From 29476d14c181ae5ad2dcce4d1d231cffdfc781ef Mon Sep 17 00:00:00 2001 From: Lucas Lopes Date: Thu, 18 Apr 2024 16:22:25 -0300 Subject: [PATCH] make forward-port neuvector-crd 103.0.3+up2.7.6 --- .../neuvector-crd-103.0.3+up2.7.6.tgz | Bin 0 -> 3442 bytes .../neuvector-crd/103.0.3+up2.7.6/Chart.yaml | 16 + .../neuvector-crd/103.0.3+up2.7.6/README.md | 14 + .../103.0.3+up2.7.6/templates/_helpers.tpl | 32 + .../103.0.3+up2.7.6/templates/crd.yaml | 975 ++++++++++++++++++ .../neuvector-crd/103.0.3+up2.7.6/values.yaml | 9 + index.yaml | 20 + release.yaml | 1 + 8 files changed, 1067 insertions(+) create mode 100644 assets/neuvector-crd/neuvector-crd-103.0.3+up2.7.6.tgz create mode 100644 charts/neuvector-crd/103.0.3+up2.7.6/Chart.yaml create mode 100644 charts/neuvector-crd/103.0.3+up2.7.6/README.md create mode 100644 charts/neuvector-crd/103.0.3+up2.7.6/templates/_helpers.tpl create mode 100644 charts/neuvector-crd/103.0.3+up2.7.6/templates/crd.yaml create mode 100644 charts/neuvector-crd/103.0.3+up2.7.6/values.yaml diff --git a/assets/neuvector-crd/neuvector-crd-103.0.3+up2.7.6.tgz b/assets/neuvector-crd/neuvector-crd-103.0.3+up2.7.6.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3593fd89e57c7ee49e3e33fc5cbd1b9ecfcf4c32 GIT binary patch literal 3442 zcmV-&4UO_2iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PJ1=ciXlR&(HiTZpykOZAeR&W3PJ4w#@Ffytb}i(wDyd)xFU-3Ob!Bom?*;dIEsl<3?s@9VibywC?*3CB#S2~D%mD9NiZ8gM~MPEl`I)a zQRXDZ0ocTF(fQ=HRG3!2CXgYK80yytu+m=xlG8URB<0xvroDjV`TWmkQ9n8i5|pu^ zxiU%rMwUXXyEu%vfO9O~7*UTToW42(iDF7)l);4Sk|s*!a&T}kFENUF8qiovn&pux zQAEhYXiU|l7#0#m%rk|V(#!|NLGRoC@yX%Iv%ksbhu!XN>{(kUVEJHjNofXLjgy`%yRQe^ca#(Mfb1 zthN8@_@5G1pxpNa&@}!Jk5AUd|IuOZnIHdmK@Z^!N2Fj1Y}=cWvFL=sL-=_@B~S?j z{`2C;AHoqADNza&7*U3r;S6I&1j3XEN`?$2C=Nq}oJffY&`fbq69k26&WJ)81p&`7 zlM^~p0~iq|F$iLjT;XuS`8z!i*$#cm3aL=Mya)g=)3TER=m}=M7kk>3R>%Lmi4HC& z$Z`}iQu(c?f`;*b*zNb%#{Y5usPD)BUC@UQ2VcXKrUQ_u%#hYY?|G`t5>IddUmtw@ z7-+8GyZ1TC5;K&w4+1_i&&HufLCF_Ff+LzCbQY6{=I%ha$T#y%WWnaS78Sj*jz@F; zG({n3f^egUdKSZR-#pUvbuk*z_s|I!!Z1tBv(@laAW;ZpUdE_k>>7S82s02ydq|^u z6#Rl#y5U#43|$YYJuN9Dg5)W}_r(xJh6<&v@rWWzB}*xj`<|LS-2v74|5zk@TL!rO|H3LpHXfyUXjEBb((9)vxJPDxINlu<=dM%urY zb5-;&s>;VFPnOHZ}e+VKxjk=}gf{`fI?N3&!Ar-f8JeT9-2BE~cARjAn-NKui5C^DFDFJx1RaUrO> z76sGpdTkTJxG1wf1lDN{;KPUcdalA%MOqEbT_PXDzv_8Qh6xI)$QbSJOrSB7E@v!w zkuU9XEbWGrde};yPhXdszbY7-3`V8;z9RDnDwSc#Ss@79sI|$HG#eL;i1pk6K*n6J zNzZ4ySV>(U`O7W42*7k{Piv`N=NZNXVcB@op4A-1biO<`35pA2Sd;Rp`m-r1o?uFB zvjFJv`QqZ`oBr#SWPn`o9EFy+NCTL)_=2kWG~rmF+(-qW3e$>YmncglHamlrc>tId zXJN zLAf4zZUHn?I5ykSn#yv_D_-jE0CT@|THcJBs&l?zw>P{Z3H6Q*LW7XJk>IWY*3_xgWATH>b zW`tetL0Xfctw(Z>*;>Q6WQXNEU71x=WH_G!Dl(nA)HltDvI-OK?tJpvarNnE_aRQm zl-5s>Zr_*kj4CcJ;|a;ebuAvkkn#B4C5dB{a#vq4qD*0}nvJgu4dNu7Hn_4O=L|_z z4|8|SnHeiHt?K*he>C&>XGR|Xc>GgG9{*I3$3Gtbw9=)%X>!5iFT($5$(Kc*5VbRG zxUK&nYO>?YJNBg8^@+<|@M?JM?gB$1k3LQj<9(lEyW8|3ksU zM9@*SWT)*NCR9X>vBH(Qt&?*`C7=OMKqIDr zCR_n+2hM#%Q3ncuHUr8%n4}`AsA(rRYH}2OMMl26ZIbV9pQ5`}*ETFcT+k?EC2{He zHVnfrEv_K85!|0|ctIJ0?u;_1;Hd~Us4|6NS&liVU|NJ8l;!xi10Q$rY4$z*zPsOd z-$`Xle&4-<{Jy*2cWJ@IIFElk{@F_QZw3GOxPx^e zKJLKB9js^ixC0+|06y+uMn3LfOG!TNV3Yho@EUzt2f;q>poV;R^Kl2i>9~W0<)3fN z!5Pb)@dj)86|n~E)i>G8aRzG)KE~kQV+3)Htozij%@%uG^#qRbeG9%ve=wYn_F0eL_1=Cs8(&VYy`2Eu5_HZc zpHBfhU90IzrMAYJ)(v^AxdqlFNlK-bt9z;7?DGYlFJ?74wKZ{~P#1FrBz0P81E0FM zJy^YWup0AhM8{i$RYoyWm%E)Slwaqs$*sdn4GzzK<8YTnJiu<%NS)^&x#Rr9SrwOK zu$8RH&^4$?UTUUow#sT&1;4X1+J?iR=Jy*8f*O`3?Up1>i>TH>un8Ww6yrKo-b#=x zhL>%^dRi^-wprk{v8kmkKzqC8$Ce^nt^~G{+HN(_fQ%PR4NHP{i-OjGzg^G|%pusN zK|}lKt%hwMf?BlcHj*y)q*!yeXy_2muF%v8S~P!C!zWbQOGTXTyMk?K!@I6nN$oHl zV5rH*bvm_KE|Ad#Gg|q;#RW#yA{u62_l`=qRDgp?FUc-jabiBf6a`^z*l!)dyK_X{ z%&}Eu?i3{D*X{0g`xO~|zDxCA$jG@mU(2spkgr#NV-3E>;FsO^zU=mAL=8%{Qmrh= zpAoGx`ZJ;$@@GWViMKUny@(B|n}{R^x92HxD@sQLoR zh7mR}=LU;Mo%fD9=a+(Q3p~s1l}mfM^KPdsm?=>Uu5OJa6{(BUZBf8-1={TeHtazv zl zjSWXr#pQj?z5ALSf6n=7y~MsgNRW_gr!#3jGB8qjO6aZkE%xZPXiCQJ?T@?F=e~b; z^4oEobqlzBX@+$QaXHy#=Qiz?e(QA^rBmUi<`>P%X&lBP3CoK{XC5IZafOR9$#xpL zdk41kHI>l(F@U3^erX;1tDFmy+V3vXbHNplIUB&wrx#_KHNk47t!=eNn|H73JgeL4 zkC#cl>`%ioIF6wRbDk_WQ0x0&SMUFQ_1%lJAHR#zWUqJ3Hr)T;JMJE>-T&L~cc1zD zfA4}G!Z{XiOb;-9AIuHnL13Qk1?3|ymYC*8s4zPmdL-fW)!8gSPeu#oGUu^HvoM3R zu)woVASSsgguN#{!I){#vh*RQc`5dz1QaD85$qahX6{hWX>LB`@Kpbmm6xX{3+9+) zFhoc&XZ+gS*FQ!zK>=4(P3$e~^9n70|0xQBe_%`siH1p6qgLh+M_k}awPT%-3!W6Q z(yCDj5_2N-L^WBMmP&}tjqynY|K!3HH6-!7D3rffmBpEC_y{AdEO;{EB8{P+E>b@N#Bo%dC^NEmBk{B=C{RUg~1THo8No2~sip zRV{~6ggO8}Ap0M7}k)c^nh literal 0 HcmV?d00001 diff --git a/charts/neuvector-crd/103.0.3+up2.7.6/Chart.yaml b/charts/neuvector-crd/103.0.3+up2.7.6/Chart.yaml new file mode 100644 index 0000000000..691f3294b4 --- /dev/null +++ b/charts/neuvector-crd/103.0.3+up2.7.6/Chart.yaml @@ -0,0 +1,16 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/release-name: neuvector-crd +apiVersion: v1 +appVersion: 5.3.2 +description: Helm chart for NeuVector's CRD services +home: https://neuvector.com +icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 +maintainers: +- email: support@neuvector.com + name: becitsthere +name: neuvector-crd +type: application +version: 103.0.3+up2.7.6 diff --git a/charts/neuvector-crd/103.0.3+up2.7.6/README.md b/charts/neuvector-crd/103.0.3+up2.7.6/README.md new file mode 100644 index 0000000000..a5379e6ba6 --- /dev/null +++ b/charts/neuvector-crd/103.0.3+up2.7.6/README.md @@ -0,0 +1,14 @@ +# NeuVector Helm Chart + +Helm chart for NeuVector container security's CRD services. NeuVector's CRD (Custom Resource Definition) capture and declare application security policies early in the pipeline, then defined policies can be deployed together with the container applications. + +Because the CRD policies can be deployed before NeuVector's core product, this separate helm chart is created. For the backward compatibility reason, crd.yaml is not removed in the 'core' chart. If you use this 'crd' chart, please set `crdwebhook.enabled` to false in the 'core' chart. + +## Configuration + +The following table lists the configurable parameters of the NeuVector chart and their default values. + +Parameter | Description | Default | Notes +--------- | ----------- | ------- | ----- +`openshift` | If deploying in OpenShift, set this to true | `false` | +`crdwebhook.type` | crd webhook type | `ClusterIP` | diff --git a/charts/neuvector-crd/103.0.3+up2.7.6/templates/_helpers.tpl b/charts/neuvector-crd/103.0.3+up2.7.6/templates/_helpers.tpl new file mode 100644 index 0000000000..c0cc49294e --- /dev/null +++ b/charts/neuvector-crd/103.0.3+up2.7.6/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "neuvector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "neuvector.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "neuvector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/neuvector-crd/103.0.3+up2.7.6/templates/crd.yaml b/charts/neuvector-crd/103.0.3+up2.7.6/templates/crd.yaml new file mode 100644 index 0000000000..e3a0bfdb17 --- /dev/null +++ b/charts/neuvector-crd/103.0.3+up2.7.6/templates/crd.yaml @@ -0,0 +1,975 @@ +{{- if .Values.crdwebhook.enabled -}} +{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} +{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvSecurityRule + listKind: NvSecurityRuleList + plural: nvsecurityrules + singular: nvsecurityrule + scope: Namespaced +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + egress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + file: + items: + properties: + app: + items: + type: string + type: array + behavior: + enum: + - monitor_change + - block_access + type: string + filter: + type: string + recursive: + type: boolean + required: + - behavior + - filter + type: object + type: array + ingress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + process: + items: + properties: + action: + enum: + - allow + - deny + type: string + allow_update: + type: boolean + name: + type: string + path: + type: string + required: + - action + type: object + type: array + process_profile: + properties: + baseline: + enum: + - default + - shield + - basic + - zero-drift + type: string + type: object + target: + properties: + policymode: + enum: + - Discover + - Monitor + - Protect + - N/A + type: string + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - selector + type: object + dlp: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + waf: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + required: + - target + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvclustersecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvClusterSecurityRule + listKind: NvClusterSecurityRuleList + plural: nvclustersecurityrules + singular: nvclustersecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + egress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + file: + items: + properties: + app: + items: + type: string + type: array + behavior: + enum: + - monitor_change + - block_access + type: string + filter: + type: string + recursive: + type: boolean + required: + - behavior + - filter + type: object + type: array + ingress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + process: + items: + properties: + action: + enum: + - allow + - deny + type: string + allow_update: + type: boolean + name: + type: string + path: + type: string + required: + - action + type: object + type: array + process_profile: + properties: + baseline: + enum: + - default + - shield + - basic + - zero-drift + type: string + type: object + target: + properties: + policymode: + enum: + - Discover + - Monitor + - Protect + - N/A + type: string + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - selector + type: object + dlp: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + waf: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + required: + - target + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvdlpsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvDlpSecurityRule + listKind: NvDlpSecurityRuleList + plural: nvdlpsecurityrules + singular: nvdlpsecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + sensor: + properties: + comment: + type: string + name: + type: string + rules: + items: + properties: + name: + type: string + patterns: + items: + properties: + context: + enum: + - url + - header + - body + - packet + type: string + key: + enum: + - pattern + type: string + op: + enum: + - regex + - '!regex' + type: string + value: + type: string + required: + - key + - op + - value + - context + type: object + type: array + required: + - name + - patterns + type: object + type: array + required: + - name + type: object + required: + - sensor + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvadmissioncontrolsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvAdmissionControlSecurityRule + listKind: NvAdmissionControlSecurityRuleList + plural: nvadmissioncontrolsecurityrules + singular: nvadmissioncontrolsecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + config: + properties: + client_mode: + enum: + - service + - url + type: string + enable: + type: boolean + mode: + enum: + - monitor + - protect + type: string + required: + - enable + - mode + - client_mode + type: object + rules: + items: + properties: + action: + enum: + - allow + - deny + type: string + comment: + type: string + criteria: + items: + properties: + name: + type: string + op: + type: string + path: + type: string + sub_criteria: + items: + properties: + name: + type: string + op: + type: string + value: + type: string + required: + - name + - op + - value + type: object + type: array + template_kind: + type: string + type: + type: string + value: + type: string + value_type: + type: string + required: + - name + - op + - value + type: object + type: array + disabled: + type: boolean + id: + type: integer + rule_mode: + enum: + - "" + - monitor + - protect + type: string + containers: + items: + enum: + - containers + - init_containers + - ephemeral_containers + type: string + type: array + required: + - action + - criteria + type: object + type: array + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvwafsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvWafSecurityRule + listKind: NvWafSecurityRuleList + plural: nvwafsecurityrules + singular: nvwafsecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + sensor: + properties: + comment: + type: string + name: + type: string + rules: + items: + properties: + name: + type: string + patterns: + items: + properties: + context: + enum: + - url + - header + - body + - packet + type: string + key: + enum: + - pattern + type: string + op: + enum: + - regex + - '!regex' + type: string + value: + type: string + required: + - key + - op + - value + - context + type: object + type: array + required: + - name + - patterns + type: object + type: array + required: + - name + type: object + required: + - sensor + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvcomplianceprofiles.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvComplianceProfile + listKind: NvComplianceProfileList + plural: nvcomplianceprofiles + singular: nvcomplianceprofile + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + templates: + properties: + disable_system: + type: boolean + entries: + items: + properties: + tags: + items: + type: string + type: array + test_number: + type: string + required: + - test_number + type: object + type: array + required: + - entries + type: object + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvvulnerabilityprofiles.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + group: neuvector.com + names: + kind: NvVulnerabilityProfile + listKind: NvVulnerabilityProfileList + plural: nvvulnerabilityprofiles + singular: nvvulnerabilityprofile + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + profile: + properties: + entries: + items: + properties: + comment: + type: string + days: + type: integer + domains: + items: + type: string + type: array + images: + items: + type: string + type: array + name: + type: string + required: + - name + type: object + type: array + required: + - entries + type: object + required: + - profile + type: object + type: object +{{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: neuvector-svc-crd-webhook + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: Helm +spec: + ports: + - port: 443 + targetPort: 30443 + protocol: TCP + name: crd-webhook + type: {{ .Values.crdwebhook.type }} + selector: + app: neuvector-controller-pod +{{- end }} diff --git a/charts/neuvector-crd/103.0.3+up2.7.6/values.yaml b/charts/neuvector-crd/103.0.3+up2.7.6/values.yaml new file mode 100644 index 0000000000..e899decf01 --- /dev/null +++ b/charts/neuvector-crd/103.0.3+up2.7.6/values.yaml @@ -0,0 +1,9 @@ +# Default values for neuvector. +# This is a YAML-formatted file. +# Declare variables to be passed into the templates. + +openshift: false + +crdwebhook: + type: ClusterIP + enabled: true diff --git a/index.yaml b/index.yaml index 9fcafcb9c6..dde06a234a 100755 --- a/index.yaml +++ b/index.yaml @@ -5556,6 +5556,26 @@ entries: - assets/neuvector/neuvector-100.0.0+up2.2.0.tgz version: 100.0.0+up2.2.0 neuvector-crd: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/release-name: neuvector-crd + apiVersion: v1 + appVersion: 5.3.2 + created: "2024-04-18T16:22:10.84569-03:00" + description: Helm chart for NeuVector's CRD services + digest: 5aae3618a571619ad904ae84a6aa4502ec56efc53e297cd93fbf1cee9441e98d + home: https://neuvector.com + icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 + maintainers: + - email: support@neuvector.com + name: becitsthere + name: neuvector-crd + type: application + urls: + - assets/neuvector-crd/neuvector-crd-103.0.3+up2.7.6.tgz + version: 103.0.3+up2.7.6 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" diff --git a/release.yaml b/release.yaml index ba79199faa..29615bd04e 100644 --- a/release.yaml +++ b/release.yaml @@ -42,6 +42,7 @@ neuvector-crd: - 103.0.2+up2.7.3 - 102.0.8+up2.7.3 - 102.0.9+up2.7.6 + - 103.0.3+up2.7.6 neuvector-monitor: - 102.0.6+up2.6.6 - 103.0.1+up2.7.1