Added cis-1.23 profiles for base CIS, rke1, rke2, k3s

packages/rancher-cis-benchmark/charts/Chart.yaml

@@ -12,11 +12,11 @@ annotations:
   catalog.cattle.io/type: cluster-tool
   catalog.cattle.io/ui-component: rancher-cis-benchmark
 apiVersion: v1
-appVersion: v2.0.5-rc3
+appVersion: v2.0.5-rc4
 description: The cis-operator enables running CIS benchmark security scans on a kubernetes
   cluster
 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
 keywords:
 - security
 name: rancher-cis-benchmark
-version: 2.0.5-rc3
+version: 2.0.5-rc4

packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.23.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.23
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.21.0"

packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.23-hardened.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.23-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.21.0"

packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.23-permissive.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.23-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.21.0"

packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.23-hardened.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.23-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.21.0"

packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.23-permissive.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.23-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.21.0"

packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.23-hardened.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.23-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.21.0"

packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.23-permissive.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.23-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.21.0"

packages/rancher-cis-benchmark/charts/templates/configmap.yaml

@@ -6,13 +6,13 @@ metadata:
 data:
   # Default ClusterScanProfiles per cluster provider type
   rke: |-
-    <1.19.0: rke-profile-permissive-1.6
-    >=1.19.0: rke-profile-permissive-1.20
+    <1.21.0: rke-profile-permissive-1.20
+    >=1.21.0: rke-profile-permissive-1.23
   rke2: |-
-    <1.19.0: rke2-cis-1.6-profile-permissive
-    >=1.19.0: rke2-cis-1.20-profile-permissive
+    <1.21.0: rke2-cis-1.20-profile-permissive
+    >=1.21.0: rke2-cis-1.23-profile-permissive
   eks: "eks-profile"
   gke: "gke-profile"
   aks: "aks-profile"
-  k3s: "k3s-cis-1.20-profile-permissive"
-  default: "cis-1.20-profile"
+  k3s: "k3s-cis-1.23-profile-permissive"
+  default: "cis-1.23-profile"

packages/rancher-cis-benchmark/charts/templates/scanprofile-cis-1.23.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.23-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.23

packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.23-hardened.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.23-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.23-hardened

packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.23-permissive.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.23-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.23-permissive

packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.23-hardened.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.23
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.23-hardened

packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.23-permissive.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.23
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.23-permissive

packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.23-hardened.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.23-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.23-hardened

packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.23-permissive.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.23-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.23-permissive

packages/rancher-cis-benchmark/charts/values.yaml

@@ -8,7 +8,7 @@ image:
     tag: v1.0.9
   securityScan:
     repository: rancher/security-scan
-    tag: v0.2.8-rc2
+    tag: v0.2.8-rc3
   sonobuoy:
     repository: rancher/mirrored-sonobuoy-sonobuoy
     tag: v0.56.7

packages/rancher-cis-benchmark/package.yaml

@@ -1,5 +1,5 @@
 url: local
-version: 2.0.5-rc3
+version: 2.0.5-rc4
 additionalCharts:
   - workingDir: charts-crd
     crdOptions: