diff --git a/packages/rancher-cis-benchmark/charts/Chart.yaml b/packages/rancher-cis-benchmark/charts/Chart.yaml index fa5ff3366..8bad94fb0 100644 --- a/packages/rancher-cis-benchmark/charts/Chart.yaml +++ b/packages/rancher-cis-benchmark/charts/Chart.yaml @@ -7,7 +7,7 @@ annotations: catalog.cattle.io/os: linux catalog.cattle.io/permits-os: linux,windows catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0' + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' catalog.cattle.io/release-name: rancher-cis-benchmark catalog.cattle.io/type: cluster-tool catalog.cattle.io/ui-component: rancher-cis-benchmark diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.20.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.20.yaml index 898976581..1203e5bcc 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.20.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.20.yaml @@ -6,3 +6,4 @@ metadata: spec: clusterProvider: "" minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.23.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.23.yaml index a4c6d1ff2..920b556ea 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.23.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.23.yaml @@ -5,4 +5,4 @@ metadata: name: cis-1.23 spec: clusterProvider: "" - minKubernetesVersion: "1.21.0" + minKubernetesVersion: "1.22.0" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.5.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.5.yaml index 39e8b834a..c9e6075fb 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.5.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.5.yaml @@ -6,3 +6,4 @@ metadata: spec: clusterProvider: "" minKubernetesVersion: "1.15.0" + maxKubernetesVersion: "1.15.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.6.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.6.yaml index 93ba064f4..4f5d66e92 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.6.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-cis-1.6.yaml @@ -6,3 +6,4 @@ metadata: spec: clusterProvider: "" minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.20-hardened.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.20-hardened.yaml index 872bb9b3b..147cac390 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.20-hardened.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.20-hardened.yaml @@ -6,3 +6,4 @@ metadata: spec: clusterProvider: k3s minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.20-permissive.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.20-permissive.yaml index 58ec00f23..d9584f722 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.20-permissive.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.20-permissive.yaml @@ -6,3 +6,4 @@ metadata: spec: clusterProvider: k3s minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.23-hardened.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.23-hardened.yaml index bd6ce6188..ee153603b 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.23-hardened.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.23-hardened.yaml @@ -5,4 +5,4 @@ metadata: name: k3s-cis-1.23-hardened spec: clusterProvider: k3s - minKubernetesVersion: "1.21.0" + minKubernetesVersion: "1.22.0" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.23-permissive.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.23-permissive.yaml index dd6dee3bb..51f2186f3 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.23-permissive.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.23-permissive.yaml @@ -5,4 +5,4 @@ metadata: name: k3s-cis-1.23-permissive spec: clusterProvider: k3s - minKubernetesVersion: "1.21.0" + minKubernetesVersion: "1.22.0" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.6-hardened.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.6-hardened.yaml index 3ca9b6009..5160cf795 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.6-hardened.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.6-hardened.yaml @@ -5,4 +5,5 @@ metadata: name: k3s-cis-1.6-hardened spec: clusterProvider: k3s - minKubernetesVersion: "1.20.5" + minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.6-permissive.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.6-permissive.yaml index 6d4253c6e..10c075985 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.6-permissive.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-k3s-cis-1.6-permissive.yaml @@ -5,4 +5,5 @@ metadata: name: k3s-cis-1.6-permissive spec: clusterProvider: k3s - minKubernetesVersion: "1.20.5" + minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.20-hardened.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.20-hardened.yaml index 0555922ad..4924679cb 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.20-hardened.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.20-hardened.yaml @@ -6,3 +6,4 @@ metadata: spec: clusterProvider: rke minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.20-permissive.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.20-permissive.yaml index d09e9e1ed..2db66d7c6 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.20-permissive.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.20-permissive.yaml @@ -6,3 +6,4 @@ metadata: spec: clusterProvider: rke minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.23-hardened.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.23-hardened.yaml index bc6ad77a6..f6a99698e 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.23-hardened.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.23-hardened.yaml @@ -5,4 +5,4 @@ metadata: name: rke-cis-1.23-hardened spec: clusterProvider: rke - minKubernetesVersion: "1.21.0" + minKubernetesVersion: "1.22.0" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.23-permissive.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.23-permissive.yaml index f63b45590..a26bd63cf 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.23-permissive.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.23-permissive.yaml @@ -5,4 +5,4 @@ metadata: name: rke-cis-1.23-permissive spec: clusterProvider: rke - minKubernetesVersion: "1.21.0" + minKubernetesVersion: "1.22.0" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.5-hardened.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.5-hardened.yaml index b5627f966..b9154f1ad 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.5-hardened.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.5-hardened.yaml @@ -6,3 +6,4 @@ metadata: spec: clusterProvider: rke minKubernetesVersion: "1.15.0" + maxKubernetesVersion: "1.15.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.5-permissive.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.5-permissive.yaml index 95f80c0f0..9da65d55d 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.5-permissive.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.5-permissive.yaml @@ -6,3 +6,4 @@ metadata: spec: clusterProvider: rke minKubernetesVersion: "1.15.0" + maxKubernetesVersion: "1.15.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.6-hardened.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.6-hardened.yaml index d75de8154..77f8a31df 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.6-hardened.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.6-hardened.yaml @@ -6,3 +6,4 @@ metadata: spec: clusterProvider: rke minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.6-permissive.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.6-permissive.yaml index 52428f4a7..600b8df35 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.6-permissive.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke-cis-1.6-permissive.yaml @@ -6,3 +6,4 @@ metadata: spec: clusterProvider: rke minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.20-hardened.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.20-hardened.yaml index 95375fbea..b6cc88359 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.20-hardened.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.20-hardened.yaml @@ -6,3 +6,4 @@ metadata: spec: clusterProvider: rke2 minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.20-permissive.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.20-permissive.yaml index 51da408b9..fd898bfe8 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.20-permissive.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.20-permissive.yaml @@ -6,3 +6,4 @@ metadata: spec: clusterProvider: rke2 minKubernetesVersion: "1.19.0" + maxKubernetesVersion: "1.21.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.23-hardened.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.23-hardened.yaml index 1e2cb2a3a..90e356d72 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.23-hardened.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.23-hardened.yaml @@ -5,4 +5,4 @@ metadata: name: rke2-cis-1.23-hardened spec: clusterProvider: rke2 - minKubernetesVersion: "1.21.0" + minKubernetesVersion: "1.22.0" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.23-permissive.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.23-permissive.yaml index eef970c0e..deafdbda6 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.23-permissive.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.23-permissive.yaml @@ -5,4 +5,4 @@ metadata: name: rke2-cis-1.23-permissive spec: clusterProvider: rke2 - minKubernetesVersion: "1.21.0" + minKubernetesVersion: "1.22.0" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.5-hardened.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.5-hardened.yaml index 3d83e9bd8..20091ec2b 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.5-hardened.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.5-hardened.yaml @@ -5,4 +5,5 @@ metadata: name: rke2-cis-1.5-hardened spec: clusterProvider: rke2 - minKubernetesVersion: "1.18.0" + minKubernetesVersion: "1.15.0" + maxKubernetesVersion: "1.15.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.5-permissive.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.5-permissive.yaml index f66aa8f6e..9a86906b0 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.5-permissive.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.5-permissive.yaml @@ -5,4 +5,5 @@ metadata: name: rke2-cis-1.5-permissive spec: clusterProvider: rke2 - minKubernetesVersion: "1.18.0" + minKubernetesVersion: "1.15.0" + maxKubernetesVersion: "1.15.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.6-hardened.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.6-hardened.yaml index 3593bf371..ea2549ef3 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.6-hardened.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.6-hardened.yaml @@ -5,4 +5,5 @@ metadata: name: rke2-cis-1.6-hardened spec: clusterProvider: rke2 - minKubernetesVersion: "1.20.5" + minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.6-permissive.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.6-permissive.yaml index 522f846ae..0afdaaa19 100644 --- a/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.6-permissive.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-rke2-cis-1.6-permissive.yaml @@ -5,4 +5,5 @@ metadata: name: rke2-cis-1.6-permissive spec: clusterProvider: rke2 - minKubernetesVersion: "1.20.5" + minKubernetesVersion: "1.16.0" + maxKubernetesVersion: "1.18.x" diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-cis-1.5.yml b/packages/rancher-cis-benchmark/charts/templates/scanprofile-cis-1.5.yml deleted file mode 100644 index d69ae9dd5..000000000 --- a/packages/rancher-cis-benchmark/charts/templates/scanprofile-cis-1.5.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.5-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.5 diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.5-hardened.yml b/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.5-hardened.yml deleted file mode 100644 index 4eabe158a..000000000 --- a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.5-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.5 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.5-hardened \ No newline at end of file diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.5-permissive.yml b/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.5-permissive.yml deleted file mode 100644 index 1f78751d1..000000000 --- a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke-1.5-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.5 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.5-permissive diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.5-hardened.yml b/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.5-hardened.yml deleted file mode 100644 index 83eb3131e..000000000 --- a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.5-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.5-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.5-hardened diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.5-permissive.yml b/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.5-permissive.yml deleted file mode 100644 index 40dc44bdf..000000000 --- a/packages/rancher-cis-benchmark/charts/templates/scanprofile-rke2-cis-1.5-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.5-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.5-permissive diff --git a/packages/rancher-cis-benchmark/charts/values.yaml b/packages/rancher-cis-benchmark/charts/values.yaml index 088f87602..6d8e41cf2 100644 --- a/packages/rancher-cis-benchmark/charts/values.yaml +++ b/packages/rancher-cis-benchmark/charts/values.yaml @@ -8,7 +8,7 @@ image: tag: v1.0.9 securityScan: repository: rancher/security-scan - tag: v0.2.8 + tag: v0.2.9-rc1 sonobuoy: repository: rancher/mirrored-sonobuoy-sonobuoy tag: v0.56.7 diff --git a/packages/rancher-cis-benchmark/package.yaml b/packages/rancher-cis-benchmark/package.yaml index 1586002a1..3af38bd6e 100644 --- a/packages/rancher-cis-benchmark/package.yaml +++ b/packages/rancher-cis-benchmark/package.yaml @@ -1,6 +1,5 @@ url: local -version: 3.0.0 -doNotRelease: true +version: 3.0.0-rc1 additionalCharts: - workingDir: charts-crd crdOptions: diff --git a/release.yaml b/release.yaml index ae8d0b2df..efb8b405f 100644 --- a/release.yaml +++ b/release.yaml @@ -14,3 +14,7 @@ rancher-backup-crd: - 2.1.4-rc1 rancher-webhook: - 1.0.6+up0.2.7-rc4 +rancher-cis-benchmark: + - 3.0.0-rc1 +rancher-cis-benchmark-crd: + - 3.0.0-rc1 \ No newline at end of file