Regenerate released directory

Add k3s-cis support for permissive and hardened profiles  (#1140)

* add k3s cis 1.6 profiles

* update security scans image version

* update cis-operator version

released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-k3s-cis-1.6-hardened.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.20.5"

released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/benchmark-k3s-cis-1.6-permissive.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.20.5"

released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/configmap.yaml

@@ -13,4 +13,5 @@ data:
     >=1.20.5: rke2-cis-1.6-profile-permissive
   eks: "eks-profile"
   gke: "gke-profile"
+  k3s: "k3s-cis-1.6-profile-permissive"
   default: "cis-1.6-profile"

released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-k3s-cis-1.6-hardened.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-hardened

released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/templates/scanprofile-k3s-cis-1.6-permissive.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-permissive

released/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.400/values.yaml

@@ -5,10 +5,10 @@
 image:
   cisoperator:
     repository: rancher/cis-operator
-    tag: v1.0.4-rc1
+    tag: v1.0.4-rc2
   securityScan:
     repository: rancher/security-scan
-    tag: v0.2.3-rc2
+    tag: v0.2.3-rc3
   sonobuoy:
     repository: rancher/mirrored-sonobuoy-sonobuoy
     tag: v0.16.3

released/charts/rancher-operator-crd/rancher-operator-crd/0.1.000/Chart.yaml

@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: rancher-operator-system
+  catalog.cattle.io/release-name: rancher-operator-crd
+apiVersion: v2
+appVersion: 0.1.0
+description: Rancher Operator CustomResourceDefinitions
+name: rancher-operator-crd
+version: 0.1.000

released/charts/rancher-operator-crd/rancher-operator-crd/0.1.100/Chart.yaml

@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: rancher-operator-system
+  catalog.cattle.io/release-name: rancher-operator-crd
+apiVersion: v2
+appVersion: 0.1.1
+description: Rancher Operator CustomResourceDefinitions
+name: rancher-operator-crd
+version: 0.1.100

released/charts/rancher-operator-crd/rancher-operator-crd/0.1.200/Chart.yaml

@@ -0,0 +1,11 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: rancher-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/release-name: rancher-operator-crd
+apiVersion: v2
+appVersion: 0.1.2
+description: Rancher Operator CustomResourceDefinitions
+name: rancher-operator-crd
+version: 0.1.200

released/charts/rancher-operator-crd/rancher-operator-crd/0.1.300/Chart.yaml

@@ -0,0 +1,11 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: rancher-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/release-name: rancher-operator-crd
+apiVersion: v2
+appVersion: 0.1.3
+description: Rancher Operator CustomResourceDefinitions
+name: rancher-operator-crd
+version: 0.1.300

released/charts/rancher-operator-crd/rancher-operator-crd/0.1.400/Chart.yaml

@@ -0,0 +1,11 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: rancher-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/release-name: rancher-operator-crd
+apiVersion: v2
+appVersion: 0.1.4
+description: Rancher Operator CustomResourceDefinitions
+name: rancher-operator-crd
+version: 0.1.400

released/charts/rancher-operator/rancher-operator/0.1.000/Chart.yaml

@@ -0,0 +1,14 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-operator-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/experimental: "true"
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: rancher-operator-system
+  catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1
+  catalog.cattle.io/release-name: rancher-operator
+  catalog.cattle.io/os: linux
+apiVersion: v2
+appVersion: 0.1.0
+description: Control Rancher using GitOps
+name: rancher-operator
+version: 0.1.000

released/charts/rancher-operator/rancher-operator/0.1.000/templates/_helpers.tpl

@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}

released/charts/rancher-operator/rancher-operator/0.1.000/templates/deployment.yaml

@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-operator
+spec:
+  selector:
+    matchLabels:
+      app: rancher-operator
+  template:
+    metadata:
+      labels:
+        app: rancher-operator
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-operator
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+      serviceAccountName: rancher-operator

released/charts/rancher-operator/rancher-operator/0.1.000/templates/rbac.yaml

@@ -0,0 +1,35 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rancher-operator
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  - namespaces
+  verbs:
+  - '*'
+- apiGroups:
+  - "rancher.cattle.io"
+  - "management.cattle.io"
+  - "fleet.cattle.io"
+  resources:
+  - '*'
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-operator
+subjects:
+- kind: ServiceAccount
+  name: rancher-operator
+  namespace: {{.Release.Namespace}}

released/charts/rancher-operator/rancher-operator/0.1.000/templates/serviceaccount.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-operator

released/charts/rancher-operator/rancher-operator/0.1.000/values.yaml

@@ -0,0 +1,8 @@
+image:
+  repository: rancher/rancher-operator
+  tag: v0.1.0
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""

released/charts/rancher-operator/rancher-operator/0.1.100/Chart.yaml

@@ -0,0 +1,14 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-operator-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/experimental: "true"
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: rancher-operator-system
+  catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1
+  catalog.cattle.io/release-name: rancher-operator
+  catalog.cattle.io/os: linux
+apiVersion: v2
+appVersion: 0.1.1
+description: Control Rancher using GitOps
+name: rancher-operator
+version: 0.1.100

released/charts/rancher-operator/rancher-operator/0.1.100/templates/_helpers.tpl

@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}

released/charts/rancher-operator/rancher-operator/0.1.100/templates/deployment.yaml

@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-operator
+spec:
+  selector:
+    matchLabels:
+      app: rancher-operator
+  template:
+    metadata:
+      labels:
+        app: rancher-operator
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-operator
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+      serviceAccountName: rancher-operator

released/charts/rancher-operator/rancher-operator/0.1.100/templates/rbac.yaml

@@ -0,0 +1,44 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rancher-operator
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  - namespaces
+  verbs:
+  - '*'
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  - deployments
+  verbs:
+  - list
+  - get
+  - watch
+- apiGroups:
+  - "rancher.cattle.io"
+  - "management.cattle.io"
+  - "fleet.cattle.io"
+  resources:
+  - '*'
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-operator
+subjects:
+- kind: ServiceAccount
+  name: rancher-operator
+  namespace: {{.Release.Namespace}}

released/charts/rancher-operator/rancher-operator/0.1.100/templates/serviceaccount.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-operator

released/charts/rancher-operator/rancher-operator/0.1.100/values.yaml

@@ -0,0 +1,8 @@
+image:
+  repository: rancher/rancher-operator
+  tag: v0.1.1
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""

released/charts/rancher-operator/rancher-operator/0.1.200/Chart.yaml

@@ -0,0 +1,14 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-operator-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/experimental: "true"
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: rancher-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1
+  catalog.cattle.io/release-name: rancher-operator
+apiVersion: v2
+appVersion: 0.1.2
+description: Control Rancher using GitOps
+name: rancher-operator
+version: 0.1.200

released/charts/rancher-operator/rancher-operator/0.1.200/templates/_helpers.tpl

@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}

released/charts/rancher-operator/rancher-operator/0.1.200/templates/deployment.yaml

@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-operator
+spec:
+  selector:
+    matchLabels:
+      app: rancher-operator
+  template:
+    metadata:
+      labels:
+        app: rancher-operator
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-operator
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+      serviceAccountName: rancher-operator

released/charts/rancher-operator/rancher-operator/0.1.200/templates/rbac.yaml

@@ -0,0 +1,44 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rancher-operator
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  - namespaces
+  verbs:
+  - '*'
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  - deployments
+  verbs:
+  - list
+  - get
+  - watch
+- apiGroups:
+  - "rancher.cattle.io"
+  - "management.cattle.io"
+  - "fleet.cattle.io"
+  resources:
+  - '*'
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-operator
+subjects:
+- kind: ServiceAccount
+  name: rancher-operator
+  namespace: {{.Release.Namespace}}

released/charts/rancher-operator/rancher-operator/0.1.200/templates/serviceaccount.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-operator

released/charts/rancher-operator/rancher-operator/0.1.200/values.yaml

@@ -0,0 +1,8 @@
+image:
+  repository: rancher/rancher-operator
+  tag: v0.1.2
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""

released/charts/rancher-operator/rancher-operator/0.1.300/Chart.yaml

@@ -0,0 +1,14 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-operator-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/experimental: "true"
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: rancher-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1
+  catalog.cattle.io/release-name: rancher-operator
+apiVersion: v2
+appVersion: 0.1.3
+description: Control Rancher using GitOps
+name: rancher-operator
+version: 0.1.300

released/charts/rancher-operator/rancher-operator/0.1.300/templates/_helpers.tpl

@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}

released/charts/rancher-operator/rancher-operator/0.1.300/templates/deployment.yaml

@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-operator
+spec:
+  selector:
+    matchLabels:
+      app: rancher-operator
+  template:
+    metadata:
+      labels:
+        app: rancher-operator
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-operator
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+      serviceAccountName: rancher-operator

released/charts/rancher-operator/rancher-operator/0.1.300/templates/rbac.yaml

@@ -0,0 +1,44 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rancher-operator
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  - namespaces
+  verbs:
+  - '*'
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  - deployments
+  verbs:
+  - list
+  - get
+  - watch
+- apiGroups:
+  - "rancher.cattle.io"
+  - "management.cattle.io"
+  - "fleet.cattle.io"
+  resources:
+  - '*'
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-operator
+subjects:
+- kind: ServiceAccount
+  name: rancher-operator
+  namespace: {{.Release.Namespace}}

released/charts/rancher-operator/rancher-operator/0.1.300/templates/serviceaccount.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-operator

released/charts/rancher-operator/rancher-operator/0.1.300/values.yaml

@@ -0,0 +1,8 @@
+image:
+  repository: rancher/rancher-operator
+  tag: v0.1.3
+  imagePullPolicy: IfNotPresent
+
+global:
+  cattle:
+    systemDefaultRegistry: ""

released/charts/rancher-operator/rancher-operator/0.1.400/Chart.yaml

@@ -0,0 +1,14 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-operator-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/experimental: "true"
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: rancher-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1
+  catalog.cattle.io/release-name: rancher-operator
+apiVersion: v2
+appVersion: 0.1.4
+description: Control Rancher using GitOps
+name: rancher-operator
+version: 0.1.400

released/charts/rancher-operator/rancher-operator/0.1.400/templates/_helpers.tpl

@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}

released/charts/rancher-operator/rancher-operator/0.1.400/templates/deployment.yaml

@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rancher-operator
+spec:
+  selector:
+    matchLabels:
+      app: rancher-operator
+  template:
+    metadata:
+      labels:
+        app: rancher-operator
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: rancher-operator
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+      serviceAccountName: rancher-operator

released/charts/rancher-operator/rancher-operator/0.1.400/templates/rbac.yaml

@@ -0,0 +1,44 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rancher-operator
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  - namespaces
+  verbs:
+  - '*'
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  - deployments
+  verbs:
+  - list
+  - get
+  - watch
+- apiGroups:
+  - "rancher.cattle.io"
+  - "management.cattle.io"
+  - "fleet.cattle.io"
+  resources:
+  - '*'
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rancher-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rancher-operator
+subjects:
+- kind: ServiceAccount
+  name: rancher-operator
+  namespace: {{.Release.Namespace}}

released/charts/rancher-operator/rancher-operator/0.1.400/templates/serviceaccount.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rancher-operator