Add NeuVector chart version 2.6.4

packages/neuvector/generated-changes/exclude/templates/csp-clusterrole.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.awsbilling.enabled }}
+{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
 {{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
 {{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
 {{- if $oc3 }}

packages/neuvector/generated-changes/exclude/templates/csp-clusterrolebinding.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.awsbilling.enabled }}
+{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
 {{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
 {{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
 {{- if $oc3 }}
@@ -21,7 +21,12 @@ roleRef:
   name: neuvector-csp-adapter-cluster-role
 subjects:
   - kind: ServiceAccount
-    name: {{ .Values.awsbilling.serviceAccount }}
+    {{- if .Values.global.aws.enabled }}
+    name: {{ .Values.global.aws.serviceAccount }}
+    {{- end }}
+    {{- if .Values.global.azure.enabled }}
+    name: {{ .Values.global.azure.serviceAccount }}
+    {{- end }}
     namespace: {{ .Release.Namespace }}
 
 ---
@@ -48,7 +53,11 @@ roleRef:
   name: neuvector-binding-csp-usages
 subjects:
   - kind: ServiceAccount
+    {{- if and .Values.rbac .Values.leastPrivilege }}
+    name: controller
+    {{- else }}
     name: {{ .Values.serviceAccount }}
+    {{- end }}
     namespace: {{ .Release.Namespace }}
 {{- end }}
 

packages/neuvector/generated-changes/exclude/templates/csp-crd.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.awsbilling.enabled }}
+{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
 {{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
 {{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
 {{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}

packages/neuvector/generated-changes/exclude/templates/csp-deployment.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.awsbilling.enabled }}
+{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -8,7 +8,7 @@ metadata:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
-{{- with .Values.awsbilling.annotations }}
+{{- with .Values.global.aws.annotations }}
   annotations:
 {{ toYaml . | indent 4 }}
 {{- end }}
@@ -22,9 +22,13 @@ spec:
         app: neuvector-csp-pod
         release: {{ .Release.Name }}
     spec:
-      {{- if .Values.awsbilling.imagePullSecrets }}
+      {{- if .Values.global.aws.imagePullSecrets }}
       imagePullSecrets:
-        - name: {{ .Values.awsbilling.imagePullSecrets }}
+        - name: {{ .Values.global.aws.imagePullSecrets }}
+      {{- end }}
+      {{- if .Values.global.azure.imagePullSecrets }}
+      imagePullSecrets:
+        - name: {{ .Values.global.azure.imagePullSecrets }}
       {{- end }}
       containers:
       - env:
@@ -38,9 +42,32 @@ spec:
           value: "v1"
         - name: USAGE_API_GROUP
           value: "susecloud.net"
-        image: "{{ .Values.registry }}/{{ .Values.awsbilling.image.repository }}:{{ .Values.awsbilling.image.tag }}"
+        {{- if .Values.global.azure.enabled }}  
-        name: neuvector-csp-pod
+        - name: "CLIENT_ID"
-        imagePullPolicy: "{{ .Values.awsbilling.image.imagePullPoliicy }}"
+          value: "{{ .Values.global.azure.identity.clientId }}"
-      serviceAccountName: {{ .Values.awsbilling.serviceAccount }}
+        - name: "EXTENSION_RESOURCE_ID"
-      serviceAccount: {{ .Values.awsbilling.serviceAccount }}
+          value: "{{ .Values.global.azure.extension.resourceId }}"
+        - name: "PLAN_ID"
+          value: "{{ .Values.global.azure.marketplace.planId }}"
+        {{- end }}
+        {{- if and .Values.global.aws.enabled .Values.global.aws.image.digest }}
+        image: "{{ .Values.registry }}/{{ .Values.global.aws.image.repository }}@{{ .Values.global.aws.image.digest }}"
+        {{- else if and .Values.global.aws.enabled .Values.global.aws.image.tag }}
+        image: "{{ .Values.registry }}/{{ .Values.global.aws.image.repository }}:{{ .Values.global.aws.image.tag }}"
+        {{- else if and .Values.global.azure.enabled }}
+        image: "{{ .Values.global.azure.images.neuvector_csp_pod.registry }}/{{ .Values.global.azure.images.neuvector_csp_pod.image }}@{{ .Values.global.azure.images.neuvector_csp_pod.digest }}"
+        {{- end }}
+        name: neuvector-csp-pod
+        {{- if .Values.global.aws.enabled }}
+        imagePullPolicy: "{{ .Values.global.aws.image.imagePullPolicy }}"
+        {{- else if .Values.global.azure.enabled }}
+        imagePullPolicy: "{{ .Values.global.azure.images.neuvector_csp_pod.imagePullPolicy }}"
+        {{- end }}
+      {{- if .Values.global.aws.enabled }}
+      serviceAccountName: {{ .Values.global.aws.serviceAccount }}
+      serviceAccount: {{ .Values.global.aws.serviceAccount }}
+      {{- else if .Values.global.azure.enabled }}
+      serviceAccountName: {{ .Values.global.azure.serviceAccount }}
+      serviceAccount: {{ .Values.global.azure.serviceAccount }}
+      {{- end }}
 {{- end }}

packages/neuvector/generated-changes/exclude/templates/csp-role.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.awsbilling.enabled }}
+{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
 {{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
 {{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
 {{- if $oc3 }}

packages/neuvector/generated-changes/exclude/templates/csp-rolebinding.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.awsbilling.enabled }}
+{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
 {{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
 {{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
 {{- if $oc3 }}
@@ -22,6 +22,11 @@ roleRef:
   name: neuvector-csp-adapter-role
 subjects:
   - kind: ServiceAccount
-    name: {{ .Values.awsbilling.serviceAccount }}
+    {{- if .Values.global.aws.enabled }}
+    name: {{ .Values.global.aws.serviceAccount }}
+    {{- end }}
+    {{- if .Values.global.azure.enabled }}
+    name: {{ .Values.global.azure.serviceAccount }}
+    {{- end }}
     namespace: {{ .Release.Namespace }}
 {{- end }}

packages/neuvector/generated-changes/exclude/templates/csp-serviceaccount.yaml

@@ -1,17 +1,24 @@
-{{- if .Values.awsbilling.enabled }}
+{{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
 {{- if not .Values.openshift}}
-{{- if ne .Values.awsbilling.serviceAccount "default"}}
+{{- if and (ne .Values.global.aws.serviceAccount "default") (ne .Values.global.azure.serviceAccount "default") }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Values.awsbilling.serviceAccount }}
+  {{- if .Values.global.aws.enabled }}
+  name: {{ .Values.global.aws.serviceAccount }}
+  {{- end }}
+  {{- if .Values.global.azure.enabled }}
+  name: {{ .Values.global.azure.serviceAccount }}
+  {{- end }}
   namespace: {{ .Release.Namespace }}
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
     heritage: {{ .Release.Service }}
   annotations:
-    eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.awsbilling.accountNumber }}:role/{{ .Values.awsbilling.roleName }}
+    {{- if .Values.global.aws.enabled }}
+    eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.global.aws.accountNumber }}:role/{{ .Values.global.aws.roleName }}
+    {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}

packages/neuvector/generated-changes/patch/Chart.yaml.patch

@@ -13,9 +13,9 @@
 +  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
 +  catalog.cattle.io/release-name: neuvector
 +  catalog.cattle.io/type: cluster-tool
-+  catalog.cattle.io/upstream-version: 2.6.2
++  catalog.cattle.io/upstream-version: 2.6.4
  apiVersion: v1
- appVersion: 5.2.1
+ appVersion: 5.2.2-s1
 -description: Helm chart for NeuVector's core services
 +description: Helm feature chart for NeuVector's core services
  home: https://neuvector.com
@@ -29,4 +29,4 @@
 +name: neuvector
 +sources:
 +- https://github.com/neuvector/neuvector
- version: 2.6.2
+ version: 2.6.4

packages/neuvector/generated-changes/patch/README.md.patch

@@ -10,30 +10,30 @@
  ## Choosing container runtime
  The NeuVector platform supports docker, cri-o and containerd as the container runtime. For a k3s/rke2, or bottlerocket cluster, they have their own runtime socket path. You should enable their runtime options, `k3s.enabled` and `bottlerocket.enabled`, respectively.
  
-@@ -31,7 +28,7 @@
+@@ -49,7 +46,7 @@
  `controller.schedulerName` | kubernetes scheduler name | `nil` |
  `controller.affinity` | controller affinity rules  | ... | spread controllers to different nodes |
  `controller.tolerations` | List of node taints to tolerate | `nil` |
 -`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
++`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
  `controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
  `controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` |
  `controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
-@@ -74,7 +71,7 @@
+@@ -92,7 +89,7 @@
  `controller.federation.mastersvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `controller.federation.mastersvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
  `controller.federation.mastersvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
 -`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
++`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
  `controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` |
  `controller.federation.managedsvc.annotations` | Add annotations to Multi-cluster managed cluster REST API service | `{}` |
  `controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` |
-@@ -90,14 +87,14 @@
+@@ -108,14 +105,14 @@
  `controller.federation.managedsvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `controller.federation.managedsvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
  `controller.federation.managedsvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
 -`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
++`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
  `controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed
  `controller.ingress.tls` | If true, TLS is enabled for controller rest api ingress service |`false` | If set, the tls-host used is the one set with `controller.ingress.host`.
  `controller.ingress.host` | Must set this host value if ingress is enabled | `nil` |
@@ -41,69 +41,69 @@
  `controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
  `controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
 -`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
++`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
  `controller.configmap.enabled` | If true, configure NeuVector global settings using a ConfigMap | `false`
  `controller.configmap.data` | NeuVector configuration in YAML format | `{}`
  `controller.secret.enabled` | If true, configure NeuVector global settings using secrets | `false`
-@@ -111,7 +108,7 @@
+@@ -129,7 +126,7 @@
  `enforcer.podAnnotations` | Specify the pod annotations. | `{}` |
  `enforcer.env` | User-defined environment variables for enforcers. | `[]` |
  `enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`<br>`key: node-role.kubernetes.io/master` | other taints can be added after the default
 -`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
++`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
  `manager.enabled` | If true, create manager | `true` |
  `manager.image.repository` | manager image repository | `neuvector/manager` |
  `manager.image.hash` | manager image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
-@@ -128,7 +125,7 @@
+@@ -146,7 +143,7 @@
  `        CUSTOM_PAGE_FOOTER_COLOR`        | use color name (yellow) or value (#ffff00) | 
  `manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
  `manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
 -`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml)
-+`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
++`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
  `manager.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
  `manager.route.host` | Set OpenShift route host for management console service | `nil` |
  `manager.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` |
-@@ -143,10 +140,10 @@
+@@ -161,10 +158,10 @@
  `manager.ingress.host` | Must set this host value if ingress is enabled | `nil` |
  `manager.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
 -`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
++`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
  `manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`.
  `manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
 -`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
++`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
  `manager.affinity` | manager affinity rules  | `{}` |
  `manager.tolerations` | List of node taints to tolerate | `nil` |
  `manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
-@@ -161,7 +158,7 @@
+@@ -179,7 +176,7 @@
  `cve.adapter.env` | User-defined environment variables for adapter. | `[]` |
  `cve.adapter.svc.type` | set registry adapter service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
  `cve.adapter.svc.loadBalancerIP` | if registry adapter service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
 -`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](values.yaml)
-+`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
++`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
  `cve.adapter.harbor.protocol` | Harbor registry request protocol [http|https] | `https` |
  `cve.adapter.harbor.secretName` | Harbor registry adapter's basic authentication secret | |
  `cve.adapter.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
-@@ -178,10 +175,10 @@
+@@ -196,10 +193,10 @@
  `cve.adapter.ingress.host` | Must set this host value if ingress is enabled | `nil` |
  `cve.adapter.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `cve.adapter.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
 -`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
++`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
  `cve.adapter.ingress.tls` | If true, TLS is enabled for registry adapter ingress service |`false` | If set, the tls-host used is the one set with `cve.adapter.ingress.host`.
  `cve.adapter.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
 -`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
++`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml)
  `cve.adapter.affinity` | registry adapter affinity rules  | `{}` |
  `cve.adapter.tolerations` | List of node taints to tolerate | `nil` |
  `cve.adapter.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
-@@ -209,7 +206,7 @@
+@@ -228,7 +225,7 @@
  `cve.scanner.env` | User-defined environment variables for scanner. | `[]` |
  `cve.scanner.replicas` | external scanner replicas | `3` |
  `cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` |
 -`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](values.yaml) |
-+`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml) |
++`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.4/charts/core/values.yaml) |
  `cve.scanner.affinity` | scanner affinity rules  | `{}` |
  `cve.scanner.tolerations` | List of node taints to tolerate | `nil` |
  `cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` |

packages/neuvector/generated-changes/patch/templates/_helpers.tpl.patch

@@ -1,10 +1,12 @@
 --- charts-original/templates/_helpers.tpl
 +++ charts/templates/_helpers.tpl
-@@ -30,3 +30,11 @@
+@@ -45,4 +45,11 @@
- {{- define "neuvector.chart" -}}
+ {{- if $value -}}
- {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+ {{- printf "%s" $value -}}
  {{- end -}}
-+
+-{{- end -}}
+\ No newline at end of file
++{{- end -}}
 +{{- define "system_default_registry" -}}
 +{{- if .Values.global.cattle.systemDefaultRegistry -}}
 +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}

packages/neuvector/generated-changes/patch/templates/controller-deployment.yaml.patch

@@ -1,9 +1,12 @@
 --- charts-original/templates/controller-deployment.yaml
 +++ charts/templates/controller-deployment.yaml
-@@ -76,19 +76,7 @@
+@@ -79,23 +79,7 @@
        {{- end }}
        containers:
          - name: neuvector-controller-pod
+-          {{- if .Values.global.azure.enabled }}
+-          image: "{{ .Values.global.azure.images.controller.registry }}/{{ .Values.global.azure.images.controller.image }}@{{ .Values.global.azure.images.controller.digest }}"
+-          {{- else }}
 -          {{- if eq .Values.registry "registry.neuvector.com" }}
 -          {{- if .Values.oem }}
 -          image: "{{ .Values.registry }}/{{ .Values.oem }}/controller:{{ .Values.tag }}"
@@ -17,19 +20,24 @@
 -          image: "{{ .Values.registry }}/{{ .Values.controller.image.repository }}:{{ .Values.tag }}"
 -          {{- end }}
 -          {{- end }}
+-          {{- end }}
 +          image: {{ template "system_default_registry" . }}{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
            securityContext:
              privileged: true
            resources:
-@@ -125,14 +113,6 @@
+@@ -132,18 +116,6 @@
              - name: CTRL_PERSIST_CONFIG
                value: "1"
            {{- end }}
--          {{- if .Values.awsbilling.enabled }}
+-          {{- if .Values.global.aws.enabled }}
 -            - name: CSP_ENV
 -              value: "aws"
 -          {{- end }}
--          {{- if .Values.awsbilling.enabled }}
+-          {{- if .Values.global.azure.enabled }}
+-            - name: CSP_ENV
+-              value: "azure"
+-          {{- end }}
+-          {{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
 -            - name: NO_DEFAULT_ADMIN
 -              value: "1"
 -          {{- end }}

packages/neuvector/generated-changes/patch/templates/enforcer-daemonset.yaml.patch

@@ -1,9 +1,12 @@
 --- charts-original/templates/enforcer-daemonset.yaml
 +++ charts/templates/enforcer-daemonset.yaml
-@@ -51,19 +51,7 @@
+@@ -51,23 +51,7 @@
      {{- end }}
        containers:
          - name: neuvector-enforcer-pod
+-          {{- if .Values.global.azure.enabled }}
+-          image: "{{ .Values.global.azure.images.enforcer.registry }}/{{ .Values.global.azure.images.enforcer.image }}@{{ .Values.global.azure.images.enforcer.digest }}"
+-          {{- else }}
 -          {{- if eq .Values.registry "registry.neuvector.com" }}
 -          {{- if .Values.oem }}
 -          image: "{{ .Values.registry }}/{{ .Values.oem }}/enforcer:{{ .Values.tag }}"
@@ -17,6 +20,7 @@
 -          image: "{{ .Values.registry }}/{{ .Values.enforcer.image.repository }}:{{ .Values.tag }}"
 -          {{- end }}
 -          {{- end }}
+-          {{- end }}
 +          image: {{ template "system_default_registry" . }}{{ .Values.enforcer.image.repository }}:{{ .Values.enforcer.image.tag }}
            securityContext:
              privileged: true

packages/neuvector/generated-changes/patch/templates/manager-deployment.yaml.patch

@@ -1,9 +1,12 @@
 --- charts-original/templates/manager-deployment.yaml
 +++ charts/templates/manager-deployment.yaml
-@@ -62,19 +62,7 @@
+@@ -67,23 +67,7 @@
        {{- end }}
        containers:
          - name: neuvector-manager-pod
+-          {{- if .Values.global.azure.enabled }}
+-          image: "{{ .Values.global.azure.images.manager.registry }}/{{ .Values.global.azure.images.manager.image }}@{{ .Values.global.azure.images.manager.digest }}"
+-          {{- else }}
 -          {{- if eq .Values.registry "registry.neuvector.com" }}
 -          {{- if .Values.oem }}
 -          image: "{{ .Values.registry }}/{{ .Values.oem }}/manager:{{ .Values.tag }}"
@@ -17,6 +20,7 @@
 -          image: "{{ .Values.registry }}/{{ .Values.manager.image.repository }}:{{ .Values.tag }}"
 -          {{- end }}
 -          {{- end }}
+-          {{- end }}
 +          image: {{ template "system_default_registry" . }}{{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
            env:
              - name: CTRL_SERVER_IP

packages/neuvector/generated-changes/patch/templates/registry-adapter.yaml.patch

@@ -1,6 +1,6 @@
 --- charts-original/templates/registry-adapter.yaml
 +++ charts/templates/registry-adapter.yaml
-@@ -72,7 +72,7 @@
+@@ -77,7 +77,7 @@
            {{- if .Values.cve.adapter.image.hash }}
            image: "{{ .Values.registry }}/{{ .Values.cve.adapter.image.repository }}@{{ .Values.cve.adapter.image.hash }}"
            {{- else }}

packages/neuvector/generated-changes/patch/templates/scanner-deployment.yaml.patch

@@ -1,9 +1,12 @@
 --- charts-original/templates/scanner-deployment.yaml
 +++ charts/templates/scanner-deployment.yaml
-@@ -63,21 +63,7 @@
+@@ -63,25 +63,7 @@
        {{- end }}
        containers:
          - name: neuvector-scanner-pod
+-          {{- if .Values.global.azure.enabled }}
+-          image: "{{ .Values.global.azure.images.scanner.registry }}/{{ .Values.global.azure.images.scanner.image }}@{{ .Values.global.azure.images.scanner.digest }}"
+-          {{- else }}
 -          {{- if eq .Values.registry "registry.neuvector.com" }}
 -          {{- if .Values.oem }}
 -          image: "{{ .Values.registry }}/{{ .Values.oem }}/scanner:{{ .Values.cve.scanner.image.tag }}"
@@ -19,6 +22,7 @@
 -          image: "{{ .Values.registry }}/{{ .Values.cve.scanner.image.repository }}:{{ .Values.cve.scanner.image.tag }}"
 -          {{- end }}
 -          {{- end }}
+-          {{- end }}
 +          image: {{ template "system_default_registry" . }}{{ .Values.cve.scanner.image.repository }}:{{ .Values.cve.scanner.image.tag }}
            imagePullPolicy: Always
            env:

packages/neuvector/generated-changes/patch/values.yaml.patch

@@ -1,10 +1,10 @@
 --- charts-original/values.yaml
 +++ charts/values.yaml
-@@ -5,16 +5,17 @@
+@@ -5,62 +5,17 @@
  openshift: false
  
  registry: docker.io
--tag: 5.2.1
+-tag: 5.2.2-s1
  oem:
 -imagePullSecrets:
 -psp: false
@@ -16,23 +16,69 @@
  global: # required for rancher authentication (https://<Rancher_URL>/)
    cattle:
      url:
+-  azure:
+-    enabled: false
+-    identity:
+-      clientId: "DONOTMODIFY" # Azure populates this value at deployment time
+-    marketplace:
+-      planId: "DONOTMODIFY" # Azure populates this value at deployment time
+-    extension:
+-      resourceId: "DONOTMODIFY" # application's Azure Resource ID, Azure populates this value at deployment time
+-    serviceAccount: csp
+-    imagePullSecrets:
+-    images:
+-      neuvector_csp_pod:
+-        digest: 
+-        image: neuvector-billing-azure-by-suse-llc
+-        registry: susellcforazuremarketplace.azurecr.io
+-        imagePullPolicy: IfNotPresent
+-      controller:
+-        digest: ""
+-        image: neuvector/controller
+-        registry: docker.io
+-      manager:
+-        digest: ""
+-        image: neuvector/manager
+-        registry: docker.io
+-      scanner:
+-        digest: ""
+-        image: neuvector/scanner
+-        registry: docker.io
+-      enforcer:
+-        digest: ""
+-        image: neuvector/enforcer
+-        registry: docker.io
+-
+-  aws:
+-    enabled: false
+-    accountNumber: ""
+-    roleName: ""
+-    serviceAccount: csp
+-    annotations: {}
+-    imagePullSecrets:
+-    image:
+-      digest:
+-      repository: neuvector/neuvector-csp-adapter
+-      tag: latest
+-      imagePullPolicy: IfNotPresent
+-
 +    systemDefaultRegistry: ""
 +    psp:
 +      enabled: false # PSP enablement should default to false
+ autoGenerateCert: true
  
- internal: # enable when cert-manager is installed for the internal certificates
+ defaultValidityPeriod: 365
-   certmanager: 
+@@ -80,7 +35,8 @@
-@@ -31,7 +32,8 @@
        maxSurge: 1
        maxUnavailable: 0
    image:
 -    repository: neuvector/controller
 +    repository: rancher/mirrored-neuvector-controller
-+    tag: 5.2.1
++    tag: 5.2.2-s1
      hash:
    replicas: 3
    disruptionbudget: 0
-@@ -79,7 +81,7 @@
+@@ -129,7 +85,7 @@
          #  -----BEGIN PRIVATE KEY-----
          #  -----END PRIVATE KEY-----
    ranchersso: # required for rancher authentication
@@ -41,37 +87,37 @@
    pvc:
      enabled: false
      existingClaim: false
-@@ -227,7 +229,8 @@
+@@ -281,7 +237,8 @@
    # If false, enforcer will not be installed
    enabled: true
    image:
 -    repository: neuvector/enforcer
 +    repository: rancher/mirrored-neuvector-enforcer
-+    tag: 5.2.1
++    tag: 5.2.2-s1
      hash:
    updateStrategy:
      type: RollingUpdate
-@@ -258,7 +261,8 @@
+@@ -313,7 +270,8 @@
    # If false, manager will not be installed
    enabled: true
    image:
 -    repository: neuvector/manager
 +    repository: rancher/mirrored-neuvector-manager
-+    tag: 5.2.1
++    tag: 5.2.2-s1
      hash:
    priorityClassName:
    env:
-@@ -332,7 +336,7 @@
+@@ -390,7 +348,7 @@
    adapter:
      enabled: false
      image:
 -      repository: neuvector/registry-adapter
 +      repository: rancher/mirrored-neuvector-registry-adapter
-       tag: 0.1.0
+       tag: 0.1.1-s1
        hash:
      priorityClassName:
-@@ -410,7 +414,7 @@
+@@ -475,7 +433,7 @@
-     secure: false
+     cacert: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
      image:
        registry: ""
 -      repository: neuvector/updater
@@ -79,7 +125,7 @@
        tag: latest
        hash:
      schedule: "0 0 * * *"
-@@ -432,7 +436,7 @@
+@@ -498,7 +456,7 @@
          maxUnavailable: 0
      image:
        registry: ""
@@ -88,18 +134,3 @@
        tag: latest
        hash:
      priorityClassName:
-@@ -493,14 +497,3 @@
-   enabled: true
-   type: ClusterIP
- 
--awsbilling:
--  enabled: false
--  accountNumber: ""
--  roleName: ""
--  serviceAccount: csp
--  annotations: {}
--  imagePullSecrets:
--  image:
--    repository: neuvector/neuvector-csp-adapter
--    tag: 1.0.0
--    imagePullPolicy: IfNotPresent

packages/neuvector/package.yaml

@@ -1,4 +1,4 @@
-url: https://neuvector.github.io/neuvector-helm/core-2.6.2.tgz
+url: https://neuvector.github.io/neuvector-helm/core-2.6.4.tgz
 version: 103.0.0
 additionalCharts:
 - workingDir: charts-crd

packages/neuvector/templates/crd-template/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/hidden: true
 apiVersion: v1
-appVersion: 5.2.1
+appVersion: 5.2.2-s1
 description: Helm chart for NeuVector's CRD services
 home: https://neuvector.com
 icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
@@ -12,5 +12,5 @@ maintainers:
 - email: support@neuvector.com
   name: becitsthere
 name: neuvector-crd
-version: 2.6.2
+version: 2.6.4
 type: application