Merge pull request #579 from vardhaman22/1.3/k3s-cis-1.9

[release/v1.3] added cis 1.9

Author: vardhaman22

chart/Chart.yaml

@@ -12,11 +12,11 @@ annotations:
   catalog.cattle.io/type: cluster-tool
   catalog.cattle.io/ui-component: rancher-cis-benchmark
 apiVersion: v1
-appVersion: v7.1.1
+appVersion: v7.2.0-rc.1
 description: The cis-operator enables running CIS benchmark security scans on a kubernetes
   cluster
 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
 keywords:
 - security
 name: rancher-cis-benchmark
-version: 7.1.1
+version: 7.2.0-rc.1

chart/app-readme.md

@@ -18,14 +18,17 @@ This chart installs the following components:
 
 | Source | Kubernetes distribution | scan profile                                                                                                       | Kubernetes versions |
 |--------|-------------------------|--------------------------------------------------------------------------------------------------------------------|---------------------|
-| CIS    | any                     | [cis-1.8](https://github.com/aquasecurity/kube-bench/tree/main/cfg/cis-1.8)                                                         | v1.26+               |
-| CIS    | rke                     | [rke-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke-cis-1.8-permissive)  | rke1-v1.26+         |
-| CIS    | rke                     | [rke-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke-cis-1.8-hardened)                  | rke1-v1.26+         |
-| CIS    | rke2                    | [rke2-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke2-cis-1.8-permissive) | rke2-v1.26+         |
-| CIS    | rke2                    | [rke2-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke2-cis-1.8-hardened)                 | rke2-v1.26+         |
-| CIS    | k3s                     | [k3s-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/k3s-cis-1.8-permissive)  | k3s-v1.26+           |
-| CIS    | k3s                     | [k3s-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/k3s-cis-1.8-hardened)                  | k3s-v1.26+           |
-| CIS    | eks                     | [eks-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/eks-1.2.0)                                                       | eks                 |
+| CIS    | any                     | [cis-1.9](https://github.com/aquasecurity/kube-bench/tree/main/cfg/cis-1.9)                                                         | v1.27+              |
+| CIS    | any                     | [cis-1.8](https://github.com/aquasecurity/kube-bench/tree/main/cfg/cis-1.8)                                                         | v1.26               |
+| CIS    | rke                     | [rke-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke-cis-1.8-permissive)                        | rke1-v1.26+         |
+| CIS    | rke                     | [rke-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke-cis-1.8-hardened)                          | rke1-v1.26+         |
+| CIS    | rke2                    | [rke2-cis-1.9](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke2-cis-1.9)                                              | rke2-v1.27+         |
+| CIS    | rke2                    | [rke2-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke2-cis-1.8-permissive)                       | rke2-v1.26          |
+| CIS    | rke2                    | [rke2-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke2-cis-1.8-hardened)                         | rke2-v1.26          |
+| CIS    | k3s                     | [k3s-cis-1.9](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/k3s-cis-1.9)                                               | k3s-v1.27+          |
+| CIS    | k3s                     | [k3s-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/k3s-cis-1.8-permissive)                        | k3s-v1.26           |
+| CIS    | k3s                     | [k3s-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/k3s-cis-1.8-hardened)                          | k3s-v1.26           |
+| CIS    | eks                     | [eks-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/eks-1.2.0)                                                         | eks                 |
 | CIS    | aks                     | [aks-1.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/aks-1.0)                                                         | aks                 |
-| CIS    | gke                     | [gke-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/gke-1.2.0)                                                       | gke-1.20            |
-| CIS    | gke                     | [gke-1.6.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/gke-1.6.0)                                                       | gke-1.29+           |
+| CIS    | gke                     | [gke-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/gke-1.2.0)                                                         | gke-1.20            |
+| CIS    | gke                     | [gke-1.6.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/gke-1.6.0)                                                         | gke-1.29+           |

chart/templates/benchmark-cis-1.8.yaml

@@ -6,3 +6,4 @@ metadata:
 spec:
   clusterProvider: ""
   minKubernetesVersion: "1.26.0"
+  maxKubernetesVersion: "1.26.x"

chart/templates/benchmark-cis-1.9.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: cis-1.9
+spec:
+  clusterProvider: ""
+  minKubernetesVersion: "1.27.0"

chart/templates/benchmark-k3s-cis-1.8-hardened.yaml

@@ -6,3 +6,4 @@ metadata:
 spec:
   clusterProvider: k3s
   minKubernetesVersion: "1.26.0"
+  maxKubernetesVersion: "1.26.x"

chart/templates/benchmark-k3s-cis-1.8-permissive.yaml

@@ -6,3 +6,4 @@ metadata:
 spec:
   clusterProvider: k3s
   minKubernetesVersion: "1.26.0"
+  maxKubernetesVersion: "1.26.x"

chart/templates/benchmark-k3s-cis-1.9.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: k3s-cis-1.9
+spec:
+  clusterProvider: k3s
+  minKubernetesVersion: "1.27.0"

chart/templates/benchmark-rke2-cis-1.8-hardened.yaml

@@ -6,3 +6,4 @@ metadata:
 spec:
   clusterProvider: rke2
   minKubernetesVersion: "1.26.0"
+  maxKubernetesVersion: "1.26.x"

chart/templates/benchmark-rke2-cis-1.8-permissive.yaml

@@ -6,3 +6,4 @@ metadata:
 spec:
   clusterProvider: rke2
   minKubernetesVersion: "1.26.0"
+  maxKubernetesVersion: "1.26.x"

chart/templates/benchmark-rke2-cis-1.9.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: rke2-cis-1.9
+spec:
+  clusterProvider: rke2
+  minKubernetesVersion: "1.27.0"