andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2475 from rayandas/rbac-fix 

Updated RBAC and CIS-Benchmark version to fix RKE1 and RKE2 hardened cluster checks
pull/2487/head
Rayan Das 2023-03-17 08:31:26 +05:30 committed by GitHub
parent c587aee1a6 64970c5ce4
commit aea49425bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
85 changed files with 105 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.0.0-rc3.tgz
View File

Binary file not shown.

BIN
assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.0.0-rc4.tgz Normal file
View File

Binary file not shown.

BIN
assets/rancher-cis-benchmark/rancher-cis-benchmark-4.0.0-rc3.tgz
View File

Binary file not shown.

BIN
assets/rancher-cis-benchmark/rancher-cis-benchmark-4.0.0-rc4.tgz Normal file
View File

Binary file not shown.

2
charts/rancher-cis-benchmark-crd/4.0.0-rc3/Chart.yaml → charts/rancher-cis-benchmark-crd/4.0.0-rc4/Chart.yaml
View File

@ -7,4 +7,4 @@ apiVersion: v1
description: Installs the CRDs for rancher-cis-benchmark. description: Installs the CRDs for rancher-cis-benchmark.
name: rancher-cis-benchmark-crd name: rancher-cis-benchmark-crd
type: application type: application
version: 4.0.0-rc3 version: 4.0.0-rc4

0
charts/rancher-cis-benchmark-crd/4.0.0-rc3/README.md → charts/rancher-cis-benchmark-crd/4.0.0-rc4/README.md
View File

0
charts/rancher-cis-benchmark-crd/4.0.0-rc3/templates/clusterscan.yaml → charts/rancher-cis-benchmark-crd/4.0.0-rc4/templates/clusterscan.yaml
View File

0
charts/rancher-cis-benchmark-crd/4.0.0-rc3/templates/clusterscanbenchmark.yaml → charts/rancher-cis-benchmark-crd/4.0.0-rc4/templates/clusterscanbenchmark.yaml
View File

0
charts/rancher-cis-benchmark-crd/4.0.0-rc3/templates/clusterscanprofile.yaml → charts/rancher-cis-benchmark-crd/4.0.0-rc4/templates/clusterscanprofile.yaml
View File

0
charts/rancher-cis-benchmark-crd/4.0.0-rc3/templates/clusterscanreport.yaml → charts/rancher-cis-benchmark-crd/4.0.0-rc4/templates/clusterscanreport.yaml
View File

4
charts/rancher-cis-benchmark/4.0.0-rc3/Chart.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/Chart.yaml
View File

@ -12,11 +12,11 @@ annotations:
catalog.cattle.io/type: cluster-tool catalog.cattle.io/type: cluster-tool
catalog.cattle.io/ui-component: rancher-cis-benchmark catalog.cattle.io/ui-component: rancher-cis-benchmark
apiVersion: v1 apiVersion: v1
appVersion: v4.0.0-rc2 appVersion: v4.0.0-rc4
description: The cis-operator enables running CIS benchmark security scans on a kubernetes description: The cis-operator enables running CIS benchmark security scans on a kubernetes
cluster cluster
icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
keywords: keywords:
- security - security
name: rancher-cis-benchmark name: rancher-cis-benchmark
version: 4.0.0-rc3 version: 4.0.0-rc4

0
charts/rancher-cis-benchmark/4.0.0-rc3/README.md → charts/rancher-cis-benchmark/4.0.0-rc4/README.md
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/app-readme.md → charts/rancher-cis-benchmark/4.0.0-rc4/app-readme.md
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/_helpers.tpl → charts/rancher-cis-benchmark/4.0.0-rc4/templates/_helpers.tpl
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/alertingrule.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/alertingrule.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-aks-1.0.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-aks-1.0.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-cis-1.20.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-cis-1.20.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-cis-1.23.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-cis-1.23.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-cis-1.5.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-cis-1.5.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-cis-1.6.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-cis-1.6.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-eks-1.0.1.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-eks-1.0.1.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-gke-1.0.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-gke-1.0.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-k3s-cis-1.20-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-k3s-cis-1.20-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-k3s-cis-1.20-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-k3s-cis-1.20-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-k3s-cis-1.23-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-k3s-cis-1.23-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-k3s-cis-1.23-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-k3s-cis-1.23-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-k3s-cis-1.6-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-k3s-cis-1.6-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-k3s-cis-1.6-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-k3s-cis-1.6-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke-cis-1.20-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke-cis-1.20-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke-cis-1.20-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke-cis-1.20-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke-cis-1.23-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke-cis-1.23-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke-cis-1.23-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke-cis-1.23-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke-cis-1.5-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke-cis-1.5-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke-cis-1.5-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke-cis-1.5-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke-cis-1.6-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke-cis-1.6-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke-cis-1.6-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke-cis-1.6-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke2-cis-1.20-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke2-cis-1.20-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke2-cis-1.20-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke2-cis-1.20-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke2-cis-1.23-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke2-cis-1.23-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke2-cis-1.23-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke2-cis-1.23-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke2-cis-1.5-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke2-cis-1.5-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke2-cis-1.5-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke2-cis-1.5-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke2-cis-1.6-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke2-cis-1.6-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/benchmark-rke2-cis-1.6-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/benchmark-rke2-cis-1.6-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/cis-roles.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/cis-roles.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/configmap.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/configmap.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/deployment.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/deployment.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/network_policy_allow_all.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/network_policy_allow_all.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/patch_default_serviceaccount.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/patch_default_serviceaccount.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/psp.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/psp.yaml
View File

43
charts/rancher-cis-benchmark/4.0.0-rc3/templates/rbac.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/rbac.yaml
View File

@ -27,6 +27,15 @@ rules:
- "update" - "update"
- "watch" - "watch"
- "patch" - "patch"
- apiGroups:
- "rbac.authorization.k8s.io"
resources:
- "rolebindings"
- "clusterrolebindings"
- "clusterroles"
verbs:
- "get"
- "list"
- apiGroups: - apiGroups:
- "batch" - "batch"
resources: resources:
@ -62,10 +71,44 @@ rules:
- "namespaces" - "namespaces"
- "nodes" - "nodes"
- "pods" - "pods"
- "serviceaccounts"
- "services"
- "replicationcontrollers"
verbs: verbs:
- "get" - "get"
- "list" - "list"
- "watch" - "watch"
- apiGroups:
- "rbac.authorization.k8s.io"
resources:
- "rolebindings"
- "clusterrolebindings"
- "clusterroles"
verbs:
- "get"
- "list"
- apiGroups:
- "batch"
resources:
- "jobs"
- "cronjobs"
verbs:
- "list"
- apiGroups:
- "apps"
resources:
- "daemonsets"
- "deployments"
- "replicasets"
- "statefulsets"
verbs:
- "list"
- apiGroups:
- "autoscaling"
resources:
- "horizontalpodautoscalers"
verbs:
- "list"
- apiGroups: - apiGroups:
- "networking.k8s.io" - "networking.k8s.io"
resources: resources:

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-cis-1.20.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-cis-1.20.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-cis-1.23.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-cis-1.23.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-cis-1.6.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-cis-1.6.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-k3s-cis-1.20-hardened.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-k3s-cis-1.20-hardened.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-k3s-cis-1.20-permissive.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-k3s-cis-1.20-permissive.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-k3s-cis-1.23-hardened.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-k3s-cis-1.23-hardened.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-k3s-cis-1.23-permissive.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-k3s-cis-1.23-permissive.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-k3s-cis-1.6-hardened.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-k3s-cis-1.6-hardened.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-k3s-cis-1.6-permissive.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-k3s-cis-1.6-permissive.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-rke-1.20-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-rke-1.20-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-rke-1.20-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-rke-1.20-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-rke-1.23-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-rke-1.23-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-rke-1.23-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-rke-1.23-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-rke-1.6-hardened.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-rke-1.6-hardened.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-rke-1.6-permissive.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-rke-1.6-permissive.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-rke2-cis-1.20-hardened.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-rke2-cis-1.20-hardened.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-rke2-cis-1.20-permissive.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-rke2-cis-1.20-permissive.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-rke2-cis-1.23-hardened.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-rke2-cis-1.23-hardened.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-rke2-cis-1.23-permissive.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-rke2-cis-1.23-permissive.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-rke2-cis-1.6-hardened.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-rke2-cis-1.6-hardened.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofile-rke2-cis-1.6-permissive.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofile-rke2-cis-1.6-permissive.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofileaks.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofileaks.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofileeks.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofileeks.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/scanprofilegke.yml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/scanprofilegke.yml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/serviceaccount.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/serviceaccount.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/validate-install-crd.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/validate-install-crd.yaml
View File

0
charts/rancher-cis-benchmark/4.0.0-rc3/templates/validate-psp-install.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/templates/validate-psp-install.yaml
View File

2
charts/rancher-cis-benchmark/4.0.0-rc3/values.yaml → charts/rancher-cis-benchmark/4.0.0-rc4/values.yaml
View File

@ -8,7 +8,7 @@ image:
tag: v1.0.11-rc5 tag: v1.0.11-rc5
securityScan: securityScan:
repository: rancher/security-scan repository: rancher/security-scan
tag: v0.2.10-rc4 tag: v0.2.10-rc5
sonobuoy: sonobuoy:
repository: rancher/mirrored-sonobuoy-sonobuoy repository: rancher/mirrored-sonobuoy-sonobuoy
tag: v0.56.7 tag: v0.56.7

18
index.yaml
View File

@ -4778,18 +4778,18 @@ entries:
catalog.cattle.io/type: cluster-tool catalog.cattle.io/type: cluster-tool
catalog.cattle.io/ui-component: rancher-cis-benchmark catalog.cattle.io/ui-component: rancher-cis-benchmark
apiVersion: v1 apiVersion: v1
appVersion: v4.0.0-rc2 appVersion: v4.0.0-rc4
created: "2023-02-24T21:48:13.844237643+05:30" created: "2023-03-15T19:25:24.054694085+05:30"
description: The cis-operator enables running CIS benchmark security scans on description: The cis-operator enables running CIS benchmark security scans on
a kubernetes cluster a kubernetes cluster
digest: 405e1ad8a84dae7762cc9b054752581f9c0251b126666124cc1d98c230eb1f3a digest: bb92b2857673042797bbd2b604b5d86e6e4369a56b52644b6b856c72990a3588
icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
keywords: keywords:
- security - security
name: rancher-cis-benchmark name: rancher-cis-benchmark
urls: urls:
- assets/rancher-cis-benchmark/rancher-cis-benchmark-4.0.0-rc3.tgz - assets/rancher-cis-benchmark/rancher-cis-benchmark-4.0.0-rc4.tgz
version: 4.0.0-rc3 version: 4.0.0-rc4
- annotations: - annotations:
catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
catalog.cattle.io/certified: rancher catalog.cattle.io/certified: rancher
@ -5162,14 +5162,14 @@ entries:
catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/namespace: cis-operator-system
catalog.cattle.io/release-name: rancher-cis-benchmark-crd catalog.cattle.io/release-name: rancher-cis-benchmark-crd
apiVersion: v1 apiVersion: v1
created: "2023-02-24T21:48:13.84813815+05:30" created: "2023-03-15T19:25:24.059018377+05:30"
description: Installs the CRDs for rancher-cis-benchmark. description: Installs the CRDs for rancher-cis-benchmark.
digest: 6d381054b12087d187c3b9d5b1df66146f3c342aa92843010eeace629242e0f1 digest: 7dab1f92fd632b14e954f5e0ad6adee58a5f0d48f2b537fdd1c767d120cf0fad
name: rancher-cis-benchmark-crd name: rancher-cis-benchmark-crd
type: application type: application
urls: urls:
- assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.0.0-rc3.tgz - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.0.0-rc4.tgz
version: 4.0.0-rc3 version: 4.0.0-rc4
- annotations: - annotations:
catalog.cattle.io/certified: rancher catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true" catalog.cattle.io/hidden: "true"

4
packages/rancher-cis-benchmark/charts/Chart.yaml
View File

@ -12,11 +12,11 @@ annotations:
catalog.cattle.io/type: cluster-tool catalog.cattle.io/type: cluster-tool
catalog.cattle.io/ui-component: rancher-cis-benchmark catalog.cattle.io/ui-component: rancher-cis-benchmark
apiVersion: v1 apiVersion: v1
appVersion: v4.0.0-rc2 appVersion: v4.0.0-rc4
description: The cis-operator enables running CIS benchmark security scans on a kubernetes description: The cis-operator enables running CIS benchmark security scans on a kubernetes
cluster cluster
icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
keywords: keywords:
- security - security
name: rancher-cis-benchmark name: rancher-cis-benchmark
version: 4.0.0-rc2 version: 4.0.0-rc4

43
packages/rancher-cis-benchmark/charts/templates/rbac.yaml
View File

@ -27,6 +27,15 @@ rules:
- "update" - "update"
- "watch" - "watch"
- "patch" - "patch"
- apiGroups:
- "rbac.authorization.k8s.io"
resources:
- "rolebindings"
- "clusterrolebindings"
- "clusterroles"
verbs:
- "get"
- "list"
- apiGroups: - apiGroups:
- "batch" - "batch"
resources: resources:
@ -62,10 +71,44 @@ rules:
- "namespaces" - "namespaces"
- "nodes" - "nodes"
- "pods" - "pods"
- "serviceaccounts"
- "services"
- "replicationcontrollers"
verbs: verbs:
- "get" - "get"
- "list" - "list"
- "watch" - "watch"
- apiGroups:
- "rbac.authorization.k8s.io"
resources:
- "rolebindings"
- "clusterrolebindings"
- "clusterroles"
verbs:
- "get"
- "list"
- apiGroups:
- "batch"
resources:
- "jobs"
- "cronjobs"
verbs:
- "list"
- apiGroups:
- "apps"
resources:
- "daemonsets"
- "deployments"
- "replicasets"
- "statefulsets"
verbs:
- "list"
- apiGroups:
- "autoscaling"
resources:
- "horizontalpodautoscalers"
verbs:
- "list"
- apiGroups: - apiGroups:
- "networking.k8s.io" - "networking.k8s.io"
resources: resources:

2
packages/rancher-cis-benchmark/charts/values.yaml
View File

@ -8,7 +8,7 @@ image:
tag: v1.0.11-rc5 tag: v1.0.11-rc5
securityScan: securityScan:
repository: rancher/security-scan repository: rancher/security-scan
tag: v0.2.10-rc4 tag: v0.2.10-rc5
sonobuoy: sonobuoy:
repository: rancher/mirrored-sonobuoy-sonobuoy repository: rancher/mirrored-sonobuoy-sonobuoy
tag: v0.56.7 tag: v0.56.7

2
packages/rancher-cis-benchmark/package.yaml
View File

@ -1,5 +1,5 @@
url: local url: local
version: 4.0.0-rc3 version: 4.0.0-rc4
additionalCharts: additionalCharts:
- workingDir: charts-crd - workingDir: charts-crd
crdOptions: crdOptions:

4
release.yaml
View File

@ -38,10 +38,10 @@ rancher-backup:
rancher-backup-crd: rancher-backup-crd:
- 102.0.0+up3.1.0-rc2 - 102.0.0+up3.1.0-rc2
rancher-cis-benchmark: rancher-cis-benchmark:
- 4.0.0-rc3 - 4.0.0-rc4
- 2.1.1 - 2.1.1
rancher-cis-benchmark-crd: rancher-cis-benchmark-crd:
- 4.0.0-rc3 - 4.0.0-rc4
- 2.1.1 - 2.1.1
rancher-csp-adapter: rancher-csp-adapter:
- 2.0.1+up2.0.1-rc1 - 2.0.1+up2.0.1-rc1