Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[dev-v2.7] rancher-cis-benchmark 4.5.0-rc1 add #3763

Merged
merged 4 commits into from
Apr 15, 2024
Merged

[dev-v2.7] rancher-cis-benchmark 4.5.0-rc1 add #3763

merged 4 commits into from
Apr 15, 2024

Conversation

vardhaman22
Copy link
Contributor

@vardhaman22 vardhaman22 commented Apr 10, 2024
edited
Loading

Issue:

rancher/cis-operator#291 and rancher/cis-operator#293

Problem

cis 4.4.0 chart has templates for benchmarks and scanproflies for k8s version which are not supported in rancher v2.7.x.
also there were issues with audit commands for 1.1.20 and 1.1.21 in k3s profiles.

Solution

  1. updated kube version annotation of the chart.
  2. removed old benchmarks and scanpofiles templates.
1.5
1.6
1.20
  1. bumped security scan and kubectl image.(new security scan image includes fix for k3s checks)
  2. added documentation for cis k8s version compatibility.

Testing

Engineering Testing

Manual Testing

Automated Testing

QA Testing Considerations

Regressions Considerations

Backporting considerations

@vardhaman22 vardhaman22 requested review from a team as code owners April 10, 2024 09:29
@github-actions GitHub Actions
Copy link

Validation steps

  • Ensure all container images have repository and tag on the same level to ensure that all container images are included in rancher-images.txt which are used by airgap customers.
  Ex:-
    longhorn-controller:
      repository: rancher/hardened-sriov-cni
      tag: v2.6.3-build20230913
  • Add a 👍 (thumbs up) reaction to this comment once done. CI won't pass without this reaction to the github-action bot's latest validation comment.
  • Approve the PR to run the CI check.

@vardhaman22 vardhaman22 requested a review from andypitcher April 11, 2024 04:33
@github-actions GitHub Actions
Copy link

Validation steps

  • Ensure all container images have repository and tag on the same level to ensure that all container images are included in rancher-images.txt which are used by airgap customers.
  Ex:-
    longhorn-controller:
      repository: rancher/hardened-sriov-cni
      tag: v2.6.3-build20230913
  • Add a 👍 (thumbs up) reaction to this comment once done. CI won't pass without this reaction to the github-action bot's latest validation comment.
  • Approve the PR to run the CI check.

@github-actions GitHub Actions
Copy link

Validation steps

  • Ensure all container images have repository and tag on the same level to ensure that all container images are included in rancher-images.txt which are used by airgap customers.
  Ex:-
    longhorn-controller:
      repository: rancher/hardened-sriov-cni
      tag: v2.6.3-build20230913
  • Add a 👍 (thumbs up) reaction to this comment once done. CI won't pass without this reaction to the github-action bot's latest validation comment.
  • Approve the PR to run the CI check.

andypitcher
andypitcher approved these changes Apr 12, 2024
View reviewed changes
Copy link

@andypitcher andypitcher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm.

@github-actions GitHub Actions
Copy link

Validation steps

  • Ensure all container images have repository and tag on the same level to ensure that all container images are included in rancher-images.txt which are used by airgap customers.
  Ex:-
    longhorn-controller:
      repository: rancher/hardened-sriov-cni
      tag: v2.6.3-build20230913
  • Add a 👍 (thumbs up) reaction to this comment once done. CI won't pass without this reaction to the github-action bot's latest validation comment.
  • Approve the PR to run the CI check.

@vardhaman22 vardhaman22 merged commit 2034a8c into rancher:dev-v2.7 Apr 15, 2024
6 checks passed
lucasmlp pushed a commit that referenced this pull request May 7, 2024
@vardhaman22 @lucasmlp
[dev-v2.7] rancher-cis-benchmark 4.5.0-rc1 add (#3763)
28cb599
@lucasmlp lucasmlp mentioned this pull request May 7, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andypitcher andypitcher andypitcher approved these changes

@adamkpickering adamkpickering adamkpickering approved these changes

@mitulshah-suse mitulshah-suse mitulshah-suse approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vardhaman22 @andypitcher @adamkpickering @mitulshah-suse