andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

(dev-v2.6-archive) Fix/issue 32301 (#1247) 

* cis 1.0.6 1.22 fixes

* make charts

(partially cherry picked from commit 0e089425ab)
pull/1680/head
Jacob Payne 2021-06-15 15:04:10 -07:00 committed by Arvind Iyengar
parent f32ff6597f
commit 7821fd2296
No known key found for this signature in database
GPG Key ID: A8DD9BFD6C811498
7 changed files with 227 additions and 233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/rancher-cis-benchmark/charts/Chart.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v1
appVersion: v1.0.5
description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster
name: rancher-cis-benchmark
version: 1.0.5
version: 1.0.6
icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
keywords:
- security

269
packages/rancher-cis-benchmark/charts/crds/clusterscan.yaml
View File

@ -1,149 +1,146 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterscans.cis.cattle.io
spec:
additionalPrinterColumns:
- JSONPath: .status.lastRunScanProfileName
name: ClusterScanProfile
type: string
- JSONPath: .status.summary.total
name: Total
type: string
- JSONPath: .status.summary.pass
name: Pass
type: string
- JSONPath: .status.summary.fail
name: Fail
type: string
- JSONPath: .status.summary.skip
name: Skip
type: string
- JSONPath: .status.summary.warn
name: Warn
type: string
- JSONPath: .status.summary.notApplicable
name: Not Applicable
type: string
- JSONPath: .status.lastRunTimestamp
name: LastRunTimestamp
type: string
- JSONPath: .spec.scheduledScanConfig.cronSchedule
name: CronSchedule
type: string
group: cis.cattle.io
names:
kind: ClusterScan
plural: clusterscans
scope: Cluster
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
properties:
scanProfileName:
nullable: true
type: string
scheduledScanConfig:
nullable: true
properties:
cronSchedule:
nullable: true
type: string
retentionCount:
type: integer
scanAlertRule:
nullable: true
properties:
alertOnComplete:
type: boolean
alertOnFailure:
type: boolean
type: object
type: object
scoreWarning:
enum:
- pass
- fail
nullable: true
type: string
type: object
status:
properties:
NextScanAt:
nullable: true
type: string
ScanAlertingRuleName:
nullable: true
type: string
conditions:
items:
properties:
lastTransitionTime:
nullable: true
type: string
lastUpdateTime:
nullable: true
type: string
message:
nullable: true
type: string
reason:
nullable: true
type: string
status:
nullable: true
type: string
type:
nullable: true
type: string
type: object
nullable: true
type: array
display:
nullable: true
properties:
error:
type: boolean
message:
nullable: true
type: string
state:
nullable: true
type: string
transitioning:
type: boolean
type: object
lastRunScanProfileName:
nullable: true
type: string
lastRunTimestamp:
nullable: true
type: string
observedGeneration:
type: integer
summary:
nullable: true
properties:
fail:
type: integer
notApplicable:
type: integer
pass:
type: integer
skip:
type: integer
total:
type: integer
warn:
type: integer
type: object
type: object
type: object
version: v1
versions:
- name: v1
served: true
storage: true
additionalPrinterColumns:
- jsonPath: .status.lastRunScanProfileName
name: ClusterScanProfile
type: string
- jsonPath: .status.summary.total
name: Total
type: string
- jsonPath: .status.summary.pass
name: Pass
type: string
- jsonPath: .status.summary.fail
name: Fail
type: string
- jsonPath: .status.summary.skip
name: Skip
type: string
- jsonPath: .status.summary.warn
name: Warn
type: string
- jsonPath: .status.summary.notApplicable
name: Not Applicable
type: string
- jsonPath: .status.lastRunTimestamp
name: LastRunTimestamp
type: string
- jsonPath: .spec.scheduledScanConfig.cronSchedule
name: CronSchedule
type: string
schema:
openAPIV3Schema:
properties:
spec:
properties:
scanProfileName:
nullable: true
type: string
scheduledScanConfig:
nullable: true
properties:
cronSchedule:
nullable: true
type: string
retentionCount:
type: integer
scanAlertRule:
nullable: true
properties:
alertOnComplete:
type: boolean
alertOnFailure:
type: boolean
type: object
type: object
scoreWarning:
enum:
- pass
- fail
nullable: true
type: string
type: object
status:
properties:
NextScanAt:
nullable: true
type: string
ScanAlertingRuleName:
nullable: true
type: string
conditions:
items:
properties:
lastTransitionTime:
nullable: true
type: string
lastUpdateTime:
nullable: true
type: string
message:
nullable: true
type: string
reason:
nullable: true
type: string
status:
nullable: true
type: string
type:
nullable: true
type: string
type: object
nullable: true
type: array
display:
nullable: true
properties:
error:
type: boolean
message:
nullable: true
type: string
state:
nullable: true
type: string
transitioning:
type: boolean
type: object
lastRunScanProfileName:
nullable: true
type: string
lastRunTimestamp:
nullable: true
type: string
observedGeneration:
type: integer
summary:
nullable: true
properties:
fail:
type: integer
notApplicable:
type: integer
pass:
type: integer
skip:
type: integer
total:
type: integer
warn:
type: integer
type: object
type: object
type: object

83
packages/rancher-cis-benchmark/charts/crds/clusterscanbenchmark.yaml
View File

@ -1,55 +1,54 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterscanbenchmarks.cis.cattle.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.clusterProvider
name: ClusterProvider
type: string
- JSONPath: .spec.minKubernetesVersion
name: MinKubernetesVersion
type: string
- JSONPath: .spec.maxKubernetesVersion
name: MaxKubernetesVersion
type: string
- JSONPath: .spec.customBenchmarkConfigMapName
name: customBenchmarkConfigMapName
type: string
- JSONPath: .spec.customBenchmarkConfigMapNamespace
name: customBenchmarkConfigMapNamespace
type: string
group: cis.cattle.io
names:
kind: ClusterScanBenchmark
plural: clusterscanbenchmarks
scope: Cluster
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
properties:
clusterProvider:
nullable: true
type: string
customBenchmarkConfigMapName:
nullable: true
type: string
customBenchmarkConfigMapNamespace:
nullable: true
type: string
maxKubernetesVersion:
nullable: true
type: string
minKubernetesVersion:
nullable: true
type: string
type: object
type: object
version: v1
versions:
- name: v1
served: true
storage: true
additionalPrinterColumns:
- jsonPath: .spec.clusterProvider
name: ClusterProvider
type: string
- jsonPath: .spec.minKubernetesVersion
name: MinKubernetesVersion
type: string
- jsonPath: .spec.maxKubernetesVersion
name: MaxKubernetesVersion
type: string
- jsonPath: .spec.customBenchmarkConfigMapName
name: customBenchmarkConfigMapName
type: string
- jsonPath: .spec.customBenchmarkConfigMapNamespace
name: customBenchmarkConfigMapNamespace
type: string
subresources:
status: {}
schema:
openAPIV3Schema:
properties:
spec:
properties:
clusterProvider:
nullable: true
type: string
customBenchmarkConfigMapName:
nullable: true
type: string
customBenchmarkConfigMapNamespace:
nullable: true
type: string
maxKubernetesVersion:
nullable: true
type: string
minKubernetesVersion:
nullable: true
type: string
type: object
type: object

47
packages/rancher-cis-benchmark/charts/crds/clusterscanprofile.yaml
View File

@ -1,37 +1,36 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterscanprofiles.cis.cattle.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.benchmarkVersion
name: BenchmarkVersion
type: string
group: cis.cattle.io
names:
kind: ClusterScanProfile
plural: clusterscanprofiles
scope: Cluster
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
properties:
benchmarkVersion:
nullable: true
type: string
skipTests:
items:
nullable: true
type: string
nullable: true
type: array
type: object
type: object
version: v1
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
properties:
spec:
properties:
benchmarkVersion:
nullable: true
type: string
skipTests:
items:
nullable: true
type: string
nullable: true
type: array
type: object
type: object
additionalPrinterColumns:
- jsonPath: .spec.benchmarkVersion
name: BenchmarkVersion
type: string

53
packages/rancher-cis-benchmark/charts/crds/clusterscanreport.yaml
View File

@ -1,40 +1,39 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterscanreports.cis.cattle.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.lastRunTimestamp
name: LastRunTimestamp
type: string
- JSONPath: .spec.benchmarkVersion
name: BenchmarkVersion
type: string
group: cis.cattle.io
names:
kind: ClusterScanReport
plural: clusterscanreports
scope: Cluster
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
properties:
benchmarkVersion:
nullable: true
type: string
lastRunTimestamp:
nullable: true
type: string
reportJSON:
nullable: true
type: string
type: object
type: object
version: v1
versions:
- name: v1
served: true
storage: true
additionalPrinterColumns:
- jsonPath: .spec.lastRunTimestamp
name: LastRunTimestamp
type: string
- jsonPath: .spec.benchmarkVersion
name: BenchmarkVersion
type: string
subresources:
status: {}
schema:
openAPIV3Schema:
properties:
spec:
properties:
benchmarkVersion:
nullable: true
type: string
lastRunTimestamp:
nullable: true
type: string
reportJSON:
nullable: true
type: string
type: object
type: object

4
packages/rancher-cis-benchmark/charts/templates/rbac.yaml
View File

@ -1,4 +1,4 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
@ -13,7 +13,7 @@ rules:
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:

2
packages/rancher-cis-benchmark/templates/crd-template/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
version: 1.0.5
version: 1.0.6
description: Installs the CRDs for rancher-cis-benchmark.
name: rancher-cis-benchmark-crd
type: application