From 1c39b1eec89cb15ad42019b9f7ff05d0fef4b6b6 Mon Sep 17 00:00:00 2001
From: Hussein Galal <galal-hussein@users.noreply.github.com>
Date: Tue, 20 Sep 2022 00:05:04 +0200
Subject: [PATCH] Add etc/rancher mounts to cis-operator (#164)

Add /etc/rancher mounts to cis-operator
---
 main.go                                               |  4 ++--
 pkg/securityscan/core/templates/pluginConfig.template |  6 ++++++
 pkg/securityscan/job/job.go                           | 10 ++++++++++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/main.go b/main.go
index d9a3ba8f..1597dc9f 100644
--- a/main.go
+++ b/main.go
@@ -36,8 +36,8 @@ var (
 	debug                bool
 	securityScanImage    = "rancher/security-scan"
 	securityScanImageTag = "v0.2.1"
-	sonobuoyImage        = "rancher/sonobuoy-sonobuoy"
-	sonobuoyImageTag     = "v0.16.3"
+	sonobuoyImage        = "rancher/mirrored-sonobuoy-sonobuoy"
+	sonobuoyImageTag     = "v0.56.7"
 	clusterName          string
 )
 
diff --git a/pkg/securityscan/core/templates/pluginConfig.template b/pkg/securityscan/core/templates/pluginConfig.template
index bd8ca4d3..f5db4f05 100644
--- a/pkg/securityscan/core/templates/pluginConfig.template
+++ b/pkg/securityscan/core/templates/pluginConfig.template
@@ -41,6 +41,9 @@ data:
       - hostPath:
           path: /var/lib/rancher
         name: rke2-root
+      - hostPath:
+          path: /etc/rancher
+        name: rke2-root-config
       - hostPath:
           path: /etc/cni/net.d
         name: rke2-cni
@@ -111,6 +114,9 @@ data:
       - mountPath: /var/lib/rancher
         name: rke2-root
         readOnly: true
+      - mountPath: /etc/rancher
+        name: rke2-root-config
+        readOnly: true
       - mountPath: /etc/cni/net.d
         name: rke2-cni
         readOnly: true
diff --git a/pkg/securityscan/job/job.go b/pkg/securityscan/job/job.go
index d628e1cd..da07f1e6 100644
--- a/pkg/securityscan/job/job.go
+++ b/pkg/securityscan/job/job.go
@@ -122,6 +122,13 @@ func New(clusterscan *cisoperatorapiv1.ClusterScan, clusterscanprofile *cisopera
 								Path: `/var/lib/rancher`,
 							},
 						},
+					}, {
+						Name: `rke2-root-config`,
+						VolumeSource: corev1.VolumeSource{
+							HostPath: &corev1.HostPathVolumeSource{
+								Path: `/etc/rancher`,
+							},
+						},
 					}, {
 						Name: `rke2-cni`,
 						VolumeSource: corev1.VolumeSource{
@@ -202,6 +209,9 @@ func New(clusterscan *cisoperatorapiv1.ClusterScan, clusterscanprofile *cisopera
 						}, {
 							Name:      `rke2-root`,
 							MountPath: `/var/lib/rancher`,
+						}, {
+							Name:      `rke2-root-config`,
+							MountPath: `/etc/rancher`,
 						}, {
 							Name:      `rke2-cni`,
 							MountPath: `/etc/cni/net.d`,