Add AKS CIS Scan benchmark config

2022-01-19 19:11:42 +05:30 · 2022-01-19 19:11:42 +05:30 · b0bc7a03ba
parent c526003690
commit b0bc7a03ba
7 changed files with 27 additions and 5 deletions
--- a/packages/rancher-cis-benchmark/charts/Chart.yaml
+++ b/packages/rancher-cis-benchmark/charts/Chart.yaml
@ -11,11 +11,11 @@ annotations:
  catalog.cattle.io/type: cluster-tool
  catalog.cattle.io/ui-component: rancher-cis-benchmark
 apiVersion: v1
-appVersion: v2.0.2
+appVersion: v2.0.3-rc1
 description: The cis-operator enables running CIS benchmark security scans on a kubernetes
  cluster
 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
 keywords:
 - security
 name: rancher-cis-benchmark
-version: 2.0.2
+version: 2.0.3-rc1
--- a/packages/rancher-cis-benchmark/charts/templates/benchmark-aks-1.0.yaml
+++ b/packages/rancher-cis-benchmark/charts/templates/benchmark-aks-1.0.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: aks-1.0
+spec:
+  clusterProvider: aks
+  minKubernetesVersion: "1.15.0"
--- a/packages/rancher-cis-benchmark/charts/templates/configmap.yaml
+++ b/packages/rancher-cis-benchmark/charts/templates/configmap.yaml
@ -13,5 +13,6 @@ data:
    >=1.20.5: rke2-cis-1.6-profile-permissive
  eks: "eks-profile"
  gke: "gke-profile"
+  aks: "aks-profile"
  k3s: "k3s-cis-1.6-profile-permissive"
  default: "cis-1.6-profile"
--- a/packages/rancher-cis-benchmark/charts/templates/scanprofileaks.yml
+++ b/packages/rancher-cis-benchmark/charts/templates/scanprofileaks.yml
@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: aks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: aks-1.0
--- a/packages/rancher-cis-benchmark/charts/values.yaml
+++ b/packages/rancher-cis-benchmark/charts/values.yaml
@ -5,10 +5,10 @@
 image:
  cisoperator:
    repository: rancher/cis-operator
-    tag: v1.0.6
+    tag: v1.0.7-rc1
  securityScan:
    repository: rancher/security-scan
-    tag: v0.2.5
+    tag: v0.2.6-rc1
  sonobuoy:
    repository: rancher/mirrored-sonobuoy-sonobuoy
    tag: v0.53.2
--- a/packages/rancher-cis-benchmark/package.yaml
+++ b/packages/rancher-cis-benchmark/package.yaml
@ -1,5 +1,5 @@
 url: local
-version: 2.0.2
+version: 2.0.3-rc1
 additionalCharts:
  - workingDir: charts-crd
    crdOptions:
--- a/release.yaml
+++ b/release.yaml
@ -59,3 +59,7 @@ rancher-gke-operator:
 - 100.0.2+up1.1.3-rc1
 rancher-gke-operator-crd:
 - 100.0.2+up1.1.3-rc1
+rancher-cis-benchmark:
+- 2.0.3-rc1
+rancher-cis-benchmark-crd:
+- 2.0.3-rc1