From 4a0f56ee25ce637b517c135521ec8a836ee40ebb Mon Sep 17 00:00:00 2001 From: Lucas Machado Date: Thu, 18 Apr 2024 18:29:32 -0300 Subject: [PATCH] [dev-v2.9] Forward ports neuvector-monitor 103.0.3+up2.7.6 (#3811) --- .../neuvector-monitor-103.0.3+up2.7.6.tgz | Bin 0 -> 8349 bytes .../103.0.3+up2.7.6/Chart.yaml | 27 + .../103.0.3+up2.7.6/README.md | 22 + .../103.0.3+up2.7.6/app-readme.md | 5 + .../dashboards/nv_dashboard.json | 2036 +++++++++++++++++ .../103.0.3+up2.7.6/questions.yaml | 27 + .../103.0.3+up2.7.6/templates/_helpers.tpl | 40 + .../103.0.3+up2.7.6/templates/dashboard.yaml | 19 + .../templates/exporter-deployment.yaml | 75 + .../templates/exporter-service.yaml | 28 + .../templates/exporter-servicemonitor.yaml | 39 + .../103.0.3+up2.7.6/templates/secret.yaml | 15 + .../103.0.3+up2.7.6/values.yaml | 59 + index.yaml | 31 + release.yaml | 1 + 15 files changed, 2424 insertions(+) create mode 100644 assets/neuvector-monitor/neuvector-monitor-103.0.3+up2.7.6.tgz create mode 100644 charts/neuvector-monitor/103.0.3+up2.7.6/Chart.yaml create mode 100644 charts/neuvector-monitor/103.0.3+up2.7.6/README.md create mode 100644 charts/neuvector-monitor/103.0.3+up2.7.6/app-readme.md create mode 100644 charts/neuvector-monitor/103.0.3+up2.7.6/dashboards/nv_dashboard.json create mode 100644 charts/neuvector-monitor/103.0.3+up2.7.6/questions.yaml create mode 100644 charts/neuvector-monitor/103.0.3+up2.7.6/templates/_helpers.tpl create mode 100644 charts/neuvector-monitor/103.0.3+up2.7.6/templates/dashboard.yaml create mode 100644 charts/neuvector-monitor/103.0.3+up2.7.6/templates/exporter-deployment.yaml create mode 100644 charts/neuvector-monitor/103.0.3+up2.7.6/templates/exporter-service.yaml create mode 100644 charts/neuvector-monitor/103.0.3+up2.7.6/templates/exporter-servicemonitor.yaml create mode 100644 charts/neuvector-monitor/103.0.3+up2.7.6/templates/secret.yaml create mode 100644 charts/neuvector-monitor/103.0.3+up2.7.6/values.yaml diff --git a/assets/neuvector-monitor/neuvector-monitor-103.0.3+up2.7.6.tgz b/assets/neuvector-monitor/neuvector-monitor-103.0.3+up2.7.6.tgz new file mode 100644 index 0000000000000000000000000000000000000000..39154af1810e7a8e6931dcf06d68eab47f054a86 GIT binary patch literal 8349 zcmV;OAY$JiiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhbKAI*Xg>2-^wQ^?Np>xnl59CqojLb9wlkBvapJO_%+1cE z9EgM@9FqhG0A*`p|Mx8be7_|5?L@3f#UdWvXf*nT2I%8(ifutz%cDLKlx^%z5EJbg z^4w>)^jMZ<^*1-w|CVJH|L^qsy=R@xzSZyaI=yc9nbq0sZ*M*W>$VVRdO|J`duH7j zR&j7oW>0R$0v-;-o~_3*(9P{Zm7_0 z$3yM58%D~oixI~WT}!LAvW=Jpk}z(_1!gTlsashs47gwzc`07q_IA5(pn!ae-%L9O z3WDV4R=d~k8V=?*BY{w_e#Nc_BaB4IFxXOdz;mj~koy9VWZr6Mqcn zL`)2TLqtWj0?CH2$4jAT|iRtc6uBYhx2XW;$p2n%(<;dStxk6(|L^5lgFQS#p({YoyIP$on;UCzG9erY z2LzvY4&Jp!lzB)9?7)b)SXS7>wu=~sDPjZ-UCiZjA7Tg)=hy+_3kqU_L0~U%k-)rd z7-N?XksE0o;bQq0fEL{mLPvN^xL~sZn5JQ{hhcoVYIdR7hlr&joT_>=*#pm&0%dAXtbE0OFx> zgdxKL<#L(K5_P!Y5ymLPPDTd>i7;!$&{T7Q#<38UIN1~Ak0re%i3J4&3?qm7?hK>^ zga0r9c2ADpoqjytKYG7&us;Cgc*KuiAMP9<|MuZ%FMVwb<{o2aGc4XKN%YfCYCt2( zY|M@Y5?l`?8KWjv+_KOR1>|^YXXP26+AS$r8FgLES|}icjWp_Dz!Vni6kM(|Hrldk|up3~;+akD;DLBXe>-M&`3ijW2x8GmcfA{fx`?m3) zFeTnVN?N8e2kTpL{F=NERa49vvZ$rPQ{v_UUI2w@)Fk5M7*mu<5 z8pB z38Icp6W9YVJ7!U8)x(Xv)+_B(%4ULoMxMKP(@XG)?_giRW=15HC1-s{Sua>2QrNgz z60dA`wa6utI88~{{x_G?erd=VdqZ5z+rMA|W;QfXtS;3~3<2^W9-94s_@_z!$L!N` zaNyFJ^uDj93FgTEtxm7t|8+b4t*w>(zmKO*0L9|IRgm{62>3=K^!F0RsFM0k;qX>K zD^$P&!dw}{s&>q%6{d1K7S@sHRqj2mFu{xnG%nPL;)}A9^x`CBX-N|s@d0#H#M4y( zHBKH9_T*g#Nsx3}i~{i}25}HBp<*$p8NC8XJ5w9dNK6K>p~H8)t`e0*GhbT$mu5{B z9rY|kx+T4_ea1s?gR9K}MJM9hZs=fmuB>q86npt%y>|#^W=0bL zS63UE*ShIO1;&Fa>sWQ%7HAAtS7r{M$R}O~javblot?Ruiz%{+u!_HS4Mo$dmtV}F|OEM5p|mw4y!?dkFU z(Wke&`?*S>xBRP}FTL}d2b1=@|Njp^9G&bRoyz~JJ1yuMD9fmft&!QD&N`Zvpx?jw zaJ0LBbb5TUb8=h*``fn#fuxS4srD(&JYUz-`wgRBk>*gHY6%;#0X^NfL9?$LagscpW9h*rqVs>7)OsZ4!YHzIxuv?D8R z3nQ!0^4_mbUpg#S4Hy;FrtSbvb`MKV{DQ9Mcc$K!k^fPRrPaW^{EtnmTaf?Vt(E-0 zpQp|^&8PI$3i~vVzim^7DUZ)V2;>1YL4FwDi&9u{))wEms%}`jGZbr^TL^<@ zC;7PCoto*mw^kDqVBZNS@r$Y=uNf93T$1{k#_W=`&q_TuuX)LL(otJ84%?c`;aAGl zOgk>8aaKmzmIjdWLcd{H3*yhJFlRT!nJt0scc#U!|1|0UOa%W%Fy`ogYkRwR{%5<> zS)Kp6mnY)~Jg;*AU%+#pig`h(7trJis%X+R_6XBJ)Z^bO)V|k;0R0)_BzdB6ey2)% z0 z@SY0HjaK}?CA3-hLk&`YEIUM2C7z%4_~Xb$5;4Au_%W8HJNIDMuGr4Mr|LL z@R4Jt=-Y(naX21hE@V-hXD+M63sjv+)dyLVv#qW4aO)*}RW~1MU|A($Du-eY??0SC z5V|hx9)8^Lut%93yyUhKqh4|@m$#*8G9JPeDeHd}1T8sL9=i1?*B!N>#$KVWfJ{!7iD~wSvH=Uf^PZfrWlc z$X?c~dEFQu(by&>_j zqkEL=P016vnBg6oVFue7I3vRFIda{0JTTzc=R}Yx25Fw_UNS>SnDdZLcz@e{H{aAQN+wtCkqE)%H^W3urb%;GUaN^!qlou z3o~~F$tr1qbdu|O4BT)`{I`xQ4=Os<Vc?63QJm!7-Vg%u zFvpDGim5r#sy1I(2A8af%ubhF6oy{Hgo|W3q*wu%!;rY*t?a3@p1#d+(I8X1na@;t zm|sds(N(5*t?o>H<4flKgg6y%iB0`o>QW~AW#b`wZmmPN(^-e^*48?7UStqRsJ4^Y z0Q?8+xR?o^t*0{wii1;!y(K9uD>o>$L$%}2%;=VrT%kZ?C2GE`SJNrdtJS2at)@ef zUyP`_i5(&eR5M3}+sOTlk@S3+IH10mm;+F_%NYnJCzQH^1j$P^IezH6>X%FWvlMkx zntJc)d3KPRT`MGM4TChZM-6i%^f1SaIER$yyPT*A$@C&I>}7sm#KVhz%W1MoeJjwt zm&tE^cU=LNO`Q_QyT~7hXslPSi-@0-2dWC6(DQf1$L~XLh#9YB6Ithg_~ZZuX7;k2 zB1c5m*-2>sbjTFAn7R1pKa><|A(xE(fsK8E*&pV={_p|hzyJ6>HQC?MG5zwqa9`dM z*X6zV=a8w6!#5C5MV4w?Qd%Z;9% zY|}&R%%SIgnIE+s@~NckQzM56wIt1y{)db@p)KH@T3jV_NHI^PhM2dcD)e`{r2h6T zZGKfAhzdsOux-BcD5SxQOm9a5H~TU}GBIJ8PpIqgY!>xZL1+d6@y9%)cl49*vt}t~ zx)HV%0j3mNxn&nsV3>z)QIx0Dlk}Dow6SBB%8O~!SH z3=-bpjk+jWJl~4%>PC1@9Q+Q=Xei9gb$-i9RArdu2brTmt!X+>RKh%Q2_@dg7ivG5 zm5fqV7O17?PfvO1d5FzUlQ3_d(E29L*v>yK*z&51+UoH|6`VN7s62sj$r~gUPu_x; zivf?Z@4QKXfBU9sdv%rXhT)O+#4`di77ky^nl6r?!;wBH3%fM*MOo1)-|vS|bPl$O zhm@7vTWP?!+4rXb`GhiYzbdf5m zO8XK~rFZfEeO2M1i)^)pUa@plr6FQFE*bk#9jj36Fm!$_W||jV;+Is|h`8>D0NF&$ zDw>ZOa-)YTM{OqA?@RhLi6UnN-wW#uo|BW6mZR&MTSZG+#+ zISZ(p2zB`qvEq2-+uw+z_Ubx?GIg@;nEWM)u~jq%Y~JC&oa?B@nRXKk}Yx-f~=4oQXzFiu7cV?jzMN@q=My@NV6PP$v$T23R37- z+UWzGrB&AE4Hnp|cBj4dSPd|Th*ayTE&HVnG!I=o_ot_6Qs${0gfCz?gXhs~zWC!h zp^ICy%_1yH#u@U*@v+1~ZWjGe} zT1vzZX~Pyj3Gb5eM6{^3iOQm0v4VpyDujK7DgiLNb0N;K>(cXP zSlxwS_2$B=Q;-=@y&ISZT9g|NmG9N)iHBrW4*16~iRM@=Pcn(Gn88qEv^-XuWtGGC zgP1Bw>O$fef7iP<8UH`Z#gB5IUt=hfY5*CDdc#*Bu(vkD8$ z)wLy4ALwUptXkMGTq31VDcdRRRL&mT#DtK5ex~Q}P z>F-U)*XCrnWb9W8BHawTZnc!jQA3&0dBs}jXhd9rS#*ZCYA>DmQbCKF((@=|pl4aN zLww@9+DqzNE*SC03us)U4rgtb;WA?-C-a9hbqhtwq)HW|>C$oY#0QK9m zlpIz)*AF%W?+_QjrNq92X;9+2i7E~f_=I?Phri|Y#tUGs!0cMr%y_y3!jBmB?uz{v zWy)h^q`@IAiN1%Ui=Yopl|9S_@%3U|jx#j;LDYuGP8T z+Sg}ghn|OCy(7;vDb|%nqO9;MMh-6ft15Hu^{m-?R9SW9VL+bC>f~z^qs;aCxy`8S z7J%0eC{6^-M{$amKBdDcA*61hY4AFcOAt>?nf&Z2Bd#JEqwaF*Zf>o^)~5bvwO_p` zdLO!0Z+jg&-B;_dX~}9YYwB%T>(JTmu7m8=YQNfkQO_Py?W7L==g*%%w+;?kdwcNf zuLG};pP7jdck^)q;-6Krd*q6pX!AH9TnLa5n5lU^P~YDuWQ#J)F`K5yRa_>7d?K_U zDJ`O$t5Hc->+U?v3V!r; zdZBELd?~={I?6LDzEB^ce;sSol4YrcP?aiHmWTdeR9(3;!g*aOacWBxGupLq|4oN= zMaef#>M8`Z7Ho8>a9we7vte~9O-9;iT&r}Px#TV->zJS7sMKcDG<2%xKm*&ZpPuW?!# zmOZ5NdR1wUHZNUutn2k`!Ihhs^d%npR2#xGb8@fj+<`W*F3O?0FBLAG^b(W3#JK1A zfwnA5E`Z`($ck*k*?hQ~3-1-=Lku%v=DUPy)cv|IJvB$J&Rd_AYX+WY_OV~&{mW{B z49`7u@uDfxS52C-H4`5UQsGnso_K1|_kNz+#iLRWtMlBe^W3ZR+<8C`zVltIeuFHw z8=vPM&IINUeUiH-j@@a@6JMR=UY+E|>{Ne$D}R{#8j+?ac$E7^wq*dh7N z+X@_>TxMAPlp4ji3z$vWAnHP2J?Yflin#m*IMF;RU$e*n#j~RskyT@E-GN=TUP35m zmF9(HK=4Vd#Rz`%#|WCO!;(*(7>5Nd@x+b8$iU;F7aMr$n~kTrZ$?UepiR9ftX^;G zl~Mq2X*;poX#Xv6UZ5rd`S^&fh4xb<_v^(>X*c8oGuZvKU%JS0xlPyRUDEtaMcGXS z@pXSO>Y}BP*-LFS5SEN(FB@Y{zK>|YkM68I@-Xx2+R*4(g_+|jt1xo~pjDXp+Si5} zbx1Gb5PvGAAVQOdj0zQ%OOpkV%SSem>%Qem+%^!anO3)Y+9i>C%euyHopY7cNTp(J zl{&##9`qf?Kkj_G-`8B?u$u1LLEn08Wce+nPPf#%-cxG)WW;Ju>B-$eaC@6d@dy2W zu*-pyPyDT}22Q(p;M)ThyBr{Y82r1kT^CRv540_YF9OO0c248O-n&!xkLWCO94kB4 zgNFB|1Dn@4yc=`*l7qV|OY#TU5zVaqWlhLAq9LkPCm`zZikdBO4JynL8Tu)aVo|_# z`@A`@<%?yZ!uEv%TUOV4{P%V|^g6qf9qUJb3CewKsjoyq9pJf%0&r(C;lY;NJz6z$ zuk7fRuk2V>R%$!FY56d9*TLhkn-(y3m&qfs3c-@iLad~Ci$rI$)Vcn&M1Sc}$?6)3 z=o*P@T=MY5!Ya$9YZT?n{U;LK__Gk}-^;9I^E#gByeyXB@hLNEg1H=UB!^d-9+~H! zGd;eO(}YhUjCjLKNIl}mDF|CX;5DR`>i-@ijdyh^+T1JpidU^x0)GTX_|3wI%Yu1C z(byv#P%ce@*~VKBjqw0ZPuqt^@g0*~%0F{2LMM{(R|b-F8tusYqfn(nGWKZes?FH61aAi~ztL4?)m zu16g%SpM|ZQ@IfEny0juy!FqBdXw;^J)@?4OOMv%_5^ze&oVk) z&WVHlJT~!=PUFRt6*uNqCPLG(vOlsVy9pZUAf&HU(YW`CsSx4G?P@ro{+%hUfa=@AXU{CKi!MlT~-@E(Vsu#!INeI!!- z>8XSGWJnQnEX(TX!fCR&74w+q7@r*rq?LtfTs>Po-{IrqaH=?@6f@Y@fJTxDA$*rE%vwBv~qj>%|00960uAZwS01^QJaVe?J literal 0 HcmV?d00001 diff --git a/charts/neuvector-monitor/103.0.3+up2.7.6/Chart.yaml b/charts/neuvector-monitor/103.0.3+up2.7.6/Chart.yaml new file mode 100644 index 00000000000..3998bd77376 --- /dev/null +++ b/charts/neuvector-monitor/103.0.3+up2.7.6/Chart.yaml @@ -0,0 +1,27 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: NeuVector Monitor + catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.29.0-0' + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux + catalog.cattle.io/provides-gvr: neuvector.com/v1 + catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0' + catalog.cattle.io/release-name: neuvector-monitor + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 2.7.6 +apiVersion: v1 +appVersion: 5.3.2 +description: Helm feature chart (optional) add-on to NeuVector for monitoring with + Prometheus/Grafana. +home: https://neuvector.com +icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 +keywords: +- security +maintainers: +- email: support@neuvector.com + name: becitsthere +name: neuvector-monitor +sources: +- https://github.com/neuvector/neuvector +version: 103.0.3+up2.7.6 diff --git a/charts/neuvector-monitor/103.0.3+up2.7.6/README.md b/charts/neuvector-monitor/103.0.3+up2.7.6/README.md new file mode 100644 index 00000000000..897f52ed5a2 --- /dev/null +++ b/charts/neuvector-monitor/103.0.3+up2.7.6/README.md @@ -0,0 +1,22 @@ +# NeuVector Helm Chart + +Helm chart for NeuVector's monitoring services. + +## Configuration + +The following table lists the configurable parameters of the NeuVector chart and their default values. + +Parameter | Description | Default | Notes +--------- | ----------- | ------- | ----- +`registry` | NeuVector container registry | `registry.neuvector.com` | +`oem` | OEM release name | `nil` | +`leastPrivilege` | Assume monitor chart is always installed after the core chart, so service accounts created by the core chart will be used. Keep this value as same as in the core chart. | `false` | +`exporter.enabled` | If true, create Prometheus exporter | `false` | +`exporter.image.repository` | exporter image name | `neuvector/prometheus-exporter` | +`exporter.image.tag` | exporter image tag | `latest` | +`exporter.ctrlSecretName` | existing secret that have CTRL_USERNAME and CTRL_PASSWORD fields to login to the controller. | `nil` | if parameter exists then `exporter.CTRL_USERNAME` & `exporter.CTRL_PASSWORD` will be skipped +`exporter.CTRL_USERNAME` | Username to login to the controller. Suggest to replace the default admin user to a read-only user | `admin` | +`exporter.CTRL_PASSWORD` | Password to login to the controller. | `admin` | +`exporter.enforcerStats.enabled` | If true, enable the Enforcers stats | `false` | For the performance reason, by default the exporter does NOT pull CPU/memory usage from enforcers. +--- + diff --git a/charts/neuvector-monitor/103.0.3+up2.7.6/app-readme.md b/charts/neuvector-monitor/103.0.3+up2.7.6/app-readme.md new file mode 100644 index 00000000000..e0faed5b506 --- /dev/null +++ b/charts/neuvector-monitor/103.0.3+up2.7.6/app-readme.md @@ -0,0 +1,5 @@ +### Run-Time Protection Without Compromise + +NeuVector delivers a complete run-time security solution with container process/file system protection and vulnerability scanning combined with the only true Layer 7 container firewall. Protect sensitive data with a complete container security platform. + +Helm chart for NeuVector's monitoring services. Please make sure REST API service for controller in core chart is enabled. diff --git a/charts/neuvector-monitor/103.0.3+up2.7.6/dashboards/nv_dashboard.json b/charts/neuvector-monitor/103.0.3+up2.7.6/dashboards/nv_dashboard.json new file mode 100644 index 00000000000..1da8b12e94b --- /dev/null +++ b/charts/neuvector-monitor/103.0.3+up2.7.6/dashboards/nv_dashboard.json @@ -0,0 +1,2036 @@ +{ + "__inputs": [ + { + "name": "datasource", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "10.2.3" + }, + { + "type": "panel", + "id": "piechart", + "name": "Pie chart", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "table", + "name": "Table", + "version": "" + }, + { + "type": "panel", + "id": "text", + "name": "Text", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "gridPos": { + "h": 10, + "w": 3, + "x": 0, + "y": 0 + }, + "id": 38, + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "
\n \n ![NeuVector Logo](https://avatars.githubusercontent.com/u/19367275?s=200&v=4)
\n
\n [Documentation](https://open-docs.neuvector.com)
\n
\n [Users Slack Channel](https://rancher-users.slack.com/archives/C036F6JDZ8C)
\n
\n [GitHub](https://github.com/neuvector)\n\n
", + "mode": "markdown" + }, + "pluginVersion": "10.2.3", + "title": "NeuVector Product Links", + "type": "text" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 3, + "y": 0 + }, + "id": 25, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "nv_summary_enforcers", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "Enforcer Replica Count", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 3, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 6, + "y": 0 + }, + "id": 8, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "nv_summary_cvedbVersion", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "CVE Database Version", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 9, + "y": 0 + }, + "id": 20, + "links": [], + "maxDataPoints": 1000, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "nv_summary_pods", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "Discovered Pod Count", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 34, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "max(nv_controller_cpu) by (display)\n", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{display}}", + "range": true, + "refId": "A" + } + ], + "title": "Controller CPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 3, + "y": 3 + }, + "id": 32, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "nv_admission_denied", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Denied Admissions", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-RdYlGr" + }, + "mappings": [ + { + "options": { + "1": { + "color": "light-orange", + "index": 1 + }, + "2": { + "color": "yellow", + "index": 2 + }, + "3": { + "color": "green", + "index": 3 + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 0, + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 6, + "y": 3 + }, + "id": 2, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "nv_summary_controllers", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "Controller Replicas", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 9, + "y": 3 + }, + "id": 19, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "center", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value", + "wideLayout": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "nv_summary_disconnectedEnforcers", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "Disconnected Enforcers", + "type": "stat" + }, + { + "columns": [ + { + "text": "Current", + "value": "current" + } + ], + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "center", + "cellOptions": { + "type": "auto" + }, + "filterable": false, + "inspect": false, + "width": 300 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "string" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "log" + }, + "properties": [ + { + "id": "custom.width", + "value": 101 + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + }, + { + "id": "color", + "value": { + "fixedColor": "light-orange", + "mode": "fixed" + } + }, + { + "id": "displayName", + "value": "Event Type" + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "name" + }, + "properties": [ + { + "id": "custom.filterable", + "value": true + }, + { + "id": "displayName", + "value": "Violation Type" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Last seen" + }, + "properties": [ + { + "id": "unit", + "value": "dateTimeAsIso" + }, + { + "id": "custom.width", + "value": 200 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "fromname" + }, + "properties": [ + { + "id": "displayName", + "value": "Source Pod" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "toname" + }, + "properties": [ + { + "id": "displayName", + "value": "Destination Pod" + } + ] + } + ] + }, + "fontSize": "90%", + "gridPos": { + "h": 8, + "w": 9, + "x": 3, + "y": 6 + }, + "id": 29, + "links": [], + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Last seen" + } + ] + }, + "pluginVersion": "10.2.3", + "scroll": true, + "showHeader": true, + "sort": { + "col": 1, + "desc": true + }, + "styles": [ + { + "alias": "Event", + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm", + "decimals": 2, + "link": false, + "mappingType": 1, + "pattern": "Metric", + "preserveFormat": false, + "sanitize": true, + "thresholds": [], + "type": "string", + "unit": "short" + }, + { + "alias": "Time", + "colorMode": "value", + "colors": [ + "#E0B400", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 0, + "pattern": "Current", + "thresholds": [], + "type": "number", + "unit": "dateTimeAsIso" + } + ], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "nv_log_events", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "range": false, + "refId": "A" + } + ], + "title": "Security Event Log", + "transform": "timeseries_aggregations", + "transformations": [ + { + "id": "labelsToFields", + "options": {} + }, + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "endpoint": true, + "fromns": true, + "id": true, + "instance": true, + "job": true, + "namespace": true, + "pod": true, + "service": true, + "target": true, + "tons": true + }, + "indexByName": { + "Time": 0, + "Value": 14, + "endpoint": 1, + "fromname": 7, + "fromns": 15, + "id": 2, + "instance": 3, + "job": 4, + "log": 5, + "name": 6, + "namespace": 8, + "pod": 9, + "service": 10, + "target": 11, + "toname": 12, + "tons": 13 + }, + "renameByName": {} + } + }, + { + "id": "groupBy", + "options": { + "fields": { + "Value": { + "aggregations": [ + "max" + ], + "operation": "aggregate" + }, + "fromname": { + "aggregations": [], + "operation": "groupby" + }, + "log": { + "aggregations": [], + "operation": "groupby" + }, + "name": { + "aggregations": [], + "operation": "groupby" + }, + "toname": { + "aggregations": [], + "operation": "groupby" + } + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Value (lastNotNull)": "Last seen", + "Value (max)": "Last seen" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 6 + }, + "id": 12, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "max(nv_controller_memory) by (display)", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{display}}", + "range": true, + "refId": "A" + } + ], + "title": "Controller Memory Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Value #A" + }, + "properties": [ + { + "id": "displayName", + "value": "High" + }, + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #B" + }, + "properties": [ + { + "id": "displayName", + "value": "Medium" + }, + { + "id": "color", + "value": { + "fixedColor": "light-orange", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 14, + "w": 3, + "x": 0, + "y": 10 + }, + "id": 24, + "links": [], + "options": { + "displayLabels": [ + "value" + ], + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": true, + "values": [] + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "none", + "sort": "none" + } + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(nv_container_vulnerabilityHigh) by (service)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(nv_container_vulnerabilityMedium) by (service)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "B" + } + ], + "title": "Cluster CVE Count", + "transformations": [ + { + "id": "merge", + "options": { + "reducers": [] + } + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "indexByName": {}, + "renameByName": {} + } + } + ], + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 12 + }, + "id": 10, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "max(nv_enforcer_cpu) by (display)\n", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{display}}", + "range": true, + "refId": "A" + } + ], + "title": "Enforcer CPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "center", + "cellOptions": { + "type": "auto" + }, + "inspect": false, + "width": 101 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "exported_service" + }, + "properties": [ + { + "id": "custom.filterable", + "value": true + }, + { + "id": "displayName", + "value": "Cluster Service Name" + }, + { + "id": "custom.inspect", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #A" + }, + "properties": [ + { + "id": "displayName", + "value": "High" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #B" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + }, + { + "id": "displayName", + "value": "Medium" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "light-orange", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "exported_service" + }, + "properties": [ + { + "id": "custom.width", + "value": 300 + }, + { + "id": "custom.align", + "value": "right" + }, + { + "id": "displayName", + "value": "Cluster Service Name" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 4, + "x": 3, + "y": 14 + }, + "id": 36, + "links": [], + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(nv_container_vulnerabilityHigh) by (exported_service)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(nv_container_vulnerabilityMedium) by (exported_service)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "B" + } + ], + "title": "Vulnerabilities by Service", + "transformations": [ + { + "id": "merge", + "options": { + "reducers": [] + } + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "indexByName": {}, + "renameByName": {} + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "center", + "cellOptions": { + "type": "auto" + }, + "filterable": false, + "inspect": false, + "minWidth": 50 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "name" + }, + "properties": [ + { + "id": "unit", + "value": "string" + }, + { + "id": "custom.align", + "value": "right" + }, + { + "id": "custom.inspect", + "value": true + }, + { + "id": "custom.filterable", + "value": true + }, + { + "id": "displayName", + "value": "Repository/Image: Tag" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #A" + }, + "properties": [ + { + "id": "displayName", + "value": "High" + }, + { + "id": "unit", + "value": "none" + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + }, + { + "id": "color" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #B" + }, + "properties": [ + { + "id": "displayName", + "value": "Medium" + }, + { + "id": "unit", + "value": "none" + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "light-orange", + "value": 1 + } + ] + } + }, + { + "id": "color" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 5, + "x": 7, + "y": 14 + }, + "id": 33, + "links": [], + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(nv_image_vulnerabilityHigh) by (name)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(nv_image_vulnerabilityMedium) by (name)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "B" + } + ], + "title": "Registry Images Vulnerabilities", + "transformations": [ + { + "id": "merge", + "options": { + "reducers": [] + } + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "indexByName": {}, + "renameByName": {} + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 35, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "max(nv_enforcer_memory) by (display)", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{display}}", + "refId": "A" + } + ], + "title": "Enforcer Memory Usage", + "type": "timeseries" + } + ], + "refresh": "15s", + "schemaVersion": 39, + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "prometheus" + }, + "hide": 0, + "includeAll": false, + "label": "Data Source", + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "hidden": false, + "refresh_intervals": [ + "5s", + "10s", + "15s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "NeuVector", + "uid": "nv_dashboard0001", + "version": 1, + "weekStart": "" +} \ No newline at end of file diff --git a/charts/neuvector-monitor/103.0.3+up2.7.6/questions.yaml b/charts/neuvector-monitor/103.0.3+up2.7.6/questions.yaml new file mode 100644 index 00000000000..b8d51b3791f --- /dev/null +++ b/charts/neuvector-monitor/103.0.3+up2.7.6/questions.yaml @@ -0,0 +1,27 @@ +questions: +#monitor configurations +- variable: exporter.image.repository + default: "neuvector/prometheus-exporter" + description: exporter image repository + type: string + label: Exporter Image Path + group: "Container Images" +- variable: exporter.image.tag + default: "" + description: image tag for exporter + type: string + label: exporter Image Tag + group: "Container Images" +#controller crendential configuration +- variable: exporter.CTRL_USERNAME + default: "admin" + description: Controller Username + type: string + label: Controller Username + group: "Controller Crendential" +- variable: exporter.CTRL_PASSWORD + default: "admin" + description: Controller Password + type: string + label: Controller Password + group: "Controller Crendential" diff --git a/charts/neuvector-monitor/103.0.3+up2.7.6/templates/_helpers.tpl b/charts/neuvector-monitor/103.0.3+up2.7.6/templates/_helpers.tpl new file mode 100644 index 00000000000..5d21a182418 --- /dev/null +++ b/charts/neuvector-monitor/103.0.3+up2.7.6/templates/_helpers.tpl @@ -0,0 +1,40 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "neuvector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "neuvector.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "neuvector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/neuvector-monitor/103.0.3+up2.7.6/templates/dashboard.yaml b/charts/neuvector-monitor/103.0.3+up2.7.6/templates/dashboard.yaml new file mode 100644 index 00000000000..9a6840a4d8c --- /dev/null +++ b/charts/neuvector-monitor/103.0.3+up2.7.6/templates/dashboard.yaml @@ -0,0 +1,19 @@ +{{- if .Values.exporter.grafanaDashboard.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: nv-grafana-dashboard + namespace: {{ .Values.exporter.grafanaDashboard.namespace | default .Release.Namespace }} + labels: + grafana_dashboard: "1" +{{- if .Values.exporter.grafanaDashboard.labels }} + {{- toYaml .Values.exporter.grafanaDashboard.labels | nindent 4}} +{{- end }} +{{- if .Values.exporter.grafanaDashboard.annotations }} + annotations: + {{- toYaml .Values.exporter.grafanaDashboard.annotations | nindent 4}} +{{- end }} +data: + nv_dashboard.json: | +{{ .Files.Get "dashboards/nv_dashboard.json" | indent 4 }} +{{- end }} diff --git a/charts/neuvector-monitor/103.0.3+up2.7.6/templates/exporter-deployment.yaml b/charts/neuvector-monitor/103.0.3+up2.7.6/templates/exporter-deployment.yaml new file mode 100644 index 00000000000..8309f8a4122 --- /dev/null +++ b/charts/neuvector-monitor/103.0.3+up2.7.6/templates/exporter-deployment.yaml @@ -0,0 +1,75 @@ +{{- if .Values.exporter.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: neuvector-prometheus-exporter-pod + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: 1 + selector: + matchLabels: + app: neuvector-prometheus-exporter-pod + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8068" + prometheus.io/scrape: "true" + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + labels: + app: neuvector-prometheus-exporter-pod + release: {{ .Release.Name }} + {{- with .Values.exporter.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + {{- if .Values.leastPrivilege }} + serviceAccountName: basic + serviceAccount: basic + {{- end }} + {{- with .Values.exporter.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: neuvector-prometheus-exporter-pod + {{ if eq .Values.registry "registry.neuvector.com" }} + {{ if .Values.oem }} + image: "{{ .Values.registry }}/{{ .Values.oem }}/prometheus-exporter:{{ .Values.exporter.image.tag }}" + {{- else }} + image: "{{ .Values.registry }}/prometheus-exporter:{{ .Values.exporter.image.tag }}" + {{- end }} + {{- else }} + image: {{ template "system_default_registry" . }}{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }} + {{- end }} + imagePullPolicy: Always + {{- with .Values.exporter.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: CTRL_API_SERVICE + value: {{ .Values.exporter.apiSvc }} + - name: EXPORTER_PORT + value: "8068" + {{- if .Values.exporter.enforcerStats.enabled }} + - name: ENFORCER_STATS + value: "{{.Values.exporter.enforcerStats.enabled | default "false"}}" + {{- end }} + envFrom: + - secretRef: + {{- if .Values.exporter.ctrlSecretName }} + name: {{ .Values.exporter.ctrlSecretName }} + {{ else }} + name: neuvector-prometheus-exporter-pod-secret + {{- end }} + restartPolicy: Always +{{- end }} diff --git a/charts/neuvector-monitor/103.0.3+up2.7.6/templates/exporter-service.yaml b/charts/neuvector-monitor/103.0.3+up2.7.6/templates/exporter-service.yaml new file mode 100644 index 00000000000..b3045627095 --- /dev/null +++ b/charts/neuvector-monitor/103.0.3+up2.7.6/templates/exporter-service.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.exporter.enabled .Values.exporter.svc.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: neuvector-prometheus-exporter + namespace: {{ .Release.Namespace }} + {{- with .Values.exporter.svc.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + app: neuvector-prometheus-exporter +spec: + type: {{ .Values.exporter.svc.type }} + {{- if and .Values.exporter.svc.loadBalancerIP (eq .Values.exporter.svc.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.exporter.svc.loadBalancerIP }} + {{- end }} + ports: + - port: 8068 + name: metrics + targetPort: 8068 + protocol: TCP + selector: + app: neuvector-prometheus-exporter-pod +{{- end }} diff --git a/charts/neuvector-monitor/103.0.3+up2.7.6/templates/exporter-servicemonitor.yaml b/charts/neuvector-monitor/103.0.3+up2.7.6/templates/exporter-servicemonitor.yaml new file mode 100644 index 00000000000..25ca23d1210 --- /dev/null +++ b/charts/neuvector-monitor/103.0.3+up2.7.6/templates/exporter-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.exporter.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: neuvector-prometheus-exporter + namespace: {{ .Release.Namespace }} + {{- with .Values.exporter.serviceMonitor.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.exporter.serviceMonitor.labels }} + {{- toYaml .Values.exporter.serviceMonitor.labels | nindent 4}} +{{- end }} +spec: + selector: + matchLabels: + app: neuvector-prometheus-exporter + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: metrics + {{- if .Values.exporter.serviceMonitor.interval }} + interval: {{ .Values.exporter.serviceMonitor.interval }} + {{- end }} + path: "/metrics" + {{- if .Values.exporter.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml .Values.exporter.serviceMonitor.metricRelabelings | nindent 6 }} + {{- end }} + {{- if .Values.exporter.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.exporter.serviceMonitor.relabelings | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/neuvector-monitor/103.0.3+up2.7.6/templates/secret.yaml b/charts/neuvector-monitor/103.0.3+up2.7.6/templates/secret.yaml new file mode 100644 index 00000000000..a7517959954 --- /dev/null +++ b/charts/neuvector-monitor/103.0.3+up2.7.6/templates/secret.yaml @@ -0,0 +1,15 @@ +{{- if and (.Values.exporter.enabled) (not .Values.exporter.ctrlSecretName) -}} +apiVersion: v1 +kind: Secret +metadata: + name: neuvector-prometheus-exporter-pod-secret + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + CTRL_USERNAME: {{ .Values.exporter.CTRL_USERNAME | b64enc | quote }} + CTRL_PASSWORD: {{ .Values.exporter.CTRL_PASSWORD | b64enc | quote }} +{{- end }} diff --git a/charts/neuvector-monitor/103.0.3+up2.7.6/values.yaml b/charts/neuvector-monitor/103.0.3+up2.7.6/values.yaml new file mode 100644 index 00000000000..dc89881ed37 --- /dev/null +++ b/charts/neuvector-monitor/103.0.3+up2.7.6/values.yaml @@ -0,0 +1,59 @@ +# Default values for neuvector. +# This is a YAML-formatted file. +# Declare variables to be passed into the templates. + +global: + cattle: + systemDefaultRegistry: "" + +registry: docker.io +oem: '' +leastPrivilege: false + +exporter: + # If false, exporter will not be installed + enabled: true + image: + repository: rancher/mirrored-neuvector-prometheus-exporter + tag: 5.3.2 + # changes this to a readonly user ! + CTRL_USERNAME: admin + CTRL_PASSWORD: admin + ctrlSercretName: '' + enforcerStats: + enabled: false + ctrlSecretName: '' + apiSvc: neuvector-svc-controller-api:10443 + podLabels: {} + securityContext: {} + containerSecurityContext: {} + + svc: + enabled: true + type: ClusterIP + loadBalancerIP: '' + annotations: {} + # service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet" + + grafanaDashboard: + enabled: false + namespace: "" # Release namespace, if empty + labels: {} + # annotations: {} + # k8s-sidecar-target-directory: /tmp/dashboards/neuvector + + serviceMonitor: + enabled: false + # labels for the ServiceMonitor. + labels: {} + # annotations for the ServiceMonitor. + annotations: {} + # Scrape interval. If not set, the Prometheus default scrape interval is used. + interval: "" + # MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + # ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + metricRelabelings: [] + # RelabelConfigs to apply to samples before scraping + # ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + relabelings: [] diff --git a/index.yaml b/index.yaml index b13d5fc6ef2..b13e30949e7 100755 --- a/index.yaml +++ b/index.yaml @@ -6036,6 +6036,37 @@ entries: - assets/neuvector-crd/neuvector-crd-100.0.0+up2.2.0.tgz version: 100.0.0+up2.2.0 neuvector-monitor: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: NeuVector Monitor + catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.29.0-0' + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux + catalog.cattle.io/provides-gvr: neuvector.com/v1 + catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0' + catalog.cattle.io/release-name: neuvector-monitor + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 2.7.6 + apiVersion: v1 + appVersion: 5.3.2 + created: "2024-04-18T16:24:04.442969-03:00" + description: Helm feature chart (optional) add-on to NeuVector for monitoring + with Prometheus/Grafana. + digest: 0b44123f1e5b0b5ece2ccc6162190bff2684620c84b58301fda3b33460567b75 + home: https://neuvector.com + icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 + keywords: + - security + maintainers: + - email: support@neuvector.com + name: becitsthere + name: neuvector-monitor + sources: + - https://github.com/neuvector/neuvector + urls: + - assets/neuvector-monitor/neuvector-monitor-103.0.3+up2.7.6.tgz + version: 103.0.3+up2.7.6 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: NeuVector Monitor diff --git a/release.yaml b/release.yaml index ed37b7571b8..99f504aff74 100644 --- a/release.yaml +++ b/release.yaml @@ -51,6 +51,7 @@ neuvector-monitor: - 103.0.2+up2.7.3 - 102.0.8+up2.7.3 - 102.0.9+up2.7.6 + - 103.0.3+up2.7.6 prometheus-federator: - 103.0.1+up0.4.1 - 104.0.0-rc1+up0.4.1