[dev-v2.9] rancher-cis-benchmark 6.5.1 update (#4823)

charts/rancher-cis-benchmark-crd/6.5.1/Chart.yaml

@@ -7,4 +7,4 @@ apiVersion: v1
 description: Installs the CRDs for rancher-cis-benchmark.
 name: rancher-cis-benchmark-crd
 type: application
-version: 6.5.0
+version: 6.5.1

charts/rancher-cis-benchmark/6.5.0/templates/benchmark-cis-1.9.yaml

@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: cis-1.9
-spec:
-  clusterProvider: ""
-  minKubernetesVersion: "1.27.0"

charts/rancher-cis-benchmark/6.5.0/templates/benchmark-k3s-cis-1.9.yaml

@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: k3s-cis-1.9
-spec:
-  clusterProvider: k3s
-  minKubernetesVersion: "1.27.0"

charts/rancher-cis-benchmark/6.5.0/templates/scanprofile-cis-1.9.yaml

@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: cis-1.9-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: cis-1.9

charts/rancher-cis-benchmark/6.5.0/templates/scanprofile-k3s-cis-1.9.yaml

@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: k3s-cis-1.9-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: k3s-cis-1.9

charts/rancher-cis-benchmark/6.5.1/Chart.yaml

@@ -12,11 +12,11 @@ annotations:
   catalog.cattle.io/type: cluster-tool
   catalog.cattle.io/ui-component: rancher-cis-benchmark
 apiVersion: v1
-appVersion: v6.5.0
+appVersion: v6.5.1
 description: The cis-operator enables running CIS benchmark security scans on a kubernetes
   cluster
 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
 keywords:
 - security
 name: rancher-cis-benchmark
-version: 6.5.0
+version: 6.5.1

charts/rancher-cis-benchmark/6.5.1/app-readme.md

@@ -18,15 +18,13 @@ This chart installs the following components:
 
 | Source | Kubernetes distribution | scan profile                                                                                                       | Kubernetes versions |
 |--------|-------------------------|--------------------------------------------------------------------------------------------------------------------|---------------------|
-| CIS    | any                     | [cis-1.9](https://github.com/aquasecurity/kube-bench/tree/main/cfg/cis-1.9)                                                         | v1.27+              |
-| CIS    | any                     | [cis-1.8](https://github.com/aquasecurity/kube-bench/tree/main/cfg/cis-1.8)                                                         | v1.26               |
+| CIS    | any                     | [cis-1.8](https://github.com/aquasecurity/kube-bench/tree/main/cfg/cis-1.8)                                                         | v1.26+               |
 | CIS    | rke                     | [rke-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/rke-cis-1.8-permissive)  | rke1-v1.26+         |
 | CIS    | rke                     | [rke-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/rke-cis-1.8-hardened)                  | rke1-v1.26+         |
 | CIS    | rke2                    | [rke2-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/rke2-cis-1.8-permissive) | rke2-v1.26+         |
 | CIS    | rke2                    | [rke2-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/rke2-cis-1.8-hardened)                 | rke2-v1.26+         |
-| CIS    | k3s                     | [k3s-cis-1.9](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/k3s-cis-1.9)                                | k3s-v1.27+          |
-| CIS    | k3s                     | [k3s-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/k3s-cis-1.8-permissive)  | k3s-v1.26           |
-| CIS    | k3s                     | [k3s-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/k3s-cis-1.8-hardened)                  | k3s-v1.26           |
+| CIS    | k3s                     | [k3s-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/k3s-cis-1.8-permissive)  | k3s-v1.26+           |
+| CIS    | k3s                     | [k3s-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/k3s-cis-1.8-hardened)                  | k3s-v1.26+           |
 | CIS    | eks                     | [eks-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/eks-1.2.0)                                                       | eks                 |
 | CIS    | aks                     | [aks-1.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/aks-1.0)                                                         | aks                 |
 | CIS    | gke                     | [gke-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/gke-1.2.0)                                                       | gke-1.20            |

charts/rancher-cis-benchmark/6.5.1/templates/benchmark-cis-1.8.yaml

@@ -6,4 +6,3 @@ metadata:
 spec:
   clusterProvider: ""
   minKubernetesVersion: "1.26.0"
-  maxKubernetesVersion: "1.26.x"

charts/rancher-cis-benchmark/6.5.1/templates/benchmark-k3s-cis-1.8-hardened.yaml

@@ -6,4 +6,3 @@ metadata:
 spec:
   clusterProvider: k3s
   minKubernetesVersion: "1.26.0"
-  maxKubernetesVersion: "1.26.x"

charts/rancher-cis-benchmark/6.5.1/templates/benchmark-k3s-cis-1.8-permissive.yaml

@@ -6,4 +6,3 @@ metadata:
 spec:
   clusterProvider: k3s
   minKubernetesVersion: "1.26.0"
-  maxKubernetesVersion: "1.26.x"

charts/rancher-cis-benchmark/6.5.1/templates/configmap.yaml

@@ -14,5 +14,5 @@ data:
   eks: "eks-profile"
   gke: "gke-profile-1.6.0"
   aks: "aks-profile"
-  k3s: "k3s-cis-1.9-profile"
-  default: "cis-1.9-profile"
+  k3s: "k3s-cis-1.8-profile-permissive"
+  default: "cis-1.8-profile"

charts/rancher-cis-benchmark/6.5.1/values.yaml

@@ -5,7 +5,7 @@
 image:
   cisoperator:
     repository: rancher/cis-operator
-    tag: v1.2.2
+    tag: v1.2.3
   securityScan:
     repository: rancher/security-scan
     tag: v0.4.1

index.yaml

@@ -13235,18 +13235,18 @@ entries:
       catalog.cattle.io/type: cluster-tool
       catalog.cattle.io/ui-component: rancher-cis-benchmark
     apiVersion: v1
-    appVersion: v6.5.0
-    created: "2024-12-04T21:45:04.741442282+05:30"
+    appVersion: v6.5.1
+    created: "2024-12-09T22:10:56.601973555+05:30"
     description: The cis-operator enables running CIS benchmark security scans on
       a kubernetes cluster
-    digest: 8f62d01264603f504323c8c23586616fe18c66563452da0c9470342dab010deb
+    digest: e7343dc707f0a6942e2a8536ec78b813d5f590cc28d2be6d750e9f2b4b7ce859
     icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
     keywords:
     - security
     name: rancher-cis-benchmark
     urls:
-    - assets/rancher-cis-benchmark/rancher-cis-benchmark-6.5.0.tgz
-    version: 6.5.0
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-6.5.1.tgz
+    version: 6.5.1
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -14113,14 +14113,14 @@ entries:
       catalog.cattle.io/namespace: cis-operator-system
       catalog.cattle.io/release-name: rancher-cis-benchmark-crd
     apiVersion: v1
-    created: "2024-12-04T21:45:04.748032795+05:30"
+    created: "2024-12-09T22:10:56.614422175+05:30"
     description: Installs the CRDs for rancher-cis-benchmark.
-    digest: e21d7c115d2e5041a5498489056e83e3c45d946ea723199c3893d9f05bee94b5
+    digest: d87dbd94c69cc58d71378543f23b55a948561fec145312e1177ca0f439ed2579
     name: rancher-cis-benchmark-crd
     type: application
     urls:
-    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-6.5.0.tgz
-    version: 6.5.0
+    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-6.5.1.tgz
+    version: 6.5.1
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"

packages/rancher-cis-benchmark/charts/Chart.yaml

@@ -12,11 +12,11 @@ annotations:
   catalog.cattle.io/type: cluster-tool
   catalog.cattle.io/ui-component: rancher-cis-benchmark
 apiVersion: v1
-appVersion: v6.5.0
+appVersion: v6.5.1
 description: The cis-operator enables running CIS benchmark security scans on a kubernetes
   cluster
 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
 keywords:
 - security
 name: rancher-cis-benchmark
-version: 6.5.0
+version: 6.5.1

packages/rancher-cis-benchmark/charts/app-readme.md

@@ -18,15 +18,13 @@ This chart installs the following components:
 
 | Source | Kubernetes distribution | scan profile                                                                                                       | Kubernetes versions |
 |--------|-------------------------|--------------------------------------------------------------------------------------------------------------------|---------------------|
-| CIS    | any                     | [cis-1.9](https://github.com/aquasecurity/kube-bench/tree/main/cfg/cis-1.9)                                                         | v1.27+              |
-| CIS    | any                     | [cis-1.8](https://github.com/aquasecurity/kube-bench/tree/main/cfg/cis-1.8)                                                         | v1.26               |
+| CIS    | any                     | [cis-1.8](https://github.com/aquasecurity/kube-bench/tree/main/cfg/cis-1.8)                                                         | v1.26+               |
 | CIS    | rke                     | [rke-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/rke-cis-1.8-permissive)  | rke1-v1.26+         |
 | CIS    | rke                     | [rke-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/rke-cis-1.8-hardened)                  | rke1-v1.26+         |
 | CIS    | rke2                    | [rke2-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/rke2-cis-1.8-permissive) | rke2-v1.26+         |
 | CIS    | rke2                    | [rke2-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/rke2-cis-1.8-hardened)                 | rke2-v1.26+         |
-| CIS    | k3s                     | [k3s-cis-1.9](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/k3s-cis-1.9)                                | k3s-v1.27+          |
-| CIS    | k3s                     | [k3s-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/k3s-cis-1.8-permissive)  | k3s-v1.26           |
-| CIS    | k3s                     | [k3s-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/k3s-cis-1.8-hardened)                  | k3s-v1.26           |
+| CIS    | k3s                     | [k3s-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/k3s-cis-1.8-permissive)  | k3s-v1.26+           |
+| CIS    | k3s                     | [k3s-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/k3s-cis-1.8-hardened)                  | k3s-v1.26+           |
 | CIS    | eks                     | [eks-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/eks-1.2.0)                                                       | eks                 |
 | CIS    | aks                     | [aks-1.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/aks-1.0)                                                         | aks                 |
 | CIS    | gke                     | [gke-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/gke-1.2.0)                                                       | gke-1.20            |

packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.8.yaml

@@ -6,4 +6,3 @@ metadata:
 spec:
   clusterProvider: ""
   minKubernetesVersion: "1.26.0"
-  maxKubernetesVersion: "1.26.x"

packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.9.yaml

@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: cis-1.9
-spec:
-  clusterProvider: ""
-  minKubernetesVersion: "1.27.0"

packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.8-hardened.yaml

@@ -6,4 +6,3 @@ metadata:
 spec:
   clusterProvider: k3s
   minKubernetesVersion: "1.26.0"
-  maxKubernetesVersion: "1.26.x"

packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.8-permissive.yaml

@@ -6,4 +6,3 @@ metadata:
 spec:
   clusterProvider: k3s
   minKubernetesVersion: "1.26.0"
-  maxKubernetesVersion: "1.26.x"

packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.9.yaml

@@ -1,8 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanBenchmark
-metadata:
-  name: k3s-cis-1.9
-spec:
-  clusterProvider: k3s
-  minKubernetesVersion: "1.27.0"

packages/rancher-cis-benchmark/charts/templates/configmap.yaml

@@ -14,5 +14,5 @@ data:
   eks: "eks-profile"
   gke: "gke-profile-1.6.0"
   aks: "aks-profile"
-  k3s: "k3s-cis-1.9-profile"
-  default: "cis-1.9-profile"
+  k3s: "k3s-cis-1.8-profile-permissive"
+  default: "cis-1.8-profile"

packages/rancher-cis-benchmark/charts/templates/scanprofile-cis-1.9.yaml

@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: cis-1.9-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: cis-1.9

packages/rancher-cis-benchmark/charts/templates/scanprofile-k3s-cis-1.9.yaml

@@ -1,9 +0,0 @@
----
-apiVersion: cis.cattle.io/v1
-kind: ClusterScanProfile
-metadata:
-  name: k3s-cis-1.9-profile
-  annotations:
-    clusterscanprofile.cis.cattle.io/builtin: "true"
-spec:
-  benchmarkVersion: k3s-cis-1.9

packages/rancher-cis-benchmark/charts/values.yaml

@@ -5,7 +5,7 @@
 image:
   cisoperator:
     repository: rancher/cis-operator
-    tag: v1.2.2
+    tag: v1.2.3
   securityScan:
     repository: rancher/security-scan
     tag: v0.4.1

packages/rancher-cis-benchmark/package.yaml

@@ -1,5 +1,5 @@
 url: local
-version: 6.5.0
+version: 6.5.1
 additionalCharts:
   - workingDir: charts-crd
     crdOptions:

release.yaml

@@ -30,6 +30,6 @@ fleet-crd:
 rancher-provisioning-capi:
   - 104.1.0+up0.3.1
 rancher-cis-benchmark:
-  - 6.5.0
+  - 6.5.1
 rancher-cis-benchmark-crd:
-  - 6.5.0
+  - 6.5.1