Skip to content

Commit 8f56898

Browse files
vardhaman22vardhaman22
authored
Merge pull request #619 from vardhaman22/update-chart-version
[main] sync main chart with released chart
2 parents 53eef07 + 8e5095c commit 8f56898

11 files changed

+69
-49
lines changed

chart/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,11 @@ annotations:
1212
catalog.cattle.io/type: cluster-tool
1313
catalog.cattle.io/ui-component: rancher-cis-benchmark
1414
apiVersion: v1
15-
appVersion: v7.0.0
15+
appVersion: v8.0.0-rc.1
1616
description: The cis-operator enables running CIS benchmark security scans on a kubernetes
1717
cluster
1818
icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
1919
keywords:
2020
- security
2121
name: rancher-cis-benchmark
22-
version: 7.0.0
22+
version: 8.0.0-rc.1

chart/app-readme.md

Lines changed: 15 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
12
# Rancher CIS Benchmarks
23

34
This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
@@ -18,16 +19,17 @@ This chart installs the following components:
1819

1920
| Source | Kubernetes distribution | scan profile | Kubernetes versions |
2021
|--------|-------------------------|--------------------------------------------------------------------------------------------------------------------|---------------------|
21-
| CIS | any | [cis-1.9](https://github.com/aquasecurity/kube-bench/tree/main/cfg/cis-1.9) | v1.27+ |
22-
| CIS | any | [cis-1.8](https://github.com/aquasecurity/kube-bench/tree/main/cfg/cis-1.8) | v1.26 |
23-
| CIS | rke | [rke-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/main/package/cfg/rke-cis-1.8-permissive) | rke1-v1.26+ |
24-
| CIS | rke | [rke-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/main/package/cfg/rke-cis-1.8-hardened) | rke1-v1.26+ |
25-
| CIS | rke2 | [rke2-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/main/package/cfg/rke2-cis-1.8-permissive) | rke2-v1.26+ |
26-
| CIS | rke2 | [rke2-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/main/package/cfg/rke2-cis-1.8-hardened) | rke2-v1.26+ |
27-
| CIS | k3s | [k3s-cis-1.9](https://github.com/rancher/security-scan/tree/main/package/cfg/k3s-cis-1.9) | k3s-v1.27+ |
28-
| CIS | k3s | [k3s-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/main/package/cfg/k3s-cis-1.8-permissive) | k3s-v1.26 |
29-
| CIS | k3s | [k3s-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/main/package/cfg/k3s-cis-1.8-hardened) | k3s-v1.26 |
30-
| CIS | eks | [eks-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/eks-1.2.0) | eks |
31-
| CIS | aks | [aks-1.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/aks-1.0) | aks |
32-
| CIS | gke | [gke-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/gke-1.2.0) | gke-1.20 |
33-
| CIS | gke | [gke-1.6.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/gke-1.6.0) | gke-1.29+ |
22+
| CIS | any | [cis-1.9](https://github.com/aquasecurity/kube-bench/tree/main/cfg/cis-1.9) | v1.27+ |
23+
| CIS | any | [cis-1.8](https://github.com/aquasecurity/kube-bench/tree/main/cfg/cis-1.8) | v1.26 |
24+
| CIS | rke | [rke-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke-cis-1.8-permissive) | rke1-v1.26+ |
25+
| CIS | rke | [rke-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke-cis-1.8-hardened) | rke1-v1.26+ |
26+
| CIS | rke2 | [rke2-cis-1.9](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke2-cis-1.9) | rke2-v1.27+ |
27+
| CIS | rke2 | [rke2-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke2-cis-1.8-permissive) | rke2-v1.26 |
28+
| CIS | rke2 | [rke2-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/rke2-cis-1.8-hardened) | rke2-v1.26 |
29+
| CIS | k3s | [k3s-cis-1.9](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/k3s-cis-1.9) | k3s-v1.27+ |
30+
| CIS | k3s | [k3s-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/k3s-cis-1.8-permissive) | k3s-v1.26 |
31+
| CIS | k3s | [k3s-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/k3s-cis-1.8-hardened) | k3s-v1.26 |
32+
| CIS | eks | [eks-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/eks-1.2.0) | eks |
33+
| CIS | aks | [aks-1.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/aks-1.0) | aks |
34+
| CIS | gke | [gke-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/gke-1.2.0) | gke-1.20 |
35+
| CIS | gke | [gke-1.6.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/gke-1.6.0) | gke-1.29+ |

chart/templates/benchmark-rke2-cis-1.8-hardened.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,4 @@ metadata:
66
spec:
77
clusterProvider: rke2
88
minKubernetesVersion: "1.26.0"
9+
maxKubernetesVersion: "1.26.x"

chart/templates/benchmark-rke2-cis-1.8-permissive.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,4 @@ metadata:
66
spec:
77
clusterProvider: rke2
88
minKubernetesVersion: "1.26.0"
9+
maxKubernetesVersion: "1.26.x"

chart/templates/benchmark-rke2-cis-1.9.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
---
2+
apiVersion: cis.cattle.io/v1
3+
kind: ClusterScanBenchmark
4+
metadata:
5+
name: rke2-cis-1.9
6+
spec:
7+
clusterProvider: rke2
8+
minKubernetesVersion: "1.27.0"

chart/templates/configmap.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ data:
1010
>=1.21.0: rke-profile-permissive-1.8
1111
rke2: |-
1212
<1.21.0: rke2-cis-1.20-profile-permissive
13-
>=1.21.0: rke2-cis-1.8-profile-permissive
13+
>=1.21.0: rke2-cis-1.9-profile
1414
eks: "eks-profile"
1515
gke: "gke-profile-1.6.0"
1616
aks: "aks-profile"

chart/templates/rbac.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ rules:
3333
- "rolebindings"
3434
- "clusterrolebindings"
3535
- "clusterroles"
36+
- "roles"
3637
verbs:
3738
- "get"
3839
- "list"
@@ -74,6 +75,7 @@ rules:
7475
- "rolebindings"
7576
- "clusterrolebindings"
7677
- "clusterroles"
78+
- "roles"
7779
verbs:
7880
- "get"
7981
- "list"

chart/templates/scanprofile-rke2-cis-1.9.yaml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
---
2+
apiVersion: cis.cattle.io/v1
3+
kind: ClusterScanProfile
4+
metadata:
5+
name: rke2-cis-1.9-profile
6+
annotations:
7+
clusterscanprofile.cis.cattle.io/builtin: "true"
8+
spec:
9+
benchmarkVersion: rke2-cis-1.9

chart/values.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,10 @@
55
image:
66
cisoperator:
77
repository: rancher/cis-operator
8-
tag: v1.3.3
8+
tag: v1.4.0-rc.1
99
securityScan:
1010
repository: rancher/security-scan
11-
tag: v0.5.2
11+
tag: v0.5.4-rc.1
1212
sonobuoy:
1313
repository: rancher/mirrored-sonobuoy-sonobuoy
1414
tag: v0.57.2

go.mod

Lines changed: 8 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
module github.com/rancher/cis-operator
22

3-
go 1.23
3+
go 1.23.4
44

55
toolchain go1.23.5
66

@@ -11,22 +11,22 @@ require (
1111
github.com/prometheus/client_golang v1.20.5
1212
github.com/rancher/kubernetes-provider-detector v0.1.5
1313
github.com/rancher/lasso v0.0.0-20240924233157-8f384efc8813
14-
github.com/rancher/security-scan v0.5.3
14+
github.com/rancher/security-scan v0.5.4-rc.1
1515
github.com/rancher/wrangler/v3 v3.1.0
1616
github.com/robfig/cron v1.2.0
1717
github.com/sirupsen/logrus v1.9.3
1818
github.com/urfave/cli v1.22.16
1919
golang.org/x/crypto/x509roots/fallback v0.0.0-20241107225453-6018723c7405
20-
k8s.io/api v0.31.5
20+
k8s.io/api v0.32.0
2121
k8s.io/apiextensions-apiserver v0.31.5
22-
k8s.io/apimachinery v0.31.5
23-
k8s.io/client-go v0.31.5
22+
k8s.io/apimachinery v0.32.0
23+
k8s.io/client-go v0.32.0
2424
)
2525

2626
require (
27-
github.com/aquasecurity/kube-bench v0.9.4 // indirect
28-
github.com/aws/aws-sdk-go-v2 v1.32.6 // indirect
29-
github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.0 // indirect
27+
github.com/aquasecurity/kube-bench v0.10.0 // indirect
28+
github.com/aws/aws-sdk-go-v2 v1.32.8 // indirect
29+
github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.3 // indirect
3030
github.com/aws/smithy-go v1.22.1 // indirect
3131
github.com/beorn7/perks v1.0.1 // indirect
3232
github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -49,7 +49,6 @@ require (
4949
github.com/google/gofuzz v1.2.0 // indirect
5050
github.com/google/uuid v1.6.0 // indirect
5151
github.com/hashicorp/hcl v1.0.0 // indirect
52-
github.com/imdario/mergo v0.3.16 // indirect
5352
github.com/josharian/intern v1.0.0 // indirect
5453
github.com/json-iterator/go v1.1.12 // indirect
5554
github.com/klauspost/compress v1.17.11 // indirect

0 commit comments

Comments
 (0)