diff --git a/packages/neuvector/generated-changes/exclude/templates/crd.yaml b/packages/neuvector/generated-changes/exclude/templates/crd.yaml
index 7a969b61b..7ec09c616 100644
--- a/packages/neuvector/generated-changes/exclude/templates/crd.yaml
+++ b/packages/neuvector/generated-changes/exclude/templates/crd.yaml
@@ -688,6 +688,8 @@ spec:
type: string
op:
type: string
+ path:
+ type: string
sub_criteria:
items:
properties:
@@ -703,8 +705,14 @@ spec:
- value
type: object
type: array
+ template_kind:
+ type: string
+ type:
+ type: string
value:
type: string
+ value_type:
+ type: string
required:
- name
- op
diff --git a/packages/neuvector/generated-changes/overlay/crds/crd.yaml b/packages/neuvector/generated-changes/overlay/crds/crd.yaml
index 7a969b61b..7ec09c616 100644
--- a/packages/neuvector/generated-changes/overlay/crds/crd.yaml
+++ b/packages/neuvector/generated-changes/overlay/crds/crd.yaml
@@ -688,6 +688,8 @@ spec:
type: string
op:
type: string
+ path:
+ type: string
sub_criteria:
items:
properties:
@@ -703,8 +705,14 @@ spec:
- value
type: object
type: array
+ template_kind:
+ type: string
+ type:
+ type: string
value:
type: string
+ value_type:
+ type: string
required:
- name
- op
diff --git a/packages/neuvector/generated-changes/overlay/questions.yaml b/packages/neuvector/generated-changes/overlay/questions.yaml
index 5be1d23f5..ab478103f 100644
--- a/packages/neuvector/generated-changes/overlay/questions.yaml
+++ b/packages/neuvector/generated-changes/overlay/questions.yaml
@@ -102,7 +102,7 @@ questions:
label: Runtime Path
- variable: k3s.enabled
default: "false"
- description: k3s containerd runtime. Enable only one runtime
+ description: k3s containerd runtime. Enable only one runtime. Choose this option for RKE2 and K3S based clusters
type: boolean
label: k3s Containerd Runtime
show_subquestion_if: true
@@ -116,7 +116,7 @@ questions:
#storage configurations
- variable: controller.pvc.enabled
default: false
- description: If true, enable persistence for controller using PVC
+ description: If true, enable persistence for controller using PVC. PVC should support ReadWriteMany(RWX)
type: boolean
label: PVC Status
group: "PVC Configuration"
diff --git a/packages/neuvector/generated-changes/patch/Chart.yaml.patch b/packages/neuvector/generated-changes/patch/Chart.yaml.patch
index 31f3c0c95..3c9048580 100644
--- a/packages/neuvector/generated-changes/patch/Chart.yaml.patch
+++ b/packages/neuvector/generated-changes/patch/Chart.yaml.patch
@@ -13,9 +13,9 @@
+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
+ catalog.cattle.io/release-name: neuvector
+ catalog.cattle.io/type: cluster-tool
-+ catalog.cattle.io/upstream-version: 2.4.2
++ catalog.cattle.io/upstream-version: 2.4.3
apiVersion: v1
- appVersion: 5.1.1
+ appVersion: 5.1.2
-description: Helm chart for NeuVector's core services
+description: Helm feature chart for NeuVector's core services
home: https://neuvector.com
@@ -29,4 +29,4 @@
+name: neuvector
+sources:
+- https://github.com/neuvector/neuvector
- version: 2.4.2
+ version: 2.4.3
diff --git a/packages/neuvector/generated-changes/patch/README.md.patch b/packages/neuvector/generated-changes/patch/README.md.patch
index b0664869a..7530294bd 100644
--- a/packages/neuvector/generated-changes/patch/README.md.patch
+++ b/packages/neuvector/generated-changes/patch/README.md.patch
@@ -5,25 +5,25 @@
`controller.affinity` | controller affinity rules | ... | spread controllers to different nodes |
`controller.tolerations` | List of node taints to tolerate | `nil` |
-`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
`controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
`controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` |
`controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
-@@ -71,7 +71,7 @@
+@@ -72,7 +72,7 @@
`controller.federation.mastersvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
`controller.federation.mastersvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
`controller.federation.mastersvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
-`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
`controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` |
`controller.federation.managedsvc.annotations` | Add annotations to Multi-cluster managed cluster REST API service | `{}` |
`controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` |
-@@ -87,14 +87,14 @@
+@@ -88,14 +88,14 @@
`controller.federation.managedsvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
`controller.federation.managedsvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
`controller.federation.managedsvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
-`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
`controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed
`controller.ingress.tls` | If true, TLS is enabled for controller rest api ingress service |`false` | If set, the tls-host used is the one set with `controller.ingress.host`.
`controller.ingress.host` | Must set this host value if ingress is enabled | `nil` |
@@ -31,47 +31,47 @@
`controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
`controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
-`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
`controller.configmap.enabled` | If true, configure NeuVector global settings using a ConfigMap | `false`
`controller.configmap.data` | NeuVector configuration in YAML format | `{}`
`controller.secret.enabled` | If true, configure NeuVector global settings using secrets | `false`
-@@ -107,7 +107,7 @@
- `enforcer.podLabels` | Specify the pod labels. | `{}` |
+@@ -109,7 +109,7 @@
`enforcer.podAnnotations` | Specify the pod annotations. | `{}` |
+ `enforcer.env` | User-defined environment variables for enforcers. | `[]` |
`enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`
`key: node-role.kubernetes.io/master` | other taints can be added after the default
-`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
`manager.enabled` | If true, create manager | `true` |
`manager.image.repository` | manager image repository | `neuvector/manager` |
`manager.image.hash` | manager image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
-@@ -117,7 +117,7 @@
+@@ -119,7 +119,7 @@
`manager.env.ssl` | If false, manager will listen on HTTP access instead of HTTPS | `true` |
`manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;
if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
`manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
-`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml)
-+`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
`manager.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
`manager.route.host` | Set OpenShift route host for management console service | `nil` |
`manager.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` |
-@@ -132,10 +132,10 @@
+@@ -134,10 +134,10 @@
`manager.ingress.host` | Must set this host value if ingress is enabled | `nil` |
`manager.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
`manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
-`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
`manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`.
`manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
-`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml)
++`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml)
`manager.affinity` | manager affinity rules | `{}` |
`manager.tolerations` | List of node taints to tolerate | `nil` |
`manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
-@@ -160,7 +160,7 @@
- `cve.scanner.podAnnotations` | Specify the pod annotations. | `{}` |
+@@ -163,7 +163,7 @@
+ `cve.scanner.env` | User-defined environment variables for scanner. | `[]` |
`cve.scanner.replicas` | external scanner replicas | `3` |
`cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` |
-`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](values.yaml) |
-+`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.2/charts/core/values.yaml) |
++`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml) |
`cve.scanner.affinity` | scanner affinity rules | `{}` |
`cve.scanner.tolerations` | List of node taints to tolerate | `nil` |
`cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
diff --git a/packages/neuvector/generated-changes/patch/templates/controller-deployment.yaml.patch b/packages/neuvector/generated-changes/patch/templates/controller-deployment.yaml.patch
index e58bb39cf..348f8b239 100644
--- a/packages/neuvector/generated-changes/patch/templates/controller-deployment.yaml.patch
+++ b/packages/neuvector/generated-changes/patch/templates/controller-deployment.yaml.patch
@@ -1,6 +1,6 @@
--- charts-original/templates/controller-deployment.yaml
+++ charts/templates/controller-deployment.yaml
-@@ -63,19 +63,7 @@
+@@ -71,19 +71,7 @@
serviceAccount: {{ .Values.serviceAccount }}
containers:
- name: neuvector-controller-pod
diff --git a/packages/neuvector/generated-changes/patch/values.yaml.patch b/packages/neuvector/generated-changes/patch/values.yaml.patch
index 227c6d4c3..1b384acb2 100644
--- a/packages/neuvector/generated-changes/patch/values.yaml.patch
+++ b/packages/neuvector/generated-changes/patch/values.yaml.patch
@@ -13,7 +13,7 @@
openshift: false
registry: docker.io
--tag: 5.1.1
+-tag: 5.1.2
oem:
-imagePullSecrets:
-psp: false
@@ -21,19 +21,19 @@
-serviceAccount: default
+serviceAccount: neuvector
- controller:
- # If false, controller will not be installed
-@@ -22,7 +25,8 @@
+ internal: # enable when cert-manager is installed for the internal certificates
+ certmanager:
+@@ -27,7 +30,8 @@
maxSurge: 1
maxUnavailable: 0
image:
- repository: neuvector/controller
+ repository: rancher/mirrored-neuvector-controller
-+ tag: 5.1.1
++ tag: 5.1.2
hash:
replicas: 3
disruptionbudget: 0
-@@ -70,7 +74,7 @@
+@@ -75,7 +79,7 @@
# -----BEGIN PRIVATE KEY-----
# -----END PRIVATE KEY-----
ranchersso:
@@ -42,27 +42,27 @@
pvc:
enabled: false
existingClaim: false
-@@ -215,7 +219,8 @@
+@@ -220,7 +224,8 @@
# If false, enforcer will not be installed
enabled: true
image:
- repository: neuvector/enforcer
+ repository: rancher/mirrored-neuvector-enforcer
-+ tag: 5.1.1
++ tag: 5.1.2
hash:
updateStrategy:
type: RollingUpdate
-@@ -245,7 +250,8 @@
+@@ -251,7 +256,8 @@
# If false, manager will not be installed
enabled: true
image:
- repository: neuvector/manager
+ repository: rancher/mirrored-neuvector-manager
-+ tag: 5.1.1
++ tag: 5.1.2
hash:
priorityClassName:
env:
-@@ -316,7 +322,7 @@
+@@ -322,7 +328,7 @@
enabled: true
secure: false
image:
@@ -71,7 +71,7 @@
tag: latest
hash:
schedule: "0 0 * * *"
-@@ -337,7 +343,7 @@
+@@ -343,7 +349,7 @@
maxSurge: 1
maxUnavailable: 0
image:
diff --git a/packages/neuvector/package.yaml b/packages/neuvector/package.yaml
index 8664fb73a..c2a9c31ea 100644
--- a/packages/neuvector/package.yaml
+++ b/packages/neuvector/package.yaml
@@ -1,5 +1,5 @@
-url: https://neuvector.github.io/neuvector-helm/core-2.4.2.tgz
-version: 102.0.0
+url: https://neuvector.github.io/neuvector-helm/core-2.4.3.tgz
+version: 102.0.1
additionalCharts:
- workingDir: charts-crd
crdOptions:
diff --git a/packages/neuvector/templates/crd-template/Chart.yaml b/packages/neuvector/templates/crd-template/Chart.yaml
index 8d06796d4..18e6ef19c 100644
--- a/packages/neuvector/templates/crd-template/Chart.yaml
+++ b/packages/neuvector/templates/crd-template/Chart.yaml
@@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: true
apiVersion: v1
-appVersion: 5.1.1
+appVersion: 5.1.2
description: Helm chart for NeuVector's CRD services
home: https://neuvector.com
icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
@@ -12,5 +12,5 @@ maintainers:
- email: support@neuvector.com
name: becitsthere
name: neuvector-crd
-version: 2.4.2
+version: 2.4.3
type: application