From acb5cda0057ee2174aea2430d0fc163a7eef6a7a Mon Sep 17 00:00:00 2001
From: Rayan Das <rayandas91@gmail.com>
Date: Thu, 12 Jan 2023 13:40:55 +0530
Subject: [PATCH] make charts

---
 .../rancher-cis-benchmark-crd-3.0.1-rc5.tgz   | Bin 0 -> 1465 bytes
 .../rancher-cis-benchmark-3.0.1-rc5.tgz       | Bin 0 -> 6683 bytes
 .../3.0.1-rc5/Chart.yaml                      |  10 ++
 .../3.0.1-rc5/README.md                       |   2 +
 .../3.0.1-rc5/templates/clusterscan.yaml      | 148 ++++++++++++++++
 .../templates/clusterscanbenchmark.yaml       |  54 ++++++
 .../templates/clusterscanprofile.yaml         |  36 ++++
 .../templates/clusterscanreport.yaml          |  39 +++++
 .../3.0.1-rc5/Chart.yaml                      |  22 +++
 .../rancher-cis-benchmark/3.0.1-rc5/README.md |   9 +
 .../3.0.1-rc5/app-readme.md                   |  15 ++
 .../3.0.1-rc5/templates/_helpers.tpl          |  27 +++
 .../3.0.1-rc5/templates/alertingrule.yaml     |  14 ++
 .../templates/benchmark-aks-1.0.yaml          |   8 +
 .../templates/benchmark-cis-1.20.yaml         |   9 +
 .../templates/benchmark-cis-1.23.yaml         |   8 +
 .../templates/benchmark-cis-1.5.yaml          |   9 +
 .../templates/benchmark-cis-1.6.yaml          |   9 +
 .../templates/benchmark-eks-1.0.1.yaml        |   8 +
 .../templates/benchmark-gke-1.0.yaml          |   8 +
 .../benchmark-k3s-cis-1.20-hardened.yaml      |   9 +
 .../benchmark-k3s-cis-1.20-permissive.yaml    |   9 +
 .../benchmark-k3s-cis-1.23-hardened.yaml      |   8 +
 .../benchmark-k3s-cis-1.23-permissive.yaml    |   8 +
 .../benchmark-k3s-cis-1.6-hardened.yaml       |   9 +
 .../benchmark-k3s-cis-1.6-permissive.yaml     |   9 +
 .../benchmark-rke-cis-1.20-hardened.yaml      |   9 +
 .../benchmark-rke-cis-1.20-permissive.yaml    |   9 +
 .../benchmark-rke-cis-1.23-hardened.yaml      |   8 +
 .../benchmark-rke-cis-1.23-permissive.yaml    |   8 +
 .../benchmark-rke-cis-1.5-hardened.yaml       |   9 +
 .../benchmark-rke-cis-1.5-permissive.yaml     |   9 +
 .../benchmark-rke-cis-1.6-hardened.yaml       |   9 +
 .../benchmark-rke-cis-1.6-permissive.yaml     |   9 +
 .../benchmark-rke2-cis-1.20-hardened.yaml     |   9 +
 .../benchmark-rke2-cis-1.20-permissive.yaml   |   9 +
 .../benchmark-rke2-cis-1.23-hardened.yaml     |   8 +
 .../benchmark-rke2-cis-1.23-permissive.yaml   |   8 +
 .../benchmark-rke2-cis-1.5-hardened.yaml      |   9 +
 .../benchmark-rke2-cis-1.5-permissive.yaml    |   9 +
 .../benchmark-rke2-cis-1.6-hardened.yaml      |   9 +
 .../benchmark-rke2-cis-1.6-permissive.yaml    |   9 +
 .../3.0.1-rc5/templates/cis-roles.yaml        |  49 ++++++
 .../3.0.1-rc5/templates/configmap.yaml        |  18 ++
 .../templates/delete_rolebindings.yaml        |  27 +++
 .../3.0.1-rc5/templates/deployment.yaml       |  57 ++++++
 .../templates/network_policy_allow_all.yaml   |  15 ++
 .../patch_default_serviceaccount.yaml         |  29 ++++
 .../3.0.1-rc5/templates/psp.yaml              |  59 +++++++
 .../3.0.1-rc5/templates/rbac.yaml             | 162 ++++++++++++++++++
 .../templates/scanprofile-cis-1.20.yaml       |   9 +
 .../templates/scanprofile-cis-1.23.yaml       |   9 +
 .../templates/scanprofile-cis-1.6.yaml        |   9 +
 .../scanprofile-k3s-cis-1.20-hardened.yml     |   9 +
 .../scanprofile-k3s-cis-1.20-permissive.yml   |   9 +
 .../scanprofile-k3s-cis-1.23-hardened.yml     |   9 +
 .../scanprofile-k3s-cis-1.23-permissive.yml   |   9 +
 .../scanprofile-k3s-cis-1.6-hardened.yml      |   9 +
 .../scanprofile-k3s-cis-1.6-permissive.yml    |   9 +
 .../scanprofile-rke-1.20-hardened.yaml        |   9 +
 .../scanprofile-rke-1.20-permissive.yaml      |   9 +
 .../scanprofile-rke-1.23-hardened.yaml        |   9 +
 .../scanprofile-rke-1.23-permissive.yaml      |   9 +
 .../scanprofile-rke-1.6-hardened.yaml         |   9 +
 .../scanprofile-rke-1.6-permissive.yaml       |   9 +
 .../scanprofile-rke2-cis-1.20-hardened.yml    |   9 +
 .../scanprofile-rke2-cis-1.20-permissive.yml  |   9 +
 .../scanprofile-rke2-cis-1.23-hardened.yml    |   9 +
 .../scanprofile-rke2-cis-1.23-permissive.yml  |   9 +
 .../scanprofile-rke2-cis-1.6-hardened.yml     |   9 +
 .../scanprofile-rke2-cis-1.6-permissive.yml   |   9 +
 .../3.0.1-rc5/templates/scanprofileaks.yml    |   9 +
 .../3.0.1-rc5/templates/scanprofileeks.yml    |   9 +
 .../3.0.1-rc5/templates/scanprofilegke.yml    |   9 +
 .../3.0.1-rc5/templates/serviceaccount.yaml   |  14 ++
 .../templates/validate-install-crd.yaml       |  17 ++
 .../3.0.1-rc5/values.yaml                     |  49 ++++++
 index.yaml                                    |  40 +++++
 78 files changed, 1379 insertions(+)
 create mode 100644 assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.1-rc5.tgz
 create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.1-rc5.tgz
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.1-rc5/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.1-rc5/README.md
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscan.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscanbenchmark.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscanprofile.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscanreport.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/README.md
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/app-readme.md
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/_helpers.tpl
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/alertingrule.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-aks-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.20.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.23.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.5.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-eks-1.0.1.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-gke-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/cis-roles.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/configmap.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/delete_rolebindings.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/deployment.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/network_policy_allow_all.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/psp.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/rbac.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-cis-1.20.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-cis-1.23.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.20-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.20-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.23-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.23-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.20-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.20-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.23-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.23-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofileaks.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofileeks.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofilegke.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.1-rc5/values.yaml

diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.1-rc5.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.1-rc5.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..ac8ea6a4c1b954835e73b23212fb0c153ed5007e
GIT binary patch
literal 1465
zcmV;q1xETGiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI@dbE7s8&a?jt&Gp$F_(#(5Th4dwT-(cKob>v<78_d^kQix6
z&(rDu-Vu-(Fc@QF=Q`(o@mLbyO7QKs(t-xbm#F((nEo6kUxuI``&|2Pr%TY}tRM_7
z4m8(w-OJG^`E^~l{OgVfqYG~|9A90H+<|TPF5N5lg1Lt}-o;`=pfB8meU%sYKQWL}
z5s*;QOnQuQAPCgL;Xo9iBh*`tn#6-Zf5I}ZR1RAT-$yxNZ%D`ZrgDgc5KROeC(N=<
zMW}(4?wge%3@b0u7$6wz+e=^kZ*sK<k@$kz2qh=%$?N%OxE2v5|36AY5Cn$N64`Y2
z-mnLytFfG3lOtM1IAIV)f#Atq>peaD9XhV#^)(;&Ui+E0vHJKY45I)D&08MChEN+0
zaxXpD9{-*@@VsLD54_=Me2)K9SUz$f68Mc!+JDA*{MpzLeDZpaLi!UnjSZ=AhDODj
z<9mD%QX~-&B7qMCRzK4C$q~jlT$pu4_e_M`4qRvzM~M*RI@9YDA!01^nnK-ikV$J4
z#2SL4iymW!D;t>E=pJKPSSDEgY+6rV0%1@;Svj*xl{S#lu)tgk_<piB2yV5IgnFui
zIF#AU`s}Mw@)l@0VU8i7*f;?gn#I!2^H!?|5#SAkDcJK}$t@)tl69w|Vn_?QsC8iC
zFa*7FND%}D-1}ThE2s#JDIndh8(IN9fGAGsmvuucAoD1q0?^&Mp%u{Ipk)E*uXRH!
zAgSm&Rr`5Re4ICm*hbe**cn&uMTmwVEUx&E>dpq>2)SeU68$(p-!g2f<bzl^Tq}8(
zwHL{_*|Fim#B-g6d&YblD|QJJ_RqiR5Wd6^o;y{9^7{7Um*HKZnXyRQY)@j1lU$r>
z!P=_FrH%@LRqkd?#z9~oL@tW+wz0T8^u~Q_4PQTTYx$>8)!zu;umWou38mGnsfs04
zdr2Xzpe+)SEStT_*8ysp9Wv4F_re-jAD`t^g;9W1<7qwNxl#dw+zw_XC)NjHr6bh*
zD{`tKP-Um#N~0ARAuE`JG7dLe`z)uv`R1IKu5Dj(*GxJK;vGZp2EUOFjq3_l?H_e_
z&s-C7Vd>U&RC6WM9A3dfK^Rt&vx&M^x$iYdlOS7-uH)MdancylslPuX9|(`{D@0@L
zF6gLEG=fp`xIU`b-L;Qoz!5!cm7<-30<?xzsm~WC3SiZ7c0;X|-j;CcHFqoL4$p~}
z2}c8`7agdSeb%`AEzh|6G|{CzmiM4tVyk(2#QGH_>ZD4tiN0+slI^`arm0P=`)!K~
zXMp`6Y_i{TPxdG(9?mXTCMU)HF15#}eXgvfbY(}O@wE#fKd7~=|E)`<Eee4R_5Z=u
z=(1G*8xDq-=lb6%?AZ0c7s7N{2z>X9nRHiF1lLYqw=@_bcd}{SYV{=i7s)JC1WSE8
zlzKuTe~;&=B@&wK`4x~q)eqPO9=<ie*ALhMo+nItd5USt<r73371JFC9_TK4AGNd3
z{OIqxT2>-mr|0S|_vci8(zl2mI;$dlr}!1&*d6{Mo2!=jKT1y{?Op>m<bQ8G7?$$?
z;A%KJ=l@gKvGadMm=3dl{@qzc?tgaJedhn31pXydk04g|#CeZ~+7wP3%PCunDSH;Q
znstxuv0*FU+QRPOU3F(+b*~-Lt*oW~Ym8Luufm%2|8hJo>;I*9{{G`6c5MAm3Dcqc
z&l12o_0QbB{;}^!@AwZEC-ws+vSZe`Q=<KL_xa|8`}iZof4%<CK3u>5^uY=JgMBo8
z|LctgrSE^oBkx@QJBj_Y<zv@tHcR^$UxFq^OCTmTKBtWh`fR?c`=s`@S9rFwo$YLA
TtFr$B00960zJRxF05kvqtqs=J

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.1-rc5.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.1-rc5.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..65bb5b88ef55c3b2a086a02b5988a51741bf256f
GIT binary patch
literal 6683
zcmY+Jc|25q^#5muvagXWA(BzqWeY=O-^rRJB3omP4>8s#`&RaSEn6Y7jqF><F3V&m
zTXtj2yuZ`;`}^m2|GAIHeZSASulG6Ueed(!%N0e=1o?LW0mvO2bwd$bbsb6V|77kx
z6E_jDGrH$!VI(7|XJR6$W9s5$^V04=V*{kT`g0do$hK90=d5J<9=b#?*x;mFqo;6T
zHQT;P{N>W@p=+YwcJ2Kvm!9xmHO5K$HdwBeRr;Ps&Z@!;O&f~=&vVUab$+XhTUU&3
zE(Bu^VL@SSgO)*Vay(fABFN93OO=Nn!QmdJz8Yv*SmXRlA32V6H1UK(BIkBc6YR9A
z4h|hJtucEsm+`x%rT)=_1N55VU8eJTL(WYe*5o3#k8K`GCna5dz-f|t@NLVc2;LCp
z<5t?BoNAmpN^zS*D3<>M`N8bJsCFhf`geomXO2hhPZbiNU3VfD`Lss{2H20R5|wPu
zn%pRd<jFOpGjfyAucQ24qSs$#37yxpa%>JHwU^3Lu|B1{rEVHV#$CPCo^Yq^srj|=
z0gC*va5S?5jpE(6iMnimj)FyU5WPzyA($&%h2m(IV$v;#N;Ty&MRhvynQwc{-FmV%
z1qT7AcPsrdczd6TOZsh$OD00wL+!p!%o~&MG}qxnjyBct(wx?pGoeOJi9JxPr~o#g
zDm?Tl-t+gX`E1^1n*p*-3P!jmn1@OFQ9?V6C>h_zi?*-XHx$ZnQ#^r3THF|mjua0|
z;1mi8hK=zX$Xj%dl?f+Pt`v^#*N!K>eC#BCRz%8oKY94u_696f$wACx72oVl_K8gB
zwTz>TV{t`Ky5!E6!u*2Cu>-Uj0b|P+BKIB!PXPGu)%Aivtw8(^$Y>KkqO_MTq<k0<
zYyX%j&Z_>Hy2X<IZKTRIycc1uPJH><+Y}hr5AsXbe>3|sQ7N99#Yg77D-g(46z@|D
z6NojDV^aSvmTMO5WhwZj(^KSEL~q#QIsXF~Oz7>>vlPaUNhu_^;@dq1)g|&I3N8yK
zd+c|2xcF#lz}2GOY8zVB@0~Qp{;fSr$=rABHEl{VXS~q>!DxgOv#>kHcJG>h;!`}(
z_vPl_=;*onV0Z)r4HxT7u8fDo34dsN-PtfI$WQXO*CqU-A#QY<T-=&0H)szkFfVB4
z6V;P;L{3+v@ypU}DR|ScZe%9Ntw5pE*h3|izg8^1*YfGwLsYn!;Ug-Yr>81zUrCE^
z`f)o2!+(Y>6lPsrW$GKT+}Os@tJVg2{an>P6+4jeYjY{MmG<IBl+!2eMf*%cg5vaC
zp)SRkQZ*RXPhZ!{f|Ae`c0TiV`Xl_bPiF`EUtaDV3FhhAAKJl+{9DBe?#n85iP@>n
zVa?o`xlihwqEW&&j*WFwV2$SOr!!}A56ra+hv5;+U6OoXN(mmrwt%pro1SBlvYqz^
zCn+5&lA@uV@-sgJRtA-qlq1}^I4GFpDoF1WZ7j|wW4?8SvntB=O{v`ObWlgAP+pn0
ze8<~Wc8el+y^&KTNCl;JsNDUS4gI1kFB%`Q0Op()XQD;&O$-h^`%6;0-{<Aif9C#@
z^z6GkjVDja%ZOLAaxp1emIar8$Xn^@{hVidN8&Q_4dacgxLVAe&lzdlick{Q=DU`N
z2^HZBXbXAB>p-DNulK|~@76}fuGBogNmY*gyJOVtto!v;xlr=WkGWq2^w$8*d50h#
z^=gvc0*@h8c)jsDMktl~Qtr6m=<O#DZhqi<0vpw~l)tM8Id44Nx83R>Q`@@P4ymgH
ziQO)|>jfsxvO)gWv244u67v`%ok=0L=KNmSk0!zAe!K<n5!cN2ipbR=*{f+cPJ4Pi
zVpdF+QknWcNmy``8;Oq-d}bU?H6f*8M{4)2qbk_ETVLYk4`{C#yyYY>BF6>(l2eUl
zXMQ%P!8^O^s700rTcz9Ii9VX-0l`uC`#%dO^eBG}<=GT$qZ7F1tR&bF=JKxMF)}?O
z)<8b3vp`m6gSIwx*ssf?nSH>Wv1dZ+sU(S>jy_Hh{q}IG-e{J#PB@T8)OBxnOIy^g
zd@o<j<>O$TX|~R0nanX?o;HCUuQmNRjOpWfDBl74zTE5qIG?Zi+1n3pRr5*ldJe?6
zRzx1h)`&i@S<$vchW)ULqxwC1eD=i?<2=u>rZ>WTicz^?p`}0FL+QLFh!9|O!@M1P
zm(ye9!KF~RV58gAu(90p{)F#VHzZon##SnwqIatMB=%+QkFvTUiwl=;@lc|NSId_U
zNh)bxWQBynY*qbKy6vCeeol~nP#g`mG@iWXzrJI~B}CePhQWLV=PiU6E?5ld*O?ZL
zwB!k4UgcHd?v}rkv+g6OYWSx6<i{h4ML})IP7%Y`R}aU^XXWdqJeqb8ly$A-+ry~q
z?Y^sIR6&M>IJMaeF6s&blC)<PC8qj{3L?%`n*l%`w#ple?1G-lpGw`~j*Se(B1(h7
ze|W?-+Pfe_QSgGxcol_49;0fclR<&(HgI1caLpcLRQ1V#TFL|{Rl%RCn&7!uA`Vb<
z^k8_Kfc`hslY&JEEd#0dpr?y)5#dXy@~I|;*MlCSijxXFhCFrvctvl&hdgzFAo#b3
z0rt9tG(glIf|%b87jZqkFHeT|+P(nKcESakz1NGT&HU*i2?<KrQNJ4~`BZm-?+wnU
zsCyyH2WU5<pUXa>J+9CuHvRjz4=~MtZ}NS^I2h^6fch!$1|NtyKvRtOg5ztS8GqM2
z<Rj3<ege3TKwWU^_a5lvN)qT4tibF<+qppkP@4ew#jgOdeY$gQ&09*mFak_q<1x1{
zxVVZ5r`5po9A$^aQ2$v1XXLwRE1Ghyi8ECEIVKdy;4w8gREAQ(1>y}3$)`9!odcF=
z*)jo_B|+-{DJ@3B&1q_DP;~`7U@IF;@q9l(Ly6h~s3CWt+1FCeFl`qg%?db^*6pKm
zuz>Mob_V@Vm-jHB^LqtQ|G%UO1VHTm!U9!&7NDl)26kqHjtkg;a}L-$-MJv@j{`k!
zpn|lN{SndgIhg(he&h-f_G$>$-GNQ#rihRGXeb_uA>QwJA6z@fXa+U9(*xXuBqaF|
z<&Q_YNq)fr_U}Kj)*`B$t0+t*kmvh&0O+Z5Gl9c5EDDFOve)Mar?rrBQr`#0%fN;m
z(tnm?4cIeh_E1ux=V$2k%Ry>0$SLqg^$~%~2%JXDVgMWM(Do^UO(}~QDndPD?i1rB
z5X=st%>nGu#2O-&7dtqegZypS|6jw01g`%8>Is<LLrH|PVNpz{M4^5LZvoj$NNFMX
zS5QvNAe$Y+>43HZpV*nP)@VZg9*_w6HyKaNMGJfx-6|}7$^7^)#)EL`Pt4U$OgX@i
zf5i$HPkXwTUVR)7L?cj5KA2t}bGIJ?+tM&noL0L9Pa!>5VHC-M>Guw9`LwASCW*C5
zNT2eelB9le%8`f`S;<{LHgW}CCdwS<1txm8ynMA&?qZLSg?f3YnG%kvuA?ok>UA!?
z)g>ZWojCf_YJ%61f%%erhIOa~bG>qr)x#|BhkLWq<b@hf127zERXNND;<TCXan+1z
z;%4tMGHO`Ugx%v^KOAlLP4R#0$c+<wyh|bXI=Eof+J$3V7nD6uedwM12iU>KOMw4;
zCUIq_+vh0W$mg}2t5VX_^t-1mu;85z>Ih?*uBD@R+lwTxoIF#5baUb5+qzdSaWiT}
zhfE_CotPD=9QSNO0)3+6&ueBV$74>od-(brxPN}`l>KepDo7_2$+*W-oISso9F;Z9
z)5LAT#Id_VTDPcsE3VEgdn>(eeGB#{V>+xe<Hp|Q^R=}IQ_q==Aom^}Z3h?9TEZAw
zsDA}zM_6!TannrIo4#<<tJWsu#57tSpfOyt*c{br*Acxs*LukXkfBHA9mL6`Yp?%e
zv-6s1_oYa|z7yESXiC&j$YIk7=_OdENGjE~GU3~m5>_|O=12Y^gF38!oI!L1f%Nuh
zDz`z`<r0P=-2#1a?HBgxGOW!80*Os)Y@PD^zvm8pd&g(Tp^H%R@&>mhh%_aA&$GD*
z_T1kBLeUnyg9UkXzX;D4k+Ffhz0yIGu4rD>R66ZEWNkL??{_7;H*;K~G)j##EBQU@
z`#FCTuST3*cP+UzIQ79`k*TC{yLiGUMes^-vu|2kSJA*_xIiXEN67p6xmU<SyL{wX
zLQh(ISa5H{b@ota`D&hczHH~L1{;&!6yxgVm`Ae}K{5%N<vb+I9TByI|G=TqXOT(n
zq1DciMt*}?UK|&HQ-^?@8W-ZL)PNhaVfr|n%ll4mqo7yH2d#3A<JRjA)iP*$OBq&^
zw5FMT?6i1$VS93j2q%Wg-{-ZYzs`FV9erfU8{rQCy84Mv<k38o$g3SsgdG4~#0egw
z8lQrfCSS2QLTma5_SEW#9nebP82;hX8h*`BIdR40@>^=XFc&88vPTnJ+7|xBUn_2W
zsT<2>*VxV45H<esvMhDrF7Fk++kGlmW{xAZ6Xyl59xCzn`F^n!dor}(;mxP`z(OW$
z@aC^Z8*y*T5XR1=%>r$s$L@KOHwBBilf9PV=k6x`u%_X4H_!cph^+x1#QZ|D9LnDx
zyLM5<l2*R!-Dt^sT5Xd2J3OQ`<>awchI>x_T<d+{Y~#+^ck@rs>pvJYp3ubA3d&+-
zJ-SP7Sf@-N3rKM$f*Ss6bx)ow%w?ln8v=biacfKS$EyPwv!C{=Fsnui0_^<!aYX^1
z`^(|G8ERS_{CDa^m5puK?Gl@P{R#71QKq;;a%w$+vyIcvM`}B)#f-l;e2$!ZnVIa5
z&m%H?Sf=Wc!x$#7Q;h}1w|wR<E-${<);wxOH#R7sPVvV(pQ82x;TzpaY7fKc#@vk5
zSM1a8)&6XFZd1G{R_s)Tu57v2`-yGkyqm-z>UbpM2l?!^uD&ddI~c?)pH)Pp=YLMl
z-Anq(Gk|)WgvF;m!8$NXV3qD1C^rX>;t>UN1axo!sA6>)2Az1FX}S7%oTML<xo=!K
zb*gASK#Yj053UE{ST`$+sBJu<Vo$D1`aH#{N+@6|LhKl@V()A#h4TkWUTzIDJin02
z;55AAKIS-MdO3LqY@T@Rfm0$8C>3F?#o-)pPt%WA4f#BcN`6)?>%wOL!we4%mP_n8
zzcC6!{CSLwcgdXLK>n1dE_>hV1;c{~RIPjInIT!j%r*4h+4X8vEq||X1lO{TV)rW+
z&l<fRo1HPk0G#JmkmIu`1YGkNeUY4nVCX+Wp{kGZRSV`*l|V97g{rv|n$4)m1l`QG
zw(7nd>;<T_#$%a0)?1}6h5KjSam`apN=VpncAoigk5`hnvs*>zS8RB=;^i_!siDpk
z?$fY#4xz$`vY$#<3RTE8Ab)FC<2Ztns`M<#e-zG~ToYhtFig$eiq9JG{OWY0_P3$c
zlNRkOV`y6`hvkKd)lWY#eJWo=-=Eb}u*Io{8q}sLPLq1qDJLe+=-E<c?b9)K#*V7{
zR-~L(me|nio574y?dv_(U<;mXLNyioHe<WIP2MD|souRLEls|ty-8hTeoldk9l@#!
z->E8AYD=RC*~FZ|HyLN0E(%(wckaWJ_3M6Nx~PWZrUF~!0`z&^D5pfkN$$UVqt-w1
z06xYZ9>CqPiTG|*Y*SF3@wHvGJTt{#{pYDVs$M2QUG<ghXN}}dl(;nFCj|ZzEbqEi
zR{(#9S9ml7$L90c?Q|Jh*z%)?!dsgg`vbubm0i`S#ckSZo9PvyT5eu!U8A>ZkoG0-
z9g%mJ>JQn9@ZSDLp&RU2yLZo=o{z^0*?#|U@ffYffEjs-HJLV3@88*8&s_>y6O5An
zzHzB&L+v8g@QBxspI1oVD@zzJK~ZZJjyiCxgfxAj5tCtNUW}|Fm;YXx$Z1cT)Tbz$
z|6k@_Y?V(;vEZ2fy!b}KX9g*hYQV14Ya_g+gnH6vD_OBmJ_O$4weHsX;+~EYwy)ta
zS<Lh^l0QbJ#y%3;KiU$lnzuf@yXG00uV?AQvxAz=?j(O)>#7eq3ZT{+T8Xt&&=_Je
z$Lf`Jeo=V%Q2553hg!_5O0ga8)VO6IvnMW6lW)~_3kol2&OLh$V-YM1axucKWrc(w
zTC7nM{OY~@K``8mNozgv-FU6INywQyMff?K;1EB4|J?(f$hBSl&Y7uaQD4bctl3{l
z)nvX2yWM`Pv_ge^$Lj|7^~{-kRphaPH+x`TX&X@Dy{KPDNrteUAzr)(Bm+RNZIOtW
zIQ(A7A;Nz-7*BBEl~w>fF{3D#8K5B@2GZi9?dTvEM~C3@w>{J=+<PJ`r(R&LarNbD
zpka@zB;XtwCX&hdVxYzvLKr^;Z)VR?(i~<uG{g81h(TK2y9E{drr=G5S}5%WN;~J6
zY%oLav;=-r9D}w$0B?{6?rjl?F2`Q~KFE0h=*kHgmWeZjf(m{w4;-!o+8rD^CYO^C
zm!pf1t2jZBKEk4c&N0dWi2{#6^#u~<eF!MV!L$>=yOV>i>n_9iy*fs-N>IN8zPq^`
zqj;rnff~%1-W&CUdAw{{)nT0{n9wJ3To%F9kx(^NcY!4J-bbJgRBajCoB)Y_FbKVM
z1k&U|6N5w^Ap7wdGlb`g)Vx3{g4sjj<4F7*Z9wt#7(k^n0U0L&%>wGz!R3zZe*{gl
z0o-j@>OBEj0VSX_2F#P-&3y1GiuZ*IkP?8FpCHJ|4$#)Cmx%q*`V{ax!R7q;-FqP{
z&0e2(9nuv#)*r-ZybcKWA^q5#F|b@oG%d{mF*}gydvX=jzW<irO9e?eLI;2nhVd@Y
zZ4H5Q63LCPbO@v$qyKNZUOw2l-Ih%ZdFT@eJO|t{1MFr5so?Z8%o!CV+;&V1&6I+*
z-ov4Iarn6Z3q5}JQBaFJ1ng(ct-GS-h^-)k-4z8sP1T?LZwU9ZTsCH{WlOSgT@nWl
z(IjVd$NMPU1?CCz=?+kJ(<Ug}UPMHKmwROydr>{miyX|(ekGFO;|4Li7<=OQ@DvW^
zv<Bw3RdCPPu;Qu$;7-;V`mGot&f^fY5YmXR5eB<&IbQ;{)Dv8b_x#;@71R=326C1^
zEDF#j%$6@3o$lMhmw|k7XAdQZk*nr)z3rAggc1et5B)ib&A|tvT!>2k-c?w1s~qv9
zq?Rwq#Dqhg5U)6m+3Uo~%<Bv+f&V_tJK^6a2-Z<Yf@8PxT0viZFMoEwTzqa~#Ez?T
zLDFaOUoYO2g;9#4wYuGpZ$9HK@q<kf8T(-WlD+42K(^hjn`wEM-lIYvC1O0gkjdOG
zv2!f$4XD}MqpI|-D$hqr*7h!#Q~v1Hmu%?$Wlzxj6Bso%2mk4Lc8})S$FByAQ1ly>
zptxUCeG>y)ri?bwUhSSQ-=Zp`M^rw`DLFxVmmdUCH^_8rsVObMsKSdymU(DC=9FDZ
z_^CWa-8A~=d7#|A2?Z^t0k9QyXo?h?D?%m9^>3qXP|o;zDUP^uFh!o7xAlTF_rnJ%
zcuM9*(VE$(W8E5Y+twRTeKnPM7{u&*{r;;t8P@mk5FFLbR>`~(JvnK#1mzigEkRbC
zG`?beIr&8tB?YeppCMIwd<1Jc>;Owrz=8YSR52;;#o7leh_|S)4#XDKK^nD-G#1@d
zUy{k_dPROtVvFpxv3$R&dD|>qBB#+bU0D>k(@Vpu(P6f|L5u`Ce|!ZNv#>E32wGUT
zf1}68^^9FL&uRSF&kxND+iagjSacPf%9gDQ2X9)63yl=DKFihjxO);+HyDpVSi_ln
zHA)Wu{{8KDv#)dY*@8J;U){CMW;e?UumTh0U4Gi#HQGxeh`f3M6^MO6QT$ZA?KYF!
zJJLbL4SqSMjh5jS?N(8;$8o~<&ow*>JTX3~Ey&hQ{#wld2fKseTHU+;cF8wNk`Wsw
zBOWp0Pc?Nd1j$;4`_sJ_JoB$Ej@xCeq|=<iWZ?XvEUDPW`*7N{dTtj2agWplR%O6>
z+-=U!rs(-&X3Zl4f|=GO62I}-G1}Zz&R0CG*j2yuYkGOmcsP@$GN;_@K0%QGmz9^o
zSPN$#V6{;Z(k-}=SfRvo;cYL2MH^k*-{`)%mFt-V<&kZbWXS=EqAjTZ7>a&(M2p04
z*g&;Un;GpC;>i3y=6osedB=Cw_XGYlF0oA0E1OBrr}-zJLVNKSSzkj=BX)fQcUxhe
z+wPeou@8Eb>IXQ@dt6l4@*=w%){<H?#+R7n??%>-^!=H2F7nA~U=qDvJKE(EZU^B^
zV-Vgo>q=<mh4S3(m(gi^_|TT4fK_f|X)*q`u`$U?xZ(clxd`$|aUAv;o&&jnFBi@g
z&%f9DOJSmD+BmE{PxG#4*?-=;QDf?A|F7o{*0D}|FV-ad43v?-#55kfbGGQrchzAJ
z<MV@P9$R0Z(N1<beiU@+NeJx5@=ILui4}|dRC}Y%kN|m6lyBD8rlj7JE8m{aFLLL0
zMp0@gY3Mi@X=NsUr+#7Erh$Y8sxOXH-zaMlC>M`PODSq}UK`}_awH}7Yt!C5i8@ka
z)N)sL$z9>Bje21?(=VNuAa{>KG*XpRgq1Rq?Ev5Cft2Qb$Bs5-5p{e=a`Qq==lgf}
zZL>*aEpq~#e)DnaRmh-J3m~w`jT|SeP2Qtp=E%2swT2eWl^q`J;IsFwbd@~Z4tK9g
zax=J}rn{8)E<<kfy(flW_PX|_Q;iKD{78$*_t`Dlz_+BZ+<(1Xe$Ei4c`~|)eOH<V
jPQ3=hS+-))@laPA8=L*`B|t*_4+J7hJC`83P{{uPwqnDh

literal 0
HcmV?d00001

diff --git a/charts/rancher-cis-benchmark-crd/3.0.1-rc5/Chart.yaml b/charts/rancher-cis-benchmark-crd/3.0.1-rc5/Chart.yaml
new file mode 100644
index 000000000..1b6af02e7
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.1-rc5/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 3.0.1-rc5
diff --git a/charts/rancher-cis-benchmark-crd/3.0.1-rc5/README.md b/charts/rancher-cis-benchmark-crd/3.0.1-rc5/README.md
new file mode 100644
index 000000000..f6d9ef621
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.1-rc5/README.md
@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscan.yaml
new file mode 100644
index 000000000..3cbb0ffcd
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscan.yaml
@@ -0,0 +1,148 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscans.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScan
+    plural: clusterscans
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .status.lastRunScanProfileName
+      name: ClusterScanProfile
+      type: string
+    - jsonPath: .status.summary.total
+      name: Total
+      type: string
+    - jsonPath: .status.summary.pass
+      name: Pass
+      type: string
+    - jsonPath: .status.summary.fail
+      name: Fail
+      type: string
+    - jsonPath: .status.summary.skip
+      name: Skip
+      type: string
+    - jsonPath: .status.summary.warn
+      name: Warn
+      type: string
+    - jsonPath: .status.summary.notApplicable
+      name: Not Applicable
+      type: string
+    - jsonPath: .status.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.scheduledScanConfig.cronSchedule
+      name: CronSchedule
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              scanProfileName:
+                nullable: true
+                type: string
+              scheduledScanConfig:
+                nullable: true
+                properties:
+                  cronSchedule:
+                    nullable: true
+                    type: string
+                  retentionCount:
+                    type: integer
+                  scanAlertRule:
+                    nullable: true
+                    properties:
+                      alertOnComplete:
+                        type: boolean
+                      alertOnFailure:
+                        type: boolean
+                    type: object
+                type: object
+              scoreWarning:
+                enum:
+                - pass
+                - fail
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              NextScanAt:
+                nullable: true
+                type: string
+              ScanAlertingRuleName:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                nullable: true
+                properties:
+                  error:
+                    type: boolean
+                  message:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                  transitioning:
+                    type: boolean
+                type: object
+              lastRunScanProfileName:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              summary:
+                nullable: true
+                properties:
+                  fail:
+                    type: integer
+                  notApplicable:
+                    type: integer
+                  pass:
+                    type: integer
+                  skip:
+                    type: integer
+                  total:
+                    type: integer
+                  warn:
+                    type: integer
+                type: object
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscanbenchmark.yaml
new file mode 100644
index 000000000..fd291f8c3
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscanbenchmark.yaml
@@ -0,0 +1,54 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanbenchmarks.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanBenchmark
+    plural: clusterscanbenchmarks
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.clusterProvider
+      name: ClusterProvider
+      type: string
+    - jsonPath: .spec.minKubernetesVersion
+      name: MinKubernetesVersion
+      type: string
+    - jsonPath: .spec.maxKubernetesVersion
+      name: MaxKubernetesVersion
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapName
+      name: customBenchmarkConfigMapName
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapNamespace
+      name: customBenchmarkConfigMapNamespace
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              clusterProvider:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapName:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapNamespace:
+                nullable: true
+                type: string
+              maxKubernetesVersion:
+                nullable: true
+                type: string
+              minKubernetesVersion:
+                nullable: true
+                type: string
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscanprofile.yaml
new file mode 100644
index 000000000..1e75501b7
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscanprofile.yaml
@@ -0,0 +1,36 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanprofiles.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanProfile
+    plural: clusterscanprofiles
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              skipTests:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+            type: object
+        type: object
+    additionalPrinterColumns:
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
diff --git a/charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscanreport.yaml
new file mode 100644
index 000000000..6e8c0b7de
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.1-rc5/templates/clusterscanreport.yaml
@@ -0,0 +1,39 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanreports.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanReport
+    plural: clusterscanreports
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              reportJSON:
+                nullable: true
+                type: string
+            type: object
+        type: object
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/Chart.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/Chart.yaml
new file mode 100644
index 000000000..a571d30b7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: CIS Benchmark
+  catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+  catalog.cattle.io/release-name: rancher-cis-benchmark
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: rancher-cis-benchmark
+apiVersion: v1
+appVersion: v3.0.1-rc4
+description: The cis-operator enables running CIS benchmark security scans on a kubernetes
+  cluster
+icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+keywords:
+- security
+name: rancher-cis-benchmark
+version: 3.0.1-rc5
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/README.md b/charts/rancher-cis-benchmark/3.0.1-rc5/README.md
new file mode 100644
index 000000000..50beab58b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/README.md
@@ -0,0 +1,9 @@
+# Rancher CIS Benchmark Chart
+
+The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
+
+# Installation
+
+```
+helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
+```
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/app-readme.md b/charts/rancher-cis-benchmark/3.0.1-rc5/app-readme.md
new file mode 100644
index 000000000..5e495d605
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher CIS Benchmarks
+
+This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
+
+This chart installs the following components:
+
+- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
+- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
+- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
+- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
+- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
+    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
+    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/_helpers.tpl b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/_helpers.tpl
new file mode 100644
index 000000000..b7bb00042
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/_helpers.tpl
@@ -0,0 +1,27 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "cis.namespace" -}}
+  {{- .Release.Namespace | default "cis-operator-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/alertingrule.yaml
new file mode 100644
index 000000000..1787c88a0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/alertingrule.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.alerts.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: rancher-cis-pod-monitor
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  podMetricsEndpoints:
+  - port: cismetrics
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-aks-1.0.yaml
new file mode 100644
index 000000000..1ac866253
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-aks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: aks-1.0
+spec:
+  clusterProvider: aks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.20.yaml
new file mode 100644
index 000000000..1203e5bcc
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.20.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.20
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.23.yaml
new file mode 100644
index 000000000..920b556ea
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.23.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.23
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.5.yaml
new file mode 100644
index 000000000..c9e6075fb
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.5.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.5
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.6.yaml
new file mode 100644
index 000000000..4f5d66e92
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.6
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-eks-1.0.1.yaml
new file mode 100644
index 000000000..d1ba9d295
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-eks-1.0.1.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: eks-1.0.1
+spec:
+  clusterProvider: eks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-gke-1.0.yaml
new file mode 100644
index 000000000..72122e8c5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-gke-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: gke-1.0
+spec:
+  clusterProvider: gke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.20-hardened.yaml
new file mode 100644
index 000000000..147cac390
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.20-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.20-permissive.yaml
new file mode 100644
index 000000000..d9584f722
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.20-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.23-hardened.yaml
new file mode 100644
index 000000000..ee153603b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.23-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.23-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.23-permissive.yaml
new file mode 100644
index 000000000..51f2186f3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.23-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.23-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..5160cf795
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..10c075985
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-k3s-cis-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.20-hardened.yaml
new file mode 100644
index 000000000..4924679cb
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.20-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.20-permissive.yaml
new file mode 100644
index 000000000..2db66d7c6
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.20-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.23-hardened.yaml
new file mode 100644
index 000000000..f6a99698e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.23-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.23-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.23-permissive.yaml
new file mode 100644
index 000000000..a26bd63cf
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.23-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.23-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..b9154f1ad
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.5-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..9da65d55d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.5-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..77f8a31df
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..600b8df35
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke-cis-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.20-hardened.yaml
new file mode 100644
index 000000000..b6cc88359
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.20-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.20-permissive.yaml
new file mode 100644
index 000000000..fd898bfe8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.20-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.23-hardened.yaml
new file mode 100644
index 000000000..90e356d72
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.23-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.23-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.23-permissive.yaml
new file mode 100644
index 000000000..deafdbda6
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.23-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.23-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..20091ec2b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.5-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..9a86906b0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.5-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..ea2549ef3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..0afdaaa19
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/benchmark-rke2-cis-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/cis-roles.yaml
new file mode 100644
index 000000000..23c93dc65
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/cis-roles.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-admin
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-view
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/configmap.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/configmap.yaml
new file mode 100644
index 000000000..1a9cd1809
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/configmap.yaml
@@ -0,0 +1,18 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-clusterscanprofiles
+  namespace: {{ template "cis.namespace" . }}
+data:
+  # Default ClusterScanProfiles per cluster provider type
+  rke: |-
+    <1.21.0: rke-profile-permissive-1.20
+    >=1.21.0: rke-profile-permissive-1.23
+  rke2: |-
+    <1.21.0: rke2-cis-1.20-profile-permissive
+    >=1.21.0: rke2-cis-1.23-profile-permissive
+  eks: "eks-profile"
+  gke: "gke-profile"
+  aks: "aks-profile"
+  k3s: "k3s-cis-1.23-profile-permissive"
+  default: "cis-1.23-profile"
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/delete_rolebindings.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/delete_rolebindings.yaml
new file mode 100644
index 000000000..9c9946464
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/delete_rolebindings.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: delete-rolebinding
+  annotations:
+    "helm.sh/hook": pre-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      restartPolicy: Never
+      containers:
+      - name: delete-binding
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "delete", "clusterrolebinding", "cis-operator-rolebinding", "cis-operator-installer"]
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/deployment.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/deployment.yaml
new file mode 100644
index 000000000..e57dd2ff1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/deployment.yaml
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cis-operator
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    cis.cattle.io/operator: cis-operator
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  template:
+    metadata:
+      labels:
+        cis.cattle.io/operator: cis-operator
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      containers:
+      - name: cis-operator
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: cismetrics
+          containerPort: {{ .Values.alerts.metricsPort }}
+        env:
+        - name: SECURITY_SCAN_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
+        - name: SECURITY_SCAN_IMAGE_TAG
+          value: {{ .Values.image.securityScan.tag }}
+        - name: SONOBUOY_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
+        - name: SONOBUOY_IMAGE_TAG
+          value: {{ .Values.image.sonobuoy.tag }}
+        - name: CIS_ALERTS_METRICS_PORT
+          value: '{{ .Values.alerts.metricsPort }}'
+        - name: CIS_ALERTS_SEVERITY
+          value: {{ .Values.alerts.severity }}
+        - name: CIS_ALERTS_ENABLED
+          value: {{ .Values.alerts.enabled | default "false" | quote }}
+        - name: CLUSTER_NAME
+          value: '{{ .Values.global.cattle.clusterName }}'
+        - name: CIS_OPERATOR_DEBUG
+          value: '{{ .Values.image.cisoperator.debug }}'
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/network_policy_allow_all.yaml
new file mode 100644
index 000000000..6ed5d645e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 000000000..e78a6bd08
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ template "cis.namespace" . }}]
+
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/psp.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/psp.yaml
new file mode 100644
index 000000000..4cc0cecf7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/psp.yaml
@@ -0,0 +1,59 @@
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: cis-psp
+spec:
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+  - '*'
+  fsGroup:
+    rule: RunAsAny
+  hostIPC: true
+  hostNetwork: true
+  hostPID: true
+  hostPorts:
+  - max: 65535
+    min: 0
+  privileged: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cis-psp-role
+  namespace: {{ template "cis.namespace" . }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - cis-psp
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cis-psp-rolebinding
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cis-psp-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/rbac.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/rbac.yaml
new file mode 100644
index 000000000..e9caf8cff
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/rbac.yaml
@@ -0,0 +1,162 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-clusterrole
+rules:
+- apiGroups:
+  - "cis.cattle.io"
+  resources:
+  - "*"
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - "pods"
+  - "services"
+  - "configmaps"
+  - "nodes"
+  - "serviceaccounts"
+  verbs:
+  - "get"
+  - "list"
+  - "create"
+  - "update"
+  - "watch"
+  - "patch"
+- apiGroups:
+  - "batch"
+  resources:
+  - "jobs"
+  verbs:
+  - "list"
+  - "create"
+  - "patch"
+  - "update"
+  - "watch"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-scan-ns
+rules:
+{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }}
+- apiGroups:
+  - "*"
+  resources:
+  - "podsecuritypolicies"
+  verbs: 
+  - "get"
+  - "list"
+  - "watch"
+{{- end }}
+- apiGroups:
+  - ""
+  resources:
+  - "namespaces"
+  - "nodes"
+  - "pods"
+  verbs:
+  - "get"
+  - "list"
+  - "watch"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cis-operator-role
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  namespace: {{ template "cis.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - "services"
+  verbs:
+  - "watch"
+  - "list"
+  - "get"
+  - "patch"
+- apiGroups:
+  - "batch"
+  resources:
+  - "jobs"
+  verbs:
+  - "watch"
+  - "list"
+  - "get"
+  - "delete"
+- apiGroups:
+  - ""
+  resources:
+  - "configmaps"
+  - "pods"
+  - "secrets"
+  verbs:
+  - "*"
+- apiGroups:
+  - "apps"
+  resources:
+  - "daemonsets"
+  verbs:
+  - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-operator-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cis-scan-ns
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-scan-ns
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cis-operator-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-cis-1.20.yaml
new file mode 100644
index 000000000..05263ce7d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-cis-1.20.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.20-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.20
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-cis-1.23.yaml
new file mode 100644
index 000000000..c59d8f51f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-cis-1.23.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.23-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.23
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-cis-1.6.yaml
new file mode 100644
index 000000000..8a8d8bf88
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.6-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.20-hardened.yml
new file mode 100644
index 000000000..a0b6cb6f6
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.20-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.20-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.20-permissive.yml
new file mode 100644
index 000000000..89885548d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.20-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.20-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.23-hardened.yml
new file mode 100644
index 000000000..724412d3a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.23-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.23-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.23-permissive.yml
new file mode 100644
index 000000000..9f9213de1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.23-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.23-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.6-hardened.yml
new file mode 100644
index 000000000..095e977ab
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.6-permissive.yml
new file mode 100644
index 000000000..3b22a80c8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-k3s-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.20-hardened.yaml
new file mode 100644
index 000000000..c36cf38c9
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.20
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.20-permissive.yaml
new file mode 100644
index 000000000..cfeb4b34c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.20
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.23-hardened.yaml
new file mode 100644
index 000000000..007331149
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.23-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.23
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.23-permissive.yaml
new file mode 100644
index 000000000..085b60dfa
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.23-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.23
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.6-hardened.yaml
new file mode 100644
index 000000000..d38febd80
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.6-permissive.yaml
new file mode 100644
index 000000000..d31b5b0d2
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.20-hardened.yml
new file mode 100644
index 000000000..decc9b651
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.20-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.20-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.20-permissive.yml
new file mode 100644
index 000000000..74c96ffc4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.20-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.20-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.23-hardened.yml
new file mode 100644
index 000000000..abc1c2a21
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.23-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.23-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.23-permissive.yml
new file mode 100644
index 000000000..51cc519ac
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.23-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.23-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.6-hardened.yml
new file mode 100644
index 000000000..c7ac7f949
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.6-permissive.yml
new file mode 100644
index 000000000..96ca1345a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofile-rke2-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofileaks.yml
new file mode 100644
index 000000000..ea7b25b40
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofileaks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: aks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: aks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofileeks.yml
new file mode 100644
index 000000000..3b4e34437
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofileeks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: eks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: eks-1.0.1
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofilegke.yml
new file mode 100644
index 000000000..2ddd0686f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/scanprofilegke.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: gke-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ec48ec622
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  name: cis-operator-serviceaccount
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..562295791
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/templates/validate-install-crd.yaml
@@ -0,0 +1,17 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.1-rc5/values.yaml b/charts/rancher-cis-benchmark/3.0.1-rc5/values.yaml
new file mode 100644
index 000000000..791aba83f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.1-rc5/values.yaml
@@ -0,0 +1,49 @@
+# Default values for rancher-cis-benchmark.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  cisoperator:
+    repository: rancher/cis-operator
+    tag: v1.0.11-rc3
+  securityScan:
+    repository: rancher/security-scan
+    tag: v0.2.10-rc1
+  sonobuoy:
+    repository: rancher/mirrored-sonobuoy-sonobuoy
+    tag: v0.56.7
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+affinity: {}
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+
+alerts:
+  enabled: false
+  severity: warning
+  metricsPort: 8080
diff --git a/index.yaml b/index.yaml
index f7ec99755..fb72f97d8 100755
--- a/index.yaml
+++ b/index.yaml
@@ -4548,6 +4548,32 @@ entries:
     - assets/rancher-backup-crd/rancher-backup-crd-1.0.200.tgz
     version: 1.0.200
   rancher-cis-benchmark:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: CIS Benchmark
+      catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+      catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+      catalog.cattle.io/release-name: rancher-cis-benchmark
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: rancher-cis-benchmark
+    apiVersion: v1
+    appVersion: v3.0.1-rc4
+    created: "2023-01-12T13:40:40.097314705+05:30"
+    description: The cis-operator enables running CIS benchmark security scans on
+      a kubernetes cluster
+    digest: be18e5c6b28986828be6c5518e55759cd1418102377488f75a1682f01224b69c
+    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+    keywords:
+    - security
+    name: rancher-cis-benchmark
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.1-rc5.tgz
+    version: 3.0.1-rc5
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -4888,6 +4914,20 @@ entries:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz
     version: 1.0.100
   rancher-cis-benchmark-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+    apiVersion: v1
+    created: "2023-01-12T13:40:40.100107973+05:30"
+    description: Installs the CRDs for rancher-cis-benchmark.
+    digest: 232789b591d876943015b55dbea43fbee798204d4d8888bb4301623a83e9e028
+    name: rancher-cis-benchmark-crd
+    type: application
+    urls:
+    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.1-rc5.tgz
+    version: 3.0.1-rc5
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"