From 7302e66ece65f1ac2ba1b01b7b264423cc061b33 Mon Sep 17 00:00:00 2001
From: Prachi Damle <prachi@rancher.com>
Date: Mon, 24 May 2021 16:32:03 -0700
Subject: [PATCH] Update CIS tag to include k8s version upgrade fix

No need to update packageVersion

Generated assets
---
 .../rancher-cis-benchmark-1.0.500.tgz         | Bin 0 -> 5081 bytes
 .../rancher-cis-benchmark-1.0.501.tgz         | Bin 0 -> 5082 bytes
 .../rancher-cis-benchmark-crd-1.0.500.tgz     | Bin 0 -> 1450 bytes
 .../rancher-cis-benchmark-crd-1.0.501.tgz     | Bin 0 -> 1448 bytes
 .../1.0.500/Chart.yaml                        |  10 ++
 .../1.0.500/README.md                         |   2 +
 .../1.0.500/templates/clusterscan.yaml        | 149 ++++++++++++++++++
 .../templates/clusterscanbenchmark.yaml       |  55 +++++++
 .../1.0.500/templates/clusterscanprofile.yaml |  37 +++++
 .../1.0.500/templates/clusterscanreport.yaml  |  40 +++++
 .../1.0.501/Chart.yaml                        |  10 ++
 .../1.0.501/README.md                         |   2 +
 .../1.0.501/templates/clusterscan.yaml        | 149 ++++++++++++++++++
 .../templates/clusterscanbenchmark.yaml       |  55 +++++++
 .../1.0.501/templates/clusterscanprofile.yaml |  37 +++++
 .../1.0.501/templates/clusterscanreport.yaml  |  40 +++++
 .../rancher-cis-benchmark/1.0.500/Chart.yaml  |  18 +++
 .../rancher-cis-benchmark/1.0.500/README.md   |   9 ++
 .../1.0.500/app-readme.md                     |  15 ++
 .../1.0.500/templates/_helpers.tpl            |  23 +++
 .../1.0.500/templates/alertingrule.yaml       |  14 ++
 .../1.0.500/templates/benchmark-cis-1.5.yaml  |   8 +
 .../1.0.500/templates/benchmark-cis-1.6.yaml  |   8 +
 .../1.0.500/templates/benchmark-eks-1.0.yaml  |   8 +
 .../1.0.500/templates/benchmark-gke-1.0.yaml  |   8 +
 .../benchmark-k3s-cis-1.6-hardened.yaml       |   8 +
 .../benchmark-k3s-cis-1.6-permissive.yaml     |   8 +
 .../benchmark-rke-cis-1.5-hardened.yaml       |   8 +
 .../benchmark-rke-cis-1.5-permissive.yaml     |   8 +
 .../benchmark-rke-cis-1.6-hardened.yaml       |   8 +
 .../benchmark-rke-cis-1.6-permissive.yaml     |   8 +
 .../benchmark-rke2-cis-1.5-hardened.yaml      |   8 +
 .../benchmark-rke2-cis-1.5-permissive.yaml    |   8 +
 .../benchmark-rke2-cis-1.6-hardened.yaml      |   8 +
 .../benchmark-rke2-cis-1.6-permissive.yaml    |   8 +
 .../1.0.500/templates/cis-roles.yaml          |  49 ++++++
 .../1.0.500/templates/configmap.yaml          |  17 ++
 .../1.0.500/templates/deployment.yaml         |  57 +++++++
 .../templates/network_policy_allow_all.yaml   |  15 ++
 .../patch_default_serviceaccount.yaml         |  20 +++
 .../1.0.500/templates/rbac.yaml               |  43 +++++
 .../1.0.500/templates/scanprofile-cis-1.5.yml |   9 ++
 .../templates/scanprofile-cis-1.6.yaml        |   9 ++
 .../scanprofile-k3s-cis-1.6-hardened.yml      |   9 ++
 .../scanprofile-k3s-cis-1.6-permissive.yml    |   9 ++
 .../scanprofile-rke-1.5-hardened.yml          |   9 ++
 .../scanprofile-rke-1.5-permissive.yml        |   9 ++
 .../scanprofile-rke-1.6-hardened.yaml         |   9 ++
 .../scanprofile-rke-1.6-permissive.yaml       |   9 ++
 .../scanprofile-rke2-cis-1.5-hardened.yml     |   9 ++
 .../scanprofile-rke2-cis-1.5-permissive.yml   |   9 ++
 .../scanprofile-rke2-cis-1.6-hardened.yml     |   9 ++
 .../scanprofile-rke2-cis-1.6-permissive.yml   |   9 ++
 .../1.0.500/templates/scanprofileeks.yml      |   9 ++
 .../1.0.500/templates/scanprofilegke.yml      |   9 ++
 .../1.0.500/templates/serviceaccount.yaml     |  14 ++
 .../templates/validate-install-crd.yaml       |  17 ++
 .../rancher-cis-benchmark/1.0.500/values.yaml |  45 ++++++
 .../rancher-cis-benchmark/1.0.501/Chart.yaml  |  18 +++
 .../rancher-cis-benchmark/1.0.501/README.md   |   9 ++
 .../1.0.501/app-readme.md                     |  15 ++
 .../1.0.501/templates/_helpers.tpl            |  23 +++
 .../1.0.501/templates/alertingrule.yaml       |  14 ++
 .../1.0.501/templates/benchmark-cis-1.5.yaml  |   8 +
 .../1.0.501/templates/benchmark-cis-1.6.yaml  |   8 +
 .../1.0.501/templates/benchmark-eks-1.0.yaml  |   8 +
 .../1.0.501/templates/benchmark-gke-1.0.yaml  |   8 +
 .../benchmark-k3s-cis-1.6-hardened.yaml       |   8 +
 .../benchmark-k3s-cis-1.6-permissive.yaml     |   8 +
 .../benchmark-rke-cis-1.5-hardened.yaml       |   8 +
 .../benchmark-rke-cis-1.5-permissive.yaml     |   8 +
 .../benchmark-rke-cis-1.6-hardened.yaml       |   8 +
 .../benchmark-rke-cis-1.6-permissive.yaml     |   8 +
 .../benchmark-rke2-cis-1.5-hardened.yaml      |   8 +
 .../benchmark-rke2-cis-1.5-permissive.yaml    |   8 +
 .../benchmark-rke2-cis-1.6-hardened.yaml      |   8 +
 .../benchmark-rke2-cis-1.6-permissive.yaml    |   8 +
 .../1.0.501/templates/cis-roles.yaml          |  49 ++++++
 .../1.0.501/templates/configmap.yaml          |  17 ++
 .../1.0.501/templates/deployment.yaml         |  57 +++++++
 .../templates/network_policy_allow_all.yaml   |  15 ++
 .../patch_default_serviceaccount.yaml         |  20 +++
 .../1.0.501/templates/rbac.yaml               |  43 +++++
 .../1.0.501/templates/scanprofile-cis-1.5.yml |   9 ++
 .../templates/scanprofile-cis-1.6.yaml        |   9 ++
 .../scanprofile-k3s-cis-1.6-hardened.yml      |   9 ++
 .../scanprofile-k3s-cis-1.6-permissive.yml    |   9 ++
 .../scanprofile-rke-1.5-hardened.yml          |   9 ++
 .../scanprofile-rke-1.5-permissive.yml        |   9 ++
 .../scanprofile-rke-1.6-hardened.yaml         |   9 ++
 .../scanprofile-rke-1.6-permissive.yaml       |   9 ++
 .../scanprofile-rke2-cis-1.5-hardened.yml     |   9 ++
 .../scanprofile-rke2-cis-1.5-permissive.yml   |   9 ++
 .../scanprofile-rke2-cis-1.6-hardened.yml     |   9 ++
 .../scanprofile-rke2-cis-1.6-permissive.yml   |   9 ++
 .../1.0.501/templates/scanprofileeks.yml      |   9 ++
 .../1.0.501/templates/scanprofilegke.yml      |   9 ++
 .../1.0.501/templates/serviceaccount.yaml     |  14 ++
 .../templates/validate-install-crd.yaml       |  17 ++
 .../rancher-cis-benchmark/1.0.501/values.yaml |  45 ++++++
 index.yaml                                    |  72 +++++++++
 .../rancher-cis-benchmark/charts/Chart.yaml   |   4 +-
 .../rancher-cis-benchmark/charts/values.yaml  |   2 +-
 .../templates/crd-template/Chart.yaml         |   2 +-
 104 files changed, 1850 insertions(+), 4 deletions(-)
 create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.500.tgz
 create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.501.tgz
 create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.500.tgz
 create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.501.tgz
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/README.md
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscan.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscanbenchmark.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscanprofile.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscanreport.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/README.md
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscan.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscanbenchmark.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscanprofile.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscanreport.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/README.md
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/app-readme.md
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/_helpers.tpl
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/alertingrule.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-cis-1.5.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-eks-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-gke-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-k3s-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-k3s-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/cis-roles.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/configmap.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/deployment.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/network_policy_allow_all.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/rbac.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-cis-1.5.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-k3s-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-k3s-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.5-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.5-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.5-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.5-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofileeks.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofilegke.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/values.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/README.md
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/app-readme.md
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/_helpers.tpl
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/alertingrule.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-cis-1.5.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-eks-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-gke-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-k3s-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-k3s-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/cis-roles.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/configmap.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/deployment.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/network_policy_allow_all.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/rbac.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-cis-1.5.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-k3s-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-k3s-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.5-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.5-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.5-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.5-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofileeks.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofilegke.yml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/values.yaml

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.500.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.500.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..ca29cdeab5455f1e4d33dcf600ac611fb058d0d9
GIT binary patch
literal 5081
zcmV;~6DI5*iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PJ0TZ`(MN@4x3yF>s$l+eIwDCMk@24#=jtMQ)pJk#zULqR%3w
zrLoP&5~-3@yuNI{%YBynWCxOxEX#8Il2}Q1H7FWcB!}dXznLK^jRaxt7)8USvN1sB
zjsqel&C@Xv%9)YCfAI*^YPDKNy`K5oYPIrz+nuA<i*~Pd*lqRNtzPRzt9{sQ9ln6p
zV^qG5BB_XY(Ry%Q`ObYKL>S|WD9V}a*8p6ih|fokOO*1_p}a{V#T%4KMSQ;xh0~?s
z3h(a$QSP{qgNs7ZAw@4OUYO0JGW5x;!AO98I6c3D?~@7&^Xq&vBrf(rw}yu(h~lCl
zXHsEMScJ<y_>@Jz7p8`S-%t-_V{{`7&v}~T`jJ#9q)V7=-n0wL3-pmlj5|;$slsv*
zZMZxLIYXval_Mej1%;%X_2H&nBVm~N>9m}~nupRAG*sr^r!g)F1(1<}j}k=07-b_P
z-jq8?bR$943{3xkGaxXD1}GRRl)BNj`!(un?qj7w*>5&ottF%rx7bV;DN)I$&qrJ~
zbptdP+YLwFjA|2{O}X%7zt%`At=%WDo1~YfldV?msqyk>qhkGkL;MKkV;O)o`oGgU
zUef=Ey>6xd%b=I=4u>T271%L{As5A1bZRf*)0j%25(xZya`C<~<RTzSp$9|iqt5US
zU7rYq8zQLHIEupnA=H||1IiSK8IJ@g3__nMluoTi12RHmeW*+{mi`GKFyxXdE@r8M
zXlC`A$)w0A(Si-(YTcZumMfRA)r^u{4XyPuoLWxD>1r;V@j=9At2qQz2rkfTBw5po
z1$ONtr(3HDlspnH%0ArQ)c{_?KM*1r5#OJIK$iyrG7lJ6T4pjtmkwv(#iNs!2Esg@
z!AEj~p!9$cJs>V;(xp6-hP6B9)I~FxYOJe4;n>k5zT`leE3~bW;EoA%?O&mcebDM3
z*$ow(1;~_yDOF?esWw-JciNN#kdZsq)n8CXwW@dEe5l74JPuRB7J8B?7BSmfWg0i+
zzR#zWjSP36GM$BZ|B9qZ4|D|#U6hiD*@5Z5z<`_HBe;?9XD|@N$Y!Wez^l2aUpX<;
zfGXqQyaWI@jQY@SwSxF}fPop-cIWK{jl1|YLb+*)8si>bp^vVfxO#MJiu-zo8n+5Q
z|5mG!;gB+_W;S``^8xW=hfDcrr<nCzVmw~rh)Sg^sn<<vY=b`-YiaIjiMz^QJwM|N
z3n=NdoKCGqd=$2O)-&+>FeJW21D+ccrlnINm>re?m7uQt$c5^|+t%C44*yxG*#4*5
zxp_TCKSUuN74GZ`tX==LJ30G*d~{r`|4O0T+vaz0#$+TA(iN39@e-|emLx#XDq%Jq
zqd@qsd3RU4y=`dAL>WR|FO<@fb!gma<EAq>mv%wqd`S8Jk=nC*!J5q$)<v};)Yl6Y
z*-Y0lhiefl$ayI`1m_p)xmpFAEV2p}Yg#N6l&K-q|6MlgJ260CV)~=L+>2a~n%~v_
zL7B&=GSTTUrM?fu^HT9BLYXq=+pJeXTNrsz(^&@S^J#oLV`j9eopLepIq@X8Jo0r`
zknR}0$VcNds4<tA<yc!9O_O-76R$JOZJ!!2L2Zw+3u<kLjOW;o%jz3A9HOiGQ2)TM
z;`;UN)VG8B+1H5p^##d1H4^@sv`+sUM}e}Dh<x02J-9~yw|d9zMg8At9rrqw{x5@a
zdei!aPV5v~)HfOn+fM;!+RdbF<hWcQmyXMW=1sdcq0H;UNA6wN9JK%y@rWYY&0OB(
z3AxvZdBy4RZr<%}x;k94E)Lw?)%1#@Z#>o5<u(qk*?@dc2IxzB0~Yu2nsfD&TSA81
zyRZ)K8S_F;ne~ht5E_5ir84$^Q+@U4QCI8mpV{Q4ve9-9cTfWB@ZaflbNFv}ddC(1
z%b+~E7a^0P`qVlqS1w`mUHN5v$8#h_Xzbs7v^(n}UbhC6{h019r#08xPW#Yl)&DHW
z`Zj1={2!Hs|HD>=|1xMF_&?ei|3?-6OQy~7j}tw%t-avCSK0q3qQ}L5JV#dJA1AVM
z0G<<Vj{ngFOT>S-I{z(&9vA=d99fP3(F7~}KPTE8|C6pv)&Pw$5gs!1Hd6*`@!!ku
z|8)=BM-~3dpvT33(HvQ=3?|)soq<lvIjoeyo@qDyhbRInCB50`Okh3!^Xva!yW6Yq
zUk2?D|MNLgX@KWTo8w<hFgXJ#!Tujt_P-Q*T>KZ!k=5uI)neeuX*c}u-TrslmHjV;
z_J{vX?0=;Jo|<;Se;Mol<7)rE6xtX5H(CF$Lw|J|xPRIW|0US}>iO?dXn**B4EtYc
zfPK?e`0wnt0kA#(yGKXW^S`CgqvL;hj@%3X&b|15Tj77tv?Knvasbxj|1fX=yRGW^
zzfx$A_}|b0s5HP+(oXo_asyx|`(Hi(Qwr@3{~K-q+>8F|{BQ5HBmVbq|JxP*%b-2t
z|1s=;r2+O#>+rAd3+_KC7}Og4ciOG|^S`Zjuk!y(p*;S@fVd8c)R+tUKj!6sXYy7S
z>4Hn{<BC^+h!;>+6OoVci?k%9KL{R$>6^KYMMV=wut}o!%rniy?xmAc7Nv%Q52=rZ
zX@xfhhFmC{bc13b`|!E$3M2~a2T+efFTV27M|%|#<&NtI^${xlb83G=-KSF3e_Pql
ze7wJ0U*U6|grPJH=J!p=44qbp&p311?(JF>#}g_NH)lgS3P_lhOPc!XyH`sugFni2
zxuH1y24~A(Y#yxU|I|9HqTOk&{ZFRC{_KD2_%OfzZ*|($`o9#4b+j4f3lio7%`PkK
zI6_gQSe<SY#v|c74?&q(WqgczLWm*_lN3kj6`*Dz)<CZw`tV1?D5?Lj$A$I`GHy|3
z31Y$$=zRbA_q7?1EbC5|w_b?k_cxcyrWGvZJ}S<Q6WND4PGpj-Rq{ypsy>>x&cyob
z>YNMDS1&Qt`QqW}+W=dcd@EK_>+tVk=<`{C>;d7x*WkZ<+*|Vhd)51Y<xm#y+W(mQ
zZST^NU*Wc8BIs-bdjLNZq-UcLJ&zsmCuv~JC(}Dk{sPO5nF1uuG}kC@sEa4A%Oj>f
zED5a<XCO91(tgeqp$tXF87maHB^x*wUM<LcWtcoI{oC6#)RQUfWJ2yb^AMtNch|o+
zt0E(~yL+|Rl8=$^f8;)OXMH&Fr(`D6bmKnHMVjeV5?TpTN`+v<jb_>rN2kg}BefIC
z60)1+8m`Vxf4)5b^y~H2>B)!d^NW)o&N5ZSk?S5Hzig=CMFDQol<Q9?KNL3So=U9f
zm%0D+;ivC^{^{3!^f3-<ysm!>E!ebc3GWr%Iz7L-K6!t3`RVHV;_TDq`RUd5$Db}g
zEpvXgZl1ilkN4HtFK2pe?rm|*HVKfsrnzSyPQHJC_HGl7Nw~F4cuW(Gw+?^6*N7`D
ztm^&GSD(%<uRokz6c2ZCD9cP3;VjpsRiLKZ+Xg89D+&CR**p&QAHXQ{kSS<)=A0Hn
zA*Zb79}~!bh9RlO1es1M$ugO<&bB5~``g7Fad@^BoRcuj^DJp#=G|+_27Aurq0IFo
z@1B^N3;b8NIUD42Ct=)Y|JV6{4Aqp2$#rP-`Ze)=KGpwk;|;D`|8)=Z{$ICS#s4pd
z@*8^bcvCi7+Q|E0ldOfmXJu&Si2i@au#O@37J{h*P&N`M<K01X2lF@V{QNWvlTE~P
zTgF_U*~_Pv^>d_k_&1y0siUyyv~H>c*5JS0U5fwGYghO$hw}Iz=<%Lo{=fO40O@8@
zG$g43<h~yTP#>coIC9(^b3Uo}A>>je-;X-5zoKv?h=<GB8}_iJVZmJQgSjaq*G2Tu
zJAeTWxxj|GZ4PTFXQ|#;T-7~%F(yz?4VA2DK4`aZ?K;f}#ZtUFtMBA_$4*=P1&7s3
zvs^ywMb}ra%a)7gvSgh?mj?mS)8KPGt{`&`2K7a$*~2o^Eq&Pt_5Zj3tdmIbKxepG
z7==%Kg6yC5_`4H#@ll5H$i&E;HZ)lMV6D~A#RkNk@Zs=14XElvyVCPp&^rBZ4)`AU
z9jJBs|M>7Y|NV#dQT6_BDYWTf?f?~8ccPo!I3r=`EUx<Q|14fn31c;w_8qgI)+^kD
zG|#9cXUMtJPJ42lTjC}+(=+bv&$m~I<a^3I%0|yhGK08H`uY-wx*>^(?&)I<V0pk-
zOJ7EVf1#_)0N8Si8h@ealEvL-rJzS?rQA1uJmLOb?Zjt6v0cYj`xM*sFf&m141v8D
zKW?+pkS^hWo&L|9@698?Z)pwIuK!z|eEi4WVfFrZDYX6bpYh4;>geyuiDS{~VENS8
zS*&poQD0Hkhq@9G)>G#`otxQ~nnT^Emf*Kd+v9)x2=F`L|EN<v|6K|_KK_qN#s5)-
z{|C`F_%DtC`|$U_y4|Jy|KsZUk8<cS@n7_GQu-3uew9IC;Mu2^?YBU?;y?QW*hAm{
z>h@Yo?|=2G{hv~3-}qm6+_5YTkg4>k<@?-e8~h6s-T!ba+y7z{{CAG?_P^7s{Qpwu
zG4Y>$pgNf&@pISvM1E1w*{2rkH$%JNe;eEXVmJT)=&<ttOQC(?f9cJOvNS+t`?sR)
z@xN{K*G=%B_y4=y>ihrYPzm<`s5JCfYyYij7yNG*{dE`n-)mLzU(2CV?0=aWptAp4
z(U$lxiU9lI_|M($(Gvcv`0wS=BjbPh?dXyY0E#2eKDBh8KkbbFEj9tx;=h+a|L+~P
ztN2f)(BAQ1+5y0-*t1V9;pa^|;(x0L0Cuqd?JE9rIkYGIm;L}iapc*jmhSVXo$<eK
z`(K^^l|p;R|5MoiY8PN*+5-PLky}6dZ)hF<JIDF>&+T^g{r7U{G4Y>?W433k>zdlm
zHzVX{Ok3c8G}-XHKTo^hzg2zzsT6ul{AWTI?iv3ha}xE<2>BV)TKw-6@nezJ;s0<c
z{$smSegCB#%Efyve7!Y~^vxqZu752yuYVrD4Nvgyb*_(3J;wLZI{e=dpL#@L@;Y?G
z6&pYIlh7Lcx4TR6pF5qyYX7ekdTAon4Pm6<wT}#5`<zdr5bF26I$wu+=6&=!)b+nN
zZ=eN@ySv&;6MF7%Lmn{?`hN$Hx+;?(Q6-7>ytmQJ_!)H@8D@u)=@)8tXAwI&yEC{n
zUkq3-F9;hUIHx2e1L{*nQ936d&tv^3GdbxH#zg*zv!uS)ieD)~*$A9BalU`cHEAJ>
zcA_%;ka;VA*;f7S`T+ihzf-BC9=Dk1LW^GG*EEai+CobNevPO=59*i6)#>Fs2}B^6
z?HD$4;G<ER5bG0AV+5BAfimPKfP*dq?wAM_hkHu0>NGW`(k41)+O6$g=EqY*?O9T>
z{=Ymsd3SN<1dsC^{W|}z*U6p#w0lRrYW-IVy@X3U1K{-h3R2Apry66m+9!?9jQa*Q
zRILONF=oJeel=g8K@zAK%$HPvGa#ARuW1~A!aNuu(=0XkgV3kiqk{M|E1<?iflC++
z5IjC*J|`Y}PObJ5&aE!6k>6@xzI>^T(GOB>QaGK#X+p!si?hy}aS)-wa-OLP&1QH$
z^{A9b#rP*-*bqp(03SmKtigY;oqzwUeR$ld@Lvk8z`xYcPfTqJ`UQ9!`17GP;4!cx
zZQ|jxX7&0MnZ7mT0?zdnLj_kcgEw=XA%A;4Rw|VJW^+27IxbBrakv=GKR?-=tC8j#
zr&jwfE+DYZ!H|o<=mV{9#(WBjLnP5OY=}ff0uMmo5QR?Rk$}%0cQf_I7;s!3G<8aH
zqj}SDes3Z(AHg#kP2V{*^=G6L>mF$<<i5|RS_)dPafVFEey!Gk&skkFuX{w*I2xF$
zlUlPG-#`PFbnuukPY;JrBIb@M8~xw^>Z(6$5m^uy@+V&-k_fjs&-(@x=f2gsB4QE<
z$cQS`W2*;Jp?3B-Gu>m{L#b0{T8=+1sdfiWhI-Vk{vT3C<@mr(k!%kV<*zGS(*G;f
ze*>-z+XkGN3V`bJ+FgA8CF6R3d1E<vIHU|EOvlLd$SXldqj;jH_9;7i2SlQm+_a@V
zNVY2BBx#-=cw<XEAf~fAd(s}$8&tNr=|^mIi(^JB8XafNx7~WjY)D6u4FPWOr0*uZ
zIDqMxx?{~&-<})2n`B85!$BKe!e%BgDjiZc9$3XePG|^}*_u-Z4iwFC0z;gpVd{%|
z0B$4|59Z<aY&3Ib>j}}b6({XBati|VC{gIo^q5C_7!;4^_k6sxNar5Pe8~hS%iUff
z=CpW`pcj3agpuMJ7O`rZ!v=_iDf+(ts|%ZrlH6E@M34X#3K<XEL*zSe`jUjTU`~7#
zN;mN`m3t%6?XP6cyCY%fQ`a`qM<q3!O)p6b1~Z|J11H@vdXbL@W(rBYnzG+5u*k|n
z-Kp7FxaUSez?3kh<!9|jQc7_HZ1m|3>LsG#lB+m@kvuSr7}^<uOhy8&AV1GLcflD|
z+^l<b6BAKvq2Ys+LxaSnV_m->D=Hxr>0X#t0L(L^|M?PK)cuj>)+LV=Zew9q*1s^J
znlDXaKo}WmpUtGbG0W>DpOuptBp#_)<jJs{cplY!i0{u91uId(7n`|nHV(d6g@9m#
v1;ei=7w<J<{e|T?7hr=q=ho(bAqTpmiYlt;8>Rmb00960CpHu%0L%aYvvOBa

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.501.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.501.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..fdeb51c9c086f1e5400c5697781225f7a9a2993d
GIT binary patch
literal 5082
zcmV<06D8~)iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PJ1;a@#nP&%dXq=u-A7$&^KX+bPxURe2oWmT%)s%FgcARCdaN
z$d-f^2`~U?jn3nDxo5d2y8=K`6h&Ddv1n(8U8$HNfCkXOue$+|O+lDDLD6ujYz&dP
zlYoe6^K3$da^@uPUpxY}TCLV`uV?<YTCM!wcIUYDqTOrtyRB}&*Xq7#wfo(6_XV^b
zqw-A@Nkznq);HIc@7#AngfXs&qMXS=4ZtOe_<ZcRL@6H~%9|uoyg`{%#P<hKI9(d9
z@ctYS<xUDYxF{4IQS{Q{h1onRL!ZnWj08A<vx{r^F{z+1zs@H^;^F{wYj}u)C@vau
zE)@oaMYtS*Pg(S9VQMJ&E%i_~#<#-oT%<X!A4!Emx`fH*ZM(3%Kp%<3xC4cfDl8Y#
zhRcJHGh}LAITF&pqmY!d0o=B0Bn&e@otD$Dc_>{$LuKxLn&6U902vwjC_zMwQ8qT>
zO}T?aHxg9M!SoL}0|L`%h=QR)sT*y(U!$((K2a)^gJ#p!T0%N;i_K(_5|wQFe9UE2
zH$Zc--EidXxHiT4j0;Z=YK^qg+C%cXO?qiM*=pCG8ZW;$D%StE#E(!umI2tH|2wUd
z75(4uw=4Z$2EBxLI3kg+z>YbLxG2V=Q+o-YCR75IK;Y-o%lC~D7XeWUJs43Rb%uB7
z`a~ey5<#uTQ5=Q{q1Fr@P^LJ{c_ct#5c))+bZRvkkTDwTLuI0|^iKeRA(vEfF;5jl
zGppB3CPl`H7HkMt>*hqYT)Tv=XO!e>Xswsw)N(pbS99Tv4<kNb&mo{faDiSU$(mj)
zv1=bY-C9kc<dJYu4&d&-2JjO8fe^`v`2HLOx;zMwdBC{RGLs>?bTkJq9-Xu_5a#I&
zK9XAmr3ZxQ0dYB#F6EIltlbHxE}Fqq6I~4o$BrKHB?rn}p>34}cS4wJ{|aU7gI52@
zZmHlbK&B+jsG5LJwYf69)21AOjNFN?{*p4PRlNfjBR#(0ahMUd)RRoHh}qsM)3_1$
zeLkaXY`FWB=`6(iS0qh(petbLqLf6;k4*ms2Hf->!HtAJhoK-wHY0@sUM)oZ%88i<
zR2c{7B>=c#G=O%i6~w;-49u{$J8v&(+{LdE%56*3829iReRTE2)uUTe+}AVIxK;4^
zms*XCMwC%Cx5;Cl4~ZW;T*^l~#jNKN<M9f|R4QFby>3!t8~njoOLI?4+*SVi`59+e
zLP@9PbZRx?qp;nxo`E-j5%DD&@Z6#>Eu9g;?63r=1a;*{F4O?tw%)cXJN!GLV*8(J
z=jP1>{Sbw8RJgY*uyOs@?&R$M$w{kP|CK^_cg-K*oXJQaq$?_I;w4(`EJ=W%Rl<BW
zL4oi?^Zveech}ICi86$`UMQs{>(IE@#!Y8%uIz%y`H=GcEwyL$f;F2htcz+xsIQkQ
zvYBpT4mToJkc(1u1kT^B=V}#fvdAh_tZA`OP^Lyu|99D}@5KOpiRq8}YA<p<YW`6B
z2W1|g$wa5ajQTzh&r8Ll2xZEcZ?j$nZDHh5O=lUR&u8)NjG57<cE-ij=fsoX^2pa&
zLAn$4A|H*<pe9^mmSb&YG)>}-PQ1x5w|#2B6tz9dE~vE~GM?igE~{_gXoRjBK>Y*1
zj_cRAQ{N8i=U*e@*Ow&o)JXVa(kA_H90kh8BJy$H_235m-|C&Tm-T<Ab<%HD`o9dy
z=}qewI<Zq|QQv4RZ9fH^X*ZLyvEy=qTskffnz!xRlrnDsAGvpFbJPM<#3PDmH*<B9
zC*)ou<`t*MyLoqa>FRLBx;SuuU(+j!f$>yhm)khFW&`p)8KN)k4Org8YcAAJZV4H3
z@6tNB=gbQ^W!5upKxq73m&(}xP4(69M_p~ge`b@H%0}Di@1X=X;lI=A=J4O{^!pY5
z%b+~Emm!m)`ph~i*Dhg;UHMgf$8#h_Xzbs7v^(n}UbhC6{WaZPPHV2Wop#@8)qgL@
z`aWn^{2!Nv|Kke(WzZq;f4n#Tk1PC_Oxxohr+RE#2f=@@vj0y+kBk3!j;zN&PG#i)
zJSW;7|Kll^i2q)7{#yz?F8<>=vL65ADOUJ@PP9G#r(Kz>0U8q`JY?u?rwlgYzn9<t
z>-Ian3jbx$<Kn+)j;vP()9!=LK&R#OD`jwC+7JIBihxQ<Z?`%V*o^=D`oGuibt?Rq
zL5IWtVvbZA;Q7+__!m=5&HxT?|BqXh{V#<c7ym_bWIg&twHSDE+7JH+xBs0^W&cZ|
z!{L7$`(J5*r>1@IU&8wTxK-`{mqLfa|2FIYP3W&q0}oI8;lBj?Up@a_3LOsrk755S
z4RC1M3ICn_HUM_VfA{#Ldj7W*dUX7+&XEV<-+2)KZ!7#CnD)f~P7c6k{P*+rzuT&w
z|0{(Ki2p4efJy^ACGCa(9X9~>vj5fdKc&#Y@W15-z=P<o&i@Whd*c7__Wz{9e;IT@
z{6B{MuQb4cX%qhSeZl>23I??S|DAR#|NL*O-K+fnQYepqF(j@-A~oTH{*QV2-<iIZ
zMY`aM`?%&6AmRm-)kNfD{30z0>0bno!t~AD#<HS`BiJNSdls1%VfWI>DT`7=!AI1`
z!nDGh0z)p8O}a%flmqx&cLfrK^&_Z9p%-6y=%c*~iE=0Pqxu+?{yDQhq3%<u>c6b*
zXFlFvuCMU9PQp+c28;V9WQI;F#Alp2ZTD_1isK0tiJP+#9S0=L$|X&G^~0-`m%$%p
zy4+HneTTE<4>k|h^M7g`R?+^n(f%h>;c)i9b<)qT|683-wf--KVjXQp`I3bBK(ng~
zJC0D)C|0Mtgz-rDE<#XdRv8~-o)Dr)!z9HKdIhL?h&9lwhXMT7FiPq_>~WzzgN$30
zS%R3b1Ulb;{&{1@W6Qde<*gSY`Tfn6vS|e?xsQu;<5Uiyj#HT=Yn43Ky{eBFtuwLy
zx;p35^VKU1b-s9b1~$M}Cf}M>)F%9U82Wr3Ap3@J;2ZGYJ?X9Z|Gnz{zj7#xckO>H
z{I+-L$ggqRG7)rkfjxkq3DUDwh@Qs|_>(j+=9B52CVz?L)=UACW}0ghx75W`*X0pY
zA6A6ch%*qIA!$Enicp3k<BSyw+>#BP3$K=BzBWvrmj2yc8tTaub}}J%oka*yxW6Af
zm{pN6+~2=iZpp{U_djx<y7K{?`ZF?@X}WQr7b4B{DhaIwDWyWN;YKs<h@(?wqLJDO
zWeM5sY7N)tXMel8`1JG5_1Wo%n~TfSzno{PiX+#3gZ#3ghL;7nO;c_@o&Ke;IS*7~
zMZe1Zrw>2<__v>aK13hmpvIf}x731dyO!`?)2*|M>zmW}=U1PuZ!XV2U0s}A-+cV(
z>eDLcSDWU^tA}`Bpa1<_kIjQEj@c#wayK;h{KM&w@6X?D!!ZfBmI;q(qVd+@H~1QH
zg@skU|J(Ja^Q)T=r<cXUT^!0X6Gk}8b!8Q(>F%xpivLUkKV`OvL;V{t$~<HW+MNZb
zrBKKztHs9z@}FTysxd*PlS;Bo7Ob<a$<+RKIY%6xZ4Kun4D%vO8kl+iTC%~OGkGX;
z{m6SDrsfj=^=-}u`P@qw583}s{vSg%<6?Rf8oho)e4o$s|GRjDo7R8be%}A<cB}aR
z<xqY@FCK5o#w#0nA8eAf@DHpE%^cDH?-|xH<la&+bpXo70%g2AXzpPChMk|E=3%ml
zcwx(!>vMbg)Utk#v<d%a(>rw(mYvpZb-)Jvx4SFxUwZ8d|K(5~|3f|A3(WsF9~L0p
zOp1miHGtgrqX6m?^aDpuniI~a^#O!js^t4oNA_0~js@{>HG9Jzwlpl5>jN-1W#qbu
z9(qSG#1R+RFt^QN4dpD=8_TP@Z(ocF)KfzxE1D15?c2CcGeWTxug>awdET+p7JtEE
z{n9L#&wA1I_3N_LqPZ+tr_kj=K=d^DT#qZroP$AqS!(vM%ydg%HbVXX-9PIjQasQZ
zu9rsP6Q3gcXFdMz#C?2}VLUQ1Hm3~@RzKQkHFU8dai@GVdQStY22gz?Y8Tq1|IGp4
zH+~0dlm0*HpX9&)&_1c&|1E{KJ<J`VBAZThvm0k544vgw-@~89D=J~E2GhP{_S1TW
zdywWCmE;ULciL%Bu5(M=<Ys!tz5Dt08j<`+nMc|9SxIIXw@F`L;Yc?m5zzyEtO2YJ
z_<HHfX!tL5l^FnAZdv0m6<x8oyQ~!SD6N(I){iGVysMq~EGTyC*m|F0mmX#Y>VYA!
z_u|KGwi?nE{BP3#ne)9x1o$1T!N&D}tCNra*gLM?|1O1gfBrK*nOz_KJvnhKS{<yO
z8avB14kPL-$_7wZBEov=+^2Ih+fs9=`_vNrzG-*-?;Zhu5Bwi@s^`B;p~uJnajEz}
zuJHd&v<v==Bfx(9`(NGe%KraJ_54RU^qBZBdO9h63GA@SpfK?4Q_J>ypndV5eF5xS
z-~a0NS}X5=^{f4#Qs~h5UwYiJEDeyU^r_|h+-Vp53lrVHzmx5Mu?_w^Cwcqd=~e!J
zDfF25&puF{%#rxH>q8>HDCq1{i}kyqeel1F?SHYK|9^a3`TwQRq42-*=0#Z=ptAit
z(eC))HTvr|_|N<Q-Cp(m|8l4V`+r;-`m447&a@BycZ>eIkNxkps`#(vP$~AmObt-k
z|D9+@{1-)l{pR@3-R|+q^S@R6_j2fw@xS_ZbV&yQ#gS*9TDs4l_QwAXn*bZ}-^-u>
z_xkNB{!=M*aQv5c0I)9h>{CnldDEWw-{}E>z3hL5|5E5c_%Hndfa1urPc7Z&PkZD4
z(DuJN|0{(Kj{m2y|J5$Q*0cluaVmFy^xx1X{C7_B@t@o6>ih5I&|~616UXepSl2bR
zo$p4-&zN?=|9HCPd4Hbv!GF8@{!=ORnE20xEIcs&$L1vJyAkp;rj7XDE8@p8ZNh(l
zCH`Z(Q+@xX9LmLeEquK-kM!*$J#Kz2Hm`pkzYS0D?scw@Pd&yD(I))g5}$fRVe&e3
z!xdXU_mj{D{I|O+@t-@LezpHs3cWOu>P9eD@Y+WPuYJy^Q3&;iUY)N)J@Y<#9qRhu
zn>Wyc#{GTmr3pRvrxA~s2ZKL@M_rXkkf@TxdfwY;X8er0jSRC#$@B{~`?H9hoc$SG
znJ)&cmKTJL5u7s;k|Fh}q9~oyj~B82lbM`!1QR0viu0tt*NR^&LD?9bH*vmy%Qa~!
zi*}+i{E&HTf7w?3>E;Ojguha$q#n1J=TeJa<JUBc>Dp3D1b&UEKo9Cy$<^7_I|)P}
znC%!gcHpB?nh@&~P!j}~3xP7^CV+!30`7ze6^DCDvg$N7q0%NgX4-A+UgpPBL+x2o
zvHrh0KYe$3?gWqX9Q`K$uh+?)|FnC@{c8PJ3cZ9YI|JbC;u=!T31=E(wc00*&W!s8
zHdL(y5iw@KdU3s2pFt9+7|fScfHNSO*sp0Ef5JQ%BhxH3_=C`=+M|N_Gb^AbM1e~f
z3=up&V?HMydQPqO5-zMRu#w+tU%q^)P0$ZgZBjU$!D&Ln#*4GgnsE@J!E&Cd3C(7B
zKJ}=SN5%LjVb~BzyZ|3V2W-H9ubqGYtKC28R`@T4*5F@i=qIK&1^p7d4gC4Y8t@p{
zkv8%0S+jb5hD_fYaRC?lilKt*n8BNc&XB*no+uT{L9;oV%^a5|l{j3C7oVSOF4Rc#
zjZ>@r7Z(s%=U~J|VDy33HxoVs#UYYt8a6_rB7sLBaD+mq@JPUCkGq+AV+=Sh51Kk9
zxzW7sIKMWLnUCNZji&GPP5l|^#JWe?3c2s|nU;dqYn&lda!{)^;B!{jEb1OpHHn6%
z>ZI0e#y8M_6&*Yw%+tf+lZd$!%Etfqzq;zrT0|Dah5X6ah$O;oF7mzs#kp^Fu85cf
z0y3fs_1NlxRH&Uj&P?|h_fYDTxt8N!S5&(Lrz1V;R{xJEqjGX&r%1L3iSpN#t?2)?
z>c0WkhHV2*O$9)8dF?K~{*rOMzr3*=JRDJm5@r)*dgPU$<8eIEQ~Q*iy+b0=OK#fI
z9wb|paGEqv54^D@9uU)6ojqxf=?yB|-1H+hy2UZ0HI0t5=G$()V>Y7W$c6wnc+z*1
zUL3(}LfwgGt8Xui-fgm^h~c1(E@5*M7?qBw8xO4FAg440%52Rk0|$!cIDrw)(lGT!
zJpeb7iU*5udp4Rmv-O1N*@}~P8@UAmdXy;i=X%T|Jq(J+^LsH~TBHjPWwB&})75UT
z5p!C+NYKl^Ou|TU4U1T{Enovg!VG<1|J8-fMoDh0LLx|j3Wbb^?OWu#X!?qTwO~$t
z6iPSoDwTU9(e1Bf&buRF=u_7=(nlpVoJ}uD3I;QwjRPm$33`!_M`j91y_&M$EwISS
zLfxs^ShyEPLBNbKrR8VsM^Z|018nr^E$Str;gYL3fss5ij2PM(flNjMtsp-yI(Nw#
zRotw5brTa&?4aR;ltY8WrDI*cBr7T*6zN`=RshU1qyPB|UDW-N=GGOD6z*bS*4Do?
zp_(sEVn7%fYoE=ey)nz{B%hU&86+O5SmepDoO&MBe2DMQmjx?P!55o(U^WiEScQOK
wg9XFSr<d<FV*RD%I2T}pIp@~qe;^0CqKYc2=sTtV4*&rF|INl}jR4F503?E9O8@`>

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.500.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.500.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..4adb441902df1088e931a27a19777f14bfb32af3
GIT binary patch
literal 1450
zcmV;b1y%YViwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>%liIivpEI9Am3PK5|7Kosn~=O$+1*U0nAz;Pv3o!}vZRvQ
zY^bgM?pv}A7-Qoxct}#AFO<~MuWjkq-BM!%GFYJL2HbXMD1$`==D8b~@a<#)hP)L-
z;_5{4ec!(x4wGNs_lv*&sNcWp4gJx;ANKsAf93bC{n6lx`KKCwiNuz`T=^&4D!$wg
zA|RzAAg-hxcNhzRK&ZJF0FgkCtG59f;!hmIG0V78I&8ti5apP?Ars@9(jgKev>E~&
zGsiZi(EusawJS>)l}<4z5G;1x)Q$apu6984FK8@Ra?F;!PKY)zTvO8iC@p~ymeB&)
zWcuE+CuPd9yiT1VT4@|J&|2^yS+&k`ZMWz7-pKbm-+D)zNwxnIMp^)&eH)0_5*izT
zJSra4`2Wpyf4J-a{oY{YU;O_ZlJ^|Y9KRAu*RtO8f30)DWp9QAz0Nb2;h0TgODdY8
zRj~>1Jw9>C6E}#EAOr#zL{cZpvBr7<w_CUFSdD=j2w|Aa261n=Bs3Ex;wX(oUG~ev
z=ev8L#h7`PfMV+jur!V3LjdyLs3$J)4kGL@wzfG*ZRQ3f%G7Hu87}7)&^C@DFe{G~
zfyf~~ZrTk%G+3L%xL-FLKs*7@KgR#o%?1$mnd=<H!@Ai3;x8~V2l2<c*#JT+x=q97
zOysxfP7y08UVxf0;E_jY38MV_{Z^(r2&pmfY_PyE78p9tOq6`$b1yJTK4krQauvG^
z;B%v5o#eJ0)zirdqZ!M5XiL(hSBuzy*mal=V>VEFOKH~;&rIfc8D6?5WA^ty9mbX*
zc$nm*RH-z|+xw4S2JV?7NIMzR#wA|jYm5XZ^T)N6jY-DsI^M35F&PWtHgn9}A)ufv
zELI+LZwDFyS3Rtg{7&v`Yk&_vwG)Gc(k=Kz#gfYK)9Eg>&66$M6}OzX0u4=%eY`{O
z?gSkAXE{-k7D%NwwvRbeN?^vx3LqDTVskW3s#mi=F`!a<l&EZ=47$L><sL6k#!<1a
z%Qn$B-?@pWTRDcVrH`4p;R_t-4!@G4`RyKCj`N*|HG{aEI})|$m4T9JZr)=SCyYwy
zc9@DTZa*53Ho<f;x|~C`jIVLY)Y9)d1j5&}5}~y)e>Hf6VApZHee`|4wuzpoUj_R>
z_;>-y!5CQWXhLqafK_YR28~gsIt^6C#RFVAEkC(^eg#<C_;E={u6y0eJuE-lw-d~Y
zr^a?r)y$$<V)%cQXmSUy;?%PApPi0dqn=A|%?}_uXY=OMU7|hW)bq^uHlTi1axZH>
z&0S!c&Z?kjNq3=ZnJYnUTG?eby+R}k#!}woHrbLgE(D}K=e++ntp99FWeo~JHT9qV
z^=MS6{|x&5{-yqN4mnHxXTzG)3qkJAo*~~Gwd7&uzB~1w9ZhWsAmZ}Zc!owIq0JT}
zhxw^WT@MUj4+2-IYk`Ag7v8N`HN7-{0$r$v)ebw!P*Tc&p|$PU(`zOh3suFFE!)1&
zDoTOAE#21+tp4j;NdMMp#Y~ygw1iyZ$Za71&<BHt`Cq3;^Jaeo)#U%)@aDRZ|NA$C
z%l|)Tk+bCgj5Y0K{|!s`GwQoC)#({0|5s8;zFEKB_nB>q%hgiR{+a7XwDi*IU`@s0
zK)vCJ%FYiRkk2d)<G(?z8h;g37yqyOgJS$2-Ha~r{~U6b_@A<-o$%lKKfveDC(~p(
zs?tfeSU*!Xd7b)fx{z+WfBI8?wN%Id>4)3*pFVg|c(RSU?>~FP;`g7Up?~@Q^DOe8
z10OryvT3Sg!2%31S^zP=_c>*3F=Vq<)hCtT`VB8~k&9g9B4zS#00030|1n?4E&wtB
E0MHxQ^Z)<=

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.501.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.501.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..a9c02399196b0182dfbde50446029fd10810bc9c
GIT binary patch
literal 1448
zcmV;Z1y}kXiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>{liD^Azh^#$CVf7~{7r|q3rRa^o68M%O`jKg57d(-jkKm=
zI{oe)*#?ZU@fmz1nXoU6w9;>F>9@PmVgoW*pt%mXy`G^A77>`I>%fGsCkrs-tsoLt
zCyMX;{%9~retq9B{`$jS@2WfShkd_49Qge!zdQ0r-7DswYWO)4TLN?CpKPo6a^H!7
zl!}13l6Kr-EC2$b=3W3q0zIx?2WW^taty~T<4WnU1rI}%WA=(njIT<ENQlsC2yo0C
z+muEFq|CKlS;DAvia~*3@!Cz@*x%=B2Q>eT#&RXcY}xIEXamDFCG8K=5(r@#Es#y7
z?<{*%rX0)b)ET0c#xVn}1rL%{>nzuHyPoe2{ch)L?`Sir_J6`i3m~+w0})$7V*`*!
z#e*9Ee>3V0cKyHC?GHy6|38Q1JqI+$FND&ytoQV@buPH<&XAzndEzo0vq@}8MN_mY
zHUYlFM=p8d1`!g3K;VK%>O?u#STEpq>((8sF>nJR43pU)?hKcNW}-wKrIF~G{dWK9
z_6}$<W}YRW*m?piO=Ec<fV?y6kqf+q2s@0eZB9~~xdDkX^;%1Y%XtN~jiU(6$|FS}
za)=L`b^{O%*5)wo*3AYGkHGVf@yoi|0Kz_TorAbvHyc3w14iZ`{#rL1KuAS5X}Fw;
z{8rs6Vg<!BP%{QR@CYqIlz+cJ%2Wp-H3psy78u3?L&uqkl8=1u1xCsHtUph#Vs`<2
zZd9z3+?JzyIyqr9W0?<aNt*O(5gQP@4%1=G21;)!?K<L_$s8}kOBZF#{{64R*b)Q}
zlbn<)l}34U_u+HjJ#z$UCu7>U#7lgQk>F(hxR$ap$+%s|+f_0qV<FsTj+r|I6qJR<
z%7gChKqKI)hjo(Q$$f1N@WH2cVvta}1)r!`QW<_a-G#P!vW2_imh(oSq3N-Ycj(=n
zfJ6TzCo0kcsno{yF=t8%%s5#A<ib#Fj>bv#YW6n<R7#H$l?{|Z7kIeb;|0n%D)wEo
zP4vxoZsO@yj-hMmV`gsn3<tW!FXU)`v&WX>eCK}6ATH;QMD2NHpk$hx_n5^AqY}Cu
zrlO164+f-7FkOr;=TI%<Yg{t5^rsGi@FlH8Xf4cN4BjBvbsTRWeV?ywq9^JX!9EZ^
zo<VXj239+okXtQa)mpYeW0a{*166VH0GCe7Pi~)I0G2j>ToRJ&Ubk`&%g^@h1he9)
zu^m)3vuKtW{)!S!?%-9NT9*E^({XFmbLp-50c7WF-h8@Cv`3tJp7`Dd)Xz%pWzDC#
z3ry2l6%;M$E_5w(C8$j+yUeCnh(y6y%A4FKTT;e_fVAhF_y30VpKYnEK_RH7{?i)`
zhlTo2zt{IK^`CRdS?WI<)|_4la(DI&`Oc^%4>R}OssHR~YD)kSm%qm|G!hAIwir3g
zk5%e=VEA$nxJq3M93;E&cD<_UrTHW1LN%;**hz+xQvNfoZO5KoGuc?EDxPfF_H9;C
z3iNI1zII^sU*1Ccw@xc&%ABSp<Pt}21Npl?7&OfPIz5^<`x~ex|91y(Muq&}d(*%C
z|8o{OOa9MT(@yr^uyjA8zAaOoo^kSjC6(lx_1k@$*`~N$EfwvbxPCxO&#eyDR2&Y}
z8;+>#eAfZ_%+fIa8`P@tS3!00f7I(2<NwI-U*i8c<Sg+&WlcNbzx98B&!11G$#PVs
zlWehmq-^ps_1SbG-FE-*r~GQEj{np5H}5{a_oDD*8+G4*b_d1pKZk?v<@?XG$WI48
zcD!NJRL6n^7-F;lVtns&%GhGaW~-`CD!=v{UgRPdxyVJz<o^Hw0RR89f}OtrG5`S7
CEY6?+

literal 0
HcmV?d00001

diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/Chart.yaml
new file mode 100644
index 000000000..6174d0e35
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 1.0.500
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/README.md
new file mode 100644
index 000000000..f6d9ef621
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/README.md
@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscan.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscan.yaml
new file mode 100644
index 000000000..beca6e1f8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscan.yaml
@@ -0,0 +1,149 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscans.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.lastRunScanProfileName
+    name: ClusterScanProfile
+    type: string
+  - JSONPath: .status.summary.total
+    name: Total
+    type: string
+  - JSONPath: .status.summary.pass
+    name: Pass
+    type: string
+  - JSONPath: .status.summary.fail
+    name: Fail
+    type: string
+  - JSONPath: .status.summary.skip
+    name: Skip
+    type: string
+  - JSONPath: .status.summary.warn
+    name: Warn
+    type: string
+  - JSONPath: .status.summary.notApplicable
+    name: Not Applicable
+    type: string
+  - JSONPath: .status.lastRunTimestamp
+    name: LastRunTimestamp
+    type: string
+  - JSONPath: .spec.scheduledScanConfig.cronSchedule
+    name: CronSchedule
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScan
+    plural: clusterscans
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            scanProfileName:
+              nullable: true
+              type: string
+            scheduledScanConfig:
+              nullable: true
+              properties:
+                cronSchedule:
+                  nullable: true
+                  type: string
+                retentionCount:
+                  type: integer
+                scanAlertRule:
+                  nullable: true
+                  properties:
+                    alertOnComplete:
+                      type: boolean
+                    alertOnFailure:
+                      type: boolean
+                  type: object
+              type: object
+            scoreWarning:
+              enum:
+              - pass
+              - fail
+              nullable: true
+              type: string
+          type: object
+        status:
+          properties:
+            NextScanAt:
+              nullable: true
+              type: string
+            ScanAlertingRuleName:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            display:
+              nullable: true
+              properties:
+                error:
+                  type: boolean
+                message:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+                transitioning:
+                  type: boolean
+              type: object
+            lastRunScanProfileName:
+              nullable: true
+              type: string
+            lastRunTimestamp:
+              nullable: true
+              type: string
+            observedGeneration:
+              type: integer
+            summary:
+              nullable: true
+              properties:
+                fail:
+                  type: integer
+                notApplicable:
+                  type: integer
+                pass:
+                  type: integer
+                skip:
+                  type: integer
+                total:
+                  type: integer
+                warn:
+                  type: integer
+              type: object
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscanbenchmark.yaml
new file mode 100644
index 000000000..aa6fc2218
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscanbenchmark.yaml
@@ -0,0 +1,55 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanbenchmarks.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.clusterProvider
+    name: ClusterProvider
+    type: string
+  - JSONPath: .spec.minKubernetesVersion
+    name: MinKubernetesVersion
+    type: string
+  - JSONPath: .spec.maxKubernetesVersion
+    name: MaxKubernetesVersion
+    type: string
+  - JSONPath: .spec.customBenchmarkConfigMapName
+    name: customBenchmarkConfigMapName
+    type: string
+  - JSONPath: .spec.customBenchmarkConfigMapNamespace
+    name: customBenchmarkConfigMapNamespace
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanBenchmark
+    plural: clusterscanbenchmarks
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            clusterProvider:
+              nullable: true
+              type: string
+            customBenchmarkConfigMapName:
+              nullable: true
+              type: string
+            customBenchmarkConfigMapNamespace:
+              nullable: true
+              type: string
+            maxKubernetesVersion:
+              nullable: true
+              type: string
+            minKubernetesVersion:
+              nullable: true
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscanprofile.yaml
new file mode 100644
index 000000000..21bb68396
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscanprofile.yaml
@@ -0,0 +1,37 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanprofiles.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.benchmarkVersion
+    name: BenchmarkVersion
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanProfile
+    plural: clusterscanprofiles
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            benchmarkVersion:
+              nullable: true
+              type: string
+            skipTests:
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscanreport.yaml
new file mode 100644
index 000000000..017020a95
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.500/templates/clusterscanreport.yaml
@@ -0,0 +1,40 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanreports.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.lastRunTimestamp
+    name: LastRunTimestamp
+    type: string
+  - JSONPath: .spec.benchmarkVersion
+    name: BenchmarkVersion
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanReport
+    plural: clusterscanreports
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            benchmarkVersion:
+              nullable: true
+              type: string
+            lastRunTimestamp:
+              nullable: true
+              type: string
+            reportJSON:
+              nullable: true
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/Chart.yaml
new file mode 100644
index 000000000..d0411bb4d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 1.0.501
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/README.md
new file mode 100644
index 000000000..f6d9ef621
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/README.md
@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscan.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscan.yaml
new file mode 100644
index 000000000..beca6e1f8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscan.yaml
@@ -0,0 +1,149 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscans.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.lastRunScanProfileName
+    name: ClusterScanProfile
+    type: string
+  - JSONPath: .status.summary.total
+    name: Total
+    type: string
+  - JSONPath: .status.summary.pass
+    name: Pass
+    type: string
+  - JSONPath: .status.summary.fail
+    name: Fail
+    type: string
+  - JSONPath: .status.summary.skip
+    name: Skip
+    type: string
+  - JSONPath: .status.summary.warn
+    name: Warn
+    type: string
+  - JSONPath: .status.summary.notApplicable
+    name: Not Applicable
+    type: string
+  - JSONPath: .status.lastRunTimestamp
+    name: LastRunTimestamp
+    type: string
+  - JSONPath: .spec.scheduledScanConfig.cronSchedule
+    name: CronSchedule
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScan
+    plural: clusterscans
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            scanProfileName:
+              nullable: true
+              type: string
+            scheduledScanConfig:
+              nullable: true
+              properties:
+                cronSchedule:
+                  nullable: true
+                  type: string
+                retentionCount:
+                  type: integer
+                scanAlertRule:
+                  nullable: true
+                  properties:
+                    alertOnComplete:
+                      type: boolean
+                    alertOnFailure:
+                      type: boolean
+                  type: object
+              type: object
+            scoreWarning:
+              enum:
+              - pass
+              - fail
+              nullable: true
+              type: string
+          type: object
+        status:
+          properties:
+            NextScanAt:
+              nullable: true
+              type: string
+            ScanAlertingRuleName:
+              nullable: true
+              type: string
+            conditions:
+              items:
+                properties:
+                  lastTransitionTime:
+                    nullable: true
+                    type: string
+                  lastUpdateTime:
+                    nullable: true
+                    type: string
+                  message:
+                    nullable: true
+                    type: string
+                  reason:
+                    nullable: true
+                    type: string
+                  status:
+                    nullable: true
+                    type: string
+                  type:
+                    nullable: true
+                    type: string
+                type: object
+              nullable: true
+              type: array
+            display:
+              nullable: true
+              properties:
+                error:
+                  type: boolean
+                message:
+                  nullable: true
+                  type: string
+                state:
+                  nullable: true
+                  type: string
+                transitioning:
+                  type: boolean
+              type: object
+            lastRunScanProfileName:
+              nullable: true
+              type: string
+            lastRunTimestamp:
+              nullable: true
+              type: string
+            observedGeneration:
+              type: integer
+            summary:
+              nullable: true
+              properties:
+                fail:
+                  type: integer
+                notApplicable:
+                  type: integer
+                pass:
+                  type: integer
+                skip:
+                  type: integer
+                total:
+                  type: integer
+                warn:
+                  type: integer
+              type: object
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscanbenchmark.yaml
new file mode 100644
index 000000000..aa6fc2218
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscanbenchmark.yaml
@@ -0,0 +1,55 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanbenchmarks.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.clusterProvider
+    name: ClusterProvider
+    type: string
+  - JSONPath: .spec.minKubernetesVersion
+    name: MinKubernetesVersion
+    type: string
+  - JSONPath: .spec.maxKubernetesVersion
+    name: MaxKubernetesVersion
+    type: string
+  - JSONPath: .spec.customBenchmarkConfigMapName
+    name: customBenchmarkConfigMapName
+    type: string
+  - JSONPath: .spec.customBenchmarkConfigMapNamespace
+    name: customBenchmarkConfigMapNamespace
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanBenchmark
+    plural: clusterscanbenchmarks
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            clusterProvider:
+              nullable: true
+              type: string
+            customBenchmarkConfigMapName:
+              nullable: true
+              type: string
+            customBenchmarkConfigMapNamespace:
+              nullable: true
+              type: string
+            maxKubernetesVersion:
+              nullable: true
+              type: string
+            minKubernetesVersion:
+              nullable: true
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscanprofile.yaml
new file mode 100644
index 000000000..21bb68396
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscanprofile.yaml
@@ -0,0 +1,37 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanprofiles.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.benchmarkVersion
+    name: BenchmarkVersion
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanProfile
+    plural: clusterscanprofiles
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            benchmarkVersion:
+              nullable: true
+              type: string
+            skipTests:
+              items:
+                nullable: true
+                type: string
+              nullable: true
+              type: array
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscanreport.yaml
new file mode 100644
index 000000000..017020a95
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/1.0.501/templates/clusterscanreport.yaml
@@ -0,0 +1,40 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanreports.cis.cattle.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.lastRunTimestamp
+    name: LastRunTimestamp
+    type: string
+  - JSONPath: .spec.benchmarkVersion
+    name: BenchmarkVersion
+    type: string
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanReport
+    plural: clusterscanreports
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      properties:
+        spec:
+          properties:
+            benchmarkVersion:
+              nullable: true
+              type: string
+            lastRunTimestamp:
+              nullable: true
+              type: string
+            reportJSON:
+              nullable: true
+              type: string
+          type: object
+      type: object
+  version: v1
+  versions:
+  - name: v1
+    served: true
+    storage: true
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/Chart.yaml
new file mode 100644
index 000000000..ada7fb8c5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: CIS Benchmark
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+  catalog.cattle.io/release-name: rancher-cis-benchmark
+  catalog.cattle.io/ui-component: rancher-cis-benchmark
+apiVersion: v1
+appVersion: v1.0.5
+description: The cis-operator enables running CIS benchmark security scans on a kubernetes
+  cluster
+icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+keywords:
+- security
+name: rancher-cis-benchmark
+version: 1.0.500
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/README.md
new file mode 100644
index 000000000..50beab58b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/README.md
@@ -0,0 +1,9 @@
+# Rancher CIS Benchmark Chart
+
+The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
+
+# Installation
+
+```
+helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
+```
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/app-readme.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/app-readme.md
new file mode 100644
index 000000000..5e495d605
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher CIS Benchmarks
+
+This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
+
+This chart installs the following components:
+
+- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
+- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
+- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
+- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
+- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
+    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
+    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/_helpers.tpl b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/_helpers.tpl
new file mode 100644
index 000000000..67f4ce116
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/_helpers.tpl
@@ -0,0 +1,23 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "cis.namespace" -}}
+  {{- .Release.Namespace | default "cis-operator-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux_node_tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/alertingrule.yaml
new file mode 100644
index 000000000..1787c88a0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/alertingrule.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.alerts.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: rancher-cis-pod-monitor
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  podMetricsEndpoints:
+  - port: cismetrics
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-cis-1.5.yaml
new file mode 100644
index 000000000..39e8b834a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-cis-1.5.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.5
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-cis-1.6.yaml
new file mode 100644
index 000000000..93ba064f4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-cis-1.6.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.6
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-eks-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-eks-1.0.yaml
new file mode 100644
index 000000000..bd2e32cd3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-eks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: eks-1.0
+spec:
+  clusterProvider: eks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-gke-1.0.yaml
new file mode 100644
index 000000000..72122e8c5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-gke-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: gke-1.0
+spec:
+  clusterProvider: gke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-k3s-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..3ca9b6009
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-k3s-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-k3s-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..6d4253c6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-k3s-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..b5627f966
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..95f80c0f0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..d75de8154
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..52428f4a7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..3d83e9bd8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..f66aa8f6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..3593bf371
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..522f846ae
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/benchmark-rke2-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/cis-roles.yaml
new file mode 100644
index 000000000..23c93dc65
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/cis-roles.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-admin
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-view
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/configmap.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/configmap.yaml
new file mode 100644
index 000000000..6cbc23db4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/configmap.yaml
@@ -0,0 +1,17 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-clusterscanprofiles
+  namespace: {{ template "cis.namespace" . }}
+data:
+  # Default ClusterScanProfiles per cluster provider type
+  rke: |-
+    <1.16.0: rke-profile-permissive-1.5
+    >=1.16.0: rke-profile-permissive-1.6
+  rke2: |-
+    <1.20.5: rke2-cis-1.5-profile-permissive
+    >=1.20.5: rke2-cis-1.6-profile-permissive
+  eks: "eks-profile"
+  gke: "gke-profile"
+  k3s: "k3s-cis-1.6-profile-permissive"
+  default: "cis-1.6-profile"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/deployment.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/deployment.yaml
new file mode 100644
index 000000000..0d3c75e39
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/deployment.yaml
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cis-operator
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    cis.cattle.io/operator: cis-operator
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  template:
+    metadata:
+      labels:
+        cis.cattle.io/operator: cis-operator
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      containers:
+      - name: cis-operator
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
+        imagePullPolicy: Always
+        ports:
+        - name: cismetrics
+          containerPort: {{ .Values.alerts.metricsPort }}
+        env:
+        - name: SECURITY_SCAN_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
+        - name: SECURITY_SCAN_IMAGE_TAG
+          value: {{ .Values.image.securityScan.tag }}
+        - name: SONOBUOY_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
+        - name: SONOBUOY_IMAGE_TAG
+          value: {{ .Values.image.sonobuoy.tag }}
+        - name: CIS_ALERTS_METRICS_PORT
+          value: '{{ .Values.alerts.metricsPort }}'
+        - name: CIS_ALERTS_SEVERITY
+          value: {{ .Values.alerts.severity }}
+        - name: CIS_ALERTS_ENABLED
+          value: {{ .Values.alerts.enabled | default "false" | quote }}
+        - name: CLUSTER_NAME
+          value: {{ .Values.global.cattle.clusterName }}
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+      nodeSelector:
+        kubernetes.io/os: linux
+      {{- with .Values.nodeSelector }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      tolerations:
+      {{- include "linux_node_tolerations" . | nindent 8}}
+      {{- with .Values.tolerations }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/network_policy_allow_all.yaml
new file mode 100644
index 000000000..6ed5d645e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 000000000..1efa3ed1c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ template "cis.namespace" . }}]
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/rbac.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/rbac.yaml
new file mode 100644
index 000000000..816991f23
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/rbac.yaml
@@ -0,0 +1,43 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-operator-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cis-operator-installer
+subjects:
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-cis-1.5.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-cis-1.5.yml
new file mode 100644
index 000000000..d69ae9dd5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-cis-1.5.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.5-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.5
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-cis-1.6.yaml
new file mode 100644
index 000000000..8a8d8bf88
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.6-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-k3s-cis-1.6-hardened.yml
new file mode 100644
index 000000000..095e977ab
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-k3s-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-k3s-cis-1.6-permissive.yml
new file mode 100644
index 000000000..3b22a80c8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-k3s-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.5-hardened.yml
new file mode 100644
index 000000000..4eabe158a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.5-permissive.yml
new file mode 100644
index 000000000..1f78751d1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.6-hardened.yaml
new file mode 100644
index 000000000..d38febd80
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.6-permissive.yaml
new file mode 100644
index 000000000..d31b5b0d2
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.5-hardened.yml
new file mode 100644
index 000000000..83eb3131e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.5-permissive.yml
new file mode 100644
index 000000000..40dc44bdf
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.6-hardened.yml
new file mode 100644
index 000000000..c7ac7f949
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.6-permissive.yml
new file mode 100644
index 000000000..96ca1345a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofile-rke2-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofileeks.yml
new file mode 100644
index 000000000..49c7e0246
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofileeks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: eks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: eks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofilegke.yml
new file mode 100644
index 000000000..2ddd0686f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/scanprofilegke.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: gke-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ec48ec622
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  name: cis-operator-serviceaccount
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..562295791
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/templates/validate-install-crd.yaml
@@ -0,0 +1,17 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/values.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/values.yaml
new file mode 100644
index 000000000..e1086b1ac
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.500/values.yaml
@@ -0,0 +1,45 @@
+# Default values for rancher-cis-benchmark.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  cisoperator:
+    repository: rancher/cis-operator
+    tag: v1.0.5-rc1
+  securityScan:
+    repository: rancher/security-scan
+    tag: v0.2.3
+  sonobuoy:
+    repository: rancher/mirrored-sonobuoy-sonobuoy
+    tag: v0.16.3
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+
+alerts:
+  enabled: false
+  severity: warning
+  metricsPort: 8080
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/Chart.yaml
new file mode 100644
index 000000000..a3879521b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: CIS Benchmark
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+  catalog.cattle.io/release-name: rancher-cis-benchmark
+  catalog.cattle.io/ui-component: rancher-cis-benchmark
+apiVersion: v1
+appVersion: v1.0.5
+description: The cis-operator enables running CIS benchmark security scans on a kubernetes
+  cluster
+icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+keywords:
+- security
+name: rancher-cis-benchmark
+version: 1.0.501
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/README.md
new file mode 100644
index 000000000..50beab58b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/README.md
@@ -0,0 +1,9 @@
+# Rancher CIS Benchmark Chart
+
+The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
+
+# Installation
+
+```
+helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
+```
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/app-readme.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/app-readme.md
new file mode 100644
index 000000000..5e495d605
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher CIS Benchmarks
+
+This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
+
+This chart installs the following components:
+
+- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
+- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
+- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
+- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
+- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
+    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
+    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/_helpers.tpl b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/_helpers.tpl
new file mode 100644
index 000000000..67f4ce116
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/_helpers.tpl
@@ -0,0 +1,23 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "cis.namespace" -}}
+  {{- .Release.Namespace | default "cis-operator-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux_node_tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/alertingrule.yaml
new file mode 100644
index 000000000..1787c88a0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/alertingrule.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.alerts.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: rancher-cis-pod-monitor
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  podMetricsEndpoints:
+  - port: cismetrics
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-cis-1.5.yaml
new file mode 100644
index 000000000..39e8b834a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-cis-1.5.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.5
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-cis-1.6.yaml
new file mode 100644
index 000000000..93ba064f4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-cis-1.6.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.6
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-eks-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-eks-1.0.yaml
new file mode 100644
index 000000000..bd2e32cd3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-eks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: eks-1.0
+spec:
+  clusterProvider: eks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-gke-1.0.yaml
new file mode 100644
index 000000000..72122e8c5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-gke-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: gke-1.0
+spec:
+  clusterProvider: gke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-k3s-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..3ca9b6009
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-k3s-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-k3s-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..6d4253c6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-k3s-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..b5627f966
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..95f80c0f0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..d75de8154
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..52428f4a7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..3d83e9bd8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..f66aa8f6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..3593bf371
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..522f846ae
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/benchmark-rke2-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/cis-roles.yaml
new file mode 100644
index 000000000..23c93dc65
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/cis-roles.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-admin
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-view
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/configmap.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/configmap.yaml
new file mode 100644
index 000000000..6cbc23db4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/configmap.yaml
@@ -0,0 +1,17 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-clusterscanprofiles
+  namespace: {{ template "cis.namespace" . }}
+data:
+  # Default ClusterScanProfiles per cluster provider type
+  rke: |-
+    <1.16.0: rke-profile-permissive-1.5
+    >=1.16.0: rke-profile-permissive-1.6
+  rke2: |-
+    <1.20.5: rke2-cis-1.5-profile-permissive
+    >=1.20.5: rke2-cis-1.6-profile-permissive
+  eks: "eks-profile"
+  gke: "gke-profile"
+  k3s: "k3s-cis-1.6-profile-permissive"
+  default: "cis-1.6-profile"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/deployment.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/deployment.yaml
new file mode 100644
index 000000000..0d3c75e39
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/deployment.yaml
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cis-operator
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    cis.cattle.io/operator: cis-operator
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  template:
+    metadata:
+      labels:
+        cis.cattle.io/operator: cis-operator
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      containers:
+      - name: cis-operator
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
+        imagePullPolicy: Always
+        ports:
+        - name: cismetrics
+          containerPort: {{ .Values.alerts.metricsPort }}
+        env:
+        - name: SECURITY_SCAN_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
+        - name: SECURITY_SCAN_IMAGE_TAG
+          value: {{ .Values.image.securityScan.tag }}
+        - name: SONOBUOY_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
+        - name: SONOBUOY_IMAGE_TAG
+          value: {{ .Values.image.sonobuoy.tag }}
+        - name: CIS_ALERTS_METRICS_PORT
+          value: '{{ .Values.alerts.metricsPort }}'
+        - name: CIS_ALERTS_SEVERITY
+          value: {{ .Values.alerts.severity }}
+        - name: CIS_ALERTS_ENABLED
+          value: {{ .Values.alerts.enabled | default "false" | quote }}
+        - name: CLUSTER_NAME
+          value: {{ .Values.global.cattle.clusterName }}
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+      nodeSelector:
+        kubernetes.io/os: linux
+      {{- with .Values.nodeSelector }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      tolerations:
+      {{- include "linux_node_tolerations" . | nindent 8}}
+      {{- with .Values.tolerations }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/network_policy_allow_all.yaml
new file mode 100644
index 000000000..6ed5d645e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 000000000..1efa3ed1c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ template "cis.namespace" . }}]
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/rbac.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/rbac.yaml
new file mode 100644
index 000000000..816991f23
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/rbac.yaml
@@ -0,0 +1,43 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-operator-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cis-operator-installer
+subjects:
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-cis-1.5.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-cis-1.5.yml
new file mode 100644
index 000000000..d69ae9dd5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-cis-1.5.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.5-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.5
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-cis-1.6.yaml
new file mode 100644
index 000000000..8a8d8bf88
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.6-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-k3s-cis-1.6-hardened.yml
new file mode 100644
index 000000000..095e977ab
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-k3s-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-k3s-cis-1.6-permissive.yml
new file mode 100644
index 000000000..3b22a80c8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-k3s-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.5-hardened.yml
new file mode 100644
index 000000000..4eabe158a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.5-permissive.yml
new file mode 100644
index 000000000..1f78751d1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.5
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.6-hardened.yaml
new file mode 100644
index 000000000..d38febd80
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.6-permissive.yaml
new file mode 100644
index 000000000..d31b5b0d2
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.5-hardened.yml
new file mode 100644
index 000000000..83eb3131e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.5-permissive.yml
new file mode 100644
index 000000000..40dc44bdf
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.5-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.6-hardened.yml
new file mode 100644
index 000000000..c7ac7f949
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.6-permissive.yml
new file mode 100644
index 000000000..96ca1345a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofile-rke2-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofileeks.yml
new file mode 100644
index 000000000..49c7e0246
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofileeks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: eks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: eks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofilegke.yml
new file mode 100644
index 000000000..2ddd0686f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/scanprofilegke.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: gke-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ec48ec622
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  name: cis-operator-serviceaccount
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..562295791
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/templates/validate-install-crd.yaml
@@ -0,0 +1,17 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/values.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/values.yaml
new file mode 100644
index 000000000..e1086b1ac
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/1.0.501/values.yaml
@@ -0,0 +1,45 @@
+# Default values for rancher-cis-benchmark.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  cisoperator:
+    repository: rancher/cis-operator
+    tag: v1.0.5-rc1
+  securityScan:
+    repository: rancher/security-scan
+    tag: v0.2.3
+  sonobuoy:
+    repository: rancher/mirrored-sonobuoy-sonobuoy
+    tag: v0.16.3
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+
+alerts:
+  enabled: false
+  severity: warning
+  metricsPort: 8080
diff --git a/index.yaml b/index.yaml
index 9d6100a7c..04f60e2ac 100755
--- a/index.yaml
+++ b/index.yaml
@@ -800,6 +800,50 @@ entries:
     - assets/rancher-backup/rancher-backup-crd-1.0.200.tgz
     version: 1.0.200
   rancher-cis-benchmark:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: CIS Benchmark
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+      catalog.cattle.io/release-name: rancher-cis-benchmark
+      catalog.cattle.io/ui-component: rancher-cis-benchmark
+    apiVersion: v1
+    appVersion: v1.0.5
+    created: "2021-05-24T16:47:15.098785-07:00"
+    description: The cis-operator enables running CIS benchmark security scans on
+      a kubernetes cluster
+    digest: c1d271afb80d3cda664fd0f1cf9562fa59736d9091f2e7e55492a063b724fdfb
+    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+    keywords:
+    - security
+    name: rancher-cis-benchmark
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.501.tgz
+    version: 1.0.501
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: CIS Benchmark
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+      catalog.cattle.io/release-name: rancher-cis-benchmark
+      catalog.cattle.io/ui-component: rancher-cis-benchmark
+    apiVersion: v1
+    appVersion: v1.0.5
+    created: "2021-05-24T17:17:36.176144-07:00"
+    description: The cis-operator enables running CIS benchmark security scans on
+      a kubernetes cluster
+    digest: 97e735bdc06a61445744ead5aa3397e1596e4fd1123aa7206c1c7f214dc3c5c4
+    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+    keywords:
+    - security
+    name: rancher-cis-benchmark
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.500.tgz
+    version: 1.0.500
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -910,6 +954,34 @@ entries:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz
     version: 1.0.100
   rancher-cis-benchmark-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+    apiVersion: v1
+    created: "2021-05-24T16:47:15.099898-07:00"
+    description: Installs the CRDs for rancher-cis-benchmark.
+    digest: 9fc2a1bbef467c13cd9cd682043e04edd36f356675a6ef05ff8a619130d67daa
+    name: rancher-cis-benchmark-crd
+    type: application
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.501.tgz
+    version: 1.0.501
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+    apiVersion: v1
+    created: "2021-05-24T17:17:36.178001-07:00"
+    description: Installs the CRDs for rancher-cis-benchmark.
+    digest: 1012ab972995722b61bc3d4172e08f52ae439ccf7e3ef6a3b497a93fa4092f04
+    name: rancher-cis-benchmark-crd
+    type: application
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-1.0.500.tgz
+    version: 1.0.500
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"
diff --git a/packages/rancher-cis-benchmark/charts/Chart.yaml b/packages/rancher-cis-benchmark/charts/Chart.yaml
index f281b9ed4..b361a00d5 100644
--- a/packages/rancher-cis-benchmark/charts/Chart.yaml
+++ b/packages/rancher-cis-benchmark/charts/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
-appVersion: v1.0.4
+appVersion: v1.0.5
 description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster
 name: rancher-cis-benchmark
-version: 1.0.4
+version: 1.0.5
 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
 keywords:
   - security
diff --git a/packages/rancher-cis-benchmark/charts/values.yaml b/packages/rancher-cis-benchmark/charts/values.yaml
index 05bcdac4f..e1086b1ac 100644
--- a/packages/rancher-cis-benchmark/charts/values.yaml
+++ b/packages/rancher-cis-benchmark/charts/values.yaml
@@ -5,7 +5,7 @@
 image:
   cisoperator:
     repository: rancher/cis-operator
-    tag: v1.0.4
+    tag: v1.0.5-rc1
   securityScan:
     repository: rancher/security-scan
     tag: v0.2.3
diff --git a/packages/rancher-cis-benchmark/templates/crd-template/Chart.yaml b/packages/rancher-cis-benchmark/templates/crd-template/Chart.yaml
index eeb3fc6fc..55c9ca8ed 100644
--- a/packages/rancher-cis-benchmark/templates/crd-template/Chart.yaml
+++ b/packages/rancher-cis-benchmark/templates/crd-template/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
-version: 1.0.4
+version: 1.0.5
 description: Installs the CRDs for rancher-cis-benchmark.
 name: rancher-cis-benchmark-crd
 type: application