From 289cffc882af82bdb617802b6817de74a1b00b13 Mon Sep 17 00:00:00 2001 From: Lucas Lopes Date: Thu, 18 Apr 2024 14:33:31 -0300 Subject: [PATCH] make forward-port neuvector-crd 102.0.9+up2.7.6 --- .../neuvector-monitor-102.0.9+up2.7.6.tgz | Bin 0 -> 8351 bytes .../102.0.9+up2.7.6/Chart.yaml | 27 + .../102.0.9+up2.7.6/README.md | 22 + .../102.0.9+up2.7.6/app-readme.md | 5 + .../dashboards/nv_dashboard.json | 2036 +++++++++++++++++ .../102.0.9+up2.7.6/questions.yaml | 27 + .../102.0.9+up2.7.6/templates/_helpers.tpl | 40 + .../102.0.9+up2.7.6/templates/dashboard.yaml | 19 + .../templates/exporter-deployment.yaml | 75 + .../templates/exporter-service.yaml | 28 + .../templates/exporter-servicemonitor.yaml | 39 + .../102.0.9+up2.7.6/templates/secret.yaml | 15 + .../102.0.9+up2.7.6/values.yaml | 59 + index.yaml | 31 + release.yaml | 1 + 15 files changed, 2424 insertions(+) create mode 100644 assets/neuvector-monitor/neuvector-monitor-102.0.9+up2.7.6.tgz create mode 100644 charts/neuvector-monitor/102.0.9+up2.7.6/Chart.yaml create mode 100644 charts/neuvector-monitor/102.0.9+up2.7.6/README.md create mode 100644 charts/neuvector-monitor/102.0.9+up2.7.6/app-readme.md create mode 100644 charts/neuvector-monitor/102.0.9+up2.7.6/dashboards/nv_dashboard.json create mode 100644 charts/neuvector-monitor/102.0.9+up2.7.6/questions.yaml create mode 100644 charts/neuvector-monitor/102.0.9+up2.7.6/templates/_helpers.tpl create mode 100644 charts/neuvector-monitor/102.0.9+up2.7.6/templates/dashboard.yaml create mode 100644 charts/neuvector-monitor/102.0.9+up2.7.6/templates/exporter-deployment.yaml create mode 100644 charts/neuvector-monitor/102.0.9+up2.7.6/templates/exporter-service.yaml create mode 100644 charts/neuvector-monitor/102.0.9+up2.7.6/templates/exporter-servicemonitor.yaml create mode 100644 charts/neuvector-monitor/102.0.9+up2.7.6/templates/secret.yaml create mode 100644 charts/neuvector-monitor/102.0.9+up2.7.6/values.yaml diff --git a/assets/neuvector-monitor/neuvector-monitor-102.0.9+up2.7.6.tgz b/assets/neuvector-monitor/neuvector-monitor-102.0.9+up2.7.6.tgz new file mode 100644 index 0000000000000000000000000000000000000000..8f952fa90796d006871d2412e2cbc6692d5d4a44 GIT binary patch literal 8351 zcmV;QAYk7giwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBhbKAI*Xg>2-^wQ^?Np>w+l3$7H%(>UGotfN?6PN8|ZgwW+ zKqMsLm?Ss=C|eWzzi$EHn;<3m?L@3f#UdWvXf*nT1{mOIf*nCw%clVml&$TK5fkkx z^1Wxb^mIC%&eq0;`oGiZl>hH;ZLL4+Zfte7y1ia^qx-DW-Pqb*e+He~LZIo1xIpY# z=f<$ggL@(m3IZySAT;283&24Fd34lvkPsej6T0SLCdiOrw+{>j&KNUeHJ9+vL(^7( zeB6ikIQpcx3Jx?^8QYvi1KgTm#t9Aj@YBD3?zX!x+nrVi{t4Z7@0I-XCu2(qg@?$& zeb6sk86Wd07uYv8qr49u38D*QX^5Fm1aHl##pr~%n72j~)`t{q+oAs2q-$&v)2%R6 z=(V@wq4wG@>qpA4hY`myT`Q~A*hWl4NfCesfdb?-2m^+MwLcRJGdp-;?5)s4TNZA3;sVYO>3qY>hq5%k+V~HVU5Tj3m z5u6h-wg3(p^|2V^h_C&^&=3WvZH=iM^jL_H_t(}6w6=&Np(kZ%f&^l`*B%iujs_9O z%%Oq6flw0@t#x0mZ*BLsH~$a+x!39ZWAgKcb%v+sl)1cbwSZ$MVnj?WACW*H5@4p@ zV;>Q(4?GG(%EbRIq5z<0Wq=(bxEN!Gt-5*QG-3``eI__-R26<{{p>F*ot18<*Y31m z{Z|y~`MK5gUzPt8L5!e*hq+wt0}LVJ9J@dQK|zc$2<(R* z5}3CwYvj=Z@?wo6JS_hL(4sp==m?Jp7i`)G+qNv0{&J~vhFP0Xi(p6=tmjnrbf4C=sF(CufX;k))R-v7mr}VdT=l zn}U>J@E;by?#a=+(~rmdNAGtI_WOWbp9IP4!=2;f-##4eWv?BOMOZ$TbSaKwxYv`|t;g;;LHHbTGkw9P;Ag>R$#KOL5KP?^& z0xbGqqcG(0FIx_Kq;=jN;^P5D%&nOvt#V@1$F^Ywj-bbaLrAy<2gO0W?E4rw)JXJUx|@XGDb>-<3hXk zOne&~n#Q#P#|}fGT;2k+3G&)f4#*|Xu~=1IWp)R+u_WZhHd6RS9J?A!@>Yo@4dVa{ zMw}z8P~WA&kc{+l4nuD$|KP|ErCdZqDRxx%Bp9v2Ad<3YNSOpS!dxQXjyq*|*f*I9 zInhEx%#c*srgsC64%VbKv$jW_$j5=E%^C_x+jm!(#@12TDv*AD6eJk&KK%YAMrMw& z#p6f@_fVr?CHx;+zdrV-YX7BbdhK+Ky%00r7U7Ld!5Q{nZ+&yKWdCjVwlc6SQp^7AOR_j)+=u^MySlPuEo=WGM1iY>rc^dShw5+T^R=zGUQ0?* z5@4`1BU0A3p_P>@Dcjb8CTVRz`;&G$WX%r~%ouSoTuRL!IIy*@{v`f!G#ru(uv=MY zIB?b98pBm-VTA~baY|>@z_~b?}*UG z=m0BC14x?N68RY02I9(EMFNvyO3$P)rD;;9w!&OQ_juOR-_!v5KhHm}IXqKZ=w8~f zF{2x&xE9_nj9|z}AckQ7owxqZ?NV)p5oyL=Vnz&;|uG7w45@|9zb%w#L z+1KizFxPhTd_A)x(Xw)+_B(%4ULoM!q+H(@O|Q;Nn2QMouJEC1-s{c`sNY zQrfs#5U+f9waBHDILS!Y{x_G?erd@WdqX_T+rMA|c0M#vt}fM10s)F39-94s_@_z! zC+yR5ap=*h^uDj931-Ou&F*^1|Lb+PHaC{?|302N0hEaQR!QEYFyw2g(BDfL!zA^a z!r`ru8dSg>!dw}{s&>Mt22;762jsJFSrBR?U2ab_1Hn|@|auU3oaM2xE}p6*v|$9 zZbnl8S66Gf*ShJN0pq^OI#wOG1scKCm0iFm_K6ok<5qy?XJ;lR1^HbYT#$0S9*=A@ z7Ot*l;yVl7bfFzmk2upl?0DyB%1h169ACGoS%gr_{tZi@+nWP*988LxB@03A67L+o zJw4t(`t){pzfcMEmcQBg(mTIJFj>F*|NrpA(aHYNsr=8}X-U^WRYv7(jokKh-qAFI ze*fmf(eD1y>G8?V$#D(rZ{Owwk~xyL+NZROd|glPH;npanrn@Bgoo9cH4VGC<6a&w z092L1oNd2-Gc3G(moo)qOOK_Q6bwt-S(Mhx(z|;~&s_drlI?KKFyO5C-^TVv+5hXV zZ!P`5`*>pEgaWtT2Q*lC6Q|ZgOr68niCWY%oZBmGFhD2HTmdta!rjO^Pleq>`kyeD zSCqP`I!DT+G9*!CX*RyPd6zYdc~$T{XCPO5wBO}w+b?3Gl`^yHa4JEnQeW1MiQfY4 z$V%J7$}6;@_p8&F4$Dr|bEhskcSse_Uf>H83mxW24h6$^YKw zQvTo1Q)iqOQ~GL!eU``Hb|}M?C+8pvDj+!o@&KBkIE?Q_Da<)*^KV?48`ka&CEDf| z!l3y{KCX7BW;*Gu)x-oia6?LhvZ^R*hB*nBrhaBIyEN_7sK;hCulP|@NWcThW_ttZwbPn6E@ zn6yWs3S7cqYXb)kT*99b6*2hId7s*Dk}Ae-3{tPU{*U%|_73*jzI$stHp~9s>X!4r zH+swSfA{mO|jF9Q!X@d?i^(xTF(49ad*_$$bM6p>>(do8?3%vs5YY<~3V2mcXDDM^9 z7Ugn$hCop8=!gUmACAq=RJI}G4yl^cwV{Ek)f2#1v-bE3|0owFkiVu=&Cf^}V%Mte z;}Sk{%oKf_@H~!2Bg};?O7hHQm1KdcGpYI@YkIb|l^t%qgs-Ybk<=xWFX0ezeomR& zh>5u`iBcuU^yC2gH^erk^##qDO0%=b9n#Z z1j5MkVE6FjnvZ?TP4zE6`RX+XUM37IbRzR565TzRct;6txn8DUVs@I5KndFpdgUa)}j7@ z1lZL*%Jrt?iCoO^4oxwG?HrsTVfY+*UOO2Wa2#+V$OMBl&vh@kA!JR{F-W&TuKD)D zCJ`KJeea_)3_M~Oj`ojFVCV2{s-B0jNukA<)UY|lOn7pJx_yU&p}PK?GP$n@qjCLr z*Ec(x<@kSRqq98!c`wg53&1`-B|#VoZujAL9V(6^X0|$6*aurK7k!0|y_%FMS6dcl zR$W$@yCX-2YcAZff~`btN0zm ze@291!zdG+;$spSK;jx-Csg^RTo51hlV#mbyVqWiFcJ7fGAt-ON3gV>r`i3y@g<%vYg||0^ zKzz(GBiJxCCtB4O3#;JLHIdutl8eI9OPFwxE{6;&0DBM-PrQ{qbyu^uIWFqwYB%$l zDvydwDJ{Cn^{&;Ot#5qEy&n_T@Rm3<*rgt2vR^hDpy!=c=ykiR(A(Txh3<ae#YMW<63l-i-%38r>@%SoY7ppg+ zZc9_|Jw4A4QnRZ;lGZRtGker9M@kQS#E5%Hd9ll}nvh&C62tY}?~7!3@ozazol4&d z^!m&6x4yfs1k0grh2uRGj3PABtJgy$D98gIb$-xd~LV0zV&A7|Ly(H%Uwg?zYy_jG|0L$UAFh)kKm8spKC6e{439m zzMgE`N9@d{=RuVpwH@-QqU~^2k5NO+T2co6oh_-q zeao6(RR^MiQ95i}>^u%>@G{dovB1s0%#lot8Rlc^xjdgmeN_^gVMu}z&*>fg6#J}M zin(rtBSnBM#a3b2#T6LlkyjSw8TBN+2f+VoYq`;_=R#127Tv5S23lJw8$ zQ%gfMP<}HmjmhQ$hgG6g$(EZXd*DUoepCe&+>J$kd8~!sUuvf@3Y1E;0~%nn4x{mf zA6k{nFVxp($n^F3WO{Ei^Hd57O;a0P>>+^;RmMnBwb!WtkFtY!jx_ypcqpx!lq!pHp6b@;19+XVLQlks;puA7zK7MFX}*a z!8wDJH+Z8iiWkqf^1Hebo)Z_pLsJ?FJ9nMmViHvuX2n4kXi#gK&JvX{OI$*Q_wj|= zPi7UPRF#El=>?Nh9{E0E)6+D}TO_o;Ni(tYPfNDEs-m`f0%3xaaFe!P1q~a-B z@NzNW5f0opDe!OKG;Oc0irp|g)Sh@wKqkWBOI6b)@pCxR2W4TGMuDg*I_3NQ5Q@&l z4)Kw)lGm3SFlqMvX+S=vOx&*u+?r1XzWmWOpoh44PsMw=K$eQ|!4;u1!R{a#+jp!B zcR%feTw4RgF_g#qV{5{40BxxWmzwY)Ux-g{fckK`E5$?!E zk6k#V?)U8thRDN0;FjYd&WTgcBTmEx^{XAB3&LMh=3;g{F7C9HD($KeKX(5IGul)w zFP$^N~m@X$k!+Cn!hT~%p-*p5d=L0qR(Ds~w_B*tdh7;un>_Xrn^45AoBg&@hYi9t7x zijV1estfG^PjCfS9-^RW*jymzj07VSDkDatPz#a@;r;x4HzJvtPYIh<041H#;jrE) ztKXb>SaWT}Fb)>A*UHtK05I$}b^o$+Lt`++%)x@*N9wX*{HjRAK@cMBW&2L&hnC;yzRE!vMx9OvGrc}hHCHO z_rup~v|Vq(5XgN+Ky=#DG6wSF#6Xbi6D|jI>f(Tu*5hM|gWN3op~eL}$v_PmU*AXQ zLt08Ch-k!HNA73u7k1}bv|FbiQwi^p(O9&owu!2uUa^9UFAT!oph^Jj-b{#7?0NLO z8CGvDSnD%k)hWmvsP!9|2U?U{4VCZJ=t+juF%J00Fo|YZEKf3tubjb9W3)V0n`N29 z_k)-!Y3f4i7=PEhHaY)4&g1)TEth5D!V^({%ZR{DlOk%AYxmXNY1aXA&PI$zfx8R~ z%+$3NQ{)F%wl3ig4Fc>4?C$>v$@6=;0Yi1fb7)?NdXXPAOn0Iyb|c1cAPhXL7F}H0 zfb{pK<7;y=JTeN5f=D;Ro@bUa1!^cWx~N!79Sw;mFpJOdn)cF3AQiNzDLs!f2G%>B z+95viUF`++Efq91SK8d)eWjrS)w5O5+%dDFSfNtp(Sg%ktRC~H^W9V{SqXT#mCpzBlQ*5~;X ziIc<3bNyg5@D6bSTuSUamh}{#~*E zyi9qlj5Ii;718%_bP@ESsj`Q;Ac0=2i;>1Ezs;GwG)?ZbUv>U&&yE1REJXlbl_CJ; zoPezgOdVcti~yLueC&C@VyQcot(8w$vxk(5$_(4;3fd!jZodCSU;1;1Mln@Q?pmGe zt$lq~b?ABI*E{k&mtt)+5@m&7F>-O$UsaiNucyt{qspqQ4g-o@RwrMZ7-go{&mBfR zuLQh)KuIECF^W^Z^eG!o1tE0{O@r5oJc4*?$`of$8F7YajJnIIx3Rejn;ZIHr~T?h z+56D7*0)!o+k3SN8y#8gWlg=!&MI`bd#fOO?X+KQzo=&qsdh34|MTb1pIZk9t-U?? z_1C^%%FoQjhkM010SV5G>>j&fC)zwN1{Xpk1ZHYp57hTJO4*_ebIc|ga)!%SI-&(bf5{hvK|6cz=qMNV zV<_Nq_;w-b_7sgq43Cf~B^D*M(_8*(m_yI5{!+#XeWR6YVGKFVe>HQ(>+XEaN`CZp zdZBED0x7`iIw~?MzEB^cf1PO5ie;&UkVzFQ%R_%Ks;*oa;k>StxV0sU8J$|V|E7bw zqVyXlbrnKd3pTz~xUM+8+0a}{(~&kB*D4)nCb=ugI`*d|Dz(ux4PEmbXkgp*6V%-_ zPfxFDZq{oiri!6QN7Z9j*`<v}z%bLFNceT9cU)rRowg50Y*cc2Zdi)yIui@~LnUShhJnDjh5 z(3WS(IZ&JlS&?lpoefuW;k|-UOmZ+tg;Onf;;BL3`+05;4=X(^&vP%&b1%Rewv>DJwfxcCJ)@jNPDv&;bHv!gkYRby`5fnBv)L8xGr z7KLO;@JXV@2!8a(2%4?Kicg&yhb1lX#Erw)z~hmh7-kJ+FX93-*!{F$xyW*{P1ojK(&9|T*-a(! zb$>DHvZavQOKmg|7K~*t8e>ksk7&Vm;K1|(p@Hp(IIgH&!@<=+RV97=)R#Lu2qPtP)Tz^_(YvEAI@*0Ww z8i{LM^6;F4 z_6UcROH*LF_SQ!u+=mlXov(V%UdBmhK$*EjswqiNA)+@wf=Z-byZJJ$NUsDE*%&a^UE(#R+FpIUfUjLUf)l?stSogbOwWdVEzfu@ z&v-4*csusq%M zsKW(|pWb>Z7Xn`Ml-7c`{#kKv5}veY)Rb@P(c0V@V;^PAu&%DJw*|`CL$**;Ao8}I zX8epp@-eyi3o0ef<=9i7!8OL+l8@LPnz<&6w&&Q&xNM{ZEnSpF0_7O*sLv;rKlWUQ@I|>Q zKO^Bs<{eK1$AEUiBssLLJmX1`eWmA|d1eb5zq1R?LgJj|bh?}q z7Y9Xbk|CWYizzQ|?9E(+rrXK?$d{}aN-`;HZ~FNbe!fM%B;FnVl8i=5g51o_?5&&S zFxy+Xzq`HMkKRW9M`nK8+io7O__Dbo{r{34Q6KD&C%bn1GL{AJar6l*>7(AqA~l$t zx`>Yl6fw8c>2!7BBwgH!dF*qH&yEGs%EGp;o-Lp6@Ck4JxlBTw*${j|O49)rk)h87Cl!~YiI?c=iP-?gj`$-EGwueI`#uk7I9>o_Qt7PUl zs&6-qK%h|p^$Ky6~yAS#!$4pu#wWBcC%?~3k-OX^WA+tjBaOe2=w+}~qi=lal pI6tS%od?Za-C1Zp^paaX%V+s4pGWchZvX%Q|NmBLz1;v30RR)pS}6bk literal 0 HcmV?d00001 diff --git a/charts/neuvector-monitor/102.0.9+up2.7.6/Chart.yaml b/charts/neuvector-monitor/102.0.9+up2.7.6/Chart.yaml new file mode 100644 index 0000000000..0c271af5b5 --- /dev/null +++ b/charts/neuvector-monitor/102.0.9+up2.7.6/Chart.yaml @@ -0,0 +1,27 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: NeuVector Monitor + catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.29.0-0' + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux + catalog.cattle.io/provides-gvr: neuvector.com/v1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: neuvector-monitor + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 2.7.6 +apiVersion: v1 +appVersion: 5.3.2 +description: Helm feature chart (optional) add-on to NeuVector for monitoring with + Prometheus/Grafana. +home: https://neuvector.com +icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 +keywords: +- security +maintainers: +- email: support@neuvector.com + name: becitsthere +name: neuvector-monitor +sources: +- https://github.com/neuvector/neuvector +version: 102.0.9+up2.7.6 diff --git a/charts/neuvector-monitor/102.0.9+up2.7.6/README.md b/charts/neuvector-monitor/102.0.9+up2.7.6/README.md new file mode 100644 index 0000000000..897f52ed5a --- /dev/null +++ b/charts/neuvector-monitor/102.0.9+up2.7.6/README.md @@ -0,0 +1,22 @@ +# NeuVector Helm Chart + +Helm chart for NeuVector's monitoring services. + +## Configuration + +The following table lists the configurable parameters of the NeuVector chart and their default values. + +Parameter | Description | Default | Notes +--------- | ----------- | ------- | ----- +`registry` | NeuVector container registry | `registry.neuvector.com` | +`oem` | OEM release name | `nil` | +`leastPrivilege` | Assume monitor chart is always installed after the core chart, so service accounts created by the core chart will be used. Keep this value as same as in the core chart. | `false` | +`exporter.enabled` | If true, create Prometheus exporter | `false` | +`exporter.image.repository` | exporter image name | `neuvector/prometheus-exporter` | +`exporter.image.tag` | exporter image tag | `latest` | +`exporter.ctrlSecretName` | existing secret that have CTRL_USERNAME and CTRL_PASSWORD fields to login to the controller. | `nil` | if parameter exists then `exporter.CTRL_USERNAME` & `exporter.CTRL_PASSWORD` will be skipped +`exporter.CTRL_USERNAME` | Username to login to the controller. Suggest to replace the default admin user to a read-only user | `admin` | +`exporter.CTRL_PASSWORD` | Password to login to the controller. | `admin` | +`exporter.enforcerStats.enabled` | If true, enable the Enforcers stats | `false` | For the performance reason, by default the exporter does NOT pull CPU/memory usage from enforcers. +--- + diff --git a/charts/neuvector-monitor/102.0.9+up2.7.6/app-readme.md b/charts/neuvector-monitor/102.0.9+up2.7.6/app-readme.md new file mode 100644 index 0000000000..e0faed5b50 --- /dev/null +++ b/charts/neuvector-monitor/102.0.9+up2.7.6/app-readme.md @@ -0,0 +1,5 @@ +### Run-Time Protection Without Compromise + +NeuVector delivers a complete run-time security solution with container process/file system protection and vulnerability scanning combined with the only true Layer 7 container firewall. Protect sensitive data with a complete container security platform. + +Helm chart for NeuVector's monitoring services. Please make sure REST API service for controller in core chart is enabled. diff --git a/charts/neuvector-monitor/102.0.9+up2.7.6/dashboards/nv_dashboard.json b/charts/neuvector-monitor/102.0.9+up2.7.6/dashboards/nv_dashboard.json new file mode 100644 index 0000000000..1da8b12e94 --- /dev/null +++ b/charts/neuvector-monitor/102.0.9+up2.7.6/dashboards/nv_dashboard.json @@ -0,0 +1,2036 @@ +{ + "__inputs": [ + { + "name": "datasource", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "10.2.3" + }, + { + "type": "panel", + "id": "piechart", + "name": "Pie chart", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "table", + "name": "Table", + "version": "" + }, + { + "type": "panel", + "id": "text", + "name": "Text", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "gridPos": { + "h": 10, + "w": 3, + "x": 0, + "y": 0 + }, + "id": 38, + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "
\n \n ![NeuVector Logo](https://avatars.githubusercontent.com/u/19367275?s=200&v=4)
\n
\n [Documentation](https://open-docs.neuvector.com)
\n
\n [Users Slack Channel](https://rancher-users.slack.com/archives/C036F6JDZ8C)
\n
\n [GitHub](https://github.com/neuvector)\n\n
", + "mode": "markdown" + }, + "pluginVersion": "10.2.3", + "title": "NeuVector Product Links", + "type": "text" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 3, + "y": 0 + }, + "id": 25, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "nv_summary_enforcers", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "Enforcer Replica Count", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 3, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 6, + "y": 0 + }, + "id": 8, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "nv_summary_cvedbVersion", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "CVE Database Version", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 9, + "y": 0 + }, + "id": 20, + "links": [], + "maxDataPoints": 1000, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "nv_summary_pods", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "Discovered Pod Count", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 34, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "max(nv_controller_cpu) by (display)\n", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{display}}", + "range": true, + "refId": "A" + } + ], + "title": "Controller CPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 3, + "y": 3 + }, + "id": 32, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "nv_admission_denied", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Denied Admissions", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-RdYlGr" + }, + "mappings": [ + { + "options": { + "1": { + "color": "light-orange", + "index": 1 + }, + "2": { + "color": "yellow", + "index": 2 + }, + "3": { + "color": "green", + "index": 3 + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 0, + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 6, + "y": 3 + }, + "id": 2, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "nv_summary_controllers", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "Controller Replicas", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 9, + "y": 3 + }, + "id": 19, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "center", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value", + "wideLayout": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "nv_summary_disconnectedEnforcers", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "Disconnected Enforcers", + "type": "stat" + }, + { + "columns": [ + { + "text": "Current", + "value": "current" + } + ], + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "center", + "cellOptions": { + "type": "auto" + }, + "filterable": false, + "inspect": false, + "width": 300 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "string" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "log" + }, + "properties": [ + { + "id": "custom.width", + "value": 101 + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + }, + { + "id": "color", + "value": { + "fixedColor": "light-orange", + "mode": "fixed" + } + }, + { + "id": "displayName", + "value": "Event Type" + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "name" + }, + "properties": [ + { + "id": "custom.filterable", + "value": true + }, + { + "id": "displayName", + "value": "Violation Type" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Last seen" + }, + "properties": [ + { + "id": "unit", + "value": "dateTimeAsIso" + }, + { + "id": "custom.width", + "value": 200 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "fromname" + }, + "properties": [ + { + "id": "displayName", + "value": "Source Pod" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "toname" + }, + "properties": [ + { + "id": "displayName", + "value": "Destination Pod" + } + ] + } + ] + }, + "fontSize": "90%", + "gridPos": { + "h": 8, + "w": 9, + "x": 3, + "y": 6 + }, + "id": 29, + "links": [], + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Last seen" + } + ] + }, + "pluginVersion": "10.2.3", + "scroll": true, + "showHeader": true, + "sort": { + "col": 1, + "desc": true + }, + "styles": [ + { + "alias": "Event", + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm", + "decimals": 2, + "link": false, + "mappingType": 1, + "pattern": "Metric", + "preserveFormat": false, + "sanitize": true, + "thresholds": [], + "type": "string", + "unit": "short" + }, + { + "alias": "Time", + "colorMode": "value", + "colors": [ + "#E0B400", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 0, + "pattern": "Current", + "thresholds": [], + "type": "number", + "unit": "dateTimeAsIso" + } + ], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "nv_log_events", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "range": false, + "refId": "A" + } + ], + "title": "Security Event Log", + "transform": "timeseries_aggregations", + "transformations": [ + { + "id": "labelsToFields", + "options": {} + }, + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "endpoint": true, + "fromns": true, + "id": true, + "instance": true, + "job": true, + "namespace": true, + "pod": true, + "service": true, + "target": true, + "tons": true + }, + "indexByName": { + "Time": 0, + "Value": 14, + "endpoint": 1, + "fromname": 7, + "fromns": 15, + "id": 2, + "instance": 3, + "job": 4, + "log": 5, + "name": 6, + "namespace": 8, + "pod": 9, + "service": 10, + "target": 11, + "toname": 12, + "tons": 13 + }, + "renameByName": {} + } + }, + { + "id": "groupBy", + "options": { + "fields": { + "Value": { + "aggregations": [ + "max" + ], + "operation": "aggregate" + }, + "fromname": { + "aggregations": [], + "operation": "groupby" + }, + "log": { + "aggregations": [], + "operation": "groupby" + }, + "name": { + "aggregations": [], + "operation": "groupby" + }, + "toname": { + "aggregations": [], + "operation": "groupby" + } + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Value (lastNotNull)": "Last seen", + "Value (max)": "Last seen" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 6 + }, + "id": 12, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "max(nv_controller_memory) by (display)", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{display}}", + "range": true, + "refId": "A" + } + ], + "title": "Controller Memory Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Value #A" + }, + "properties": [ + { + "id": "displayName", + "value": "High" + }, + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #B" + }, + "properties": [ + { + "id": "displayName", + "value": "Medium" + }, + { + "id": "color", + "value": { + "fixedColor": "light-orange", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 14, + "w": 3, + "x": 0, + "y": 10 + }, + "id": 24, + "links": [], + "options": { + "displayLabels": [ + "value" + ], + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": true, + "values": [] + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "none", + "sort": "none" + } + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(nv_container_vulnerabilityHigh) by (service)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(nv_container_vulnerabilityMedium) by (service)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "B" + } + ], + "title": "Cluster CVE Count", + "transformations": [ + { + "id": "merge", + "options": { + "reducers": [] + } + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "indexByName": {}, + "renameByName": {} + } + } + ], + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 12 + }, + "id": 10, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "max(nv_enforcer_cpu) by (display)\n", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{display}}", + "range": true, + "refId": "A" + } + ], + "title": "Enforcer CPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "center", + "cellOptions": { + "type": "auto" + }, + "inspect": false, + "width": 101 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "exported_service" + }, + "properties": [ + { + "id": "custom.filterable", + "value": true + }, + { + "id": "displayName", + "value": "Cluster Service Name" + }, + { + "id": "custom.inspect", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #A" + }, + "properties": [ + { + "id": "displayName", + "value": "High" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #B" + }, + "properties": [ + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + }, + { + "id": "displayName", + "value": "Medium" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "light-orange", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "exported_service" + }, + "properties": [ + { + "id": "custom.width", + "value": 300 + }, + { + "id": "custom.align", + "value": "right" + }, + { + "id": "displayName", + "value": "Cluster Service Name" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 4, + "x": 3, + "y": 14 + }, + "id": 36, + "links": [], + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(nv_container_vulnerabilityHigh) by (exported_service)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(nv_container_vulnerabilityMedium) by (exported_service)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "B" + } + ], + "title": "Vulnerabilities by Service", + "transformations": [ + { + "id": "merge", + "options": { + "reducers": [] + } + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "indexByName": {}, + "renameByName": {} + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "center", + "cellOptions": { + "type": "auto" + }, + "filterable": false, + "inspect": false, + "minWidth": 50 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "name" + }, + "properties": [ + { + "id": "unit", + "value": "string" + }, + { + "id": "custom.align", + "value": "right" + }, + { + "id": "custom.inspect", + "value": true + }, + { + "id": "custom.filterable", + "value": true + }, + { + "id": "displayName", + "value": "Repository/Image: Tag" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #A" + }, + "properties": [ + { + "id": "displayName", + "value": "High" + }, + { + "id": "unit", + "value": "none" + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + }, + { + "id": "color" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #B" + }, + "properties": [ + { + "id": "displayName", + "value": "Medium" + }, + { + "id": "unit", + "value": "none" + }, + { + "id": "custom.cellOptions", + "value": { + "type": "color-text" + } + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "light-orange", + "value": 1 + } + ] + } + }, + { + "id": "color" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 5, + "x": 7, + "y": 14 + }, + "id": 33, + "links": [], + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(nv_image_vulnerabilityHigh) by (name)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(nv_image_vulnerabilityMedium) by (name)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "B" + } + ], + "title": "Registry Images Vulnerabilities", + "transformations": [ + { + "id": "merge", + "options": { + "reducers": [] + } + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "indexByName": {}, + "renameByName": {} + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 35, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.2.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "exemplar": true, + "expr": "max(nv_enforcer_memory) by (display)", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{display}}", + "refId": "A" + } + ], + "title": "Enforcer Memory Usage", + "type": "timeseries" + } + ], + "refresh": "15s", + "schemaVersion": 39, + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "prometheus" + }, + "hide": 0, + "includeAll": false, + "label": "Data Source", + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "hidden": false, + "refresh_intervals": [ + "5s", + "10s", + "15s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "NeuVector", + "uid": "nv_dashboard0001", + "version": 1, + "weekStart": "" +} \ No newline at end of file diff --git a/charts/neuvector-monitor/102.0.9+up2.7.6/questions.yaml b/charts/neuvector-monitor/102.0.9+up2.7.6/questions.yaml new file mode 100644 index 0000000000..b8d51b3791 --- /dev/null +++ b/charts/neuvector-monitor/102.0.9+up2.7.6/questions.yaml @@ -0,0 +1,27 @@ +questions: +#monitor configurations +- variable: exporter.image.repository + default: "neuvector/prometheus-exporter" + description: exporter image repository + type: string + label: Exporter Image Path + group: "Container Images" +- variable: exporter.image.tag + default: "" + description: image tag for exporter + type: string + label: exporter Image Tag + group: "Container Images" +#controller crendential configuration +- variable: exporter.CTRL_USERNAME + default: "admin" + description: Controller Username + type: string + label: Controller Username + group: "Controller Crendential" +- variable: exporter.CTRL_PASSWORD + default: "admin" + description: Controller Password + type: string + label: Controller Password + group: "Controller Crendential" diff --git a/charts/neuvector-monitor/102.0.9+up2.7.6/templates/_helpers.tpl b/charts/neuvector-monitor/102.0.9+up2.7.6/templates/_helpers.tpl new file mode 100644 index 0000000000..5d21a18241 --- /dev/null +++ b/charts/neuvector-monitor/102.0.9+up2.7.6/templates/_helpers.tpl @@ -0,0 +1,40 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "neuvector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "neuvector.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "neuvector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/neuvector-monitor/102.0.9+up2.7.6/templates/dashboard.yaml b/charts/neuvector-monitor/102.0.9+up2.7.6/templates/dashboard.yaml new file mode 100644 index 0000000000..9a6840a4d8 --- /dev/null +++ b/charts/neuvector-monitor/102.0.9+up2.7.6/templates/dashboard.yaml @@ -0,0 +1,19 @@ +{{- if .Values.exporter.grafanaDashboard.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: nv-grafana-dashboard + namespace: {{ .Values.exporter.grafanaDashboard.namespace | default .Release.Namespace }} + labels: + grafana_dashboard: "1" +{{- if .Values.exporter.grafanaDashboard.labels }} + {{- toYaml .Values.exporter.grafanaDashboard.labels | nindent 4}} +{{- end }} +{{- if .Values.exporter.grafanaDashboard.annotations }} + annotations: + {{- toYaml .Values.exporter.grafanaDashboard.annotations | nindent 4}} +{{- end }} +data: + nv_dashboard.json: | +{{ .Files.Get "dashboards/nv_dashboard.json" | indent 4 }} +{{- end }} diff --git a/charts/neuvector-monitor/102.0.9+up2.7.6/templates/exporter-deployment.yaml b/charts/neuvector-monitor/102.0.9+up2.7.6/templates/exporter-deployment.yaml new file mode 100644 index 0000000000..8309f8a412 --- /dev/null +++ b/charts/neuvector-monitor/102.0.9+up2.7.6/templates/exporter-deployment.yaml @@ -0,0 +1,75 @@ +{{- if .Values.exporter.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: neuvector-prometheus-exporter-pod + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: 1 + selector: + matchLabels: + app: neuvector-prometheus-exporter-pod + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8068" + prometheus.io/scrape: "true" + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + labels: + app: neuvector-prometheus-exporter-pod + release: {{ .Release.Name }} + {{- with .Values.exporter.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + {{- if .Values.leastPrivilege }} + serviceAccountName: basic + serviceAccount: basic + {{- end }} + {{- with .Values.exporter.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: neuvector-prometheus-exporter-pod + {{ if eq .Values.registry "registry.neuvector.com" }} + {{ if .Values.oem }} + image: "{{ .Values.registry }}/{{ .Values.oem }}/prometheus-exporter:{{ .Values.exporter.image.tag }}" + {{- else }} + image: "{{ .Values.registry }}/prometheus-exporter:{{ .Values.exporter.image.tag }}" + {{- end }} + {{- else }} + image: {{ template "system_default_registry" . }}{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }} + {{- end }} + imagePullPolicy: Always + {{- with .Values.exporter.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: CTRL_API_SERVICE + value: {{ .Values.exporter.apiSvc }} + - name: EXPORTER_PORT + value: "8068" + {{- if .Values.exporter.enforcerStats.enabled }} + - name: ENFORCER_STATS + value: "{{.Values.exporter.enforcerStats.enabled | default "false"}}" + {{- end }} + envFrom: + - secretRef: + {{- if .Values.exporter.ctrlSecretName }} + name: {{ .Values.exporter.ctrlSecretName }} + {{ else }} + name: neuvector-prometheus-exporter-pod-secret + {{- end }} + restartPolicy: Always +{{- end }} diff --git a/charts/neuvector-monitor/102.0.9+up2.7.6/templates/exporter-service.yaml b/charts/neuvector-monitor/102.0.9+up2.7.6/templates/exporter-service.yaml new file mode 100644 index 0000000000..b304562709 --- /dev/null +++ b/charts/neuvector-monitor/102.0.9+up2.7.6/templates/exporter-service.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.exporter.enabled .Values.exporter.svc.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: neuvector-prometheus-exporter + namespace: {{ .Release.Namespace }} + {{- with .Values.exporter.svc.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + app: neuvector-prometheus-exporter +spec: + type: {{ .Values.exporter.svc.type }} + {{- if and .Values.exporter.svc.loadBalancerIP (eq .Values.exporter.svc.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.exporter.svc.loadBalancerIP }} + {{- end }} + ports: + - port: 8068 + name: metrics + targetPort: 8068 + protocol: TCP + selector: + app: neuvector-prometheus-exporter-pod +{{- end }} diff --git a/charts/neuvector-monitor/102.0.9+up2.7.6/templates/exporter-servicemonitor.yaml b/charts/neuvector-monitor/102.0.9+up2.7.6/templates/exporter-servicemonitor.yaml new file mode 100644 index 0000000000..25ca23d121 --- /dev/null +++ b/charts/neuvector-monitor/102.0.9+up2.7.6/templates/exporter-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.exporter.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: neuvector-prometheus-exporter + namespace: {{ .Release.Namespace }} + {{- with .Values.exporter.serviceMonitor.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.exporter.serviceMonitor.labels }} + {{- toYaml .Values.exporter.serviceMonitor.labels | nindent 4}} +{{- end }} +spec: + selector: + matchLabels: + app: neuvector-prometheus-exporter + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: metrics + {{- if .Values.exporter.serviceMonitor.interval }} + interval: {{ .Values.exporter.serviceMonitor.interval }} + {{- end }} + path: "/metrics" + {{- if .Values.exporter.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml .Values.exporter.serviceMonitor.metricRelabelings | nindent 6 }} + {{- end }} + {{- if .Values.exporter.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.exporter.serviceMonitor.relabelings | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/neuvector-monitor/102.0.9+up2.7.6/templates/secret.yaml b/charts/neuvector-monitor/102.0.9+up2.7.6/templates/secret.yaml new file mode 100644 index 0000000000..a751795995 --- /dev/null +++ b/charts/neuvector-monitor/102.0.9+up2.7.6/templates/secret.yaml @@ -0,0 +1,15 @@ +{{- if and (.Values.exporter.enabled) (not .Values.exporter.ctrlSecretName) -}} +apiVersion: v1 +kind: Secret +metadata: + name: neuvector-prometheus-exporter-pod-secret + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + CTRL_USERNAME: {{ .Values.exporter.CTRL_USERNAME | b64enc | quote }} + CTRL_PASSWORD: {{ .Values.exporter.CTRL_PASSWORD | b64enc | quote }} +{{- end }} diff --git a/charts/neuvector-monitor/102.0.9+up2.7.6/values.yaml b/charts/neuvector-monitor/102.0.9+up2.7.6/values.yaml new file mode 100644 index 0000000000..dc89881ed3 --- /dev/null +++ b/charts/neuvector-monitor/102.0.9+up2.7.6/values.yaml @@ -0,0 +1,59 @@ +# Default values for neuvector. +# This is a YAML-formatted file. +# Declare variables to be passed into the templates. + +global: + cattle: + systemDefaultRegistry: "" + +registry: docker.io +oem: '' +leastPrivilege: false + +exporter: + # If false, exporter will not be installed + enabled: true + image: + repository: rancher/mirrored-neuvector-prometheus-exporter + tag: 5.3.2 + # changes this to a readonly user ! + CTRL_USERNAME: admin + CTRL_PASSWORD: admin + ctrlSercretName: '' + enforcerStats: + enabled: false + ctrlSecretName: '' + apiSvc: neuvector-svc-controller-api:10443 + podLabels: {} + securityContext: {} + containerSecurityContext: {} + + svc: + enabled: true + type: ClusterIP + loadBalancerIP: '' + annotations: {} + # service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet" + + grafanaDashboard: + enabled: false + namespace: "" # Release namespace, if empty + labels: {} + # annotations: {} + # k8s-sidecar-target-directory: /tmp/dashboards/neuvector + + serviceMonitor: + enabled: false + # labels for the ServiceMonitor. + labels: {} + # annotations for the ServiceMonitor. + annotations: {} + # Scrape interval. If not set, the Prometheus default scrape interval is used. + interval: "" + # MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + # ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + metricRelabelings: [] + # RelabelConfigs to apply to samples before scraping + # ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + relabelings: [] diff --git a/index.yaml b/index.yaml index 5d5efc8e49..6ec75d8fa9 100755 --- a/index.yaml +++ b/index.yaml @@ -5908,6 +5908,37 @@ entries: urls: - assets/neuvector-monitor/neuvector-monitor-103.0.0+up2.6.4.tgz version: 103.0.0+up2.6.4 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: NeuVector Monitor + catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.29.0-0' + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux + catalog.cattle.io/provides-gvr: neuvector.com/v1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: neuvector-monitor + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 2.7.6 + apiVersion: v1 + appVersion: 5.3.2 + created: "2024-04-18T14:33:21.736905-03:00" + description: Helm feature chart (optional) add-on to NeuVector for monitoring + with Prometheus/Grafana. + digest: 30b7370721fa32ecf683411bc151580784b33ea152871721d89f284308c3643e + home: https://neuvector.com + icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 + keywords: + - security + maintainers: + - email: support@neuvector.com + name: becitsthere + name: neuvector-monitor + sources: + - https://github.com/neuvector/neuvector + urls: + - assets/neuvector-monitor/neuvector-monitor-102.0.9+up2.7.6.tgz + version: 102.0.9+up2.7.6 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: NeuVector Monitor diff --git a/release.yaml b/release.yaml index 770dd3d3ce..cded66e9ff 100644 --- a/release.yaml +++ b/release.yaml @@ -42,6 +42,7 @@ neuvector-monitor: - 103.0.1+up2.7.1 - 103.0.2+up2.7.3 - 102.0.8+up2.7.3 + - 102.0.9+up2.7.6 prometheus-federator: - 103.0.1+up0.4.1 - 104.0.0-rc1+up0.4.1