From a3b16bafc92bface3e458b62f062d78b853b33df Mon Sep 17 00:00:00 2001
From: Rayan Das <rayandas91@gmail.com>
Date: Wed, 25 Jan 2023 17:16:37 +0530
Subject: [PATCH] make charts

---
 .../rancher-cis-benchmark-crd-3.0.1-rc6.tgz   | Bin 0 -> 1466 bytes
 .../rancher-cis-benchmark-3.0.1-rc6.tgz       | Bin 0 -> 6684 bytes
 .../3.0.1-rc6/Chart.yaml                      |  10 ++
 .../3.0.1-rc6/README.md                       |   2 +
 .../3.0.1-rc6/templates/clusterscan.yaml      | 148 ++++++++++++++++
 .../templates/clusterscanbenchmark.yaml       |  54 ++++++
 .../templates/clusterscanprofile.yaml         |  36 ++++
 .../templates/clusterscanreport.yaml          |  39 +++++
 .../3.0.1-rc6/Chart.yaml                      |  22 +++
 .../rancher-cis-benchmark/3.0.1-rc6/README.md |   9 +
 .../3.0.1-rc6/app-readme.md                   |  15 ++
 .../3.0.1-rc6/templates/_helpers.tpl          |  27 +++
 .../3.0.1-rc6/templates/alertingrule.yaml     |  14 ++
 .../templates/benchmark-aks-1.0.yaml          |   8 +
 .../templates/benchmark-cis-1.20.yaml         |   9 +
 .../templates/benchmark-cis-1.23.yaml         |   8 +
 .../templates/benchmark-cis-1.5.yaml          |   9 +
 .../templates/benchmark-cis-1.6.yaml          |   9 +
 .../templates/benchmark-eks-1.0.1.yaml        |   8 +
 .../templates/benchmark-gke-1.0.yaml          |   8 +
 .../benchmark-k3s-cis-1.20-hardened.yaml      |   9 +
 .../benchmark-k3s-cis-1.20-permissive.yaml    |   9 +
 .../benchmark-k3s-cis-1.23-hardened.yaml      |   8 +
 .../benchmark-k3s-cis-1.23-permissive.yaml    |   8 +
 .../benchmark-k3s-cis-1.6-hardened.yaml       |   9 +
 .../benchmark-k3s-cis-1.6-permissive.yaml     |   9 +
 .../benchmark-rke-cis-1.20-hardened.yaml      |   9 +
 .../benchmark-rke-cis-1.20-permissive.yaml    |   9 +
 .../benchmark-rke-cis-1.23-hardened.yaml      |   8 +
 .../benchmark-rke-cis-1.23-permissive.yaml    |   8 +
 .../benchmark-rke-cis-1.5-hardened.yaml       |   9 +
 .../benchmark-rke-cis-1.5-permissive.yaml     |   9 +
 .../benchmark-rke-cis-1.6-hardened.yaml       |   9 +
 .../benchmark-rke-cis-1.6-permissive.yaml     |   9 +
 .../benchmark-rke2-cis-1.20-hardened.yaml     |   9 +
 .../benchmark-rke2-cis-1.20-permissive.yaml   |   9 +
 .../benchmark-rke2-cis-1.23-hardened.yaml     |   8 +
 .../benchmark-rke2-cis-1.23-permissive.yaml   |   8 +
 .../benchmark-rke2-cis-1.5-hardened.yaml      |   9 +
 .../benchmark-rke2-cis-1.5-permissive.yaml    |   9 +
 .../benchmark-rke2-cis-1.6-hardened.yaml      |   9 +
 .../benchmark-rke2-cis-1.6-permissive.yaml    |   9 +
 .../3.0.1-rc6/templates/cis-roles.yaml        |  49 ++++++
 .../3.0.1-rc6/templates/configmap.yaml        |  18 ++
 .../templates/delete_rolebindings.yaml        |  27 +++
 .../3.0.1-rc6/templates/deployment.yaml       |  57 ++++++
 .../templates/network_policy_allow_all.yaml   |  15 ++
 .../patch_default_serviceaccount.yaml         |  29 ++++
 .../3.0.1-rc6/templates/psp.yaml              |  59 +++++++
 .../3.0.1-rc6/templates/rbac.yaml             | 162 ++++++++++++++++++
 .../templates/scanprofile-cis-1.20.yaml       |   9 +
 .../templates/scanprofile-cis-1.23.yaml       |   9 +
 .../templates/scanprofile-cis-1.6.yaml        |   9 +
 .../scanprofile-k3s-cis-1.20-hardened.yml     |   9 +
 .../scanprofile-k3s-cis-1.20-permissive.yml   |   9 +
 .../scanprofile-k3s-cis-1.23-hardened.yml     |   9 +
 .../scanprofile-k3s-cis-1.23-permissive.yml   |   9 +
 .../scanprofile-k3s-cis-1.6-hardened.yml      |   9 +
 .../scanprofile-k3s-cis-1.6-permissive.yml    |   9 +
 .../scanprofile-rke-1.20-hardened.yaml        |   9 +
 .../scanprofile-rke-1.20-permissive.yaml      |   9 +
 .../scanprofile-rke-1.23-hardened.yaml        |   9 +
 .../scanprofile-rke-1.23-permissive.yaml      |   9 +
 .../scanprofile-rke-1.6-hardened.yaml         |   9 +
 .../scanprofile-rke-1.6-permissive.yaml       |   9 +
 .../scanprofile-rke2-cis-1.20-hardened.yml    |   9 +
 .../scanprofile-rke2-cis-1.20-permissive.yml  |   9 +
 .../scanprofile-rke2-cis-1.23-hardened.yml    |   9 +
 .../scanprofile-rke2-cis-1.23-permissive.yml  |   9 +
 .../scanprofile-rke2-cis-1.6-hardened.yml     |   9 +
 .../scanprofile-rke2-cis-1.6-permissive.yml   |   9 +
 .../3.0.1-rc6/templates/scanprofileaks.yml    |   9 +
 .../3.0.1-rc6/templates/scanprofileeks.yml    |   9 +
 .../3.0.1-rc6/templates/scanprofilegke.yml    |   9 +
 .../3.0.1-rc6/templates/serviceaccount.yaml   |  14 ++
 .../templates/validate-install-crd.yaml       |  17 ++
 .../3.0.1-rc6/values.yaml                     |  49 ++++++
 index.yaml                                    |  40 +++++
 78 files changed, 1379 insertions(+)
 create mode 100644 assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.1-rc6.tgz
 create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.1-rc6.tgz
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.1-rc6/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.1-rc6/README.md
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscan.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscanbenchmark.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscanprofile.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscanreport.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/README.md
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/app-readme.md
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/_helpers.tpl
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/alertingrule.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-aks-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.20.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.23.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.5.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-eks-1.0.1.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-gke-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/cis-roles.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/configmap.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/delete_rolebindings.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/deployment.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/network_policy_allow_all.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/psp.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/rbac.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-cis-1.20.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-cis-1.23.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.20-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.20-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.23-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.23-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.20-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.20-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.23-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.23-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofileaks.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofileeks.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofilegke.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc6/values.yaml

diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.1-rc6.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.1-rc6.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..a9b3a4ad18fb2ebfc76c7c5b13e2185b642c1027
GIT binary patch
literal 1466
zcmV;r1x5NFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>(bK*7-&NIJ4bA85V10fyWa@@6ZZ7-K0>GgS$H=v6xd8BoE
zOsD_7BijkKu`vciu5;`QgCu_|+24LEt*t@wCF(vGrawo?mm%oKKG*)+=@K+KD+q&&
z1I=|^cRU&;zpm?+f8EQ$=)xNf$D@Ha^sa^%t~YkC1{cgd)bTDB8v=dd9_*{Uxc`ZP
zl!}0al4jCli~~WS77hoZ03D&;a?~Uq1o{(}aiwzDQusc~34232#y6EiB!p-p;5cEH
zZ7M<yq;%h`3}IM#iN*lIVBcQ);(wE?J&42?)J7;dVNYJqN5i#<DEa?U8iF7&jF!lz
zv-gHQC|!-^^qL&eD#8haC<+8m?pp8Z+3(PC9j~wXxcA!6w2jrrKVcXJKxp3bAU1^B
zaFBcH!S?v~+=1s6<A2}{M_1?gKZWHZ2O@#r2&MgJoX4My4Z$a`_b8-4Vbj=<3TJ3k
ztU12N2O&ig0U;9jKw$MFjh`H0jKhUlM|96b$nC&|R&kUFL9R2sJ`p0uGOsDr9S51T
zMnSA0D7xq|X1KC}nT_r-mW5@4)z7B&<RuUW^^=t|t5j(NDGdwEwSey@YlGlc3rVP_
zDu_dw&8*M98YORmmJ{X}0*Z|jfT39|?L2R_dJqBLK$wC(-<8}_vLRV_Dk_Gwkc(Oe
zCJsZ;D~A+8P{6&<wX}kYz?cHk?Yf~A&;y9#lzv$^v;s1ZA}Rpgts7ba{S8_cfc{!H
zv;vZfu2Z$22gS#Eqlj&E?S!3i<z9qn2*Tou|ETV40FID5hA+{N1N1G!rb<4Dg~PRy
zcUgOpjGG-BE=)YvS-5A+x3OZEFk%1vn-1Yi4B@#`MJTUtKYkhB6`C1~w9WP;);P(<
znHH?AdR*$L5Lo4I#$+4>_Ce&LIBy$^%R_J6x7P6W6StOs3RV4$@C_@lrjbxu&6=uM
zQni;9!V20V5y`UIn|vLhrr9AA-F`2uf%WlOPE{BMNHw0;6P_y-Ajs`tR&ru}5LP-u
z&A%e28Uj^z8m=^2ff2HTIVj_Bv$fB1>YH!QY3bVbC3nrFvmo9v^ltDQ+0eMIVAcLn
zclXRSAs3czT}L%nGR@%?EEI%cB{`d@YnA(6gER@U)#y6D?GPu8A)WgBGxCA(_`X6k
z#_ocS>O><LC6DW)irroNNCq6y!&WKUDJVc|Se5#GVWI$59cMSxTIp>Gr(Scna_;b)
zXqj*{aC*^!O4(<P%ir>ht4|YM%42yC+9kG{r$?+`QKC+&B%A2lwj$ZyyJMQ##Jb<M
zsBi|@55gw<J@;gfqT=D~a%FN--0xC*eA?&AT1r=T6dGT<5b}ds%lhBCRNA5t*iio;
zT#d%1`rmLca?ka@Q`oWVe=mgTun_p}88hjws0gl|zHVtSLhfYKy4C7Q_%D)Ks0fz&
zb}03PLjE4lQA;E=+4CzPf2tp_3p{*lfUh6013XWd^zszblFKKEHY%n&3_Q?X@;+*3
zpZU?>b+xQSx=zp4Tkg-P{G@LYJ9Jh>_)hUF!m&I2LpE0}^M90{M%ujwY{>uK<zQIK
z|AVXH_?-VwVaLw@8DToi{`q%j6}kV}VfUH;dlLAUP(6ZJ*%RkI8fsHGZ7ip3EvD>Q
z&}!B_w#SC8d}|B4gLl=Ph1I=wNVl?<`mZrkt-lIu(*N=0Wm*5n-ue5Fli0EKKP60u
z@;^%e>(oDU_xi`aBfaB4Se)1ol*o=*<4%e8+ui4z6Yk@W5dZc1Kl^a~{?i91^bhvY
z^!=|l8kD~Oy&MhB^}mzYPg_2Ay=JqtkMSjFVzdNeV&ik#*r3nmtGZ8WUwegTJKNdL
UcD5?}F8~1l|AoS!E&wzD0E@2U5dZ)H

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.1-rc6.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.1-rc6.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..aa4060bff70d338aeca6a817cf0e602cfb5177ed
GIT binary patch
literal 6684
zcmXAuby!sG)5jNh5JWmeIt1yE5Rh29Q(8(wK|xY!SP+nqZlp^>B?T0e6#)sQL6BN<
z>1JV<UG{$Q{hdG0HTRjB@0{zJ&&<v7hLj%i?*Rf3AxG^8;?CLz_w<A0q@5%!#9d6K
zpFT8|yJuu!anHcg<C&wUOOTm~m!kG#kLQqGyD-1Gdv6cmRYs8}XFqlND%8JysrtL0
zn2$aS&97jW-!tT!^Wi#9i<TyCfVf%aAUoz=zZm%w9cs|)<k8+9*I|SY^w7r#ES-Oa
zaCY5&ne$yFht&Prq+OjjeCM03ljxqbJ;s5J;4&NzWlB0lgu{!$j{ZedeZiQw1hcH#
zh6mal!9+z8Rc{P#<ymsk)1K5{6c<=_`Z|z`SL!?I++vuZR29vhalJ9u`{3dc-JkAK
zmz$-kPKe^N@nxqk^H~3w$_`<JE@IJvf`}YVF$yFN4Lb0-$=6o`!9hV$oq7`d6fnl&
z@9iX_q~)eBj&r=yoT*qlyijAsQ|nfCMVXrB)^U&yagADTVMsFXYPQvl>+i?;_4U(?
z+|V{#6A*NQwqs?fAqOdHCW@bG=&$0DvelcAI=zOVCmrGZJl@Mrg2Cs8PjMA=t%A^o
zk(G9;T`zyj!YC>$<@v$N1#4!bI-;qECR@S-xem<2JlVf22+Eb$>(+df!}WE;4_<gv
zdxTT&b?#Zsv%OTH7UheaJV%H)zOSM-Rya}NWPhN$sY;b2MZ)u)LN3j{BA@1Ng7|~(
z7}L}eEKjXg>}Nq#WoBgVS#Vu?@Q-A@k0fwvPK^=Q8+U?hA;F_ti5@=i&H1j2NFO78
zd5gDCHyYm=bO_gMR-AmoiRFOv87dW4Jp!|S(B-|hwhjVUZebADib^fT`%1-3CO6!M
z12Ho#@*|@iyfks7(PKs%UiLPAKP|0v4@V2oC4^rIr~6n(6_Gqn)h=$=_>J|CsY}yK
zrEkckH;{!2tIQNqS}zm3?Ww8%@J7*bQ4-LpOLQ7upZYaOz^1(tL(7w3oVKYf!02VG
zA5fJU-ISTz&ok9V(mK)hS>8<N?%)$Hn*+lq8nUje3PRW4+Iv*W70tL7Qj&D3?!U?{
zqvDV!RaAqK&?iu1@ytHnf1eRgs%7d-`Eo;Yeoyzm!SW|1iKEOQ9EXaWHSNUjJ$;xM
zL>)^<bvpDkZAa|{a|BtI{3l~)7|Ch2eJjcT^UcX^A9E0GF*8@C+f-amtc%c%WRJ7u
zF6LLMpD=vmo1nfaYJTQL%B!n9yXjjO%oIef_^91HL;q8%W=mGPw;vL_8#x+dxWH#d
z+_eZ*D=n@!yGCzIO?ZN;se{HcOtg@!y`Fa{XX<Nzj--{n|5pkX&&F4qd1~fxd+pjX
zz1$^U5dZB}*1m=7;SdY0<<T^CPv_nHBSocczlqjXnb0(8gh(#o|ExDP&A93uJ56L+
z3M(i$kqJfHx7}%Ise&_u9$i1|GS_XG4m$f#?zyljpSVL%ksfLgt?rRLsm62H<Qp$j
z`fp1ff>Yb6C~xXbuczVK`Fa_Qg|eBgU=&*{&!$jJr@MAvH+;F7>CE|;@db4wXH$k#
zmk-4a?uuuzo|e$0tR0(=*HDV)MwS;H0`w#^WhW(GRQK6-iBf_&A7B>ghZ@C{GjQym
zMYo8MQp|EfsRf@`5`5$|5U21hXk+l@u1Os*-J0*Pd&L1^Y$bn|PiT%uc#98ifo4fp
zr&AaU`mpp|y1j&ZE#g6&c1<8bn(fU%V(q)nFB|@&+}v60ODUw{5U$K1C7v|L>oGUK
z`H-Ufu?BMXa?O3lYvKjWNZPus=O}^ueYGxe?as%<GUYZOvNnZm`Ftyv<Xw*2zogS`
z;+-D|){nap@R<#poFg>qZG;F8i7TM(y${!(O=8<m&im!{)p>(CJ5w4qDu>E@KU;9k
z7EU(V75JN_GNE_5It$Ylb=RQc;Tw{>*VmdxEmhLIbCzP1+}u?}^CCPF3RS(fW3w$3
z^LonfTW?Zk=8gpS>V9?q<-^=(F7rr<#M02@T%;rZ#IntFj`F2gI7K63VPQJYDb5O^
z@p#4}kELEAf85k>TTe9$H+_*aN=y}2y+dWu5Ad798-U`%bye~<m{T_N)I?^p%{`>q
z5pj1Pe9~Lpv`A_<Bf9!Mdaud+U~y}nX4_zl;bc*r>%LIxOgF92&PQ1RTJe#DiG<=l
zQ(q3HibY42j+xEXzT{)xce9X05y$5;+t>T2XU~#7OZIA77Bz8ew*3)7Ufdl=uYw6o
zuYJ<(QjNTK+m73*St3gU#>!>d3x;^aI_a`~o2VEG&2b!Sd+<of+*69H@QN1ZGIgvk
zB_zx|ZS`fEk2S*koOvF*c_3^x=oW2BjP03ASuCZ7+IMD#XZ8aC|KtUC0~DB(?qzWZ
zLj*BUrVR{~mFW^emi!C2B<|jX1S`480HAi{uyu?WBqC?U%G~Bmj*G%TJtBa{C6qPk
zpV!+sjz8<*(W6sXhioQTy|W8+#_&+d9r(wR>-ZG+_rNFSBH*XyB?n{dF>L%M7{bFX
zM*jnREf{Fc3XpjX`g-xW*g*V<oE4$j9LP`rT13vE?bYfrl<js0FC>@g`^a_d3CxE?
zWEi9j;b20tqG0uIQ~u=}dGTFPaFxQrYi>KDhV0xB<*qqBX0s#M3<nYoEjS&**IRho
z;&YPI7RHx6(Vs;gSr9R68Q^yqi=sKtu^wc#NLcu#SA{-dH@G><31pmmv?E4twxFR3
zb$E`%Ys8la<o{B1#&LwV<7M7Q4wc^lDYby4{40PmlMh`u2)U&Ktx=#!D3x>{SIqhj
zf8GFYT);fg2+FrBV2yMiZcX9AjzYsyFA!1S>U+7D@Vyc_JV*DX3~kBN-4R&$zqE|V
zflZeW#^JuE|3tCnhih;D!hf1%0D}?m-sUwBDN(^6I74n-KkTXQ1vimk<o7?%i2(Z>
zST-Pj<E2yH;=F?Ku+7{{@bSu+Lj|y0AC=lZgw5k{py%$%)ms64O3D&Gzl|VYOA#-l
z1faKaF;|6P1u4t;{~5z$P$0e$%&C~-5U!W-gv%$W`k={G*vSRVZ4tN=4;_J97YOZ$
zcRtjB1a%K$b^?XtWfWNQubeJz;>4J4ryRo`{Q*U^FEOw<V&fsu`~wHa;4S6d(m}{W
zh$f)|*Y*);pn#a;#OeUW$nSIboQfX~;Yaknd{<@%W>78)QfjW$#ht@7yCqL9Q!GY#
zKuRe{`p@mED6pk#5#1Z$b%ta!Xk(E22^3`@3ZA%p6#U(lR$7a|VG<y*9DDx+==~?J
z_2deOWPv=}g8loSexl(U*CP7<di?=!H4X4G^<W4K{eQJI{;4Hgi>}}ILq=7HpuMC4
ziJ=NOFKj#lHY!CR^tByJtnYv<h9eB!7IvP*pFuqRJC;o=;*pnzTWqXS56RX_1TL#t
zT-ylQ(n_4v`AelCwIh{+{xPqu{zR9+V9~XLp?Ipw5nV4|(px!W<snOwcQp<=L`j58
zLlW8@mwGMP(bRUtR_(v`p9T;-xD1U8FRL?(-o<}yF0yhe7V-bX@a<rQllp$-P*|8t
zXRyWKh^+U+{chcgkw*evo|+pjjXzXc?Z&J49E#~Fqm%}{zwjL%5+`TF8hsk%FRQX0
zuc1t8Kt}0k0Y2b@7z@8DJ_=Y+|8iUS<>lSLJAY6}8@boT8r%74uy>2A56!owq*h-h
z)olOMyx<O51Yi0s;zmTo+WiR12aDbGm!40#P_Ew?syX&llJzouRLY#=&A-D#ZP<Ko
z@hb5fD0Xz$P<P~N_^W&pmYt6m*#1$d%`VjV)mVB*^d7O9Oe1A{o7y79)X*MP{mmv5
zg4N{w?co_RH(V9W&TIhm<Gz`TE+rbLjP@=UJ<7sCS<d~AVdA;Dm|}}mnN8Qh*11~;
zVCYHZePs$VAxZws7iF0`dxSmNE&<o^gExOIrZ;x%(-X6P5V!K)RXO^?P{kx({CQ`e
zek-5*g&l<ItEp6!-0GvPxmlyziA9>F$Xs;ZQ>4qGW~KK2w)@g~PmJI6W3DVOQ<7-n
z?~N|=2}Dc$%B*iBs64-uSW47QF_+eH1efeOFyo)pY-Gm~@h_aomqiCF^Im9feYt9t
z>d1aP4VH^kKHv8Amd+WSJ!YLNTnqClB6wRuu)w8Lu)`B&_xM+Iji~({@1U(F0ztAq
zl{7v3Ev3S;Hg770@HGj+yQSYHJ^TJF&60m0b%|lr<@3yAa1!D9;ORW&|I1M&dTpow
zJNl4I<m88|<nCO+GP&*6++g89+SBBK8V1B>1V$=_?|SAe3!Yw9X!cfr;mmI}Hn;!S
zz&(ZaEa*DJsd}utSXCZ8>DzD~A!VS&DtYf64K;-HAy1}VG}h?l<fTJfa8#kK_5@id
zwg@r|)VJW(C6qbu9A=|pakk1y%`yfA_b_Y|_XhgqM|ZXQ`y>yY7rp9bcyy2w+Ae|I
zF6Grim9_S+<Fk@2UtjnCG3-L<`W~pKls@y<>s5Wilo$9w@6L9AtDbuLu4khaIkV2s
zjD_?gUwrm}5GCRGAXf$7*gcB;nmIBazB+A=$8WEo<_quBMk-q}`Q$Qo*Gl10tP`aS
zqZsUSXXyFF-q5d;wzeFvVGx`)ux($N&+;X<r3@more2q|(Y}y~rC&c=z&Pl=Inlmj
zLPBo}@O$To%fm|}gUK|LdpG{J*M{5h&a^$#nU$|a9UmjlaHw8XNB*1)<3XL6!{WSs
z80@kx_gH62RxU_*FaHgPm>ELh;fkzvX(AK1-W+GfTJPM+fxW}mSw4-DKx9;GxRLG4
z$wFrbWyZ_oaEiR>@elUE`(%IR;%pC-pT4goz|7ys^CpRcH`l*)@Z6GddgGuI-Wm4t
zXn~4%A@I05?(oq~&l~YS^qXHvF#Fwn!Yt}sdq2uxFG<CIn$uF|ijzHGFNPX!{^2*=
z*O%|b59GX{;~rkG`N$NdX7U)Arcxy$7Bs^#B4=S|C3t8LOZ7aE6x{_ZZ_mN3N;sZx
z-%FJ-CT6~Eti1n6h|6Q;6dDwWOjdDHBKiGGJAn5wshv0V(RM>85r$<99oj~juCexu
zKe@9rPPDlFBUH=m$iXXE+o0!p)nf-H;}%eLK)(nA$gkSRM~s6azi{OFThwFKJAS5B
zWA&?sg!w^;k>TGTqz~T5nnpvnZM{-G3jVTtjY&1sWw(DKM1fe?3m^W!y2PLVGQ$sM
z*hXP5s<cC5IaUpnXZ<&Bd^74RTbR%d!}@JRJavkK@(ZHi=*&VWP3<Xol#9jZ`2CUD
zf$wpS5sLXlxc2a+M>LGoi#kUs&wv=>ZB4Q-0SCX8ovH#Vg-_iiBxu9zc(F}Sdi<kj
za{1Ng8XKtNIL)_b^FFVv6`>m<ZY(=F?34(kD@5}^0{<RsQGOqo=3|RSs(OVaW>Qdv
z<(BQF7QOLn-{<_~qH1sdO`pyb?kwZFvpBW>eh)FA-Wp?pZWDN$*w^jzDOY)u9+jn*
zp7~eL**EKmiV&SVP8#?z^SrLgks94VDA-uMFlbF0ID+%edLF}^@6Yk~BTJley&C)G
zLN7MNPu}EXV8x4L8+-YqItRsDzNWE)={dh&@1WJal=RMpZ20Mo+h!5HH%3yX!<!Yt
zjBkr`)H&9X_|KE4WWJ9wekY@gRgP|ky%Kuat?AhIJm#YnvCw&H*+ClK)9)fR@%Ia-
z{OWNK>>XZ4U|b6LF2}^{L7`+b{t5z5CA9p9SV<z!YRhs^W~b=&?@gtxw_g{Dm+0Di
z9}?VXFk@aHztimXq$+#MQ)DIJ4Ra;-Wq?goHA}C{pp)R^$s|$dt{mL_S1lTZv1gE|
zhcJ(Z5|+4Mwj}%)x1o5jiogX8yqx|rZgC*)2E84l9#oHT{r#cQJt6u>maQsxs+zc2
zj~Gh%Zkhk+oh;*K($<nnd9!eYsvFCce11<cik*qY=frh#BfMK?3jR1sifJzEc60a!
z)ajY$UWj{$LTIg{&FqXdLE7^P;V{XM?N7H?z1t=717%i<S_JyrL`*h)`4d_m)YLkJ
z3h5xa8=TB`wUHTX`gvI(Q&)J$bn=w8>A|N5ChTjntbGm8@K}akfA_+`H6`6aL>V+d
z;Q;NoJT!q`nbX~-+DwJEym1=kti^%f*upLMl-OYsvwa{C3cBSa5#T9FEDZ34O9sSp
z4|m?QX;myi&o+E3To>l)<av?Mo*p}Dz(_dWl_&D-)Z)OjZ8;~A8OPE31LlW!6>^IJ
z-ToM;6b}5yIt&IH5kOQ9OyrRdokMN9jxf-tS$Mi`ywMLX+(@VkPY7hGsu;)!hk|CP
zIL?c>Zw>rGYhN?CU|4!msj@XA)l^E`f+@ZvJgh1LGJ`u{%*|~VSd7Yow$7JRZ~yCG
zyO<Qg1zmA&ticW_l>^NTQaxaqZX1-20c`m_!1Ct`vY>k<K6q#ho`d-kF1CFH^NqVe
zr~$?iz?T27K}h0?6$&qkZ|%WIw~qk?1&_s#z`#qXf?HTPgVYe<GX`|!m*;(4xQ&3+
zVl2X)x8Wh!*aOR(zc+z}w?5t#UR6w<w$_0)c;K+^j>PYj-UL+lFYEu{idS#p+g`mx
zJ17K|OJ9HV2@q6w0Y{+=L;+YJn;iw+XER<%Je9f#zO58cT;ZGi1>F4lqf<a2TL4Jd
z@o+|Pasum4bN&M!s$7x!I5TEw9&}ZA1EMKd5(;htb3-G@9*%+Mx{&fqsvnU!j>#Z`
zl626Eg7#gB%Ep=pcwJXpKM|FLdNVT_M_%9%FcM|yf7CxNb0zrD3A}|3(($?~jUc5&
z6i{6q&c@3efKOLJBQ9=0)}to8;e;p*q5=OubD(nyw<eyUlg7YCZ$PF_V7xmp=WcLs
zlp5H;2ufafFe5F??t%O;;N{T?#weLLfN3?XnXEyEatYc=hyA)|sm=gMTvxBCxgfIf
zYLK{#NjXs0L*O6C$(=Dy^cUZ~GL-5AI1D^lQtIq#e!2rnrSWP#u(_aZBzDCI0vH2A
zzV6t(zJGxT1#N7s8Q{$jzW6l;J}N)fnX8FUG#LO7`S4!l31IaK=_Pmb&#%<W#tO{&
zX(g=XbsltaVOcfObD(`<-KMPEZFYTC`>TD%y&z<lj!LiLMN1gM7qf`P)0rJ2n3DZA
zV3gOQt|kqeu4Z&}cZ~W-Sjpy>kr}&NCHu}BDlbiB{8G&sUrxap#f&+uIiUVUTv^Cs
zq;LiM+weCED}%p@2qc1LhHO~AB^Hip`0d`Pra9?wVVySOzURBm=S@Md+H|YfxjkZG
zL+6QVy4*vjBN;0`jAG8Nrmreve>hDnw#_!J^%ehZ!3=g|uZ{X@Gg!N#2J96gE>#s}
zQ-HLHFY2y;N^RHjG2I(2&BLlN`OUD--X2a%>ZcrhKU>t}MP<yLg!Sv`ddi}!tm@xS
z@7fEJUG1{;{$b@)W0byVd>s31@Qk^I*vV>5&6#zXE#ASQ03Ph;SpT(r?W#E^UHgJ^
zaFt?W0rd<DYSUw+%3@+(#)5KVdcBQ?8--4;KSR}&kA9Ox25Q&b*;ya@2~`^yXwjAn
zBD~r~&RQA8lf;RmMhUBRAEdz;(CXG^aqgu8skTn>w)$h_seSC#BMl@)3tI|mIcdV9
zWHl3*^&E%$dWV)ZQUYwl{rg<M5-9JsJ|Lp8mU7Lji;2!MJgEt(RLnf#Ac^cH2oaKf
zO<uhO`kB^{u)?D}3_e7DrVCbDU0gkzd1`a|=hXE?JF>5bGAlvr!2H381EF~vGO=9m
zrG`q`n$<2NOCDEvcxR>r^@RPw@^Y8IPI~+hx~z>Uo#pO$h-1KgFd+L-<7ZdFQC2pI
z?xOHtqIB{Y!WUi0h{yfQ^gg*nmPS_nV<9PD@<N>{XGCpKlNoE82jP#vAEH@3LpO%)
zVXKYer-fE$ar|mm`#+VISLyDFgjr6rTUMK47JodB?Ww<zyWZd7nfCb3*sn^=^tETw
zbYXclwOvn@5uC#Xcg}0$xoLCWrNAhB#y@{Em|@hGKx#?k#F}v?s%!I9cbc;as4#^j
zZf|cjcTHuqJnMrqsCOg{Z`4lT#z6Tp<JO-_sW(Y$N5cm{aDspY*o}ov7m*irlFI76
zmdKS82Z?v*Vq#_V3b}M-go?tEwM97v!Z(kUjZmikr^5{pu`f)$XT}od@xvJ_HObTM
zJ!)2#7Q{w_<?cihf}Xn?>b%KxvnHFeZk@YnFZDNEXpY?yg_LSKbVLlty3;@FWqoM>
zW)gfJuSYYXB4DRKt^MCpx}48yau#{KJT0ecdBMbg9%lD`-hJC0CCE-07C-nbV%}K0
zb(R&G^l!P!yiOOv__!d`rfu#SF?$y+u4Vhg_+^yK5qj}7=h=8tOp{OEXi(#<{9Cys
z`#+;|t@`PyE(tdq-R4HGIYzR7Kc8}7ur|tEyAb@&TCYsV=+hRai}g&fcXON)-%#?d
zNeC=#?a1msqf2Yv_ohboB#~`J(I*VIXUp<Nv5(G1(CyQH9gQ_rjE+8j*Dxsj#3FmU
zwMepgwDKnPCV^?qtk^h*j_`m~V;A3fiLH8}uIOsC=874gIu|pIvPM7Gv;On^!EcV4
z+V3vy&3h^YC{qvLOA+7bYjn1TPg$s!L{#}X>Ozc-&hc1xZ<Q&nO`B=qOz*hYfAhef
zh;79QD$CrJn5Ms{&5X0(41Z|sRmjK3NO&Gs*bFPCRKI9AsBdGjh){>CM^*)|Eahl(
zLN5M|a;FoR{ON>7e75|sELjwBpZ%~5V3a7KASWm9G{(XHT?B!ZiUBOdkO1<3+%UG(

literal 0
HcmV?d00001

diff --git a/charts/rancher-cis-benchmark-crd/3.0.1-rc6/Chart.yaml b/charts/rancher-cis-benchmark-crd/3.0.1-rc6/Chart.yaml
new file mode 100644
index 000000000..f5e276754
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.1-rc6/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 3.0.1-rc6
diff --git a/charts/rancher-cis-benchmark-crd/3.0.1-rc6/README.md b/charts/rancher-cis-benchmark-crd/3.0.1-rc6/README.md
new file mode 100644
index 000000000..f6d9ef621
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.1-rc6/README.md
@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscan.yaml
new file mode 100644
index 000000000..3cbb0ffcd
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscan.yaml
@@ -0,0 +1,148 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscans.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScan
+    plural: clusterscans
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .status.lastRunScanProfileName
+      name: ClusterScanProfile
+      type: string
+    - jsonPath: .status.summary.total
+      name: Total
+      type: string
+    - jsonPath: .status.summary.pass
+      name: Pass
+      type: string
+    - jsonPath: .status.summary.fail
+      name: Fail
+      type: string
+    - jsonPath: .status.summary.skip
+      name: Skip
+      type: string
+    - jsonPath: .status.summary.warn
+      name: Warn
+      type: string
+    - jsonPath: .status.summary.notApplicable
+      name: Not Applicable
+      type: string
+    - jsonPath: .status.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.scheduledScanConfig.cronSchedule
+      name: CronSchedule
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              scanProfileName:
+                nullable: true
+                type: string
+              scheduledScanConfig:
+                nullable: true
+                properties:
+                  cronSchedule:
+                    nullable: true
+                    type: string
+                  retentionCount:
+                    type: integer
+                  scanAlertRule:
+                    nullable: true
+                    properties:
+                      alertOnComplete:
+                        type: boolean
+                      alertOnFailure:
+                        type: boolean
+                    type: object
+                type: object
+              scoreWarning:
+                enum:
+                - pass
+                - fail
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              NextScanAt:
+                nullable: true
+                type: string
+              ScanAlertingRuleName:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                nullable: true
+                properties:
+                  error:
+                    type: boolean
+                  message:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                  transitioning:
+                    type: boolean
+                type: object
+              lastRunScanProfileName:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              summary:
+                nullable: true
+                properties:
+                  fail:
+                    type: integer
+                  notApplicable:
+                    type: integer
+                  pass:
+                    type: integer
+                  skip:
+                    type: integer
+                  total:
+                    type: integer
+                  warn:
+                    type: integer
+                type: object
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscanbenchmark.yaml
new file mode 100644
index 000000000..fd291f8c3
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscanbenchmark.yaml
@@ -0,0 +1,54 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanbenchmarks.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanBenchmark
+    plural: clusterscanbenchmarks
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.clusterProvider
+      name: ClusterProvider
+      type: string
+    - jsonPath: .spec.minKubernetesVersion
+      name: MinKubernetesVersion
+      type: string
+    - jsonPath: .spec.maxKubernetesVersion
+      name: MaxKubernetesVersion
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapName
+      name: customBenchmarkConfigMapName
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapNamespace
+      name: customBenchmarkConfigMapNamespace
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              clusterProvider:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapName:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapNamespace:
+                nullable: true
+                type: string
+              maxKubernetesVersion:
+                nullable: true
+                type: string
+              minKubernetesVersion:
+                nullable: true
+                type: string
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscanprofile.yaml
new file mode 100644
index 000000000..1e75501b7
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscanprofile.yaml
@@ -0,0 +1,36 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanprofiles.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanProfile
+    plural: clusterscanprofiles
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              skipTests:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+            type: object
+        type: object
+    additionalPrinterColumns:
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
diff --git a/charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscanreport.yaml
new file mode 100644
index 000000000..6e8c0b7de
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.1-rc6/templates/clusterscanreport.yaml
@@ -0,0 +1,39 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanreports.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanReport
+    plural: clusterscanreports
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              reportJSON:
+                nullable: true
+                type: string
+            type: object
+        type: object
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/Chart.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/Chart.yaml
new file mode 100644
index 000000000..4e8933f04
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: CIS Benchmark
+  catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+  catalog.cattle.io/release-name: rancher-cis-benchmark
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: rancher-cis-benchmark
+apiVersion: v1
+appVersion: v3.0.1-rc4
+description: The cis-operator enables running CIS benchmark security scans on a kubernetes
+  cluster
+icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+keywords:
+- security
+name: rancher-cis-benchmark
+version: 3.0.1-rc6
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/README.md b/charts/rancher-cis-benchmark/3.0.1-rc6/README.md
new file mode 100644
index 000000000..50beab58b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/README.md
@@ -0,0 +1,9 @@
+# Rancher CIS Benchmark Chart
+
+The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
+
+# Installation
+
+```
+helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
+```
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/app-readme.md b/charts/rancher-cis-benchmark/3.0.1-rc6/app-readme.md
new file mode 100644
index 000000000..5e495d605
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher CIS Benchmarks
+
+This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
+
+This chart installs the following components:
+
+- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
+- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
+- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
+- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
+- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
+    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
+    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/_helpers.tpl b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/_helpers.tpl
new file mode 100644
index 000000000..b7bb00042
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/_helpers.tpl
@@ -0,0 +1,27 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "cis.namespace" -}}
+  {{- .Release.Namespace | default "cis-operator-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/alertingrule.yaml
new file mode 100644
index 000000000..1787c88a0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/alertingrule.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.alerts.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: rancher-cis-pod-monitor
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  podMetricsEndpoints:
+  - port: cismetrics
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-aks-1.0.yaml
new file mode 100644
index 000000000..1ac866253
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-aks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: aks-1.0
+spec:
+  clusterProvider: aks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.20.yaml
new file mode 100644
index 000000000..1203e5bcc
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.20.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.20
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.23.yaml
new file mode 100644
index 000000000..920b556ea
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.23.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.23
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.5.yaml
new file mode 100644
index 000000000..c9e6075fb
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.5.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.5
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.6.yaml
new file mode 100644
index 000000000..4f5d66e92
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.6
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-eks-1.0.1.yaml
new file mode 100644
index 000000000..d1ba9d295
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-eks-1.0.1.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: eks-1.0.1
+spec:
+  clusterProvider: eks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-gke-1.0.yaml
new file mode 100644
index 000000000..72122e8c5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-gke-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: gke-1.0
+spec:
+  clusterProvider: gke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.20-hardened.yaml
new file mode 100644
index 000000000..147cac390
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.20-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.20-permissive.yaml
new file mode 100644
index 000000000..d9584f722
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.20-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.23-hardened.yaml
new file mode 100644
index 000000000..ee153603b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.23-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.23-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.23-permissive.yaml
new file mode 100644
index 000000000..51f2186f3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.23-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.23-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..5160cf795
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..10c075985
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-k3s-cis-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.20-hardened.yaml
new file mode 100644
index 000000000..4924679cb
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.20-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.20-permissive.yaml
new file mode 100644
index 000000000..2db66d7c6
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.20-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.23-hardened.yaml
new file mode 100644
index 000000000..f6a99698e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.23-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.23-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.23-permissive.yaml
new file mode 100644
index 000000000..a26bd63cf
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.23-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.23-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..b9154f1ad
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.5-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..9da65d55d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.5-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..77f8a31df
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..600b8df35
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke-cis-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.20-hardened.yaml
new file mode 100644
index 000000000..b6cc88359
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.20-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.20-permissive.yaml
new file mode 100644
index 000000000..fd898bfe8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.20-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.23-hardened.yaml
new file mode 100644
index 000000000..90e356d72
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.23-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.23-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.23-permissive.yaml
new file mode 100644
index 000000000..deafdbda6
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.23-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.23-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..20091ec2b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.5-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..9a86906b0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.5-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..ea2549ef3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..0afdaaa19
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/benchmark-rke2-cis-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/cis-roles.yaml
new file mode 100644
index 000000000..23c93dc65
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/cis-roles.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-admin
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-view
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/configmap.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/configmap.yaml
new file mode 100644
index 000000000..1a9cd1809
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/configmap.yaml
@@ -0,0 +1,18 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-clusterscanprofiles
+  namespace: {{ template "cis.namespace" . }}
+data:
+  # Default ClusterScanProfiles per cluster provider type
+  rke: |-
+    <1.21.0: rke-profile-permissive-1.20
+    >=1.21.0: rke-profile-permissive-1.23
+  rke2: |-
+    <1.21.0: rke2-cis-1.20-profile-permissive
+    >=1.21.0: rke2-cis-1.23-profile-permissive
+  eks: "eks-profile"
+  gke: "gke-profile"
+  aks: "aks-profile"
+  k3s: "k3s-cis-1.23-profile-permissive"
+  default: "cis-1.23-profile"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/delete_rolebindings.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/delete_rolebindings.yaml
new file mode 100644
index 000000000..9c9946464
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/delete_rolebindings.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: delete-rolebinding
+  annotations:
+    "helm.sh/hook": pre-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      restartPolicy: Never
+      containers:
+      - name: delete-binding
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "delete", "clusterrolebinding", "cis-operator-rolebinding", "cis-operator-installer"]
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/deployment.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/deployment.yaml
new file mode 100644
index 000000000..e57dd2ff1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/deployment.yaml
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cis-operator
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    cis.cattle.io/operator: cis-operator
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  template:
+    metadata:
+      labels:
+        cis.cattle.io/operator: cis-operator
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      containers:
+      - name: cis-operator
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: cismetrics
+          containerPort: {{ .Values.alerts.metricsPort }}
+        env:
+        - name: SECURITY_SCAN_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
+        - name: SECURITY_SCAN_IMAGE_TAG
+          value: {{ .Values.image.securityScan.tag }}
+        - name: SONOBUOY_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
+        - name: SONOBUOY_IMAGE_TAG
+          value: {{ .Values.image.sonobuoy.tag }}
+        - name: CIS_ALERTS_METRICS_PORT
+          value: '{{ .Values.alerts.metricsPort }}'
+        - name: CIS_ALERTS_SEVERITY
+          value: {{ .Values.alerts.severity }}
+        - name: CIS_ALERTS_ENABLED
+          value: {{ .Values.alerts.enabled | default "false" | quote }}
+        - name: CLUSTER_NAME
+          value: '{{ .Values.global.cattle.clusterName }}'
+        - name: CIS_OPERATOR_DEBUG
+          value: '{{ .Values.image.cisoperator.debug }}'
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/network_policy_allow_all.yaml
new file mode 100644
index 000000000..6ed5d645e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 000000000..e78a6bd08
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ template "cis.namespace" . }}]
+
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/psp.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/psp.yaml
new file mode 100644
index 000000000..4cc0cecf7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/psp.yaml
@@ -0,0 +1,59 @@
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: cis-psp
+spec:
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+  - '*'
+  fsGroup:
+    rule: RunAsAny
+  hostIPC: true
+  hostNetwork: true
+  hostPID: true
+  hostPorts:
+  - max: 65535
+    min: 0
+  privileged: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cis-psp-role
+  namespace: {{ template "cis.namespace" . }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - cis-psp
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cis-psp-rolebinding
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cis-psp-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/rbac.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/rbac.yaml
new file mode 100644
index 000000000..e9caf8cff
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/rbac.yaml
@@ -0,0 +1,162 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-clusterrole
+rules:
+- apiGroups:
+  - "cis.cattle.io"
+  resources:
+  - "*"
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - "pods"
+  - "services"
+  - "configmaps"
+  - "nodes"
+  - "serviceaccounts"
+  verbs:
+  - "get"
+  - "list"
+  - "create"
+  - "update"
+  - "watch"
+  - "patch"
+- apiGroups:
+  - "batch"
+  resources:
+  - "jobs"
+  verbs:
+  - "list"
+  - "create"
+  - "patch"
+  - "update"
+  - "watch"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-scan-ns
+rules:
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+- apiGroups:
+  - "*"
+  resources:
+  - "podsecuritypolicies"
+  verbs: 
+  - "get"
+  - "list"
+  - "watch"
+{{- end }}
+- apiGroups:
+  - ""
+  resources:
+  - "namespaces"
+  - "nodes"
+  - "pods"
+  verbs:
+  - "get"
+  - "list"
+  - "watch"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cis-operator-role
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  namespace: {{ template "cis.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - "services"
+  verbs:
+  - "watch"
+  - "list"
+  - "get"
+  - "patch"
+- apiGroups:
+  - "batch"
+  resources:
+  - "jobs"
+  verbs:
+  - "watch"
+  - "list"
+  - "get"
+  - "delete"
+- apiGroups:
+  - ""
+  resources:
+  - "configmaps"
+  - "pods"
+  - "secrets"
+  verbs:
+  - "*"
+- apiGroups:
+  - "apps"
+  resources:
+  - "daemonsets"
+  verbs:
+  - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-operator-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cis-scan-ns
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-scan-ns
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cis-operator-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-cis-1.20.yaml
new file mode 100644
index 000000000..05263ce7d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-cis-1.20.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.20-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.20
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-cis-1.23.yaml
new file mode 100644
index 000000000..c59d8f51f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-cis-1.23.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.23-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.23
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-cis-1.6.yaml
new file mode 100644
index 000000000..8a8d8bf88
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.6-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.20-hardened.yml
new file mode 100644
index 000000000..a0b6cb6f6
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.20-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.20-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.20-permissive.yml
new file mode 100644
index 000000000..89885548d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.20-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.20-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.23-hardened.yml
new file mode 100644
index 000000000..724412d3a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.23-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.23-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.23-permissive.yml
new file mode 100644
index 000000000..9f9213de1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.23-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.23-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.6-hardened.yml
new file mode 100644
index 000000000..095e977ab
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.6-permissive.yml
new file mode 100644
index 000000000..3b22a80c8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-k3s-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.20-hardened.yaml
new file mode 100644
index 000000000..c36cf38c9
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.20
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.20-permissive.yaml
new file mode 100644
index 000000000..cfeb4b34c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.20
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.23-hardened.yaml
new file mode 100644
index 000000000..007331149
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.23-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.23
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.23-permissive.yaml
new file mode 100644
index 000000000..085b60dfa
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.23-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.23
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.6-hardened.yaml
new file mode 100644
index 000000000..d38febd80
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.6-permissive.yaml
new file mode 100644
index 000000000..d31b5b0d2
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.20-hardened.yml
new file mode 100644
index 000000000..decc9b651
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.20-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.20-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.20-permissive.yml
new file mode 100644
index 000000000..74c96ffc4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.20-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.20-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.23-hardened.yml
new file mode 100644
index 000000000..abc1c2a21
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.23-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.23-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.23-permissive.yml
new file mode 100644
index 000000000..51cc519ac
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.23-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.23-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.6-hardened.yml
new file mode 100644
index 000000000..c7ac7f949
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.6-permissive.yml
new file mode 100644
index 000000000..96ca1345a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofile-rke2-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofileaks.yml
new file mode 100644
index 000000000..ea7b25b40
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofileaks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: aks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: aks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofileeks.yml
new file mode 100644
index 000000000..3b4e34437
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofileeks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: eks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: eks-1.0.1
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofilegke.yml
new file mode 100644
index 000000000..2ddd0686f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/scanprofilegke.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: gke-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ec48ec622
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  name: cis-operator-serviceaccount
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..562295791
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/templates/validate-install-crd.yaml
@@ -0,0 +1,17 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc6/values.yaml b/charts/rancher-cis-benchmark/3.0.1-rc6/values.yaml
new file mode 100644
index 000000000..8e73c7e43
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc6/values.yaml
@@ -0,0 +1,49 @@
+# Default values for rancher-cis-benchmark.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  cisoperator:
+    repository: rancher/cis-operator
+    tag: v1.0.11-rc4
+  securityScan:
+    repository: rancher/security-scan
+    tag: v0.2.10-rc3
+  sonobuoy:
+    repository: rancher/mirrored-sonobuoy-sonobuoy
+    tag: v0.56.7
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+affinity: {}
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+
+alerts:
+  enabled: false
+  severity: warning
+  metricsPort: 8080
diff --git a/index.yaml b/index.yaml
index 2957435a2..07cb651e7 100755
--- a/index.yaml
+++ b/index.yaml
@@ -4570,6 +4570,32 @@ entries:
     - assets/rancher-backup-crd/rancher-backup-crd-1.0.200.tgz
     version: 1.0.200
   rancher-cis-benchmark:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: CIS Benchmark
+      catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+      catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+      catalog.cattle.io/release-name: rancher-cis-benchmark
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: rancher-cis-benchmark
+    apiVersion: v1
+    appVersion: v3.0.1-rc4
+    created: "2023-01-25T17:16:03.023358801+05:30"
+    description: The cis-operator enables running CIS benchmark security scans on
+      a kubernetes cluster
+    digest: 77c822cdd2ca5b2dee1f8fa1d2b6f5d938bc2c41838f43c0a742d676e791b14c
+    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+    keywords:
+    - security
+    name: rancher-cis-benchmark
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.1-rc6.tgz
+    version: 3.0.1-rc6
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -4910,6 +4936,20 @@ entries:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz
     version: 1.0.100
   rancher-cis-benchmark-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+    apiVersion: v1
+    created: "2023-01-25T17:16:03.025962047+05:30"
+    description: Installs the CRDs for rancher-cis-benchmark.
+    digest: a59629d81166a89e0231879553c104e3159ceb6aea156931f377368f9e764080
+    name: rancher-cis-benchmark-crd
+    type: application
+    urls:
+    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.1-rc6.tgz
+    version: 3.0.1-rc6
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"