From 71bea459f7e84d3e11cbfe75402f272e55246bb6 Mon Sep 17 00:00:00 2001 From: selvamt94 Date: Wed, 23 Feb 2022 16:15:44 -0800 Subject: [PATCH] updating NeuVector chart version to 1.9.1 --- .../generated-changes/overlay/questions.yml | 21 ++++- .../generated-changes/patch/Chart.yaml.patch | 19 +++-- .../generated-changes/patch/README.md.patch | 76 +++++++++++++++++++ packages/neuvector/package.yaml | 2 +- 4 files changed, 103 insertions(+), 15 deletions(-) create mode 100644 packages/neuvector/generated-changes/patch/README.md.patch diff --git a/packages/neuvector/generated-changes/overlay/questions.yml b/packages/neuvector/generated-changes/overlay/questions.yml index c0f700961..e499491de 100644 --- a/packages/neuvector/generated-changes/overlay/questions.yml +++ b/packages/neuvector/generated-changes/overlay/questions.yml @@ -13,7 +13,7 @@ questions: label: OEM name group: "Container Images" - variable: tag - default: "4.4.3" + default: "4.4.4" description: image tag for controller enforcer manager type: string label: Image Tag @@ -83,15 +83,28 @@ questions: label: Runtime Path - variable: crio.enabled default: "false" - description: Crio runtime. Enable only one runtime. + description: CRI-O runtime. Enable only one runtime. type: boolean - label: Crio Runtime + label: CRI-O Runtime show_subquestion_if: true group: "Container Runtime" subquestions: - variable: crio.path default: "/var/run/crio/crio.sock" - description: "Crio Runtime Path" + description: "CRI-O Runtime Path" + type: string + label: Runtime Path +- variable: k3s.enabled + default: "false" + description: k3s containerd runtime. Enable only one runtime. + type: boolean + label: k3s Containerd Runtime + show_subquestion_if: true + group: "Container Runtime" + subquestions: + - variable: k3s.runtimePath + default: " /run/k3s/containerd/containerd.sock" + description: "k3s Containerd Runtime Path" type: string label: Runtime Path #storage configurations diff --git a/packages/neuvector/generated-changes/patch/Chart.yaml.patch b/packages/neuvector/generated-changes/patch/Chart.yaml.patch index 1a54aa6b2..cdef3fa13 100644 --- a/packages/neuvector/generated-changes/patch/Chart.yaml.patch +++ b/packages/neuvector/generated-changes/patch/Chart.yaml.patch @@ -1,23 +1,22 @@ --- charts-original/Chart.yaml +++ charts/Chart.yaml @@ -1,11 +1,17 @@ -+annotations: -+ catalog.cattle.io/certified: partner -+ catalog.cattle.io/display-name: NeuVector -+ catalog.cattle.io/release-name: neuvector apiVersion: v1 - appVersion: 4.4.3 + appVersion: 4.4.4 description: Helm chart for NeuVector's core services -engine: gotpl home: https://neuvector.com icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 -+keywords: -+- security -+kubeVersion: '>=1.13.0-0' maintainers: - email: support@neuvector.com name: becitsthere -name: core --version: 1.8.9 +name: neuvector -+version: 1.8.900 + version: 1.9.1 ++annotations: ++ catalog.cattle.io/release-name: neuvector ++ catalog.cattle.io/certified: partner ++ catalog.cattle.io/display-name: NeuVector ++keywords: ++- security ++kubeVersion: '>=1.13.0-0' diff --git a/packages/neuvector/generated-changes/patch/README.md.patch b/packages/neuvector/generated-changes/patch/README.md.patch new file mode 100644 index 000000000..fb2b2521d --- /dev/null +++ b/packages/neuvector/generated-changes/patch/README.md.patch @@ -0,0 +1,76 @@ +--- charts-original/README.md ++++ charts/README.md +@@ -71,7 +71,7 @@ + `controller.schedulerName` | kubernetes scheduler name | `nil` | + `controller.affinity` | controller affinity rules | ... | spread controllers to different nodes | + `controller.tolerations` | List of node taints to tolerate | `nil` | +-`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](values.yaml) ++`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml) + `controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` | + `controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` | + `controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | +@@ -99,7 +99,7 @@ + `controller.federation.mastersvc.ingress.host` | Must set this host value if ingress is enabled | `nil` | + `controller.federation.mastersvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually) + `controller.federation.mastersvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. +-`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](values.yaml) ++`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml) + `controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` | + `controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` | + `controller.federation.managedsvc.route.host` | Set OpenShift route host for manageed service | `nil` | +@@ -109,13 +109,13 @@ + `controller.federation.managedsvc.ingress.host` | Must set this host value if ingress is enabled | `nil` | + `controller.federation.managedsvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually) + `controller.federation.managedsvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. +-`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](values.yaml) ++`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml) + `controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed + `controller.ingress.tls` | If true, TLS is enabled for controller rest api ingress service |`false` | If set, the tls-host used is the one set with `controller.ingress.host`. + `controller.ingress.host` | Must set this host value if ingress is enabled | `nil` | + `controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually) + `controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. +-`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](values.yaml) ++`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `ingress.kubernetes.io/protocol: https ingress.kubernetes.io/rewrite-target: /` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml) + `controller.configmap.enabled` | If true, configure NeuVector global settings using a ConfigMap | `false` + `controller.configmap.data` | NeuVector configuration in YAML format | `{}` + `controller.secret.enabled` | If true, configure NeuVector global settings using secrets | `false` +@@ -125,7 +125,7 @@ + `enforcer.image.hash` | enforcer image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | | + `enforcer.priorityClassName` | enforcer priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | + `enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`
`key: node-role.kubernetes.io/master` | other taints can be added after the default +-`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](values.yaml) ++`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml) + `manager.enabled` | If true, create manager | `true` | + `manager.image.repository` | manager image repository | `neuvector/manager` | + `manager.image.hash` | manager image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | | +@@ -133,7 +133,7 @@ + `manager.env.ssl` | If false, manager will listen on HTTP access instead of HTTPS | `true` | + `manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;
if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google + `manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` | +-`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml) ++`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml) + `manager.route.enabled` | If true, create a OpenShift route to expose the management consol service | `true` | + `manager.route.host` | Set OpenShift route host for management consol service | `nil` | + `manager.route.termination` | Specify TLS termination for OpenShift route for management consol service. Possible passthrough, edge, reencrypt | `passthrough` | +@@ -143,10 +143,10 @@ + `manager.ingress.enabled` | If true, create ingress, must also set ingress host value | `false` | enable this if ingress controller is installed + `manager.ingress.host` | Must set this host value if ingress is enabled | `nil` | + `manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/` +-`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `{}` | see examples in [values.yaml](values.yaml) ++`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml) + `manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`. + `manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually) +-`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](values.yaml) ++`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml) + `manager.affinity` | manager affinity rules | `{}` | + `manager.tolerations` | List of node taints to tolerate | `nil` | + `manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` | +@@ -164,7 +164,7 @@ + `cve.scanner.priorityClassName` | cve scanner priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | + `cve.scanner.replicas` | external scanner replicas | `3` | + `cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` | +-`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](values.yaml) | ++`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/blob/master/charts/core/values.yaml) | + `cve.scanner.affinity` | scanner affinity rules | `{}` | + `cve.scanner.tolerations` | List of node taints to tolerate | `nil` | + `cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` | diff --git a/packages/neuvector/package.yaml b/packages/neuvector/package.yaml index 5620045cb..892914322 100644 --- a/packages/neuvector/package.yaml +++ b/packages/neuvector/package.yaml @@ -1,2 +1,2 @@ -url: https://neuvector.github.io/neuvector-helm/core-1.8.9.tgz +url: https://neuvector.github.io/neuvector-helm/core-1.9.1.tgz packageVersion: 00