Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release/v1.3] added eks 1.5.0 profile and bumped chart version #706

Merged
merged 5 commits into from
Mar 3, 2025
+53 −36
Merged

[release/v1.3] added eks 1.5.0 profile and bumped chart version #706

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b926232
updated eks to v1.5.0
vardhaman22 Feb 18, 2025
7b90fae
Update chart/app-readme.md for eks version
andypitcher Feb 26, 2025
de9c9fb
bump security-scan to v0.5.5-rc.1
vardhaman22 Feb 28, 2025
b60e250
bump cis-operator,security-scan and chart version
vardhaman22 Feb 28, 2025
ec418b6
bumped k8s dependencies
vardhaman22 Mar 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions chart/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,11 @@ annotations:
catalog.cattle.io/type: cluster-tool
catalog.cattle.io/ui-component: rancher-cis-benchmark
apiVersion: v1
appVersion: v7.3.0
appVersion: v7.4.0-rc.1
description: The cis-operator enables running CIS benchmark security scans on a kubernetes
cluster
icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
keywords:
- security
name: rancher-cis-benchmark
version: 7.3.0
version: 7.4.0-rc.1
1 change: 1 addition & 0 deletions chart/app-readme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ This chart installs the following components:
| CIS | k3s | [k3s-cis-1.9](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/k3s-cis-1.9) | k3s-v1.27+ |
| CIS | k3s | [k3s-cis-1.8-permissive](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/k3s-cis-1.8-permissive) | k3s-v1.26 |
| CIS | k3s | [k3s-cis-1.8-hardened](https://github.com/rancher/security-scan/tree/release/v0.5/package/cfg/k3s-cis-1.8-hardened) | k3s-v1.26 |
| CIS | eks | [eks-1.5.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/eks-1.5.0) | eks-1.27.0+ |
| CIS | eks | [eks-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/eks-1.2.0) | eks |
| CIS | aks | [aks-1.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/aks-1.0) | aks |
| CIS | gke | [gke-1.2.0](https://github.com/aquasecurity/kube-bench/tree/main/cfg/gke-1.2.0) | gke-1.20 |
Expand Down
1 change: 1 addition & 0 deletions chart/templates/benchmark-eks-1.2.0.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,4 @@ metadata:
spec:
clusterProvider: eks
minKubernetesVersion: "1.15.0"
maxKubernetesVersion: "1.26.x"
8 changes: 8 additions & 0 deletions chart/templates/benchmark-eks-1.5.0.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
apiVersion: cis.cattle.io/v1
kind: ClusterScanBenchmark
metadata:
name: eks-1.5.0
spec:
clusterProvider: eks
minKubernetesVersion: "1.27.0"
2 changes: 1 addition & 1 deletion chart/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ data:
rke2: |-
<1.21.0: rke2-cis-1.20-profile-permissive
>=1.21.0: rke2-cis-1.9-profile
eks: "eks-profile"
eks: "eks-profile-1.5.0"
gke: "gke-profile-1.6.0"
aks: "aks-profile"
k3s: "k3s-cis-1.9-profile"
Expand Down
9 changes: 9 additions & 0 deletions chart/templates/scanprofileeks-1.5.0.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
apiVersion: cis.cattle.io/v1
kind: ClusterScanProfile
metadata:
name: eks-profile-1.5.0
annotations:
clusterscanprofile.cis.cattle.io/builtin: "true"
spec:
benchmarkVersion: eks-1.5.0
8 changes: 4 additions & 4 deletions chart/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@
image:
cisoperator:
repository: rancher/cis-operator
tag: v1.3.6
tag: v1.3.7-rc.1
securityScan:
repository: rancher/security-scan
tag: v0.5.4
tag: v0.5.5-rc.1
sonobuoy:
repository: rancher/mirrored-sonobuoy-sonobuoy
tag: v0.57.2
tag: v0.57.3

resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
Expand Down Expand Up @@ -45,7 +45,7 @@ global:
clusterName: ""
kubectl:
repository: rancher/kubectl
tag: v1.30.7
tag: v1.30.10

alerts:
enabled: false
Expand Down
18 changes: 8 additions & 10 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,13 @@
module github.com/rancher/cis-operator

go 1.23.5

toolchain go1.23.6
go 1.23.6

// to keep dependencies in sync with rancher
// k8s deps bumped due to kube bench bump in security-scan
replace (
k8s.io/api => k8s.io/api v0.31.5
k8s.io/apimachinery => k8s.io/apimachinery v0.31.5
k8s.io/client-go => k8s.io/client-go v0.31.5
k8s.io/api => k8s.io/api v0.31.6
k8s.io/apimachinery => k8s.io/apimachinery v0.31.6
k8s.io/client-go => k8s.io/client-go v0.31.6
k8s.io/gengo/v2 => k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70
k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340
sigs.k8s.io/structured-merge-diff/v4 => sigs.k8s.io/structured-merge-diff/v4 v4.4.1
Expand All @@ -22,14 +20,14 @@ require (
github.com/prometheus/client_golang v1.21.0
github.com/rancher/kubernetes-provider-detector v0.1.5
github.com/rancher/lasso v0.0.0-20240924233157-8f384efc8813
github.com/rancher/security-scan v0.5.4
github.com/rancher/security-scan v0.5.5-rc.1
github.com/rancher/wrangler/v3 v3.1.0
github.com/robfig/cron v1.2.0
github.com/sirupsen/logrus v1.9.3
github.com/urfave/cli v1.22.16
golang.org/x/crypto/x509roots/fallback v0.0.0-20250228200319-bbc689cf5cfb
k8s.io/api v0.32.1
k8s.io/apiextensions-apiserver v0.31.5
k8s.io/apiextensions-apiserver v0.31.6
k8s.io/apimachinery v0.32.1
k8s.io/client-go v0.32.1
)
Expand All @@ -49,7 +47,7 @@ require (
)

require (
github.com/aquasecurity/kube-bench v0.10.1 // indirect
github.com/aquasecurity/kube-bench v0.10.2 // indirect
github.com/aws/aws-sdk-go-v2 v1.36.0 // indirect
github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.8 // indirect
github.com/aws/smithy-go v1.22.2 // indirect
Expand Down Expand Up @@ -107,7 +105,7 @@ require (
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/code-generator v0.31.5 // indirect
k8s.io/code-generator v0.31.6 // indirect
k8s.io/gengo v0.0.0-20240826214909-a7b603a56eb7 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
Expand Down
36 changes: 18 additions & 18 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@ github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI=
github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g=
github.com/aquasecurity/kube-bench v0.10.1 h1:SLnScd5qnlSOETodhX4iyW4beu0Ue4au1MqJ3fUDnw0=
github.com/aquasecurity/kube-bench v0.10.1/go.mod h1:9S67UPnASLor5+11UeikBoiG//tel5BDsei0Bo8g2Pw=
github.com/aquasecurity/kube-bench v0.10.2 h1:wVU6K/g3LJD/BAlDrphLYxs9f5PNRcon+ozZ6S/fMVU=
github.com/aquasecurity/kube-bench v0.10.2/go.mod h1:TYImH07Qr2XA09VCBUiQDs6vilbTyourr0B+qq/AtN8=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA=
github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
Expand Down Expand Up @@ -252,8 +252,8 @@ github.com/rancher/kubernetes-provider-detector v0.1.5 h1:hWRAsWuJOemzGjz/XrbTlM
github.com/rancher/kubernetes-provider-detector v0.1.5/go.mod h1:ypuJS7kP7rUiAn330xG46mj+Nhvym05GM8NqMVekpH0=
github.com/rancher/lasso v0.0.0-20240924233157-8f384efc8813 h1:V/LY8pUHZG9Kc+xEDWDOryOnCU6/Q+Lsr9QQEQnshpU=
github.com/rancher/lasso v0.0.0-20240924233157-8f384efc8813/go.mod h1:IxgTBO55lziYhTEETyVKiT8/B5Rg92qYiRmcIIYoPgI=
github.com/rancher/security-scan v0.5.4 h1:llg69uTonGxShVe7PmhjqJu0g4O0JnJeZ3gyDaGRYwY=
github.com/rancher/security-scan v0.5.4/go.mod h1:LS57VSm7BMu+KMB2l/KvVfLD+uuXzgHO76WvAHorQIo=
github.com/rancher/security-scan v0.5.5-rc.1 h1:Q9DRwwSOkBW21TLUj7CdNGPNDAtKT8rqeTQ3Ck2K/yQ=
github.com/rancher/security-scan v0.5.5-rc.1/go.mod h1:1Q3NK94YVfW0/83+wmi/YsC6z0R7guWBq78Cd3B/f1c=
github.com/rancher/wrangler/v3 v3.1.0 h1:8ETBnQOEcZaR6WBmUSysWW7WnERBOiNTMJr4Dj3UG/s=
github.com/rancher/wrangler/v3 v3.1.0/go.mod h1:gUPHS1ANs2NyByfeERHwkGiQ1rlIa8BpTJZtNSgMlZw=
github.com/robfig/cron v1.2.0 h1:ZjScXvvxeQ63Dbyxy76Fj3AT3Ut0aKsyd2/tl3DTMuQ=
Expand Down Expand Up @@ -577,20 +577,20 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C
gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
k8s.io/api v0.31.5 h1:7jP74egbPUOCLJV5KheUnwo9gz3zzUsMIj2EPkuYK1E=
k8s.io/api v0.31.5/go.mod h1:RMyMdZG1kJjou2ng5buEti0OHlo0uFXgSzTZ/k5LeVk=
k8s.io/apiextensions-apiserver v0.31.5 h1:50+b/hHx4nyvQ+gaFH7p5myPEZyekGhGGAQb4vnBUlQ=
k8s.io/apiextensions-apiserver v0.31.5/go.mod h1:6vZ7IIlk3l7GSFcbaNz5CEYpUBLsQ0ee+LgLGOsExWQ=
k8s.io/apimachinery v0.31.5 h1:NxhAVGcfrSdTMx3M2v1OnvcMS7h1ZnWyt2x2z8CJJBU=
k8s.io/apimachinery v0.31.5/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
k8s.io/apiserver v0.31.5 h1:n0daI1zIb+G2Jkzqjm2NQJSJfTKccgFeHHQM4LYsz7E=
k8s.io/apiserver v0.31.5/go.mod h1:SboTZ2NHCsXjAHqTrE/kDTnrzquVY5mDKNnoCdRFLJw=
k8s.io/client-go v0.31.5 h1:rmDswcUaIFAJ5vJaB82pjyqc52DgHCPv0G6af3OupO0=
k8s.io/client-go v0.31.5/go.mod h1:js93IlRSzRHql9o9zP54N56rMR249uH4+srnSOcFLsU=
k8s.io/code-generator v0.31.5 h1:nEvmAhA0tiaoHqS3ZsW/SjbGdzex4TzOlicVPoSVG8E=
k8s.io/code-generator v0.31.5/go.mod h1:svmu9SPsjrNeC/T/nilkqsI0KWnC8XUandi9ECMNqRo=
k8s.io/component-base v0.31.5 h1:kpFiy1hI7F4Owp+o59H2CVLzmN94qwcPz+2L6wRhkqM=
k8s.io/component-base v0.31.5/go.mod h1:OiiusrmcLz42i9VvcAd94yQIN7UzQHJxN/hXxwYzj6E=
k8s.io/api v0.31.6 h1:ocWG/UhC9Mqp5oEfYWy9wCddbZiZyBAFTlBt0LVlhDg=
k8s.io/api v0.31.6/go.mod h1:i16xSiKMgVIVhsJMxfWq0mJbXA+Z7KhjPgYmwT41hl4=
k8s.io/apiextensions-apiserver v0.31.6 h1:v9sqyWlrgFZpAPdEb/bEiXfM98TfSppwRF0X/uWKXh0=
k8s.io/apiextensions-apiserver v0.31.6/go.mod h1:QVH3CFwqzGZtwsxPYzJlA/Qiwgb5FXmRMGls3CjzvbI=
k8s.io/apimachinery v0.31.6 h1:Pn96A0wHD0X8+l7QTdAzdLQPrpav1s8rU6A+v2/9UEY=
k8s.io/apimachinery v0.31.6/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
k8s.io/apiserver v0.31.6 h1:FEhEGLsz1PbMOHeQZDbOUlMh36zRZbjgKwJCoMhdGmw=
k8s.io/apiserver v0.31.6/go.mod h1:dpFh+xqFQ02O8vLYCIqoiV7sJIpZsUULeNuag6Y9HGo=
k8s.io/client-go v0.31.6 h1:51HT40qVIZ13BrHKeWxFuU52uoPnFhxTYJnv4+LTgp4=
k8s.io/client-go v0.31.6/go.mod h1:MEq7JQJelUQ0/4fMoPEUrc/OOFyGo/9LmGA38H6O6xY=
k8s.io/code-generator v0.31.6 h1:CX4/NGV5UIdt7+nYG/G4+eGHOvcXAlKWswUhPPOtPtc=
k8s.io/code-generator v0.31.6/go.mod h1:vbqDrvP5hJJ5S/jzBtyMJoH5kJBWZMo/DZwMYiOQniE=
k8s.io/component-base v0.31.6 h1:FgI25PuZtCp2n7AFpOaDpMQOLieFdrpAbpeoZu7VhDI=
k8s.io/component-base v0.31.6/go.mod h1:aVRrh8lAI1kSShFmwcKLhc3msQoUcmFWPBDf0sXaISM=
k8s.io/gengo v0.0.0-20240826214909-a7b603a56eb7 h1:HCbtr1pVu/ElMcTTs18KdMtH5y6f7PQvrjh1QZj3qCI=
k8s.io/gengo v0.0.0-20240826214909-a7b603a56eb7/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo=
Expand Down
2 changes: 1 addition & 1 deletion hack/make/deps.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@ GOLANGCI_VERSION = v1.64.6
# renovate: datasource=github-release-attachments depName=k3d-io/k3d
K3D_VERSION = v5.8.3

KUBECTL_VERSION = 1.30.7
KUBECTL_VERSION = 1.30.10
# renovate: datasource=github-release-attachments depName=helm/helm
HELM_VERSION = v3.17.1
Loading