Adding NeuVector package supporting helm chart 1.8.0

2021-08-02 15:34:28 -07:00 · 2021-08-02 15:34:28 -07:00 · 42eaab347e
parent 6dfcbb04bd
commit 42eaab347e
4 changed files with 196 additions and 0 deletions
--- a/packages/neuvector/generated-changes/overlay/app-readme.md
+++ b/packages/neuvector/generated-changes/overlay/app-readme.md
@ -0,0 +1,12 @@
+### Run-Time Protection Without Compromise
+
+NeuVector delivers a complete run-time security solution with container process/file system protection and vulnerability scanning combined with the only true Layer 7 container firewall. Protect sensitive data with a complete container security platform.
+
+NeuVector integrates tightly with Rancher and Kubernetes to extend the built-in security features for applications that require defense in depth. Security features include:
+
+ Build phase vulnerability scanning with Jenkins plug-in and registry scanning
+ Admission control to prevent vulnerable or unauthorized image deployments using Kubernetes admission control webhooks
+ Complete run-time scanning with network, process, and file system monitoring and protection
+ The industry's only layer 7 container firewall for multi-protocol threat detection and automated segmentation
+ Advanced network controls including DLP detection, service mesh integration, connection blocking and packet captures
+ Run-time vulnerability scanning and CIS benchmarks
--- a/packages/neuvector/generated-changes/overlay/questions.yml
+++ b/packages/neuvector/generated-changes/overlay/questions.yml
@ -0,0 +1,160 @@
+questions:
+#image configurations
+- variable: registry
+  default: "registry.neuvector.com"
+  description: image registry
+  type: string
+  label: Image Registry
+  group: "Container Images"
+- variable: oem
+  default: ""
+  description: OEM release name
+  type: string
+  label: OEM name
+  group: "Container Images"
+- variable: tag
+  default: "latest"
+  description: image tag for controller enforcer manager
+  type: string
+  label: Image Tag
+  group: "Container Images"
+- variable: imagePullSecrets
+  default: ""
+  description: secret name to pull image
+  type: string
+  label: Image Pull Secrets
+  group: "Container Images"
+- variable: controller.image.repository
+  default: "neuvector/controller"
+  description: controller image repository
+  type: string
+  label: Controller image path
+  group: "Container Images"
+- variable: manager.image.repository
+  default: "neuvector/manager"
+  description: manager image repository
+  type: string
+  label: Manager image path
+  group: "Container Images"
+- variable: enforcer.image.repository
+  default: "neuvector/enforcer"
+  description: enforcer image repository
+  type: string
+  label: Enforcer image path
+  group: "Container Images"
+- variable: cve.scanner.image.repository
+  default: "neuvector/scanner"
+  description: scanner image repository
+  type: string
+  label: Scanner image path
+  group: "Container Images"
+- variable: cve.updater.image.repository
+  default: "neuvector/updater"
+  description: cve updater image repository
+  type: string
+  label: CVE Updater image path
+  group: "Container Images"
+#storage configurations
+- variable: controller.pvc.enabled
+  default: false
+  description: If true, enable persistence for controller using PVC
+  type: boolean
+  label: PVC status
+  group: "PVC Configuration"
+- variable: controller.pvc.storageClass
+  default: ""
+  description: Storage Class to be used
+  type: string
+  label: Storage Class Name
+  group: "PVC Configuration"
+#ingress configurations
+- variable: manager.ingress.enabled
+  default: false
+  description: If true, create ingress, must also set ingress host value
+  type: boolean
+  label: Manager ingress status
+  group: "Ingress Configuration"
+- variable: manager.ingress.host
+  default: ""
+  description: Must set this host value if ingress is enabled
+  type: string
+  label: Manager Ingress host
+  group: "Ingress Configuration"
+- variable: manager.ingress.path
+  default: "/"
+  description: Set ingress path
+  type: string
+  label: Manager Ingress path
+  group: "Ingress Configuration"
+- variable: manager.ingress.annotations
+  default: "{}"
+  description: Add annotations to ingress to influence behavior
+  type: string
+  label: Manager Ingress annotations
+  group: "Ingress Configuration"
+- variable: controller.ingress.enabled
+  default: false
+  description: If true, create ingress for rest api, must also set ingress host value
+  type: boolean
+  label: Controller ingress status
+  group: "Ingress Configuration"
+- variable: controller.ingress.host
+  default: ""
+  description: Must set this host value if ingress is enabled
+  type: string
+  label: Controller Ingress host
+  group: "Ingress Configuration"
+- variable: controller.ingress.path
+  default: "/"
+  description: Set ingress path
+  type: string
+  label: Controller Ingress path
+  group: "Ingress Configuration"
+- variable: controller.ingress.annotations
+  default: "{}"
+  description: Add annotations to ingress to influence behavior
+  type: string
+  label: Controller Ingress annotations
+  group: "Ingress Configuration"
+#service configurations
+- variable: manager.svc.type
+  default: "NodePort"
+  description: Set manager service type for native Kubernetes
+  type: enum
+  label: Manager service type
+  group: "Service Configuration"
+  options:
+    - "NodePort"
+    - "ClusterIP"
+    - "LoadBalancer"
+- variable: controller.federation.mastersvc.type
+  default: ""
+  description: Multi-cluster master cluster service type. If specified, the deployment will be used to manage other clusters. Possible values include NodePort, LoadBalancer and Ingress
+  type: enum
+  label: Fed Master Service Type
+  group: "Service Configuration"
+  options:
+    - "NodePort"
+    - "Ingress"
+    - "LoadBalancer"
+- variable: controller.federation.managedsvc.type
+  default: ""
+  description: Multi-cluster managed cluster service type. If specified, the deployment will be managed by the master clsuter. Possible values include NodePort, LoadBalancer and Ingress
+  type: enum
+  label: Fed Managed service type
+  group: "Service Configuration"
+  options:
+    - "NodePort"
+    - "Ingress"
+    - "LoadBalancer"
+- variable: controller.apisvc.type
+  default: "NodePort"
+  description: Controller REST API service type
+  type: enum
+  label: Controller REST API Service Type
+  group: "Service Configuration"
+  options:
+    - "NodePort"
+    - "ClusterIP"
+    - "LoadBalancer"
+
--- a/packages/neuvector/generated-changes/patch/Chart.yaml.patch
+++ b/packages/neuvector/generated-changes/patch/Chart.yaml.patch
@ -0,0 +1,22 @@
+--- charts-original/Chart.yaml
+++ charts/Chart.yaml
+@@ -1,11 +1,17 @@
+annotations:
+  catalog.cattle.io/release-name: neuvector
+  catalog.cattle.io/certified: partner
+  catalog.cattle.io/display-name: NeuVector
+ apiVersion: v1
+ appVersion: 4.3.0
+ description: Helm chart for NeuVector's core services
+-engine: gotpl
+ home: https://neuvector.com
+ icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
+keywords:
+- security
+kubeVersion: '>=1.13.0-0'
+ maintainers:
+ - email: support@neuvector.com
+   name: becitsthere
+-name: core
+name: neuvector
+ version: 1.8.0
--- a/packages/neuvector/package.yaml
+++ b/packages/neuvector/package.yaml
@ -0,0 +1,2 @@
+url: https://neuvector.github.io/neuvector-helm/core-1.8.0.tgz
+packageVersion: 00