Add etc/rancher mounts to cis-operator (#164)

Add /etc/rancher mounts to cis-operator

main.go

@@ -36,8 +36,8 @@ var (
 	debug                bool
 	securityScanImage    = "rancher/security-scan"
 	securityScanImageTag = "v0.2.1"
-	sonobuoyImage        = "rancher/sonobuoy-sonobuoy"
-	sonobuoyImageTag     = "v0.16.3"
+	sonobuoyImage        = "rancher/mirrored-sonobuoy-sonobuoy"
+	sonobuoyImageTag     = "v0.56.7"
 	clusterName          string
 )
 

pkg/securityscan/core/templates/pluginConfig.template

@@ -41,6 +41,9 @@ data:
       - hostPath:
           path: /var/lib/rancher
         name: rke2-root
+      - hostPath:
+          path: /etc/rancher
+        name: rke2-root-config
       - hostPath:
           path: /etc/cni/net.d
         name: rke2-cni
@@ -111,6 +114,9 @@ data:
       - mountPath: /var/lib/rancher
         name: rke2-root
         readOnly: true
+      - mountPath: /etc/rancher
+        name: rke2-root-config
+        readOnly: true
       - mountPath: /etc/cni/net.d
         name: rke2-cni
         readOnly: true

pkg/securityscan/job/job.go

@@ -122,6 +122,13 @@ func New(clusterscan *cisoperatorapiv1.ClusterScan, clusterscanprofile *cisopera
 								Path: `/var/lib/rancher`,
 							},
 						},
+					}, {
+						Name: `rke2-root-config`,
+						VolumeSource: corev1.VolumeSource{
+							HostPath: &corev1.HostPathVolumeSource{
+								Path: `/etc/rancher`,
+							},
+						},
 					}, {
 						Name: `rke2-cni`,
 						VolumeSource: corev1.VolumeSource{
@@ -202,6 +209,9 @@ func New(clusterscan *cisoperatorapiv1.ClusterScan, clusterscanprofile *cisopera
 						}, {
 							Name:      `rke2-root`,
 							MountPath: `/var/lib/rancher`,
+						}, {
+							Name:      `rke2-root-config`,
+							MountPath: `/etc/rancher`,
 						}, {
 							Name:      `rke2-cni`,
 							MountPath: `/etc/cni/net.d`,