Merge pull request #720 from vardhaman22/v1.2/eks-1.5.0

vardhaman22 · web-flow · commit 5a94c0b63cb1 · 2025-03-03T15:38:05.000+05:30
[release/v1.2] added eks-1.5.0 profile
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
@@ -12,11 +12,11 @@ annotations:
   catalog.cattle.io/type: cluster-tool
   catalog.cattle.io/ui-component: rancher-cis-benchmark
 apiVersion: v1
-appVersion: v6.7.0
+appVersion: v6.8.0-rc.1
 description: The cis-operator enables running CIS benchmark security scans on a kubernetes
   cluster
 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
 keywords:
 - security
 name: rancher-cis-benchmark
-version: 6.7.0
+version: 6.8.0-rc.1
diff --git a/chart/app-readme.md b/chart/app-readme.md
@@ -28,6 +28,7 @@ This chart installs the following components:
 | CIS    | k3s                     | [k3s-cis-1.9](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/k3s-cis-1.9)                                               | k3s-v1.27+          |
 | CIS    | k3s                     | [k3s-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/k3s-cis-1.8-permissive)                        | k3s-v1.26           |
 | CIS    | k3s                     | [k3s-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.4/package/cfg/k3s-cis-1.8-hardened)                          | k3s-v1.26           |
+| CIS    | eks                     | [eks-1.5.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/eks-1.5.0)                                                         | eks-1.27.0+                 |
 | CIS    | eks                     | [eks-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/eks-1.2.0)                                                       | eks                 |
 | CIS    | aks                     | [aks-1.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/aks-1.0)                                                         | aks                 |
 | CIS    | gke                     | [gke-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/gke-1.2.0)                                                       | gke-1.20            |
diff --git a/chart/templates/benchmark-eks-1.2.0.yaml b/chart/templates/benchmark-eks-1.2.0.yaml
@@ -6,3 +6,4 @@ metadata:
 spec:
   clusterProvider: eks
   minKubernetesVersion: "1.15.0"
+  maxKubernetesVersion: "1.26.x"
diff --git a/chart/templates/benchmark-eks-1.5.0.yaml b/chart/templates/benchmark-eks-1.5.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+  name: eks-1.5.0
+spec:
+  clusterProvider: eks
+  minKubernetesVersion: "1.27.0"
diff --git a/chart/templates/configmap.yaml b/chart/templates/configmap.yaml
@@ -11,7 +11,7 @@ data:
   rke2: |-
     <1.21.0: rke2-cis-1.20-profile-permissive
     >=1.21.0: rke2-cis-1.9-profile
-  eks: "eks-profile"
+  eks: "eks-profile-1.5.0"
   gke: "gke-profile-1.6.0"
   aks: "aks-profile"
   k3s: "k3s-cis-1.9-profile"
diff --git a/chart/templates/scanprofileeks-1.5.0.yml b/chart/templates/scanprofileeks-1.5.0.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+  name: eks-profile-1.5.0
+  annotations:
+    clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+  benchmarkVersion: eks-1.5.0
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -5,13 +5,13 @@
 image:
   cisoperator:
     repository: rancher/cis-operator
-    tag: v1.2.5
+    tag: v1.2.6-rc.1
   securityScan:
     repository: rancher/security-scan
-    tag: v0.4.3
+    tag: v0.4.4-rc.1
   sonobuoy:
     repository: rancher/mirrored-sonobuoy-sonobuoy
-    tag: v0.57.2
+    tag: v0.57.3
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
@@ -45,7 +45,7 @@ global:
     clusterName: ""
   kubectl:
     repository: rancher/kubectl
-    tag: v1.29.11
+    tag: v1.29.14
 
 alerts:
   enabled: false
diff --git a/go.mod b/go.mod
@@ -1,8 +1,6 @@
 module github.com/rancher/cis-operator
 
-go 1.23.5
-
-toolchain go1.23.6
+go 1.23.6
 
 // pinned these to keep deps in sync with rancher
 replace (
@@ -20,7 +18,7 @@ require (
 	github.com/prometheus/client_golang v1.21.0
 	github.com/rancher/kubernetes-provider-detector v0.1.5
 	github.com/rancher/lasso v0.0.0-20240828170735-d79536cac289
-	github.com/rancher/security-scan v0.4.3
+	github.com/rancher/security-scan v0.4.4-rc.1
 	github.com/robfig/cron v1.2.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/urfave/cli v1.22.16
@@ -37,7 +35,7 @@ require (
 )
 
 require (
-	github.com/aquasecurity/kube-bench v0.10.1 // indirect
+	github.com/aquasecurity/kube-bench v0.10.2 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.36.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.8 // indirect
 	github.com/aws/smithy-go v1.22.2 // indirect
diff --git a/go.sum b/go.sum
@@ -614,8 +614,8 @@ github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/g
 github.com/apache/arrow/go/v10 v10.0.1/go.mod h1:YvhnlEePVnBS4+0z3fhPfUy7W1Ikj0Ih0vcRo/gZ1M0=
 github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI=
 github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU=
-github.com/aquasecurity/kube-bench v0.10.1 h1:SLnScd5qnlSOETodhX4iyW4beu0Ue4au1MqJ3fUDnw0=
-github.com/aquasecurity/kube-bench v0.10.1/go.mod h1:9S67UPnASLor5+11UeikBoiG//tel5BDsei0Bo8g2Pw=
+github.com/aquasecurity/kube-bench v0.10.2 h1:wVU6K/g3LJD/BAlDrphLYxs9f5PNRcon+ozZ6S/fMVU=
+github.com/aquasecurity/kube-bench v0.10.2/go.mod h1:TYImH07Qr2XA09VCBUiQDs6vilbTyourr0B+qq/AtN8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/aws/aws-sdk-go-v2 v1.36.0 h1:b1wM5CcE65Ujwn565qcwgtOTT1aT4ADOHHgglKjG7fk=
 github.com/aws/aws-sdk-go-v2 v1.36.0/go.mod h1:5PMILGVKiW32oDzjj6RU52yrNrDPUHcbZQYr1sM7qmM=
@@ -1037,8 +1037,8 @@ github.com/rancher/kubernetes-provider-detector v0.1.5 h1:hWRAsWuJOemzGjz/XrbTlM
 github.com/rancher/kubernetes-provider-detector v0.1.5/go.mod h1:ypuJS7kP7rUiAn330xG46mj+Nhvym05GM8NqMVekpH0=
 github.com/rancher/lasso v0.0.0-20240828170735-d79536cac289 h1:gbV7qLOcEgyTgep2ocl8FFhfGOUMQuvfV5OIIENHWT4=
 github.com/rancher/lasso v0.0.0-20240828170735-d79536cac289/go.mod h1:Efx/+BbH3ivmnTPLu5cA3Gc9wT5oyGS0LBcqEuYTx+A=
-github.com/rancher/security-scan v0.4.3 h1:m6OQlM2+sVgbKdnU++m1VWoNpPsVg5vaQSN3hNtPyFY=
-github.com/rancher/security-scan v0.4.3/go.mod h1:LS57VSm7BMu+KMB2l/KvVfLD+uuXzgHO76WvAHorQIo=
+github.com/rancher/security-scan v0.4.4-rc.1 h1:WOHm3+uOw0AMFqaTTz9jpuyLefAMqsEO8I3THpA/xX8=
+github.com/rancher/security-scan v0.4.4-rc.1/go.mod h1:1Q3NK94YVfW0/83+wmi/YsC6z0R7guWBq78Cd3B/f1c=
 github.com/rancher/wrangler/v3 v3.0.0 h1:IHHCA+vrghJDPxjtLk4fmeSCFhNe9fFzLFj3m2B0YpA=
 github.com/rancher/wrangler/v3 v3.0.0/go.mod h1:Dfckuuq7MJk2JWVBDywRlZXMxEyPxHy4XqGrPEzu5Eg=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
diff --git a/hack/make/deps.mk b/hack/make/deps.mk
@@ -4,6 +4,6 @@ GOLANGCI_VERSION = v1.64.6
 K3D_VERSION = v5.8.3
 
 # TODO: Bump aligned with Rancher Manager release line
-KUBECTL_VERSION = 1.29.11
+KUBECTL_VERSION = 1.29.14
 # renovate: datasource=github-release-attachments depName=helm/helm
 HELM_VERSION = v3.17.1
