diff --git a/assets/neuvector-crd/neuvector-crd-101.0.2+up2.4.0.tgz b/assets/neuvector-crd/neuvector-crd-101.0.2+up2.4.0.tgz deleted file mode 100644 index 95f26c142..000000000 Binary files a/assets/neuvector-crd/neuvector-crd-101.0.2+up2.4.0.tgz and /dev/null differ diff --git a/charts/neuvector-crd/101.0.2+up2.4.0/Chart.yaml b/charts/neuvector-crd/101.0.2+up2.4.0/Chart.yaml deleted file mode 100644 index ae1c97b5a..000000000 --- a/charts/neuvector-crd/101.0.2+up2.4.0/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-neuvector-system - catalog.cattle.io/release-name: neuvector-crd -apiVersion: v1 -appVersion: 5.1.0 -description: Helm chart for NeuVector's CRD services -home: https://neuvector.com -icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 -maintainers: -- email: support@neuvector.com - name: becitsthere -name: neuvector-crd -type: application -version: 101.0.2+up2.4.0 diff --git a/charts/neuvector-crd/101.0.2+up2.4.0/README.md b/charts/neuvector-crd/101.0.2+up2.4.0/README.md deleted file mode 100644 index aff9c71bc..000000000 --- a/charts/neuvector-crd/101.0.2+up2.4.0/README.md +++ /dev/null @@ -1,19 +0,0 @@ -# NeuVector Helm Chart - -Helm chart for NeuVector container security's CRD services. NeuVector's CRD (Custom Resource Definition) capture and declare application security policies early in the pipeline, then defined policies can be deployed together with the contaier applications. - -Because the CRD poclies can be deployed before NeuVector's core product, this separate helm chart is created. For the backward compatibility reason, crd.yaml is not removed in the 'core' chart. If you use this 'crd' chart, please set 'crdwebhook.enabled' to false in the 'core' chart. - -## Configuration - -The following table lists the configurable parameters of the NeuVector chart and their default values. - -Parameter | Description | Default | Notes ---------- | ----------- | ------- | ----- -`openshift` | If deploying in OpenShift, set this to true | `false` | -`serviceAccount` | Service account name for NeuVector components | `default` | -`crdwebhook.type` | crd webhook type | `ClusterIP` | - ---- -Contact for access to Docker Hub and docs. - diff --git a/charts/neuvector-crd/101.0.2+up2.4.0/templates/_helpers.tpl b/charts/neuvector-crd/101.0.2+up2.4.0/templates/_helpers.tpl deleted file mode 100644 index c0cc49294..000000000 --- a/charts/neuvector-crd/101.0.2+up2.4.0/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "neuvector.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "neuvector.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "neuvector.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/neuvector-crd/101.0.2+up2.4.0/templates/crd.yaml b/charts/neuvector-crd/101.0.2+up2.4.0/templates/crd.yaml deleted file mode 100644 index 7a969b61b..000000000 --- a/charts/neuvector-crd/101.0.2+up2.4.0/templates/crd.yaml +++ /dev/null @@ -1,1104 +0,0 @@ -{{- if .Values.crdwebhook.enabled -}} -{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} -{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: apiextensions.k8s.io/v1 -{{- else }} -apiVersion: apiextensions.k8s.io/v1beta1 -{{- end }} -kind: CustomResourceDefinition -metadata: - name: nvsecurityrules.neuvector.com - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - group: neuvector.com - names: - kind: NvSecurityRule - listKind: NvSecurityRuleList - plural: nvsecurityrules - singular: nvsecurityrule - scope: Namespaced -{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - version: v1 -{{- end }} - versions: - - name: v1 - served: true - storage: true -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - schema: - openAPIV3Schema: - properties: - spec: - properties: - egress: - items: - properties: - action: - enum: - - allow - - deny - type: string - applications: - items: - type: string - type: array - name: - type: string - ports: - type: string - priority: - type: integer - selector: - properties: - comment: - type: string - criteria: - items: - properties: - key: - type: string - op: - type: string - value: - type: string - required: - - key - - op - - value - type: object - type: array - name: - type: string - original_name: - type: string - required: - - name - type: object - required: - - action - - name - - selector - type: object - type: array - file: - items: - properties: - app: - items: - type: string - type: array - behavior: - enum: - - monitor_change - - block_access - type: string - filter: - type: string - recursive: - type: boolean - required: - - behavior - - filter - type: object - type: array - ingress: - items: - properties: - action: - enum: - - allow - - deny - type: string - applications: - items: - type: string - type: array - name: - type: string - ports: - type: string - priority: - type: integer - selector: - properties: - comment: - type: string - criteria: - items: - properties: - key: - type: string - op: - type: string - value: - type: string - required: - - key - - op - - value - type: object - type: array - name: - type: string - original_name: - type: string - required: - - name - type: object - required: - - action - - name - - selector - type: object - type: array - process: - items: - properties: - action: - enum: - - allow - - deny - type: string - allow_update: - type: boolean - name: - type: string - path: - type: string - required: - - action - type: object - type: array - process_profile: - properties: - baseline: - enum: - - default - - shield - - basic - - zero-drift - type: string - type: object - target: - properties: - policymode: - enum: - - Discover - - Monitor - - Protect - - N/A - type: string - selector: - properties: - comment: - type: string - criteria: - items: - properties: - key: - type: string - op: - type: string - value: - type: string - required: - - key - - op - - value - type: object - type: array - name: - type: string - original_name: - type: string - required: - - name - type: object - required: - - selector - type: object - dlp: - properties: - settings: - items: - properties: - action: - enum: - - allow - - deny - type: string - name: - type: string - required: - - name - - action - type: object - type: array - status: - type: boolean - type: object - waf: - properties: - settings: - items: - properties: - action: - enum: - - allow - - deny - type: string - name: - type: string - required: - - name - - action - type: object - type: array - status: - type: boolean - type: object - required: - - target - type: object - type: object -{{- end }} ---- -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: apiextensions.k8s.io/v1 -{{- else }} -apiVersion: apiextensions.k8s.io/v1beta1 -{{- end }} -kind: CustomResourceDefinition -metadata: - name: nvclustersecurityrules.neuvector.com - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - group: neuvector.com - names: - kind: NvClusterSecurityRule - listKind: NvClusterSecurityRuleList - plural: nvclustersecurityrules - singular: nvclustersecurityrule - scope: Cluster -{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - version: v1 -{{- end }} - versions: - - name: v1 - served: true - storage: true -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - schema: - openAPIV3Schema: - properties: - spec: - properties: - egress: - items: - properties: - action: - enum: - - allow - - deny - type: string - applications: - items: - type: string - type: array - name: - type: string - ports: - type: string - priority: - type: integer - selector: - properties: - comment: - type: string - criteria: - items: - properties: - key: - type: string - op: - type: string - value: - type: string - required: - - key - - op - - value - type: object - type: array - name: - type: string - original_name: - type: string - required: - - name - type: object - required: - - action - - name - - selector - type: object - type: array - file: - items: - properties: - app: - items: - type: string - type: array - behavior: - enum: - - monitor_change - - block_access - type: string - filter: - type: string - recursive: - type: boolean - required: - - behavior - - filter - type: object - type: array - ingress: - items: - properties: - action: - enum: - - allow - - deny - type: string - applications: - items: - type: string - type: array - name: - type: string - ports: - type: string - priority: - type: integer - selector: - properties: - comment: - type: string - criteria: - items: - properties: - key: - type: string - op: - type: string - value: - type: string - required: - - key - - op - - value - type: object - type: array - name: - type: string - original_name: - type: string - required: - - name - type: object - required: - - action - - name - - selector - type: object - type: array - process: - items: - properties: - action: - enum: - - allow - - deny - type: string - allow_update: - type: boolean - name: - type: string - path: - type: string - required: - - action - type: object - type: array - process_profile: - properties: - baseline: - enum: - - default - - shield - - basic - - zero-drift - type: string - type: object - target: - properties: - policymode: - enum: - - Discover - - Monitor - - Protect - - N/A - type: string - selector: - properties: - comment: - type: string - criteria: - items: - properties: - key: - type: string - op: - type: string - value: - type: string - required: - - key - - op - - value - type: object - type: array - name: - type: string - original_name: - type: string - required: - - name - type: object - required: - - selector - type: object - dlp: - properties: - settings: - items: - properties: - action: - enum: - - allow - - deny - type: string - name: - type: string - required: - - name - - action - type: object - type: array - status: - type: boolean - type: object - waf: - properties: - settings: - items: - properties: - action: - enum: - - allow - - deny - type: string - name: - type: string - required: - - name - - action - type: object - type: array - status: - type: boolean - type: object - required: - - target - type: object - type: object -{{- end }} ---- -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: apiextensions.k8s.io/v1 -{{- else }} -apiVersion: apiextensions.k8s.io/v1beta1 -{{- end }} -kind: CustomResourceDefinition -metadata: - name: nvdlpsecurityrules.neuvector.com - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - group: neuvector.com - names: - kind: NvDlpSecurityRule - listKind: NvDlpSecurityRuleList - plural: nvdlpsecurityrules - singular: nvdlpsecurityrule - scope: Cluster -{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - version: v1 -{{- end }} - versions: - - name: v1 - served: true - storage: true -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - schema: - openAPIV3Schema: - properties: - spec: - properties: - sensor: - properties: - comment: - type: string - name: - type: string - rules: - items: - properties: - name: - type: string - patterns: - items: - properties: - context: - enum: - - url - - header - - body - - packet - type: string - key: - enum: - - pattern - type: string - op: - enum: - - regex - - '!regex' - type: string - value: - type: string - required: - - key - - op - - value - - context - type: object - type: array - required: - - name - - patterns - type: object - type: array - required: - - name - type: object - required: - - sensor - type: object - type: object -{{- end }} ---- -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: apiextensions.k8s.io/v1 -{{- else }} -apiVersion: apiextensions.k8s.io/v1beta1 -{{- end }} -kind: CustomResourceDefinition -metadata: - name: nvadmissioncontrolsecurityrules.neuvector.com - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - group: neuvector.com - names: - kind: NvAdmissionControlSecurityRule - listKind: NvAdmissionControlSecurityRuleList - plural: nvadmissioncontrolsecurityrules - singular: nvadmissioncontrolsecurityrule - scope: Cluster -{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - version: v1 -{{- end }} - versions: - - name: v1 - served: true - storage: true -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - schema: - openAPIV3Schema: - properties: - spec: - properties: - config: - properties: - client_mode: - enum: - - service - - url - type: string - enable: - type: boolean - mode: - enum: - - monitor - - protect - type: string - required: - - enable - - mode - - client_mode - type: object - rules: - items: - properties: - action: - enum: - - allow - - deny - type: string - comment: - type: string - criteria: - items: - properties: - name: - type: string - op: - type: string - sub_criteria: - items: - properties: - name: - type: string - op: - type: string - value: - type: string - required: - - name - - op - - value - type: object - type: array - value: - type: string - required: - - name - - op - - value - type: object - type: array - disabled: - type: boolean - id: - type: integer - required: - - action - - criteria - type: object - type: array - type: object - type: object -{{- end }} ---- -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: apiextensions.k8s.io/v1 -{{- else }} -apiVersion: apiextensions.k8s.io/v1beta1 -{{- end }} -kind: CustomResourceDefinition -metadata: - name: nvwafsecurityrules.neuvector.com - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - group: neuvector.com - names: - kind: NvWafSecurityRule - listKind: NvWafSecurityRuleList - plural: nvwafsecurityrules - singular: nvwafsecurityrule - scope: Cluster -{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - version: v1 -{{- end }} - versions: - - name: v1 - served: true - storage: true -{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} - schema: - openAPIV3Schema: - properties: - spec: - properties: - sensor: - properties: - comment: - type: string - name: - type: string - rules: - items: - properties: - name: - type: string - patterns: - items: - properties: - context: - enum: - - url - - header - - body - - packet - type: string - key: - enum: - - pattern - type: string - op: - enum: - - regex - - '!regex' - type: string - value: - type: string - required: - - key - - op - - value - - context - type: object - type: array - required: - - name - - patterns - type: object - type: array - required: - - name - type: object - required: - - sensor - type: object - type: object -{{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: neuvector-svc-crd-webhook - namespace: {{ .Release.Namespace }} - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - ports: - - port: 443 - targetPort: 30443 - protocol: TCP - name: crd-webhook - type: {{ .Values.crdwebhook.type }} - selector: - app: neuvector-controller-pod ---- -# ClusterRole for NeuVector to operate CRD -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRole -metadata: - name: neuvector-binding-customresourcedefinition - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - update - - watch - - create - - get ---- -# ClusterRoleBinding for NeuVector to operate CRD -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: neuvector-binding-customresourcedefinition - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: -{{- if not $oc3 }} - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- end }} - name: neuvector-binding-customresourcedefinition -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if $oc3 }} -userNames: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} -{{- end }} ---- -# ClusterRole for NeuVector to manager user-created network/process CRD rules -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRole -metadata: - name: neuvector-binding-nvsecurityrules - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - neuvector.com - resources: - - nvsecurityrules - - nvclustersecurityrules - verbs: - - list - - delete ---- -# ClusterRoleBinding for NeuVector to manager user-created network/process CRD rules -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: neuvector-binding-nvsecurityrules - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: -{{- if not $oc3 }} - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- end }} - name: neuvector-binding-nvsecurityrules -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if $oc3 }} -userNames: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} -{{- end }} ---- -# ClusterRole for NeuVector to manager user-created dlp CRD rules -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRole -metadata: - name: neuvector-binding-nvdlpsecurityrules - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - neuvector.com - resources: - - nvdlpsecurityrules - verbs: - - list - - delete ---- -# ClusterRole for NeuVector to manager user-created admission control CRD rules -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRole -metadata: - name: neuvector-binding-nvadmissioncontrolsecurityrules - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - neuvector.com - resources: - - nvadmissioncontrolsecurityrules - verbs: - - list - - delete ---- -# ClusterRoleBinding for NeuVector to manager user-created admission control CRD rules -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: neuvector-binding-nvdlpsecurityrules - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: -{{- if not $oc3 }} - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- end }} - name: neuvector-binding-nvdlpsecurityrules -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if $oc3 }} -userNames: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} -{{- end }} ---- -# ClusterRoleBinding for NeuVector to manager user-created admission control CRD rules -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: neuvector-binding-nvadmissioncontrolsecurityrules - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: -{{- if not $oc3 }} - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- end }} - name: neuvector-binding-nvadmissioncontrolsecurityrules -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if $oc3 }} -userNames: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} -{{- end }} ---- -# ClusterRole for NeuVector to manager user-created waf CRD rules -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRole -metadata: - name: neuvector-binding-nvwafsecurityrules - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - neuvector.com - resources: - - nvwafsecurityrules - verbs: - - list - - delete ---- -# ClusterRoleBinding for NeuVector to manager user-created waf CRD rules -{{- if $oc3 }} -apiVersion: authorization.openshift.io/v1 -{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} -apiVersion: rbac.authorization.k8s.io/v1 -{{- else }} -apiVersion: v1 -{{- end }} -kind: ClusterRoleBinding -metadata: - name: neuvector-binding-nvwafsecurityrules - labels: - chart: {{ template "neuvector.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: -{{- if not $oc3 }} - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- end }} - name: neuvector-binding-nvwafsecurityrules -subjects: -- kind: ServiceAccount - name: {{ .Values.serviceAccount }} - namespace: {{ .Release.Namespace }} -{{- if $oc3 }} -userNames: -- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} -{{- end }} -{{- end }} diff --git a/charts/neuvector-crd/101.0.2+up2.4.0/values.yaml b/charts/neuvector-crd/101.0.2+up2.4.0/values.yaml deleted file mode 100644 index a7bc9a908..000000000 --- a/charts/neuvector-crd/101.0.2+up2.4.0/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# Default values for neuvector. -# This is a YAML-formatted file. -# Declare variables to be passed into the templates. - -openshift: false - -serviceAccount: neuvector - -crdwebhook: - type: ClusterIP - enabled: true diff --git a/index.yaml b/index.yaml index 8659021e6..9c077dfff 100755 --- a/index.yaml +++ b/index.yaml @@ -2934,26 +2934,6 @@ entries: - assets/neuvector/neuvector-100.0.0+up2.2.0.tgz version: 100.0.0+up2.2.0 neuvector-crd: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-neuvector-system - catalog.cattle.io/release-name: neuvector-crd - apiVersion: v1 - appVersion: 5.1.0 - created: "2023-01-05T10:19:50.428803712-08:00" - description: Helm chart for NeuVector's CRD services - digest: a2bdb942be1730240229c9f8616a09b887ed1ad3f7459186473ab2f703ede7ab - home: https://neuvector.com - icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 - maintainers: - - email: support@neuvector.com - name: becitsthere - name: neuvector-crd - type: application - urls: - - assets/neuvector-crd/neuvector-crd-101.0.2+up2.4.0.tgz - version: 101.0.2+up2.4.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true"