[v2.8] Removed support for CIS scan profile and benchmarks for versions prior to k8s 1.25 #3721
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Validation steps
Ex:-
longhorn-controller:
repository: rancher/hardened-sriov-cni
tag: v2.6.3-build20230913
|
chiukapoor
force-pushed
the
remove-old-k8s
branch
from
ea951d9
to
33bd58d
Compare
Validation steps
Ex:-
longhorn-controller:
repository: rancher/hardened-sriov-cni
tag: v2.6.3-build20230913
|
chiukapoor
force-pushed
the
remove-old-k8s
branch
from
33bd58d
to
5f4f728
Compare
Validation steps
Ex:-
longhorn-controller:
repository: rancher/hardened-sriov-cni
tag: v2.6.3-build20230913
|
adamkpickering
approved these changes
Apr 1, 2024
chiukapoor
force-pushed
the
remove-old-k8s
branch
from
5f4f728
to
84082ea
Compare
Validation steps
Ex:-
longhorn-controller:
repository: rancher/hardened-sriov-cni
tag: v2.6.3-build20230913
|
chiukapoor
force-pushed
the
remove-old-k8s
branch
from
84082ea
to
8e36d98
Compare
Validation steps
Ex:-
longhorn-controller:
repository: rancher/hardened-sriov-cni
tag: v2.6.3-build20230913
|
andypitcher
reviewed
Apr 3, 2024
|
|
||
| This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). | ||
|
|
||
| For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). |
There was a problem hiding this comment.
Suggested change
| For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). | |
| For more information on how to use the feature, refer to our [docs](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/cis-scan-guides). |
Update link to latest documentation.
| This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/). | ||
|
|
||
| For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/). | ||
|
|
There was a problem hiding this comment.
Suggested change
| ## CIS Kubernetes Benchmark support | |
| | Source | Kubernetes distribution | scan profile | Kubernetes versions | | |
| |--------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------|---------------------| | |
| | CIS | any | [cis-1.7](https://github.com/rancher/security-scan/tree/master/package/cfg/cis-1.7) | v1.25 | | |
| | CIS | any | [cis-1.8](https://github.com/rancher/security-scan/tree/master/package/cfg/cis-1.8) | v1.26+ | | |
| | CIS | rke | [rke-cis-1.7-permissive](https://github.com/rancher/security-scan/tree/master/package/cfg/rke-cis-1.7-permissive) | rke1-v1.25 | | |
| | CIS | rke | [rke-cis-1.7-permissive](https://github.com/rancher/security-scan/tree/master/package/cfg/rke-cis-1.7-permissive) | rke1-v1.25 | | |
| | CIS | rke | [rke-cis-1.7-hardened](https://github.com/rancher/security-scan/tree/master/package/cfg/rke-cis-1.7-hardened) | rke1-v1.25 | | |
| | CIS | rke | [rke-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/master/package/cfg/rke-cis-1.8-permissive) | rke1-v1.26+ | | |
| | CIS | rke | [rke-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/master/package/cfg/rke-cis-1.8-hardened) | rke1-v1.26+ | | |
| | CIS | rke2 | [rke2-cis-1.7-permissive](https://github.com/rancher/security-scan/tree/master/package/cfg/rke2-cis-1.7-permissive) | rke2-v1.25 | | |
| | CIS | rke2 | [rke2-cis-1.7-hardened](https://github.com/rancher/security-scan/tree/master/package/cfg/rke2-cis-1.7-hardened) | rke2-v1.25 | | |
| | CIS | rke2 | [rke2-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/master/package/cfg/rke2-cis-1.8-permissive) | rke2-v1.26+ | | |
| | CIS | rke2 | [rke2-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/master/package/cfg/rke2-cis-1.8-hardened) | rke2-v1.26+ | | |
| | CIS | k3s | [k3s-cis-1.7-permissive](https://github.com/rancher/security-scan/tree/master/package/cfg/k3s-cis-1.7-permissive) | k3s-v1.25 | | |
| | CIS | k3s | [k3s-cis-1.7-hardened](https://github.com/rancher/security-scan/tree/master/package/cfg/k3s-cis-1.7-hardened) | k3s-v1.25 | | |
| | CIS | k3s | [k3s-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/master/package/cfg/k3s-cis-1.8-permissive) | k3s-v1.26+ | | |
| | CIS | k3s | [k3s-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/master/package/cfg/k3s-cis-1.8-hardened) | k3s-v1.26+ | | |
| | CIS | eks | eks-1.2.0 | eks | | |
| | CIS | aks | aks-1.0 | aks | | |
| | CIS | gke | gke-1.2.0 | gke | |
Adding more details in the chart info about supported versions, as it's done on kube-bench: https://github.com/aquasecurity/kube-bench/blob/main/docs/platforms.md .
chiukapoor
force-pushed
the
remove-old-k8s
branch
from
8e36d98
to
311d821
Compare
Validation steps
Ex:-
longhorn-controller:
repository: rancher/hardened-sriov-cni
tag: v2.6.3-build20230913
|
nicholasSUSE
approved these changes
Apr 8, 2024
There was a problem hiding this comment.
Hello, we have improved the Charts documentation regarding Pull Request Rules.
Please take a look at it before making any new Pull Requests.
We are still approving Pull Requests and starting to inform all teams, soon we will require the standard in the documentation.
https://github.com/rancher/charts?tab=readme-ov-file#pull-request-rules
chiukapoor
force-pushed
the
remove-old-k8s
branch
from
311d821
to
b73b123
Compare
Validation steps
Ex:-
longhorn-controller:
repository: rancher/hardened-sriov-cni
tag: v2.6.3-build20230913
|
chiukapoor
force-pushed
the
remove-old-k8s
branch
from
b73b123
to
bb217e8
Compare
Validation steps
Ex:-
longhorn-controller:
repository: rancher/hardened-sriov-cni
tag: v2.6.3-build20230913
|
chiukapoor
force-pushed
the
remove-old-k8s
branch
from
bb217e8
to
9b8b455
Compare
Validation steps
Ex:-
longhorn-controller:
repository: rancher/hardened-sriov-cni
tag: v2.6.3-build20230913
|
andypitcher
approved these changes
Apr 11, 2024
…r to k8s 1.25 * Bump security-scan image to v0.2.15-rc2 * Bump kubectl to v1.28.7 * Add CIS Kubernetes Benchmark support matrix in readme and update the reference link to point to latest documentation Signed-off-by: Chirayu Kapoor <chirayu.kapoor@suse.com>
Signed-off-by: Chirayu Kapoor <chirayu.kapoor@suse.com>
chiukapoor
force-pushed
the
remove-old-k8s
branch
from
9b8b455
to
2da6ffd
Compare
Validation steps
Ex:-
longhorn-controller:
repository: rancher/hardened-sriov-cni
tag: v2.6.3-build20230913
|
vardhaman22
approved these changes
Apr 12, 2024
lucasmlp
pushed a commit
that referenced
this pull request
May 7, 2024
…ns prior to k8s 1.25 (#3721) Signed-off-by: Chirayu Kapoor <chirayu.kapoor@suse.com>
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue:
Solution
rancher-cis-benchmarktov5.2.0-rc1