Merge pull request #2988 from rayandas/add-cis17-124

[dev-v2.8] Add CIS 1.24 and 1.7 in dev-v2.8 and bump the chart version

charts/rancher-cis-benchmark-crd/5.0.0-rc2/Chart.yaml

@@ -7,4 +7,4 @@ apiVersion: v1
 description: Installs the CRDs for rancher-cis-benchmark.
 name: rancher-cis-benchmark-crd
 type: application
-version: 5.0.0-rc1
+version: 5.0.0-rc2

charts/rancher-cis-benchmark/5.0.0-rc2/Chart.yaml

@@ -12,11 +12,11 @@ annotations:
   catalog.cattle.io/type: cluster-tool
   catalog.cattle.io/ui-component: rancher-cis-benchmark
 apiVersion: v1
-appVersion: v5.0.0-rc1
+appVersion: v5.0.0-rc2
 description: The cis-operator enables running CIS benchmark security scans on a kubernetes
   cluster
 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
 keywords:
 - security
 name: rancher-cis-benchmark
-version: 5.0.0-rc1
+version: 5.0.0-rc2

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-cis-1.23.yaml

@@ -6,3 +6,4 @@ metadata:
 spec:
   clusterProvider: ""
   minKubernetesVersion: "1.22.0"
+  maxKubernetesVersion: "1.23.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-cis-1.24.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.24
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-cis-1.7.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.7
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.25.0"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-gke-1.2.0.yaml

@@ -2,7 +2,7 @@
 apiVersion: cis.cattle.io/v1
 kind: ClusterScanBenchmark
 metadata:
-  name: gke-1.0
+  name: gke-1.2.0
 spec:
   clusterProvider: gke
-  minKubernetesVersion: "1.15.0"
+  minKubernetesVersion: "1.15.0"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-k3s-cis-1.23-hardened.yaml

@@ -6,3 +6,4 @@ metadata:
 spec:
   clusterProvider: k3s
   minKubernetesVersion: "1.22.0"
+  maxKubernetesVersion: "1.23.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-k3s-cis-1.23-permissive.yaml

@@ -6,3 +6,4 @@ metadata:
 spec:
   clusterProvider: k3s
   minKubernetesVersion: "1.22.0"
+  maxKubernetesVersion: "1.23.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-k3s-cis-1.24-hardened.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.24-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-k3s-cis-1.24-permissive.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.24-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-k3s-cis-1.7-hardened.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.7-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.25.0"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-k3s-cis-1.7-permissive.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.7-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.25.0"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-rke-cis-1.23-hardened.yaml

@@ -6,3 +6,4 @@ metadata:
 spec:
   clusterProvider: rke
   minKubernetesVersion: "1.22.0"
+  maxKubernetesVersion: "1.23.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-rke-cis-1.23-permissive.yaml

@@ -6,3 +6,4 @@ metadata:
 spec:
   clusterProvider: rke
   minKubernetesVersion: "1.22.0"
+  maxKubernetesVersion: "1.23.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-rke-cis-1.24-hardened.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.24-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-rke-cis-1.24-permissive.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.24-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-rke-cis-1.7-hardened.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.7-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.25.0"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-rke-cis-1.7-permissive.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.7-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.25.0"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-rke2-cis-1.23-hardened.yaml

@@ -6,3 +6,4 @@ metadata:
 spec:
   clusterProvider: rke2
   minKubernetesVersion: "1.22.0"
+  maxKubernetesVersion: "1.23.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-rke2-cis-1.23-permissive.yaml

@@ -6,3 +6,4 @@ metadata:
 spec:
   clusterProvider: rke2
   minKubernetesVersion: "1.22.0"
+  maxKubernetesVersion: "1.23.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-rke2-cis-1.24-hardened.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.24-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-rke2-cis-1.24-permissive.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.24-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.24.0"
+  maxKubernetesVersion: "1.24.x"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-rke2-cis-1.7-hardened.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.7-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.25.0"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/benchmark-rke2-cis-1.7-permissive.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.7-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.25.0"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/configmap.yaml

@@ -7,12 +7,12 @@ data:
   # Default ClusterScanProfiles per cluster provider type
   rke: |-
     <1.21.0: rke-profile-permissive-1.20
-    >=1.21.0: rke-profile-permissive-1.23
+    >=1.21.0: rke-profile-permissive-1.7
   rke2: |-
     <1.21.0: rke2-cis-1.20-profile-permissive
-    >=1.21.0: rke2-cis-1.23-profile-permissive
+    >=1.21.0: rke2-cis-1.7-profile-permissive
   eks: "eks-profile"
   gke: "gke-profile"
   aks: "aks-profile"
-  k3s: "k3s-cis-1.23-profile-permissive"
+  k3s: "k3s-cis-1.7-profile-permissive"
-  default: "cis-1.23-profile"
+  default: "cis-1.7-profile"

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-cis-1.24.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.24-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.24

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-cis-1.7.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.7-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.7

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-k3s-cis-1.24-hardened.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.24-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.24-hardened

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-k3s-cis-1.24-permissive.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.24-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.24-permissive

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-k3s-cis-1.7-hardened.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.7-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.7-hardened

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-k3s-cis-1.7-permissive.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.7-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.7-permissive

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-rke-1.24-hardened.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.24
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.24-hardened

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-rke-1.24-permissive.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.24
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.24-permissive

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-rke-1.7-hardened.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.7
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.7-hardened

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-rke-1.7-permissive.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.7
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.7-permissive

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-rke2-cis-1.24-hardened.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.24-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.24-hardened

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-rke2-cis-1.24-permissive.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.24-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.24-permissive

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-rke2-cis-1.7-hardened.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.7-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.7-hardened

charts/rancher-cis-benchmark/5.0.0-rc2/templates/scanprofile-rke2-cis-1.7-permissive.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.7-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.7-permissive