mirror of https://git.rancher.io/charts
[dev-v2.9] neuvector-monitor 104.0.4+up2.8.4 bump (#5017)
parent
b22f3281a3
commit
fbfd5b67ce
assets/neuvector-monitor
charts/neuvector-monitor/104.0.4+up2.8.4
packages/neuvector-monitor
generated-changes/patch
Binary file not shown.
|
@ -0,0 +1,27 @@
|
|||
annotations:
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/display-name: NeuVector Monitor
|
||||
catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.33.0-0'
|
||||
catalog.cattle.io/namespace: cattle-neuvector-system
|
||||
catalog.cattle.io/os: linux
|
||||
catalog.cattle.io/permits-os: linux
|
||||
catalog.cattle.io/provides-gvr: neuvector.com/v1
|
||||
catalog.cattle.io/rancher-version: '>= 2.9.0-0 < 2.10.0-0'
|
||||
catalog.cattle.io/release-name: neuvector-monitor
|
||||
catalog.cattle.io/type: cluster-tool
|
||||
catalog.cattle.io/upstream-version: 2.8.4
|
||||
apiVersion: v1
|
||||
appVersion: 1.0.1
|
||||
description: Helm feature chart (optional) add-on to NeuVector for monitoring with
|
||||
Prometheus/Grafana.
|
||||
home: https://neuvector.com
|
||||
icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
|
||||
keywords:
|
||||
- security
|
||||
maintainers:
|
||||
- email: support@neuvector.com
|
||||
name: becitsthere
|
||||
name: neuvector-monitor
|
||||
sources:
|
||||
- https://github.com/neuvector/neuvector
|
||||
version: 104.0.4+up2.8.4
|
|
@ -0,0 +1,22 @@
|
|||
# NeuVector Helm Chart
|
||||
|
||||
Helm chart for NeuVector's monitoring services.
|
||||
|
||||
## Configuration
|
||||
|
||||
The following table lists the configurable parameters of the NeuVector chart and their default values.
|
||||
|
||||
Parameter | Description | Default | Notes
|
||||
--------- | ----------- | ------- | -----
|
||||
`registry` | NeuVector container registry | `registry.neuvector.com` |
|
||||
`oem` | OEM release name | `nil` |
|
||||
`leastPrivilege` | Assume monitor chart is always installed after the core chart, so service accounts created by the core chart will be used. Keep this value as same as in the core chart. | `false` |
|
||||
`exporter.enabled` | If true, create Prometheus exporter | `false` |
|
||||
`exporter.image.repository` | exporter image name | `neuvector/prometheus-exporter` |
|
||||
`exporter.image.tag` | exporter image tag | `latest` |
|
||||
`exporter.ctrlSecretName` | existing secret that have CTRL_USERNAME and CTRL_PASSWORD fields to login to the controller. | `nil` | if parameter exists then `exporter.CTRL_USERNAME` & `exporter.CTRL_PASSWORD` will be skipped
|
||||
`exporter.CTRL_USERNAME` | Username to login to the controller. Suggest to replace the default admin user to a read-only user | `admin` |
|
||||
`exporter.CTRL_PASSWORD` | Password to login to the controller. | `admin` |
|
||||
`exporter.enforcerStats.enabled` | If true, enable the Enforcers stats | `false` | For the performance reason, by default the exporter does NOT pull CPU/memory usage from enforcers.
|
||||
---
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
### Run-Time Protection Without Compromise
|
||||
|
||||
NeuVector delivers a complete run-time security solution with container process/file system protection and vulnerability scanning combined with the only true Layer 7 container firewall. Protect sensitive data with a complete container security platform.
|
||||
|
||||
Helm chart for NeuVector's monitoring services. Please make sure REST API service for controller in core chart is enabled.
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,27 @@
|
|||
questions:
|
||||
#monitor configurations
|
||||
- variable: exporter.image.repository
|
||||
default: "neuvector/prometheus-exporter"
|
||||
description: exporter image repository
|
||||
type: string
|
||||
label: Exporter Image Path
|
||||
group: "Container Images"
|
||||
- variable: exporter.image.tag
|
||||
default: ""
|
||||
description: image tag for exporter
|
||||
type: string
|
||||
label: exporter Image Tag
|
||||
group: "Container Images"
|
||||
#controller crendential configuration
|
||||
- variable: exporter.CTRL_USERNAME
|
||||
default: "admin"
|
||||
description: Controller Username
|
||||
type: string
|
||||
label: Controller Username
|
||||
group: "Controller Crendential"
|
||||
- variable: exporter.CTRL_PASSWORD
|
||||
default: "admin"
|
||||
description: Controller Password
|
||||
type: string
|
||||
label: Controller Password
|
||||
group: "Controller Crendential"
|
|
@ -0,0 +1,40 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "neuvector.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "neuvector.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "neuvector.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "system_default_registry" -}}
|
||||
{{- if .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
|
||||
{{- else -}}
|
||||
{{- "" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,19 @@
|
|||
{{- if .Values.exporter.grafanaDashboard.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: nv-grafana-dashboard
|
||||
namespace: {{ .Values.exporter.grafanaDashboard.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
grafana_dashboard: "1"
|
||||
{{- if .Values.exporter.grafanaDashboard.labels }}
|
||||
{{- toYaml .Values.exporter.grafanaDashboard.labels | nindent 4}}
|
||||
{{- end }}
|
||||
{{- if .Values.exporter.grafanaDashboard.annotations }}
|
||||
annotations:
|
||||
{{- toYaml .Values.exporter.grafanaDashboard.annotations | nindent 4}}
|
||||
{{- end }}
|
||||
data:
|
||||
nv_dashboard.json: |
|
||||
{{ .Files.Get "dashboards/nv_dashboard.json" | indent 4 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,75 @@
|
|||
{{- if .Values.exporter.enabled -}}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: neuvector-prometheus-exporter-pod
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
chart: {{ template "neuvector.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: neuvector-prometheus-exporter-pod
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
prometheus.io/path: /metrics
|
||||
prometheus.io/port: "8068"
|
||||
prometheus.io/scrape: "true"
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
|
||||
labels:
|
||||
app: neuvector-prometheus-exporter-pod
|
||||
release: {{ .Release.Name }}
|
||||
{{- with .Values.exporter.podLabels }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
- name: {{ .Values.imagePullSecrets }}
|
||||
{{- end }}
|
||||
{{- if .Values.leastPrivilege }}
|
||||
serviceAccountName: basic
|
||||
serviceAccount: basic
|
||||
{{- end }}
|
||||
{{- with .Values.exporter.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: neuvector-prometheus-exporter-pod
|
||||
{{ if eq .Values.registry "registry.neuvector.com" }}
|
||||
{{ if .Values.oem }}
|
||||
image: "{{ .Values.registry }}/{{ .Values.oem }}/prometheus-exporter:{{ .Values.exporter.image.tag }}"
|
||||
{{- else }}
|
||||
image: "{{ .Values.registry }}/prometheus-exporter:{{ .Values.exporter.image.tag }}"
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
image: {{ template "system_default_registry" . }}{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}
|
||||
{{- end }}
|
||||
imagePullPolicy: Always
|
||||
{{- with .Values.exporter.containerSecurityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: CTRL_API_SERVICE
|
||||
value: {{ .Values.exporter.apiSvc }}
|
||||
- name: EXPORTER_PORT
|
||||
value: "8068"
|
||||
{{- if .Values.exporter.enforcerStats.enabled }}
|
||||
- name: ENFORCER_STATS
|
||||
value: "{{.Values.exporter.enforcerStats.enabled | default "false"}}"
|
||||
{{- end }}
|
||||
envFrom:
|
||||
- secretRef:
|
||||
{{- if .Values.exporter.ctrlSecretName }}
|
||||
name: {{ .Values.exporter.ctrlSecretName }}
|
||||
{{ else }}
|
||||
name: neuvector-prometheus-exporter-pod-secret
|
||||
{{- end }}
|
||||
restartPolicy: Always
|
||||
{{- end }}
|
|
@ -0,0 +1,29 @@
|
|||
{{- if and .Values.exporter.enabled .Values.exporter.svc.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: neuvector-prometheus-exporter
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- with .Values.exporter.svc.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
chart: {{ template "neuvector.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
app: neuvector-prometheus-exporter
|
||||
spec:
|
||||
type: {{ .Values.exporter.svc.type }}
|
||||
{{- if and .Values.exporter.svc.loadBalancerIP (eq .Values.exporter.svc.type "LoadBalancer") }}
|
||||
loadBalancerIP: {{ .Values.exporter.svc.loadBalancerIP }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: 8068
|
||||
name: metrics
|
||||
targetPort: 8068
|
||||
protocol: TCP
|
||||
appProtocol: http
|
||||
selector:
|
||||
app: neuvector-prometheus-exporter-pod
|
||||
{{- end }}
|
|
@ -0,0 +1,39 @@
|
|||
{{- if .Values.exporter.serviceMonitor.enabled -}}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: neuvector-prometheus-exporter
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- with .Values.exporter.serviceMonitor.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
chart: {{ template "neuvector.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
{{- if .Values.exporter.serviceMonitor.labels }}
|
||||
{{- toYaml .Values.exporter.serviceMonitor.labels | nindent 4}}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: neuvector-prometheus-exporter
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
endpoints:
|
||||
- port: metrics
|
||||
{{- if .Values.exporter.serviceMonitor.interval }}
|
||||
interval: {{ .Values.exporter.serviceMonitor.interval }}
|
||||
{{- end }}
|
||||
path: "/metrics"
|
||||
{{- if .Values.exporter.serviceMonitor.metricRelabelings }}
|
||||
metricRelabelings:
|
||||
{{- toYaml .Values.exporter.serviceMonitor.metricRelabelings | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- if .Values.exporter.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{- toYaml .Values.exporter.serviceMonitor.relabelings | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -0,0 +1,15 @@
|
|||
{{- if and (.Values.exporter.enabled) (not .Values.exporter.ctrlSecretName) -}}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: neuvector-prometheus-exporter-pod-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
chart: {{ template "neuvector.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
type: Opaque
|
||||
data:
|
||||
CTRL_USERNAME: {{ .Values.exporter.CTRL_USERNAME | b64enc | quote }}
|
||||
CTRL_PASSWORD: {{ .Values.exporter.CTRL_PASSWORD | b64enc | quote }}
|
||||
{{- end }}
|
|
@ -0,0 +1,59 @@
|
|||
# Default values for neuvector.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into the templates.
|
||||
|
||||
global:
|
||||
cattle:
|
||||
systemDefaultRegistry: ""
|
||||
|
||||
registry: docker.io
|
||||
oem: ''
|
||||
leastPrivilege: false
|
||||
|
||||
exporter:
|
||||
# If false, exporter will not be installed
|
||||
enabled: true
|
||||
image:
|
||||
repository: rancher/neuvector-prometheus-exporter
|
||||
tag: 1.0.1
|
||||
# changes this to a readonly user !
|
||||
CTRL_USERNAME: admin
|
||||
CTRL_PASSWORD: admin
|
||||
ctrlSercretName: ''
|
||||
enforcerStats:
|
||||
enabled: false
|
||||
ctrlSecretName: ''
|
||||
apiSvc: neuvector-svc-controller-api:10443
|
||||
podLabels: {}
|
||||
securityContext: {}
|
||||
containerSecurityContext: {}
|
||||
|
||||
svc:
|
||||
enabled: true
|
||||
type: ClusterIP
|
||||
loadBalancerIP: ''
|
||||
annotations: {}
|
||||
# service.beta.kubernetes.io/azure-load-balancer-internal: "true"
|
||||
# service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet"
|
||||
|
||||
grafanaDashboard:
|
||||
enabled: false
|
||||
namespace: "" # Release namespace, if empty
|
||||
labels: {}
|
||||
# annotations: {}
|
||||
# k8s-sidecar-target-directory: /tmp/dashboards/neuvector
|
||||
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
# labels for the ServiceMonitor.
|
||||
labels: {}
|
||||
# annotations for the ServiceMonitor.
|
||||
annotations: {}
|
||||
# Scrape interval. If not set, the Prometheus default scrape interval is used.
|
||||
interval: ""
|
||||
# MetricRelabelConfigs to apply to samples after scraping, but before ingestion.
|
||||
# ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
|
||||
metricRelabelings: []
|
||||
# RelabelConfigs to apply to samples before scraping
|
||||
# ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
|
||||
relabelings: []
|
31
index.yaml
31
index.yaml
|
@ -9924,6 +9924,37 @@ entries:
|
|||
- assets/neuvector-crd/neuvector-crd-100.0.0+up2.2.0.tgz
|
||||
version: 100.0.0+up2.2.0
|
||||
neuvector-monitor:
|
||||
- annotations:
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/display-name: NeuVector Monitor
|
||||
catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.33.0-0'
|
||||
catalog.cattle.io/namespace: cattle-neuvector-system
|
||||
catalog.cattle.io/os: linux
|
||||
catalog.cattle.io/permits-os: linux
|
||||
catalog.cattle.io/provides-gvr: neuvector.com/v1
|
||||
catalog.cattle.io/rancher-version: '>= 2.9.0-0 < 2.10.0-0'
|
||||
catalog.cattle.io/release-name: neuvector-monitor
|
||||
catalog.cattle.io/type: cluster-tool
|
||||
catalog.cattle.io/upstream-version: 2.8.4
|
||||
apiVersion: v1
|
||||
appVersion: 1.0.1
|
||||
created: "2025-01-22T12:58:14.411423599-08:00"
|
||||
description: Helm feature chart (optional) add-on to NeuVector for monitoring
|
||||
with Prometheus/Grafana.
|
||||
digest: cc5e25d209918f37b956ce46f23ac6bf8506a8c8b2e9d0cade1cffc18a8e14f3
|
||||
home: https://neuvector.com
|
||||
icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
|
||||
keywords:
|
||||
- security
|
||||
maintainers:
|
||||
- email: support@neuvector.com
|
||||
name: becitsthere
|
||||
name: neuvector-monitor
|
||||
sources:
|
||||
- https://github.com/neuvector/neuvector
|
||||
urls:
|
||||
- assets/neuvector-monitor/neuvector-monitor-104.0.4+up2.8.4.tgz
|
||||
version: 104.0.4+up2.8.4
|
||||
- annotations:
|
||||
catalog.cattle.io/certified: rancher
|
||||
catalog.cattle.io/display-name: NeuVector Monitor
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
+annotations:
|
||||
+ catalog.cattle.io/certified: rancher
|
||||
+ catalog.cattle.io/display-name: NeuVector Monitor
|
||||
+ catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.31.0-0'
|
||||
+ catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.33.0-0'
|
||||
+ catalog.cattle.io/namespace: cattle-neuvector-system
|
||||
+ catalog.cattle.io/os: linux
|
||||
+ catalog.cattle.io/permits-os: linux
|
||||
|
@ -12,9 +12,9 @@
|
|||
+ catalog.cattle.io/rancher-version: '>= 2.9.0-0 < 2.10.0-0'
|
||||
+ catalog.cattle.io/release-name: neuvector-monitor
|
||||
+ catalog.cattle.io/type: cluster-tool
|
||||
+ catalog.cattle.io/upstream-version: 2.7.7
|
||||
+ catalog.cattle.io/upstream-version: 2.8.4
|
||||
apiVersion: v1
|
||||
appVersion: 1-1.0.0
|
||||
appVersion: 1.0.1
|
||||
-description: Helm chart for NeuVector monitor services
|
||||
+description: Helm feature chart (optional) add-on to NeuVector for monitoring with
|
||||
+ Prometheus/Grafana.
|
||||
|
@ -29,4 +29,4 @@
|
|||
+name: neuvector-monitor
|
||||
+sources:
|
||||
+- https://github.com/neuvector/neuvector
|
||||
version: 2.7.7
|
||||
version: 2.8.4
|
||||
|
|
|
@ -16,9 +16,9 @@
|
|||
enabled: true
|
||||
image:
|
||||
- repository: neuvector/prometheus-exporter
|
||||
- tag: latest
|
||||
+ repository: rancher/mirrored-neuvector-prometheus-exporter
|
||||
+ tag: 1-1.0.0
|
||||
- tag: 1.0.2
|
||||
+ repository: rancher/neuvector-prometheus-exporter
|
||||
+ tag: 1.0.1
|
||||
# changes this to a readonly user !
|
||||
CTRL_USERNAME: admin
|
||||
CTRL_PASSWORD: admin
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
url: https://neuvector.github.io/neuvector-helm/monitor-2.7.7.tgz
|
||||
version: 104.0.0
|
||||
url: https://neuvector.github.io/neuvector-helm/monitor-2.8.4.tgz
|
||||
version: 104.0.4
|
||||
|
|
|
@ -23,6 +23,8 @@ neuvector:
|
|||
- 104.0.4+up2.8.4
|
||||
neuvector-crd:
|
||||
- 104.0.4+up2.8.4
|
||||
neuvector-monitor:
|
||||
- 104.0.4+up2.8.4
|
||||
prometheus-federator:
|
||||
- 104.1.0+up0.4.5
|
||||
rancher-aks-operator:
|
||||
|
|
Loading…
Reference in New Issue