[release-v2.9] Forward port rancher cis benchmark (#4268)

charts/rancher-cis-benchmark-crd/4.3.0/Chart.yaml

@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 4.3.0

charts/rancher-cis-benchmark-crd/4.3.0/README.md

@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.

charts/rancher-cis-benchmark-crd/4.3.0/templates/clusterscan.yaml

@@ -0,0 +1,148 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscans.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScan
+    plural: clusterscans
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .status.lastRunScanProfileName
+      name: ClusterScanProfile
+      type: string
+    - jsonPath: .status.summary.total
+      name: Total
+      type: string
+    - jsonPath: .status.summary.pass
+      name: Pass
+      type: string
+    - jsonPath: .status.summary.fail
+      name: Fail
+      type: string
+    - jsonPath: .status.summary.skip
+      name: Skip
+      type: string
+    - jsonPath: .status.summary.warn
+      name: Warn
+      type: string
+    - jsonPath: .status.summary.notApplicable
+      name: Not Applicable
+      type: string
+    - jsonPath: .status.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.scheduledScanConfig.cronSchedule
+      name: CronSchedule
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              scanProfileName:
+                nullable: true
+                type: string
+              scheduledScanConfig:
+                nullable: true
+                properties:
+                  cronSchedule:
+                    nullable: true
+                    type: string
+                  retentionCount:
+                    type: integer
+                  scanAlertRule:
+                    nullable: true
+                    properties:
+                      alertOnComplete:
+                        type: boolean
+                      alertOnFailure:
+                        type: boolean
+                    type: object
+                type: object
+              scoreWarning:
+                enum:
+                - pass
+                - fail
+                nullable: true
+                type: string
+            type: object
+          status:
+            properties:
+              NextScanAt:
+                nullable: true
+                type: string
+              ScanAlertingRuleName:
+                nullable: true
+                type: string
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      nullable: true
+                      type: string
+                    lastUpdateTime:
+                      nullable: true
+                      type: string
+                    message:
+                      nullable: true
+                      type: string
+                    reason:
+                      nullable: true
+                      type: string
+                    status:
+                      nullable: true
+                      type: string
+                    type:
+                      nullable: true
+                      type: string
+                  type: object
+                nullable: true
+                type: array
+              display:
+                nullable: true
+                properties:
+                  error:
+                    type: boolean
+                  message:
+                    nullable: true
+                    type: string
+                  state:
+                    nullable: true
+                    type: string
+                  transitioning:
+                    type: boolean
+                type: object
+              lastRunScanProfileName:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              observedGeneration:
+                type: integer
+              summary:
+                nullable: true
+                properties:
+                  fail:
+                    type: integer
+                  notApplicable:
+                    type: integer
+                  pass:
+                    type: integer
+                  skip:
+                    type: integer
+                  total:
+                    type: integer
+                  warn:
+                    type: integer
+                type: object
+            type: object
+        type: object

charts/rancher-cis-benchmark-crd/4.3.0/templates/clusterscanbenchmark.yaml

@@ -0,0 +1,54 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanbenchmarks.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanBenchmark
+    plural: clusterscanbenchmarks
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.clusterProvider
+      name: ClusterProvider
+      type: string
+    - jsonPath: .spec.minKubernetesVersion
+      name: MinKubernetesVersion
+      type: string
+    - jsonPath: .spec.maxKubernetesVersion
+      name: MaxKubernetesVersion
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapName
+      name: customBenchmarkConfigMapName
+      type: string
+    - jsonPath: .spec.customBenchmarkConfigMapNamespace
+      name: customBenchmarkConfigMapNamespace
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              clusterProvider:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapName:
+                nullable: true
+                type: string
+              customBenchmarkConfigMapNamespace:
+                nullable: true
+                type: string
+              maxKubernetesVersion:
+                nullable: true
+                type: string
+              minKubernetesVersion:
+                nullable: true
+                type: string
+            type: object
+        type: object

charts/rancher-cis-benchmark-crd/4.3.0/templates/clusterscanprofile.yaml

@@ -0,0 +1,36 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanprofiles.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanProfile
+    plural: clusterscanprofiles
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              skipTests:
+                items:
+                  nullable: true
+                  type: string
+                nullable: true
+                type: array
+            type: object
+        type: object
+    additionalPrinterColumns:
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string

charts/rancher-cis-benchmark-crd/4.3.0/templates/clusterscanreport.yaml

@@ -0,0 +1,39 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterscanreports.cis.cattle.io
+spec:
+  group: cis.cattle.io
+  names:
+    kind: ClusterScanReport
+    plural: clusterscanreports
+  scope: Cluster
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    additionalPrinterColumns:
+    - jsonPath: .spec.lastRunTimestamp
+      name: LastRunTimestamp
+      type: string
+    - jsonPath: .spec.benchmarkVersion
+      name: BenchmarkVersion
+      type: string
+    subresources:
+      status: {}
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              benchmarkVersion:
+                nullable: true
+                type: string
+              lastRunTimestamp:
+                nullable: true
+                type: string
+              reportJSON:
+                nullable: true
+                type: string
+            type: object
+        type: object

charts/rancher-cis-benchmark-crd/4.4.0/Chart.yaml

@@ -0,0 +1,10 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cis-operator-system
+  catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 4.4.0

charts/rancher-cis-benchmark-crd/4.4.0/README.md

@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.