4f7bb71c8a7489769ae09b81e1f9530e6
+    name: rancher-cis-benchmark-crd
+    type: application
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc02.tgz
+    version: 1.0.400-rc02
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"