Add cis benchmark to conformance test (#165)

* Add cis benchmark to conformance docs

* Update e2e workflow to include cis benchmarks

.github/workflows/e2e-test-azure.yml

@@ -21,5 +21,5 @@ jobs:
         cloudProvider: 'azure'
         machineType: 'Standard_D4s_v3'
         azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}
-        sonobuoyTestSuiteCmd: '--mode certified-conformance'
+        sonobuoyTestSuiteCmd: '--mode certified-conformance --plugin e2e --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml'
         msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}

.github/workflows/e2e-test-gcp.yml

@@ -21,5 +21,5 @@ jobs:
         cloudProvider: 'gcp'
         machineType: 'n2d-standard-2'
         gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
-        sonobuoyTestSuiteCmd: '--mode certified-conformance'
+        sonobuoyTestSuiteCmd: '--mode certified-conformance --plugin e2e --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml'
         msTeamsWebhook: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}

conformance/README.md

@@ -54,3 +54,13 @@ wg-quick down ./wg0.conf
 ./constellation terminate
 rm constellation-mastersecret.base64
 ```
+
+## Run CIS Benchmark Tests
+
+```sh
+# Runs for <1 min.
+sonobuoy run --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml --wait
+# ... download & display results.
+outfile=$(sonobuoy retrieve)
+sonobuoy results $outfiles
+```