From b0bc7a03ba8a68f082fa6da58e2ff2cad6faa8bd Mon Sep 17 00:00:00 2001 From: dhruvmewada15 Date: Wed, 19 Jan 2022 19:11:42 +0530 Subject: [PATCH] Add AKS CIS Scan benchmark config --- packages/rancher-cis-benchmark/charts/Chart.yaml | 4 ++-- .../charts/templates/benchmark-aks-1.0.yaml | 8 ++++++++ .../charts/templates/configmap.yaml | 1 + .../charts/templates/scanprofileaks.yml | 9 +++++++++ packages/rancher-cis-benchmark/charts/values.yaml | 4 ++-- packages/rancher-cis-benchmark/package.yaml | 2 +- release.yaml | 4 ++++ 7 files changed, 27 insertions(+), 5 deletions(-) create mode 100644 packages/rancher-cis-benchmark/charts/templates/benchmark-aks-1.0.yaml create mode 100644 packages/rancher-cis-benchmark/charts/templates/scanprofileaks.yml diff --git a/packages/rancher-cis-benchmark/charts/Chart.yaml b/packages/rancher-cis-benchmark/charts/Chart.yaml index b3ec6dfac..516553383 100644 --- a/packages/rancher-cis-benchmark/charts/Chart.yaml +++ b/packages/rancher-cis-benchmark/charts/Chart.yaml @@ -11,11 +11,11 @@ annotations: catalog.cattle.io/type: cluster-tool catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 -appVersion: v2.0.2 +appVersion: v2.0.3-rc1 description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security name: rancher-cis-benchmark -version: 2.0.2 +version: 2.0.3-rc1 diff --git a/packages/rancher-cis-benchmark/charts/templates/benchmark-aks-1.0.yaml b/packages/rancher-cis-benchmark/charts/templates/benchmark-aks-1.0.yaml new file mode 100644 index 000000000..1ac866253 --- /dev/null +++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-aks-1.0.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanBenchmark +metadata: + name: aks-1.0 +spec: + clusterProvider: aks + minKubernetesVersion: "1.15.0" diff --git a/packages/rancher-cis-benchmark/charts/templates/configmap.yaml b/packages/rancher-cis-benchmark/charts/templates/configmap.yaml index 6cbc23db4..3de10e55e 100644 --- a/packages/rancher-cis-benchmark/charts/templates/configmap.yaml +++ b/packages/rancher-cis-benchmark/charts/templates/configmap.yaml @@ -13,5 +13,6 @@ data: >=1.20.5: rke2-cis-1.6-profile-permissive eks: "eks-profile" gke: "gke-profile" + aks: "aks-profile" k3s: "k3s-cis-1.6-profile-permissive" default: "cis-1.6-profile" diff --git a/packages/rancher-cis-benchmark/charts/templates/scanprofileaks.yml b/packages/rancher-cis-benchmark/charts/templates/scanprofileaks.yml new file mode 100644 index 000000000..ea7b25b40 --- /dev/null +++ b/packages/rancher-cis-benchmark/charts/templates/scanprofileaks.yml @@ -0,0 +1,9 @@ +--- +apiVersion: cis.cattle.io/v1 +kind: ClusterScanProfile +metadata: + name: aks-profile + annotations: + clusterscanprofile.cis.cattle.io/builtin: "true" +spec: + benchmarkVersion: aks-1.0 \ No newline at end of file diff --git a/packages/rancher-cis-benchmark/charts/values.yaml b/packages/rancher-cis-benchmark/charts/values.yaml index 8b42c25dc..bec9d9a5b 100644 --- a/packages/rancher-cis-benchmark/charts/values.yaml +++ b/packages/rancher-cis-benchmark/charts/values.yaml @@ -5,10 +5,10 @@ image: cisoperator: repository: rancher/cis-operator - tag: v1.0.6 + tag: v1.0.7-rc1 securityScan: repository: rancher/security-scan - tag: v0.2.5 + tag: v0.2.6-rc1 sonobuoy: repository: rancher/mirrored-sonobuoy-sonobuoy tag: v0.53.2 diff --git a/packages/rancher-cis-benchmark/package.yaml b/packages/rancher-cis-benchmark/package.yaml index f9f0a6e59..68dfb3969 100644 --- a/packages/rancher-cis-benchmark/package.yaml +++ b/packages/rancher-cis-benchmark/package.yaml @@ -1,5 +1,5 @@ url: local -version: 2.0.2 +version: 2.0.3-rc1 additionalCharts: - workingDir: charts-crd crdOptions: diff --git a/release.yaml b/release.yaml index 75128ac4a..3d6fd5024 100644 --- a/release.yaml +++ b/release.yaml @@ -59,3 +59,7 @@ rancher-gke-operator: - 100.0.2+up1.1.3-rc1 rancher-gke-operator-crd: - 100.0.2+up1.1.3-rc1 +rancher-cis-benchmark: +- 2.0.3-rc1 +rancher-cis-benchmark-crd: +- 2.0.3-rc1