From a7df92a94df476a93e39423d3e55e4a8e7baa672 Mon Sep 17 00:00:00 2001
From: Vaishnav Gaikwad <vaishnavgaikwad721@gmail.com>
Date: Fri, 3 Jun 2022 18:54:46 +0530
Subject: [PATCH] make charts

---
 .../rancher-cis-benchmark-crd-2.0.5-rc1.tgz   | Bin 0 -> 1466 bytes
 .../rancher-cis-benchmark-2.0.5-rc1.tgz       | Bin 0 -> 5309 bytes
 .../2.0.5-rc1/Chart.yaml                      |  10 ++
 .../2.0.5-rc1/README.md                       |   2 +
 .../2.0.5-rc1/templates/clusterscan.yaml      | 148 ++++++++++++++++++
 .../templates/clusterscanbenchmark.yaml       |  54 +++++++
 .../templates/clusterscanprofile.yaml         |  36 +++++
 .../templates/clusterscanreport.yaml          |  39 +++++
 .../2.0.5-rc1/Chart.yaml                      |  22 +++
 .../rancher-cis-benchmark/2.0.5-rc1/README.md |   9 ++
 .../2.0.5-rc1/app-readme.md                   |  15 ++
 .../2.0.5-rc1/templates/_helpers.tpl          |  27 ++++
 .../2.0.5-rc1/templates/alertingrule.yaml     |  14 ++
 .../templates/benchmark-aks-1.0.yaml          |   8 +
 .../templates/benchmark-cis-1.5.yaml          |   8 +
 .../templates/benchmark-cis-1.6.yaml          |   8 +
 .../templates/benchmark-eks-1.0.yaml          |   8 +
 .../templates/benchmark-gke-1.0.yaml          |   8 +
 .../benchmark-k3s-cis-1.6-hardened.yaml       |   8 +
 .../benchmark-k3s-cis-1.6-permissive.yaml     |   8 +
 .../benchmark-rke-cis-1.5-hardened.yaml       |   8 +
 .../benchmark-rke-cis-1.5-permissive.yaml     |   8 +
 .../benchmark-rke-cis-1.6-hardened.yaml       |   8 +
 .../benchmark-rke-cis-1.6-permissive.yaml     |   8 +
 .../benchmark-rke2-cis-1.5-hardened.yaml      |   8 +
 .../benchmark-rke2-cis-1.5-permissive.yaml    |   8 +
 .../benchmark-rke2-cis-1.6-hardened.yaml      |   8 +
 .../benchmark-rke2-cis-1.6-permissive.yaml    |   8 +
 .../2.0.5-rc1/templates/cis-roles.yaml        |  49 ++++++
 .../2.0.5-rc1/templates/configmap.yaml        |  18 +++
 .../2.0.5-rc1/templates/deployment.yaml       |  55 +++++++
 .../templates/network_policy_allow_all.yaml   |  15 ++
 .../patch_default_serviceaccount.yaml         |  29 ++++
 .../2.0.5-rc1/templates/rbac.yaml             |  43 +++++
 .../templates/scanprofile-cis-1.5.yml         |   9 ++
 .../templates/scanprofile-cis-1.6.yaml        |   9 ++
 .../scanprofile-k3s-cis-1.6-hardened.yml      |   9 ++
 .../scanprofile-k3s-cis-1.6-permissive.yml    |   9 ++
 .../scanprofile-rke-1.5-hardened.yml          |   9 ++
 .../scanprofile-rke-1.5-permissive.yml        |   9 ++
 .../scanprofile-rke-1.6-hardened.yaml         |   9 ++
 .../scanprofile-rke-1.6-permissive.yaml       |   9 ++
 .../scanprofile-rke2-cis-1.5-hardened.yml     |   9 ++
 .../scanprofile-rke2-cis-1.5-permissive.yml   |   9 ++
 .../scanprofile-rke2-cis-1.6-hardened.yml     |   9 ++
 .../scanprofile-rke2-cis-1.6-permissive.yml   |   9 ++
 .../2.0.5-rc1/templates/scanprofileaks.yml    |   9 ++
 .../2.0.5-rc1/templates/scanprofileeks.yml    |   9 ++
 .../2.0.5-rc1/templates/scanprofilegke.yml    |   9 ++
 .../2.0.5-rc1/templates/serviceaccount.yaml   |  14 ++
 .../templates/validate-install-crd.yaml       |  17 ++
 .../2.0.5-rc1/values.yaml                     |  49 ++++++
 index.yaml                                    |  40 +++++
 53 files changed, 960 insertions(+)
 create mode 100644 assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-2.0.5-rc1.tgz
 create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.5-rc1.tgz
 create mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc1/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc1/README.md
 create mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscan.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscanbenchmark.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscanprofile.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscanreport.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/README.md
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/app-readme.md
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/_helpers.tpl
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/alertingrule.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-aks-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-cis-1.5.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-eks-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-gke-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-k3s-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-k3s-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/cis-roles.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/configmap.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/deployment.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/network_policy_allow_all.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/rbac.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-cis-1.5.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-k3s-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-k3s-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.5-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.5-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.5-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.5-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofileaks.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofileeks.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofilegke.yml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-cis-benchmark/2.0.5-rc1/values.yaml

diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-2.0.5-rc1.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-2.0.5-rc1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..f5a3c40d13f415c1714a4d12647cb1a3cb3561c5
GIT binary patch
literal 1466
zcmV;r1x5NFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>(bE7s8&a;1o=K5?72=;aSmh)XZ*Y<K5C%rze#m3eJBt{Zx
zJe~gcj)25~g)ugEu5;cOk0tS~1mAuuElA*WiE>Dp8qSf^WeoCRNM-nTx&*166~xiS
zf#$ldI}U>E*LB_cuRHRC3or14ao~=|UU1=hWA|NfLEJ+f?_#OaATQj5ebpEDKQZ83
zXwXb>H5m{>K|>@K4h5|vbeMQcQEGP2Fr1KrE7oC47KX?t<c*dozOfGB5Ti<f;)EEs
zi3BBRA%|+EG{)9TBt{4dhvw23|C?MLK*GMFR7~&*dGrP$Dk@o`v;UvC(hx<8=p~Zr
z?1LirLfWyML7OAJN^n9TNg_tGyEb@y_Uk*YGa5?j4PN`1cCqI8*BB=eXjE@$lq!u<
zQQ&*&!S?v~T;KDm@$Y+=Bkvslr?7J5K*I1zBRBt)^YF7WA^7MG9vBZNWSS~1;u$KD
zN{S!wo^h5%K#Uqf&|vf<kDn4@ltY<XNAy4?NX@{76lszPL8&vpJ`*BB3a>fTEd`#n
zCQ&LOs=62uqNp%|S&SYKQiNrOH7us}=w%QJ<)e`^qf~i=77`X%YJo7!)&|jyWL%@1
ziYSeFF|#50rUbtMy_^t7Y0#;1B2apkax>2xDehT>*AVAm&v&J?lwwHHor{XnlJP~O
z1C_=x$d#johNyyjS8C}5m4H$eq?>g^C!l*^)hYe5Zs-K09#~QVx?MMP0{R;yuK@kE
zZs-KWg}%zwejZgH=e5veqiZMZf-83{Mx`OHuJ{joXA5wG)KPSaVH#m*7&aCBo-G_I
z1-~uYt7P2l*l?lJxh%rHV7`eJvxEux=iht?U1AK+ogzVgb@S=#<!z;zkVKknuh|+W
zySUJTwb{qzjw*pw?<Rz&QDh!ODT>RsvA8ny#(nDy-#l?+<)>ilZ-sAJfia01xzVht
zNV&Fq$svrOEi#d;o4LtX5lTHfWTM;eg)uNbzVNAtlL&Q#r}c#ALPQ9BJD8E2R33zt
zj}Y^3NOc2&teuJqiAG=;w=f5J8gI4^NlAUn%_S{e+rH#(m~;`uJBHphK4}vgR~A<7
zA9c6STw{D;=+<{sQ^E5bZebzQ7+cBNMqQ)acM`bDkc~z+@ok4VX$|Sz-=9ec8jtTQ
zMy1Ry=%`L4f)f0=K5Xpn+ebFwh#s~|(M~}DQo^d%7c!MZu<ALxp_D>yOE}G%yOnc?
z=S0JVqk-!e9k9wiX<h!7XKX)B^eK<^J!qfUVxAwdenpNltCDP@Z`+C#d+(lUY7*;y
z+oH-DU_S_x?DyQ0Juu6|+2zXYq`2Ru=J>SFm5r3Pc2pW)yAbk&TF3g|x>VYs5ZF@x
z_umEMTK(_R5Bzie?-X|I`riv-dMpIKf5yzZEfvAF)7LExCP<xPS~pTWvhYPRD;2?7
z-wvgonDO7!IZBQiRq^~P$e)`B>;ex@E%40)c7UfDlU|-;UUK;i$wtL=hk*yW%ic%r
z?6W-jyRMeiNZ0GRddvMem7n}AVvo*jgzpvK5{~`hAF{dXnE#XfG}7%gU`zh@M*d|j
z|NHL(_niMvVaLw@1z~#3{^fUPmfZjBu>Z{eJqi3vs2)MA%!%_3mF`kFZ7rv4EvD>Q
z&}!E`vd4z4erqecgZK8%%IaP_q&rzh{g;@C&R>PK>Hl~%s_XyQKY#ym5<9m3=Y;7|
z{%09rllm9#UjNv4q<8!Wixc^Q64^0p+&R&HyZv%~!hQS^;=ft{XCJRVeE#Uf;lV!I
zzW?<CzxMs_DDcnqzmwQcTRwKZBD1`Y&?QJs^b#~-8=upr3PUnqHGNY1+ABQU+0J&h
Uv)Syw00030|3eJmkpMIR0BDio2><{9

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.5-rc1.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.5-rc1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..4afd257fead0c17b88800fdd6eca994f3f392135
GIT binary patch
literal 5309
zcmV;u6hiACiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBzZ`(SucmI9-DF)6yXnPRJuW<_Fo&|Dpau>PV^b|>V7YE&g
zl##|Z*D|S+RJ^`9`7Zaf+)s8vQj%p^j$djk>8=JvV@u?a9P&3aeDP2a=8aG|9+l1=
zGH)~?V%#_%5uw}}nFO!)K+R^e+3R-A-)6I!|Jyn_>Aq@p+udHbdD3fjUo~4Nolg4|
zH1|>XI*Ozs;#KpT%gQ(IJ0ZdtS42_HWWNUB5k&$%bUmU}fG*_?5-ILbCKU;SJ`@fY
z#}odK6QaCPAqNkIq63P4n!PZYPh}X8nZw8g`*41F13x7N6s8|Xcj(-skd(7Ny#C{l
zEw|Nkn@;m}VRFq@hQz}@=*sgD1yNi$awZi{3bSz8hk&x^pM`Hj6cehXlcqYJQs(oi
zEKV)>J@rvK!+T+BFn{NIK_nFl=@BLy_pQSGiQuyhhPL}eg9QdiB*yYA?6|^wY8Gl4
z**ZCj^Pn(UL>-S$Le7w>RqRPf|C-eIzEvY(IRDyqo9>AtyjIOe=?NMt^Ze5Y7y1W~
zk-GpTh=?)DhGt--C4fXP5>(B=2oE>|0(xKwh6+tj*ml&Yr@4=m3T401@U(uDZd_|K
z%%wyn8v!43+0Yd*!^;%p%KKq$jI${hzU<eWw9wj9qD?z$-q7d9dJz@t|9cWdDEDOm
z*69Csr+u2&|0liEO8=KZNANQaNE9freGUUIibu3tJAzLmDuGHM@ax&tduPDKgeZkR
z3}}El!O!RgL?GM~K`m|-hdYE&<I4xi6o(m)1Sp(@0Z}O3T8&P~5RLVrGQqw63Lr4#
zk}57{Da;yK?O+lqGSuqDZMyGjkb?8ZBWyL3B$cD}Mutn%ZM&zM3upW;;<MEpCR7M6
z(07ug>4yb&Cmpw4s|l1m5+2GvJUrF_j^J+yk&H+X%s`;WClh2oFs`(`WQZOe%)pO(
zCe00m`8q*><Q_rk&LFxoJkF#?c_a;MZ^WsGrX$rz7lXpJJx2n`fih2M!yv&M5$4&y
zLKzLK6)3WMDma@UQxc|BjUb>}=^Nf@RgOVM-bfdJMH$t~(uK=`?pyFVObJ_PNhVvw
zY-^RN+<*rGpHen7+ylyV65{_OlIHzH7r@X%DT$aJoAwKwaMOAOFA~8F?gTNi87LI+
zdM@hMZp>7h>Av|4;Du2iTFvGp{yxEp>DE^J-4%_S_%%YgX^z^_5q#i2LO|{?u<!}F
z4@62jG(yxVu5mCoK6CqI+#c@9hVCP07*QV^jQi+F4A9dCu~9oZs_92J<_Q;O0BM%*
zsZ_uRpkIO_RQHzRpm?C6f$&DRg9?=J=d?Wd<B!mCdv9xTD&zIR=ih2IG8j-s)y%RV
z2K<f$u|KE+v?#EiQmihnaY&`oa;VqM+t|>4FecGF)9v(Buo^;ff&~z_n;I`9Kw*2p
znt#6!0}@Cy_`XMBYC0u?*^x6rC8#Gqa-sV0uKBL{B2Dd!q+<J@YUjr72!jxXbXB;s
zE3j_<*J<bHf2XJIW@Z1&pofRX4{*U`BoNXmk~Z-Yt%jClf}k-sn~qQ*{LpxOtUWw9
z+B#8&P}g&rG-n;0M{VGA0{7a^K->>0-``W4Rxg-@*~~htHir81LP0jsZOq|T#2RRx
ziw?m3tMy#121}+Zg_<kP77EJL0P6o=HtIVuz(8X9rM}#XT#Fh%)c$5?iiy&MDGdT3
zzMqQ6D0E{?%+%6od3jvZN$xP<)A(^lk89;W<zgIg;!E&&6zHTNy%G9RfW~i7BQ7z^
zv9{Ek=A~ndP=>i}lLKSa3O_qT){5SEj{P{Vet?4kda4ig5Bw%BUq4QLJE&iLjYv>m
z-Pf6F$k_7PIxHH``3ybF>A5lWJ<&S-Z!9roLlFhI>wIvH{%>|qTZ{U?-8}8JD*ayu
z<@Ba?yxiF9vZ!~Qg@v36XWEaWZ0LGiAeXMkCyo17ZA_WphmYL9vMFj4RKzEWXg_Xw
zsU+mS6Z4AS$IEjM59#c1$-21k_*m1kioS6LW1rY~kY)k$z45~B16W*UYs}S8ZVDN4
z|H^uh7t9a2cBM532SVdedQ`>^W~ycWb(G9H{LdG8$yhpilD)kWScm_1-v4X2+P!N1
zzZA-&dl51zs?V*Xa^n#;UzK0RcRWT?gvS2ON4xkfOaeV$qijAYO^dF#+}4TPtpBS(
z>${-M@vl>~+>?Xgzq5@0UWNZMXutT6$H;2@n}wkY{x65N#ec6X{8#%wrO+Yp-`g4g
zy$b&&)8_cca{d3x{+B}g#Xqj||FQD_UlwhS|KS)*#Q#Y(|1X91i~o3xtj7Ovj1~T0
z5^awEaYrU|0B1ymj|~0Il)+m3ck}E2os-T<h5s^WzxXd2Bde9cxbvhl&~CaXl`=Rm
z?S_AI_E}1LztNuHdi>|-|J~L}r^0_3bU6Ia$4I3CUM_8pe=){n58&|jzt^hle<`$I
z{1=Up)#w-1WZ>CpH~b&m{<k}o{V#<MhyP9Nf29GQn|8r}3G@G6t6Kjrg${-PP3HgW
z&|mEa9-el?e+l-#Tj9S9IvoD@VgD-)aA?{J|Lxrt0Jg_}=d@X!|1X91j{oH`@+AD*
zPvZYwh5rN7j`-io0a%a!lf3=!w5s!erO*NKzo7$AX@KXXo$$Zq0>Do8zdHX@3LOmp
z8!iAmiT-N;@8Gl}{ts^dtN0J)&;jwk5BpzffCJMy{Ojj}2j3J7ZVmq1t!DoGZ?kn$
z`TwO*9{=KwcrJ<5hzt7PCisUtekY4`!8H$X#ZQ2UKcTE9q5$I`(vy(>N$@C4f0^$r
zDw;S%R1&#so@gE!Gaa0==xr$YfCgCjuJED2kPBsB-J`gZefV7W1QLbyW2i@=AAj;O
zK>H~q${W>>>qAuf>(qXQdO)SB|F*K7`N)~Mw!-H+2}5ZZ%%7W(Ir?28KI6n`y|=4T
z9I&fM+?);Qa6-bYT++9%e|WtV3}P?C<(}g7I~*<lX5(Nr|L4|W741%I?SC>94rl*c
z`g6|yw_DZzUnvypXw%DAB+Q3wURKy~gfgdCoo*AxC*eB}L7SOne2jTQh$0P>76;K5
zpk^V~K+hif@VjG_)PLCRLc0eU*C;auF<}XGx+G5c6A62kbvw&jPek(Tn@f4q0+v$u
zic{lQ_MwhrnY`92d8k`eAI@v19}<(2ET$ZH^uvWi*Gr}7ba9{cZPdL?x_WIL{(TGs
zKARx>hU);<;J<U4kN@9pcB}LM<xm#y+W(mQZ9k_yzrt<HM9|s>_7I24weH47A-eV*
z@GGfc%qP=2O~C@ojhO-@)ij?`+*1$FJda0AeOMBj6DJ@xK~jIt6rl`7#u+OVxFs7n
z8(uHSd}WwSE&YdwG}N2P>}Eo4yYm>m@c7t&GN~d%czk@lSd))Y5PakT^=5rI3#Mcy
z)Az=Go{KcoswA`;q?8K5#`De8BaTj&3HNIUlqF>M%O%`god4ze^3$)kH|J*`ZZEIS
z{&bNkDvn(F4f4x|8($RQCRMrpboQsh>O4`175y^zUq1Zu(_eo1^$=~01DmgF-$D&G
zZCb*6MYGN?Z*I@tUtE8>xxKphbbWb#bNlg^>rcy^U#}Y{ub<+5bMe;;-8WCxIA)tf
zpk7nmiw|c%y}$T*6OKu^#Y}iy6YjbWzr)vvD=aMP{a<cAU0mOOIJ+w7?yNW#W7%c`
zbuUO|X&$KQ;lTmLe<hP3<u;E-|2r_sd}In*?RgDz(aIlyGB1eyRY6_d44Zeb9LYD!
z&c4o9Xd%V#kmnW0YqXVH2z<VxZVPd5*HteYfw!=B*#v7UryrPr`|0qAqq5JFq;cA7
z%l(tD={&^~AuHGUe+<=>i}7t}^!hCc0zTFMZ{rQF+yCh-`G1{G75}ju$}i}}{Y}|$
zX(8`}ePu2D6Ej0IM)dzXhII|Ozi`_D0A)jgGF}}tPcZ+$j?YiCFj+*rw0X?u3;Xf8
zW&ILq9sbRtcj_oCI<1@PfOY#n&DQDC@4qYjmqU5{-|7CIWB$MRT>;X~pl~Fq0p#wF
z1E`NMn7DG(7;!$X_aWp`CHKc2+iy`g6vW5n<c{5JaV(hYeJ~GY<avlb`p0mG11``p
zkIiNc<t)`3i?h0KpNv(G%&v}%Kn*ID%mqJahk5M`*9<31@w~Ra)0`#tcH_%sR!?ek
z>FoTYzIsNxoHdsu>!f>pG9em3pX+e}nH@x^FOE06&1jmXKRTiQ|Kaa-5-C2>32qj~
z?<YP+_V;>xCC+2K31qxOF*N%$4yzxpwYR_3Y5;e{8}q^7J)Kb1hnIOpT}20^b@tzE
z@P6Yxfa~^uPV?u#TBq%1b^faq+S6u!cFmN8p}TlZ%hOko7UeJw1Jl!n>@}u^%g^R`
zQgVDCx6y46E#%fVl85Q>hJ74u_=z%~vf+yo%3WM1{rMUPx*~~mo@ibTV7aeX3tmQd
z|3FU}+1q@J)@mW^lApEB{7`q$O1W>`b5HMOB%UgY?Hab)lia3-nT~p*3*wu3?IEj;
zy7USBuhajT{oVNu09#svwd+64c0T@R_q6)`e<`&6`QLbFes%Q!WOKP_cDQ_Mz+Eiy
zE~0^=tPgc1BCMyAyL4=3Yic(2pId_8H*Jsq?Qa0s0sp;j<^PpJ`^SH;RQ&fU{C^W|
zga6_Pz~BD+zfNaq|L3%d|6LC46aPgA(b69Q9#$C?1|EKH*?teSEB>=T0Q}b9|8=_g
z^S|9ruR8x%3LP5%3&&l{(g2x4pIg2!owmWhFt<CLY-RgjZG!)He*d@A?p6MODYQ@g
zXAjgTV<bLze@NsP1s#5Fv3@tS3;wsU{jYZO|9hvE|6d9n3ja&LyeUfqRJMOB+8+Pg
zM*rOe|9Stv)2)90R}Ph6|9hpOznc4RO}pTKyXe2W*#B;`ivL><m16(P)Bu(J--@=x
ze^CVBZ;t=n>GYP)e^>GU%b`8vfBDz(C2ar{M;?A|>Arm08UI@>0<6V<H^2YiJ!x0*
zze=Hl<G-{GfK{=FpIgE&n|8$iRtErfvi}wSOQ8edzw`qD#gT`fTe>fwcE<mK?SH4*
z|0{(Kj{oPd|J5qM#<T_g$yjcE^xx1r{I^f@@xNQGPIdoJDYQ@gXQI;`80)&EmiyfZ
z`32J!_{UQ5U)}#*3hfjBSQ`GZ!vCIV3;Ykq8=m*c(=PaLSN6XY+9&=qA!`qe|DoB5
z{%(Z)f@v-OcZ&G5NbB%_(#`Mxw>s7RU*%9P-gn^--SbG_Jksy_AIRtR&;IN13{e<z
zZG7%Neu~!N|DFWYCkm6m2#zN<KKGZ<8vM69C;9vT+U;Jo{$C0m#bLmP3f=_B;7!2!
zI0~WuR1l3i)H9JO>QLAJ-oAw<IFFCDBNKD<4+9=CANoInPd$}+AyFkS>v?aZk?}L?
zHonykInx`;c4rYgIlD8sHaEsB=NE(x5!`bUk~<nuMNztEA1`D5Co?JO07gXq8D~j(
zZxp{#g0dmFZ{u|TFIT07B-)9}@I&UW{AO$QhudTL1OAgrC3U~WJQr&82EV3BOw$%>
zBJgWO1^Q6GPClJq|15zB1hX8=hAw<GN)uvz0&0ZdaUoEK+=Oz`S-=|+q2h3VNmBhz
zji|IQT{G;~HZSw#xuNzVsaXGCU!47Xb>U9-^E;Y#{$ID9+y8BKd%bG@R|*}$wH*O)
zet83_=7e*Nv0CkuMrX!-0~@Mbf`}M1V7<JV&(9zUR1fARE#M3Y%)O`d9v8xV7$Vaw
zHTWlCK($8&@ikkZMnr)}7~CQFe98h&eDvK~?FcTdF0he5YhS*6sf{q0q}rr#ID^{&
z$Hoh_&YE!$!C^Vi)C8C`JfFK)%A;cZlQ47y5`TjG&;e`k-)-f8|Jgb@?N<0Ng;wBS
zYUn4XHU<3xybb*Mz#8xv*pW8z@L98ZbB;_u8gK!Z`V&J1H!*{^bDbf7doxlhl>J6y
zI-R;6O$u?j7|yRBZp_t4<E>k({U;YNvChGOi;2+(THlQL6cmR@qN&&biHZasgTMg_
z{f0*ZKKtCulpABf_4uTr-y{zj_igu|4P@pLRHM=KlM_>ZMmn+Xk+wh{1bnKcp!FJO
z$dv5YY7TtP>Y91kL#js6ohdpgHJk7)IIyIHM}+yhI|33hZ$#PffB#1p{aK61g1C@B
z`5KW#xQ%(*x1cx=tj-k?lR!X5RH5!$-H{5lv&Wff9^*br{br`+_~#|n?!wtX_qx^p
z1Inlz9or$2Z9$^^bzw{Tf2I0&;Ks0Z;LH>NROi?3;+roS*Za#`%fZJ1Whh}fLZ*9O
z2|66c13k4*+0lDPB>Krio7;zEsS?hT>gkR*w!{Zw8mp5h^)anMWviQBVy0^xGg?vU
zIBCA_);necI*e@WWrHXEG-<^#Oh?okX}0?D-00mWQ;HZ4+UOECGl8+`fO>JqDh_f?
zL!iu-oHB5sXp9pW;55Caq^JepMN;v}Jm#jo(}LM@LiBCHNxhBSCKL22Q5ej0pGUeI
z6pzREyuY+a=N`&@$^>W2&0ZnqG<%Vt7k!z8k>VN_v1*&c28e_y27&&oGn<8yTwjGm
zkO?XjGVZo-k?*|fOA^+CISWuIUB&BE?oOiHU(1|#N5U|mo~>knN@_TpR+1D9W<VPU
zPI@EsqX3W15R!T}W$&%A$jU<9t=Wj)mqtOrlrW{`XYEIlOK}5i4Cp=TDWc($D>#9X
zJT{CN+7W?FMgpxMKhGO?#TixH%zJee6H#oT;U_5vhs3#KUB4hJDj^i<T9{S<%s0LN
z`5Hac?UCluHIEc-V_{a7zc8R0N9N^(Ff!CWn|b%vOs|u4R!*jqc%)*HC*5-9`&9EG
zK`>hstV9K0Y~sFIIQU`}0)h>B4!@pVz1N5h7N+A|fDPuKo16a|InWhVR8d9WDg9pn
P00960y#YfY0M-BiRL7%N

literal 0
HcmV?d00001

diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc1/Chart.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc1/Chart.yaml
new file mode 100644
index 000000000..64e0aee31
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/2.0.5-rc1/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 2.0.5-rc1
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc1/README.md b/charts/rancher-cis-benchmark-crd/2.0.5-rc1/README.md
new file mode 100644
index 000000000..f6d9ef621
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/2.0.5-rc1/README.md
@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscan.yaml
new file mode 100644
index 000000000..3cbb0ffcd
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscan.yaml
@@ -0,0 +1,148 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscans.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScan
+    plural: clusterscans
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .status.lastRunScanProfileName
+      name: ClusterScanProfile
+      type: string
+    - jsonPath: .status.summary.total
+      name: Total
+      type: string
+    - jsonPath: .status.summary.pass
+      name: Pass
+      type: string
+    - jsonPath: .status.summary.fail
+      name: Fail
+      type: string
+    - jsonPath: .status.summary.skip
+      name: Skip
+      type: string
+    - jsonPath: .status.summary.warn
+      name: Warn
+      type: string
+    - jsonPath: .status.summary.notApplicable
+      name: Not Applicable
+      type: string
+    - jsonPath: .status.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.scheduledScanConfig.cronSchedule
+      name: CronSchedule
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              scanProfileName:
+                nullable: true
+                type: string
+              scheduledScanConfig:
+                nullable: true
+                properties:
+                  cronSchedule:
+                    nullable: true
+                    type: string
+                  retentionCount:
+                    type: integer
+                  scanAlertRule:
+                    nullable: true
+                    properties:
+                      alertOnComplete:
+                        type: boolean
+                      alertOnFailure:
+                        type: boolean
+                    type: object
+                type: object
+              scoreWarning:
+                enum:
+                - pass
+                - fail
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              NextScanAt:
+                nullable: true
+                type: string
+              ScanAlertingRuleName:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                nullable: true
+                properties:
+                  error:
+                    type: boolean
+                  message:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                  transitioning:
+                    type: boolean
+                type: object
+              lastRunScanProfileName:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              summary:
+                nullable: true
+                properties:
+                  fail:
+                    type: integer
+                  notApplicable:
+                    type: integer
+                  pass:
+                    type: integer
+                  skip:
+                    type: integer
+                  total:
+                    type: integer
+                  warn:
+                    type: integer
+                type: object
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscanbenchmark.yaml
new file mode 100644
index 000000000..fd291f8c3
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscanbenchmark.yaml
@@ -0,0 +1,54 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanbenchmarks.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanBenchmark
+    plural: clusterscanbenchmarks
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.clusterProvider
+      name: ClusterProvider
+      type: string
+    - jsonPath: .spec.minKubernetesVersion
+      name: MinKubernetesVersion
+      type: string
+    - jsonPath: .spec.maxKubernetesVersion
+      name: MaxKubernetesVersion
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapName
+      name: customBenchmarkConfigMapName
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapNamespace
+      name: customBenchmarkConfigMapNamespace
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              clusterProvider:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapName:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapNamespace:
+                nullable: true
+                type: string
+              maxKubernetesVersion:
+                nullable: true
+                type: string
+              minKubernetesVersion:
+                nullable: true
+                type: string
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscanprofile.yaml
new file mode 100644
index 000000000..1e75501b7
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscanprofile.yaml
@@ -0,0 +1,36 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanprofiles.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanProfile
+    plural: clusterscanprofiles
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              skipTests:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+            type: object
+        type: object
+    additionalPrinterColumns:
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
diff --git a/charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscanreport.yaml
new file mode 100644
index 000000000..6e8c0b7de
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/2.0.5-rc1/templates/clusterscanreport.yaml
@@ -0,0 +1,39 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanreports.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanReport
+    plural: clusterscanreports
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              reportJSON:
+                nullable: true
+                type: string
+            type: object
+        type: object
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/Chart.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/Chart.yaml
new file mode 100644
index 000000000..4a59dd32a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: CIS Benchmark
+  catalog.cattle.io/kube-version: '>=1.16.0-0'
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+  catalog.cattle.io/rancher-version: '>= 2.6.0-0'
+  catalog.cattle.io/release-name: rancher-cis-benchmark
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: rancher-cis-benchmark
+apiVersion: v1
+appVersion: v2.0.5-rc1
+description: The cis-operator enables running CIS benchmark security scans on a kubernetes
+  cluster
+icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+keywords:
+- security
+name: rancher-cis-benchmark
+version: 2.0.5-rc1
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/README.md b/charts/rancher-cis-benchmark/2.0.5-rc1/README.md
new file mode 100644
index 000000000..50beab58b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/README.md
@@ -0,0 +1,9 @@
+# Rancher CIS Benchmark Chart
+
+The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
+
+# Installation
+
+```
+helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
+```
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/app-readme.md b/charts/rancher-cis-benchmark/2.0.5-rc1/app-readme.md
new file mode 100644
index 000000000..5e495d605
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher CIS Benchmarks
+
+This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
+
+This chart installs the following components:
+
+- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
+- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
+- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
+- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
+- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
+    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
+    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/_helpers.tpl b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/_helpers.tpl
new file mode 100644
index 000000000..b7bb00042
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/_helpers.tpl
@@ -0,0 +1,27 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "cis.namespace" -}}
+  {{- .Release.Namespace | default "cis-operator-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/alertingrule.yaml
new file mode 100644
index 000000000..1787c88a0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/alertingrule.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.alerts.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: rancher-cis-pod-monitor
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  podMetricsEndpoints:
+  - port: cismetrics
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-aks-1.0.yaml
new file mode 100644
index 000000000..1ac866253
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-aks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: aks-1.0
+spec:
+  clusterProvider: aks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-cis-1.5.yaml
new file mode 100644
index 000000000..39e8b834a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-cis-1.5.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.5
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-cis-1.6.yaml
new file mode 100644
index 000000000..93ba064f4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-cis-1.6.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.6
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-eks-1.0.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-eks-1.0.yaml
new file mode 100644
index 000000000..bd2e32cd3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-eks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: eks-1.0
+spec:
+  clusterProvider: eks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-gke-1.0.yaml
new file mode 100644
index 000000000..72122e8c5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-gke-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: gke-1.0
+spec:
+  clusterProvider: gke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-k3s-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..3ca9b6009
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-k3s-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-k3s-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..6d4253c6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-k3s-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..b5627f966
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..95f80c0f0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..d75de8154
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..52428f4a7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..3d83e9bd8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..f66aa8f6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..3593bf371
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..522f846ae
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/benchmark-rke2-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/cis-roles.yaml
new file mode 100644
index 000000000..23c93dc65
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/cis-roles.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-admin
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-view
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/configmap.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/configmap.yaml
new file mode 100644
index 000000000..3de10e55e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/configmap.yaml
@@ -0,0 +1,18 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-clusterscanprofiles
+  namespace: {{ template "cis.namespace" . }}
+data:
+  # Default ClusterScanProfiles per cluster provider type
+  rke: |-
+    <1.16.0: rke-profile-permissive-1.5
+    >=1.16.0: rke-profile-permissive-1.6
+  rke2: |-
+    <1.20.5: rke2-cis-1.5-profile-permissive
+    >=1.20.5: rke2-cis-1.6-profile-permissive
+  eks: "eks-profile"
+  gke: "gke-profile"
+  aks: "aks-profile"
+  k3s: "k3s-cis-1.6-profile-permissive"
+  default: "cis-1.6-profile"
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/deployment.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/deployment.yaml
new file mode 100644
index 000000000..ab0bb3e24
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/deployment.yaml
@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cis-operator
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    cis.cattle.io/operator: cis-operator
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  template:
+    metadata:
+      labels:
+        cis.cattle.io/operator: cis-operator
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      containers:
+      - name: cis-operator
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
+        imagePullPolicy: Always
+        ports:
+        - name: cismetrics
+          containerPort: {{ .Values.alerts.metricsPort }}
+        env:
+        - name: SECURITY_SCAN_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
+        - name: SECURITY_SCAN_IMAGE_TAG
+          value: {{ .Values.image.securityScan.tag }}
+        - name: SONOBUOY_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
+        - name: SONOBUOY_IMAGE_TAG
+          value: {{ .Values.image.sonobuoy.tag }}
+        - name: CIS_ALERTS_METRICS_PORT
+          value: '{{ .Values.alerts.metricsPort }}'
+        - name: CIS_ALERTS_SEVERITY
+          value: {{ .Values.alerts.severity }}
+        - name: CIS_ALERTS_ENABLED
+          value: {{ .Values.alerts.enabled | default "false" | quote }}
+        - name: CLUSTER_NAME
+          value: '{{ .Values.global.cattle.clusterName }}'
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/network_policy_allow_all.yaml
new file mode 100644
index 000000000..6ed5d645e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 000000000..e78a6bd08
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ template "cis.namespace" . }}]
+
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/rbac.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/rbac.yaml
new file mode 100644
index 000000000..4ff88ea5f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/rbac.yaml
@@ -0,0 +1,43 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-operator-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cis-operator-installer
+subjects:
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-cis-1.5.yml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-cis-1.5.yml
new file mode 100644
index 000000000..d69ae9dd5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-cis-1.5.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.5-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.5
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-cis-1.6.yaml
new file mode 100644
index 000000000..8a8d8bf88
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.6-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-k3s-cis-1.6-hardened.yml
new file mode 100644
index 000000000..095e977ab
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-k3s-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-k3s-cis-1.6-permissive.yml
new file mode 100644
index 000000000..3b22a80c8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-k3s-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.5-hardened.yml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.5-hardened.yml
new file mode 100644
index 000000000..4eabe158a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.5-permissive.yml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.5-permissive.yml
new file mode 100644
index 000000000..1f78751d1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.6-hardened.yaml
new file mode 100644
index 000000000..d38febd80
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.6-permissive.yaml
new file mode 100644
index 000000000..d31b5b0d2
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.5-hardened.yml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.5-hardened.yml
new file mode 100644
index 000000000..83eb3131e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-hardened
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.5-permissive.yml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.5-permissive.yml
new file mode 100644
index 000000000..40dc44bdf
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.6-hardened.yml
new file mode 100644
index 000000000..c7ac7f949
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.6-permissive.yml
new file mode 100644
index 000000000..96ca1345a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofile-rke2-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofileaks.yml
new file mode 100644
index 000000000..ea7b25b40
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofileaks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: aks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: aks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofileeks.yml
new file mode 100644
index 000000000..49c7e0246
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofileeks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: eks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: eks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofilegke.yml
new file mode 100644
index 000000000..2ddd0686f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/scanprofilegke.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: gke-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ec48ec622
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  name: cis-operator-serviceaccount
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..562295791
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/templates/validate-install-crd.yaml
@@ -0,0 +1,17 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/2.0.5-rc1/values.yaml b/charts/rancher-cis-benchmark/2.0.5-rc1/values.yaml
new file mode 100644
index 000000000..ebe721f3e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/2.0.5-rc1/values.yaml
@@ -0,0 +1,49 @@
+# Default values for rancher-cis-benchmark.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  cisoperator:
+    repository: rancher/cis-operator
+    tag: v1.0.8
+  securityScan:
+    repository: rancher/security-scan
+    tag: v0.2.7
+  sonobuoy:
+    repository: rancher/mirrored-sonobuoy-sonobuoy
+    tag: v0.53.2
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+affinity: {}
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+
+alerts:
+  enabled: false
+  severity: warning
+  metricsPort: 8080
diff --git a/index.yaml b/index.yaml
index c10366042..c8ca99069 100755
--- a/index.yaml
+++ b/index.yaml
@@ -2476,6 +2476,32 @@ entries:
     - assets/rancher-backup-crd/rancher-backup-crd-1.0.200.tgz
     version: 1.0.200
   rancher-cis-benchmark:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: CIS Benchmark
+      catalog.cattle.io/kube-version: '>=1.16.0-0'
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+      catalog.cattle.io/rancher-version: '>= 2.6.0-0'
+      catalog.cattle.io/release-name: rancher-cis-benchmark
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: rancher-cis-benchmark
+    apiVersion: v1
+    appVersion: v2.0.5-rc1
+    created: "2022-06-03T18:54:28.416733785+05:30"
+    description: The cis-operator enables running CIS benchmark security scans on
+      a kubernetes cluster
+    digest: 9231bd471d503588fa89924bcf2a27c4df1f8bf0079e2cabae63a9141441925b
+    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+    keywords:
+    - security
+    name: rancher-cis-benchmark
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.5-rc1.tgz
+    version: 2.0.5-rc1
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -2739,6 +2765,20 @@ entries:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz
     version: 1.0.100
   rancher-cis-benchmark-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+    apiVersion: v1
+    created: "2022-06-03T18:54:28.418324636+05:30"
+    description: Installs the CRDs for rancher-cis-benchmark.
+    digest: de4e68740a96c6ffb274850cde401dfb499fa998030e384f5cddeec1dab16e22
+    name: rancher-cis-benchmark-crd
+    type: application
+    urls:
+    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-2.0.5-rc1.tgz
+    version: 2.0.5-rc1
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"