From eba3d83e60cc2ad1aa94c0d1897bd80e536aca8a Mon Sep 17 00:00:00 2001
From: galal-hussein <hussein.galal.ahmed.11@gmail.com>
Date: Tue, 18 Oct 2022 23:09:31 +0200
Subject: [PATCH] make charts

---
 .../rancher-cis-benchmark-crd-3.0.0-rc8.tgz   | Bin 0 -> 1466 bytes
 .../rancher-cis-benchmark-3.0.0-rc8.tgz       | Bin 0 -> 6622 bytes
 .../3.0.0-rc8/Chart.yaml                      |  10 ++
 .../3.0.0-rc8/README.md                       |   2 +
 .../3.0.0-rc8/templates/clusterscan.yaml      | 148 ++++++++++++++++
 .../templates/clusterscanbenchmark.yaml       |  54 ++++++
 .../templates/clusterscanprofile.yaml         |  36 ++++
 .../templates/clusterscanreport.yaml          |  39 +++++
 .../3.0.0-rc8/Chart.yaml                      |  22 +++
 .../rancher-cis-benchmark/3.0.0-rc8/README.md |   9 +
 .../3.0.0-rc8/app-readme.md                   |  15 ++
 .../3.0.0-rc8/templates/_helpers.tpl          |  27 +++
 .../3.0.0-rc8/templates/alertingrule.yaml     |  14 ++
 .../templates/benchmark-aks-1.0.yaml          |   8 +
 .../templates/benchmark-cis-1.20.yaml         |   9 +
 .../templates/benchmark-cis-1.23.yaml         |   8 +
 .../templates/benchmark-cis-1.5.yaml          |   9 +
 .../templates/benchmark-cis-1.6.yaml          |   9 +
 .../templates/benchmark-eks-1.0.1.yaml        |   8 +
 .../templates/benchmark-gke-1.0.yaml          |   8 +
 .../benchmark-k3s-cis-1.20-hardened.yaml      |   9 +
 .../benchmark-k3s-cis-1.20-permissive.yaml    |   9 +
 .../benchmark-k3s-cis-1.23-hardened.yaml      |   8 +
 .../benchmark-k3s-cis-1.23-permissive.yaml    |   8 +
 .../benchmark-k3s-cis-1.6-hardened.yaml       |   9 +
 .../benchmark-k3s-cis-1.6-permissive.yaml     |   9 +
 .../benchmark-rke-cis-1.20-hardened.yaml      |   9 +
 .../benchmark-rke-cis-1.20-permissive.yaml    |   9 +
 .../benchmark-rke-cis-1.23-hardened.yaml      |   8 +
 .../benchmark-rke-cis-1.23-permissive.yaml    |   8 +
 .../benchmark-rke-cis-1.5-hardened.yaml       |   9 +
 .../benchmark-rke-cis-1.5-permissive.yaml     |   9 +
 .../benchmark-rke-cis-1.6-hardened.yaml       |   9 +
 .../benchmark-rke-cis-1.6-permissive.yaml     |   9 +
 .../benchmark-rke2-cis-1.20-hardened.yaml     |   9 +
 .../benchmark-rke2-cis-1.20-permissive.yaml   |   9 +
 .../benchmark-rke2-cis-1.23-hardened.yaml     |   8 +
 .../benchmark-rke2-cis-1.23-permissive.yaml   |   8 +
 .../benchmark-rke2-cis-1.5-hardened.yaml      |   9 +
 .../benchmark-rke2-cis-1.5-permissive.yaml    |   9 +
 .../benchmark-rke2-cis-1.6-hardened.yaml      |   9 +
 .../benchmark-rke2-cis-1.6-permissive.yaml    |   9 +
 .../3.0.0-rc8/templates/cis-roles.yaml        |  49 ++++++
 .../3.0.0-rc8/templates/configmap.yaml        |  18 ++
 .../templates/delete_rolebindings.yaml        |  27 +++
 .../3.0.0-rc8/templates/deployment.yaml       |  55 ++++++
 .../templates/network_policy_allow_all.yaml   |  15 ++
 .../patch_default_serviceaccount.yaml         |  29 ++++
 .../3.0.0-rc8/templates/psp.yaml              |  57 +++++++
 .../3.0.0-rc8/templates/rbac.yaml             | 160 ++++++++++++++++++
 .../templates/scanprofile-cis-1.20.yaml       |   9 +
 .../templates/scanprofile-cis-1.23.yaml       |   9 +
 .../templates/scanprofile-cis-1.6.yaml        |   9 +
 .../scanprofile-k3s-cis-1.20-hardened.yml     |   9 +
 .../scanprofile-k3s-cis-1.20-permissive.yml   |   9 +
 .../scanprofile-k3s-cis-1.23-hardened.yml     |   9 +
 .../scanprofile-k3s-cis-1.23-permissive.yml   |   9 +
 .../scanprofile-k3s-cis-1.6-hardened.yml      |   9 +
 .../scanprofile-k3s-cis-1.6-permissive.yml    |   9 +
 .../scanprofile-rke-1.20-hardened.yaml        |   9 +
 .../scanprofile-rke-1.20-permissive.yaml      |   9 +
 .../scanprofile-rke-1.23-hardened.yaml        |   9 +
 .../scanprofile-rke-1.23-permissive.yaml      |   9 +
 .../scanprofile-rke-1.6-hardened.yaml         |   9 +
 .../scanprofile-rke-1.6-permissive.yaml       |   9 +
 .../scanprofile-rke2-cis-1.20-hardened.yml    |   9 +
 .../scanprofile-rke2-cis-1.20-permissive.yml  |   9 +
 .../scanprofile-rke2-cis-1.23-hardened.yml    |   9 +
 .../scanprofile-rke2-cis-1.23-permissive.yml  |   9 +
 .../scanprofile-rke2-cis-1.6-hardened.yml     |   9 +
 .../scanprofile-rke2-cis-1.6-permissive.yml   |   9 +
 .../3.0.0-rc8/templates/scanprofileaks.yml    |   9 +
 .../3.0.0-rc8/templates/scanprofileeks.yml    |   9 +
 .../3.0.0-rc8/templates/scanprofilegke.yml    |   9 +
 .../3.0.0-rc8/templates/serviceaccount.yaml   |  14 ++
 .../templates/validate-install-crd.yaml       |  17 ++
 .../3.0.0-rc8/values.yaml                     |  49 ++++++
 index.yaml                                    |  40 +++++
 78 files changed, 1373 insertions(+)
 create mode 100644 assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc8.tgz
 create mode 100644 assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc8.tgz
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc8/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc8/README.md
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscan.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanbenchmark.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanprofile.yaml
 create mode 100644 charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanreport.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/Chart.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/README.md
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/app-readme.md
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/_helpers.tpl
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/alertingrule.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-aks-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.20.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.23.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.5.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-eks-1.0.1.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-gke-1.0.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/cis-roles.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/configmap.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/delete_rolebindings.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/deployment.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/network_policy_allow_all.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/patch_default_serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/psp.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/rbac.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.20.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.23.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.6.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-hardened.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-permissive.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-hardened.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-permissive.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileaks.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileeks.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofilegke.yml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/serviceaccount.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/templates/validate-install-crd.yaml
 create mode 100644 charts/rancher-cis-benchmark/3.0.0-rc8/values.yaml

diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc8.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc8.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..0bbb18b8abd2d27293057541528d2badc2283ce3
GIT binary patch
literal 1466
zcmV;r1x5NFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI@PbDOvm&a?jtO@Gg(U^_|2Z>ihgP4BL0#>w@b*J5L<0f~{8
zTs=4UzuyQ*3>b{DvE7?`UlL2=TM54XR$9;?`2uyH3)7#W<ckpWQ=e=9?PLL(oF#<8
z#h&K6u6s2aC4XJlE&p{d2crvbG#m`CJnwqsUAW$rd+lB@cVEZbSZoONg}b+}^5Xs@
z22v^l5=xqJk1-AeftouUhyrwkddpFhcogW5S;m#hVGH5=D97v#=@{Qs4v`R|iGbsn
zS+=PNHIUMMvowTZ<s}*e1cQBh>8t;BuJ#}jUr`&O<d{8sJs%C%BBJE?Cus<Rz%W`M
zn@m3#_Na6<meXr;M9T=r45BCyJh^MV=NG?2$93Gk=I?r^ex_}#KK=>AC;&q9mItvR
z)P{rHNe?#1zvm7-uNeOWZ#cR<$Nw=bA2|>S{7xwCFXKGDGd2XDz21|M{+LZ-Ln@r2
zQL*Ou0Uw1FNd$yQ-~)lxk2HRAgfR{mW);yr6Ct+)=UT;4A_Te4^!h}I7|Xn-Q1={U
z(i#P^hM?%8$C%;D24*(8$5<AY306Ow*0YyD7}U>J&a6_U4Wu;8G1mgVpR5gnJ1r!k
zo~R%WWj3=u`(~8916qukV+bfVP5_3cv9$BN)9O(Kcne_)_HtKpOUZ_0-KnS;(n8K_
z9hf)_K`$Lr1VI7!A=lChDgt8)NO!A-RzQy+ic|Xks-YE-c@j|p=zi7E3g|D;vH<kw
zs-YE-RCJT7{VXUx&Ra!nt!pdnj4KZ!L_-i3SNwZ*X9IAA+%bHCejK2088%V!QOq5#
zmAuc|i)38ySaV_Gna;vJW4?_QyM!_O`=4|OUtkC?ohm|kbNA`%@V?N@Sfp*XC$Yjw
zF3z-IW!2+SM}@#DcQYpAAg~W27sYv7TU;J`?Y^~!ub;TJ{8OmvZ-j4Hfi;bU(rVU3
z#geMMq!3on=7~s_&EDjj05whbnds(wVGXR0FLI*7C_t+5w3_ftsQ^K42D6eA>%Fkj
z5o-1gIn@xTveR&-(F%-^70f{yhwH6<mQ&w+b52WFwkx@7CY=TGmZ5ix-^qr?O$DoV
zkGlI8t_eA}bn7~*xsquPuVA4d3@gdmL|v=g4;rLNkgZ17@okGZX$<Mq-ye|=gopPP
zqA_+CbWkT6!6<oHA64w`+D9_rfF3qV(N;kLTEnu`=L-`Bu<SUyq1H-oN;vhJyODGI
z=S0hdgMrhl4phoMYh3<@XIy=n=u#fbd(bYi)hs<?{elv8QYBeO-?SCU_TC-S)F#&5
zwnc?Az-|yW+3&a~dlD57XPYaNlj3fd+T+tMSJqOxvZK&=>O#m*YAx%3t5Ru;LSRGv
ze{emzD%Jn&|L6MOG3?OwzgNO^SO|Rof|+zzR0LN}Pg@#{kUQD5?zDOq{;OmbDuSiH
zElNG1kiW$<)Dj6z_WTOSpX&!~0}tOD;Ohr$0nZaAy*|aX<nkG!wTkH$1NU^7ypP)2
zXMXe#T`en-uG4e%hWm3YKj~Y<4xLpIzEk{)aO@6$pUqXv{2!&Kk#?^E8}h$*IT)7m
z|KNH!I_Ljm*rD@(Mwkw>fBxNBMecub*nQ^zkp%uVR1Y9l_Qd&shT0TP8_Ovhizz!6
zw3>B~?XY1h-`c|N;C*#xVRfet=~mWK|20Oc^;cm{`hRtKS=Rq6@BID8QS8wApAx1+
z`JX0$b?TqFJN>cmK=1hX7AN)-C9*@-xKpD2djIA2i2L{h#DBg1Pe0y#`25ic{k?rO
zegEr?2Bq(RFGt?F{&y7n--eG}Z`d^LV|)Rc7%hO9So@qdHt4h2vhI`GQ?KxBXFJ>3
U&Q@jr1^@v6|2qT`b^tU009w=3)&Kwi

literal 0
HcmV?d00001

diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc8.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc8.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..1c8c7a5104a17bb4dd48cf4b136fcad931a84280
GIT binary patch
literal 6622
zcmXAuWmptU*MJw07HN=NBm@aTQ96}Y>5`BXP>`ilSh`E38|f}76_%0^Nl6iwP#Tu5
zjrn-qZ~mURPRupuo*8H?2_59W1@1uvtkiTxY}8(eJ@=J-Y%OXiVypM~jftM5n3kcT
z*b5`4w^q)!zWO>aS+&<r?;yM8J8laSX`{$#y@Hf^x5?MK-jYRGdHmk1xksAGUh`Xd
z+dn+o?;NT1WZ=(19GYixz31)cc^B|~sFig~`=UH1L+f-OD6b|Q=eoPx>3-nJ&?OW}
z;z&02Qt$y{=i4jG`+JXH`Hdw6IkzsbQAS?DS{Fued-0?FV}8AgaFPAf(TEQF#U%%k
zP5GybHny)K6x4p^d&*1KIsNOTvDC=yOBUh3D-^~m*f6l(5?XT7b+<Z{U`X&ucwe5l
zV)&}H<R7e8bV(E6^KQKRLvcabO2RkSX;%Dw-syY`BlQdL4eg8-<+}-IeBS+q_&!My
zt;f+UOlNHWe7AO58LpGg<>{+?+u-$`_q$y;Dq=*S5@~U!)<WEZ<V7M66xj>AVc}W<
z%g;E&Q^Tapska+b`EHHO%epEWAN$untM|2&e#OD<vSP_Eb>7i);mYe|&<V>|_Czhz
zc^Tz~5*sT_{Rm%td0VSCVA{lLOK>Q|=(Zq7T5p<Mk;1>)zYSV}anAygj#fw{hIP*T
z>w=r2M9zgS5?vou^XiGh;S@ozkHWn|cOicDZM7g;7tUEV@jKRZR>ex;dPxOnuIi_;
z68xv(DV-S}QVEkjJqa4sgcc-8pVk^AY1s@QLM~EVrhmpvz3X2+*pE>k)_C|%cBWe0
zdrQOQkMFeK+cSB8!)kzPU<{H-!{eI(*zWr5X;3sVw+ZeZuyzD9-I9s!ky91zkNr36
zEUOA-P~zaEQjyO^_&bi=wy?g}tt`44Om;xTO6jg}p7AlMB)RY&hegAXa+pTMjNr0b
z&*XXi4XaiY+vtsg8cOO1!_!(}5*N>@hAyP;81UARdvHW=XneTNyUchRRv4BjeyjAW
zUd+>%8V1G5+rI<QV+`IZ{5&f2k1Tf<D+Eb5;zAw2D}Icv;a0UlS5L2U7<aKz(ViSs
zgpa$QP$~qI)Nj;K6GsZAE0`-~>QnH(cNuhw|5F~DJV&BuM0fx}5+qj|)o;^B>a0*P
zkmP=Dvh2fKEOIMs#B+``kCN@CD!gUXqQGGvTtSQbrz>DsA|AX%JGx0zPUoQf7vEQD
z%Qx3cH${&d-@dRBuF9t)HK~#=Iz2S_+97<)@P+OKKJ$#>cF#!0Mgx7Jd+rz2a<Y&`
zIN=j{i^`jP5*#<ycl6BRx1N<cQVx=~wW{bPcrN_pcJXL@vrQ|lp+CPF-KjEo7)rYB
z`E_{noF?sysXx{TrKbPgf`AI$?;s0LSQ2GSiY!|WmpRIet*5fBWzh+5i<s|Uclw!p
z2G8J<s!Xi*RWRGsUJv2vB2b<0*4()~PW$3ngc7MGRO7i!BZ;27SrMsb{mJjyL+;En
z3H;6QO5zocapXr#(pg%+u&EB;9<DG^zSYD>j4Nf(GXwL-MsHU+q40#mR&n#Lvfmo>
zx{})Tt-Y2&=K0z4-!$9)m3av#UV40F_21V6XZKr8<_Or&6dX<$Nwci9g4Qo&UCbxx
z*B_<i@Th6Bx_)oVDKJ_zS`_Z;37qF^0nuLjf9`i32a}s#rJ4sf9wH0mf6jrXrls+@
z>-~2yeo17mP3@vERIirlgI8$H;6tjW^RB}LLVWUK<5$^CZ)iyzO<~aQx0vKUC$623
zjgI_50c;76chA+oAb3lw%|#B#xT?y35LNEf#Puk&>X5a{=*nap+eYj{pN>7&H#_Vq
z*0$oAc&}NWQ+NiC(fq25zf7tY`1!bbaH{<H#SV03Q)DL9L0N{<YW78z>W=HXrzbAD
z0^Y8_brnmO8w@<8OFC0WEgl4JJlG}sTi>Op_`!u?nTXxNTk(EIkVj078EiW;twpw?
zuUG2j=B<=Gt;Cqrz}dVt?wBg)E+?XdoPsldFWP@~&b*y$Z!Iv)mUSIp>-4@;eds11
zu74*gUUcN4p*2!bNBa88g2nR5hRi|1woknh@Q$?ac!x!z^5RugfOv4+(oL+8v|G!Q
z8Pl1Wl#yhef1T7)t!(|lqzhKVqXBiEs^!v(Mn3}>BOHVjtr?$H|7peaMU9yWXbAYR
zzZjC0;V$aU@obnV(-L}|k>Nlo;uhY#R?f?Te7hn2Ex4s@MvCS1Bh!<sYY$Qhj8mtX
zM+F9C3`fn-Eh_5E)abO!HNMP;IM`j^!`%8Q4zvr8c0UN50XyeccDOPo+xd<cnPJm)
zPgVc*cYBBm<ZpO$bCEvf0_*%a2kTNn%%#*{m}2j~Z1wko*?KR)>D~s=&*cODF!nTP
zHALf5p8fTu{B345k|bdm7^`>*KxFTH&IWKpj8O}wbrpim!)EJHsrGeapi^Do8y0$#
zI0C#VV8BsU9wCt8XNZ@qKY$J!4oILt;@C})t-ywX8i;`+nqwpj(=puaTI~81BfrCp
z6AzZUkgxp-T$z9c6AsFVK8Aj}L@aeP7yJQG`%C#<7J#5;O$X6&yE70=I|zb%cMM#z
zJ(2+OkB&k7avLVm)>a(7;cYnwc&y+!B!yBVk)@D`cW}tpbTPg)P#`^ca6R#|uonL*
z3#WWo{Jrda&?anYNbpuw8Mnij7shdpb|T~7fO}zKbExcdz^oXLK@LVuKr96L58*Cm
zXe9K^{R}ZHih<!bAHokV&ydwbGl?-6`ARH`vS|%iAz(BAvyu<NiZd5D>#u+dkz+(8
z$ZrB%y}(YJ5e%r_#$``;UFpOF;!GfWaV?Q;0<BC_1Hk4ch$kv%K_BNM6+@4KO)pS!
zF~c$b7<9fmPM%f}MH@-;A0hTH;UzRT0gJ+QYy)^A%*)X_(SYJ7$j>}QsA#i*^GqOY
zg~-HKLFq3o&M~0C{tSqRFkixNpka>`7R!5p4)z$V)n)?N4bMZkN7xF&m!&>Xe+|BO
z46vP<!12cEA-LTOFT&eap~s2W<K)F~aMAKufUXAV4ajQTbmChKtPA(Q0tH~?BmS2v
zYaa+~rhxpzjMV~)Q58D?=aP^D<hFlxaOWdeNWD+|fbtOX;}V{h4aAY)Es^IDT#K^H
zA&6J$F%H^-R}cp-PZ8ajmpE_H@<ib84Dm_9+F|RQ_5XnfdvJIL7B}nSV%G^KNVfli
z2fK&~$mu5<K=}vaa)CiwzPCFAVj;gT5F1261G(@foRK*H5g0^+<1^%YP{cGf2#Wq!
zUdGf5_%czD#u@Sg#21L+Q0;iju4mb&h%Y)H!07_~7^lTm{sE{q02P9%*oU|(bdE1a
zB|FY^6a)&}gRdPQn6Aqy2rlWQ#cur#aXpg1I)I_~Q~4$dXMcvWsRmhkt2@LJvnvsA
zS?6Qoo4T|#*PC1D<2#2H>w~0|ZqeECus)|<p;Oih7`5vQ?XeFRm%NA@KA4a_sK_Wt
zd>2WOHZG^U*X3O#z$imf_g*kp8U0z7xFWE&C%=4;`p$wps+u=#&gMARQyIE2cOI^3
z>23kdtjnW65+%z?LD$o4i5kabXHPI?3OD3Cr~lm=66bC2ElA|Ne}2QzqVO{&d#HQ=
zB;O>GNnf=Bo2XnUheqzKV}LWleg?2878iL6BYJUZZU_`TpA(~<#6ht^wI-!xzr5zT
zq#tc*Ci`nM<u{yApX%rj(0G<4GxYeAw<jWs2vZYvtTK#nJHkJyh^8chW2K>wf7t>d
zL@7x^i()LzTUtqp%^l<H;4q<M-S4~6yrS8cm}-(&mDRkFjbE8<9ND*U2Sv2Keimuu
zK3^WBGw{O0-ih$hS{d9TWebdBI}Dz7-7CCbc-*TR^7;xmO^s}VK)BO7oLO<EFrOdk
zy!H)<XEXeU@X#4*@TGWtN>P`+5hXKphX1WZh#{BI#(R(SNYXf1eq$~i<1V1_%bwkJ
zW{-4ITzOdna=)$2flRc&d$RRZB3{IgIU>tywWKuDW`*JzHFA2k3l&YUk<g3JkK`qw
zS|=Dtb`>BC>V@bC{xEC9qhuXw6LSocdbJ#K1b=goU6N<YNmk&rfQq8o#!uZ$ZFHxk
zWZ)FF1yLQ4uw2di@8h`9q{1DmREQ!c69scmCI-!iTB+u(SGA2LJt>UB^lfb(TM(Y`
zwSqyOI*)wKasM`Ac3HREsTtbK6;=ajF7Iv#+<3X#-WYA_9BxcbI=nFWdC@I{_Rgi0
zhX^}+^20G%vF~{S*UbGPuO`AhM6G{z^H<r>z6;IR^_bb)duT?O$2iLeeN1cni=pzz
zFppvJ)m*~Exjc)gZ#i^TCySro%bmq(-)Y#uo8{`f=e0lQbe1L<ol~%+Np4XK0upP|
z6<(j>DMaI-Iq`1C@ZQ3CfFzmx0!4SumE*+K$50t9(L5-HR_Gl{t?pPKM8^^pZ{`rk
z%t}KtMbZ7#3cqX($FZqK22OKnLYTl%2d!*G#e5CDduEBpsya_@IoHB1YS+fE)7Ekh
z<xE;$j{WYi@L5jZ+OjdR7g?3lG~B$ScWo=FYj3BUN-_9%mDCsUZM&Kv@H@sfT-*<@
zB6o%<<rkN}$-&|Nm-`qPV@378!55}X*=p<!2|Ql6n*QnqiZ(4BXZajZQ!kNdOCuH_
zcZx#7!6GFR=&Q0Zz5W$cGrZku5E4+uP}WgoQYQ>^9z(t|gSWK@cpt7@9i5KsO`p#~
zkM8BC3=Iw0yg`~_d<w7DCumfM$o}<Hy__Se;1*uWho7IVj>z4^|E@=AcH%Firn<*;
zcH{E|YI8P7o$u%N9;G<+ek}}{j}X}0|M<<3W~+X1M4SIjm4VxF7uk=J;S0EWTMF0w
z4ot)0&%et3#xD(=ZVl9l^Ks)s>anQjCYQLOG!I(NA0>mh^h-G1-<ZR%3od3}v9gIZ
zQy|hOv;-~hhC^CfE?pnD^M~*$WZ0-Xxi6|$wJ;oRYiB$hbp;d#M7;9fua}-gCfhvO
zU{(4oRgO|PQ{l^p&IEpo@?q+qm}Ok~r`LL#9`z8nqm1g)ne#F^pT>KQmjBZ62aS~d
zZ>qh)X_1HX9K31@d_L&oy!r^^`A1zr6m|Yx@?q*a_OnFzMbYT#<zavHJ74lLJkRE-
zl7CeIikt5bwtYswZ1*fszFxWjIB6xZbG?rd3wA&yjh)I-#I|TX+uIwfAt)uKz!mT{
zgH?C0z%V`}$ZP-|P5X22K?8O1JGg_F^m)fUHCBI!(GM2NvV1Q;oQBW)72Y)CL`bbf
zJ1_gsl_wH&zanfxxG6bqLG~SY*X|ugaW~8c9*wAz7iNz8Pd_2=CZN2#DOIqsnp0~^
zB9xJoZdCWNZwlq$)aZ%YJ{mbg`P`a(@(i<ZBVM(rn=c3Nu1Cn1w{+C$^DnI3QV%Kd
zFA^q6e5wTZYs-RB{`EKb8`78H>Eu3R-z+no!^xzDp!3#S<QBs0Y!ckDVz2F5C`~>T
ze{Mw6nNAqK5W1Pk#6v$6&->8x{U`66JlW5M=t#;<_E4Xudj=d4FZE=~sWXUYMSg{_
zJ?`cD_x4W8c6^T<RriU-vf5(3)!aJ*1iipU7Q60=>?CrJ0Gd3ZSM?w?hOY^jjLQGQ
z<7)s#O-p=^z~6oyjf!7Z%f9^OSUPupTF(Fe<um2PSGNRcn%N$lgy9)fMqb~VgGwg(
z49zM6Xr(C({T-=WbHz3HV80jo)fNYN_2~5Go4tIPw#F|u?4SW2Pbr2)t+)aN8t2Cp
zRq#&lqxrfI2vZMKPZBgPxc+>E((`>AO%G%y{$aRc;gluNRqKS+*Hl)PSQX&Z;xOpx
zp890n$`R1??8d{|ky6PCF19bfrwx?bxm8-#a;)zOrWS55o<zaho1a!}<)O`BE%gn*
z^fg=GWI0qAE<QSSoioaM@fqec_WSRniL^;KiNEyPg}7gJeDuXAYvYIfUfjnonF|M-
z;TrBA+12z}nTt=&E7YYOKD)5Oa2IT8M)mQYs~^yO_u-+TZEF<K2)ZSi5y<-mwM?Ch
zCfR;?#rfCd*}Pk9lxh25umd2aMUlXPC=w31{6t}qep(0yqt7xq@OR@&qi)PpS~OCM
z?}i8*c-?<QyOhQ<cTS&Ay}Ni^gb#@050F2>qY&l`d51JW&<n=8RxnT~8aozp4E)xD
zFL4%J5^`W5eiH692VP2qfr`YN#gq^<<`_ZLjsl+Oh-<*jz#x+ojUAHff@Z2H$X@^2
zjL_9zhhLEw<on}hMI1q7Z}8#u{NBSLuV!A@Fmt5t=(QfC$H!cwxic6+U&GE_9A(}(
zjxr95gr;6vG-07xSY&*G7fwDL3%!j-2v;7$-$z{{dvP0MfHmt}o<&g>1C`IcgtF|w
zNh*&3<eFr$V}Za`;x^MYj8BaKUJ+npgFPR(gW2#-%0(j`dFub*?6IKR#cB7N|L%fc
z$X^M{+_-(O+$p2Wtak9WybpwGg33o=_CMwi`ErpDjsk6%yNm&Wb}$INy9+WUK`Zqm
zD?mKbfc%MtMrr(yHIEV5ilS!-9SX}`fG3dyh}m%+jG*Zl9%?mK4IYOO?Si%kN7?Nl
zR3{t|X92Puc<+AK0fPFGHOQWV^j|^42riLzNB9c&!0`@T)*WXmD)A7IkM=t`5Gype
zFtcfgY-5mcVg*Uyeg^;Z7z4X;dW>jbgM97#wHc(UoeCnqL9~aisrMQ<%rP(wVUYF8
zqd&rmp14^jKyh7pECx=4h8g0WDJkQiC-@4N7>n*J<aG?BQ+=S{0>YQ_q8IaD&pJ>b
z{^z-T)^)GoWXJzm^y6U$ysh(Fu}6GsaNv}J#TnJXFxUA19JeMtG2V*M*OWz9z4<GA
zoA>~_y#_zS%)WwI{=dRg8%$&p@IqB&qpAk*F!{*6!&(@1<sAGNi?q9TFeZ+Mzg-7r
zC?)h;=1X#wdq5!fqBH&>F4656bl@_5K^=8*dw#vFyS8%L7MfkPVGNJ)CDtADQ0Ds`
z>jlsE+j4<7Ut<sh?5+)A7bNiE6@L^uQKttiSw0#(Kp>(2UCd<QKJ`?Yh3!hhG6kFA
z19RrfMQ1i;H=A{&J!N!Rnx_%z!a9sE^W~cJxKh{i?F0+%XT6U#TOFJtz<U@tH|ocd
zo030qYpk`7>iDa1LKQEyq~tVh8&SS%X5!d`T!O}5ycP=^M(H1Lv=vFV5e&u{wi(wz
zVeYRVa>gYaEmT%;TzbVd96zEpN{FWxF9igr^PROO@|VRqi?y)~CG7^E7!Mq2l#Je0
zakB<ekPtIA*R55}&cbf=uqNdtl(@5)zbT343<&v)pVTWsydoMPkrES<L%2@!!m8hg
zMql<LIcHB~3&YpR?UF#5$J3o^bUR=t_E;Qsf49UxMdk+vVI|*$TVP30wZqJk<Q45`
z<B#tQv!pm^o|w2+PhS<xWx64$v}H~eIM}r-hx~k-nDPrRsPv18eDNQ|i2U}^IwYa8
z+WsV|om$KZCeNde%Bf~G^f=nPXe2W}-Q!5FDIcgOuU&jAtD0VTf1Idd`s!c0g$emV
zTC~_bI(u91q}Sn*b0*QDQG!{A&u5?X=$2hhbxg9xTqXt}SA!OLSf3K79Kh#x?APJ`
zMWV;pbG!Ob@I*&mteJGHb+cw`%&rhGF^Y|kHc_s!_|-R}O6QT=s_EM?Axh#p_`>2+
zPcazlJ0-$*b4TAcH?q;#TZ_t}oRr*(RHTIW40jN>RfoqVGahtKT`6p36Pn%`(&kWL
zbRse)V%4OMWO6wTBV-Nm$o%+2d^KpV{<W%XG|XckeFkGI$i4WZRk$DLfvcE__DCcV
zwaptatfWtQWkXj^_t9|p3G~+&yN~BNgUTY)F9+I72|AS+erzohmey|Hq9mSrNhJjk
zz~CiZ{{>xgn@9l0F=(xS&#9+VDfxl$RJ%+8z7;n<r{ZbNwi@Y=c^iErt$c}^ylMk!
zoNU?ecOG(j9qikHsZdE!^C`9ZEQcYEzbOZYtiTC*6n$(SZy$wF(_6I13J0pUFCo6&
z)N`>?;UoEM0x^&kmdqUEQq<bjGw~}k4q`#xwE4=HSE;n&dZ<6(Xu8T-El?FQ@Nc3S
zkBLE?Svia+f#$c)CZ9vgZlU*cdt3Gc?SA_Fsl_&iGKXf4(I-4r&ak+p0GZ;b&4Rf5
zrH<U!kEd}GIs+OJeQbx+g;t~L_+tFYu5otty5D<)d3AIsl4wbW(z3ZeO~ecmezKC2
zYqRQiZTI{tl)g+O*lk)RN2xEa#xQhViqQY)ER!;lM4G!%)lroBaZ{P1V{f>RRK3)J
zx}t^R9TkHEVO|-oa?tM+_b(&4bstiiwx}<A?!UeDPRz)wA|%g)o*DG*6ff2ox8_I1
zc}E5yxipQ{D2uf{W}5p*nLaBx5^GA3yAV)nHj|J(&g$WBihB8`a=~x(=aY03#RB?L
z-DV31`BmfOH`bx5`-&9Qp8T0{Hq6m_xm4lWoIx=`Pv?@L;;H@vd>@`C`WsNMl}ae|
z3V);%Wc{Atfi*Ox4t}5aGyEQ*g83pETGx$d04;=>H!1YoVX(8unc`3T)<W+;`0oC%
zY0F;t^g!wsW6Q^VZid0~p*3eoZ}U%+-FdA`&c=8&SQ?_d&FD~zC*hDy)m=i4ajgy1
s5`Vv+X|HR)&hnU~m#ED#oQwE(S6A1vz;{4={gngoDq1!m8hDWZ1J68^Jpcdz

literal 0
HcmV?d00001

diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/Chart.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/Chart.yaml
new file mode 100644
index 000000000..0ba1da37b
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 3.0.0-rc8
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/README.md b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/README.md
new file mode 100644
index 000000000..f6d9ef621
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/README.md
@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscan.yaml
new file mode 100644
index 000000000..3cbb0ffcd
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscan.yaml
@@ -0,0 +1,148 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscans.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScan
+    plural: clusterscans
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .status.lastRunScanProfileName
+      name: ClusterScanProfile
+      type: string
+    - jsonPath: .status.summary.total
+      name: Total
+      type: string
+    - jsonPath: .status.summary.pass
+      name: Pass
+      type: string
+    - jsonPath: .status.summary.fail
+      name: Fail
+      type: string
+    - jsonPath: .status.summary.skip
+      name: Skip
+      type: string
+    - jsonPath: .status.summary.warn
+      name: Warn
+      type: string
+    - jsonPath: .status.summary.notApplicable
+      name: Not Applicable
+      type: string
+    - jsonPath: .status.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.scheduledScanConfig.cronSchedule
+      name: CronSchedule
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              scanProfileName:
+                nullable: true
+                type: string
+              scheduledScanConfig:
+                nullable: true
+                properties:
+                  cronSchedule:
+                    nullable: true
+                    type: string
+                  retentionCount:
+                    type: integer
+                  scanAlertRule:
+                    nullable: true
+                    properties:
+                      alertOnComplete:
+                        type: boolean
+                      alertOnFailure:
+                        type: boolean
+                    type: object
+                type: object
+              scoreWarning:
+                enum:
+                - pass
+                - fail
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              NextScanAt:
+                nullable: true
+                type: string
+              ScanAlertingRuleName:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                nullable: true
+                properties:
+                  error:
+                    type: boolean
+                  message:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                  transitioning:
+                    type: boolean
+                type: object
+              lastRunScanProfileName:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              summary:
+                nullable: true
+                properties:
+                  fail:
+                    type: integer
+                  notApplicable:
+                    type: integer
+                  pass:
+                    type: integer
+                  skip:
+                    type: integer
+                  total:
+                    type: integer
+                  warn:
+                    type: integer
+                type: object
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanbenchmark.yaml
new file mode 100644
index 000000000..fd291f8c3
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanbenchmark.yaml
@@ -0,0 +1,54 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanbenchmarks.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanBenchmark
+    plural: clusterscanbenchmarks
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.clusterProvider
+      name: ClusterProvider
+      type: string
+    - jsonPath: .spec.minKubernetesVersion
+      name: MinKubernetesVersion
+      type: string
+    - jsonPath: .spec.maxKubernetesVersion
+      name: MaxKubernetesVersion
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapName
+      name: customBenchmarkConfigMapName
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapNamespace
+      name: customBenchmarkConfigMapNamespace
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              clusterProvider:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapName:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapNamespace:
+                nullable: true
+                type: string
+              maxKubernetesVersion:
+                nullable: true
+                type: string
+              minKubernetesVersion:
+                nullable: true
+                type: string
+            type: object
+        type: object
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanprofile.yaml
new file mode 100644
index 000000000..1e75501b7
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanprofile.yaml
@@ -0,0 +1,36 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanprofiles.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanProfile
+    plural: clusterscanprofiles
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              skipTests:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+            type: object
+        type: object
+    additionalPrinterColumns:
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
diff --git a/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanreport.yaml
new file mode 100644
index 000000000..6e8c0b7de
--- /dev/null
+++ b/charts/rancher-cis-benchmark-crd/3.0.0-rc8/templates/clusterscanreport.yaml
@@ -0,0 +1,39 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanreports.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanReport
+    plural: clusterscanreports
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              reportJSON:
+                nullable: true
+                type: string
+            type: object
+        type: object
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/Chart.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/Chart.yaml
new file mode 100644
index 000000000..60311c338
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/Chart.yaml
@@ -0,0 +1,22 @@
+annotations:
+  catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: CIS Benchmark
+  catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+  catalog.cattle.io/release-name: rancher-cis-benchmark
+  catalog.cattle.io/type: cluster-tool
+  catalog.cattle.io/ui-component: rancher-cis-benchmark
+apiVersion: v1
+appVersion: v3.0.0
+description: The cis-operator enables running CIS benchmark security scans on a kubernetes
+  cluster
+icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+keywords:
+- security
+name: rancher-cis-benchmark
+version: 3.0.0-rc8
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/README.md b/charts/rancher-cis-benchmark/3.0.0-rc8/README.md
new file mode 100644
index 000000000..50beab58b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/README.md
@@ -0,0 +1,9 @@
+# Rancher CIS Benchmark Chart
+
+The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
+
+# Installation
+
+```
+helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
+```
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/app-readme.md b/charts/rancher-cis-benchmark/3.0.0-rc8/app-readme.md
new file mode 100644
index 000000000..5e495d605
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher CIS Benchmarks
+
+This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
+
+This chart installs the following components:
+
+- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
+- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
+- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
+- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
+- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
+    - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
+    - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/_helpers.tpl b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/_helpers.tpl
new file mode 100644
index 000000000..b7bb00042
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/_helpers.tpl
@@ -0,0 +1,27 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "cis.namespace" -}}
+  {{- .Release.Namespace | default "cis-operator-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/alertingrule.yaml
new file mode 100644
index 000000000..1787c88a0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/alertingrule.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.alerts.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: rancher-cis-pod-monitor
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  podMetricsEndpoints:
+  - port: cismetrics
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-aks-1.0.yaml
new file mode 100644
index 000000000..1ac866253
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-aks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: aks-1.0
+spec:
+  clusterProvider: aks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.20.yaml
new file mode 100644
index 000000000..1203e5bcc
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.20.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.20
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.23.yaml
new file mode 100644
index 000000000..920b556ea
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.23.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.23
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.5.yaml
new file mode 100644
index 000000000..c9e6075fb
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.5.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.5
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.6.yaml
new file mode 100644
index 000000000..4f5d66e92
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.6
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-eks-1.0.1.yaml
new file mode 100644
index 000000000..d1ba9d295
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-eks-1.0.1.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: eks-1.0.1
+spec:
+  clusterProvider: eks
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-gke-1.0.yaml
new file mode 100644
index 000000000..72122e8c5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-gke-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: gke-1.0
+spec:
+  clusterProvider: gke
+  minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-hardened.yaml
new file mode 100644
index 000000000..147cac390
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.20-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-permissive.yaml
new file mode 100644
index 000000000..d9584f722
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.20-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-hardened.yaml
new file mode 100644
index 000000000..ee153603b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.23-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-permissive.yaml
new file mode 100644
index 000000000..51f2186f3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.23-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.23-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..5160cf795
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-hardened
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..10c075985
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-k3s-cis-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.6-permissive
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-hardened.yaml
new file mode 100644
index 000000000..4924679cb
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.20-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-permissive.yaml
new file mode 100644
index 000000000..2db66d7c6
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.20-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-hardened.yaml
new file mode 100644
index 000000000..f6a99698e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.23-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-permissive.yaml
new file mode 100644
index 000000000..a26bd63cf
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.23-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.23-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..b9154f1ad
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..9da65d55d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.5-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.5-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..77f8a31df
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-hardened
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..600b8df35
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke-cis-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke-cis-1.6-permissive
+spec:
+  clusterProvider: rke
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-hardened.yaml
new file mode 100644
index 000000000..b6cc88359
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.20-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-permissive.yaml
new file mode 100644
index 000000000..fd898bfe8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.20-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.19.0"
+  maxKubernetesVersion: "1.21.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-hardened.yaml
new file mode 100644
index 000000000..90e356d72
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.23-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-permissive.yaml
new file mode 100644
index 000000000..deafdbda6
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.23-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.23-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.22.0"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..20091ec2b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..9a86906b0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.5-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.5-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.15.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..ea2549ef3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-hardened
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..0afdaaa19
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/benchmark-rke2-cis-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.6-permissive
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.16.0"
+  maxKubernetesVersion: "1.18.x"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/cis-roles.yaml
new file mode 100644
index 000000000..23c93dc65
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/cis-roles.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-admin
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cis-view
+rules:
+  - apiGroups:
+      - cis.cattle.io
+    resources:
+      - clusterscanbenchmarks
+      - clusterscanprofiles
+      - clusterscans
+      - clusterscanreports
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - catalog.cattle.io
+    resources: ["apps"]
+    resourceNames: ["rancher-cis-benchmark"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/configmap.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/configmap.yaml
new file mode 100644
index 000000000..1a9cd1809
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/configmap.yaml
@@ -0,0 +1,18 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: default-clusterscanprofiles
+  namespace: {{ template "cis.namespace" . }}
+data:
+  # Default ClusterScanProfiles per cluster provider type
+  rke: |-
+    <1.21.0: rke-profile-permissive-1.20
+    >=1.21.0: rke-profile-permissive-1.23
+  rke2: |-
+    <1.21.0: rke2-cis-1.20-profile-permissive
+    >=1.21.0: rke2-cis-1.23-profile-permissive
+  eks: "eks-profile"
+  gke: "gke-profile"
+  aks: "aks-profile"
+  k3s: "k3s-cis-1.23-profile-permissive"
+  default: "cis-1.23-profile"
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/delete_rolebindings.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/delete_rolebindings.yaml
new file mode 100644
index 000000000..9c9946464
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/delete_rolebindings.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: delete-rolebinding
+  annotations:
+    "helm.sh/hook": pre-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      restartPolicy: Never
+      containers:
+      - name: delete-binding
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "delete", "clusterrolebinding", "cis-operator-rolebinding", "cis-operator-installer"]
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/deployment.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/deployment.yaml
new file mode 100644
index 000000000..ab0bb3e24
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/deployment.yaml
@@ -0,0 +1,55 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cis-operator
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    cis.cattle.io/operator: cis-operator
+spec:
+  selector:
+    matchLabels:
+      cis.cattle.io/operator: cis-operator
+  template:
+    metadata:
+      labels:
+        cis.cattle.io/operator: cis-operator
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      containers:
+      - name: cis-operator
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
+        imagePullPolicy: Always
+        ports:
+        - name: cismetrics
+          containerPort: {{ .Values.alerts.metricsPort }}
+        env:
+        - name: SECURITY_SCAN_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
+        - name: SECURITY_SCAN_IMAGE_TAG
+          value: {{ .Values.image.securityScan.tag }}
+        - name: SONOBUOY_IMAGE
+          value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
+        - name: SONOBUOY_IMAGE_TAG
+          value: {{ .Values.image.sonobuoy.tag }}
+        - name: CIS_ALERTS_METRICS_PORT
+          value: '{{ .Values.alerts.metricsPort }}'
+        - name: CIS_ALERTS_SEVERITY
+          value: {{ .Values.alerts.severity }}
+        - name: CIS_ALERTS_ENABLED
+          value: {{ .Values.alerts.enabled | default "false" | quote }}
+        - name: CLUSTER_NAME
+          value: '{{ .Values.global.cattle.clusterName }}'
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/network_policy_allow_all.yaml
new file mode 100644
index 000000000..6ed5d645e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ template "cis.namespace" . }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 000000000..e78a6bd08
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: cis-operator-serviceaccount
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ template "cis.namespace" . }}]
+
+  backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/psp.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/psp.yaml
new file mode 100644
index 000000000..c012e7a43
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/psp.yaml
@@ -0,0 +1,57 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: cis-psp
+spec:
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+  - '*'
+  fsGroup:
+    rule: RunAsAny
+  hostIPC: true
+  hostNetwork: true
+  hostPID: true
+  hostPorts:
+  - max: 65535
+    min: 0
+  privileged: true
+  runAsUser:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cis-psp-role
+  namespace: {{ template "cis.namespace" . }}
+rules:
+- apiGroups:
+  - policy
+  resourceNames:
+  - cis-psp
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: cis-psp-rolebinding
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cis-psp-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/rbac.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/rbac.yaml
new file mode 100644
index 000000000..36dc55b29
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/rbac.yaml
@@ -0,0 +1,160 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-clusterrole
+rules:
+- apiGroups:
+  - "cis.cattle.io"
+  resources:
+  - "*"
+  verbs:
+  - "*"
+- apiGroups:
+  - ""
+  resources:
+  - "pods"
+  - "services"
+  - "configmaps"
+  - "nodes"
+  - "serviceaccounts"
+  verbs:
+  - "get"
+  - "list"
+  - "create"
+  - "update"
+  - "watch"
+  - "patch"
+- apiGroups:
+  - "batch"
+  resources:
+  - "jobs"
+  verbs:
+  - "list"
+  - "create"
+  - "patch"
+  - "update"
+  - "watch"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-scan-ns
+rules:
+- apiGroups:
+  - "*"
+  resources:
+  - "podsecuritypolicies"
+  verbs: 
+  - "get"
+  - "list"
+  - "watch"
+- apiGroups:
+  - ""
+  resources:
+  - "namespaces"
+  - "nodes"
+  - "pods"
+  verbs:
+  - "get"
+  - "list"
+  - "watch"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: cis-operator-role
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  namespace: {{ template "cis.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - "services"
+  verbs:
+  - "watch"
+  - "list"
+  - "get"
+  - "patch"
+- apiGroups:
+  - "batch"
+  resources:
+  - "jobs"
+  verbs:
+  - "watch"
+  - "list"
+  - "get"
+  - "delete"
+- apiGroups:
+  - ""
+  resources:
+  - "configmaps"
+  - "pods"
+  - "secrets"
+  verbs:
+  - "*"
+- apiGroups:
+  - "apps"
+  resources:
+  - "daemonsets"
+  verbs:
+  - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-operator-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cis-scan-ns
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cis-scan-ns
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-operator-rolebinding
+  namespace: {{ template "cis.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cis-operator-role
+subjects:
+- kind: ServiceAccount
+  name: cis-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
+- kind: ServiceAccount
+  name: cis-operator-serviceaccount
+  namespace: {{ template "cis.namespace" . }}
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.20.yaml
new file mode 100644
index 000000000..05263ce7d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.20.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.20-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.20
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.23.yaml
new file mode 100644
index 000000000..c59d8f51f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.23.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.23-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.23
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.6.yaml
new file mode 100644
index 000000000..8a8d8bf88
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.6-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-hardened.yml
new file mode 100644
index 000000000..a0b6cb6f6
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.20-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-permissive.yml
new file mode 100644
index 000000000..89885548d
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.20-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.20-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-hardened.yml
new file mode 100644
index 000000000..724412d3a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.23-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-permissive.yml
new file mode 100644
index 000000000..9f9213de1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.23-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.23-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-hardened.yml
new file mode 100644
index 000000000..095e977ab
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-permissive.yml
new file mode 100644
index 000000000..3b22a80c8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-k3s-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-hardened.yaml
new file mode 100644
index 000000000..c36cf38c9
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.20
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-permissive.yaml
new file mode 100644
index 000000000..cfeb4b34c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.20-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.20
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-hardened.yaml
new file mode 100644
index 000000000..007331149
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.23
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-permissive.yaml
new file mode 100644
index 000000000..085b60dfa
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.23-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.23
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-hardened.yaml
new file mode 100644
index 000000000..d38febd80
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-hardened-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-permissive.yaml
new file mode 100644
index 000000000..d31b5b0d2
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke-profile-permissive-1.6
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-hardened.yml
new file mode 100644
index 000000000..decc9b651
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.20-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.20-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-permissive.yml
new file mode 100644
index 000000000..74c96ffc4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.20-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.20-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.20-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-hardened.yml
new file mode 100644
index 000000000..abc1c2a21
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.23-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.23-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-permissive.yml
new file mode 100644
index 000000000..51cc519ac
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.23-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.23-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.23-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-hardened.yml
new file mode 100644
index 000000000..c7ac7f949
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-hardened
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-permissive.yml
new file mode 100644
index 000000000..96ca1345a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofile-rke2-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: rke2-cis-1.6-profile-permissive
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: rke2-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileaks.yml
new file mode 100644
index 000000000..ea7b25b40
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileaks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: aks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: aks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileeks.yml
new file mode 100644
index 000000000..3b4e34437
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofileeks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: eks-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: eks-1.0.1
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofilegke.yml
new file mode 100644
index 000000000..2ddd0686f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/scanprofilegke.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: gke-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ec48ec622
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  name: cis-operator-serviceaccount
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ template "cis.namespace" . }}
+  labels:
+    app.kubernetes.io/name: rancher-cis-benchmark
+    app.kubernetes.io/instance: release-name
+  name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..562295791
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/templates/validate-install-crd.yaml
@@ -0,0 +1,17 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/3.0.0-rc8/values.yaml b/charts/rancher-cis-benchmark/3.0.0-rc8/values.yaml
new file mode 100644
index 000000000..852711030
--- /dev/null
+++ b/charts/rancher-cis-benchmark/3.0.0-rc8/values.yaml
@@ -0,0 +1,49 @@
+# Default values for rancher-cis-benchmark.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  cisoperator:
+    repository: rancher/cis-operator
+    tag: v1.0.10-rc2
+  securityScan:
+    repository: rancher/security-scan
+    tag: v0.2.9-rc5
+  sonobuoy:
+    repository: rancher/mirrored-sonobuoy-sonobuoy
+    tag: v0.56.7
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+affinity: {}
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+    clusterName: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.20.2
+
+alerts:
+  enabled: false
+  severity: warning
+  metricsPort: 8080
diff --git a/index.yaml b/index.yaml
index 800eb520e..0a427270e 100755
--- a/index.yaml
+++ b/index.yaml
@@ -3421,6 +3421,32 @@ entries:
     - assets/rancher-backup-crd/rancher-backup-crd-1.0.200.tgz
     version: 1.0.200
   rancher-cis-benchmark:
+  - annotations:
+      catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/display-name: CIS Benchmark
+      catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/os: linux
+      catalog.cattle.io/permits-os: linux,windows
+      catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+      catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+      catalog.cattle.io/release-name: rancher-cis-benchmark
+      catalog.cattle.io/type: cluster-tool
+      catalog.cattle.io/ui-component: rancher-cis-benchmark
+    apiVersion: v1
+    appVersion: v3.0.0
+    created: "2022-10-18T23:00:17.259715427+02:00"
+    description: The cis-operator enables running CIS benchmark security scans on
+      a kubernetes cluster
+    digest: 22d1116483cc01cbceba2f3733b120261af5279ed2b15d4a28d869a17a838720
+    icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+    keywords:
+    - security
+    name: rancher-cis-benchmark
+    urls:
+    - assets/rancher-cis-benchmark/rancher-cis-benchmark-3.0.0-rc8.tgz
+    version: 3.0.0-rc8
   - annotations:
       catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
       catalog.cattle.io/certified: rancher
@@ -3735,6 +3761,20 @@ entries:
     - assets/rancher-cis-benchmark/rancher-cis-benchmark-1.0.100.tgz
     version: 1.0.100
   rancher-cis-benchmark-crd:
+  - annotations:
+      catalog.cattle.io/certified: rancher
+      catalog.cattle.io/hidden: "true"
+      catalog.cattle.io/namespace: cis-operator-system
+      catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+    apiVersion: v1
+    created: "2022-10-18T23:00:17.261637441+02:00"
+    description: Installs the CRDs for rancher-cis-benchmark.
+    digest: 25225ec34aac875d216fe72dd81788384dad7f6f2479c3ecbb814b8b7f1af5b3
+    name: rancher-cis-benchmark-crd
+    type: application
+    urls:
+    - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-3.0.0-rc8.tgz
+    version: 3.0.0-rc8
   - annotations:
       catalog.cattle.io/certified: rancher
       catalog.cattle.io/hidden: "true"