Add NeuVector chart version 2.6.2

rancher · Aug 25, 2023 · 3e3305f · 3e3305f
1 parent b240886
commit 3e3305f
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 33 deletions.
diff --git a/packages/neuvector/generated-changes/patch/Chart.yaml.patch b/packages/neuvector/generated-changes/patch/Chart.yaml.patch
@@ -13,9 +13,9 @@
 +  catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0'
 +  catalog.cattle.io/release-name: neuvector
 +  catalog.cattle.io/type: cluster-tool
-+  catalog.cattle.io/upstream-version: 2.6.0
++  catalog.cattle.io/upstream-version: 2.6.2
  apiVersion: v1
- appVersion: 5.2.0
+ appVersion: 5.2.1
 -description: Helm chart for NeuVector's core services
 +description: Helm feature chart for NeuVector's core services
  home: https://neuvector.com
@@ -29,4 +29,4 @@
 +name: neuvector
 +sources:
 +- https://github.com/neuvector/neuvector
- version: 2.6.0
+ version: 2.6.2
diff --git a/packages/neuvector/generated-changes/patch/README.md.patch b/packages/neuvector/generated-changes/patch/README.md.patch
@@ -1,99 +1,109 @@
 --- charts-original/README.md
 +++ charts/README.md
-@@ -31,7 +31,7 @@
+@@ -2,9 +2,6 @@
+
+ Helm chart for NeuVector container security's core services.
+
+-## CRD
+-Because the CRD (Custom Resource Definition) policies can be deployed before NeuVector's core product, a new 'crd' helm chart is created. The crd template in the 'core' chart is kept for the backward compatibility. Please set `crdwebhook.enabled` to false, if you use the new 'crd' chart.
+-
+ ## Choosing container runtime
+ The NeuVector platform supports docker, cri-o and containerd as the container runtime. For a k3s/rke2, or bottlerocket cluster, they have their own runtime socket path. You should enable their runtime options, `k3s.enabled` and `bottlerocket.enabled`, respectively.
+
+@@ -31,7 +28,7 @@
  `controller.schedulerName` | kubernetes scheduler name | `nil` |
  `controller.affinity` | controller affinity rules  | ... | spread controllers to different nodes |
  `controller.tolerations` | List of node taints to tolerate | `nil` |
 -`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
  `controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` |
  `controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` |
-@@ -74,7 +74,7 @@
+@@ -74,7 +71,7 @@
  `controller.federation.mastersvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `controller.federation.mastersvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
  `controller.federation.mastersvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
 -`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` |
  `controller.federation.managedsvc.annotations` | Add annotations to Multi-cluster managed cluster REST API service | `{}` |
  `controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` |
-@@ -90,14 +90,14 @@
+@@ -90,14 +87,14 @@
  `controller.federation.managedsvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `controller.federation.managedsvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
  `controller.federation.managedsvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
 -`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed
  `controller.ingress.tls` | If true, TLS is enabled for controller rest api ingress service |`false` | If set, the tls-host used is the one set with `controller.ingress.host`.
  `controller.ingress.host` | Must set this host value if ingress is enabled | `nil` |
  `controller.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
  `controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations.
 -`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `controller.configmap.enabled` | If true, configure NeuVector global settings using a ConfigMap | `false`
  `controller.configmap.data` | NeuVector configuration in YAML format | `{}`
  `controller.secret.enabled` | If true, configure NeuVector global settings using secrets | `false`
-@@ -111,7 +111,7 @@
+@@ -111,7 +108,7 @@
  `enforcer.podAnnotations` | Specify the pod annotations. | `{}` |
  `enforcer.env` | User-defined environment variables for enforcers. | `[]` |
  `enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`<br>`key: node-role.kubernetes.io/master` | other taints can be added after the default
 -`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `manager.enabled` | If true, create manager | `true` |
  `manager.image.repository` | manager image repository | `neuvector/manager` |
  `manager.image.hash` | manager image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | |
-@@ -128,7 +128,7 @@
+@@ -128,7 +125,7 @@
  `        CUSTOM_PAGE_FOOTER_COLOR`        | use color name (yellow) or value (#ffff00) | 
  `manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
  `manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
 -`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml)
-+`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `manager.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
  `manager.route.host` | Set OpenShift route host for management console service | `nil` |
  `manager.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` |
-@@ -143,10 +143,10 @@
+@@ -143,10 +140,10 @@
  `manager.ingress.host` | Must set this host value if ingress is enabled | `nil` |
  `manager.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
 -`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`.
  `manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
 -`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `manager.affinity` | manager affinity rules  | `{}` |
  `manager.tolerations` | List of node taints to tolerate | `nil` |
  `manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
-@@ -161,7 +161,7 @@
+@@ -161,7 +158,7 @@
  `cve.adapter.env` | User-defined environment variables for adapter. | `[]` |
  `cve.adapter.svc.type` | set registry adapter service type for native Kubernetes | `NodePort`;<br>if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google
  `cve.adapter.svc.loadBalancerIP` | if registry adapter service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` |
 -`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](values.yaml)
-+`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`cve.adapter.svc.annotations` | Add annotations to registry adapter service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `cve.adapter.harbor.protocol` | Harbor registry request protocol [http|https] | `https` |
  `cve.adapter.harbor.secretName` | Harbor registry adapter's basic authentication secret | |
  `cve.adapter.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` |
-@@ -178,10 +178,10 @@
+@@ -178,10 +175,10 @@
  `cve.adapter.ingress.host` | Must set this host value if ingress is enabled | `nil` |
  `cve.adapter.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` |
  `cve.adapter.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/`
 -`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml)
-+`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`cve.adapter.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `cve.adapter.ingress.tls` | If true, TLS is enabled for registry adapter ingress service |`false` | If set, the tls-host used is the one set with `cve.adapter.ingress.host`.
  `cve.adapter.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually)
 -`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](values.yaml)
-+`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml)
++`cve.adapter.resources` | Add resources requests and limits to registry adapter deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml)
  `cve.adapter.affinity` | registry adapter affinity rules  | `{}` |
  `cve.adapter.tolerations` | List of node taints to tolerate | `nil` |
  `cve.adapter.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
-@@ -209,7 +209,7 @@
+@@ -209,7 +206,7 @@
  `cve.scanner.env` | User-defined environment variables for scanner. | `[]` |
  `cve.scanner.replicas` | external scanner replicas | `3` |
  `cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` |
 -`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](values.yaml) |
-+`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.0/charts/core/values.yaml) |
++`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.6.2/charts/core/values.yaml) |
  `cve.scanner.affinity` | scanner affinity rules  | `{}` |
  `cve.scanner.tolerations` | List of node taints to tolerate | `nil` |
  `cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` |
diff --git a/packages/neuvector/generated-changes/patch/templates/controller-deployment.yaml.patch b/packages/neuvector/generated-changes/patch/templates/controller-deployment.yaml.patch
@@ -21,13 +21,17 @@
            securityContext:
              privileged: true
            resources:
-@@ -125,10 +113,6 @@
+@@ -125,14 +113,6 @@
              - name: CTRL_PERSIST_CONFIG
                value: "1"
            {{- end }}
 -          {{- if .Values.awsbilling.enabled }}
 -            - name: CSP_ENV
 -              value: "aws"
+-          {{- end }}
+-          {{- if .Values.awsbilling.enabled }}
+-            - name: NO_DEFAULT_ADMIN
+-              value: "1"
 -          {{- end }}
            {{- with .Values.controller.env }}
  {{- toYaml . | nindent 12 }}

diff --git a/packages/neuvector/generated-changes/patch/values.yaml.patch b/packages/neuvector/generated-changes/patch/values.yaml.patch
@@ -13,7 +13,7 @@
  openshift: false
 
  registry: docker.io
--tag: 5.2.0
+-tag: 5.2.1
  oem:
 -imagePullSecrets:
 -psp: false
@@ -29,7 +29,7 @@
    image:
 -    repository: neuvector/controller
 +    repository: rancher/mirrored-neuvector-controller
-+    tag: 5.2.0
++    tag: 5.2.1
      hash:
    replicas: 3
    disruptionbudget: 0
@@ -48,7 +48,7 @@
    image:
 -    repository: neuvector/enforcer
 +    repository: rancher/mirrored-neuvector-enforcer
-+    tag: 5.2.0
++    tag: 5.2.1
      hash:
    updateStrategy:
      type: RollingUpdate
@@ -58,7 +58,7 @@
    image:
 -    repository: neuvector/manager
 +    repository: rancher/mirrored-neuvector-manager
-+    tag: 5.2.0
++    tag: 5.2.1
      hash:
    priorityClassName:
    env:

diff --git a/packages/neuvector/package.yaml b/packages/neuvector/package.yaml
@@ -1,5 +1,5 @@
-url: https://neuvector.github.io/neuvector-helm/core-2.6.0.tgz
-version: 102.0.3
+url: https://neuvector.github.io/neuvector-helm/core-2.6.2.tgz
+version: 102.0.4
 additionalCharts:
 - workingDir: charts-crd
   crdOptions:

diff --git a/packages/neuvector/templates/crd-template/Chart.yaml b/packages/neuvector/templates/crd-template/Chart.yaml
@@ -4,13 +4,13 @@ annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/hidden: true
 apiVersion: v1
-appVersion: 5.2.0
+appVersion: 5.2.1
 description: Helm chart for NeuVector's CRD services
 home: https://neuvector.com
 icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
 maintainers:
 - email: support@neuvector.com
   name: becitsthere
 name: neuvector-crd
-version: 2.6.0
+version: 2.6.2
 type: application