mirror of https://git.rancher.io/charts
Merge pull request #2475 from rayandas/rbac-fix
Updated RBAC and CIS-Benchmark version to fix RKE1 and RKE2 hardened cluster checkspull/2487/head
Rayan Das
GitHub
commit
aea49425bb
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -7,4 +7,4 @@ apiVersion: v1
|
|||
description: Installs the CRDs for rancher-cis-benchmark.
|
||||
name: rancher-cis-benchmark-crd
|
||||
type: application
|
||||
version: 4.0.0-rc3
|
||||
version: 4.0.0-rc4
|
||||
|
|
@ -12,11 +12,11 @@ annotations:
|
|||
catalog.cattle.io/type: cluster-tool
|
||||
catalog.cattle.io/ui-component: rancher-cis-benchmark
|
||||
apiVersion: v1
|
||||
appVersion: v4.0.0-rc2
|
||||
appVersion: v4.0.0-rc4
|
||||
description: The cis-operator enables running CIS benchmark security scans on a kubernetes
|
||||
cluster
|
||||
icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
|
||||
keywords:
|
||||
- security
|
||||
name: rancher-cis-benchmark
|
||||
version: 4.0.0-rc3
|
||||
version: 4.0.0-rc4
|
||||
|
|
@ -27,6 +27,15 @@ rules:
|
|||
- "update"
|
||||
- "watch"
|
||||
- "patch"
|
||||
- apiGroups:
|
||||
- "rbac.authorization.k8s.io"
|
||||
resources:
|
||||
- "rolebindings"
|
||||
- "clusterrolebindings"
|
||||
- "clusterroles"
|
||||
verbs:
|
||||
- "get"
|
||||
- "list"
|
||||
- apiGroups:
|
||||
- "batch"
|
||||
resources:
|
||||
|
|
@ -62,10 +71,44 @@ rules:
|
|||
- "namespaces"
|
||||
- "nodes"
|
||||
- "pods"
|
||||
- "serviceaccounts"
|
||||
- "services"
|
||||
- "replicationcontrollers"
|
||||
verbs:
|
||||
- "get"
|
||||
- "list"
|
||||
- "watch"
|
||||
- apiGroups:
|
||||
- "rbac.authorization.k8s.io"
|
||||
resources:
|
||||
- "rolebindings"
|
||||
- "clusterrolebindings"
|
||||
- "clusterroles"
|
||||
verbs:
|
||||
- "get"
|
||||
- "list"
|
||||
- apiGroups:
|
||||
- "batch"
|
||||
resources:
|
||||
- "jobs"
|
||||
- "cronjobs"
|
||||
verbs:
|
||||
- "list"
|
||||
- apiGroups:
|
||||
- "apps"
|
||||
resources:
|
||||
- "daemonsets"
|
||||
- "deployments"
|
||||
- "replicasets"
|
||||
- "statefulsets"
|
||||
verbs:
|
||||
- "list"
|
||||
- apiGroups:
|
||||
- "autoscaling"
|
||||
resources:
|
||||
- "horizontalpodautoscalers"
|
||||
verbs:
|
||||
- "list"
|
||||
- apiGroups:
|
||||
- "networking.k8s.io"
|
||||
resources:
|
||||
|
|
@ -8,7 +8,7 @@ image:
|
|||
tag: v1.0.11-rc5
|
||||
securityScan:
|
||||
repository: rancher/security-scan
|
||||
tag: v0.2.10-rc4
|
||||
tag: v0.2.10-rc5
|
||||
sonobuoy:
|
||||
repository: rancher/mirrored-sonobuoy-sonobuoy
|
||||
tag: v0.56.7
|
||||
18
index.yaml
18
index.yaml
|
|
@ -4778,18 +4778,18 @@ entries:
|
|||
catalog.cattle.io/type: cluster-tool
|
||||
catalog.cattle.io/ui-component: rancher-cis-benchmark
|
||||
apiVersion: v1
|
||||
appVersion: v4.0.0-rc2
|
||||
created: "2023-02-24T21:48:13.844237643+05:30"
|
||||
appVersion: v4.0.0-rc4
|
||||
created: "2023-03-15T19:25:24.054694085+05:30"
|
||||
description: The cis-operator enables running CIS benchmark security scans on
|
||||
a kubernetes cluster
|
||||
digest: 405e1ad8a84dae7762cc9b054752581f9c0251b126666124cc1d98c230eb1f3a
|
||||
digest: bb92b2857673042797bbd2b604b5d86e6e4369a56b52644b6b856c72990a3588
|
||||
icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
|
||||
keywords:
|
||||
- security
|
||||
name: rancher-cis-benchmark
|
||||
urls:
|
||||
- assets/rancher-cis-benchmark/rancher-cis-benchmark-4.0.0-rc3.tgz
|
||||
version: 4.0.0-rc3
|
||||
- assets/rancher-cis-benchmark/rancher-cis-benchmark-4.0.0-rc4.tgz
|
||||
version: 4.0.0-rc4
|
||||
- annotations:
|
||||
catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
|
||||
catalog.cattle.io/certified: rancher
|
||||
|
|
@ -5162,14 +5162,14 @@ entries:
|
|||
catalog.cattle.io/namespace: cis-operator-system
|
||||
catalog.cattle.io/release-name: rancher-cis-benchmark-crd
|
||||
apiVersion: v1
|
||||
created: "2023-02-24T21:48:13.84813815+05:30"
|
||||
created: "2023-03-15T19:25:24.059018377+05:30"
|
||||
description: Installs the CRDs for rancher-cis-benchmark.
|
||||
digest: 6d381054b12087d187c3b9d5b1df66146f3c342aa92843010eeace629242e0f1
|
||||
digest: 7dab1f92fd632b14e954f5e0ad6adee58a5f0d48f2b537fdd1c767d120cf0fad
|
||||
name: rancher-cis-benchmark-crd
|
||||
type: application
|
||||
urls:
|
||||
- assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.0.0-rc3.tgz
|
||||
version: 4.0.0-rc3
|
||||
- assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.0.0-rc4.tgz
|
||||
version: 4.0.0-rc4
|
||||
- annotations:
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/hidden: "true"
|
||||
|
|
|
|||
|
|
@ -12,11 +12,11 @@ annotations:
|
|||
catalog.cattle.io/type: cluster-tool
|
||||
catalog.cattle.io/ui-component: rancher-cis-benchmark
|
||||
apiVersion: v1
|
||||
appVersion: v4.0.0-rc2
|
||||
appVersion: v4.0.0-rc4
|
||||
description: The cis-operator enables running CIS benchmark security scans on a kubernetes
|
||||
cluster
|
||||
icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
|
||||
keywords:
|
||||
- security
|
||||
name: rancher-cis-benchmark
|
||||
version: 4.0.0-rc2
|
||||
version: 4.0.0-rc4
|
||||
|
|
|
|||
|
|
@ -27,6 +27,15 @@ rules:
|
|||
- "update"
|
||||
- "watch"
|
||||
- "patch"
|
||||
- apiGroups:
|
||||
- "rbac.authorization.k8s.io"
|
||||
resources:
|
||||
- "rolebindings"
|
||||
- "clusterrolebindings"
|
||||
- "clusterroles"
|
||||
verbs:
|
||||
- "get"
|
||||
- "list"
|
||||
- apiGroups:
|
||||
- "batch"
|
||||
resources:
|
||||
|
|
@ -62,10 +71,44 @@ rules:
|
|||
- "namespaces"
|
||||
- "nodes"
|
||||
- "pods"
|
||||
- "serviceaccounts"
|
||||
- "services"
|
||||
- "replicationcontrollers"
|
||||
verbs:
|
||||
- "get"
|
||||
- "list"
|
||||
- "watch"
|
||||
- apiGroups:
|
||||
- "rbac.authorization.k8s.io"
|
||||
resources:
|
||||
- "rolebindings"
|
||||
- "clusterrolebindings"
|
||||
- "clusterroles"
|
||||
verbs:
|
||||
- "get"
|
||||
- "list"
|
||||
- apiGroups:
|
||||
- "batch"
|
||||
resources:
|
||||
- "jobs"
|
||||
- "cronjobs"
|
||||
verbs:
|
||||
- "list"
|
||||
- apiGroups:
|
||||
- "apps"
|
||||
resources:
|
||||
- "daemonsets"
|
||||
- "deployments"
|
||||
- "replicasets"
|
||||
- "statefulsets"
|
||||
verbs:
|
||||
- "list"
|
||||
- apiGroups:
|
||||
- "autoscaling"
|
||||
resources:
|
||||
- "horizontalpodautoscalers"
|
||||
verbs:
|
||||
- "list"
|
||||
- apiGroups:
|
||||
- "networking.k8s.io"
|
||||
resources:
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ image:
|
|||
tag: v1.0.11-rc5
|
||||
securityScan:
|
||||
repository: rancher/security-scan
|
||||
tag: v0.2.10-rc4
|
||||
tag: v0.2.10-rc5
|
||||
sonobuoy:
|
||||
repository: rancher/mirrored-sonobuoy-sonobuoy
|
||||
tag: v0.56.7
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
url: local
|
||||
version: 4.0.0-rc3
|
||||
version: 4.0.0-rc4
|
||||
additionalCharts:
|
||||
- workingDir: charts-crd
|
||||
crdOptions:
|
||||
|
|
|
|||
|
|
@ -38,10 +38,10 @@ rancher-backup:
|
|||
rancher-backup-crd:
|
||||
- 102.0.0+up3.1.0-rc2
|
||||
rancher-cis-benchmark:
|
||||
- 4.0.0-rc3
|
||||
- 4.0.0-rc4
|
||||
- 2.1.1
|
||||
rancher-cis-benchmark-crd:
|
||||
- 4.0.0-rc3
|
||||
- 4.0.0-rc4
|
||||
- 2.1.1
|
||||
rancher-csp-adapter:
|
||||
- 2.0.1+up2.0.1-rc1
|
||||
|
|
|
|||
Loading…
Reference in New Issue