From a6da5aa88fbff8e865ba19b90c45b29b1a23ef79 Mon Sep 17 00:00:00 2001
From: actions <actions@github.com>
Date: Tue, 6 Apr 2021 22:40:51 +0000
Subject: [PATCH] Merge pull request #1084 from prachidamle/bump_cis

Update cis-operator image tag and appVersion
---
 .../rancher-cis-benchmark-1.0.400-rc01.tgz    | Bin 0 -> 4845 bytes
 ...rancher-cis-benchmark-crd-1.0.400-rc01.tgz | Bin 0 -> 1454 bytes
 .../1.0.400-rc01/Chart.yaml                   |  10 ++
 .../1.0.400-rc01/README.md                    |   2 +
 .../1.0.400-rc01/templates/clusterscan.yaml   | 149 ++++++++++++++++++
 .../templates/clusterscanbenchmark.yaml       |  55 +++++++
 .../templates/clusterscanprofile.yaml         |  37 +++++
 .../templates/clusterscanreport.yaml          |  40 +++++
 .../1.0.400-rc01/Chart.yaml                   |  18 +++
 .../1.0.400-rc01/README.md                    |   9 ++
 .../1.0.400-rc01/app-readme.md                |  15 ++
 .../1.0.400-rc01/templates/_helpers.tpl       |  23 +++
 .../1.0.400-rc01/templates/alertingrule.yaml  |  14 ++
 .../templates/benchmark-cis-1.5.yaml          |   8 +
 .../templates/benchmark-cis-1.6.yaml          |   8 +
 .../templates/benchmark-eks-1.0.yaml          |   8 +
 .../templates/benchmark-gke-1.0.yaml          |   8 +
 .../benchmark-rke-cis-1.5-hardened.yaml       |   8 +
 .../benchmark-rke-cis-1.5-permissive.yaml     |   8 +
 .../benchmark-rke-cis-1.6-hardened.yaml       |   8 +
 .../benchmark-rke-cis-1.6-permissive.yaml     |   8 +
 .../benchmark-rke2-cis-1.5-hardened.yaml      |   8 +
 .../benchmark-rke2-cis-1.5-permissive.yaml    |   8 +
 .../1.0.400-rc01/templates/cis-roles.yaml     |  49 ++++++
 .../1.0.400-rc01/templates/configmap.yaml     |  14 ++
 .../1.0.400-rc01/templates/deployment.yaml    |  57 +++++++
 .../templates/network_policy_allow_all.yaml   |  15 ++
 .../patch_default_serviceaccount.yaml         |  20 +++
 .../1.0.400-rc01/templates/rbac.yaml          |  43 +++++
 .../templates/scanprofile-cis-1.5.yml         |   9 ++
 .../templates/scanprofile-cis-1.6.yaml        |   9 ++
 .../scanprofile-rke-1.5-hardened.yml          |   9 ++
 .../scanprofile-rke-1.5-permissive.yml        |   9 ++
 .../scanprofile-rke-1.6-hardened.yaml         |   9 ++
 .../scanprofile-rke-1.6-permissive.yaml       |   9 ++
 .../scanprofile-rke2-cis-1.5-hardened.yml     |   9 ++
 .../scanprofile-rke2-cis-1.5-permissive.yml   |   9 ++
 .../1.0.400-rc01/templates/scanprofileeks.yml |   9 ++
 .../1.0.400-rc01/templates/scanprofilegke.yml |   9 ++
 .../templates/serviceaccount.yaml             |  14 ++
 .../templates/validate-install-crd.yaml       |  17 ++
 .../1.0.400-rc01/values.yaml                  |  45 ++++++
 index.yaml                                    |  36 +++++
 43 files changed, 852 insertions(+)
 create mode 100755 assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc01.tgz
 create mode 100755 assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc01.tgz
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/Chart.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/README.md
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscan.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscanbenchmark.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscanprofile.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscanreport.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/Chart.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/README.md
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/app-readme.md
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/_helpers.tpl
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/alertingrule.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-cis-1.5.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-cis-1.6.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-eks-1.0.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-gke-1.0.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.5-hardened.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.5-permissive.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.6-hardened.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.6-permissive.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke2-cis-1.5-hardened.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke2-cis-1.5-permissive.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/cis-roles.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/configmap.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/deployment.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/network_policy_allow_all.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/patch_default_serviceaccount.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/rbac.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-cis-1.5.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-cis-1.6.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.5-hardened.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.5-permissive.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.6-hardened.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.6-permissive.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke2-cis-1.5-hardened.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke2-cis-1.5-permissive.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofileeks.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofilegke.yml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/serviceaccount.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/validate-install-crd.yaml
 create mode 100755 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/values.yaml

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc01.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc01.tgz
new file mode 100755
index 0000000000000000000000000000000000000000..4fc33de24774073b8ae26c1d3adee65c34e36d55
GIT binary patch
literal 4845
zcmV<J5)$nniwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PJ0TZ`(MN-+#}aVxT^Uwu?x9OPs>E=YVXQTjaLs7D;y>Ecz@`
zS{mDYERiZn#p}!FyWD5FPj(<F$+B$6FHMxTt3lD&5;-J?{LKvC#)2?^jKcM)bO*@%
zaYV$Vc{(OSc{37)-#q}eTCG;^@X-8iwOZxB?N0CLyY^wL+imySM~6q>wc1DB&e3<!
zdWga|Q6d!)-?cuwta9VN5+aOoMHJ;s_8R~`Q6%Ie&nHTS=uzGziQ+D0Qjsw1!^+{}
z`XcyyM3g^X$-zgV=#XNNXJ45tpfV20%w;6PKAfIk!4FvhE7R+AGA2IuLDz=ID2U?1
zl{2X@TA78*K7^Ddf2@2P3w}cbl<w$87@qTYo*yPsp^!ddvU$^9nO|UtL}J>2m6BSS
zFQKl_qnI;fYF$1O(_c|Y%2^+7+6@xNg|A-AJ8T3feL-Vop1mLAf=~b%8H6Z7B#cou
zGUCm-gG4_ORL#J&4>$t?lVpH`p+c!EZJXbqzUDqwDwh3b)7M%;dTEW#V387)Y=(Tq
zWm8u`bFt0v<jtrt!P%6HK=vDMUTEV!dEI2KG>vSvT;aFcji(09H$<!T{|yNfln-S9
zHt7FO>$p|c|3^o?TK`u;&)_u<NfIiseGWq|R%6j?JcIXRDuGHM@Y~778+XV>M3lk+
zhBQQ-;5GUo5ePR#P^)nihXF#YHA4WDDGoE92v8WsAyFv3MuSFVgvR<%nQ1Kj6+mFj
zB~@I^as|;W>NS%{kx`}vUEyopoT-*8pRo0evQ)0tdIe4`uj6$z7tZ(~;j{G|A}RzI
z7`R!|{KEpfcF*fJ8UiIxgpaZhw|5PIXYdb%L?$E*XCTn$QG_f2#+8<tjM1mV83bwX
z<hg;cKqm;1+#o33Aw+kG&zbZoPo!b(k2&?xbfy~XVo-Rt_edx?Q05D5t0eei!hHKz
zC}SVA`bTy{1!oa5C1Fa{7(%MemEoON<p5;jk9F}Elu@nfJvblg{)K?Ul(2=C6tX4E
zwpN+S4S5*yDP<$WJ)}%0A;G^AY2HV=0ERwFNyO~Hv|nJvP3sZ-M1(UK2x4S2R4Cy2
zT-49Klxakjad4gifFCD)Xt!EX`aQzPbZfiw>Vl?C{FI>FHb;Z;0Ix7aUk_Z}yA8!d
zJwlCJ1s{HIG{|sB8C5g;dKB^j2~&qlg=mME^;}XsUgC&Kr3-N!^ES1?Z;iDy&$PsS
z6|NtjX@UimbXs1g(I6oT+dS(T1brBiP@)0P4GL4!DG|(eON2^LU%ul)_2E_PRjW3^
z-w3U?|G9Q<UXL-1QAkh4d%FS~=YQ=^$^IW7w_COSuYzuGo8QA3lZimcXH?q6OSIZq
zk_bVogxPeA0^$4S-Cg7M*437YG6Y9Yl=7SoxOdvP=>*=Toe+6%bH0D(_RLu^XS11g
zR&5CN=Y@i7qU)5ywMZ4@JQp2;_p9|>t%A)aSt}K5o-G!XsUbN3E}PC?3^0_Ke{q&u
zQEE~1`^G;g3;0xKIvu7o41okeE*?cFQ^tIo`6_4&BM%xn$pAw>O&=G`j5f7XE+!!-
zfdro?p-u|YA7hY&XnY1W<`Rn>8%w=uUS8{$*9GRbO)gAO+oR%yTH7JxIrh`M`T-7y
z=&L?BZ~0YPzJ8qhcHo?SN=WD|Nam@L@YkeG`rkMTl#N6Z;=c324f?-zc-&sp|DD$H
zQN8|G36=Dw^$We!DYU3}-G$|+h%@bGQa18@E|5#l=TY;f-I!1o^x+*3E^LZMgo*@2
z5$$F!FY?4Za8q9C`*bz$_BNj#E?E~3?(Q0TM$tE(YU*+u2iGh>z99n)rF{U4Yk1AM
z`YBBzV;)>s2ltExF{jLW#xBIh-}R|X{oh<)eLL!E6aEW}yi~ev?`RJtunGU2PPc^r
zcBj{=@m~d%(Y*+n9Mz}RQMvL7o3F|*<2xNAIYLwa=AB(x7wNn;qU@)9bvZBDX?yJ>
zujPCz$oe{HSN!*?!hg5Me--o?`0wqF|6Yy%ifMcN<3#su>rwE3Slj<6qKCzQI!4yx
zA1AVQ0KO#J9{-~WR*3(@djGc)dRY9YV`M%4M-!~^|0U7(_!kq*)&Sfw5dks`wo?Wh
z@qbue|LgYJ?Hd18(8J<?)fic?3`DIAo}Bi>e~cocQqr5P_5?QLzdZjx>~xN6{8vGb
zhyVE)sWrftOZ(uzSB3qr=l_+^W8uH|0QSFL4Sams5C4yE|GV}1uS)3g@c$6@zt#Yc
zO*`Sgv)=;1?)dNaj_dP3mC%FZe|e1D3;)i&_<vR7|B-1={O{xdY{vgl+5UIi_5Ob)
z^oaQ1(gCP7z*EvD{Ojj}ho5yBbOZi7?N)jJuhl-P@m~p*@h=9%_ei3~T+sh9hyT6F
zE4fM+T=Edt904LhL|H>5A*KguNlbqfJc;v@x$dH(NpG-axAx|V=GX4?!6{e0jRhal
z5Ldoi`A}fYg|e@1Pz+=rJ~+NWqR=@2Cy9gfQ-C4bPcc#c*g0@UsPxyV{R&P<rE-2>
z+s^WR|597wgG1t28V2*{=E{tIw-TRe;=JCw)hNABxJuld4e2N%aZxV$+vnduUpfr_
zAj9Q`;`A#VEq}3bu%7=@>#&;kr;YYM8w!tS|69G*aoPTNI)}CWuYyt?ZF>2F#N|LU
z%L+Taq3Etwr@LI^$@tDgP!whv?^2!+qsXsGrV)Ass9B5+(6fg={OKAc^&fV*(5^wI
zH7ZO&%(Voa?mz#&F=5ZL?)1S~oX{*KHkTbIvJVbUWcFS^9O;@lqj?GXVJf=5z5Hs{
zNVAtu*8iLEA7C8vS%mB}!hvnTfA{!s$^SpB&;M0JMZ9bOWA3-T&U=21+g7+iw+rk6
z!onrJt*+=j^o75yf+?Ru>okQ6EVpI~kX6%sMsY)ZJn?;=F!gpxXl|N-*aTVqIa7o(
z6a{B&rNAxOz&Y@ILFQ|($!qD~-sV?5O=hnUa>tv85P`e9{=G>R8NuD%^TnFHOTzFS
z52-)v!$~+LGnv0P?(<xvg;r%(D<P*`2sYeEp&se&)Iu~8JD@BfyIC&b>g@EF%k%fY
zU0<D^yuCiZIQj9cP*i$z{WIiO3^lYUz-_8>{r=>~mDRbY5G(p+?mxf%`G;SA{_Qc^
zm<Bc4)V_rpY}>Sq_nKy%o?l&`yg9pke|3Fv_Wttx^y>QE&zJ9)IX~YtPM+V#`|9l1
zGu=1$);MLG1<2V@-LtnRKfF16y$#3gx^*EuhKa`Gz@P9b;R;t4_2!qW_h*;aZ%-~(
zclYX07KJcEMXpP;Kux!|E-3yRiNc)OJPy^Lz$golDQI`*oEAbM<*eqx1j}I<vtmq;
zsjQG9lR4{RZ3?BoT1=5%&tAhh3&S)|k_Tqmzm#IIr$QRa{4fdbiK(%`e|?>cK|b~p
z#(nmGlmEw1O}Us{$40MTlQ85{{r@iB;HLRs_o(dub-Q)^ziOzwpqKVHWuv8qytnq1
zwea`M49ytP|L+;rA?CqCFf{<mMgnEJI%u9?`GFmu?`Ltgh<I-En9pbS<5SD}OQcQs
zH;dl6qp;|-ZmR<};J@8ny8m_9uJK<DmGM8&{XNJ0fAhf#q?<wEO40x*#g7JX#u!GP
z95=_DPn<r)T&gU7^nv}B#3MlhTu$!V%@)^!+3ACMC==gD3@|u=0S>u9*E}|xHI%bl
zZ!FI0K7TSMP!A22&1l|gw{PP-%?QO(Iy-ar^1M^0Esfx~eri@qXT4}={k&{BYbi<5
zDfD?15j_k(IB5ZeeK2qqrDiwFOtbVyH`f2({?j3e;*m~pwa^Ri`2^WNoiy&`UAmQF
zJTfsdyA3XL4mMg1oozt;2_FvM(1@x&)Zw9bp-uYVZ18<%9OzB@|M=**9RIO>T;Knx
zgtpzx9iSqcc65siXC#ij#aZ9|VewbxFjj+U-?124f8`paIir&8A(wVL?ap;+ikm&m
z_qcc8-(Dk<A1Dhb8+}od8Kia6pD%H!E0T%mo;EfBmOFgC^kp*m7y8O{fX%n4@fWf#
zS=?P_3c8op%6;qO3HPsRXFdyx-5R#ur`V;1g^s$X3+%J>xXo5wx`h8t`oFNhH;(|f
zqczw#|8I55@gEM4>-%4o(C+6y)1BG%(ciLN%~i95<y~WMvBW__Lq%C193>KTa_2rD
zo5h-%P2H!K;MYyN<A3)EaC_jt*R9WgR6-Ar|6Zl|@74JKEZPPC!bJBeUjEun4{XGL
zr+oga+c~Q7UkN=V{)-2yvN4jLyLwDTuqx=xQ;YShp?&aQy!^F|2H1%I?$Z8WuUD`C
zS3-}4|D}_cRcV02t+S_=?bkrN<A2xaFWcb1RmT5e{rf-FPzCnCR~h;XL1&&?u3ro7
zga6&4zwBfG4_kHomujdI`(LF7sO|qwv?KmkMS%J2_)pz#Z|VF`9sjKwdSLu7UzW-(
z@}sMO6_ID2TDo68?T!B(76CTm|FFFNe|XfX<3ChFkB<L>J+4p#)Ly`rv;+QeB6r^U
zH?#@=o#S%+r*^wr$A7Pc9uohBJJ64e_4IdUo?3X{0PTSP(PYc@{xa=@|8^b!u@ZVn
z{1?I<JTm^%-<f%8;e7+N5&wJL_*tY)_&-{T|IqFn*ZY5!P$}Na%HyqNq;DVTVe_%r
zvi^DaIy}MI>rxw^x{vRpP58edAq|Ma>^QXRi>>$lGTMOucK4_p|G88D{%b|_Ed2ra
zk%AW?GI$YkK1pJ5?mIf~fKxb+?tr8Jy?hBR^Mmov%+>S14SB)>=>Hu8>Z`&Fi7I>P
zl)a5+!Ow8)&9FUk<`HW5XOTKN`!l#S5d)X=3&KVS-YJR6fQD32l-|j^^Hl%ILP|P>
zF_AyvEGzGY;#W#gHUjTun(p69Ra!`*ou~poWWm~RwpM?;K7haBA5<!-`z__UP@@<4
zDNkaWwons+pAsrC0OvCMbb9$(0ucyiIfjiqcxRL*r1}KZ7{TX4pp3b>z@f8%KPEz@
z*FCeO`kfk6X<vF~*llcH;mcD)?Te(<`v3Cm<n_gw7d^~5x=sGyVW+hJ(?0AS)$_kf
z=owtv5df#>SCDH?IMo<yG~R1;7Th<mp=u<EgfRow^Q-y%46;B)U?QmkXFv+EU-CG9
zgat4{rdew6M{!8CM+Iq^RZwH1z$Xj_2mzn6kdpuduhDo0=T;Zko8OI(A3rw67)H4^
zSvj1+Yl3U<i(6;SIEdh~l4okJW*eSQ-7D46YW$Npb_J3k!iUfS8}NVFE}#EyA02mV
z{8vJ2@Gmv=GgF&`egWPF{(NW+cna)9n|S!3S-m(#rXLNtfOGwcp@OTF!OOYMkiWke
zD;3LrvpJnkJ)dTUcwCI;KR?l&tC8kQuhIA~E+Deb!H|o{=mV{9#(WBjLn6^sY=}f9
z0uMmo5QToj69FFr?ib2UG2r<;YU(%HgXT@g`=g1>1i?2NO+Ps@<rk!r>K<te<YCCC
zS_)dPafVFEexu>ShoY{Tmp!6toD59SS*gW@FTsT+9Xuv1(A^P|g!yC2M*sJ}y66vD
zL>9y=`IAox$%NaSr+o>E^U&&CkuV7aWI`3{zSSM6P&<2^ndUJbpww?>T8=+0sdf)e
zhPv0S{vT3C<@mr3kzxxn<*y4{(*JAKzYAA}tqUin0H8X*b{AiKEV$kuUs?_U4k<$k
z(=jsL^GeXsC>`jzeJYOL0g)JF4{h!MvZYEm$*QM2-q?}=h-s`&p4G>+29>RD9>iAH
zIAye^(rMCi-K}@bhIEwJ5MTyR`f1jR1DKAfKh|vZ<GInh$)*%39JJ9TY-R$Z&>{8H
zj#V7wgvLObEjef4!KyJ%V2IN^Ox>y$fS*Xkqxp4v8_kT_a$*c@!CAeH+@c5rN)(1O
z-RFt!2F26yJ?}3q(z%B+pEAM8a<kWnInTaI(2KrI#z=7ui&VAEVFN_M6vI&e)tSvg
zNvW@5B1nV^g-pBcbL2a(`jUjTU`|35N>}kRm%E$k_UE$X-H|vBsc$P8qLLcUrj;ZI
zgBj4qfs_6igCxWQGlZm`P1(4G7Fk88dkq^4=iDd=m=dP6{H*=Raw%?rjUl~3Jw-HJ
zN(E;yk_UznLpvgn$wZ(P<cE3VE;yr#n|ZIUVkU|mG<=kEa7mgw)%6Rqq7q_}uZ3v^
zzyj0zA1={H-5zNkUGhZXE*55O`3nQ8`OLhG2qPoyvzd1<&Gb4;XXRu%i6<%*dDbl_
zK|nPh5{9!y!Aex{(I)Pjg@cb)At2abLGatj#T$*-aA7*m1=wItrMdZE$bqh@rkZN{
TO6mUt00960;)-LQ0IUE2FO0i0

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc01.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc01.tgz
new file mode 100755
index 0000000000000000000000000000000000000000..b5e4731661f65a54917ac5a964e5880182651b19
GIT binary patch
literal 1454
zcmV;f1yTARiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>%liIivpEI9Am3PLm`8Th)O-SCW>~1Dg%xw1D$UUGPTXIQl
zHq_RB_bu55jIl8W4@oNYg_2tOwJrU+TWYL9@&)QH7p6Ny$rmB$moC@-+sOhnIV%W*
zn={3AU3WAXB)_if7JuDg@Ak$Uxc$C2@`i)qjq8ov+x`u6&oz9E#D+lMxM$lczT6KY
zAf+N8p`;mi7~?<?sJX*|C_qQ3w;VNzXMz5hWn3v8wh+FLa?IY4j`2<D5D6ig2sn<J
zWt)mn11a4#D?=ETPSF@380^}q8~giQ?LZ{Hpf*CuF<W{a9}U+cqNM#%8iF7&j26fy
z)AxowD_xG|bm|PzD#9^?C<+8mR;{yK+w~mR8Mtm&bJy#9>uo(+s{NlZi~=AuZ+Q?K
zLTxz6lj1>*|KE;!gI)jcdHvDV|1TnW&w)tbS3+r9#(DX#u`amuW=P<5UWD|=Y!Vw%
z;S`OEHOKe(ETl->AVdNm2y75ZohZi|<8WcNZrw2vayt-wKbZ}|gBFrdPgD?xX(Z~h
zUmic-KL9Pp%rOKM8z%rm(^x)okPlitivaH-#13O?o0HULZa|_;z1ENxa$W&#;xGig
za!3&bImD+;y8%c9#^f*_*3AYG&mi)T@xOJm0fc!GQ4Zp9-E08y7igJ-_+#B{03j9K
zrQvcG<hSZx5i2N;K+PENBtkR<VgCJoD^neWjF3BqFVK$z^ety5N<NFZ!?lu+S%02f
z#qI+5T&p-ra$An->EwjbjAcHwC27(d1+j);*I_!08Lpx&rENz%)0yLCc<G{y+28+k
z7+XRh{3Iu(N)@5Jd-(XJZ=X4Yw3D$&+r&#^jgjDF{<xO1G0C`H$J<phCgUKmn>l9o
z5KvGS7Ap_Bw*!rUs~*-$ekb>}HNXd-+KNU(X%~E=Vo7EA>2w>~=E)ZBie1jT05wfd
zeY`{OZUrp*XE{+}6d;w_*gob=sQ@!hRsh*B6zh|5QoWk}iJVI5QKB+jX|#by$UR=5
zjKgAImu;eNzH<{#w{i+yOCK|H!y_E%9>0>M`Q08{PV=3|HG_nlTN1VBm0Za*H}5e^
z5QZgmJ4{6zx1TgflVI8yUCyCe#@D!HYU%gL2g2915~49Me>HfGVAgTGee`|4wuzpo
zUj_R>_&9>(pf#*^G`=uV0ISxr4Qj1)bsDIOiwC%LUVgIs{0gwN@#B(^T=%+_dsu$9
zZzq@)PmS%Ms+mE(MF0ONQRfa`#i?cKKRX?_Mm?L}njb)R&gRXh+eCZ9spm!PZ9x63
z<X+Z%n!Ug@omD~6lI}v+GFO7yw6e==dWA?7jHSHEZL%SyZ3swvE_wfNSpV6U${G}c
zYU)3|(QsI(|MYwP;kEvA3Asr9XTzHF3qkhIo*_SIwG@8lzB~1w9ZhWsAQbY~c!pXc
zp~)5_hxw^WT@MUj4+2-IYk_&P3-8venqHbeK~$)Q)ebw$P*Tc2(%N?H`8AV`g{tDo
zmTli>6{SGmmhNi@R{!-aq<`zQVy4V#T0$;y<Tj9h=z~GS{2!%9^Jaeo)#QI~a62mG
z|K9E3`v1>G<RbY$V@*5Rf5X!KjQXxjb$-Ul|CLmdZ`N=3eP)~Da<x>ne-Y6W8alQ*
zSW|I0P;WS)vhza+<O@r~_^&ZijlT-2i~pluzZm~Vo_me|mynCZ|CBZDg#Xt60ls`b
znI_9ol}@t7`kAuH>(pn{g|yrK)1UIIr8@pkKis|l^uY=Jvu)IU|LF~Sh3`Ly18;PV
z|Cf;e9QfGrj!jb?;|tKlXaU5;-shCDL7&Z5Ri9LT>o>g0RjzWCtCY#V0RRC1|8A@r
I`v5Wk071#n5dZ)H

literal 0
HcmV?d00001

diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/Chart.yaml
new file mode 100755
index 000000000..40039f9e9
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 1.0.400-rc01
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/README.md
new file mode 100755
index 000000000..f6d9ef621
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/README.md
@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscan.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscan.yaml
new file mode 100755
index 000000000..beca6e1f8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscan.yaml
@@ -0,0 +1,149 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscans.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.lastRunScanProfileName
+    name: ClusterScanProfile
+    type: string
+  - JSONPath: .status.summary.total
+    name: Total
+    type: string
+  - JSONPath: .status.summary.pass
+    name: Pass
+    type: string
+  - JSONPath: .status.summary.fail
+    name: Fail
+    type: string
+  - JSONPath: .status.summary.skip
+    name: Skip
+    type: string
+  - JSONPath: .status.summary.warn
+    name: Warn
+    type: string
+  - JSONPath: .status.summary.notApplicable
+    name: Not Applicable
+    type: string
+  - JSONPath: .status.lastRunTimestamp
+    name: LastRunTimestamp
+    type: string
+  - JSONPath: .spec.scheduledScanConfig.cronSchedule
+    name: CronSchedule
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScan
+    plural: clusterscans
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            scanProfileName:
+              nullable: true
+              type: string
+            scheduledScanConfig:
+              nullable: true
+              properties:
+                cronSchedule:
+                  nullable: true
+                  type: string
+                retentionCount:
+                  type: integer
+                scanAlertRule:
+                  nullable: true
+                  properties:
+                    alertOnComplete:
+                      type: boolean
+                    alertOnFailure:
+                      type: boolean
+                  type: object
+              type: object
+            scoreWarning:
+              enum:
+              - pass
+              - fail
+              nullable: true
+              type: string
+          type: object
+        status:
+          properties:
+            NextScanAt:
+              nullable: true
+              type: string
+            ScanAlertingRuleName:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            display:
+              nullable: true
+              properties:
+                error:
+                  type: boolean
+                message:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+                transitioning:
+                  type: boolean
+              type: object
+            lastRunScanProfileName:
+              nullable: true
+              type: string
+            lastRunTimestamp:
+              nullable: true
+              type: string
+            observedGeneration:
+              type: integer
+            summary:
+              nullable: true
+              properties:
+                fail:
+                  type: integer
+                notApplicable:
+                  type: integer
+                pass:
+                  type: integer
+                skip:
+                  type: integer
+                total:
+                  type: integer
+                warn:
+                  type: integer
+              type: object
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscanbenchmark.yaml
new file mode 100755
index 000000000..aa6fc2218
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscanbenchmark.yaml
@@ -0,0 +1,55 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanbenchmarks.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.clusterProvider
+    name: ClusterProvider
+    type: string
+  - JSONPath: .spec.minKubernetesVersion
+    name: MinKubernetesVersion
+    type: string
+  - JSONPath: .spec.maxKubernetesVersion
+    name: MaxKubernetesVersion
+    type: string
+  - JSONPath: .spec.customBenchmarkConfigMapName
+    name: customBenchmarkConfigMapName
+    type: string
+  - JSONPath: .spec.customBenchmarkConfigMapNamespace
+    name: customBenchmarkConfigMapNamespace
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanBenchmark
+    plural: clusterscanbenchmarks
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            clusterProvider:
+              nullable: true
+              type: string
+            customBenchmarkConfigMapName:
+              nullable: true
+              type: string
+            customBenchmarkConfigMapNamespace:
+              nullable: true
+              type: string
+            maxKubernetesVersion:
+              nullable: true
+              type: string
+            minKubernetesVersion:
+              nullable: true
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscanprofile.yaml
new file mode 100755
index 000000000..21bb68396
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscanprofile.yaml
@@ -0,0 +1,37 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanprofiles.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.benchmarkVersion
+    name: BenchmarkVersion
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanProfile
+    plural: clusterscanprofiles
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            benchmarkVersion:
+              nullable: true
+              type: string
+            skipTests:
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscanreport.yaml
new file mode 100755
index 000000000..017020a95
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.400-rc01/templates/clusterscanreport.yaml
@@ -0,0 +1,40 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanreports.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.lastRunTimestamp
+    name: LastRunTimestamp
+    type: string
+  - JSONPath: .spec.benchmarkVersion
+    name: BenchmarkVersion
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanReport
+    plural: clusterscanreports
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            benchmarkVersion:
+              nullable: true
+              type: string
+            lastRunTimestamp:
+              nullable: true
+              type: string
+            reportJSON:
+              nullable: true
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/Chart.yaml
new file mode 100755
index 000000000..e2589187b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: CIS Benchmark
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+  catalog.cattle.io/release-name: rancher-cis-benchmark
+  catalog.cattle.io/ui-component: rancher-cis-benchmark
+apiVersion: v1
+appVersion: v1.0.4
+description: The cis-operator enables running CIS benchmark security scans on a kubernetes
+  cluster
+icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+keywords:
+- security
+name: rancher-cis-benchmark
+version: 1.0.400-rc01
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/README.md
new file mode 100755
index 000000000..50beab58b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/README.md
@@ -0,0 +1,9 @@
+# Rancher CIS Benchmark Chart
+
+The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
+
+# Installation
+
+```
+helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
+```
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/app-readme.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/app-readme.md
new file mode 100755
index 000000000..5e495d605
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher CIS Benchmarks
+
+This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
+
+This chart installs the following components:
+
+- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
+- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
+- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
+- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
+- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
+    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
+    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/_helpers.tpl b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/_helpers.tpl
new file mode 100755
index 000000000..67f4ce116
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/_helpers.tpl
@@ -0,0 +1,23 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "cis.namespace" -}}
+  {{- .Release.Namespace | default "cis-operator-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux_node_tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/alertingrule.yaml
new file mode 100755
index 000000000..1787c88a0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/alertingrule.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.alerts.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: rancher-cis-pod-monitor
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  podMetricsEndpoints:
+  - port: cismetrics
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-cis-1.5.yaml
new file mode 100755
index 000000000..39e8b834a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-cis-1.5.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.5
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-cis-1.6.yaml
new file mode 100755
index 000000000..93ba064f4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-cis-1.6.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.6
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-eks-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-eks-1.0.yaml
new file mode 100755
index 000000000..bd2e32cd3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-eks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: eks-1.0
+spec:
+  clusterProvider: eks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-gke-1.0.yaml
new file mode 100755
index 000000000..72122e8c5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-gke-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: gke-1.0
+spec:
+  clusterProvider: gke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.5-hardened.yaml
new file mode 100755
index 000000000..b5627f966
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.5-permissive.yaml
new file mode 100755
index 000000000..95f80c0f0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.6-hardened.yaml
new file mode 100755
index 000000000..d75de8154
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.6-permissive.yaml
new file mode 100755
index 000000000..52428f4a7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke2-cis-1.5-hardened.yaml
new file mode 100755
index 000000000..3d83e9bd8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke2-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke2-cis-1.5-permissive.yaml
new file mode 100755
index 000000000..f66aa8f6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/benchmark-rke2-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/cis-roles.yaml
new file mode 100755
index 000000000..23c93dc65
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/cis-roles.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-admin
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-view
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/configmap.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/configmap.yaml
new file mode 100755
index 000000000..16e43f576
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/configmap.yaml
@@ -0,0 +1,14 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-clusterscanprofiles
+  namespace: {{ template "cis.namespace" . }}
+data:
+  # Default ClusterScanProfiles per cluster provider type
+  rke: |-
+    <1.16.0: rke-profile-permissive-1.5
+    >=1.16.0: rke-profile-permissive-1.6
+  rke2: "rke2-cis-1.5-profile-permissive"
+  eks: "eks-profile"
+  gke: "gke-profile"
+  default: "cis-1.6-profile"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/deployment.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/deployment.yaml
new file mode 100755
index 000000000..0d3c75e39
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/deployment.yaml
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cis-operator
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    cis.cattle.io/operator: cis-operator
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  template:
+    metadata:
+      labels:
+        cis.cattle.io/operator: cis-operator
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      containers:
+      - name: cis-operator
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
+        imagePullPolicy: Always
+        ports:
+        - name: cismetrics
+          containerPort: {{ .Values.alerts.metricsPort }}
+        env:
+        - name: SECURITY_SCAN_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
+        - name: SECURITY_SCAN_IMAGE_TAG
+          value: {{ .Values.image.securityScan.tag }}
+        - name: SONOBUOY_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
+        - name: SONOBUOY_IMAGE_TAG
+          value: {{ .Values.image.sonobuoy.tag }}
+        - name: CIS_ALERTS_METRICS_PORT
+          value: '{{ .Values.alerts.metricsPort }}'
+        - name: CIS_ALERTS_SEVERITY
+          value: {{ .Values.alerts.severity }}
+        - name: CIS_ALERTS_ENABLED
+          value: {{ .Values.alerts.enabled | default "false" | quote }}
+        - name: CLUSTER_NAME
+          value: {{ .Values.global.cattle.clusterName }}
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+      nodeSelector:
+        kubernetes.io/os: linux
+      {{- with .Values.nodeSelector }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      tolerations:
+      {{- include "linux_node_tolerations" . | nindent 8}}
+      {{- with .Values.tolerations }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/network_policy_allow_all.yaml
new file mode 100755
index 000000000..6ed5d645e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/patch_default_serviceaccount.yaml
new file mode 100755
index 000000000..1efa3ed1c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ template "cis.namespace" . }}]
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/rbac.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/rbac.yaml
new file mode 100755
index 000000000..816991f23
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/rbac.yaml
@@ -0,0 +1,43 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-operator-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cis-operator-installer
+subjects:
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-cis-1.5.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-cis-1.5.yml
new file mode 100755
index 000000000..d69ae9dd5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-cis-1.5.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.5-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.5
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-cis-1.6.yaml
new file mode 100755
index 000000000..8a8d8bf88
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.6-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.5-hardened.yml
new file mode 100755
index 000000000..4eabe158a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.5-permissive.yml
new file mode 100755
index 000000000..1f78751d1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.6-hardened.yaml
new file mode 100755
index 000000000..d38febd80
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.6-permissive.yaml
new file mode 100755
index 000000000..d31b5b0d2
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke2-cis-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke2-cis-1.5-hardened.yml
new file mode 100755
index 000000000..83eb3131e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke2-cis-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke2-cis-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke2-cis-1.5-permissive.yml
new file mode 100755
index 000000000..40dc44bdf
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofile-rke2-cis-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofileeks.yml
new file mode 100755
index 000000000..49c7e0246
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofileeks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: eks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: eks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofilegke.yml
new file mode 100755
index 000000000..2ddd0686f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/scanprofilegke.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: gke-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/serviceaccount.yaml
new file mode 100755
index 000000000..ec48ec622
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  name: cis-operator-serviceaccount
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/validate-install-crd.yaml
new file mode 100755
index 000000000..562295791
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/templates/validate-install-crd.yaml
@@ -0,0 +1,17 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/values.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/values.yaml
new file mode 100755
index 000000000..afbbe89c3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400-rc01/values.yaml
@@ -0,0 +1,45 @@
+# Default values for rancher-cis-benchmark.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  cisoperator:
+    repository: rancher/cis-operator
+    tag: v1.0.4-rc1
+  securityScan:
+    repository: rancher/security-scan
+    tag: v0.2.2
+  sonobuoy:
+    repository: rancher/mirrored-sonobuoy-sonobuoy
+    tag: v0.16.3
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+
+alerts:
+  enabled: false
+  severity: warning
+  metricsPort: 8080
diff --git a/index.yaml b/index.yaml
index bcadc0f7b..446424168 100755
--- a/index.yaml
+++ b/index.yaml
@@ -1937,6 +1937,28 @@ entries:
     - released/assets/rancher-backup/rancher-backup-crd-1.0.200.tgz
     version: 1.0.200
   rancher-cis-benchmark:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: CIS Benchmark
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+      catalog.cattle.io/release-name: rancher-cis-benchmark
+      catalog.cattle.io/ui-component: rancher-cis-benchmark
+    apiVersion: v1
+    appVersion: v1.0.4
+    created: "2021-04-06T22:40:50.996509533Z"
+    description: The cis-operator enables running CIS benchmark security scans on
+      a kubernetes cluster
+    digest: 6cf3883441691b96775bf5ef7a0a8983b4ce147651125ad5351f6d3373ebe236
+    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+    keywords:
+    - security
+    name: rancher-cis-benchmark
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.400-rc01.tgz
+    version: 1.0.400-rc01
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -2069,6 +2091,20 @@ entries:
     - released/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz
     version: 1.0.100
   rancher-cis-benchmark-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+    apiVersion: v1
+    created: "2021-04-06T22:40:50.99747654Z"
+    description: Installs the CRDs for rancher-cis-benchmark.
+    digest: c45c3c7e9a5500376c75f2c5b96f24c25abc1e0ca98524913a69ba8c0445f776
+    name: rancher-cis-benchmark-crd
+    type: application
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.400-rc01.tgz
+    version: 1.0.400-rc01
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"