Merge pull request #855 from swastik959/release/v1.4

feat: update CIS operator to v1.4.3 and add benchmarks for k3s and rke2 CIS 1.11

Author: swastik959

chart/Chart.yaml

@@ -12,11 +12,11 @@ annotations:
   catalog.cattle.io/type: cluster-tool
   catalog.cattle.io/ui-component: rancher-cis-benchmark
 apiVersion: v1
-appVersion: v8.2.0
+appVersion: v8.3.0-rc.1
 description: The cis-operator enables running CIS benchmark security scans on a kubernetes
   cluster
 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
 keywords:
 - security
 name: rancher-cis-benchmark
-version: 8.2.0
+version: 8.3.0-rc.1

chart/templates/benchmark-cis-1.10.yaml

@@ -5,4 +5,5 @@ metadata:
   name: cis-1.10
 spec:
   clusterProvider: ""
-  minKubernetesVersion: "1.28.0"
+  minKubernetesVersion: "1.28.0"
+  maxKubernetesVersion: "1.28.x"

chart/templates/benchmark-cis-1.11.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.11
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.29.0"

chart/templates/benchmark-k3s-cis-1.10.yaml

@@ -5,4 +5,5 @@ metadata:
   name: k3s-cis-1.10
 spec:
   clusterProvider: k3s
-  minKubernetesVersion: "1.28.0"
+  minKubernetesVersion: "1.28.0"
+  maxKubernetesVersion: "1.28.x"

chart/templates/benchmark-k3s-cis-1.11.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.11
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.29.0"

chart/templates/benchmark-rke2-cis-1.10.yaml

@@ -5,4 +5,5 @@ metadata:
   name: rke2-cis-1.10
 spec:
   clusterProvider: rke2
-  minKubernetesVersion: "1.28.0"
+  minKubernetesVersion: "1.28.0"
+  maxKubernetesVersion: "1.28.x"

chart/templates/benchmark-rke2-cis-1.11.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.11
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.29.0"

chart/templates/configmap.yaml

@@ -10,9 +10,9 @@ data:
     >=1.21.0: rke-profile-permissive-1.8
   rke2: |-
     <1.21.0: rke2-cis-1.20-profile-permissive
-    >=1.21.0: rke2-cis-1.10-profile
+    >=1.21.0: rke2-cis-1.11-profile
   eks: "eks-profile-1.5.0"
   gke: "gke-profile-1.6.0"
   aks: "aks-profile"
-  k3s: "k3s-cis-1.10-profile"
-  default: "cis-1.10-profile"
+  k3s: "k3s-cis-1.11-profile"
+  default: "cis-1.11-profile"

chart/templates/scanprofile-cis-1.11.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: cis-1.11-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: cis-1.11

chart/templates/scanprofile-k3s-cis-1.11.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: k3s-cis-1.11-profile
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: k3s-cis-1.11