diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc1.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc1.tgz deleted file mode 100644 index 2641cf98c0..0000000000 Binary files a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc1.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc2.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc2.tgz deleted file mode 100644 index d3d6f80f8c..0000000000 Binary files a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc2.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc3.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc3.tgz deleted file mode 100644 index 86f5baa3f9..0000000000 Binary files a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc3.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc4.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc4.tgz deleted file mode 100644 index 34cbdb8453..0000000000 Binary files a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc4.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc5.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc5.tgz deleted file mode 100644 index cfef52b603..0000000000 Binary files a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc5.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc6.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc6.tgz deleted file mode 100644 index 1652b5d277..0000000000 Binary files a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc6.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc7.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc7.tgz deleted file mode 100644 index dafcc6e188..0000000000 Binary files a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc7.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc8.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc8.tgz deleted file mode 100644 index ce2fe092c4..0000000000 Binary files a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc8.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0.tgz b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0.tgz new file mode 100644 index 0000000000..c2e4173079 Binary files /dev/null and b/assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0.tgz differ diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc1.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc1.tgz deleted file mode 100644 index a553b91ff7..0000000000 Binary files a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc1.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc2.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc2.tgz deleted file mode 100644 index 2fae577b87..0000000000 Binary files a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc2.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc3.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc3.tgz deleted file mode 100644 index 632607e6ba..0000000000 Binary files a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc3.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc4.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc4.tgz deleted file mode 100644 index 62e3d5df85..0000000000 Binary files a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc4.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc5.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc5.tgz deleted file mode 100644 index b9a740777b..0000000000 Binary files a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc5.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc6.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc6.tgz deleted file mode 100644 index 646f5b8dc5..0000000000 Binary files a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc6.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc7.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc7.tgz deleted file mode 100644 index e9a1884973..0000000000 Binary files a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc7.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc8.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc8.tgz deleted file mode 100644 index 68aa0a5cd0..0000000000 Binary files a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc8.tgz and /dev/null differ diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0.tgz new file mode 100644 index 0000000000..3310c35f42 Binary files /dev/null and b/assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0.tgz differ diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc2/Chart.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc2/Chart.yaml deleted file mode 100644 index 54e845c112..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc2/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd -apiVersion: v1 -description: Installs the CRDs for rancher-cis-benchmark. -name: rancher-cis-benchmark-crd -type: application -version: 4.2.0-rc2 diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc2/README.md b/charts/rancher-cis-benchmark-crd/4.2.0-rc2/README.md deleted file mode 100644 index f6d9ef621f..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc2/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# rancher-cis-benchmark-crd -A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc2/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc2/templates/clusterscan.yaml deleted file mode 100644 index 3cbb0ffcd3..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc2/templates/clusterscan.yaml +++ /dev/null @@ -1,148 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscans.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScan - plural: clusterscans - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.lastRunScanProfileName - name: ClusterScanProfile - type: string - - jsonPath: .status.summary.total - name: Total - type: string - - jsonPath: .status.summary.pass - name: Pass - type: string - - jsonPath: .status.summary.fail - name: Fail - type: string - - jsonPath: .status.summary.skip - name: Skip - type: string - - jsonPath: .status.summary.warn - name: Warn - type: string - - jsonPath: .status.summary.notApplicable - name: Not Applicable - type: string - - jsonPath: .status.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.scheduledScanConfig.cronSchedule - name: CronSchedule - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - scanProfileName: - nullable: true - type: string - scheduledScanConfig: - nullable: true - properties: - cronSchedule: - nullable: true - type: string - retentionCount: - type: integer - scanAlertRule: - nullable: true - properties: - alertOnComplete: - type: boolean - alertOnFailure: - type: boolean - type: object - type: object - scoreWarning: - enum: - - pass - - fail - nullable: true - type: string - type: object - status: - properties: - NextScanAt: - nullable: true - type: string - ScanAlertingRuleName: - nullable: true - type: string - conditions: - items: - properties: - lastTransitionTime: - nullable: true - type: string - lastUpdateTime: - nullable: true - type: string - message: - nullable: true - type: string - reason: - nullable: true - type: string - status: - nullable: true - type: string - type: - nullable: true - type: string - type: object - nullable: true - type: array - display: - nullable: true - properties: - error: - type: boolean - message: - nullable: true - type: string - state: - nullable: true - type: string - transitioning: - type: boolean - type: object - lastRunScanProfileName: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - observedGeneration: - type: integer - summary: - nullable: true - properties: - fail: - type: integer - notApplicable: - type: integer - pass: - type: integer - skip: - type: integer - total: - type: integer - warn: - type: integer - type: object - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc2/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc2/templates/clusterscanbenchmark.yaml deleted file mode 100644 index fd291f8c33..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc2/templates/clusterscanbenchmark.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanbenchmarks.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanBenchmark - plural: clusterscanbenchmarks - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.clusterProvider - name: ClusterProvider - type: string - - jsonPath: .spec.minKubernetesVersion - name: MinKubernetesVersion - type: string - - jsonPath: .spec.maxKubernetesVersion - name: MaxKubernetesVersion - type: string - - jsonPath: .spec.customBenchmarkConfigMapName - name: customBenchmarkConfigMapName - type: string - - jsonPath: .spec.customBenchmarkConfigMapNamespace - name: customBenchmarkConfigMapNamespace - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - clusterProvider: - nullable: true - type: string - customBenchmarkConfigMapName: - nullable: true - type: string - customBenchmarkConfigMapNamespace: - nullable: true - type: string - maxKubernetesVersion: - nullable: true - type: string - minKubernetesVersion: - nullable: true - type: string - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc2/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc2/templates/clusterscanprofile.yaml deleted file mode 100644 index 1e75501b7c..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc2/templates/clusterscanprofile.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanprofiles.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanProfile - plural: clusterscanprofiles - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - skipTests: - items: - nullable: true - type: string - nullable: true - type: array - type: object - type: object - additionalPrinterColumns: - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc2/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc2/templates/clusterscanreport.yaml deleted file mode 100644 index 6e8c0b7de5..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc2/templates/clusterscanreport.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanreports.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanReport - plural: clusterscanreports - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - reportJSON: - nullable: true - type: string - type: object - type: object \ No newline at end of file diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc3/Chart.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc3/Chart.yaml deleted file mode 100644 index 604ca3f32e..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc3/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd -apiVersion: v1 -description: Installs the CRDs for rancher-cis-benchmark. -name: rancher-cis-benchmark-crd -type: application -version: 4.2.0-rc3 diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc3/README.md b/charts/rancher-cis-benchmark-crd/4.2.0-rc3/README.md deleted file mode 100644 index f6d9ef621f..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc3/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# rancher-cis-benchmark-crd -A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc3/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc3/templates/clusterscan.yaml deleted file mode 100644 index 3cbb0ffcd3..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc3/templates/clusterscan.yaml +++ /dev/null @@ -1,148 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscans.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScan - plural: clusterscans - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.lastRunScanProfileName - name: ClusterScanProfile - type: string - - jsonPath: .status.summary.total - name: Total - type: string - - jsonPath: .status.summary.pass - name: Pass - type: string - - jsonPath: .status.summary.fail - name: Fail - type: string - - jsonPath: .status.summary.skip - name: Skip - type: string - - jsonPath: .status.summary.warn - name: Warn - type: string - - jsonPath: .status.summary.notApplicable - name: Not Applicable - type: string - - jsonPath: .status.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.scheduledScanConfig.cronSchedule - name: CronSchedule - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - scanProfileName: - nullable: true - type: string - scheduledScanConfig: - nullable: true - properties: - cronSchedule: - nullable: true - type: string - retentionCount: - type: integer - scanAlertRule: - nullable: true - properties: - alertOnComplete: - type: boolean - alertOnFailure: - type: boolean - type: object - type: object - scoreWarning: - enum: - - pass - - fail - nullable: true - type: string - type: object - status: - properties: - NextScanAt: - nullable: true - type: string - ScanAlertingRuleName: - nullable: true - type: string - conditions: - items: - properties: - lastTransitionTime: - nullable: true - type: string - lastUpdateTime: - nullable: true - type: string - message: - nullable: true - type: string - reason: - nullable: true - type: string - status: - nullable: true - type: string - type: - nullable: true - type: string - type: object - nullable: true - type: array - display: - nullable: true - properties: - error: - type: boolean - message: - nullable: true - type: string - state: - nullable: true - type: string - transitioning: - type: boolean - type: object - lastRunScanProfileName: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - observedGeneration: - type: integer - summary: - nullable: true - properties: - fail: - type: integer - notApplicable: - type: integer - pass: - type: integer - skip: - type: integer - total: - type: integer - warn: - type: integer - type: object - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc3/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc3/templates/clusterscanbenchmark.yaml deleted file mode 100644 index fd291f8c33..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc3/templates/clusterscanbenchmark.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanbenchmarks.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanBenchmark - plural: clusterscanbenchmarks - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.clusterProvider - name: ClusterProvider - type: string - - jsonPath: .spec.minKubernetesVersion - name: MinKubernetesVersion - type: string - - jsonPath: .spec.maxKubernetesVersion - name: MaxKubernetesVersion - type: string - - jsonPath: .spec.customBenchmarkConfigMapName - name: customBenchmarkConfigMapName - type: string - - jsonPath: .spec.customBenchmarkConfigMapNamespace - name: customBenchmarkConfigMapNamespace - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - clusterProvider: - nullable: true - type: string - customBenchmarkConfigMapName: - nullable: true - type: string - customBenchmarkConfigMapNamespace: - nullable: true - type: string - maxKubernetesVersion: - nullable: true - type: string - minKubernetesVersion: - nullable: true - type: string - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc3/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc3/templates/clusterscanprofile.yaml deleted file mode 100644 index 1e75501b7c..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc3/templates/clusterscanprofile.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanprofiles.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanProfile - plural: clusterscanprofiles - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - skipTests: - items: - nullable: true - type: string - nullable: true - type: array - type: object - type: object - additionalPrinterColumns: - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc3/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc3/templates/clusterscanreport.yaml deleted file mode 100644 index 6e8c0b7de5..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc3/templates/clusterscanreport.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanreports.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanReport - plural: clusterscanreports - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - reportJSON: - nullable: true - type: string - type: object - type: object \ No newline at end of file diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc4/Chart.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc4/Chart.yaml deleted file mode 100644 index bbeef5b228..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc4/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd -apiVersion: v1 -description: Installs the CRDs for rancher-cis-benchmark. -name: rancher-cis-benchmark-crd -type: application -version: 4.2.0-rc4 diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc4/README.md b/charts/rancher-cis-benchmark-crd/4.2.0-rc4/README.md deleted file mode 100644 index f6d9ef621f..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc4/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# rancher-cis-benchmark-crd -A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc4/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc4/templates/clusterscan.yaml deleted file mode 100644 index 3cbb0ffcd3..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc4/templates/clusterscan.yaml +++ /dev/null @@ -1,148 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscans.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScan - plural: clusterscans - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.lastRunScanProfileName - name: ClusterScanProfile - type: string - - jsonPath: .status.summary.total - name: Total - type: string - - jsonPath: .status.summary.pass - name: Pass - type: string - - jsonPath: .status.summary.fail - name: Fail - type: string - - jsonPath: .status.summary.skip - name: Skip - type: string - - jsonPath: .status.summary.warn - name: Warn - type: string - - jsonPath: .status.summary.notApplicable - name: Not Applicable - type: string - - jsonPath: .status.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.scheduledScanConfig.cronSchedule - name: CronSchedule - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - scanProfileName: - nullable: true - type: string - scheduledScanConfig: - nullable: true - properties: - cronSchedule: - nullable: true - type: string - retentionCount: - type: integer - scanAlertRule: - nullable: true - properties: - alertOnComplete: - type: boolean - alertOnFailure: - type: boolean - type: object - type: object - scoreWarning: - enum: - - pass - - fail - nullable: true - type: string - type: object - status: - properties: - NextScanAt: - nullable: true - type: string - ScanAlertingRuleName: - nullable: true - type: string - conditions: - items: - properties: - lastTransitionTime: - nullable: true - type: string - lastUpdateTime: - nullable: true - type: string - message: - nullable: true - type: string - reason: - nullable: true - type: string - status: - nullable: true - type: string - type: - nullable: true - type: string - type: object - nullable: true - type: array - display: - nullable: true - properties: - error: - type: boolean - message: - nullable: true - type: string - state: - nullable: true - type: string - transitioning: - type: boolean - type: object - lastRunScanProfileName: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - observedGeneration: - type: integer - summary: - nullable: true - properties: - fail: - type: integer - notApplicable: - type: integer - pass: - type: integer - skip: - type: integer - total: - type: integer - warn: - type: integer - type: object - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc4/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc4/templates/clusterscanbenchmark.yaml deleted file mode 100644 index fd291f8c33..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc4/templates/clusterscanbenchmark.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanbenchmarks.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanBenchmark - plural: clusterscanbenchmarks - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.clusterProvider - name: ClusterProvider - type: string - - jsonPath: .spec.minKubernetesVersion - name: MinKubernetesVersion - type: string - - jsonPath: .spec.maxKubernetesVersion - name: MaxKubernetesVersion - type: string - - jsonPath: .spec.customBenchmarkConfigMapName - name: customBenchmarkConfigMapName - type: string - - jsonPath: .spec.customBenchmarkConfigMapNamespace - name: customBenchmarkConfigMapNamespace - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - clusterProvider: - nullable: true - type: string - customBenchmarkConfigMapName: - nullable: true - type: string - customBenchmarkConfigMapNamespace: - nullable: true - type: string - maxKubernetesVersion: - nullable: true - type: string - minKubernetesVersion: - nullable: true - type: string - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc4/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc4/templates/clusterscanprofile.yaml deleted file mode 100644 index 1e75501b7c..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc4/templates/clusterscanprofile.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanprofiles.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanProfile - plural: clusterscanprofiles - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - skipTests: - items: - nullable: true - type: string - nullable: true - type: array - type: object - type: object - additionalPrinterColumns: - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc4/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc4/templates/clusterscanreport.yaml deleted file mode 100644 index 6e8c0b7de5..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc4/templates/clusterscanreport.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanreports.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanReport - plural: clusterscanreports - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - reportJSON: - nullable: true - type: string - type: object - type: object \ No newline at end of file diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc5/Chart.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc5/Chart.yaml deleted file mode 100644 index 10d8de03ae..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc5/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd -apiVersion: v1 -description: Installs the CRDs for rancher-cis-benchmark. -name: rancher-cis-benchmark-crd -type: application -version: 4.2.0-rc5 diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc5/README.md b/charts/rancher-cis-benchmark-crd/4.2.0-rc5/README.md deleted file mode 100644 index f6d9ef621f..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc5/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# rancher-cis-benchmark-crd -A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc5/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc5/templates/clusterscan.yaml deleted file mode 100644 index 3cbb0ffcd3..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc5/templates/clusterscan.yaml +++ /dev/null @@ -1,148 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscans.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScan - plural: clusterscans - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.lastRunScanProfileName - name: ClusterScanProfile - type: string - - jsonPath: .status.summary.total - name: Total - type: string - - jsonPath: .status.summary.pass - name: Pass - type: string - - jsonPath: .status.summary.fail - name: Fail - type: string - - jsonPath: .status.summary.skip - name: Skip - type: string - - jsonPath: .status.summary.warn - name: Warn - type: string - - jsonPath: .status.summary.notApplicable - name: Not Applicable - type: string - - jsonPath: .status.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.scheduledScanConfig.cronSchedule - name: CronSchedule - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - scanProfileName: - nullable: true - type: string - scheduledScanConfig: - nullable: true - properties: - cronSchedule: - nullable: true - type: string - retentionCount: - type: integer - scanAlertRule: - nullable: true - properties: - alertOnComplete: - type: boolean - alertOnFailure: - type: boolean - type: object - type: object - scoreWarning: - enum: - - pass - - fail - nullable: true - type: string - type: object - status: - properties: - NextScanAt: - nullable: true - type: string - ScanAlertingRuleName: - nullable: true - type: string - conditions: - items: - properties: - lastTransitionTime: - nullable: true - type: string - lastUpdateTime: - nullable: true - type: string - message: - nullable: true - type: string - reason: - nullable: true - type: string - status: - nullable: true - type: string - type: - nullable: true - type: string - type: object - nullable: true - type: array - display: - nullable: true - properties: - error: - type: boolean - message: - nullable: true - type: string - state: - nullable: true - type: string - transitioning: - type: boolean - type: object - lastRunScanProfileName: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - observedGeneration: - type: integer - summary: - nullable: true - properties: - fail: - type: integer - notApplicable: - type: integer - pass: - type: integer - skip: - type: integer - total: - type: integer - warn: - type: integer - type: object - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc5/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc5/templates/clusterscanbenchmark.yaml deleted file mode 100644 index fd291f8c33..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc5/templates/clusterscanbenchmark.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanbenchmarks.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanBenchmark - plural: clusterscanbenchmarks - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.clusterProvider - name: ClusterProvider - type: string - - jsonPath: .spec.minKubernetesVersion - name: MinKubernetesVersion - type: string - - jsonPath: .spec.maxKubernetesVersion - name: MaxKubernetesVersion - type: string - - jsonPath: .spec.customBenchmarkConfigMapName - name: customBenchmarkConfigMapName - type: string - - jsonPath: .spec.customBenchmarkConfigMapNamespace - name: customBenchmarkConfigMapNamespace - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - clusterProvider: - nullable: true - type: string - customBenchmarkConfigMapName: - nullable: true - type: string - customBenchmarkConfigMapNamespace: - nullable: true - type: string - maxKubernetesVersion: - nullable: true - type: string - minKubernetesVersion: - nullable: true - type: string - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc5/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc5/templates/clusterscanprofile.yaml deleted file mode 100644 index 1e75501b7c..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc5/templates/clusterscanprofile.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanprofiles.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanProfile - plural: clusterscanprofiles - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - skipTests: - items: - nullable: true - type: string - nullable: true - type: array - type: object - type: object - additionalPrinterColumns: - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc5/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc5/templates/clusterscanreport.yaml deleted file mode 100644 index 6e8c0b7de5..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc5/templates/clusterscanreport.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanreports.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanReport - plural: clusterscanreports - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - reportJSON: - nullable: true - type: string - type: object - type: object \ No newline at end of file diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc6/Chart.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc6/Chart.yaml deleted file mode 100644 index 281db06d00..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc6/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd -apiVersion: v1 -description: Installs the CRDs for rancher-cis-benchmark. -name: rancher-cis-benchmark-crd -type: application -version: 4.2.0-rc6 diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc6/README.md b/charts/rancher-cis-benchmark-crd/4.2.0-rc6/README.md deleted file mode 100644 index f6d9ef621f..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc6/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# rancher-cis-benchmark-crd -A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc6/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc6/templates/clusterscan.yaml deleted file mode 100644 index 3cbb0ffcd3..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc6/templates/clusterscan.yaml +++ /dev/null @@ -1,148 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscans.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScan - plural: clusterscans - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.lastRunScanProfileName - name: ClusterScanProfile - type: string - - jsonPath: .status.summary.total - name: Total - type: string - - jsonPath: .status.summary.pass - name: Pass - type: string - - jsonPath: .status.summary.fail - name: Fail - type: string - - jsonPath: .status.summary.skip - name: Skip - type: string - - jsonPath: .status.summary.warn - name: Warn - type: string - - jsonPath: .status.summary.notApplicable - name: Not Applicable - type: string - - jsonPath: .status.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.scheduledScanConfig.cronSchedule - name: CronSchedule - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - scanProfileName: - nullable: true - type: string - scheduledScanConfig: - nullable: true - properties: - cronSchedule: - nullable: true - type: string - retentionCount: - type: integer - scanAlertRule: - nullable: true - properties: - alertOnComplete: - type: boolean - alertOnFailure: - type: boolean - type: object - type: object - scoreWarning: - enum: - - pass - - fail - nullable: true - type: string - type: object - status: - properties: - NextScanAt: - nullable: true - type: string - ScanAlertingRuleName: - nullable: true - type: string - conditions: - items: - properties: - lastTransitionTime: - nullable: true - type: string - lastUpdateTime: - nullable: true - type: string - message: - nullable: true - type: string - reason: - nullable: true - type: string - status: - nullable: true - type: string - type: - nullable: true - type: string - type: object - nullable: true - type: array - display: - nullable: true - properties: - error: - type: boolean - message: - nullable: true - type: string - state: - nullable: true - type: string - transitioning: - type: boolean - type: object - lastRunScanProfileName: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - observedGeneration: - type: integer - summary: - nullable: true - properties: - fail: - type: integer - notApplicable: - type: integer - pass: - type: integer - skip: - type: integer - total: - type: integer - warn: - type: integer - type: object - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc6/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc6/templates/clusterscanbenchmark.yaml deleted file mode 100644 index fd291f8c33..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc6/templates/clusterscanbenchmark.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanbenchmarks.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanBenchmark - plural: clusterscanbenchmarks - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.clusterProvider - name: ClusterProvider - type: string - - jsonPath: .spec.minKubernetesVersion - name: MinKubernetesVersion - type: string - - jsonPath: .spec.maxKubernetesVersion - name: MaxKubernetesVersion - type: string - - jsonPath: .spec.customBenchmarkConfigMapName - name: customBenchmarkConfigMapName - type: string - - jsonPath: .spec.customBenchmarkConfigMapNamespace - name: customBenchmarkConfigMapNamespace - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - clusterProvider: - nullable: true - type: string - customBenchmarkConfigMapName: - nullable: true - type: string - customBenchmarkConfigMapNamespace: - nullable: true - type: string - maxKubernetesVersion: - nullable: true - type: string - minKubernetesVersion: - nullable: true - type: string - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc6/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc6/templates/clusterscanprofile.yaml deleted file mode 100644 index 1e75501b7c..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc6/templates/clusterscanprofile.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanprofiles.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanProfile - plural: clusterscanprofiles - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - skipTests: - items: - nullable: true - type: string - nullable: true - type: array - type: object - type: object - additionalPrinterColumns: - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc6/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc6/templates/clusterscanreport.yaml deleted file mode 100644 index 6e8c0b7de5..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc6/templates/clusterscanreport.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanreports.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanReport - plural: clusterscanreports - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - reportJSON: - nullable: true - type: string - type: object - type: object \ No newline at end of file diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc7/Chart.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc7/Chart.yaml deleted file mode 100644 index 710b2d5d00..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc7/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd -apiVersion: v1 -description: Installs the CRDs for rancher-cis-benchmark. -name: rancher-cis-benchmark-crd -type: application -version: 4.2.0-rc7 diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc7/README.md b/charts/rancher-cis-benchmark-crd/4.2.0-rc7/README.md deleted file mode 100644 index f6d9ef621f..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc7/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# rancher-cis-benchmark-crd -A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc7/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc7/templates/clusterscan.yaml deleted file mode 100644 index 3cbb0ffcd3..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc7/templates/clusterscan.yaml +++ /dev/null @@ -1,148 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscans.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScan - plural: clusterscans - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.lastRunScanProfileName - name: ClusterScanProfile - type: string - - jsonPath: .status.summary.total - name: Total - type: string - - jsonPath: .status.summary.pass - name: Pass - type: string - - jsonPath: .status.summary.fail - name: Fail - type: string - - jsonPath: .status.summary.skip - name: Skip - type: string - - jsonPath: .status.summary.warn - name: Warn - type: string - - jsonPath: .status.summary.notApplicable - name: Not Applicable - type: string - - jsonPath: .status.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.scheduledScanConfig.cronSchedule - name: CronSchedule - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - scanProfileName: - nullable: true - type: string - scheduledScanConfig: - nullable: true - properties: - cronSchedule: - nullable: true - type: string - retentionCount: - type: integer - scanAlertRule: - nullable: true - properties: - alertOnComplete: - type: boolean - alertOnFailure: - type: boolean - type: object - type: object - scoreWarning: - enum: - - pass - - fail - nullable: true - type: string - type: object - status: - properties: - NextScanAt: - nullable: true - type: string - ScanAlertingRuleName: - nullable: true - type: string - conditions: - items: - properties: - lastTransitionTime: - nullable: true - type: string - lastUpdateTime: - nullable: true - type: string - message: - nullable: true - type: string - reason: - nullable: true - type: string - status: - nullable: true - type: string - type: - nullable: true - type: string - type: object - nullable: true - type: array - display: - nullable: true - properties: - error: - type: boolean - message: - nullable: true - type: string - state: - nullable: true - type: string - transitioning: - type: boolean - type: object - lastRunScanProfileName: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - observedGeneration: - type: integer - summary: - nullable: true - properties: - fail: - type: integer - notApplicable: - type: integer - pass: - type: integer - skip: - type: integer - total: - type: integer - warn: - type: integer - type: object - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc7/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc7/templates/clusterscanbenchmark.yaml deleted file mode 100644 index fd291f8c33..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc7/templates/clusterscanbenchmark.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanbenchmarks.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanBenchmark - plural: clusterscanbenchmarks - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.clusterProvider - name: ClusterProvider - type: string - - jsonPath: .spec.minKubernetesVersion - name: MinKubernetesVersion - type: string - - jsonPath: .spec.maxKubernetesVersion - name: MaxKubernetesVersion - type: string - - jsonPath: .spec.customBenchmarkConfigMapName - name: customBenchmarkConfigMapName - type: string - - jsonPath: .spec.customBenchmarkConfigMapNamespace - name: customBenchmarkConfigMapNamespace - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - clusterProvider: - nullable: true - type: string - customBenchmarkConfigMapName: - nullable: true - type: string - customBenchmarkConfigMapNamespace: - nullable: true - type: string - maxKubernetesVersion: - nullable: true - type: string - minKubernetesVersion: - nullable: true - type: string - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc7/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc7/templates/clusterscanprofile.yaml deleted file mode 100644 index 1e75501b7c..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc7/templates/clusterscanprofile.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanprofiles.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanProfile - plural: clusterscanprofiles - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - skipTests: - items: - nullable: true - type: string - nullable: true - type: array - type: object - type: object - additionalPrinterColumns: - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc7/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc7/templates/clusterscanreport.yaml deleted file mode 100644 index 6e8c0b7de5..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc7/templates/clusterscanreport.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanreports.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanReport - plural: clusterscanreports - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - reportJSON: - nullable: true - type: string - type: object - type: object \ No newline at end of file diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc8/Chart.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc8/Chart.yaml deleted file mode 100644 index 50e3de5fa8..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc8/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd -apiVersion: v1 -description: Installs the CRDs for rancher-cis-benchmark. -name: rancher-cis-benchmark-crd -type: application -version: 4.2.0-rc8 diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc8/README.md b/charts/rancher-cis-benchmark-crd/4.2.0-rc8/README.md deleted file mode 100644 index f6d9ef621f..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc8/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# rancher-cis-benchmark-crd -A Rancher chart that installs the CRDs used by rancher-cis-benchmark. diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc8/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc8/templates/clusterscan.yaml deleted file mode 100644 index 3cbb0ffcd3..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc8/templates/clusterscan.yaml +++ /dev/null @@ -1,148 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscans.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScan - plural: clusterscans - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.lastRunScanProfileName - name: ClusterScanProfile - type: string - - jsonPath: .status.summary.total - name: Total - type: string - - jsonPath: .status.summary.pass - name: Pass - type: string - - jsonPath: .status.summary.fail - name: Fail - type: string - - jsonPath: .status.summary.skip - name: Skip - type: string - - jsonPath: .status.summary.warn - name: Warn - type: string - - jsonPath: .status.summary.notApplicable - name: Not Applicable - type: string - - jsonPath: .status.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.scheduledScanConfig.cronSchedule - name: CronSchedule - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - scanProfileName: - nullable: true - type: string - scheduledScanConfig: - nullable: true - properties: - cronSchedule: - nullable: true - type: string - retentionCount: - type: integer - scanAlertRule: - nullable: true - properties: - alertOnComplete: - type: boolean - alertOnFailure: - type: boolean - type: object - type: object - scoreWarning: - enum: - - pass - - fail - nullable: true - type: string - type: object - status: - properties: - NextScanAt: - nullable: true - type: string - ScanAlertingRuleName: - nullable: true - type: string - conditions: - items: - properties: - lastTransitionTime: - nullable: true - type: string - lastUpdateTime: - nullable: true - type: string - message: - nullable: true - type: string - reason: - nullable: true - type: string - status: - nullable: true - type: string - type: - nullable: true - type: string - type: object - nullable: true - type: array - display: - nullable: true - properties: - error: - type: boolean - message: - nullable: true - type: string - state: - nullable: true - type: string - transitioning: - type: boolean - type: object - lastRunScanProfileName: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - observedGeneration: - type: integer - summary: - nullable: true - properties: - fail: - type: integer - notApplicable: - type: integer - pass: - type: integer - skip: - type: integer - total: - type: integer - warn: - type: integer - type: object - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc8/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc8/templates/clusterscanbenchmark.yaml deleted file mode 100644 index fd291f8c33..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc8/templates/clusterscanbenchmark.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanbenchmarks.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanBenchmark - plural: clusterscanbenchmarks - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.clusterProvider - name: ClusterProvider - type: string - - jsonPath: .spec.minKubernetesVersion - name: MinKubernetesVersion - type: string - - jsonPath: .spec.maxKubernetesVersion - name: MaxKubernetesVersion - type: string - - jsonPath: .spec.customBenchmarkConfigMapName - name: customBenchmarkConfigMapName - type: string - - jsonPath: .spec.customBenchmarkConfigMapNamespace - name: customBenchmarkConfigMapNamespace - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - clusterProvider: - nullable: true - type: string - customBenchmarkConfigMapName: - nullable: true - type: string - customBenchmarkConfigMapNamespace: - nullable: true - type: string - maxKubernetesVersion: - nullable: true - type: string - minKubernetesVersion: - nullable: true - type: string - type: object - type: object diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc8/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc8/templates/clusterscanprofile.yaml deleted file mode 100644 index 1e75501b7c..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc8/templates/clusterscanprofile.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanprofiles.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanProfile - plural: clusterscanprofiles - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - skipTests: - items: - nullable: true - type: string - nullable: true - type: array - type: object - type: object - additionalPrinterColumns: - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc8/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/4.2.0-rc8/templates/clusterscanreport.yaml deleted file mode 100644 index 6e8c0b7de5..0000000000 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc8/templates/clusterscanreport.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clusterscanreports.cis.cattle.io -spec: - group: cis.cattle.io - names: - kind: ClusterScanReport - plural: clusterscanreports - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.lastRunTimestamp - name: LastRunTimestamp - type: string - - jsonPath: .spec.benchmarkVersion - name: BenchmarkVersion - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - spec: - properties: - benchmarkVersion: - nullable: true - type: string - lastRunTimestamp: - nullable: true - type: string - reportJSON: - nullable: true - type: string - type: object - type: object \ No newline at end of file diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc1/Chart.yaml b/charts/rancher-cis-benchmark-crd/4.2.0/Chart.yaml similarity index 94% rename from charts/rancher-cis-benchmark-crd/4.2.0-rc1/Chart.yaml rename to charts/rancher-cis-benchmark-crd/4.2.0/Chart.yaml index c38a235870..9672f061d5 100644 --- a/charts/rancher-cis-benchmark-crd/4.2.0-rc1/Chart.yaml +++ b/charts/rancher-cis-benchmark-crd/4.2.0/Chart.yaml @@ -7,4 +7,4 @@ apiVersion: v1 description: Installs the CRDs for rancher-cis-benchmark. name: rancher-cis-benchmark-crd type: application -version: 4.2.0-rc1 +version: 4.2.0 diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc1/README.md b/charts/rancher-cis-benchmark-crd/4.2.0/README.md similarity index 100% rename from charts/rancher-cis-benchmark-crd/4.2.0-rc1/README.md rename to charts/rancher-cis-benchmark-crd/4.2.0/README.md diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc1/templates/clusterscan.yaml b/charts/rancher-cis-benchmark-crd/4.2.0/templates/clusterscan.yaml similarity index 100% rename from charts/rancher-cis-benchmark-crd/4.2.0-rc1/templates/clusterscan.yaml rename to charts/rancher-cis-benchmark-crd/4.2.0/templates/clusterscan.yaml diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc1/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark-crd/4.2.0/templates/clusterscanbenchmark.yaml similarity index 100% rename from charts/rancher-cis-benchmark-crd/4.2.0-rc1/templates/clusterscanbenchmark.yaml rename to charts/rancher-cis-benchmark-crd/4.2.0/templates/clusterscanbenchmark.yaml diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc1/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark-crd/4.2.0/templates/clusterscanprofile.yaml similarity index 100% rename from charts/rancher-cis-benchmark-crd/4.2.0-rc1/templates/clusterscanprofile.yaml rename to charts/rancher-cis-benchmark-crd/4.2.0/templates/clusterscanprofile.yaml diff --git a/charts/rancher-cis-benchmark-crd/4.2.0-rc1/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark-crd/4.2.0/templates/clusterscanreport.yaml similarity index 100% rename from charts/rancher-cis-benchmark-crd/4.2.0-rc1/templates/clusterscanreport.yaml rename to charts/rancher-cis-benchmark-crd/4.2.0/templates/clusterscanreport.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-gke-1.0.yaml deleted file mode 100644 index 72122e8c5e..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-gke-1.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: gke-1.0 -spec: - clusterProvider: gke - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/configmap.yaml b/charts/rancher-cis-benchmark/4.2.0-rc1/templates/configmap.yaml deleted file mode 100644 index 1a9cd18097..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: default-clusterscanprofiles - namespace: {{ template "cis.namespace" . }} -data: - # Default ClusterScanProfiles per cluster provider type - rke: |- - <1.21.0: rke-profile-permissive-1.20 - >=1.21.0: rke-profile-permissive-1.23 - rke2: |- - <1.21.0: rke2-cis-1.20-profile-permissive - >=1.21.0: rke2-cis-1.23-profile-permissive - eks: "eks-profile" - gke: "gke-profile" - aks: "aks-profile" - k3s: "k3s-cis-1.23-profile-permissive" - default: "cis-1.23-profile" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofilegke.yml deleted file mode 100644 index 2ddd0686f9..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofilegke.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: gke-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/values.yaml b/charts/rancher-cis-benchmark/4.2.0-rc1/values.yaml deleted file mode 100644 index 9db30da258..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc1/values.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# Default values for rancher-cis-benchmark. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - cisoperator: - repository: rancher/cis-operator - tag: v1.0.12 - securityScan: - repository: rancher/security-scan - tag: v0.2.13-rc2 - sonobuoy: - repository: rancher/mirrored-sonobuoy-sonobuoy - tag: v0.56.16 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -securityScanJob: - overrideTolerations: false - tolerations: [] - -affinity: {} - -global: - cattle: - systemDefaultRegistry: "" - clusterName: "" - psp: - enabled: false - kubectl: - repository: rancher/kubectl - tag: v1.26.3 - -alerts: - enabled: false - severity: warning - metricsPort: 8080 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/Chart.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/Chart.yaml deleted file mode 100644 index f038fc0eb5..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark -apiVersion: v1 -appVersion: v4.2.0-rc2 -description: The cis-operator enables running CIS benchmark security scans on a kubernetes - cluster -icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg -keywords: -- security -name: rancher-cis-benchmark -version: 4.2.0-rc2 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/README.md b/charts/rancher-cis-benchmark/4.2.0-rc2/README.md deleted file mode 100644 index 50beab58ba..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Rancher CIS Benchmark Chart - -The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. - -# Installation - -``` -helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system -``` diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/app-readme.md b/charts/rancher-cis-benchmark/4.2.0-rc2/app-readme.md deleted file mode 100644 index 147e91ea2e..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/app-readme.md +++ /dev/null @@ -1,33 +0,0 @@ -# Rancher CIS Benchmarks - -This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). - -This chart installs the following components: - -- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. -- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. -- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. -- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. -- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. - - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. - - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. - -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/_helpers.tpl b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/_helpers.tpl deleted file mode 100644 index b7bb000422..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/_helpers.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{/* Ensure namespace is set the same everywhere */}} -{{- define "cis.namespace" -}} - {{- .Release.Namespace | default "cis-operator-system" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/alertingrule.yaml deleted file mode 100644 index 1787c88a07..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/alertingrule.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.alerts.enabled -}} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: rancher-cis-pod-monitor - namespace: {{ template "cis.namespace" . }} -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - podMetricsEndpoints: - - port: cismetrics -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-aks-1.0.yaml deleted file mode 100644 index 1ac866253f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-aks-1.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: aks-1.0 -spec: - clusterProvider: aks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.20.yaml deleted file mode 100644 index 1203e5bcc5..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.20 -spec: - clusterProvider: "" - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.23.yaml deleted file mode 100644 index 83002966d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.23 -spec: - clusterProvider: "" - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.24.yaml deleted file mode 100644 index ad73b2c34c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.24 -spec: - clusterProvider: "" - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.5.yaml deleted file mode 100644 index c9e6075fb4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.5.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.5 -spec: - clusterProvider: "" - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.6.yaml deleted file mode 100644 index 4f5d66e92f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.6 -spec: - clusterProvider: "" - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-eks-1.0.1.yaml deleted file mode 100644 index d1ba9d2954..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-eks-1.0.1.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: eks-1.0.1 -spec: - clusterProvider: eks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-gke-1.0.yaml deleted file mode 100644 index 72122e8c5e..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-gke-1.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: gke-1.0 -spec: - clusterProvider: gke - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.20-hardened.yaml deleted file mode 100644 index 147cac3906..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.20-permissive.yaml deleted file mode 100644 index d9584f7229..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.23-hardened.yaml deleted file mode 100644 index 1a928db35c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.23-permissive.yaml deleted file mode 100644 index 5a46787d51..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.24-hardened.yaml deleted file mode 100644 index 47b6be197a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.24-permissive.yaml deleted file mode 100644 index 6ded2f02bd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.6-hardened.yaml deleted file mode 100644 index 5160cf7950..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.6-permissive.yaml deleted file mode 100644 index 10c0759853..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.20-hardened.yaml deleted file mode 100644 index 4924679cb3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.20-permissive.yaml deleted file mode 100644 index 2db66d7c62..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.23-hardened.yaml deleted file mode 100644 index 12de23173d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.23-permissive.yaml deleted file mode 100644 index f9d5052541..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.24-hardened.yaml deleted file mode 100644 index 7030c793fc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.24-permissive.yaml deleted file mode 100644 index b2633eade1..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.5-hardened.yaml deleted file mode 100644 index b9154f1ada..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.5-permissive.yaml deleted file mode 100644 index 9da65d55dd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.6-hardened.yaml deleted file mode 100644 index 77f8a31df6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.6-permissive.yaml deleted file mode 100644 index 600b8df35a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.20-hardened.yaml deleted file mode 100644 index b6cc88359c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.20-permissive.yaml deleted file mode 100644 index fd898bfe86..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.23-hardened.yaml deleted file mode 100644 index 55d96da59d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.23-permissive.yaml deleted file mode 100644 index 55fffe3209..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.24-hardened.yaml deleted file mode 100644 index f702a13726..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.24-permissive.yaml deleted file mode 100644 index 5bc70099f7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.5-hardened.yaml deleted file mode 100644 index 20091ec2b3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.5-permissive.yaml deleted file mode 100644 index 9a86906b02..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.6-hardened.yaml deleted file mode 100644 index ea2549ef39..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.6-permissive.yaml deleted file mode 100644 index 0afdaaa19b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/cis-roles.yaml deleted file mode 100644 index 23c93dc659..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/cis-roles.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-admin -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["create", "update", "delete", "patch","get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-view -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/deployment.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/deployment.yaml deleted file mode 100644 index 8c9f72f5de..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cis-operator - namespace: {{ template "cis.namespace" . }} - labels: - cis.cattle.io/operator: cis-operator -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - template: - metadata: - labels: - cis.cattle.io/operator: cis-operator - spec: - serviceAccountName: cis-operator-serviceaccount - containers: - - name: cis-operator - image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' - imagePullPolicy: IfNotPresent - ports: - - name: cismetrics - containerPort: {{ .Values.alerts.metricsPort }} - env: - - name: SECURITY_SCAN_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} - - name: SECURITY_SCAN_IMAGE_TAG - value: {{ .Values.image.securityScan.tag }} - - name: SONOBUOY_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} - - name: SONOBUOY_IMAGE_TAG - value: {{ .Values.image.sonobuoy.tag }} - - name: CIS_ALERTS_METRICS_PORT - value: '{{ .Values.alerts.metricsPort }}' - - name: CIS_ALERTS_SEVERITY - value: {{ .Values.alerts.severity }} - - name: CIS_ALERTS_ENABLED - value: {{ .Values.alerts.enabled | default "false" | quote }} - - name: CLUSTER_NAME - value: '{{ .Values.global.cattle.clusterName }}' - - name: CIS_OPERATOR_DEBUG - value: '{{ .Values.image.cisoperator.debug }}' - {{- if .Values.securityScanJob.overrideTolerations }} - - name: SECURITY_SCAN_JOB_TOLERATIONS - value: '{{ .Values.securityScanJob.tolerations | toJson }}' - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/network_policy_allow_all.yaml deleted file mode 100644 index 6ed5d645ea..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/network_policy_allow_all.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: default-allow-all - namespace: {{ template "cis.namespace" . }} -spec: - podSelector: {} - ingress: - - {} - egress: - - {} - policyTypes: - - Ingress - - Egress diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/patch_default_serviceaccount.yaml deleted file mode 100644 index e78a6bd08a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/patch_default_serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: patch-sa - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation -spec: - template: - spec: - serviceAccountName: cis-operator-serviceaccount - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - restartPolicy: Never - containers: - - name: sa - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] - args: ["-n", {{ template "cis.namespace" . }}] - - backoffLimit: 1 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/psp.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/psp.yaml deleted file mode 100644 index 9b8a5995ee..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/psp.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: cis-psp -spec: - allowPrivilegeEscalation: true - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - hostIPC: true - hostNetwork: true - hostPID: true - hostPorts: - - max: 65535 - min: 0 - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-psp-role - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - cis-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: cis-psp-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-psp-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/rbac.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/rbac.yaml deleted file mode 100644 index 6352b972af..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/rbac.yaml +++ /dev/null @@ -1,213 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrole -rules: -- apiGroups: - - "cis.cattle.io" - resources: - - "*" - verbs: - - "*" -- apiGroups: - - "" - resources: - - "pods" - - "services" - - "configmaps" - - "nodes" - - "serviceaccounts" - verbs: - - "get" - - "list" - - "create" - - "update" - - "watch" - - "patch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "list" - - "create" - - "patch" - - "update" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-scan-ns -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: - - "*" - resources: - - "podsecuritypolicies" - verbs: - - "get" - - "list" - - "watch" -{{- end }} -- apiGroups: - - "" - resources: - - "namespaces" - - "nodes" - - "pods" - - "serviceaccounts" - - "services" - - "replicationcontrollers" - verbs: - - "get" - - "list" - - "watch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - - "cronjobs" - verbs: - - "list" -- apiGroups: - - "apps" - resources: - - "daemonsets" - - "deployments" - - "replicasets" - - "statefulsets" - verbs: - - "list" -- apiGroups: - - "autoscaling" - resources: - - "horizontalpodautoscalers" - verbs: - - "list" -- apiGroups: - - "networking.k8s.io" - resources: - - "networkpolicies" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-operator-role - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - "" - resources: - - "services" - verbs: - - "watch" - - "list" - - "get" - - "patch" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "watch" - - "list" - - "get" - - "delete" -- apiGroups: - - "" - resources: - - "configmaps" - - "pods" - - "secrets" - verbs: - - "*" -- apiGroups: - - "apps" - resources: - - "daemonsets" - verbs: - - "*" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-operator-clusterrole -subjects: -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cis-scan-ns - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-scan-ns -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-operator-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.20.yaml deleted file mode 100644 index 05263ce7da..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.20-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.20 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.23.yaml deleted file mode 100644 index c59d8f51ff..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.23-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.23 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.24.yaml deleted file mode 100644 index aa3e51c3e2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.24-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.24 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.6.yaml deleted file mode 100644 index 8a8d8bf881..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.6-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.6 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.20-hardened.yml deleted file mode 100644 index a0b6cb6f6a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.20-permissive.yml deleted file mode 100644 index 89885548df..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.23-hardened.yml deleted file mode 100644 index 724412d3aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.23-permissive.yml deleted file mode 100644 index 9f9213de1c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.24-hardened.yml deleted file mode 100644 index 252251efcf..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.24-permissive.yml deleted file mode 100644 index 05555c64dc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.6-hardened.yml deleted file mode 100644 index 095e977ab2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.6-permissive.yml deleted file mode 100644 index 3b22a80c83..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.20-hardened.yaml deleted file mode 100644 index c36cf38c90..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.20-permissive.yaml deleted file mode 100644 index cfeb4b34c6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.23-hardened.yaml deleted file mode 100644 index 0073311496..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.23-permissive.yaml deleted file mode 100644 index 085b60dfa4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.24-hardened.yaml deleted file mode 100644 index faae63e87f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.24-permissive.yaml deleted file mode 100644 index 7335a1d2d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.6-hardened.yaml deleted file mode 100644 index d38febd80f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.6-permissive.yaml deleted file mode 100644 index d31b5b0d25..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.20-hardened.yml deleted file mode 100644 index decc9b6516..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.20-permissive.yml deleted file mode 100644 index 74c96ffc49..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.23-hardened.yml deleted file mode 100644 index abc1c2a21b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.23-permissive.yml deleted file mode 100644 index 51cc519acd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.24-hardened.yml deleted file mode 100644 index f8ddb9851c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.24-permissive.yml deleted file mode 100644 index c820f03928..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.6-hardened.yml deleted file mode 100644 index c7ac7f949a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.6-permissive.yml deleted file mode 100644 index 96ca1345aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofileaks.yml deleted file mode 100644 index ea7b25b404..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofileaks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: aks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: aks-1.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofileeks.yml deleted file mode 100644 index 3b4e34437a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofileeks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: eks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: eks-1.0.1 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofilegke.yml deleted file mode 100644 index 2ddd0686f9..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofilegke.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: gke-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: gke-1.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/serviceaccount.yaml deleted file mode 100644 index ec48ec6224..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - name: cis-operator-serviceaccount ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-serviceaccount diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/validate-install-crd.yaml deleted file mode 100644 index 562295791b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/validate-install-crd.yaml +++ /dev/null @@ -1,17 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/validate-psp-install.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/values.yaml b/charts/rancher-cis-benchmark/4.2.0-rc2/values.yaml deleted file mode 100644 index 89b97d2e4a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc2/values.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# Default values for rancher-cis-benchmark. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - cisoperator: - repository: rancher/cis-operator - tag: v1.0.12 - securityScan: - repository: rancher/security-scan - tag: v0.2.13-rc4 - sonobuoy: - repository: rancher/mirrored-sonobuoy-sonobuoy - tag: v0.56.16 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -securityScanJob: - overrideTolerations: false - tolerations: [] - -affinity: {} - -global: - cattle: - systemDefaultRegistry: "" - clusterName: "" - psp: - enabled: false - kubectl: - repository: rancher/kubectl - tag: v1.26.3 - -alerts: - enabled: false - severity: warning - metricsPort: 8080 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/Chart.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/Chart.yaml deleted file mode 100644 index ab1580eef3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark -apiVersion: v1 -appVersion: v4.2.0-rc3 -description: The cis-operator enables running CIS benchmark security scans on a kubernetes - cluster -icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg -keywords: -- security -name: rancher-cis-benchmark -version: 4.2.0-rc3 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/README.md b/charts/rancher-cis-benchmark/4.2.0-rc3/README.md deleted file mode 100644 index 50beab58ba..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Rancher CIS Benchmark Chart - -The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. - -# Installation - -``` -helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system -``` diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/app-readme.md b/charts/rancher-cis-benchmark/4.2.0-rc3/app-readme.md deleted file mode 100644 index 147e91ea2e..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/app-readme.md +++ /dev/null @@ -1,33 +0,0 @@ -# Rancher CIS Benchmarks - -This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). - -This chart installs the following components: - -- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. -- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. -- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. -- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. -- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. - - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. - - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. - -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/_helpers.tpl b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/_helpers.tpl deleted file mode 100644 index b7bb000422..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/_helpers.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{/* Ensure namespace is set the same everywhere */}} -{{- define "cis.namespace" -}} - {{- .Release.Namespace | default "cis-operator-system" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/alertingrule.yaml deleted file mode 100644 index 1787c88a07..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/alertingrule.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.alerts.enabled -}} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: rancher-cis-pod-monitor - namespace: {{ template "cis.namespace" . }} -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - podMetricsEndpoints: - - port: cismetrics -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-aks-1.0.yaml deleted file mode 100644 index 1ac866253f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-aks-1.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: aks-1.0 -spec: - clusterProvider: aks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.20.yaml deleted file mode 100644 index 1203e5bcc5..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.20 -spec: - clusterProvider: "" - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.23.yaml deleted file mode 100644 index 83002966d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.23 -spec: - clusterProvider: "" - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.24.yaml deleted file mode 100644 index ad73b2c34c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.24 -spec: - clusterProvider: "" - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.5.yaml deleted file mode 100644 index c9e6075fb4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.5.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.5 -spec: - clusterProvider: "" - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.6.yaml deleted file mode 100644 index 4f5d66e92f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.6 -spec: - clusterProvider: "" - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.7.yaml deleted file mode 100644 index 4f6e41b9da..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-cis-1.7.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.7 -spec: - clusterProvider: "" - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-eks-1.0.1.yaml deleted file mode 100644 index d1ba9d2954..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-eks-1.0.1.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: eks-1.0.1 -spec: - clusterProvider: eks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.20-hardened.yaml deleted file mode 100644 index 147cac3906..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.20-permissive.yaml deleted file mode 100644 index d9584f7229..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.23-hardened.yaml deleted file mode 100644 index 1a928db35c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.23-permissive.yaml deleted file mode 100644 index 5a46787d51..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.24-hardened.yaml deleted file mode 100644 index 47b6be197a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.24-permissive.yaml deleted file mode 100644 index 6ded2f02bd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.6-hardened.yaml deleted file mode 100644 index 5160cf7950..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.6-permissive.yaml deleted file mode 100644 index 10c0759853..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.7-hardened.yaml deleted file mode 100644 index 7dd99a0ecf..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.7-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.7-permissive.yaml deleted file mode 100644 index 187056d5f6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-k3s-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.7-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.20-hardened.yaml deleted file mode 100644 index 4924679cb3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.20-permissive.yaml deleted file mode 100644 index 2db66d7c62..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.23-hardened.yaml deleted file mode 100644 index 12de23173d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.23-permissive.yaml deleted file mode 100644 index f9d5052541..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.24-hardened.yaml deleted file mode 100644 index 7030c793fc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.24-permissive.yaml deleted file mode 100644 index b2633eade1..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.5-hardened.yaml deleted file mode 100644 index b9154f1ada..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.5-permissive.yaml deleted file mode 100644 index 9da65d55dd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.6-hardened.yaml deleted file mode 100644 index 77f8a31df6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.6-permissive.yaml deleted file mode 100644 index 600b8df35a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.7-hardened.yaml deleted file mode 100644 index 0fe73b6ceb..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.7-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.7-permissive.yaml deleted file mode 100644 index bc54955721..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.7-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.20-hardened.yaml deleted file mode 100644 index b6cc88359c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.20-permissive.yaml deleted file mode 100644 index fd898bfe86..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.23-hardened.yaml deleted file mode 100644 index 55d96da59d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.23-permissive.yaml deleted file mode 100644 index 55fffe3209..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.24-hardened.yaml deleted file mode 100644 index f702a13726..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.24-permissive.yaml deleted file mode 100644 index 5bc70099f7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.5-hardened.yaml deleted file mode 100644 index 20091ec2b3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.5-permissive.yaml deleted file mode 100644 index 9a86906b02..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.6-hardened.yaml deleted file mode 100644 index ea2549ef39..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.6-permissive.yaml deleted file mode 100644 index 0afdaaa19b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.7-hardened.yaml deleted file mode 100644 index b387408f50..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.7-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.7-permissive.yaml deleted file mode 100644 index 850a5fdd48..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-rke2-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.7-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/cis-roles.yaml deleted file mode 100644 index 23c93dc659..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/cis-roles.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-admin -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["create", "update", "delete", "patch","get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-view -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/configmap.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/configmap.yaml deleted file mode 100644 index 33e54656ea..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: default-clusterscanprofiles - namespace: {{ template "cis.namespace" . }} -data: - # Default ClusterScanProfiles per cluster provider type - rke: |- - <1.21.0: rke-profile-permissive-1.20 - >=1.21.0: rke-profile-permissive-1.7 - rke2: |- - <1.21.0: rke2-cis-1.20-profile-permissive - >=1.21.0: rke2-cis-1.7-profile-permissive - eks: "eks-profile" - gke: "gke-profile" - aks: "aks-profile" - k3s: "k3s-cis-1.7-profile-permissive" - default: "cis-1.7-profile" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/deployment.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/deployment.yaml deleted file mode 100644 index 8c9f72f5de..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cis-operator - namespace: {{ template "cis.namespace" . }} - labels: - cis.cattle.io/operator: cis-operator -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - template: - metadata: - labels: - cis.cattle.io/operator: cis-operator - spec: - serviceAccountName: cis-operator-serviceaccount - containers: - - name: cis-operator - image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' - imagePullPolicy: IfNotPresent - ports: - - name: cismetrics - containerPort: {{ .Values.alerts.metricsPort }} - env: - - name: SECURITY_SCAN_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} - - name: SECURITY_SCAN_IMAGE_TAG - value: {{ .Values.image.securityScan.tag }} - - name: SONOBUOY_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} - - name: SONOBUOY_IMAGE_TAG - value: {{ .Values.image.sonobuoy.tag }} - - name: CIS_ALERTS_METRICS_PORT - value: '{{ .Values.alerts.metricsPort }}' - - name: CIS_ALERTS_SEVERITY - value: {{ .Values.alerts.severity }} - - name: CIS_ALERTS_ENABLED - value: {{ .Values.alerts.enabled | default "false" | quote }} - - name: CLUSTER_NAME - value: '{{ .Values.global.cattle.clusterName }}' - - name: CIS_OPERATOR_DEBUG - value: '{{ .Values.image.cisoperator.debug }}' - {{- if .Values.securityScanJob.overrideTolerations }} - - name: SECURITY_SCAN_JOB_TOLERATIONS - value: '{{ .Values.securityScanJob.tolerations | toJson }}' - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/network_policy_allow_all.yaml deleted file mode 100644 index 6ed5d645ea..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/network_policy_allow_all.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: default-allow-all - namespace: {{ template "cis.namespace" . }} -spec: - podSelector: {} - ingress: - - {} - egress: - - {} - policyTypes: - - Ingress - - Egress diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/patch_default_serviceaccount.yaml deleted file mode 100644 index e78a6bd08a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/patch_default_serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: patch-sa - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation -spec: - template: - spec: - serviceAccountName: cis-operator-serviceaccount - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - restartPolicy: Never - containers: - - name: sa - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] - args: ["-n", {{ template "cis.namespace" . }}] - - backoffLimit: 1 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/psp.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/psp.yaml deleted file mode 100644 index 9b8a5995ee..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/psp.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: cis-psp -spec: - allowPrivilegeEscalation: true - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - hostIPC: true - hostNetwork: true - hostPID: true - hostPorts: - - max: 65535 - min: 0 - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-psp-role - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - cis-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: cis-psp-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-psp-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/rbac.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/rbac.yaml deleted file mode 100644 index 6352b972af..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/rbac.yaml +++ /dev/null @@ -1,213 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrole -rules: -- apiGroups: - - "cis.cattle.io" - resources: - - "*" - verbs: - - "*" -- apiGroups: - - "" - resources: - - "pods" - - "services" - - "configmaps" - - "nodes" - - "serviceaccounts" - verbs: - - "get" - - "list" - - "create" - - "update" - - "watch" - - "patch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "list" - - "create" - - "patch" - - "update" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-scan-ns -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: - - "*" - resources: - - "podsecuritypolicies" - verbs: - - "get" - - "list" - - "watch" -{{- end }} -- apiGroups: - - "" - resources: - - "namespaces" - - "nodes" - - "pods" - - "serviceaccounts" - - "services" - - "replicationcontrollers" - verbs: - - "get" - - "list" - - "watch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - - "cronjobs" - verbs: - - "list" -- apiGroups: - - "apps" - resources: - - "daemonsets" - - "deployments" - - "replicasets" - - "statefulsets" - verbs: - - "list" -- apiGroups: - - "autoscaling" - resources: - - "horizontalpodautoscalers" - verbs: - - "list" -- apiGroups: - - "networking.k8s.io" - resources: - - "networkpolicies" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-operator-role - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - "" - resources: - - "services" - verbs: - - "watch" - - "list" - - "get" - - "patch" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "watch" - - "list" - - "get" - - "delete" -- apiGroups: - - "" - resources: - - "configmaps" - - "pods" - - "secrets" - verbs: - - "*" -- apiGroups: - - "apps" - resources: - - "daemonsets" - verbs: - - "*" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-operator-clusterrole -subjects: -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cis-scan-ns - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-scan-ns -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-operator-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.20.yaml deleted file mode 100644 index 05263ce7da..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.20-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.20 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.23.yaml deleted file mode 100644 index c59d8f51ff..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.23-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.23 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.24.yaml deleted file mode 100644 index aa3e51c3e2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.24-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.24 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.6.yaml deleted file mode 100644 index 8a8d8bf881..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.6-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.6 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.7.yaml deleted file mode 100644 index 1a37aad835..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-cis-1.7.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.7-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.7 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.20-hardened.yml deleted file mode 100644 index a0b6cb6f6a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.20-permissive.yml deleted file mode 100644 index 89885548df..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.23-hardened.yml deleted file mode 100644 index 724412d3aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.23-permissive.yml deleted file mode 100644 index 9f9213de1c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.24-hardened.yml deleted file mode 100644 index 252251efcf..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.24-permissive.yml deleted file mode 100644 index 05555c64dc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.6-hardened.yml deleted file mode 100644 index 095e977ab2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.6-permissive.yml deleted file mode 100644 index 3b22a80c83..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.7-hardened.yml deleted file mode 100644 index 22ae9e0d23..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.7-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.7-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.7-permissive.yml deleted file mode 100644 index f79e9ed966..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-k3s-cis-1.7-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.7-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.20-hardened.yaml deleted file mode 100644 index c36cf38c90..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.20-permissive.yaml deleted file mode 100644 index cfeb4b34c6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.23-hardened.yaml deleted file mode 100644 index 0073311496..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.23-permissive.yaml deleted file mode 100644 index 085b60dfa4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.24-hardened.yaml deleted file mode 100644 index faae63e87f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.24-permissive.yaml deleted file mode 100644 index 7335a1d2d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.6-hardened.yaml deleted file mode 100644 index d38febd80f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.6-permissive.yaml deleted file mode 100644 index d31b5b0d25..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.7-hardened.yaml deleted file mode 100644 index 7b83f95bcd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.7-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.7 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.7-permissive.yaml deleted file mode 100644 index 52327c4af1..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke-1.7-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.7 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.20-hardened.yml deleted file mode 100644 index decc9b6516..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.20-permissive.yml deleted file mode 100644 index 74c96ffc49..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.23-hardened.yml deleted file mode 100644 index abc1c2a21b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.23-permissive.yml deleted file mode 100644 index 51cc519acd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.24-hardened.yml deleted file mode 100644 index f8ddb9851c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.24-permissive.yml deleted file mode 100644 index c820f03928..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.6-hardened.yml deleted file mode 100644 index c7ac7f949a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.6-permissive.yml deleted file mode 100644 index 96ca1345aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.7-hardened.yml deleted file mode 100644 index 193753a0bc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.7-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.7-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.7-permissive.yml deleted file mode 100644 index 409645dc76..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofile-rke2-cis-1.7-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.7-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofileaks.yml deleted file mode 100644 index ea7b25b404..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofileaks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: aks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: aks-1.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofileeks.yml deleted file mode 100644 index 3b4e34437a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofileeks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: eks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: eks-1.0.1 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/serviceaccount.yaml deleted file mode 100644 index ec48ec6224..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - name: cis-operator-serviceaccount ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-serviceaccount diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/validate-install-crd.yaml deleted file mode 100644 index 562295791b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/validate-install-crd.yaml +++ /dev/null @@ -1,17 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/validate-psp-install.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/values.yaml b/charts/rancher-cis-benchmark/4.2.0-rc3/values.yaml deleted file mode 100644 index 89b97d2e4a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc3/values.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# Default values for rancher-cis-benchmark. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - cisoperator: - repository: rancher/cis-operator - tag: v1.0.12 - securityScan: - repository: rancher/security-scan - tag: v0.2.13-rc4 - sonobuoy: - repository: rancher/mirrored-sonobuoy-sonobuoy - tag: v0.56.16 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -securityScanJob: - overrideTolerations: false - tolerations: [] - -affinity: {} - -global: - cattle: - systemDefaultRegistry: "" - clusterName: "" - psp: - enabled: false - kubectl: - repository: rancher/kubectl - tag: v1.26.3 - -alerts: - enabled: false - severity: warning - metricsPort: 8080 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/Chart.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/Chart.yaml deleted file mode 100644 index 0a21a96b7d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark -apiVersion: v1 -appVersion: v4.2.0-rc4 -description: The cis-operator enables running CIS benchmark security scans on a kubernetes - cluster -icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg -keywords: -- security -name: rancher-cis-benchmark -version: 4.2.0-rc4 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/README.md b/charts/rancher-cis-benchmark/4.2.0-rc4/README.md deleted file mode 100644 index 50beab58ba..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Rancher CIS Benchmark Chart - -The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. - -# Installation - -``` -helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system -``` diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/app-readme.md b/charts/rancher-cis-benchmark/4.2.0-rc4/app-readme.md deleted file mode 100644 index 147e91ea2e..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/app-readme.md +++ /dev/null @@ -1,33 +0,0 @@ -# Rancher CIS Benchmarks - -This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). - -This chart installs the following components: - -- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. -- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. -- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. -- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. -- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. - - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. - - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. - -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/_helpers.tpl b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/_helpers.tpl deleted file mode 100644 index b7bb000422..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/_helpers.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{/* Ensure namespace is set the same everywhere */}} -{{- define "cis.namespace" -}} - {{- .Release.Namespace | default "cis-operator-system" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/alertingrule.yaml deleted file mode 100644 index 1787c88a07..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/alertingrule.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.alerts.enabled -}} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: rancher-cis-pod-monitor - namespace: {{ template "cis.namespace" . }} -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - podMetricsEndpoints: - - port: cismetrics -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-aks-1.0.yaml deleted file mode 100644 index 1ac866253f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-aks-1.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: aks-1.0 -spec: - clusterProvider: aks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.20.yaml deleted file mode 100644 index 1203e5bcc5..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.20 -spec: - clusterProvider: "" - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.23.yaml deleted file mode 100644 index 83002966d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.23 -spec: - clusterProvider: "" - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.24.yaml deleted file mode 100644 index ad73b2c34c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.24 -spec: - clusterProvider: "" - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.5.yaml deleted file mode 100644 index c9e6075fb4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.5.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.5 -spec: - clusterProvider: "" - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.6.yaml deleted file mode 100644 index 4f5d66e92f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.6 -spec: - clusterProvider: "" - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.7.yaml deleted file mode 100644 index 4f6e41b9da..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-cis-1.7.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.7 -spec: - clusterProvider: "" - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-eks-1.0.1.yaml deleted file mode 100644 index d1ba9d2954..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-eks-1.0.1.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: eks-1.0.1 -spec: - clusterProvider: eks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-gke-1.2.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-gke-1.2.0.yaml deleted file mode 100644 index c609e736fd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-gke-1.2.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: gke-1.2.0 -spec: - clusterProvider: gke - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.20-hardened.yaml deleted file mode 100644 index 147cac3906..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.20-permissive.yaml deleted file mode 100644 index d9584f7229..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.23-hardened.yaml deleted file mode 100644 index 1a928db35c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.23-permissive.yaml deleted file mode 100644 index 5a46787d51..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.24-hardened.yaml deleted file mode 100644 index 47b6be197a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.24-permissive.yaml deleted file mode 100644 index 6ded2f02bd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.6-hardened.yaml deleted file mode 100644 index 5160cf7950..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.6-permissive.yaml deleted file mode 100644 index 10c0759853..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.7-hardened.yaml deleted file mode 100644 index 7dd99a0ecf..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.7-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.7-permissive.yaml deleted file mode 100644 index 187056d5f6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-k3s-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.7-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.20-hardened.yaml deleted file mode 100644 index 4924679cb3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.20-permissive.yaml deleted file mode 100644 index 2db66d7c62..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.23-hardened.yaml deleted file mode 100644 index 12de23173d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.23-permissive.yaml deleted file mode 100644 index f9d5052541..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.24-hardened.yaml deleted file mode 100644 index 7030c793fc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.24-permissive.yaml deleted file mode 100644 index b2633eade1..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.5-hardened.yaml deleted file mode 100644 index b9154f1ada..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.5-permissive.yaml deleted file mode 100644 index 9da65d55dd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.6-hardened.yaml deleted file mode 100644 index 77f8a31df6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.6-permissive.yaml deleted file mode 100644 index 600b8df35a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.7-hardened.yaml deleted file mode 100644 index 0fe73b6ceb..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.7-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.7-permissive.yaml deleted file mode 100644 index bc54955721..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.7-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.20-hardened.yaml deleted file mode 100644 index b6cc88359c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.20-permissive.yaml deleted file mode 100644 index fd898bfe86..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.23-hardened.yaml deleted file mode 100644 index 55d96da59d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.23-permissive.yaml deleted file mode 100644 index 55fffe3209..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.24-hardened.yaml deleted file mode 100644 index f702a13726..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.24-permissive.yaml deleted file mode 100644 index 5bc70099f7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.5-hardened.yaml deleted file mode 100644 index 20091ec2b3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.5-permissive.yaml deleted file mode 100644 index 9a86906b02..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.6-hardened.yaml deleted file mode 100644 index ea2549ef39..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.6-permissive.yaml deleted file mode 100644 index 0afdaaa19b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.7-hardened.yaml deleted file mode 100644 index b387408f50..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.7-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.7-permissive.yaml deleted file mode 100644 index 850a5fdd48..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/benchmark-rke2-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.7-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/cis-roles.yaml deleted file mode 100644 index 23c93dc659..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/cis-roles.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-admin -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["create", "update", "delete", "patch","get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-view -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/configmap.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/configmap.yaml deleted file mode 100644 index 33e54656ea..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: default-clusterscanprofiles - namespace: {{ template "cis.namespace" . }} -data: - # Default ClusterScanProfiles per cluster provider type - rke: |- - <1.21.0: rke-profile-permissive-1.20 - >=1.21.0: rke-profile-permissive-1.7 - rke2: |- - <1.21.0: rke2-cis-1.20-profile-permissive - >=1.21.0: rke2-cis-1.7-profile-permissive - eks: "eks-profile" - gke: "gke-profile" - aks: "aks-profile" - k3s: "k3s-cis-1.7-profile-permissive" - default: "cis-1.7-profile" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/deployment.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/deployment.yaml deleted file mode 100644 index 8c9f72f5de..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cis-operator - namespace: {{ template "cis.namespace" . }} - labels: - cis.cattle.io/operator: cis-operator -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - template: - metadata: - labels: - cis.cattle.io/operator: cis-operator - spec: - serviceAccountName: cis-operator-serviceaccount - containers: - - name: cis-operator - image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' - imagePullPolicy: IfNotPresent - ports: - - name: cismetrics - containerPort: {{ .Values.alerts.metricsPort }} - env: - - name: SECURITY_SCAN_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} - - name: SECURITY_SCAN_IMAGE_TAG - value: {{ .Values.image.securityScan.tag }} - - name: SONOBUOY_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} - - name: SONOBUOY_IMAGE_TAG - value: {{ .Values.image.sonobuoy.tag }} - - name: CIS_ALERTS_METRICS_PORT - value: '{{ .Values.alerts.metricsPort }}' - - name: CIS_ALERTS_SEVERITY - value: {{ .Values.alerts.severity }} - - name: CIS_ALERTS_ENABLED - value: {{ .Values.alerts.enabled | default "false" | quote }} - - name: CLUSTER_NAME - value: '{{ .Values.global.cattle.clusterName }}' - - name: CIS_OPERATOR_DEBUG - value: '{{ .Values.image.cisoperator.debug }}' - {{- if .Values.securityScanJob.overrideTolerations }} - - name: SECURITY_SCAN_JOB_TOLERATIONS - value: '{{ .Values.securityScanJob.tolerations | toJson }}' - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/network_policy_allow_all.yaml deleted file mode 100644 index 6ed5d645ea..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/network_policy_allow_all.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: default-allow-all - namespace: {{ template "cis.namespace" . }} -spec: - podSelector: {} - ingress: - - {} - egress: - - {} - policyTypes: - - Ingress - - Egress diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/patch_default_serviceaccount.yaml deleted file mode 100644 index e78a6bd08a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/patch_default_serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: patch-sa - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation -spec: - template: - spec: - serviceAccountName: cis-operator-serviceaccount - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - restartPolicy: Never - containers: - - name: sa - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] - args: ["-n", {{ template "cis.namespace" . }}] - - backoffLimit: 1 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/psp.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/psp.yaml deleted file mode 100644 index 9b8a5995ee..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/psp.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: cis-psp -spec: - allowPrivilegeEscalation: true - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - hostIPC: true - hostNetwork: true - hostPID: true - hostPorts: - - max: 65535 - min: 0 - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-psp-role - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - cis-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: cis-psp-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-psp-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/rbac.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/rbac.yaml deleted file mode 100644 index 6352b972af..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/rbac.yaml +++ /dev/null @@ -1,213 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrole -rules: -- apiGroups: - - "cis.cattle.io" - resources: - - "*" - verbs: - - "*" -- apiGroups: - - "" - resources: - - "pods" - - "services" - - "configmaps" - - "nodes" - - "serviceaccounts" - verbs: - - "get" - - "list" - - "create" - - "update" - - "watch" - - "patch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "list" - - "create" - - "patch" - - "update" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-scan-ns -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: - - "*" - resources: - - "podsecuritypolicies" - verbs: - - "get" - - "list" - - "watch" -{{- end }} -- apiGroups: - - "" - resources: - - "namespaces" - - "nodes" - - "pods" - - "serviceaccounts" - - "services" - - "replicationcontrollers" - verbs: - - "get" - - "list" - - "watch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - - "cronjobs" - verbs: - - "list" -- apiGroups: - - "apps" - resources: - - "daemonsets" - - "deployments" - - "replicasets" - - "statefulsets" - verbs: - - "list" -- apiGroups: - - "autoscaling" - resources: - - "horizontalpodautoscalers" - verbs: - - "list" -- apiGroups: - - "networking.k8s.io" - resources: - - "networkpolicies" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-operator-role - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - "" - resources: - - "services" - verbs: - - "watch" - - "list" - - "get" - - "patch" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "watch" - - "list" - - "get" - - "delete" -- apiGroups: - - "" - resources: - - "configmaps" - - "pods" - - "secrets" - verbs: - - "*" -- apiGroups: - - "apps" - resources: - - "daemonsets" - verbs: - - "*" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-operator-clusterrole -subjects: -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cis-scan-ns - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-scan-ns -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-operator-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.20.yaml deleted file mode 100644 index 05263ce7da..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.20-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.20 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.23.yaml deleted file mode 100644 index c59d8f51ff..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.23-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.23 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.24.yaml deleted file mode 100644 index aa3e51c3e2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.24-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.24 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.6.yaml deleted file mode 100644 index 8a8d8bf881..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.6-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.6 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.7.yaml deleted file mode 100644 index 1a37aad835..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-cis-1.7.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.7-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.7 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.20-hardened.yml deleted file mode 100644 index a0b6cb6f6a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.20-permissive.yml deleted file mode 100644 index 89885548df..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.23-hardened.yml deleted file mode 100644 index 724412d3aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.23-permissive.yml deleted file mode 100644 index 9f9213de1c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.24-hardened.yml deleted file mode 100644 index 252251efcf..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.24-permissive.yml deleted file mode 100644 index 05555c64dc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.6-hardened.yml deleted file mode 100644 index 095e977ab2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.6-permissive.yml deleted file mode 100644 index 3b22a80c83..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.7-hardened.yml deleted file mode 100644 index 22ae9e0d23..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.7-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.7-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.7-permissive.yml deleted file mode 100644 index f79e9ed966..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-k3s-cis-1.7-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.7-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.20-hardened.yaml deleted file mode 100644 index c36cf38c90..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.20-permissive.yaml deleted file mode 100644 index cfeb4b34c6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.23-hardened.yaml deleted file mode 100644 index 0073311496..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.23-permissive.yaml deleted file mode 100644 index 085b60dfa4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.24-hardened.yaml deleted file mode 100644 index faae63e87f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.24-permissive.yaml deleted file mode 100644 index 7335a1d2d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.6-hardened.yaml deleted file mode 100644 index d38febd80f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.6-permissive.yaml deleted file mode 100644 index d31b5b0d25..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.7-hardened.yaml deleted file mode 100644 index 7b83f95bcd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.7-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.7 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.7-permissive.yaml deleted file mode 100644 index 52327c4af1..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke-1.7-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.7 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.20-hardened.yml deleted file mode 100644 index decc9b6516..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.20-permissive.yml deleted file mode 100644 index 74c96ffc49..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.23-hardened.yml deleted file mode 100644 index abc1c2a21b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.23-permissive.yml deleted file mode 100644 index 51cc519acd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.24-hardened.yml deleted file mode 100644 index f8ddb9851c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.24-permissive.yml deleted file mode 100644 index c820f03928..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.6-hardened.yml deleted file mode 100644 index c7ac7f949a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.6-permissive.yml deleted file mode 100644 index 96ca1345aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.7-hardened.yml deleted file mode 100644 index 193753a0bc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.7-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.7-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.7-permissive.yml deleted file mode 100644 index 409645dc76..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofile-rke2-cis-1.7-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.7-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofileaks.yml deleted file mode 100644 index ea7b25b404..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofileaks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: aks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: aks-1.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofileeks.yml deleted file mode 100644 index 3b4e34437a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofileeks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: eks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: eks-1.0.1 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofilegke.yml deleted file mode 100644 index 3e5e2439ac..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/scanprofilegke.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: gke-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: gke-1.2.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/serviceaccount.yaml deleted file mode 100644 index ec48ec6224..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - name: cis-operator-serviceaccount ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-serviceaccount diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/validate-install-crd.yaml deleted file mode 100644 index 562295791b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/validate-install-crd.yaml +++ /dev/null @@ -1,17 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/validate-psp-install.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc4/values.yaml b/charts/rancher-cis-benchmark/4.2.0-rc4/values.yaml deleted file mode 100644 index dc81dcba94..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc4/values.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# Default values for rancher-cis-benchmark. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - cisoperator: - repository: rancher/cis-operator - tag: v1.0.12 - securityScan: - repository: rancher/security-scan - tag: v0.2.13-rc5 - sonobuoy: - repository: rancher/mirrored-sonobuoy-sonobuoy - tag: v0.56.16 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -securityScanJob: - overrideTolerations: false - tolerations: [] - -affinity: {} - -global: - cattle: - systemDefaultRegistry: "" - clusterName: "" - psp: - enabled: false - kubectl: - repository: rancher/kubectl - tag: v1.26.3 - -alerts: - enabled: false - severity: warning - metricsPort: 8080 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/Chart.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/Chart.yaml deleted file mode 100644 index 5522fecb19..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark -apiVersion: v1 -appVersion: v4.2.0-rc5 -description: The cis-operator enables running CIS benchmark security scans on a kubernetes - cluster -icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg -keywords: -- security -name: rancher-cis-benchmark -version: 4.2.0-rc5 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/README.md b/charts/rancher-cis-benchmark/4.2.0-rc5/README.md deleted file mode 100644 index 50beab58ba..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Rancher CIS Benchmark Chart - -The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. - -# Installation - -``` -helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system -``` diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/app-readme.md b/charts/rancher-cis-benchmark/4.2.0-rc5/app-readme.md deleted file mode 100644 index 147e91ea2e..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/app-readme.md +++ /dev/null @@ -1,33 +0,0 @@ -# Rancher CIS Benchmarks - -This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). - -This chart installs the following components: - -- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. -- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. -- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. -- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. -- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. - - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. - - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. - -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/_helpers.tpl b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/_helpers.tpl deleted file mode 100644 index b7bb000422..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/_helpers.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{/* Ensure namespace is set the same everywhere */}} -{{- define "cis.namespace" -}} - {{- .Release.Namespace | default "cis-operator-system" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/alertingrule.yaml deleted file mode 100644 index 1787c88a07..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/alertingrule.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.alerts.enabled -}} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: rancher-cis-pod-monitor - namespace: {{ template "cis.namespace" . }} -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - podMetricsEndpoints: - - port: cismetrics -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-aks-1.0.yaml deleted file mode 100644 index 1ac866253f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-aks-1.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: aks-1.0 -spec: - clusterProvider: aks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.20.yaml deleted file mode 100644 index 1203e5bcc5..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.20 -spec: - clusterProvider: "" - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.23.yaml deleted file mode 100644 index 83002966d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.23 -spec: - clusterProvider: "" - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.24.yaml deleted file mode 100644 index ad73b2c34c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.24 -spec: - clusterProvider: "" - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.5.yaml deleted file mode 100644 index c9e6075fb4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.5.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.5 -spec: - clusterProvider: "" - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.6.yaml deleted file mode 100644 index 4f5d66e92f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.6 -spec: - clusterProvider: "" - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.7.yaml deleted file mode 100644 index 4f6e41b9da..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-cis-1.7.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.7 -spec: - clusterProvider: "" - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-eks-1.0.1.yaml deleted file mode 100644 index d1ba9d2954..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-eks-1.0.1.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: eks-1.0.1 -spec: - clusterProvider: eks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-gke-1.2.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-gke-1.2.0.yaml deleted file mode 100644 index c609e736fd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-gke-1.2.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: gke-1.2.0 -spec: - clusterProvider: gke - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.20-hardened.yaml deleted file mode 100644 index 147cac3906..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.20-permissive.yaml deleted file mode 100644 index d9584f7229..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.23-hardened.yaml deleted file mode 100644 index 1a928db35c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.23-permissive.yaml deleted file mode 100644 index 5a46787d51..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.24-hardened.yaml deleted file mode 100644 index 47b6be197a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.24-permissive.yaml deleted file mode 100644 index 6ded2f02bd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.6-hardened.yaml deleted file mode 100644 index 5160cf7950..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.6-permissive.yaml deleted file mode 100644 index 10c0759853..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.7-hardened.yaml deleted file mode 100644 index 7dd99a0ecf..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.7-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.7-permissive.yaml deleted file mode 100644 index 187056d5f6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-k3s-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.7-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.20-hardened.yaml deleted file mode 100644 index 4924679cb3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.20-permissive.yaml deleted file mode 100644 index 2db66d7c62..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.23-hardened.yaml deleted file mode 100644 index 12de23173d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.23-permissive.yaml deleted file mode 100644 index f9d5052541..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.24-hardened.yaml deleted file mode 100644 index 7030c793fc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.24-permissive.yaml deleted file mode 100644 index b2633eade1..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.5-hardened.yaml deleted file mode 100644 index b9154f1ada..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.5-permissive.yaml deleted file mode 100644 index 9da65d55dd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.6-hardened.yaml deleted file mode 100644 index 77f8a31df6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.6-permissive.yaml deleted file mode 100644 index 600b8df35a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.7-hardened.yaml deleted file mode 100644 index 0fe73b6ceb..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.7-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.7-permissive.yaml deleted file mode 100644 index bc54955721..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.7-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.20-hardened.yaml deleted file mode 100644 index b6cc88359c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.20-permissive.yaml deleted file mode 100644 index fd898bfe86..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.23-hardened.yaml deleted file mode 100644 index 55d96da59d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.23-permissive.yaml deleted file mode 100644 index 55fffe3209..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.24-hardened.yaml deleted file mode 100644 index f702a13726..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.24-permissive.yaml deleted file mode 100644 index 5bc70099f7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.5-hardened.yaml deleted file mode 100644 index 20091ec2b3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.5-permissive.yaml deleted file mode 100644 index 9a86906b02..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.6-hardened.yaml deleted file mode 100644 index ea2549ef39..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.6-permissive.yaml deleted file mode 100644 index 0afdaaa19b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.7-hardened.yaml deleted file mode 100644 index b387408f50..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.7-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.7-permissive.yaml deleted file mode 100644 index 850a5fdd48..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/benchmark-rke2-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.7-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/cis-roles.yaml deleted file mode 100644 index 23c93dc659..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/cis-roles.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-admin -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["create", "update", "delete", "patch","get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-view -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/configmap.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/configmap.yaml deleted file mode 100644 index 33e54656ea..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: default-clusterscanprofiles - namespace: {{ template "cis.namespace" . }} -data: - # Default ClusterScanProfiles per cluster provider type - rke: |- - <1.21.0: rke-profile-permissive-1.20 - >=1.21.0: rke-profile-permissive-1.7 - rke2: |- - <1.21.0: rke2-cis-1.20-profile-permissive - >=1.21.0: rke2-cis-1.7-profile-permissive - eks: "eks-profile" - gke: "gke-profile" - aks: "aks-profile" - k3s: "k3s-cis-1.7-profile-permissive" - default: "cis-1.7-profile" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/deployment.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/deployment.yaml deleted file mode 100644 index 8c9f72f5de..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cis-operator - namespace: {{ template "cis.namespace" . }} - labels: - cis.cattle.io/operator: cis-operator -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - template: - metadata: - labels: - cis.cattle.io/operator: cis-operator - spec: - serviceAccountName: cis-operator-serviceaccount - containers: - - name: cis-operator - image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' - imagePullPolicy: IfNotPresent - ports: - - name: cismetrics - containerPort: {{ .Values.alerts.metricsPort }} - env: - - name: SECURITY_SCAN_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} - - name: SECURITY_SCAN_IMAGE_TAG - value: {{ .Values.image.securityScan.tag }} - - name: SONOBUOY_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} - - name: SONOBUOY_IMAGE_TAG - value: {{ .Values.image.sonobuoy.tag }} - - name: CIS_ALERTS_METRICS_PORT - value: '{{ .Values.alerts.metricsPort }}' - - name: CIS_ALERTS_SEVERITY - value: {{ .Values.alerts.severity }} - - name: CIS_ALERTS_ENABLED - value: {{ .Values.alerts.enabled | default "false" | quote }} - - name: CLUSTER_NAME - value: '{{ .Values.global.cattle.clusterName }}' - - name: CIS_OPERATOR_DEBUG - value: '{{ .Values.image.cisoperator.debug }}' - {{- if .Values.securityScanJob.overrideTolerations }} - - name: SECURITY_SCAN_JOB_TOLERATIONS - value: '{{ .Values.securityScanJob.tolerations | toJson }}' - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/network_policy_allow_all.yaml deleted file mode 100644 index 6ed5d645ea..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/network_policy_allow_all.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: default-allow-all - namespace: {{ template "cis.namespace" . }} -spec: - podSelector: {} - ingress: - - {} - egress: - - {} - policyTypes: - - Ingress - - Egress diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/patch_default_serviceaccount.yaml deleted file mode 100644 index e78a6bd08a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/patch_default_serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: patch-sa - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation -spec: - template: - spec: - serviceAccountName: cis-operator-serviceaccount - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - restartPolicy: Never - containers: - - name: sa - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] - args: ["-n", {{ template "cis.namespace" . }}] - - backoffLimit: 1 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/psp.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/psp.yaml deleted file mode 100644 index 9b8a5995ee..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/psp.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: cis-psp -spec: - allowPrivilegeEscalation: true - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - hostIPC: true - hostNetwork: true - hostPID: true - hostPorts: - - max: 65535 - min: 0 - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-psp-role - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - cis-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: cis-psp-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-psp-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/rbac.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/rbac.yaml deleted file mode 100644 index 6352b972af..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/rbac.yaml +++ /dev/null @@ -1,213 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrole -rules: -- apiGroups: - - "cis.cattle.io" - resources: - - "*" - verbs: - - "*" -- apiGroups: - - "" - resources: - - "pods" - - "services" - - "configmaps" - - "nodes" - - "serviceaccounts" - verbs: - - "get" - - "list" - - "create" - - "update" - - "watch" - - "patch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "list" - - "create" - - "patch" - - "update" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-scan-ns -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: - - "*" - resources: - - "podsecuritypolicies" - verbs: - - "get" - - "list" - - "watch" -{{- end }} -- apiGroups: - - "" - resources: - - "namespaces" - - "nodes" - - "pods" - - "serviceaccounts" - - "services" - - "replicationcontrollers" - verbs: - - "get" - - "list" - - "watch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - - "cronjobs" - verbs: - - "list" -- apiGroups: - - "apps" - resources: - - "daemonsets" - - "deployments" - - "replicasets" - - "statefulsets" - verbs: - - "list" -- apiGroups: - - "autoscaling" - resources: - - "horizontalpodautoscalers" - verbs: - - "list" -- apiGroups: - - "networking.k8s.io" - resources: - - "networkpolicies" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-operator-role - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - "" - resources: - - "services" - verbs: - - "watch" - - "list" - - "get" - - "patch" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "watch" - - "list" - - "get" - - "delete" -- apiGroups: - - "" - resources: - - "configmaps" - - "pods" - - "secrets" - verbs: - - "*" -- apiGroups: - - "apps" - resources: - - "daemonsets" - verbs: - - "*" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-operator-clusterrole -subjects: -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cis-scan-ns - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-scan-ns -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-operator-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.20.yaml deleted file mode 100644 index 05263ce7da..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.20-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.20 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.23.yaml deleted file mode 100644 index c59d8f51ff..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.23-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.23 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.24.yaml deleted file mode 100644 index aa3e51c3e2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.24-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.24 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.6.yaml deleted file mode 100644 index 8a8d8bf881..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.6-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.6 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.7.yaml deleted file mode 100644 index 1a37aad835..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-cis-1.7.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.7-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.7 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.20-hardened.yml deleted file mode 100644 index a0b6cb6f6a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.20-permissive.yml deleted file mode 100644 index 89885548df..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.23-hardened.yml deleted file mode 100644 index 724412d3aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.23-permissive.yml deleted file mode 100644 index 9f9213de1c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.24-hardened.yml deleted file mode 100644 index 252251efcf..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.24-permissive.yml deleted file mode 100644 index 05555c64dc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.6-hardened.yml deleted file mode 100644 index 095e977ab2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.6-permissive.yml deleted file mode 100644 index 3b22a80c83..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.7-hardened.yml deleted file mode 100644 index 22ae9e0d23..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.7-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.7-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.7-permissive.yml deleted file mode 100644 index f79e9ed966..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-k3s-cis-1.7-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.7-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.20-hardened.yaml deleted file mode 100644 index c36cf38c90..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.20-permissive.yaml deleted file mode 100644 index cfeb4b34c6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.23-hardened.yaml deleted file mode 100644 index 0073311496..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.23-permissive.yaml deleted file mode 100644 index 085b60dfa4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.24-hardened.yaml deleted file mode 100644 index faae63e87f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.24-permissive.yaml deleted file mode 100644 index 7335a1d2d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.6-hardened.yaml deleted file mode 100644 index d38febd80f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.6-permissive.yaml deleted file mode 100644 index d31b5b0d25..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.7-hardened.yaml deleted file mode 100644 index 7b83f95bcd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.7-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.7 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.7-permissive.yaml deleted file mode 100644 index 52327c4af1..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke-1.7-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.7 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.20-hardened.yml deleted file mode 100644 index decc9b6516..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.20-permissive.yml deleted file mode 100644 index 74c96ffc49..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.23-hardened.yml deleted file mode 100644 index abc1c2a21b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.23-permissive.yml deleted file mode 100644 index 51cc519acd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.24-hardened.yml deleted file mode 100644 index f8ddb9851c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.24-permissive.yml deleted file mode 100644 index c820f03928..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.6-hardened.yml deleted file mode 100644 index c7ac7f949a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.6-permissive.yml deleted file mode 100644 index 96ca1345aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.7-hardened.yml deleted file mode 100644 index 193753a0bc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.7-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.7-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.7-permissive.yml deleted file mode 100644 index 409645dc76..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofile-rke2-cis-1.7-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.7-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofileaks.yml deleted file mode 100644 index ea7b25b404..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofileaks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: aks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: aks-1.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofileeks.yml deleted file mode 100644 index 3b4e34437a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofileeks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: eks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: eks-1.0.1 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofilegke.yml deleted file mode 100644 index 3e5e2439ac..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/scanprofilegke.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: gke-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: gke-1.2.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/serviceaccount.yaml deleted file mode 100644 index ec48ec6224..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - name: cis-operator-serviceaccount ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-serviceaccount diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/validate-install-crd.yaml deleted file mode 100644 index 562295791b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/validate-install-crd.yaml +++ /dev/null @@ -1,17 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/validate-psp-install.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc5/values.yaml b/charts/rancher-cis-benchmark/4.2.0-rc5/values.yaml deleted file mode 100644 index 2c029c7fde..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc5/values.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# Default values for rancher-cis-benchmark. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - cisoperator: - repository: rancher/cis-operator - tag: v1.0.12 - securityScan: - repository: rancher/security-scan - tag: v0.2.13-rc6 - sonobuoy: - repository: rancher/mirrored-sonobuoy-sonobuoy - tag: v0.56.16 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -securityScanJob: - overrideTolerations: false - tolerations: [] - -affinity: {} - -global: - cattle: - systemDefaultRegistry: "" - clusterName: "" - psp: - enabled: false - kubectl: - repository: rancher/kubectl - tag: v1.26.3 - -alerts: - enabled: false - severity: warning - metricsPort: 8080 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/Chart.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/Chart.yaml deleted file mode 100644 index db796b7048..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark -apiVersion: v1 -appVersion: v4.2.0-rc6 -description: The cis-operator enables running CIS benchmark security scans on a kubernetes - cluster -icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg -keywords: -- security -name: rancher-cis-benchmark -version: 4.2.0-rc6 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/README.md b/charts/rancher-cis-benchmark/4.2.0-rc6/README.md deleted file mode 100644 index 50beab58ba..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Rancher CIS Benchmark Chart - -The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. - -# Installation - -``` -helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system -``` diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/app-readme.md b/charts/rancher-cis-benchmark/4.2.0-rc6/app-readme.md deleted file mode 100644 index 147e91ea2e..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/app-readme.md +++ /dev/null @@ -1,33 +0,0 @@ -# Rancher CIS Benchmarks - -This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). - -This chart installs the following components: - -- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. -- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. -- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. -- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. -- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. - - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. - - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. - -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/_helpers.tpl b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/_helpers.tpl deleted file mode 100644 index b7bb000422..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/_helpers.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{/* Ensure namespace is set the same everywhere */}} -{{- define "cis.namespace" -}} - {{- .Release.Namespace | default "cis-operator-system" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/alertingrule.yaml deleted file mode 100644 index 1787c88a07..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/alertingrule.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.alerts.enabled -}} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: rancher-cis-pod-monitor - namespace: {{ template "cis.namespace" . }} -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - podMetricsEndpoints: - - port: cismetrics -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-aks-1.0.yaml deleted file mode 100644 index 1ac866253f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-aks-1.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: aks-1.0 -spec: - clusterProvider: aks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.20.yaml deleted file mode 100644 index 1203e5bcc5..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.20 -spec: - clusterProvider: "" - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.23.yaml deleted file mode 100644 index 83002966d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.23 -spec: - clusterProvider: "" - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.24.yaml deleted file mode 100644 index ad73b2c34c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.24 -spec: - clusterProvider: "" - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.5.yaml deleted file mode 100644 index c9e6075fb4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.5.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.5 -spec: - clusterProvider: "" - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.6.yaml deleted file mode 100644 index 4f5d66e92f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.6 -spec: - clusterProvider: "" - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.7.yaml deleted file mode 100644 index 4f6e41b9da..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-cis-1.7.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.7 -spec: - clusterProvider: "" - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-eks-1.0.1.yaml deleted file mode 100644 index d1ba9d2954..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-eks-1.0.1.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: eks-1.0.1 -spec: - clusterProvider: eks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-gke-1.2.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-gke-1.2.0.yaml deleted file mode 100644 index c609e736fd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-gke-1.2.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: gke-1.2.0 -spec: - clusterProvider: gke - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.20-hardened.yaml deleted file mode 100644 index 147cac3906..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.20-permissive.yaml deleted file mode 100644 index d9584f7229..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.23-hardened.yaml deleted file mode 100644 index 1a928db35c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.23-permissive.yaml deleted file mode 100644 index 5a46787d51..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.24-hardened.yaml deleted file mode 100644 index 47b6be197a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.24-permissive.yaml deleted file mode 100644 index 6ded2f02bd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.6-hardened.yaml deleted file mode 100644 index 5160cf7950..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.6-permissive.yaml deleted file mode 100644 index 10c0759853..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.7-hardened.yaml deleted file mode 100644 index 7dd99a0ecf..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.7-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.7-permissive.yaml deleted file mode 100644 index 187056d5f6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-k3s-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.7-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.20-hardened.yaml deleted file mode 100644 index 4924679cb3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.20-permissive.yaml deleted file mode 100644 index 2db66d7c62..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.23-hardened.yaml deleted file mode 100644 index 12de23173d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.23-permissive.yaml deleted file mode 100644 index f9d5052541..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.24-hardened.yaml deleted file mode 100644 index 7030c793fc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.24-permissive.yaml deleted file mode 100644 index b2633eade1..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.5-hardened.yaml deleted file mode 100644 index b9154f1ada..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.5-permissive.yaml deleted file mode 100644 index 9da65d55dd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.6-hardened.yaml deleted file mode 100644 index 77f8a31df6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.6-permissive.yaml deleted file mode 100644 index 600b8df35a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.7-hardened.yaml deleted file mode 100644 index 0fe73b6ceb..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.7-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.7-permissive.yaml deleted file mode 100644 index bc54955721..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.7-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.20-hardened.yaml deleted file mode 100644 index b6cc88359c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.20-permissive.yaml deleted file mode 100644 index fd898bfe86..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.23-hardened.yaml deleted file mode 100644 index 55d96da59d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.23-permissive.yaml deleted file mode 100644 index 55fffe3209..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.24-hardened.yaml deleted file mode 100644 index f702a13726..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.24-permissive.yaml deleted file mode 100644 index 5bc70099f7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.5-hardened.yaml deleted file mode 100644 index 20091ec2b3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.5-permissive.yaml deleted file mode 100644 index 9a86906b02..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.6-hardened.yaml deleted file mode 100644 index ea2549ef39..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.6-permissive.yaml deleted file mode 100644 index 0afdaaa19b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.7-hardened.yaml deleted file mode 100644 index b387408f50..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.7-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.7-permissive.yaml deleted file mode 100644 index 850a5fdd48..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/benchmark-rke2-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.7-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/cis-roles.yaml deleted file mode 100644 index 23c93dc659..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/cis-roles.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-admin -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["create", "update", "delete", "patch","get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-view -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/configmap.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/configmap.yaml deleted file mode 100644 index 33e54656ea..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: default-clusterscanprofiles - namespace: {{ template "cis.namespace" . }} -data: - # Default ClusterScanProfiles per cluster provider type - rke: |- - <1.21.0: rke-profile-permissive-1.20 - >=1.21.0: rke-profile-permissive-1.7 - rke2: |- - <1.21.0: rke2-cis-1.20-profile-permissive - >=1.21.0: rke2-cis-1.7-profile-permissive - eks: "eks-profile" - gke: "gke-profile" - aks: "aks-profile" - k3s: "k3s-cis-1.7-profile-permissive" - default: "cis-1.7-profile" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/deployment.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/deployment.yaml deleted file mode 100644 index 8c9f72f5de..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cis-operator - namespace: {{ template "cis.namespace" . }} - labels: - cis.cattle.io/operator: cis-operator -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - template: - metadata: - labels: - cis.cattle.io/operator: cis-operator - spec: - serviceAccountName: cis-operator-serviceaccount - containers: - - name: cis-operator - image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' - imagePullPolicy: IfNotPresent - ports: - - name: cismetrics - containerPort: {{ .Values.alerts.metricsPort }} - env: - - name: SECURITY_SCAN_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} - - name: SECURITY_SCAN_IMAGE_TAG - value: {{ .Values.image.securityScan.tag }} - - name: SONOBUOY_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} - - name: SONOBUOY_IMAGE_TAG - value: {{ .Values.image.sonobuoy.tag }} - - name: CIS_ALERTS_METRICS_PORT - value: '{{ .Values.alerts.metricsPort }}' - - name: CIS_ALERTS_SEVERITY - value: {{ .Values.alerts.severity }} - - name: CIS_ALERTS_ENABLED - value: {{ .Values.alerts.enabled | default "false" | quote }} - - name: CLUSTER_NAME - value: '{{ .Values.global.cattle.clusterName }}' - - name: CIS_OPERATOR_DEBUG - value: '{{ .Values.image.cisoperator.debug }}' - {{- if .Values.securityScanJob.overrideTolerations }} - - name: SECURITY_SCAN_JOB_TOLERATIONS - value: '{{ .Values.securityScanJob.tolerations | toJson }}' - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/network_policy_allow_all.yaml deleted file mode 100644 index 6ed5d645ea..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/network_policy_allow_all.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: default-allow-all - namespace: {{ template "cis.namespace" . }} -spec: - podSelector: {} - ingress: - - {} - egress: - - {} - policyTypes: - - Ingress - - Egress diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/patch_default_serviceaccount.yaml deleted file mode 100644 index e78a6bd08a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/patch_default_serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: patch-sa - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation -spec: - template: - spec: - serviceAccountName: cis-operator-serviceaccount - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - restartPolicy: Never - containers: - - name: sa - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] - args: ["-n", {{ template "cis.namespace" . }}] - - backoffLimit: 1 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/psp.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/psp.yaml deleted file mode 100644 index 9b8a5995ee..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/psp.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: cis-psp -spec: - allowPrivilegeEscalation: true - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - hostIPC: true - hostNetwork: true - hostPID: true - hostPorts: - - max: 65535 - min: 0 - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-psp-role - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - cis-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: cis-psp-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-psp-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/rbac.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/rbac.yaml deleted file mode 100644 index 6352b972af..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/rbac.yaml +++ /dev/null @@ -1,213 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrole -rules: -- apiGroups: - - "cis.cattle.io" - resources: - - "*" - verbs: - - "*" -- apiGroups: - - "" - resources: - - "pods" - - "services" - - "configmaps" - - "nodes" - - "serviceaccounts" - verbs: - - "get" - - "list" - - "create" - - "update" - - "watch" - - "patch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "list" - - "create" - - "patch" - - "update" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-scan-ns -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: - - "*" - resources: - - "podsecuritypolicies" - verbs: - - "get" - - "list" - - "watch" -{{- end }} -- apiGroups: - - "" - resources: - - "namespaces" - - "nodes" - - "pods" - - "serviceaccounts" - - "services" - - "replicationcontrollers" - verbs: - - "get" - - "list" - - "watch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - - "cronjobs" - verbs: - - "list" -- apiGroups: - - "apps" - resources: - - "daemonsets" - - "deployments" - - "replicasets" - - "statefulsets" - verbs: - - "list" -- apiGroups: - - "autoscaling" - resources: - - "horizontalpodautoscalers" - verbs: - - "list" -- apiGroups: - - "networking.k8s.io" - resources: - - "networkpolicies" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-operator-role - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - "" - resources: - - "services" - verbs: - - "watch" - - "list" - - "get" - - "patch" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "watch" - - "list" - - "get" - - "delete" -- apiGroups: - - "" - resources: - - "configmaps" - - "pods" - - "secrets" - verbs: - - "*" -- apiGroups: - - "apps" - resources: - - "daemonsets" - verbs: - - "*" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-operator-clusterrole -subjects: -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cis-scan-ns - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-scan-ns -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-operator-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.20.yaml deleted file mode 100644 index 05263ce7da..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.20-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.20 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.23.yaml deleted file mode 100644 index c59d8f51ff..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.23-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.23 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.24.yaml deleted file mode 100644 index aa3e51c3e2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.24-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.24 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.6.yaml deleted file mode 100644 index 8a8d8bf881..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.6-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.6 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.7.yaml deleted file mode 100644 index 1a37aad835..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-cis-1.7.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.7-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.7 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.20-hardened.yml deleted file mode 100644 index a0b6cb6f6a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.20-permissive.yml deleted file mode 100644 index 89885548df..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.23-hardened.yml deleted file mode 100644 index 724412d3aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.23-permissive.yml deleted file mode 100644 index 9f9213de1c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.24-hardened.yml deleted file mode 100644 index 252251efcf..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.24-permissive.yml deleted file mode 100644 index 05555c64dc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.6-hardened.yml deleted file mode 100644 index 095e977ab2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.6-permissive.yml deleted file mode 100644 index 3b22a80c83..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.7-hardened.yml deleted file mode 100644 index 22ae9e0d23..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.7-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.7-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.7-permissive.yml deleted file mode 100644 index f79e9ed966..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-k3s-cis-1.7-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.7-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.20-hardened.yaml deleted file mode 100644 index c36cf38c90..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.20-permissive.yaml deleted file mode 100644 index cfeb4b34c6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.23-hardened.yaml deleted file mode 100644 index 0073311496..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.23-permissive.yaml deleted file mode 100644 index 085b60dfa4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.24-hardened.yaml deleted file mode 100644 index faae63e87f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.24-permissive.yaml deleted file mode 100644 index 7335a1d2d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.6-hardened.yaml deleted file mode 100644 index d38febd80f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.6-permissive.yaml deleted file mode 100644 index d31b5b0d25..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.7-hardened.yaml deleted file mode 100644 index 7b83f95bcd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.7-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.7 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.7-permissive.yaml deleted file mode 100644 index 52327c4af1..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke-1.7-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.7 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.20-hardened.yml deleted file mode 100644 index decc9b6516..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.20-permissive.yml deleted file mode 100644 index 74c96ffc49..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.23-hardened.yml deleted file mode 100644 index abc1c2a21b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.23-permissive.yml deleted file mode 100644 index 51cc519acd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.24-hardened.yml deleted file mode 100644 index f8ddb9851c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.24-permissive.yml deleted file mode 100644 index c820f03928..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.6-hardened.yml deleted file mode 100644 index c7ac7f949a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.6-permissive.yml deleted file mode 100644 index 96ca1345aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.7-hardened.yml deleted file mode 100644 index 193753a0bc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.7-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.7-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.7-permissive.yml deleted file mode 100644 index 409645dc76..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofile-rke2-cis-1.7-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.7-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofileaks.yml deleted file mode 100644 index ea7b25b404..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofileaks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: aks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: aks-1.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofileeks.yml deleted file mode 100644 index 3b4e34437a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofileeks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: eks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: eks-1.0.1 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofilegke.yml deleted file mode 100644 index 3e5e2439ac..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/scanprofilegke.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: gke-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: gke-1.2.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/serviceaccount.yaml deleted file mode 100644 index ec48ec6224..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - name: cis-operator-serviceaccount ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-serviceaccount diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/validate-install-crd.yaml deleted file mode 100644 index 562295791b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/validate-install-crd.yaml +++ /dev/null @@ -1,17 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/validate-psp-install.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc6/values.yaml b/charts/rancher-cis-benchmark/4.2.0-rc6/values.yaml deleted file mode 100644 index 43f643656d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc6/values.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# Default values for rancher-cis-benchmark. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - cisoperator: - repository: rancher/cis-operator - tag: v1.0.12 - securityScan: - repository: rancher/security-scan - tag: v0.2.13-rc7 - sonobuoy: - repository: rancher/mirrored-sonobuoy-sonobuoy - tag: v0.56.16 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -securityScanJob: - overrideTolerations: false - tolerations: [] - -affinity: {} - -global: - cattle: - systemDefaultRegistry: "" - clusterName: "" - psp: - enabled: false - kubectl: - repository: rancher/kubectl - tag: v1.26.3 - -alerts: - enabled: false - severity: warning - metricsPort: 8080 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/Chart.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/Chart.yaml deleted file mode 100644 index 31e3020d9e..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark -apiVersion: v1 -appVersion: v4.2.0-rc7 -description: The cis-operator enables running CIS benchmark security scans on a kubernetes - cluster -icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg -keywords: -- security -name: rancher-cis-benchmark -version: 4.2.0-rc7 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/README.md b/charts/rancher-cis-benchmark/4.2.0-rc7/README.md deleted file mode 100644 index 50beab58ba..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Rancher CIS Benchmark Chart - -The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. - -# Installation - -``` -helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system -``` diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/app-readme.md b/charts/rancher-cis-benchmark/4.2.0-rc7/app-readme.md deleted file mode 100644 index 147e91ea2e..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/app-readme.md +++ /dev/null @@ -1,33 +0,0 @@ -# Rancher CIS Benchmarks - -This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). - -This chart installs the following components: - -- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. -- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. -- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. -- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. -- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. - - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. - - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. - -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/_helpers.tpl b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/_helpers.tpl deleted file mode 100644 index b7bb000422..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/_helpers.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{/* Ensure namespace is set the same everywhere */}} -{{- define "cis.namespace" -}} - {{- .Release.Namespace | default "cis-operator-system" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/alertingrule.yaml deleted file mode 100644 index 1787c88a07..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/alertingrule.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.alerts.enabled -}} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: rancher-cis-pod-monitor - namespace: {{ template "cis.namespace" . }} -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - podMetricsEndpoints: - - port: cismetrics -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-aks-1.0.yaml deleted file mode 100644 index 1ac866253f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-aks-1.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: aks-1.0 -spec: - clusterProvider: aks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.20.yaml deleted file mode 100644 index 1203e5bcc5..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.20 -spec: - clusterProvider: "" - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.23.yaml deleted file mode 100644 index 83002966d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.23 -spec: - clusterProvider: "" - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.24.yaml deleted file mode 100644 index ad73b2c34c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.24 -spec: - clusterProvider: "" - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.5.yaml deleted file mode 100644 index c9e6075fb4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.5.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.5 -spec: - clusterProvider: "" - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.6.yaml deleted file mode 100644 index 4f5d66e92f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.6 -spec: - clusterProvider: "" - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.7.yaml deleted file mode 100644 index 4f6e41b9da..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-cis-1.7.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.7 -spec: - clusterProvider: "" - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-eks-1.0.1.yaml deleted file mode 100644 index d1ba9d2954..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-eks-1.0.1.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: eks-1.0.1 -spec: - clusterProvider: eks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-gke-1.2.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-gke-1.2.0.yaml deleted file mode 100644 index c609e736fd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-gke-1.2.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: gke-1.2.0 -spec: - clusterProvider: gke - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.20-hardened.yaml deleted file mode 100644 index 147cac3906..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.20-permissive.yaml deleted file mode 100644 index d9584f7229..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.23-hardened.yaml deleted file mode 100644 index 1a928db35c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.23-permissive.yaml deleted file mode 100644 index 5a46787d51..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.24-hardened.yaml deleted file mode 100644 index 47b6be197a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.24-permissive.yaml deleted file mode 100644 index 6ded2f02bd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.6-hardened.yaml deleted file mode 100644 index 5160cf7950..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.6-permissive.yaml deleted file mode 100644 index 10c0759853..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.7-hardened.yaml deleted file mode 100644 index 7dd99a0ecf..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.7-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.7-permissive.yaml deleted file mode 100644 index 187056d5f6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-k3s-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.7-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.20-hardened.yaml deleted file mode 100644 index 4924679cb3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.20-permissive.yaml deleted file mode 100644 index 2db66d7c62..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.23-hardened.yaml deleted file mode 100644 index 12de23173d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.23-permissive.yaml deleted file mode 100644 index f9d5052541..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.24-hardened.yaml deleted file mode 100644 index 7030c793fc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.24-permissive.yaml deleted file mode 100644 index b2633eade1..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.5-hardened.yaml deleted file mode 100644 index b9154f1ada..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.5-permissive.yaml deleted file mode 100644 index 9da65d55dd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.6-hardened.yaml deleted file mode 100644 index 77f8a31df6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.6-permissive.yaml deleted file mode 100644 index 600b8df35a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.7-hardened.yaml deleted file mode 100644 index 0fe73b6ceb..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.7-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.7-permissive.yaml deleted file mode 100644 index bc54955721..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.7-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.20-hardened.yaml deleted file mode 100644 index b6cc88359c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.20-permissive.yaml deleted file mode 100644 index fd898bfe86..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.23-hardened.yaml deleted file mode 100644 index 55d96da59d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.23-permissive.yaml deleted file mode 100644 index 55fffe3209..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.24-hardened.yaml deleted file mode 100644 index f702a13726..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.24-permissive.yaml deleted file mode 100644 index 5bc70099f7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.5-hardened.yaml deleted file mode 100644 index 20091ec2b3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.5-permissive.yaml deleted file mode 100644 index 9a86906b02..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.6-hardened.yaml deleted file mode 100644 index ea2549ef39..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.6-permissive.yaml deleted file mode 100644 index 0afdaaa19b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.7-hardened.yaml deleted file mode 100644 index b387408f50..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.7-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.7-permissive.yaml deleted file mode 100644 index 850a5fdd48..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/benchmark-rke2-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.7-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/cis-roles.yaml deleted file mode 100644 index 23c93dc659..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/cis-roles.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-admin -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["create", "update", "delete", "patch","get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-view -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/configmap.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/configmap.yaml deleted file mode 100644 index 33e54656ea..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: default-clusterscanprofiles - namespace: {{ template "cis.namespace" . }} -data: - # Default ClusterScanProfiles per cluster provider type - rke: |- - <1.21.0: rke-profile-permissive-1.20 - >=1.21.0: rke-profile-permissive-1.7 - rke2: |- - <1.21.0: rke2-cis-1.20-profile-permissive - >=1.21.0: rke2-cis-1.7-profile-permissive - eks: "eks-profile" - gke: "gke-profile" - aks: "aks-profile" - k3s: "k3s-cis-1.7-profile-permissive" - default: "cis-1.7-profile" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/deployment.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/deployment.yaml deleted file mode 100644 index 8c9f72f5de..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cis-operator - namespace: {{ template "cis.namespace" . }} - labels: - cis.cattle.io/operator: cis-operator -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - template: - metadata: - labels: - cis.cattle.io/operator: cis-operator - spec: - serviceAccountName: cis-operator-serviceaccount - containers: - - name: cis-operator - image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' - imagePullPolicy: IfNotPresent - ports: - - name: cismetrics - containerPort: {{ .Values.alerts.metricsPort }} - env: - - name: SECURITY_SCAN_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} - - name: SECURITY_SCAN_IMAGE_TAG - value: {{ .Values.image.securityScan.tag }} - - name: SONOBUOY_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} - - name: SONOBUOY_IMAGE_TAG - value: {{ .Values.image.sonobuoy.tag }} - - name: CIS_ALERTS_METRICS_PORT - value: '{{ .Values.alerts.metricsPort }}' - - name: CIS_ALERTS_SEVERITY - value: {{ .Values.alerts.severity }} - - name: CIS_ALERTS_ENABLED - value: {{ .Values.alerts.enabled | default "false" | quote }} - - name: CLUSTER_NAME - value: '{{ .Values.global.cattle.clusterName }}' - - name: CIS_OPERATOR_DEBUG - value: '{{ .Values.image.cisoperator.debug }}' - {{- if .Values.securityScanJob.overrideTolerations }} - - name: SECURITY_SCAN_JOB_TOLERATIONS - value: '{{ .Values.securityScanJob.tolerations | toJson }}' - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/network_policy_allow_all.yaml deleted file mode 100644 index 6ed5d645ea..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/network_policy_allow_all.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: default-allow-all - namespace: {{ template "cis.namespace" . }} -spec: - podSelector: {} - ingress: - - {} - egress: - - {} - policyTypes: - - Ingress - - Egress diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/patch_default_serviceaccount.yaml deleted file mode 100644 index e78a6bd08a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/patch_default_serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: patch-sa - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation -spec: - template: - spec: - serviceAccountName: cis-operator-serviceaccount - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - restartPolicy: Never - containers: - - name: sa - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] - args: ["-n", {{ template "cis.namespace" . }}] - - backoffLimit: 1 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/psp.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/psp.yaml deleted file mode 100644 index 9b8a5995ee..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/psp.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: cis-psp -spec: - allowPrivilegeEscalation: true - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - hostIPC: true - hostNetwork: true - hostPID: true - hostPorts: - - max: 65535 - min: 0 - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-psp-role - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - cis-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: cis-psp-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-psp-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/rbac.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/rbac.yaml deleted file mode 100644 index 6352b972af..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/rbac.yaml +++ /dev/null @@ -1,213 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrole -rules: -- apiGroups: - - "cis.cattle.io" - resources: - - "*" - verbs: - - "*" -- apiGroups: - - "" - resources: - - "pods" - - "services" - - "configmaps" - - "nodes" - - "serviceaccounts" - verbs: - - "get" - - "list" - - "create" - - "update" - - "watch" - - "patch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "list" - - "create" - - "patch" - - "update" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-scan-ns -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: - - "*" - resources: - - "podsecuritypolicies" - verbs: - - "get" - - "list" - - "watch" -{{- end }} -- apiGroups: - - "" - resources: - - "namespaces" - - "nodes" - - "pods" - - "serviceaccounts" - - "services" - - "replicationcontrollers" - verbs: - - "get" - - "list" - - "watch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - - "cronjobs" - verbs: - - "list" -- apiGroups: - - "apps" - resources: - - "daemonsets" - - "deployments" - - "replicasets" - - "statefulsets" - verbs: - - "list" -- apiGroups: - - "autoscaling" - resources: - - "horizontalpodautoscalers" - verbs: - - "list" -- apiGroups: - - "networking.k8s.io" - resources: - - "networkpolicies" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-operator-role - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - "" - resources: - - "services" - verbs: - - "watch" - - "list" - - "get" - - "patch" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "watch" - - "list" - - "get" - - "delete" -- apiGroups: - - "" - resources: - - "configmaps" - - "pods" - - "secrets" - verbs: - - "*" -- apiGroups: - - "apps" - resources: - - "daemonsets" - verbs: - - "*" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-operator-clusterrole -subjects: -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cis-scan-ns - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-scan-ns -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-operator-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.20.yaml deleted file mode 100644 index 05263ce7da..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.20-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.20 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.23.yaml deleted file mode 100644 index c59d8f51ff..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.23-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.23 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.24.yaml deleted file mode 100644 index aa3e51c3e2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.24-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.24 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.6.yaml deleted file mode 100644 index 8a8d8bf881..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.6-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.6 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.7.yaml deleted file mode 100644 index 1a37aad835..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-cis-1.7.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.7-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.7 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.20-hardened.yml deleted file mode 100644 index a0b6cb6f6a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.20-permissive.yml deleted file mode 100644 index 89885548df..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.23-hardened.yml deleted file mode 100644 index 724412d3aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.23-permissive.yml deleted file mode 100644 index 9f9213de1c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.24-hardened.yml deleted file mode 100644 index 252251efcf..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.24-permissive.yml deleted file mode 100644 index 05555c64dc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.6-hardened.yml deleted file mode 100644 index 095e977ab2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.6-permissive.yml deleted file mode 100644 index 3b22a80c83..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.7-hardened.yml deleted file mode 100644 index 22ae9e0d23..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.7-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.7-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.7-permissive.yml deleted file mode 100644 index f79e9ed966..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-k3s-cis-1.7-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.7-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.20-hardened.yaml deleted file mode 100644 index c36cf38c90..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.20-permissive.yaml deleted file mode 100644 index cfeb4b34c6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.23-hardened.yaml deleted file mode 100644 index 0073311496..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.23-permissive.yaml deleted file mode 100644 index 085b60dfa4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.24-hardened.yaml deleted file mode 100644 index faae63e87f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.24-permissive.yaml deleted file mode 100644 index 7335a1d2d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.6-hardened.yaml deleted file mode 100644 index d38febd80f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.6-permissive.yaml deleted file mode 100644 index d31b5b0d25..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.7-hardened.yaml deleted file mode 100644 index 7b83f95bcd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.7-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.7 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.7-permissive.yaml deleted file mode 100644 index 52327c4af1..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke-1.7-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.7 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.20-hardened.yml deleted file mode 100644 index decc9b6516..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.20-permissive.yml deleted file mode 100644 index 74c96ffc49..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.23-hardened.yml deleted file mode 100644 index abc1c2a21b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.23-permissive.yml deleted file mode 100644 index 51cc519acd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.24-hardened.yml deleted file mode 100644 index f8ddb9851c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.24-permissive.yml deleted file mode 100644 index c820f03928..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.6-hardened.yml deleted file mode 100644 index c7ac7f949a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.6-permissive.yml deleted file mode 100644 index 96ca1345aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.7-hardened.yml deleted file mode 100644 index 193753a0bc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.7-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.7-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.7-permissive.yml deleted file mode 100644 index 409645dc76..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofile-rke2-cis-1.7-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.7-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofileaks.yml deleted file mode 100644 index ea7b25b404..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofileaks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: aks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: aks-1.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofileeks.yml deleted file mode 100644 index 3b4e34437a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofileeks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: eks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: eks-1.0.1 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofilegke.yml deleted file mode 100644 index 3e5e2439ac..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/scanprofilegke.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: gke-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: gke-1.2.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/serviceaccount.yaml deleted file mode 100644 index ec48ec6224..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - name: cis-operator-serviceaccount ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-serviceaccount diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/validate-install-crd.yaml deleted file mode 100644 index 562295791b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/validate-install-crd.yaml +++ /dev/null @@ -1,17 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/validate-psp-install.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc7/values.yaml b/charts/rancher-cis-benchmark/4.2.0-rc7/values.yaml deleted file mode 100644 index 37816e5110..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc7/values.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# Default values for rancher-cis-benchmark. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - cisoperator: - repository: rancher/cis-operator - tag: v1.0.12 - securityScan: - repository: rancher/security-scan - tag: v0.2.13-rc8 - sonobuoy: - repository: rancher/mirrored-sonobuoy-sonobuoy - tag: v0.56.16 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] - -securityScanJob: - overrideTolerations: false - tolerations: [] - -affinity: {} - -global: - cattle: - systemDefaultRegistry: "" - clusterName: "" - psp: - enabled: false - kubectl: - repository: rancher/kubectl - tag: v1.26.3 - -alerts: - enabled: false - severity: warning - metricsPort: 8080 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/Chart.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/Chart.yaml deleted file mode 100644 index 78cddde89f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/Chart.yaml +++ /dev/null @@ -1,22 +0,0 @@ -annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark -apiVersion: v1 -appVersion: v4.2.0-rc8 -description: The cis-operator enables running CIS benchmark security scans on a kubernetes - cluster -icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg -keywords: -- security -name: rancher-cis-benchmark -version: 4.2.0-rc8 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/README.md b/charts/rancher-cis-benchmark/4.2.0-rc8/README.md deleted file mode 100644 index 50beab58ba..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Rancher CIS Benchmark Chart - -The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded. - -# Installation - -``` -helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system -``` diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/app-readme.md b/charts/rancher-cis-benchmark/4.2.0-rc8/app-readme.md deleted file mode 100644 index 147e91ea2e..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/app-readme.md +++ /dev/null @@ -1,33 +0,0 @@ -# Rancher CIS Benchmarks - -This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). - -This chart installs the following components: - -- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded. -- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed. -- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans. -- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources. -- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish. - - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts. - - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. - -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/_helpers.tpl b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/_helpers.tpl deleted file mode 100644 index b7bb000422..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/_helpers.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{/* Ensure namespace is set the same everywhere */}} -{{- define "cis.namespace" -}} - {{- .Release.Namespace | default "cis-operator-system" -}} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/alertingrule.yaml deleted file mode 100644 index 1787c88a07..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/alertingrule.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.alerts.enabled -}} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: rancher-cis-pod-monitor - namespace: {{ template "cis.namespace" . }} -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - podMetricsEndpoints: - - port: cismetrics -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-aks-1.0.yaml deleted file mode 100644 index 1ac866253f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-aks-1.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: aks-1.0 -spec: - clusterProvider: aks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.20.yaml deleted file mode 100644 index 1203e5bcc5..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.20 -spec: - clusterProvider: "" - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.23.yaml deleted file mode 100644 index 83002966d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.23 -spec: - clusterProvider: "" - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.24.yaml deleted file mode 100644 index ad73b2c34c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.24 -spec: - clusterProvider: "" - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.5.yaml deleted file mode 100644 index c9e6075fb4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.5.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.5 -spec: - clusterProvider: "" - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.6.yaml deleted file mode 100644 index 4f5d66e92f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.6 -spec: - clusterProvider: "" - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.7.yaml deleted file mode 100644 index 4f6e41b9da..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-cis-1.7.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: cis-1.7 -spec: - clusterProvider: "" - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-eks-1.0.1.yaml deleted file mode 100644 index d1ba9d2954..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-eks-1.0.1.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: eks-1.0.1 -spec: - clusterProvider: eks - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-gke-1.2.0.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-gke-1.2.0.yaml deleted file mode 100644 index c609e736fd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-gke-1.2.0.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: gke-1.2.0 -spec: - clusterProvider: gke - minKubernetesVersion: "1.15.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.20-hardened.yaml deleted file mode 100644 index 147cac3906..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.20-permissive.yaml deleted file mode 100644 index d9584f7229..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.20-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.23-hardened.yaml deleted file mode 100644 index 1a928db35c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.23-permissive.yaml deleted file mode 100644 index 5a46787d51..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.23-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.24-hardened.yaml deleted file mode 100644 index 47b6be197a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.24-permissive.yaml deleted file mode 100644 index 6ded2f02bd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.24-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.6-hardened.yaml deleted file mode 100644 index 5160cf7950..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.6-permissive.yaml deleted file mode 100644 index 10c0759853..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.6-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.7-hardened.yaml deleted file mode 100644 index 7dd99a0ecf..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.7-hardened -spec: - clusterProvider: k3s - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.7-permissive.yaml deleted file mode 100644 index 187056d5f6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-k3s-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: k3s-cis-1.7-permissive -spec: - clusterProvider: k3s - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.20-hardened.yaml deleted file mode 100644 index 4924679cb3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.20-permissive.yaml deleted file mode 100644 index 2db66d7c62..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.20-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.23-hardened.yaml deleted file mode 100644 index 12de23173d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.23-permissive.yaml deleted file mode 100644 index f9d5052541..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.23-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.24-hardened.yaml deleted file mode 100644 index 7030c793fc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.24-permissive.yaml deleted file mode 100644 index b2633eade1..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.24-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.5-hardened.yaml deleted file mode 100644 index b9154f1ada..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.5-permissive.yaml deleted file mode 100644 index 9da65d55dd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.5-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.6-hardened.yaml deleted file mode 100644 index 77f8a31df6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.6-permissive.yaml deleted file mode 100644 index 600b8df35a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.6-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.7-hardened.yaml deleted file mode 100644 index 0fe73b6ceb..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.7-hardened -spec: - clusterProvider: rke - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.7-permissive.yaml deleted file mode 100644 index bc54955721..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke-cis-1.7-permissive -spec: - clusterProvider: rke - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.20-hardened.yaml deleted file mode 100644 index b6cc88359c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.20-permissive.yaml deleted file mode 100644 index fd898bfe86..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.20-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.19.0" - maxKubernetesVersion: "1.21.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.23-hardened.yaml deleted file mode 100644 index 55d96da59d..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.23-permissive.yaml deleted file mode 100644 index 55fffe3209..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.23-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.22.0" - maxKubernetesVersion: "1.23.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.24-hardened.yaml deleted file mode 100644 index f702a13726..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.24-permissive.yaml deleted file mode 100644 index 5bc70099f7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.24-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.24.0" - maxKubernetesVersion: "1.24.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.5-hardened.yaml deleted file mode 100644 index 20091ec2b3..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.5-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.5-permissive.yaml deleted file mode 100644 index 9a86906b02..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.5-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.5-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.15.0" - maxKubernetesVersion: "1.15.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.6-hardened.yaml deleted file mode 100644 index ea2549ef39..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.6-permissive.yaml deleted file mode 100644 index 0afdaaa19b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.6-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.16.0" - maxKubernetesVersion: "1.18.x" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.7-hardened.yaml deleted file mode 100644 index b387408f50..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.7-hardened.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.7-hardened -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.7-permissive.yaml deleted file mode 100644 index 850a5fdd48..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/benchmark-rke2-cis-1.7-permissive.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanBenchmark -metadata: - name: rke2-cis-1.7-permissive -spec: - clusterProvider: rke2 - minKubernetesVersion: "1.25.0" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/cis-roles.yaml deleted file mode 100644 index 23c93dc659..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/cis-roles.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-admin -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["create", "update", "delete", "patch","get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cis-view -rules: - - apiGroups: - - cis.cattle.io - resources: - - clusterscanbenchmarks - - clusterscanprofiles - - clusterscans - - clusterscanreports - verbs: ["get", "watch", "list"] - - apiGroups: - - catalog.cattle.io - resources: ["apps"] - resourceNames: ["rancher-cis-benchmark"] - verbs: ["get", "watch", "list"] - - apiGroups: - - "" - resources: - - configmaps - verbs: ["get", "watch", "list"] diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/configmap.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/configmap.yaml deleted file mode 100644 index 33e54656ea..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: default-clusterscanprofiles - namespace: {{ template "cis.namespace" . }} -data: - # Default ClusterScanProfiles per cluster provider type - rke: |- - <1.21.0: rke-profile-permissive-1.20 - >=1.21.0: rke-profile-permissive-1.7 - rke2: |- - <1.21.0: rke2-cis-1.20-profile-permissive - >=1.21.0: rke2-cis-1.7-profile-permissive - eks: "eks-profile" - gke: "gke-profile" - aks: "aks-profile" - k3s: "k3s-cis-1.7-profile-permissive" - default: "cis-1.7-profile" diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/deployment.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/deployment.yaml deleted file mode 100644 index 8c9f72f5de..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/deployment.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cis-operator - namespace: {{ template "cis.namespace" . }} - labels: - cis.cattle.io/operator: cis-operator -spec: - selector: - matchLabels: - cis.cattle.io/operator: cis-operator - template: - metadata: - labels: - cis.cattle.io/operator: cis-operator - spec: - serviceAccountName: cis-operator-serviceaccount - containers: - - name: cis-operator - image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}' - imagePullPolicy: IfNotPresent - ports: - - name: cismetrics - containerPort: {{ .Values.alerts.metricsPort }} - env: - - name: SECURITY_SCAN_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }} - - name: SECURITY_SCAN_IMAGE_TAG - value: {{ .Values.image.securityScan.tag }} - - name: SONOBUOY_IMAGE - value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }} - - name: SONOBUOY_IMAGE_TAG - value: {{ .Values.image.sonobuoy.tag }} - - name: CIS_ALERTS_METRICS_PORT - value: '{{ .Values.alerts.metricsPort }}' - - name: CIS_ALERTS_SEVERITY - value: {{ .Values.alerts.severity }} - - name: CIS_ALERTS_ENABLED - value: {{ .Values.alerts.enabled | default "false" | quote }} - - name: CLUSTER_NAME - value: '{{ .Values.global.cattle.clusterName }}' - - name: CIS_OPERATOR_DEBUG - value: '{{ .Values.image.cisoperator.debug }}' - {{- if .Values.securityScanJob.overrideTolerations }} - - name: SECURITY_SCAN_JOB_TOLERATIONS - value: '{{ .Values.securityScanJob.tolerations | toJson }}' - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/network_policy_allow_all.yaml deleted file mode 100644 index 6ed5d645ea..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/network_policy_allow_all.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: default-allow-all - namespace: {{ template "cis.namespace" . }} -spec: - podSelector: {} - ingress: - - {} - egress: - - {} - policyTypes: - - Ingress - - Egress diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/patch_default_serviceaccount.yaml deleted file mode 100644 index e78a6bd08a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/patch_default_serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: patch-sa - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation -spec: - template: - spec: - serviceAccountName: cis-operator-serviceaccount - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} -{{- end }} - restartPolicy: Never - containers: - - name: sa - image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}" - imagePullPolicy: {{ .Values.global.imagePullPolicy }} - command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] - args: ["-n", {{ template "cis.namespace" . }}] - - backoffLimit: 1 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/psp.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/psp.yaml deleted file mode 100644 index 9b8a5995ee..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/psp.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: cis-psp -spec: - allowPrivilegeEscalation: true - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - hostIPC: true - hostNetwork: true - hostPID: true - hostPorts: - - max: 65535 - min: 0 - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-psp-role - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - policy - resourceNames: - - cis-psp - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: cis-psp-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-psp-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} -{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/rbac.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/rbac.yaml deleted file mode 100644 index 6352b972af..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/rbac.yaml +++ /dev/null @@ -1,213 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrole -rules: -- apiGroups: - - "cis.cattle.io" - resources: - - "*" - verbs: - - "*" -- apiGroups: - - "" - resources: - - "pods" - - "services" - - "configmaps" - - "nodes" - - "serviceaccounts" - verbs: - - "get" - - "list" - - "create" - - "update" - - "watch" - - "patch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "list" - - "create" - - "patch" - - "update" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-scan-ns -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: - - "*" - resources: - - "podsecuritypolicies" - verbs: - - "get" - - "list" - - "watch" -{{- end }} -- apiGroups: - - "" - resources: - - "namespaces" - - "nodes" - - "pods" - - "serviceaccounts" - - "services" - - "replicationcontrollers" - verbs: - - "get" - - "list" - - "watch" -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "rolebindings" - - "clusterrolebindings" - - "clusterroles" - verbs: - - "get" - - "list" -- apiGroups: - - "batch" - resources: - - "jobs" - - "cronjobs" - verbs: - - "list" -- apiGroups: - - "apps" - resources: - - "daemonsets" - - "deployments" - - "replicasets" - - "statefulsets" - verbs: - - "list" -- apiGroups: - - "autoscaling" - resources: - - "horizontalpodautoscalers" - verbs: - - "list" -- apiGroups: - - "networking.k8s.io" - resources: - - "networkpolicies" - verbs: - - "get" - - "list" - - "watch" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cis-operator-role - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - namespace: {{ template "cis.namespace" . }} -rules: -- apiGroups: - - "" - resources: - - "services" - verbs: - - "watch" - - "list" - - "get" - - "patch" -- apiGroups: - - "batch" - resources: - - "jobs" - verbs: - - "watch" - - "list" - - "get" - - "delete" -- apiGroups: - - "" - resources: - - "configmaps" - - "pods" - - "secrets" - verbs: - - "*" -- apiGroups: - - "apps" - resources: - - "daemonsets" - verbs: - - "*" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-operator-clusterrole -subjects: -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cis-scan-ns - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cis-scan-ns -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-operator-rolebinding - namespace: {{ template "cis.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cis-operator-role -subjects: -- kind: ServiceAccount - name: cis-serviceaccount - namespace: {{ template "cis.namespace" . }} -- kind: ServiceAccount - name: cis-operator-serviceaccount - namespace: {{ template "cis.namespace" . }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.20.yaml deleted file mode 100644 index 05263ce7da..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.20.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.20-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.20 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.23.yaml deleted file mode 100644 index c59d8f51ff..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.23.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.23-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.23 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.24.yaml deleted file mode 100644 index aa3e51c3e2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.24.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.24-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.24 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.6.yaml deleted file mode 100644 index 8a8d8bf881..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.6.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.6-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.6 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.7.yaml deleted file mode 100644 index 1a37aad835..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-cis-1.7.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: cis-1.7-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: cis-1.7 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.20-hardened.yml deleted file mode 100644 index a0b6cb6f6a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.20-permissive.yml deleted file mode 100644 index 89885548df..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.23-hardened.yml deleted file mode 100644 index 724412d3aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.23-permissive.yml deleted file mode 100644 index 9f9213de1c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.24-hardened.yml deleted file mode 100644 index 252251efcf..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.24-permissive.yml deleted file mode 100644 index 05555c64dc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.6-hardened.yml deleted file mode 100644 index 095e977ab2..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.6-permissive.yml deleted file mode 100644 index 3b22a80c83..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.7-hardened.yml deleted file mode 100644 index 22ae9e0d23..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.7-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.7-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.7-permissive.yml deleted file mode 100644 index f79e9ed966..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-k3s-cis-1.7-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: k3s-cis-1.7-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: k3s-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.20-hardened.yaml deleted file mode 100644 index c36cf38c90..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.20-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.20-permissive.yaml deleted file mode 100644 index cfeb4b34c6..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.20-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.20 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.23-hardened.yaml deleted file mode 100644 index 0073311496..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.23-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.23-permissive.yaml deleted file mode 100644 index 085b60dfa4..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.23-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.23 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.24-hardened.yaml deleted file mode 100644 index faae63e87f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.24-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.24-permissive.yaml deleted file mode 100644 index 7335a1d2d8..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.24-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.24 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.6-hardened.yaml deleted file mode 100644 index d38febd80f..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.6-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.6-permissive.yaml deleted file mode 100644 index d31b5b0d25..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.6-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.6 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.7-hardened.yaml deleted file mode 100644 index 7b83f95bcd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.7-hardened.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-hardened-1.7 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.7-permissive.yaml deleted file mode 100644 index 52327c4af1..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke-1.7-permissive.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke-profile-permissive-1.7 - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.20-hardened.yml deleted file mode 100644 index decc9b6516..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.20-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.20-permissive.yml deleted file mode 100644 index 74c96ffc49..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.20-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.20-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.20-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.23-hardened.yml deleted file mode 100644 index abc1c2a21b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.23-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.23-permissive.yml deleted file mode 100644 index 51cc519acd..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.23-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.23-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.23-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.24-hardened.yml deleted file mode 100644 index f8ddb9851c..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.24-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.24-permissive.yml deleted file mode 100644 index c820f03928..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.24-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.24-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.24-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.6-hardened.yml deleted file mode 100644 index c7ac7f949a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.6-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.6-permissive.yml deleted file mode 100644 index 96ca1345aa..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.6-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.6-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.6-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.7-hardened.yml deleted file mode 100644 index 193753a0bc..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.7-hardened.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.7-profile-hardened - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.7-hardened diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.7-permissive.yml deleted file mode 100644 index 409645dc76..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofile-rke2-cis-1.7-permissive.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: rke2-cis-1.7-profile-permissive - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: rke2-cis-1.7-permissive diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofileaks.yml deleted file mode 100644 index ea7b25b404..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofileaks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: aks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: aks-1.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofileeks.yml deleted file mode 100644 index 3b4e34437a..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofileeks.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: eks-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: eks-1.0.1 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofilegke.yml deleted file mode 100644 index 3e5e2439ac..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/scanprofilegke.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: cis.cattle.io/v1 -kind: ClusterScanProfile -metadata: - name: gke-profile - annotations: - clusterscanprofile.cis.cattle.io/builtin: "true" -spec: - benchmarkVersion: gke-1.2.0 \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/serviceaccount.yaml deleted file mode 100644 index ec48ec6224..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - name: cis-operator-serviceaccount ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: {{ template "cis.namespace" . }} - labels: - app.kubernetes.io/name: rancher-cis-benchmark - app.kubernetes.io/instance: release-name - name: cis-serviceaccount diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/validate-install-crd.yaml deleted file mode 100644 index 562295791b..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/validate-install-crd.yaml +++ /dev/null @@ -1,17 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}} -# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/validate-psp-install.yaml b/charts/rancher-cis-benchmark/4.2.0-rc8/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b7..0000000000 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/Chart.yaml b/charts/rancher-cis-benchmark/4.2.0/Chart.yaml similarity index 95% rename from charts/rancher-cis-benchmark/4.2.0-rc1/Chart.yaml rename to charts/rancher-cis-benchmark/4.2.0/Chart.yaml index 6b78903ff0..2228916801 100644 --- a/charts/rancher-cis-benchmark/4.2.0-rc1/Chart.yaml +++ b/charts/rancher-cis-benchmark/4.2.0/Chart.yaml @@ -12,11 +12,11 @@ annotations: catalog.cattle.io/type: cluster-tool catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 -appVersion: v4.2.0-rc1 +appVersion: v4.2.0 description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security name: rancher-cis-benchmark -version: 4.2.0-rc1 +version: 4.2.0 diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/README.md b/charts/rancher-cis-benchmark/4.2.0/README.md similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/README.md rename to charts/rancher-cis-benchmark/4.2.0/README.md diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/app-readme.md b/charts/rancher-cis-benchmark/4.2.0/app-readme.md similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/app-readme.md rename to charts/rancher-cis-benchmark/4.2.0/app-readme.md diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/_helpers.tpl b/charts/rancher-cis-benchmark/4.2.0/templates/_helpers.tpl similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/_helpers.tpl rename to charts/rancher-cis-benchmark/4.2.0/templates/_helpers.tpl diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/alertingrule.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/alertingrule.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/alertingrule.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-aks-1.0.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-aks-1.0.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-aks-1.0.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-aks-1.0.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-cis-1.20.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-cis-1.20.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-cis-1.20.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-cis-1.23.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-cis-1.23.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-cis-1.23.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-cis-1.24.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-cis-1.24.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-cis-1.24.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-cis-1.5.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-cis-1.5.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-cis-1.5.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-cis-1.6.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-cis-1.6.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-cis-1.6.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-cis-1.7.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-cis-1.7.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-cis-1.7.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-eks-1.0.1.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-eks-1.0.1.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-eks-1.0.1.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-eks-1.0.1.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-gke-1.2.0.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-gke-1.2.0.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc3/templates/benchmark-gke-1.2.0.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-gke-1.2.0.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.20-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.20-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.20-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.20-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.20-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.20-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.23-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.23-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.23-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.23-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.23-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.23-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.24-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.24-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.24-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.24-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.24-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.24-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.6-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.6-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.6-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.6-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-k3s-cis-1.6-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.6-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.7-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.7-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.7-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.7-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-k3s-cis-1.7-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-k3s-cis-1.7-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.20-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.20-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.20-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.20-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.20-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.20-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.23-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.23-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.23-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.23-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.23-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.23-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.24-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.24-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.24-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.24-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.24-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.24-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.5-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.5-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.5-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.5-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.5-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.5-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.6-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.6-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.6-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.6-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke-cis-1.6-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.6-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.7-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.7-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.7-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.7-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke-cis-1.7-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke-cis-1.7-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.20-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.20-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.20-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.20-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.20-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.20-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.23-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.23-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.23-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.23-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.23-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.23-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.24-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.24-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.24-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.24-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.24-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.24-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.5-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.5-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.5-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.5-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.5-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.5-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.6-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.6-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.6-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.6-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/benchmark-rke2-cis-1.6-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.6-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.7-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.7-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.7-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.7-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/benchmark-rke2-cis-1.7-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/benchmark-rke2-cis-1.7-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/cis-roles.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/cis-roles.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/cis-roles.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/configmap.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/configmap.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/configmap.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/configmap.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/deployment.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/deployment.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/deployment.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/deployment.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/network_policy_allow_all.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/network_policy_allow_all.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/network_policy_allow_all.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/patch_default_serviceaccount.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/patch_default_serviceaccount.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/patch_default_serviceaccount.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/psp.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/psp.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/psp.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/psp.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/rbac.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/rbac.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/rbac.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/rbac.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-cis-1.20.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-cis-1.20.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-cis-1.20.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-cis-1.20.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-cis-1.23.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-cis-1.23.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-cis-1.23.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-cis-1.23.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-cis-1.24.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-cis-1.24.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-cis-1.24.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-cis-1.24.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-cis-1.6.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-cis-1.6.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-cis-1.6.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.7.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-cis-1.7.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-cis-1.7.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-cis-1.7.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.20-hardened.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.20-hardened.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.20-hardened.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.20-permissive.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.20-permissive.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.20-permissive.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.23-hardened.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.23-hardened.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.23-hardened.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.23-permissive.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.23-permissive.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.23-permissive.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.24-hardened.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.24-hardened.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.24-hardened.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.24-permissive.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.24-permissive.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.24-permissive.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.6-hardened.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.6-hardened.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.6-hardened.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.6-permissive.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-k3s-cis-1.6-permissive.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.6-permissive.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.7-hardened.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.7-hardened.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.7-hardened.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.7-permissive.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-k3s-cis-1.7-permissive.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-k3s-cis-1.7-permissive.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.20-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.20-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.20-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.20-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.20-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.20-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.20-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.20-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.23-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.23-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.23-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.23-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.23-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.23-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.23-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.23-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.24-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.24-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.24-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.24-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.24-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.24-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.24-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.24-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.6-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.6-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.6-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.6-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke-1.6-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.6-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.7-hardened.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.7-hardened.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.7-hardened.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.7-hardened.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.7-permissive.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.7-permissive.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke-1.7-permissive.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke-1.7-permissive.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.20-hardened.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.20-hardened.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.20-hardened.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.20-hardened.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.20-permissive.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.20-permissive.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.20-permissive.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.20-permissive.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.23-hardened.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.23-hardened.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.23-hardened.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.23-hardened.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.23-permissive.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.23-permissive.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.23-permissive.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.23-permissive.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.24-hardened.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.24-hardened.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.24-hardened.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.24-hardened.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.24-permissive.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.24-permissive.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.24-permissive.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.24-permissive.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.6-hardened.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.6-hardened.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.6-hardened.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.6-permissive.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofile-rke2-cis-1.6-permissive.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.6-permissive.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.7-hardened.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.7-hardened.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.7-hardened.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.7-hardened.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.7-permissive.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.7-permissive.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc2/templates/scanprofile-rke2-cis-1.7-permissive.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofile-rke2-cis-1.7-permissive.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofileaks.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofileaks.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofileaks.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofileaks.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofileeks.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/scanprofileeks.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofileeks.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/4.2.0/templates/scanprofilegke.yml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc3/templates/scanprofilegke.yml rename to charts/rancher-cis-benchmark/4.2.0/templates/scanprofilegke.yml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/serviceaccount.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/serviceaccount.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/serviceaccount.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/validate-install-crd.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/validate-install-crd.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/validate-install-crd.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc1/templates/validate-psp-install.yaml b/charts/rancher-cis-benchmark/4.2.0/templates/validate-psp-install.yaml similarity index 100% rename from charts/rancher-cis-benchmark/4.2.0-rc1/templates/validate-psp-install.yaml rename to charts/rancher-cis-benchmark/4.2.0/templates/validate-psp-install.yaml diff --git a/charts/rancher-cis-benchmark/4.2.0-rc8/values.yaml b/charts/rancher-cis-benchmark/4.2.0/values.yaml similarity index 98% rename from charts/rancher-cis-benchmark/4.2.0-rc8/values.yaml rename to charts/rancher-cis-benchmark/4.2.0/values.yaml index 8048fe7e0e..4f337e447d 100644 --- a/charts/rancher-cis-benchmark/4.2.0-rc8/values.yaml +++ b/charts/rancher-cis-benchmark/4.2.0/values.yaml @@ -8,7 +8,7 @@ image: tag: v1.0.12 securityScan: repository: rancher/security-scan - tag: v0.2.13-rc9 + tag: v0.2.13 sonobuoy: repository: rancher/mirrored-sonobuoy-sonobuoy tag: v0.56.16 diff --git a/index.yaml b/index.yaml index f192210d42..421d7c3fec 100755 --- a/index.yaml +++ b/index.yaml @@ -6294,200 +6294,18 @@ entries: catalog.cattle.io/type: cluster-tool catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 - appVersion: v4.2.0-rc8 - created: "2023-09-12T20:43:12.193207458+05:30" + appVersion: v4.2.0 + created: "2023-09-12T14:44:26.600268-04:00" description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster - digest: 4ab548e35036e8551e4fd78fa08908ec1a0d4742b5d0d559bf4f1e0edaca82be + digest: ea0198a114eaf3f354cbb64f474059da828d6fbc2482a6ec1822d1946121050c icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security name: rancher-cis-benchmark urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc8.tgz - version: 4.2.0-rc8 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v4.2.0-rc7 - created: "2023-09-08T14:09:47.739642-04:00" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: e8d79878d1611587930d32f8959a21ff19b26ee6635da17c172ca6e47ffbdd9e - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc7.tgz - version: 4.2.0-rc7 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v4.2.0-rc6 - created: "2023-09-01T15:10:42.270634-04:00" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: 70cabf1e0a0df72eefb7293a9465cd497a1faf1ad7310edceff482a4ac9be867 - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc6.tgz - version: 4.2.0-rc6 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v4.2.0-rc5 - created: "2023-08-15T13:52:20.164694-04:00" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: ad060c30ffff9f215f9f43fecc06b52696abdc7371dde491995f470627c173b4 - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc5.tgz - version: 4.2.0-rc5 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v4.2.0-rc4 - created: "2023-08-09T19:01:18.495985286+05:30" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: 1488ee7f8d8548328cc8fe204a06de33e50b3122d20d601f6ca4a5cf8139d0e2 - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc4.tgz - version: 4.2.0-rc4 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v4.2.0-rc3 - created: "2023-07-27T10:35:01.890745119+05:30" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: 188c3c2e9928c29f10d0173adb48680f223fad70047b0426879e1721473f4230 - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc3.tgz - version: 4.2.0-rc3 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v4.2.0-rc2 - created: "2023-07-26T15:59:01.530196-04:00" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: 419b3be8b78d97007869e6fcfbc14980aa624b9bd52d66214fac1bd26db212bd - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc2.tgz - version: 4.2.0-rc2 - - annotations: - catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: CIS Benchmark - catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.27.0-0' - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-cis-benchmark - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: rancher-cis-benchmark - apiVersion: v1 - appVersion: v4.2.0-rc1 - created: "2023-07-07T18:49:17.39364399+05:30" - description: The cis-operator enables running CIS benchmark security scans on - a kubernetes cluster - digest: 3f9e692660f5de182e795af5d58b3c78007acec74ad8d86165ad1d11e6cf8ce6 - icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg - keywords: - - security - name: rancher-cis-benchmark - urls: - - assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0-rc1.tgz - version: 4.2.0-rc1 + - assets/rancher-cis-benchmark/rancher-cis-benchmark-4.2.0.tgz + version: 4.2.0 - annotations: catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match catalog.cattle.io/certified: rancher @@ -6938,112 +6756,14 @@ entries: catalog.cattle.io/namespace: cis-operator-system catalog.cattle.io/release-name: rancher-cis-benchmark-crd apiVersion: v1 - created: "2023-09-12T20:43:12.199692073+05:30" - description: Installs the CRDs for rancher-cis-benchmark. - digest: a0ba39996b408be8c189386b945fe976a1c2fc196f663c219de24afc66d62360 - name: rancher-cis-benchmark-crd - type: application - urls: - - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc8.tgz - version: 4.2.0-rc8 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2023-09-08T14:09:47.743259-04:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: df9dab612eca8020829bd4fa60e8630713fedc4a05c7e41eb6426f39d27e6ffe - name: rancher-cis-benchmark-crd - type: application - urls: - - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc7.tgz - version: 4.2.0-rc7 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2023-09-01T15:10:42.275154-04:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 6739321ac27ba261b7939340fcf3f253a1f27a0ac339f840879899a9cec9b054 - name: rancher-cis-benchmark-crd - type: application - urls: - - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc6.tgz - version: 4.2.0-rc6 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2023-08-15T13:52:20.168373-04:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: d03384ddf8a4ce64d48f77072948487189fc11f971c3e1a706742ea58bb8cb17 - name: rancher-cis-benchmark-crd - type: application - urls: - - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc5.tgz - version: 4.2.0-rc5 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2023-08-09T19:01:18.506049192+05:30" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 53713d477d2e1dcb8a02bbea5ee80dc9b65861dc11b5e36b94fa1fdc63322f10 - name: rancher-cis-benchmark-crd - type: application - urls: - - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc4.tgz - version: 4.2.0-rc4 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2023-07-27T10:35:01.899225141+05:30" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 0d1a67809ab0c8bfea5cbd738cb197103d62b3c15e5df8347dbaf9eb3c06c1ae - name: rancher-cis-benchmark-crd - type: application - urls: - - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc3.tgz - version: 4.2.0-rc3 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2023-07-10T10:21:00.704188-04:00" - description: Installs the CRDs for rancher-cis-benchmark. - digest: 34d24d4a2a96345571b363f9d0d46322f3b246008f4542c48b8248371e392ac3 - name: rancher-cis-benchmark-crd - type: application - urls: - - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc2.tgz - version: 4.2.0-rc2 - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cis-operator-system - catalog.cattle.io/release-name: rancher-cis-benchmark-crd - apiVersion: v1 - created: "2023-07-07T18:49:17.397563149+05:30" + created: "2023-09-12T14:44:26.603211-04:00" description: Installs the CRDs for rancher-cis-benchmark. - digest: f78db8f19d4911946706db6c36f9ce441e8b9df89ef34f30c4916a22be7f7f0d + digest: 671834eb4d2aedd30f629f6d0b253ff2733fc505a52aa6bfa3664214e7c10e1e name: rancher-cis-benchmark-crd type: application urls: - - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0-rc1.tgz - version: 4.2.0-rc1 + - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-4.2.0.tgz + version: 4.2.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" diff --git a/packages/rancher-cis-benchmark/charts/Chart.yaml b/packages/rancher-cis-benchmark/charts/Chart.yaml index 78cddde89f..2228916801 100644 --- a/packages/rancher-cis-benchmark/charts/Chart.yaml +++ b/packages/rancher-cis-benchmark/charts/Chart.yaml @@ -12,11 +12,11 @@ annotations: catalog.cattle.io/type: cluster-tool catalog.cattle.io/ui-component: rancher-cis-benchmark apiVersion: v1 -appVersion: v4.2.0-rc8 +appVersion: v4.2.0 description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg keywords: - security name: rancher-cis-benchmark -version: 4.2.0-rc8 +version: 4.2.0 diff --git a/packages/rancher-cis-benchmark/charts/values.yaml b/packages/rancher-cis-benchmark/charts/values.yaml index 8048fe7e0e..4f337e447d 100644 --- a/packages/rancher-cis-benchmark/charts/values.yaml +++ b/packages/rancher-cis-benchmark/charts/values.yaml @@ -8,7 +8,7 @@ image: tag: v1.0.12 securityScan: repository: rancher/security-scan - tag: v0.2.13-rc9 + tag: v0.2.13 sonobuoy: repository: rancher/mirrored-sonobuoy-sonobuoy tag: v0.56.16 diff --git a/packages/rancher-cis-benchmark/package.yaml b/packages/rancher-cis-benchmark/package.yaml index bd635d1630..be4e5cd3e5 100644 --- a/packages/rancher-cis-benchmark/package.yaml +++ b/packages/rancher-cis-benchmark/package.yaml @@ -1,5 +1,5 @@ url: local -version: 4.2.0-rc8 +version: 4.2.0 additionalCharts: - workingDir: charts-crd crdOptions: diff --git a/release.yaml b/release.yaml index 3cb80582b4..d7a9d6913c 100644 --- a/release.yaml +++ b/release.yaml @@ -27,23 +27,9 @@ rancher-backup: rancher-backup-crd: - 102.0.2+up3.1.2-rc2 rancher-cis-benchmark: - - 4.2.0-rc1 - - 4.2.0-rc2 - - 4.2.0-rc3 - - 4.2.0-rc4 - - 4.2.0-rc5 - - 4.2.0-rc6 - - 4.2.0-rc7 - - 4.2.0-rc8 + - 4.2.0 rancher-cis-benchmark-crd: - - 4.2.0-rc1 - - 4.2.0-rc2 - - 4.2.0-rc3 - - 4.2.0-rc4 - - 4.2.0-rc5 - - 4.2.0-rc6 - - 4.2.0-rc7 - - 4.2.0-rc8 + - 4.2.0 rancher-eks-operator: - 102.1.1+up1.2.0 - 102.1.4+up1.2.2-rc6