andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add NeuVector chart version 2.6.4

pull/3215/head
selvamt94 2023-10-18 18:30:00 -07:00 committed by Lucas Machado
parent c556c0266d
commit 93d8c69d23
21 changed files with 190 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/neuvector/generated-changes/exclude/templates/csp-clusterrole.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.awsbilling.enabled }}
{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
{{- if $oc3 }}

13
packages/neuvector/generated-changes/exclude/templates/csp-clusterrolebinding.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.awsbilling.enabled }}
{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
{{- if $oc3 }}
@ -21,7 +21,12 @@ roleRef:
name: neuvector-csp-adapter-cluster-role
subjects:
- kind: ServiceAccount
name: {{ .Values.awsbilling.serviceAccount }}
{{- if .Values.global.aws.enabled }}
name: {{ .Values.global.aws.serviceAccount }}
{{- end }}
{{- if .Values.global.azure.enabled }}
name: {{ .Values.global.azure.serviceAccount }}
{{- end }}
namespace: {{ .Release.Namespace }}
---
@ -48,7 +53,11 @@ roleRef:
name: neuvector-binding-csp-usages
subjects:
- kind: ServiceAccount
{{- if and .Values.rbac .Values.leastPrivilege }}
name: controller
{{- else }}
name: {{ .Values.serviceAccount }}
{{- end }}
namespace: {{ .Release.Namespace }}
{{- end }}

2
packages/neuvector/generated-changes/exclude/templates/csp-crd.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.awsbilling.enabled }}
{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}

43
packages/neuvector/generated-changes/exclude/templates/csp-deployment.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.awsbilling.enabled }}
{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
@ -8,7 +8,7 @@ metadata:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.awsbilling.annotations }}
{{- with .Values.global.aws.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
@ -22,9 +22,13 @@ spec:
app: neuvector-csp-pod
release: {{ .Release.Name }}
spec:
{{- if .Values.awsbilling.imagePullSecrets }}
{{- if .Values.global.aws.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.awsbilling.imagePullSecrets }}
- name: {{ .Values.global.aws.imagePullSecrets }}
{{- end }}
{{- if .Values.global.azure.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.global.azure.imagePullSecrets }}
{{- end }}
containers:
- env:
@ -38,9 +42,32 @@ spec:
value: "v1"
- name: USAGE_API_GROUP
value: "susecloud.net"
image: "{{ .Values.registry }}/{{ .Values.awsbilling.image.repository }}:{{ .Values.awsbilling.image.tag }}"
{{- if .Values.global.azure.enabled }}
- name: "CLIENT_ID"
value: "{{ .Values.global.azure.identity.clientId }}"
- name: "EXTENSION_RESOURCE_ID"
value: "{{ .Values.global.azure.extension.resourceId }}"
- name: "PLAN_ID"
value: "{{ .Values.global.azure.marketplace.planId }}"
{{- end }}
{{- if and .Values.global.aws.enabled .Values.global.aws.image.digest }}
image: "{{ .Values.registry }}/{{ .Values.global.aws.image.repository }}@{{ .Values.global.aws.image.digest }}"
{{- else if and .Values.global.aws.enabled .Values.global.aws.image.tag }}
image: "{{ .Values.registry }}/{{ .Values.global.aws.image.repository }}:{{ .Values.global.aws.image.tag }}"
{{- else if and .Values.global.azure.enabled }}
image: "{{ .Values.global.azure.images.neuvector_csp_pod.registry }}/{{ .Values.global.azure.images.neuvector_csp_pod.image }}@{{ .Values.global.azure.images.neuvector_csp_pod.digest }}"
{{- end }}
name: neuvector-csp-pod
imagePullPolicy: "{{ .Values.awsbilling.image.imagePullPoliicy }}"
serviceAccountName: {{ .Values.awsbilling.serviceAccount }}
serviceAccount: {{ .Values.awsbilling.serviceAccount }}
{{- if .Values.global.aws.enabled }}
imagePullPolicy: "{{ .Values.global.aws.image.imagePullPolicy }}"
{{- else if .Values.global.azure.enabled }}
imagePullPolicy: "{{ .Values.global.azure.images.neuvector_csp_pod.imagePullPolicy }}"
{{- end }}
{{- if .Values.global.aws.enabled }}
serviceAccountName: {{ .Values.global.aws.serviceAccount }}
serviceAccount: {{ .Values.global.aws.serviceAccount }}
{{- else if .Values.global.azure.enabled }}
serviceAccountName: {{ .Values.global.azure.serviceAccount }}
serviceAccount: {{ .Values.global.azure.serviceAccount }}
{{- end }}
{{- end }}

2
packages/neuvector/generated-changes/exclude/templates/csp-role.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.awsbilling.enabled }}
{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
{{- if $oc3 }}

9
packages/neuvector/generated-changes/exclude/templates/csp-rolebinding.yaml
View File

@ -1,4 +1,4 @@
{{- if .Values.awsbilling.enabled }}
{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
{{- if $oc3 }}
@ -22,6 +22,11 @@ roleRef:
name: neuvector-csp-adapter-role
subjects:
- kind: ServiceAccount
name: {{ .Values.awsbilling.serviceAccount }}
{{- if .Values.global.aws.enabled }}
name: {{ .Values.global.aws.serviceAccount }}
{{- end }}
{{- if .Values.global.azure.enabled }}
name: {{ .Values.global.azure.serviceAccount }}
{{- end }}
namespace: {{ .Release.Namespace }}
{{- end }}

15
packages/neuvector/generated-changes/exclude/templates/csp-serviceaccount.yaml
View File

@ -1,17 +1,24 @@
{{- if .Values.awsbilling.enabled }}
{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
{{- if not .Values.openshift}}
{{- if ne .Values.awsbilling.serviceAccount "default"}}
{{- if and (ne .Values.global.aws.serviceAccount "default") (ne .Values.global.azure.serviceAccount "default") }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.awsbilling.serviceAccount }}
{{- if .Values.global.aws.enabled }}
name: {{ .Values.global.aws.serviceAccount }}
{{- end }}
{{- if .Values.global.azure.enabled }}
name: {{ .Values.global.azure.serviceAccount }}
{{- end }}
namespace: {{ .Release.Namespace }}
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.awsbilling.accountNumber }}:role/{{ .Values.awsbilling.roleName }}
{{- if .Values.global.aws.enabled }}
eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.global.aws.accountNumber }}:role/{{ .Values.global.aws.roleName }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

0
packages/neuvector/generated-changes/overlay/crds/_helpers.tpl Executable file → Normal file
View File

6
packages/neuvector/generated-changes/patch/Chart.yaml.patch
View File

@ -13,9 +13,9 @@
+ catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
+ catalog.cattle.io/release-name: neuvector
+ catalog.cattle.io/type: cluster-tool
+ catalog.cattle.io/upstream-version: 2.6.2
+ catalog.cattle.io/upstream-version: 2.6.4
apiVersion: v1
appVersion: 5.2.1
appVersion: 5.2.2-s1
-description: Helm chart for NeuVector's core services
+description: Helm feature chart for NeuVector's core services
home: https://neuvector.com
@ -29,4 +29,4 @@
+name: neuvector
+sources:
+- https://github.com/neuvector/neuvector
version: 2.6.2
version: 2.6.4

42
packages/neuvector/generated-changes/patch/README.md.patch
View File

@ -10,30 +10,30 @@
## Choosing container runtime
The NeuVector platform supports docker, cri-o and containerd as the container runtime. For a k3s/rke2, or bottlerocket cluster, they have their own runtime socket path. You should enable their runtime options, `k3s.enabled` and `bottlerocket.enabled`, respectively.
@@ -31,7 +28,7 @@
@@ -49,7 +46,7 @@
`controller.schedulerName` | kubernetes scheduler name | `nil` |
`controller.affinity` | controller affinity rules | ... | spread controllers to different nodes |
`controller.tolerations` | List of node taints to tolerate | `nil` |
-`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](values.yaml)
+`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
`controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
`controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` |
`controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
@@ -74,7 +71,7 @@
@@ -92,7 +89,7 @@
`controller.federation.mastersvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
`controller.federation.mastersvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
`controller.federation.mastersvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
-`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
+`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
`controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` |
`controller.federation.managedsvc.annotations` | Add annotations to Multi-cluster managed cluster REST API service | `{}` |
`controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` |
@@ -90,14 +87,14 @@
@@ -108,14 +105,14 @@
`controller.federation.managedsvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
`controller.federation.managedsvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
`controller.federation.managedsvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
-`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
+`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
`controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed
`controller.ingress.tls` | If true, TLS is enabled for controller rest api ingress service |`false` | If set, the tls-host used is the one set with `controller.ingress.host`.
`controller.ingress.host` | Must set this host value if ingress is enabled | `nil` |
@ -41,69 +41,69 @@
`controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
`controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
-`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
+`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
`controller.configmap.enabled` | If true, configure NeuVector global settings using a ConfigMap | `false`
`controller.configmap.data` | NeuVector configuration in YAML format | `{}`
`controller.secret.enabled` | If true, configure NeuVector global settings using secrets | `false`
@@ -111,7 +108,7 @@
@@ -129,7 +126,7 @@
`enforcer.podAnnotations` | Specify the pod annotations. | `{}` |
`enforcer.env` | User-defined environment variables for enforcers. | `[]` |
`enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`<br>`key: node-role.kubernetes.io/master` | other taints can be added after the default
-`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](values.yaml)
+`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
`manager.enabled` | If true, create manager | `true` |
`manager.image.repository` | manager image repository | `neuvector/manager` |
`manager.image.hash` | manager image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
@@ -128,7 +125,7 @@
@@ -146,7 +143,7 @@
` CUSTOM_PAGE_FOOTER_COLOR` | use color name (yellow) or value (#ffff00) |
`manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
`manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
-`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml)
+`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
`manager.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
`manager.route.host` | Set OpenShift route host for management console service | `nil` |
`manager.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` |
@@ -143,10 +140,10 @@
@@ -161,10 +158,10 @@
`manager.ingress.host` | Must set this host value if ingress is enabled | `nil` |
`manager.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
`manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
-`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
+`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
`manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`.
`manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
-`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](values.yaml)
+`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
`manager.affinity` | manager affinity rules | `{}` |
`manager.tolerations` | List of node taints to tolerate | `nil` |
`manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
@@ -161,7 +158,7 @@
@@ -179,7 +176,7 @@
`cve.adapter.env` | User-defined environment variables for adapter. | `[]` |
`cve.adapter.svc.type` | set registry adapter service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
`cve.adapter.svc.loadBalancerIP` | if registry adapter service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
-`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](values.yaml)
+`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
`cve.adapter.harbor.protocol` | Harbor registry request protocol [http|https] | `https` |
`cve.adapter.harbor.secretName` | Harbor registry adapter's basic authentication secret | |
`cve.adapter.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
@@ -178,10 +175,10 @@
@@ -196,10 +193,10 @@
`cve.adapter.ingress.host` | Must set this host value if ingress is enabled | `nil` |
`cve.adapter.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
`cve.adapter.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
-`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
+`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
`cve.adapter.ingress.tls` | If true, TLS is enabled for registry adapter ingress service |`false` | If set, the tls-host used is the one set with `cve.adapter.ingress.host`.
`cve.adapter.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
-`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](values.yaml)
+`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
+`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
`cve.adapter.affinity` | registry adapter affinity rules | `{}` |
`cve.adapter.tolerations` | List of node taints to tolerate | `nil` |
`cve.adapter.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
@@ -209,7 +206,7 @@
@@ -228,7 +225,7 @@
`cve.scanner.env` | User-defined environment variables for scanner. | `[]` |
`cve.scanner.replicas` | external scanner replicas | `3` |
`cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` |
-`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](values.yaml) |
+`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml) |
+`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml) |
`cve.scanner.affinity` | scanner affinity rules | `{}` |
`cve.scanner.tolerations` | List of node taints to tolerate | `nil` |
`cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` |

10
packages/neuvector/generated-changes/patch/templates/_helpers.tpl.patch
View File

@ -1,10 +1,12 @@
--- charts-original/templates/_helpers.tpl
+++ charts/templates/_helpers.tpl
@@ -30,3 +30,11 @@
{{- define "neuvector.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
@@ -45,4 +45,11 @@
{{- if $value -}}
{{- printf "%s" $value -}}
{{- end -}}
+
-{{- end -}}
\ No newline at end of file
+{{- end -}}
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}

16
packages/neuvector/generated-changes/patch/templates/controller-deployment.yaml.patch
View File

@ -1,9 +1,12 @@
--- charts-original/templates/controller-deployment.yaml
+++ charts/templates/controller-deployment.yaml
@@ -76,19 +76,7 @@
@@ -79,23 +79,7 @@
{{- end }}
containers:
- name: neuvector-controller-pod
- {{- if .Values.global.azure.enabled }}
- image: "{{ .Values.global.azure.images.controller.registry }}/{{ .Values.global.azure.images.controller.image }}@{{ .Values.global.azure.images.controller.digest }}"
- {{- else }}
- {{- if eq .Values.registry "registry.neuvector.com" }}
- {{- if .Values.oem }}
- image: "{{ .Values.registry }}/{{ .Values.oem }}/controller:{{ .Values.tag }}"
@ -17,19 +20,24 @@
- image: "{{ .Values.registry }}/{{ .Values.controller.image.repository }}:{{ .Values.tag }}"
- {{- end }}
- {{- end }}
- {{- end }}
+ image: {{ template "system_default_registry" . }}{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
securityContext:
privileged: true
resources:
@@ -125,14 +113,6 @@
@@ -132,18 +116,6 @@
- name: CTRL_PERSIST_CONFIG
value: "1"
{{- end }}
- {{- if .Values.awsbilling.enabled }}
- {{- if .Values.global.aws.enabled }}
- - name: CSP_ENV
- value: "aws"
- {{- end }}
- {{- if .Values.awsbilling.enabled }}
- {{- if .Values.global.azure.enabled }}
- - name: CSP_ENV
- value: "azure"
- {{- end }}
- {{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
- - name: NO_DEFAULT_ADMIN
- value: "1"
- {{- end }}

6
packages/neuvector/generated-changes/patch/templates/enforcer-daemonset.yaml.patch
View File

@ -1,9 +1,12 @@
--- charts-original/templates/enforcer-daemonset.yaml
+++ charts/templates/enforcer-daemonset.yaml
@@ -51,19 +51,7 @@
@@ -51,23 +51,7 @@
{{- end }}
containers:
- name: neuvector-enforcer-pod
- {{- if .Values.global.azure.enabled }}
- image: "{{ .Values.global.azure.images.enforcer.registry }}/{{ .Values.global.azure.images.enforcer.image }}@{{ .Values.global.azure.images.enforcer.digest }}"
- {{- else }}
- {{- if eq .Values.registry "registry.neuvector.com" }}
- {{- if .Values.oem }}
- image: "{{ .Values.registry }}/{{ .Values.oem }}/enforcer:{{ .Values.tag }}"
@ -17,6 +20,7 @@
- image: "{{ .Values.registry }}/{{ .Values.enforcer.image.repository }}:{{ .Values.tag }}"
- {{- end }}
- {{- end }}
- {{- end }}
+ image: {{ template "system_default_registry" . }}{{ .Values.enforcer.image.repository }}:{{ .Values.enforcer.image.tag }}
securityContext:
privileged: true

6
packages/neuvector/generated-changes/patch/templates/manager-deployment.yaml.patch
View File

@ -1,9 +1,12 @@
--- charts-original/templates/manager-deployment.yaml
+++ charts/templates/manager-deployment.yaml
@@ -62,19 +62,7 @@
@@ -67,23 +67,7 @@
{{- end }}
containers:
- name: neuvector-manager-pod
- {{- if .Values.global.azure.enabled }}
- image: "{{ .Values.global.azure.images.manager.registry }}/{{ .Values.global.azure.images.manager.image }}@{{ .Values.global.azure.images.manager.digest }}"
- {{- else }}
- {{- if eq .Values.registry "registry.neuvector.com" }}
- {{- if .Values.oem }}
- image: "{{ .Values.registry }}/{{ .Values.oem }}/manager:{{ .Values.tag }}"
@ -17,6 +20,7 @@
- image: "{{ .Values.registry }}/{{ .Values.manager.image.repository }}:{{ .Values.tag }}"
- {{- end }}
- {{- end }}
- {{- end }}
+ image: {{ template "system_default_registry" . }}{{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
env:
- name: CTRL_SERVER_IP

2
packages/neuvector/generated-changes/patch/templates/registry-adapter.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/templates/registry-adapter.yaml
+++ charts/templates/registry-adapter.yaml
@@ -72,7 +72,7 @@
@@ -77,7 +77,7 @@
{{- if .Values.cve.adapter.image.hash }}
image: "{{ .Values.registry }}/{{ .Values.cve.adapter.image.repository }}@{{ .Values.cve.adapter.image.hash }}"
{{- else }}

6
packages/neuvector/generated-changes/patch/templates/scanner-deployment.yaml.patch
View File

@ -1,9 +1,12 @@
--- charts-original/templates/scanner-deployment.yaml
+++ charts/templates/scanner-deployment.yaml
@@ -63,21 +63,7 @@
@@ -63,25 +63,7 @@
{{- end }}
containers:
- name: neuvector-scanner-pod
- {{- if .Values.global.azure.enabled }}
- image: "{{ .Values.global.azure.images.scanner.registry }}/{{ .Values.global.azure.images.scanner.image }}@{{ .Values.global.azure.images.scanner.digest }}"
- {{- else }}
- {{- if eq .Values.registry "registry.neuvector.com" }}
- {{- if .Values.oem }}
- image: "{{ .Values.registry }}/{{ .Values.oem }}/scanner:{{ .Values.cve.scanner.image.tag }}"
@ -19,6 +22,7 @@
- image: "{{ .Values.registry }}/{{ .Values.cve.scanner.image.repository }}:{{ .Values.cve.scanner.image.tag }}"
- {{- end }}
- {{- end }}
- {{- end }}
+ image: {{ template "system_default_registry" . }}{{ .Values.cve.scanner.image.repository }}:{{ .Values.cve.scanner.image.tag }}
imagePullPolicy: Always
env:

93
packages/neuvector/generated-changes/patch/values.yaml.patch
View File

@ -1,10 +1,10 @@
--- charts-original/values.yaml
+++ charts/values.yaml
@@ -5,16 +5,17 @@
@@ -5,62 +5,17 @@
openshift: false
registry: docker.io
-tag: 5.2.1
-tag: 5.2.2-s1
oem:
-imagePullSecrets:
-psp: false
@ -16,23 +16,69 @@
global: # required for rancher authentication (https://<Rancher_URL>/)
cattle:
url:
- azure:
- enabled: false
- identity:
- clientId: "DONOTMODIFY" # Azure populates this value at deployment time
- marketplace:
- planId: "DONOTMODIFY" # Azure populates this value at deployment time
- extension:
- resourceId: "DONOTMODIFY" # application's Azure Resource ID, Azure populates this value at deployment time
- serviceAccount: csp
- imagePullSecrets:
- images:
- neuvector_csp_pod:
- digest:
- image: neuvector-billing-azure-by-suse-llc
- registry: susellcforazuremarketplace.azurecr.io
- imagePullPolicy: IfNotPresent
- controller:
- digest: ""
- image: neuvector/controller
- registry: docker.io
- manager:
- digest: ""
- image: neuvector/manager
- registry: docker.io
- scanner:
- digest: ""
- image: neuvector/scanner
- registry: docker.io
- enforcer:
- digest: ""
- image: neuvector/enforcer
- registry: docker.io
-
- aws:
- enabled: false
- accountNumber: ""
- roleName: ""
- serviceAccount: csp
- annotations: {}
- imagePullSecrets:
- image:
- digest:
- repository: neuvector/neuvector-csp-adapter
- tag: latest
- imagePullPolicy: IfNotPresent
-
+ systemDefaultRegistry: ""
+ psp:
+ enabled: false # PSP enablement should default to false
autoGenerateCert: true
internal: # enable when cert-manager is installed for the internal certificates
certmanager:
@@ -31,7 +32,8 @@
defaultValidityPeriod: 365
@@ -80,7 +35,8 @@
maxSurge: 1
maxUnavailable: 0
image:
- repository: neuvector/controller
+ repository: rancher/mirrored-neuvector-controller
+ tag: 5.2.1
+ tag: 5.2.2-s1
hash:
replicas: 3
disruptionbudget: 0
@@ -79,7 +81,7 @@
@@ -129,7 +85,7 @@
# -----BEGIN PRIVATE KEY-----
# -----END PRIVATE KEY-----
ranchersso: # required for rancher authentication
@ -41,37 +87,37 @@
pvc:
enabled: false
existingClaim: false
@@ -227,7 +229,8 @@
@@ -281,7 +237,8 @@
# If false, enforcer will not be installed
enabled: true
image:
- repository: neuvector/enforcer
+ repository: rancher/mirrored-neuvector-enforcer
+ tag: 5.2.1
+ tag: 5.2.2-s1
hash:
updateStrategy:
type: RollingUpdate
@@ -258,7 +261,8 @@
@@ -313,7 +270,8 @@
# If false, manager will not be installed
enabled: true
image:
- repository: neuvector/manager
+ repository: rancher/mirrored-neuvector-manager
+ tag: 5.2.1
+ tag: 5.2.2-s1
hash:
priorityClassName:
env:
@@ -332,7 +336,7 @@
@@ -390,7 +348,7 @@
adapter:
enabled: false
image:
- repository: neuvector/registry-adapter
+ repository: rancher/mirrored-neuvector-registry-adapter
tag: 0.1.0
tag: 0.1.1-s1
hash:
priorityClassName:
@@ -410,7 +414,7 @@
secure: false
@@ -475,7 +433,7 @@
cacert: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
image:
registry: ""
- repository: neuvector/updater
@ -79,7 +125,7 @@
tag: latest
hash:
schedule: "0 0 * * *"
@@ -432,7 +436,7 @@
@@ -498,7 +456,7 @@
maxUnavailable: 0
image:
registry: ""
@ -88,18 +134,3 @@
tag: latest
hash:
priorityClassName:
@@ -493,14 +497,3 @@
enabled: true
type: ClusterIP
-awsbilling:
- enabled: false
- accountNumber: ""
- roleName: ""
- serviceAccount: csp
- annotations: {}
- imagePullSecrets:
- image:
- repository: neuvector/neuvector-csp-adapter
- tag: 1.0.0
- imagePullPolicy: IfNotPresent

2
packages/neuvector/package.yaml
View File

@ -1,4 +1,4 @@
url: https://neuvector.github.io/neuvector-helm/core-2.6.2.tgz
url: https://neuvector.github.io/neuvector-helm/core-2.6.4.tgz
version: 103.0.0
additionalCharts:
- workingDir: charts-crd

4
packages/neuvector/templates/crd-template/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: true
apiVersion: v1
appVersion: 5.2.1
appVersion: 5.2.2-s1
description: Helm chart for NeuVector's CRD services
home: https://neuvector.com
icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
@ -12,5 +12,5 @@ maintainers:
- email: support@neuvector.com
name: becitsthere
name: neuvector-crd
version: 2.6.2
version: 2.6.4
type: application

0
packages/neuvector/templates/crd-template/README.md Executable file → Normal file
View File

0
packages/neuvector/templates/crd-template/values.yaml Executable file → Normal file
View File