updating NeuVector chart version to 1.9.1

packages/neuvector/generated-changes/overlay/questions.yml

@@ -13,7 +13,7 @@ questions:
   label: OEM name
   group: "Container Images"
 - variable: tag
-  default: "4.4.3"
+  default: "4.4.4"
   description: image tag for controller enforcer manager
   type: string
   label: Image Tag
@@ -83,15 +83,28 @@ questions:
     label: Runtime Path
 - variable: crio.enabled
   default: "false"
-  description: Crio runtime. Enable only one runtime.
+  description: CRI-O runtime. Enable only one runtime.
   type: boolean
-  label: Crio Runtime
+  label: CRI-O Runtime
   show_subquestion_if: true
   group: "Container Runtime"
   subquestions:
   - variable: crio.path
     default: "/var/run/crio/crio.sock"
-    description: "Crio Runtime Path"
+    description: "CRI-O Runtime Path"
+    type: string
+    label: Runtime Path
+- variable: k3s.enabled
+  default: "false"
+  description: k3s containerd runtime. Enable only one runtime.
+  type: boolean
+  label: k3s Containerd Runtime
+  show_subquestion_if: true
+  group: "Container Runtime"
+  subquestions:
+  - variable: k3s.runtimePath
+    default: " /run/k3s/containerd/containerd.sock"
+    description: "k3s Containerd Runtime Path"
     type: string
     label: Runtime Path
 #storage configurations

packages/neuvector/generated-changes/patch/Chart.yaml.patch

@@ -1,23 +1,22 @@
 --- charts-original/Chart.yaml
 +++ charts/Chart.yaml
 @@ -1,11 +1,17 @@
-+annotations:
-+  catalog.cattle.io/certified: partner
-+  catalog.cattle.io/display-name: NeuVector
-+  catalog.cattle.io/release-name: neuvector
  apiVersion: v1
- appVersion: 4.4.3
+ appVersion: 4.4.4
  description: Helm chart for NeuVector's core services
 -engine: gotpl
  home: https://neuvector.com
  icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
-+keywords:
-+- security
-+kubeVersion: '>=1.13.0-0'
  maintainers:
  - email: support@neuvector.com
    name: becitsthere
 -name: core
--version: 1.8.9
 +name: neuvector
-+version: 1.8.900
+ version: 1.9.1
++annotations:
++  catalog.cattle.io/release-name: neuvector
++  catalog.cattle.io/certified: partner
++  catalog.cattle.io/display-name: NeuVector
++keywords:
++- security
++kubeVersion: '>=1.13.0-0'

packages/neuvector/generated-changes/patch/README.md.patch

@@ -0,0 +1,76 @@
+--- charts-original/README.md
++++ charts/README.md
+@@ -71,7 +71,7 @@
+ `controller.schedulerName` | kubernetes scheduler name | `nil` |
+ `controller.affinity` | controller affinity rules  | ... | spread controllers to different nodes |
+ `controller.tolerations` | List of node taints to tolerate | `nil` |
+-`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](values.yaml)
++`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
+ `controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
+ `controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` |
+ `controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+@@ -99,7 +99,7 @@
+ `controller.federation.mastersvc.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+ `controller.federation.mastersvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+ `controller.federation.mastersvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
+-`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](values.yaml)
++`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
+ `controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` |
+ `controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` |
+ `controller.federation.managedsvc.route.host` | Set OpenShift route host for manageed service | `nil` |
+@@ -109,13 +109,13 @@
+ `controller.federation.managedsvc.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+ `controller.federation.managedsvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+ `controller.federation.managedsvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
+-`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](values.yaml)
++`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
+ `controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed
+ `controller.ingress.tls` | If true, TLS is enabled for controller rest api ingress service |`false` | If set, the tls-host used is the one set with `controller.ingress.host`.
+ `controller.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+ `controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+ `controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
+-`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](values.yaml)
++`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
+ `controller.configmap.enabled` | If true, configure NeuVector global settings using a ConfigMap | `false`
+ `controller.configmap.data` | NeuVector configuration in YAML format | `{}`
+ `controller.secret.enabled` | If true, configure NeuVector global settings using secrets | `false`
+@@ -125,7 +125,7 @@
+ `enforcer.image.hash` | enforcer image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+ `enforcer.priorityClassName` | enforcer priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+ `enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`<br>`key: node-role.kubernetes.io/master` | other taints can be added after the default
+-`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](values.yaml)
++`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
+ `manager.enabled` | If true, create manager | `true` |
+ `manager.image.repository` | manager image repository | `neuvector/manager` |
+ `manager.image.hash` | manager image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
+@@ -133,7 +133,7 @@
+ `manager.env.ssl` | If false, manager will listen on HTTP access instead of HTTPS | `true` |
+ `manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
+ `manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
+-`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml)
++`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
+ `manager.route.enabled` | If true, create a OpenShift route to expose the management consol service | `true` |
+ `manager.route.host` | Set OpenShift route host for management consol service | `nil` |
+ `manager.route.termination` | Specify TLS termination for OpenShift route for management consol service. Possible passthrough, edge, reencrypt | `passthrough` |
+@@ -143,10 +143,10 @@
+ `manager.ingress.enabled` | If true, create ingress, must also set ingress host value | `false` | enable this if ingress controller is installed
+ `manager.ingress.host` | Must set this host value if ingress is enabled | `nil` |
+ `manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
+-`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `{}` | see examples in [values.yaml](values.yaml)
++`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
+ `manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`.
+ `manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
+-`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](values.yaml)
++`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml)
+ `manager.affinity` | manager affinity rules  | `{}` |
+ `manager.tolerations` | List of node taints to tolerate | `nil` |
+ `manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
+@@ -164,7 +164,7 @@
+ `cve.scanner.priorityClassName` | cve scanner priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
+ `cve.scanner.replicas` | external scanner replicas | `3` |
+ `cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` |
+-`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](values.yaml) |
++`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml) |
+ `cve.scanner.affinity` | scanner affinity rules  | `{}` |
+ `cve.scanner.tolerations` | List of node taints to tolerate | `nil` |
+ `cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` |

packages/neuvector/package.yaml

@@ -1,2 +1,2 @@
-url: https://neuvector.github.io/neuvector-helm/core-1.8.9.tgz
+url: https://neuvector.github.io/neuvector-helm/core-1.9.1.tgz
 packageVersion: 00