Add NeuVector chart version 2.4.3

packages/neuvector/generated-changes/exclude/templates/crd.yaml

@@ -688,6 +688,8 @@ spec:
                             type: string
                           op:
                             type: string
+                          path:
+                            type: string
                           sub_criteria:
                             items:
                               properties:
@@ -703,8 +705,14 @@ spec:
                               - value
                               type: object
                             type: array
+                          template_kind:
+                            type: string
+                          type:
+                            type: string
                           value:
                             type: string
+                          value_type:
+                            type: string
                         required:
                         - name
                         - op

packages/neuvector/generated-changes/overlay/crds/crd.yaml

@@ -688,6 +688,8 @@ spec:
                             type: string
                           op:
                             type: string
+                          path:
+                            type: string
                           sub_criteria:
                             items:
                               properties:
@@ -703,8 +705,14 @@ spec:
                               - value
                               type: object
                             type: array
+                          template_kind:
+                            type: string
+                          type:
+                            type: string
                           value:
                             type: string
+                          value_type:
+                            type: string
                         required:
                         - name
                         - op

packages/neuvector/generated-changes/overlay/questions.yaml

@@ -102,7 +102,7 @@ questions:
     label: Runtime Path
 - variable: k3s.enabled
   default: "false"
-  description: k3s containerd runtime. Enable only one runtime
+  description: k3s containerd runtime. Enable only one runtime. Choose this option for RKE2 and K3S based clusters
   type: boolean
   label: k3s Containerd Runtime
   show_subquestion_if: true
@@ -116,7 +116,7 @@ questions:
 #storage configurations
 - variable: controller.pvc.enabled
   default: false
-  description: If true, enable persistence for controller using PVC
+  description: If true, enable persistence for controller using PVC. PVC should support ReadWriteMany(RWX)
   type: boolean
   label: PVC Status
   group: "PVC Configuration"

packages/neuvector/generated-changes/patch/Chart.yaml.patch

@@ -13,9 +13,9 @@
 +  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
 +  catalog.cattle.io/release-name: neuvector
 +  catalog.cattle.io/type: cluster-tool
-+  catalog.cattle.io/upstream-version: 2.4.2
++  catalog.cattle.io/upstream-version: 2.4.3
  apiVersion: v1
- appVersion: 5.1.1
+ appVersion: 5.1.2
 -description: Helm chart for NeuVector's core services
 +description: Helm feature chart for NeuVector's core services
  home: https://neuvector.com
@@ -29,4 +29,4 @@
 +name: neuvector
 +sources:
 +- https://github.com/neuvector/neuvector
- version: 2.4.2
+ version: 2.4.3

packages/neuvector/generated-changes/patch/README.md.patch

@@ -5,25 +5,25 @@
  `controller.affinity` | controller affinity rules  | ... | spread controllers to different nodes |
  `controller.tolerations` | List of node taints to tolerate | `nil` |
 -`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
  `controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
  `controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` |
  `controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
-@@ -71,7 +71,7 @@
+@@ -72,7 +72,7 @@
  `controller.federation.mastersvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `controller.federation.mastersvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
  `controller.federation.mastersvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
 -`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
  `controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` |
  `controller.federation.managedsvc.annotations` | Add annotations to Multi-cluster managed cluster REST API service | `{}` |
  `controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` |
-@@ -87,14 +87,14 @@
+@@ -88,14 +88,14 @@
  `controller.federation.managedsvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `controller.federation.managedsvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
  `controller.federation.managedsvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
 -`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
  `controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed
  `controller.ingress.tls` | If true, TLS is enabled for controller rest api ingress service |`false` | If set, the tls-host used is the one set with `controller.ingress.host`.
  `controller.ingress.host` | Must set this host value if ingress is enabled | `nil` |
@@ -31,47 +31,47 @@
  `controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
  `controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
 -`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
  `controller.configmap.enabled` | If true, configure NeuVector global settings using a ConfigMap | `false`
  `controller.configmap.data` | NeuVector configuration in YAML format | `{}`
  `controller.secret.enabled` | If true, configure NeuVector global settings using secrets | `false`
-@@ -107,7 +107,7 @@
- `enforcer.podLabels` | Specify the pod labels. | `{}` |
+@@ -109,7 +109,7 @@
  `enforcer.podAnnotations` | Specify the pod annotations. | `{}` |
+ `enforcer.env` | User-defined environment variables for enforcers. | `[]` |
  `enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`<br>`key: node-role.kubernetes.io/master` | other taints can be added after the default
 -`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
  `manager.enabled` | If true, create manager | `true` |
  `manager.image.repository` | manager image repository | `neuvector/manager` |
  `manager.image.hash` | manager image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
-@@ -117,7 +117,7 @@
+@@ -119,7 +119,7 @@
  `manager.env.ssl` | If false, manager will listen on HTTP access instead of HTTPS | `true` |
  `manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
  `manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
 -`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml)
-+`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
  `manager.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
  `manager.route.host` | Set OpenShift route host for management console service | `nil` |
  `manager.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` |
-@@ -132,10 +132,10 @@
+@@ -134,10 +134,10 @@
  `manager.ingress.host` | Must set this host value if ingress is enabled | `nil` |
  `manager.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
 -`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
  `manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`.
  `manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
 -`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
  `manager.affinity` | manager affinity rules  | `{}` |
  `manager.tolerations` | List of node taints to tolerate | `nil` |
  `manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
-@@ -160,7 +160,7 @@
- `cve.scanner.podAnnotations` | Specify the pod annotations. | `{}` |
+@@ -163,7 +163,7 @@
+ `cve.scanner.env` | User-defined environment variables for scanner. | `[]` |
  `cve.scanner.replicas` | external scanner replicas | `3` |
  `cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` |
 -`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](values.yaml) |
-+`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml) |
++`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml) |
  `cve.scanner.affinity` | scanner affinity rules  | `{}` |
  `cve.scanner.tolerations` | List of node taints to tolerate | `nil` |
  `cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` |

packages/neuvector/generated-changes/patch/templates/controller-deployment.yaml.patch

@@ -1,6 +1,6 @@
 --- charts-original/templates/controller-deployment.yaml
 +++ charts/templates/controller-deployment.yaml
-@@ -63,19 +63,7 @@
+@@ -71,19 +71,7 @@
        serviceAccount: {{ .Values.serviceAccount }}
        containers:
          - name: neuvector-controller-pod

packages/neuvector/generated-changes/patch/values.yaml.patch

@@ -13,7 +13,7 @@
  openshift: false
  
  registry: docker.io
--tag: 5.1.1
+-tag: 5.1.2
  oem:
 -imagePullSecrets:
 -psp: false
@@ -21,19 +21,19 @@
 -serviceAccount: default
 +serviceAccount: neuvector
  
- controller:
-   # If false, controller will not be installed
-@@ -22,7 +25,8 @@
+ internal: # enable when cert-manager is installed for the internal certificates
+   certmanager: 
+@@ -27,7 +30,8 @@
        maxSurge: 1
        maxUnavailable: 0
    image:
 -    repository: neuvector/controller
 +    repository: rancher/mirrored-neuvector-controller
-+    tag: 5.1.1
++    tag: 5.1.2
      hash:
    replicas: 3
    disruptionbudget: 0
-@@ -70,7 +74,7 @@
+@@ -75,7 +79,7 @@
          #  -----BEGIN PRIVATE KEY-----
          #  -----END PRIVATE KEY-----
    ranchersso:
@@ -42,27 +42,27 @@
    pvc:
      enabled: false
      existingClaim: false
-@@ -215,7 +219,8 @@
+@@ -220,7 +224,8 @@
    # If false, enforcer will not be installed
    enabled: true
    image:
 -    repository: neuvector/enforcer
 +    repository: rancher/mirrored-neuvector-enforcer
-+    tag: 5.1.1
++    tag: 5.1.2
      hash:
    updateStrategy:
      type: RollingUpdate
-@@ -245,7 +250,8 @@
+@@ -251,7 +256,8 @@
    # If false, manager will not be installed
    enabled: true
    image:
 -    repository: neuvector/manager
 +    repository: rancher/mirrored-neuvector-manager
-+    tag: 5.1.1
++    tag: 5.1.2
      hash:
    priorityClassName:
    env:
-@@ -316,7 +322,7 @@
+@@ -322,7 +328,7 @@
      enabled: true
      secure: false
      image:
@@ -71,7 +71,7 @@
        tag: latest
        hash:
      schedule: "0 0 * * *"
-@@ -337,7 +343,7 @@
+@@ -343,7 +349,7 @@
          maxSurge: 1
          maxUnavailable: 0
      image:

packages/neuvector/package.yaml

@@ -1,5 +1,5 @@
-url: https://neuvector.github.io/neuvector-helm/core-2.4.2.tgz
-version: 102.0.0
+url: https://neuvector.github.io/neuvector-helm/core-2.4.3.tgz
+version: 102.0.1
 additionalCharts:
 - workingDir: charts-crd
   crdOptions:

packages/neuvector/templates/crd-template/Chart.yaml

@@ -4,7 +4,7 @@ annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/hidden: true
 apiVersion: v1
-appVersion: 5.1.1
+appVersion: 5.1.2
 description: Helm chart for NeuVector's CRD services
 home: https://neuvector.com
 icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
@@ -12,5 +12,5 @@ maintainers:
 - email: support@neuvector.com
   name: becitsthere
 name: neuvector-crd
-version: 2.4.2
+version: 2.4.3
 type: application