From 12227e4281b68ccb3cf22366ddbc81cdd1d0233e Mon Sep 17 00:00:00 2001 From: Lucas Lopes Date: Thu, 18 Apr 2024 14:30:52 -0300 Subject: [PATCH] make forward-port neuvector-crd 102.0.9+up2.7.6 --- .../neuvector-crd-102.0.9+up2.7.6.tgz | Bin 0 -> 3444 bytes .../neuvector-crd/102.0.9+up2.7.6/Chart.yaml | 16 + .../neuvector-crd/102.0.9+up2.7.6/README.md | 14 + .../102.0.9+up2.7.6/templates/_helpers.tpl | 32 + .../102.0.9+up2.7.6/templates/crd.yaml | 975 ++++++++++++++++++ .../neuvector-crd/102.0.9+up2.7.6/values.yaml | 9 + index.yaml | 20 + release.yaml | 1 + 8 files changed, 1067 insertions(+) create mode 100644 assets/neuvector-crd/neuvector-crd-102.0.9+up2.7.6.tgz create mode 100644 charts/neuvector-crd/102.0.9+up2.7.6/Chart.yaml create mode 100644 charts/neuvector-crd/102.0.9+up2.7.6/README.md create mode 100644 charts/neuvector-crd/102.0.9+up2.7.6/templates/_helpers.tpl create mode 100644 charts/neuvector-crd/102.0.9+up2.7.6/templates/crd.yaml create mode 100644 charts/neuvector-crd/102.0.9+up2.7.6/values.yaml diff --git a/assets/neuvector-crd/neuvector-crd-102.0.9+up2.7.6.tgz b/assets/neuvector-crd/neuvector-crd-102.0.9+up2.7.6.tgz new file mode 100644 index 0000000000000000000000000000000000000000..c2018db409f2a6e74d3c6f93e04df02dcd4152ca GIT binary patch literal 3444 zcmV-)4U6(0iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI~~bKJHO_cK4m_T1EVVp4aKEHyWETUSb3PZC9AXPoJij3bwK zs6m1Oz>`(W-@OBX_g5syJDsIC#=eLGmW##W&;9`H5jmDqj1?DQERwyG2@xu~A{l$I zL+bbY{iDM}^S9scum9~I9}ON14v+drgZ|*?aQ{JnaB%$W*#qeBQi&!ir6S@%|JG%# zSMD<*lIL6zMR_iV0YFR?VSF6LL@9<5<$Ey-MN^8&5CqBN35r^_2~85rhtN}^#9l2+ zPBN4QiE#)vFO%Qr^UBMB$3PC=rW(imkh;ku-WQiUAu?afP!Vx9#w){L=p2`VXiduUb#2;_TcDv|M=P8-%4hC~F@CJT=e8p+-T)7eaz5%@KNwNknt^AY9~|`6jYp^Gu71-dM+@ zIe(g>5Hvx!)=@0co&?R@MkPERT^Vbf zp1sz*G#`U3Fn$sRFH@)>j1{5*0-?FAkcdg63N9&Qde$uUoJsU_tCg>`br@H3ts0o7 zb9>G*=Qf@3G%|EDI+F`Ye>4>sKJVVHOM1?2VWmW`tfB17b6rC~zLMcr zvbQG9mb*z$YkFSkflE!RhfD>=bhDb~t@?`PVq}EO*~Esg*I1!td)wy<1j985EEtIq zdf)V*chTFZruRKHdAb8?^8c|&cD4*~`~Tzp&ueUsP3(Po6B7dEh8B=gO${q_+5PZ(BM|>#Mc3;Ex|yb}UFi@x8)a|0kn&f0hyD zd(*+fg>~Z}p(2C%%>D6W@Q&um5Kc;|c=ie>>cur9G{scAaM!6NFXcO$SzU6w~?g*d!<}jA2d6r|Qq9q?gbbA@BG9etA|GBa;9NoeaBnqr=1n5$-nPG$y(1yv|0aS3W^&aNt3dWVgc z+fa2&yx6HYv(dOii2{Eusldc7GSp^i;owCJgHhedW3}d^|6;6KJ5KZ9gO&jZT@Azq z9n+k!iycU7Gqm+c&N16)7? zgiLAk1nKsD8PBQW;v$}qeB9LHA&eN0-(8S6Mk%-T1u10;8`W%mU1$&|>9oa_jW}mW z>Ux;FW6sQ2n`u?wUH_xG$3HXj_{Za)Ci3{FhCKf9_@|RD%}rAX9)A)3M@zmai-f4H zVZ&|x2T_wPU*57O-L6ku6oS{oV|N!A5s8fE4Tfs&0P|zyhFm$J$dZQ45s@@*$on4( z9wvgO^^%>ocbHHSF~%BK>b6e78I7+po@`;CQz~OVZGZ9Y4AK#4bXc*vjOxG`PD3@Fhuoce_cxyM2o8R$tq&0&zjBjFrTt z^V={CzqGi5*hX-FzTpK`2)Z-MpoXU=*r3i7hGjYCpoVD?dQg?);|_e>!Kc~x@cZt5 z-+e2UE%|--8uI(@e&4;5EEjN3+yVHwgBkg_gAFD5xPzPI4}#a|%Q^`5aR&|LyPJG$&Mj+8ZNAx32&G^hxF$%FhL!dzu;<)qOT4R5s%G7#eqFZMyQ(K}jPE<}J^F*;e6-7Y{I2)*!`b+9a_#H{;Fh3s zHu-!C*y&nL*DAF!*0gTOW6ce)CP^|XwOrjx1!tcx@O&|=$%(Cr6NS2%Yapr9N;mMS zi`#?Mdk3pA&r>?y7_2gixw_cyT%r0pe?x8)UTSf8_8W)WEaCySt48KL|0o>iAI_?{ z9D}W7O@^*PP4ZGRZL(F?uqybSozb=&2DQK6auC$AEa|o+X|uZvABZ2;Q4Ek8CC*>NSXk<@Ohffi)EU}{+sbXyd32K?QEeqav4 zE({vlMQ=51yAaf&O*fHru_MLWyG2WfaCU{ZPSBzG+ZsNh(q1a!eBTvpLtEZ;#Y$?2 z=>S7*KCahm%yNN@Hki@L2QDr!su$5R`?_~j!leQnOnOOn(TNj_31%n=>%xBP2;QwD z>Sm6uCUdJGDZg%auiGz4`uQ%^e<7)Jb-tEgvmjru{*5*G8iQYU-}|!LpAoev)k(Fg zAb&=*%IMFC8pxj!)ssIX@@GU&86ImczJtQEf>DykSp8t(^Fo^^bM?=y`Zw_A4UW1m zpxiLR4a|9i#iP!9N1gLa!8Qe+)%MDTz1(@bQx?pXXarZcMv{s&#p!k^V7UU__5xe> zAQeh=k(b%1`FH0XOKf*fOJ&`)6RMiDyC3q-#qC_CCCgFRDqMY*{^iYb4Vqj`9aD{$ zskO!pM^ne;ea*f5nk|3M`Dwkxu0BYRkSnJ%X+JVBQg}w_t@kZ<=(cD^#_sKpyVd8u ze|PfRahy#HxMFFBbqaAg*=6T89aMhnbrq#k8S4u^%O%C;^FJS3q-fhk8K^^C5?)`oFxoJUv-3 z$0UalLV^Y3SLVL{F{%j)xTI=gZ(*NTX!-k3Q4stCV^T^qOu8D4GDnzlfh*OHbwVL{ zQpQTFMkPorh|m+&WMNt=AvQP0ClUOU3scmH#P2SNNHpvyh@uvvfp=iHQR(g|S%>{5(NOIb-~i=3`J=jzREpW@yW-leH}}R463y)MPJpF=HFuA=Ct^ zn0<1??gHzUIiI}@*Kmq57PL_IzWdXP^%~B&La7~Wa`Dekw43tuvn*dl_RYZh$vj!&_sgw{RW2U7N(UtXL#arI|@zzfdhOUY_fh?t2dK WQN&gQ30RR6PQF&AVk^le-8KNQp literal 0 HcmV?d00001 diff --git a/charts/neuvector-crd/102.0.9+up2.7.6/Chart.yaml b/charts/neuvector-crd/102.0.9+up2.7.6/Chart.yaml new file mode 100644 index 0000000000..13eb969aa3 --- /dev/null +++ b/charts/neuvector-crd/102.0.9+up2.7.6/Chart.yaml @@ -0,0 +1,16 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/release-name: neuvector-crd +apiVersion: v1 +appVersion: 5.3.2 +description: Helm chart for NeuVector's CRD services +home: https://neuvector.com +icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 +maintainers: +- email: support@neuvector.com + name: becitsthere +name: neuvector-crd +type: application +version: 102.0.9+up2.7.6 diff --git a/charts/neuvector-crd/102.0.9+up2.7.6/README.md b/charts/neuvector-crd/102.0.9+up2.7.6/README.md new file mode 100644 index 0000000000..a5379e6ba6 --- /dev/null +++ b/charts/neuvector-crd/102.0.9+up2.7.6/README.md @@ -0,0 +1,14 @@ +# NeuVector Helm Chart + +Helm chart for NeuVector container security's CRD services. NeuVector's CRD (Custom Resource Definition) capture and declare application security policies early in the pipeline, then defined policies can be deployed together with the container applications. + +Because the CRD policies can be deployed before NeuVector's core product, this separate helm chart is created. For the backward compatibility reason, crd.yaml is not removed in the 'core' chart. If you use this 'crd' chart, please set `crdwebhook.enabled` to false in the 'core' chart. + +## Configuration + +The following table lists the configurable parameters of the NeuVector chart and their default values. + +Parameter | Description | Default | Notes +--------- | ----------- | ------- | ----- +`openshift` | If deploying in OpenShift, set this to true | `false` | +`crdwebhook.type` | crd webhook type | `ClusterIP` | diff --git a/charts/neuvector-crd/102.0.9+up2.7.6/templates/_helpers.tpl b/charts/neuvector-crd/102.0.9+up2.7.6/templates/_helpers.tpl new file mode 100644 index 0000000000..c0cc49294e --- /dev/null +++ b/charts/neuvector-crd/102.0.9+up2.7.6/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "neuvector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "neuvector.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "neuvector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/neuvector-crd/102.0.9+up2.7.6/templates/crd.yaml b/charts/neuvector-crd/102.0.9+up2.7.6/templates/crd.yaml new file mode 100644 index 0000000000..e3a0bfdb17 --- /dev/null +++ b/charts/neuvector-crd/102.0.9+up2.7.6/templates/crd.yaml @@ -0,0 +1,975 @@ +{{- if .Values.crdwebhook.enabled -}} +{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} +{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvSecurityRule + listKind: NvSecurityRuleList + plural: nvsecurityrules + singular: nvsecurityrule + scope: Namespaced +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + egress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + file: + items: + properties: + app: + items: + type: string + type: array + behavior: + enum: + - monitor_change + - block_access + type: string + filter: + type: string + recursive: + type: boolean + required: + - behavior + - filter + type: object + type: array + ingress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + process: + items: + properties: + action: + enum: + - allow + - deny + type: string + allow_update: + type: boolean + name: + type: string + path: + type: string + required: + - action + type: object + type: array + process_profile: + properties: + baseline: + enum: + - default + - shield + - basic + - zero-drift + type: string + type: object + target: + properties: + policymode: + enum: + - Discover + - Monitor + - Protect + - N/A + type: string + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - selector + type: object + dlp: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + waf: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + required: + - target + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvclustersecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvClusterSecurityRule + listKind: NvClusterSecurityRuleList + plural: nvclustersecurityrules + singular: nvclustersecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + egress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + file: + items: + properties: + app: + items: + type: string + type: array + behavior: + enum: + - monitor_change + - block_access + type: string + filter: + type: string + recursive: + type: boolean + required: + - behavior + - filter + type: object + type: array + ingress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + process: + items: + properties: + action: + enum: + - allow + - deny + type: string + allow_update: + type: boolean + name: + type: string + path: + type: string + required: + - action + type: object + type: array + process_profile: + properties: + baseline: + enum: + - default + - shield + - basic + - zero-drift + type: string + type: object + target: + properties: + policymode: + enum: + - Discover + - Monitor + - Protect + - N/A + type: string + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - selector + type: object + dlp: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + waf: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + required: + - target + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvdlpsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvDlpSecurityRule + listKind: NvDlpSecurityRuleList + plural: nvdlpsecurityrules + singular: nvdlpsecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + sensor: + properties: + comment: + type: string + name: + type: string + rules: + items: + properties: + name: + type: string + patterns: + items: + properties: + context: + enum: + - url + - header + - body + - packet + type: string + key: + enum: + - pattern + type: string + op: + enum: + - regex + - '!regex' + type: string + value: + type: string + required: + - key + - op + - value + - context + type: object + type: array + required: + - name + - patterns + type: object + type: array + required: + - name + type: object + required: + - sensor + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvadmissioncontrolsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvAdmissionControlSecurityRule + listKind: NvAdmissionControlSecurityRuleList + plural: nvadmissioncontrolsecurityrules + singular: nvadmissioncontrolsecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + config: + properties: + client_mode: + enum: + - service + - url + type: string + enable: + type: boolean + mode: + enum: + - monitor + - protect + type: string + required: + - enable + - mode + - client_mode + type: object + rules: + items: + properties: + action: + enum: + - allow + - deny + type: string + comment: + type: string + criteria: + items: + properties: + name: + type: string + op: + type: string + path: + type: string + sub_criteria: + items: + properties: + name: + type: string + op: + type: string + value: + type: string + required: + - name + - op + - value + type: object + type: array + template_kind: + type: string + type: + type: string + value: + type: string + value_type: + type: string + required: + - name + - op + - value + type: object + type: array + disabled: + type: boolean + id: + type: integer + rule_mode: + enum: + - "" + - monitor + - protect + type: string + containers: + items: + enum: + - containers + - init_containers + - ephemeral_containers + type: string + type: array + required: + - action + - criteria + type: object + type: array + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvwafsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvWafSecurityRule + listKind: NvWafSecurityRuleList + plural: nvwafsecurityrules + singular: nvwafsecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + sensor: + properties: + comment: + type: string + name: + type: string + rules: + items: + properties: + name: + type: string + patterns: + items: + properties: + context: + enum: + - url + - header + - body + - packet + type: string + key: + enum: + - pattern + type: string + op: + enum: + - regex + - '!regex' + type: string + value: + type: string + required: + - key + - op + - value + - context + type: object + type: array + required: + - name + - patterns + type: object + type: array + required: + - name + type: object + required: + - sensor + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvcomplianceprofiles.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvComplianceProfile + listKind: NvComplianceProfileList + plural: nvcomplianceprofiles + singular: nvcomplianceprofile + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + templates: + properties: + disable_system: + type: boolean + entries: + items: + properties: + tags: + items: + type: string + type: array + test_number: + type: string + required: + - test_number + type: object + type: array + required: + - entries + type: object + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvvulnerabilityprofiles.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvVulnerabilityProfile + listKind: NvVulnerabilityProfileList + plural: nvvulnerabilityprofiles + singular: nvvulnerabilityprofile + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + profile: + properties: + entries: + items: + properties: + comment: + type: string + days: + type: integer + domains: + items: + type: string + type: array + images: + items: + type: string + type: array + name: + type: string + required: + - name + type: object + type: array + required: + - entries + type: object + required: + - profile + type: object + type: object +{{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: neuvector-svc-crd-webhook + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + ports: + - port: 443 + targetPort: 30443 + protocol: TCP + name: crd-webhook + type: {{ .Values.crdwebhook.type }} + selector: + app: neuvector-controller-pod +{{- end }} diff --git a/charts/neuvector-crd/102.0.9+up2.7.6/values.yaml b/charts/neuvector-crd/102.0.9+up2.7.6/values.yaml new file mode 100644 index 0000000000..e899decf01 --- /dev/null +++ b/charts/neuvector-crd/102.0.9+up2.7.6/values.yaml @@ -0,0 +1,9 @@ +# Default values for neuvector. +# This is a YAML-formatted file. +# Declare variables to be passed into the templates. + +openshift: false + +crdwebhook: + type: ClusterIP + enabled: true diff --git a/index.yaml b/index.yaml index a6fb4b2d7d..0ee6b701c6 100755 --- a/index.yaml +++ b/index.yaml @@ -5526,6 +5526,26 @@ entries: urls: - assets/neuvector-crd/neuvector-crd-103.0.0+up2.6.4.tgz version: 103.0.0+up2.6.4 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/release-name: neuvector-crd + apiVersion: v1 + appVersion: 5.3.2 + created: "2024-04-18T14:30:13.942085-03:00" + description: Helm chart for NeuVector's CRD services + digest: 68588f94dd25824a2a93bf3457b08143005727895e7bfb0454b436edd64157dc + home: https://neuvector.com + icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 + maintainers: + - email: support@neuvector.com + name: becitsthere + name: neuvector-crd + type: application + urls: + - assets/neuvector-crd/neuvector-crd-102.0.9+up2.7.6.tgz + version: 102.0.9+up2.7.6 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" diff --git a/release.yaml b/release.yaml index 7590b73e05..297dff98c0 100644 --- a/release.yaml +++ b/release.yaml @@ -38,6 +38,7 @@ neuvector-crd: - 102.0.7+up2.7.1 - 103.0.2+up2.7.3 - 102.0.8+up2.7.3 + - 102.0.9+up2.7.6 neuvector-monitor: - 102.0.6+up2.6.6 - 103.0.1+up2.7.1