From 4bf76345827483a704deb5db732c6acee061b808 Mon Sep 17 00:00:00 2001 From: Lucas Lopes Date: Wed, 6 Sep 2023 13:08:28 -0300 Subject: [PATCH] make forward-port neuvector-monitor 102.0.4+up2.6.2 --- .../neuvector-monitor-102.0.4+up2.6.2.tgz | Bin 0 -> 7805 bytes .../102.0.4+up2.6.2/Chart.yaml | 26 + .../102.0.4+up2.6.2/README.md | 22 + .../102.0.4+up2.6.2/app-readme.md | 5 + .../dashboards/nv_dashboard.json | 1828 +++++++++++++++++ .../102.0.4+up2.6.2/questions.yaml | 27 + .../102.0.4+up2.6.2/templates/_helpers.tpl | 40 + .../102.0.4+up2.6.2/templates/dashboard.yaml | 15 + .../templates/exporter-deployment.yaml | 56 + .../templates/exporter-service.yaml | 28 + .../templates/exporter-servicemonitor.yaml | 39 + .../102.0.4+up2.6.2/templates/secret.yaml | 15 + .../102.0.4+up2.6.2/values.yaml | 51 + index.yaml | 30 + release.yaml | 2 + 15 files changed, 2184 insertions(+) create mode 100644 assets/neuvector-monitor/neuvector-monitor-102.0.4+up2.6.2.tgz create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/Chart.yaml create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/README.md create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/app-readme.md create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/dashboards/nv_dashboard.json create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/questions.yaml create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/templates/_helpers.tpl create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/templates/dashboard.yaml create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-deployment.yaml create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-service.yaml create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-servicemonitor.yaml create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/templates/secret.yaml create mode 100644 charts/neuvector-monitor/102.0.4+up2.6.2/values.yaml diff --git a/assets/neuvector-monitor/neuvector-monitor-102.0.4+up2.6.2.tgz b/assets/neuvector-monitor/neuvector-monitor-102.0.4+up2.6.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..cdad5831189a8458b1660480915e9d10bc0c6489 GIT binary patch literal 7805 zcmV-@9)jT?iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKDFbKADoXny8jfsgL}nta!iC0UXaO?%&SY`4w3Sv7F zij#XF4-NtC_Kat43K`= zNa>i*xB$Ph8RY}yksvy+EDeGAL^KvuVsuJe;EnN=4Nx*_)1m&>v|ZW6pe;93)M@UR znRc3UCd$AA%)y|w#H^KV#4MC}@ggpOH3X$zWwj{ef&unZxH`>#vt!|qypP{Z+ZGPP z{>^U(;fh!`M8iVifQEJFYWQpABxi38l4P&t)}5FsCIZRId% z5l8kJm*FWEnDI_?OvEG_MjV(!0|9|h=#IA9FSh$Tot@tQ;Xig-t^c0>*tI^x?2Iy( z53B~_;6#jwndM^=2uuQC>OJ_Fcmu?vFr-ZU-#iEiXNH!;?mweYWBso9zbyZ!*o%OFO$D$({&#lzI|cdQYj=BV`F|VF z2HJ-ajy!?%x-0HYIl|gNClkUE;RvG-yKi1MMwIzj2yoGecpxk6gX3WaXo?xZLk~C- z6b%7|m~(Iu2?RxA0!V-#dRPE&TGrU3L+lxiBRr6w5YnRC0CWUn!UdZRkZoHQOTM|( z`3$T{s71japzpu8q=*!Uj7*6KV;G8zi8TCO-AmWX9G}T<- zaV$k8OwI%cV~H<`VnGo`46sWBZ-%6>L;qzVw0Cm!`t;Z1gQK^*Zw>|syFLlx*N3~u z$G^Qh+K*pb2;q<%Po1o=;!~#~#U`Vk2dsfZGHAED-ECQ$PaQq4;*=56T4YaakynT6 zoky|z5_>psIJYV_L`DCBqwkXo2skBgo2T41O(5wkuo9T;Ob%Gw~AZ!7;iu@;v9hjeUAnsGS*Zc zhTcqm;MfnPxWFUHjjDSRj5pCRk}Nr*Ob#{%E`e{FP8o~_RmwKQaWn*mr6#L-H}vRm zOWFfl`_zei2sCcCa7dcIyTLTHj)GPV>1Ss_f-xVU-#;2)mYAEFM?AT^nguJspUD5R z{!hg8*69Si5EyTY@LHz8BK^PJ>lO6>PG@I(t^aT1`SNA!f6$cp1IhYIrAxv8qc73o zOkjZiXY2CPlC`XZ^AHEFk`7Y-Av#i@mC@g{OudE_7bE~=r$&UVZKFn7uEa@G2O8eW zuA1+)(J5=bn*w9R1#}^mQQ)Bdw)#l?<7hM@=g4lPok8HL&lX$rz)^^JeI; z2z$zfmF%ftZ(6^B?p@Uvatt{S$*&HMI3P}aK>tp3jh^v{fah`~jUA8pL>fWLwjmrn z9nKUs_TL`Mx+EAQ9)k0%X}uaDmQfo>>S9a+ZoDP+jtFgx3_*!hgr&J9fj7|3L9VQo zM=%*B_>2n^oW^x(D=dX{kEcC-rzSA?art%4z?tAe_tG@_RX0vx&AnY2z>twZjF9~g z-uMT%3%%)aSE01J&p8UrEUjc2^~(}wAl6Y+pIe+Gf< zqypb6RhN=I9s%Wtn7{t>_&=Uj!-deJGwEhrNfIpJ|LxvRVgIMo?)TUB|E)ZAOc1ks zqrmSt4Ea{V^!o{6RB`>ha9AUx6(V2>W>&_KsvQ$*g{jnxnbla{<=*286JSK(aiN9@ zq{vFrikBlxONuy{4^Uf$c04tphRMgmnY_*bi6owu!$3TXK^$#Juvm=Vm{$m;ov9ru zEG7fArQ;O5t`e0ox+f|j~i3)^Tj%}j_eFdlL0O-w=%DF)2#}K2UW&{ z>bNQJ7+qf4Ie3iAunHJoWzg*EEQBN{-fDd>Ddy_oNcSqx<>f+n7lE5l`XTj*GaH~? z?+nj)rUnGlLFQ{pZ)&e%_wd!}@xjsiS9=G!N=R=!Rhxi%HzN;7+V8>tKYVv|a&UAi z|5bNdka!BnpBVLvfNEiN1fxNrpQV*qLw8}CGmvJ5DBx;otL*lkrR=|W1Llfu;G+DW z?oPL8|Fyf_wf%P+kI_sxaO-WratWV0wH9Jx92z5PRm*T`t5AY|M#Q8VyzKs%s$Mds zq>MFwT-HHLJ5OZbUD}^$DXSegM>%y0Fgrx^>N+@t+EQ`>%K zkXG0%u7jyCQW^WQu0ehSX+u^@bt@~L^VYAxYz*SCST$r+P=|U0bh39?GUAssJ@26m zzs|FY{5LgLRs)On|GKS0{IApLt>ypiJaztmK6jy3*c*}{!MN#A29(E%kU13)CxPC9 zCdg0Yu_%QlS8e&gWp%^auw|@mzCsuzyU54o?$k=hy*1_$0R(PHNl;W3dCjmS;*uPf zG%Aqfw^Zt}Ma@etm5$ojaoEOQ4Zc!RO4@NbUnTKqRv>`#04Xi>=S*u!_*oU??3ysM z6`*}&TKwwIJpG@E;9YBsh5LW)?c)AlyWL;w|J!(0jsIs-Ur6Dt?Ix~L+0AtYS(*Qj4tDq795j9R ztI^n^_|Hyp|F7NcY_IqKZ{^v@9Mw^0c~l0GWvR~<=Xt*88Jj;j)YG)AjSZ6m5HV#> zTh_@0(1>~-J(E?1lqbj|TyUNI6jzq7L(H%b0vM083R9>w5GM1Guw>`ooKvx^!?-cJ zK>O+0B=t>Ky+CiN0B$wn2VI~>qvBiq$@&xr*+0p~DJ=1>3QD#IF3_jyjgU|1!umu( z{zvZ)-sF=2FVLrec&bW%Gf39n`mD|BHt`0&SleIIWRT6 zpva?Ri5nV|wK-|gM90y13|z>fI1f)&i3wPp+0X|)lCvL;^zg?8`lM=9KoV;N3CSVm zoSrdvE+pB$Bo|nTvM9@c9EJ@EiVt5)2Q0Gx`rUr<{MUASeg5}Wo{fzSbQA@R6XGlG z6yPY~`5O@v8VR&VeaTdWgJq?1&;^f7rL@M#p?>Ir0K}r8A!IM{u}j3M7pcxvY$lbR zA)^j(zBM8qm@{80Hfx4f8MBcW0K-G#sg4{R1X77O)E|-nT-~Fja>XxF#Gu!B1`O?F z#u*U?XV~+a@x%~^fD=KcfTS&_d&x{8ZJNwM+L$BC{N~Ck5glrI@8i#ac*Fo59UPya z-NRRjcpe#*qS;hR*oVP!%&s=ZT>fu&I=x=O|Le56?e+Q3TY0`% z2-%q^s69Ymlxt*5Q_UWr-{as(5|Xip5%I*Uz#gFXX8Klgls*uh^kGV*6J-x_H8!*5 z5piX)NuEr1>n}6CYgVxJ0maPw32`gl5{CwR)T2!H%f>_ew6%#k?e-?>^m?19{VW53 ztxiu2kiDA;4*xgW^?(VUt*3XDijz|ZK_n_#t=yzk^l~?t+2*KUu2A5y#PshUH>>ev zc&-{1wbisw`_VGhZE%SwV9g#8?qKf&V0J7p6K`lBCiVa+*yRd@lM_lkLBiyvM}p5O zu(lNZZ|PZfT6Ty7@OVNjF@EYuVm?9CkVAq2d(4P?NO``?iCTh8FA~D-%=hznLgu?% zm{zH8HT3rL;O+%D&74fz^*$=dIa64gggRHIz2|(-##P`&q2n0Y_9d6Cl%PvY81M=8 zT%JvRx-7`2FeJg4XGFYyz7#T`DtRE&jc_FI*+JxaIk9dkFyN6_l$t5(B(mk|Z0*{m z^2@@T%VPHl=6MJX!Ct>ZEQL!IYLHXGB z07={x=bHQev341wKxrR4paE2?3u?~YX&Jt}G~HexOt+U4rk!5$J+DbLw(^Wu9uzkRRT}zAlOsO0(Zxre9mYuyQpt!PzdA=0iWCUQ${2$9| z?7&PC9qIE3XpcsLC~Gk;@VB7FTyThwmF>B`R&Q~$$EV)-gfelv`mMj5etZ6{t2YmG z@s^6Wl0nv5&eXU$E$2+Z9mex|#ENe3{Q;7^GsGNFalYTMnkz<`)@p98=B}gWUM%Ux zwN}(~YelzKbk|aJA$1?MC$~?yBbgdpbV%Jt?8k-J10kT{c$jnI)DwskaY6lZNBErZ zJrz&~_dmdB)s{+JEh|3DM);{Z6XL>8tO8RBu~uV95=XMRQ(ZnKf0tww zDl2U@u~%|MLh2==R=&in2(5hk8*$Y(Q@c>6684YD-*T$GqKbB~2m6EzMuw3YqBPx@ z*v-&$VdfKhmS`wDfGLz<f-^{X0c{eq#^?i4Jw z+>3eJm)&`$TBS9XNR4VcC{Hrxs{dF*sXT#Pg)l2Zhg3+Ro~s}^@pU|8a^r9jk*Tc8 zL6z(YMxG#rex>z1kcx^sWgYw=Z6=q9RG~TY|H?L%kI$b5)6+E3=+p_LXJ|M>Pt8(3 z`{OF1gs)~!87NBj6b{Da+>R?m64DH-y~AJ8uN;q|V%wMaVCMO-&8_w3Z?XBet?}B| zRCss4v%FoS=Q=BfByKArp_6~sF^PwuUzdwXVAm&HPUh5wfE4)czQiT27mZN!Lc8%q zD-xp~K`27nKqQE0#2ZKM2k&Qg<0`UUr~DG}?UC_BG^nMS+Z_QJ91v|nbZ?Q7_MEvKzHm2cIeiKo=6obb0{?<_D!9%QatF&Ci5 zBDt>y$vV~Tk=P+g5IH;5|8lwDeTUAEFhE@7zxHpC`zjiW^GPEnPg&xXAfs@v0o1OWb~Qs(eeCbfsoM?x!$^d0X z)`Zy9%RbN8XqC*3B}|#z7+K<-Gm>82Mtbt{N<%6NnKMeI-8v%Y;O;FSi;GEGwY!3) zTMNEHRV7hmQFSndK%f&T0k69{8M!fM#N7UT)huiI=>}Lroz=fNp13+jzWO@9CnmG1 zdadtl1zuw=5SKFe29`ky;CWbav49ie!!Cct>9rYPp$P1>u9z-#1Bf3n>faRkFH4li z${0h3v?TiO4ljb@omOLrAcO_{i5{`d$BA2yx@wzD7fOqZS{U> zOdZ6Y>xx&p+apRvX%)?tEr)n)a8u8)U>C~n zp-LWmIh$|Qsl>AKG*F&a>ZIhnRRqQT2*T{adl% zbvspa2x8-)^|IS)-5v$h#n3YgR2j5b2E{?-4-4*lg5nypr6Npof8uD%XP%bHH4|v_ z==c<*jJTgswd$19@{CrDvK`0w2WofiH63RnYzzlnPT$U@ou1bI9oK%Z2Q&yYqn+JmIVKLfIGxQhL>Ol&4ZSS3fWLGS;Rg+fYfM zDmARE4*fF_b>+&8=5?jStu0Z+=+ut;Cmq%mCD)wSRS0SAu;!}By5i(cy6RGz%yh1K ztkPB%qPvvTV!w|gMcsMJ(5_wsJ=jkD0=0Y9%hQ>+Hrq7|Q-;u^#Vwau&1~aRChN zy+0`3lepUU==}Z6{4$vwq=MkOy=ZdLM#$`X&NU5Ij5@Cx4GszD-&wX$g^!}LME2r* zk92T*h*>G1rGCQdH3Vak|M@2M9;&L}m;ao{r0&Pjb|zTp}H<13y$z;EG>XGlA|xiI2}Ky7Ea-@z$i|6?za< zD49~MU8#OAv*r;Lx9-);vtnqs%908q&r_k-B&?l1=~``QVGo!%iNlk1$#UjSKwQop zS*X-i@L3XCl*={K@5?m6AaH>x55pdLG$ROg;NV>@`j-}l*nuiWQ?caIC|p1og8P~T zenoM z8ZR^nTrwqYlpg86EGZOq5;q0l9G{Z{7beH-@|lMQ$6362;%@Av9RBzqTVex>R7CFbQs&OR&}XR)VsY<{8oZRu#u z6^>cORKDWm>S<&1W|#iqN76IAKWC82AnXFsU~1I~h&s4Tvn8&DLkmQPekv}bTW;XG z{ej%D<%{-EMLZc5$g;ZDU7VS|YtFfmy^A|IQhr<8C2MxA8+hR+5V|qGy)!1dMayI1 z0qE`W0q9lbnYNPWu@94reDhqolx?$wLAuHwVeuE~yM>@&@l0;JTk2fjb={vA+4>d^ z<*t5Y_8vv57N$|Hwx3p%5VybCbM2d`Yl0pRY)P^kZx3`)mfL}QpP4lQE+=fn=z1$I z^W5@Q++#SH@u06x^GOh&D(HQKm#0;#^IMG3-PFY|3$Gz6UJzF~_&qR~(~3!6*w^qu=cPTjz_A9B5GzJAcT z+mDa4*Q{AL@EwL%uPK+8FiNizr|T8sbUVw&>9)V2I9&+^4=5s+5AP6ZBi2RRq?hqP z(y8xNgl!>;v(d8$gyiKSW=Ak4T(B8Z{s%{e2--SqmU-?^*leA?zI^)n^Aa43)7Q6q zseW9iucLMPdR($jU$4@g#q{-ua&y9M<*(P=r?5_8&!>&Q=(g&pMBgNnU*;Q1UVqVT z-_zuE%QTgQD``@K)b44t*xZ?bk5du2y`x{p*K4_$ebzMv&g}8nLb12VUeu(IR-0A5 z)U`;)R8qGP>JZCWqZgmCwgols>|C>uIG;0)qtU*3i5Ji4G-mBA<=DN98QN}Tzhq0c zb0z7?Z@cGbTlm=)*%A|F{us|j%B56W{l2ibc80V1na}M`=1ZrW{gMV8?HxA@m$@b& zkN>}^QWW;DCwpcgV?py4qW7R=p?YtmdoVqf7T%Cz=C)cbP1W`^p%5iY>@$GR#{%oK z-?nvWJ-Lrh0MS&k&J)!78iOx-A}%m{(z^Co#mPO8Ct2-*wP7d#Icj%5(id)WtAVDN z5$Q7xkV$f3P36uvS+dP$A!HH&)U|eosJ2o=s1Y}{RaNdVqGUkYCsKW)T%S_G4v^k% zwGdLbTMy7d+(P-*=n#vEg^;@Y&fK@8a&?UBZO@y5z~da~CFnFz0*}#%vZQq_Xpjf( zM0H;e*+zOT7IKtz90-EF{1Q~dzjt!<`t;Z1gQK^*Zw_*Ez^-&=iWA9PL-i{MCSB;- zSyb1}PQ#S$r7+i^S%G=Ddwl%cyQBTpz&ym9pHb#617@b~A~5fo<<`&oSwHLNUOfLB P00960d+%x`0P+9;eGheZ literal 0 HcmV?d00001 diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/Chart.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/Chart.yaml new file mode 100644 index 0000000000..387f47755f --- /dev/null +++ b/charts/neuvector-monitor/102.0.4+up2.6.2/Chart.yaml @@ -0,0 +1,26 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: NeuVector Monitor + catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/os: linux + catalog.cattle.io/permit-os: linux + catalog.cattle.io/provides-gvr: neuvector.com/v1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: neuvector-monitor + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 2.6.2 +apiVersion: v1 +appVersion: 5.2.1 +description: Helm feature chart for NeuVector monitor services +home: https://neuvector.com +icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 +keywords: +- security +maintainers: +- email: support@neuvector.com + name: becitsthere +name: neuvector-monitor +sources: +- https://github.com/neuvector/neuvector +version: 102.0.4+up2.6.2 diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/README.md b/charts/neuvector-monitor/102.0.4+up2.6.2/README.md new file mode 100644 index 0000000000..5d3c4503e2 --- /dev/null +++ b/charts/neuvector-monitor/102.0.4+up2.6.2/README.md @@ -0,0 +1,22 @@ +# NeuVector Helm Chart + +Helm chart for NeuVector's monitoring services. + +## Configuration + +The following table lists the configurable parameters of the NeuVector chart and their default values. + +Parameter | Description | Default | Notes +--------- | ----------- | ------- | ----- +`registry` | NeuVector container registry | `registry.neuvector.com` | +`oem` | OEM release name | `nil` | +`leastPrivilege` | Assume monitor chart is always installed after the core chart, so service accounts created by the core chart will be used. Keep this value as same as in the core chart. | `false` | + +`exporter.enabled` | If true, create Prometheus exporter | `false` | +`exporter.image.repository` | exporter image name | `neuvector/prometheus-exporter` | +`exporter.image.tag` | exporter image tag | `latest` | +`exporter.CTRL_USERNAME` | Username to login to the controller. Suggest to replace the default admin user to a read-only user | `admin` | +`exporter.CTRL_PASSWORD` | Passowrd to login to the controller. | `admin` | + +--- + diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/app-readme.md b/charts/neuvector-monitor/102.0.4+up2.6.2/app-readme.md new file mode 100644 index 0000000000..e0faed5b50 --- /dev/null +++ b/charts/neuvector-monitor/102.0.4+up2.6.2/app-readme.md @@ -0,0 +1,5 @@ +### Run-Time Protection Without Compromise + +NeuVector delivers a complete run-time security solution with container process/file system protection and vulnerability scanning combined with the only true Layer 7 container firewall. Protect sensitive data with a complete container security platform. + +Helm chart for NeuVector's monitoring services. Please make sure REST API service for controller in core chart is enabled. diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/dashboards/nv_dashboard.json b/charts/neuvector-monitor/102.0.4+up2.6.2/dashboards/nv_dashboard.json new file mode 100644 index 0000000000..ad7ce631be --- /dev/null +++ b/charts/neuvector-monitor/102.0.4+up2.6.2/dashboards/nv_dashboard.json @@ -0,0 +1,1828 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "gridPos": { + "h": 10, + "w": 3, + "x": 0, + "y": 0 + }, + "id": 38, + "options": { + "content": "
\n \n ![NeuVector Logo](https://avatars.githubusercontent.com/u/19367275?s=200&v=4)
\n
\n [Documentation](https://open-docs.neuvector.com)
\n
\n [Users Slack Channel](https://rancher-users.slack.com/archives/C036F6JDZ8C)
\n
\n [GitHub](https://github.com/neuvector)\n\n
", + "mode": "markdown" + }, + "pluginVersion": "9.1.5", + "title": "NeuVector Product Links", + "type": "text" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 3, + "y": 0 + }, + "id": 25, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": true, + "expr": "nv_summary_enforcers", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "Enforcer Replica Count", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 3, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 6, + "y": 0 + }, + "id": 8, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": true, + "expr": "nv_summary_cvedbVersion", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "CVE Database Version", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 9, + "y": 0 + }, + "id": 20, + "links": [], + "maxDataPoints": 1000, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": true, + "expr": "nv_summary_pods", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "Discovered Pod Count", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 34, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "exemplar": true, + "expr": "max(nv_controller_cpu) by (display)\n", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{display}}", + "range": true, + "refId": "A" + } + ], + "title": "Controller CPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 3, + "y": 3 + }, + "id": 32, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "center", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": true, + "expr": "nv_admission_denied", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Denied Admissions", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-RdYlGr" + }, + "mappings": [ + { + "options": { + "1": { + "color": "light-orange", + "index": 1 + }, + "2": { + "color": "yellow", + "index": 2 + }, + "3": { + "color": "green", + "index": 3 + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 0, + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 6, + "y": 3 + }, + "id": 2, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": true, + "expr": "nv_summary_controllers", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "Controller Replicas", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 9, + "y": 3 + }, + "id": 19, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "center", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": true, + "expr": "nv_summary_disconnectedEnforcers", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{target}}", + "refId": "A" + } + ], + "title": "Disconnected Enforcers", + "type": "stat" + }, + { + "columns": [ + { + "text": "Current", + "value": "current" + } + ], + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "center", + "displayMode": "auto", + "filterable": false, + "inspect": false, + "width": 300 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "string" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "log" + }, + "properties": [ + { + "id": "custom.width", + "value": 101 + }, + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "color", + "value": { + "fixedColor": "light-orange", + "mode": "fixed" + } + }, + { + "id": "displayName", + "value": "Event Type" + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "name" + }, + "properties": [ + { + "id": "custom.filterable", + "value": true + }, + { + "id": "displayName", + "value": "Violation Type" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Last seen" + }, + "properties": [ + { + "id": "unit", + "value": "dateTimeAsIso" + }, + { + "id": "custom.width", + "value": 200 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "fromname" + }, + "properties": [ + { + "id": "displayName", + "value": "Source Pod" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "toname" + }, + "properties": [ + { + "id": "displayName", + "value": "Destination Pod" + } + ] + } + ] + }, + "fontSize": "90%", + "gridPos": { + "h": 8, + "w": 9, + "x": 3, + "y": 6 + }, + "id": 29, + "links": [], + "options": { + "footer": { + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Last seen" + } + ] + }, + "pluginVersion": "9.1.5", + "scroll": true, + "showHeader": true, + "sort": { + "col": 1, + "desc": true + }, + "styles": [ + { + "alias": "Event", + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "dateFormat": "YYYY-MM-DD HH:mm", + "decimals": 2, + "link": false, + "mappingType": 1, + "pattern": "Metric", + "preserveFormat": false, + "sanitize": true, + "thresholds": [], + "type": "string", + "unit": "short" + }, + { + "alias": "Time", + "colorMode": "value", + "colors": [ + "#E0B400", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 0, + "pattern": "Current", + "thresholds": [], + "type": "number", + "unit": "dateTimeAsIso" + } + ], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "exemplar": false, + "expr": "nv_log_events", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "range": false, + "refId": "A" + } + ], + "title": "Security Event Log", + "transform": "timeseries_aggregations", + "transformations": [ + { + "id": "labelsToFields", + "options": {} + }, + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "endpoint": true, + "fromns": true, + "id": true, + "instance": true, + "job": true, + "namespace": true, + "pod": true, + "service": true, + "target": true, + "tons": true + }, + "indexByName": { + "Time": 0, + "Value": 14, + "endpoint": 1, + "fromname": 7, + "fromns": 15, + "id": 2, + "instance": 3, + "job": 4, + "log": 5, + "name": 6, + "namespace": 8, + "pod": 9, + "service": 10, + "target": 11, + "toname": 12, + "tons": 13 + }, + "renameByName": {} + } + }, + { + "id": "groupBy", + "options": { + "fields": { + "Value": { + "aggregations": [ + "max" + ], + "operation": "aggregate" + }, + "fromname": { + "aggregations": [], + "operation": "groupby" + }, + "log": { + "aggregations": [], + "operation": "groupby" + }, + "name": { + "aggregations": [], + "operation": "groupby" + }, + "toname": { + "aggregations": [], + "operation": "groupby" + } + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Value (lastNotNull)": "Last seen", + "Value (max)": "Last seen" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "left", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 6 + }, + "id": 12, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "exemplar": true, + "expr": "max(nv_controller_memory) by (display)", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{display}}", + "range": true, + "refId": "A" + } + ], + "title": "Controller Memory Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Value #A" + }, + "properties": [ + { + "id": "displayName", + "value": "High" + }, + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #B" + }, + "properties": [ + { + "id": "displayName", + "value": "Medium" + }, + { + "id": "color", + "value": { + "fixedColor": "light-orange", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 14, + "w": 3, + "x": 0, + "y": 10 + }, + "id": 24, + "links": [], + "options": { + "displayLabels": [ + "value" + ], + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": true, + "values": [] + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "none", + "sort": "none" + } + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "expr": "sum(nv_container_vulnerabilityHigh) by (service)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "expr": "sum(nv_container_vulnerabilityMedium) by (service)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "B" + } + ], + "title": "Cluster CVE Count", + "transformations": [ + { + "id": "merge", + "options": { + "reducers": [] + } + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "indexByName": {}, + "renameByName": {} + } + } + ], + "type": "piechart" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 12 + }, + "hiddenSeries": false, + "id": 10, + "legend": { + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "9.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": true, + "expr": "max(nv_enforcer_cpu) by (display)\n", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{display}}", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Enforcer CPU Usage", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:865", + "format": "percentunit", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:866", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "center", + "displayMode": "auto", + "inspect": false, + "width": 101 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "exported_service" + }, + "properties": [ + { + "id": "custom.filterable", + "value": true + }, + { + "id": "displayName", + "value": "Cluster Service Name" + }, + { + "id": "custom.inspect", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #A" + }, + "properties": [ + { + "id": "displayName", + "value": "High" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + { + "id": "custom.displayMode", + "value": "color-text" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #B" + }, + "properties": [ + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "displayName", + "value": "Medium" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "light-orange", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "exported_service" + }, + "properties": [ + { + "id": "custom.width", + "value": 300 + }, + { + "id": "custom.align", + "value": "right" + }, + { + "id": "displayName", + "value": "Cluster Service Name" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 4, + "x": 3, + "y": 14 + }, + "id": 36, + "links": [], + "options": { + "footer": { + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "expr": "sum(nv_container_vulnerabilityHigh) by (exported_service)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "expr": "sum(nv_container_vulnerabilityMedium) by (exported_service)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "B" + } + ], + "title": "Vulnerabilities by Service", + "transformations": [ + { + "id": "merge", + "options": { + "reducers": [] + } + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "indexByName": {}, + "renameByName": {} + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "center", + "displayMode": "auto", + "filterable": false, + "inspect": false, + "minWidth": 50 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "name" + }, + "properties": [ + { + "id": "unit", + "value": "string" + }, + { + "id": "custom.align", + "value": "right" + }, + { + "id": "custom.inspect", + "value": true + }, + { + "id": "custom.filterable", + "value": true + }, + { + "id": "displayName", + "value": "Repository/Image: Tag" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #A" + }, + "properties": [ + { + "id": "displayName", + "value": "High" + }, + { + "id": "unit", + "value": "none" + }, + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "color" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #B" + }, + "properties": [ + { + "id": "displayName", + "value": "Medium" + }, + { + "id": "unit", + "value": "none" + }, + { + "id": "custom.displayMode", + "value": "color-text" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "light-orange", + "value": 1 + } + ] + } + }, + { + "id": "color" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 5, + "x": 7, + "y": 14 + }, + "id": 33, + "links": [], + "options": { + "footer": { + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "9.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "expr": "sum(nv_image_vulnerabilityHigh) by (name)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "expr": "sum(nv_image_vulnerabilityMedium) by (name)", + "format": "table", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "B" + } + ], + "title": "Registry Images Vulnerabilities", + "transformations": [ + { + "id": "merge", + "options": { + "reducers": [] + } + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true + }, + "indexByName": {}, + "renameByName": {} + } + } + ], + "type": "table" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 18 + }, + "hiddenSeries": false, + "id": 35, + "legend": { + "avg": false, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "9.1.5", + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "exemplar": true, + "expr": "max(nv_enforcer_memory) by (display)", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{display}}", + "refId": "A" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Enforcer Memory Usage", + "tooltip": { + "shared": true, + "sort": 2, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:940", + "format": "bytes", + "logBase": 1, + "show": true + }, + { + "$$hashKey": "object:941", + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + } + ], + "refresh": "15s", + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "hidden": false, + "refresh_intervals": [ + "5s", + "10s", + "15s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "UTC", + "title": "NeuVector", + "uid": "nv_dashboard0001", + "version": 2, + "weekStart": "" +} diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/questions.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/questions.yaml new file mode 100644 index 0000000000..b8d51b3791 --- /dev/null +++ b/charts/neuvector-monitor/102.0.4+up2.6.2/questions.yaml @@ -0,0 +1,27 @@ +questions: +#monitor configurations +- variable: exporter.image.repository + default: "neuvector/prometheus-exporter" + description: exporter image repository + type: string + label: Exporter Image Path + group: "Container Images" +- variable: exporter.image.tag + default: "" + description: image tag for exporter + type: string + label: exporter Image Tag + group: "Container Images" +#controller crendential configuration +- variable: exporter.CTRL_USERNAME + default: "admin" + description: Controller Username + type: string + label: Controller Username + group: "Controller Crendential" +- variable: exporter.CTRL_PASSWORD + default: "admin" + description: Controller Password + type: string + label: Controller Password + group: "Controller Crendential" diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/templates/_helpers.tpl b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/_helpers.tpl new file mode 100644 index 0000000000..5d21a18241 --- /dev/null +++ b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/_helpers.tpl @@ -0,0 +1,40 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "neuvector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "neuvector.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "neuvector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/templates/dashboard.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/dashboard.yaml new file mode 100644 index 0000000000..72c5d9f709 --- /dev/null +++ b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/dashboard.yaml @@ -0,0 +1,15 @@ +{{- if .Values.exporter.grafanaDashboard.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: nv-grafana-dashboard + namespace: {{ .Values.exporter.grafanaDashboard.namespace | default .Release.Namespace }} + labels: + grafana_dashboard: "1" +{{- if .Values.exporter.grafanaDashboard.labels }} + {{- toYaml .Values.exporter.grafanaDashboard.labels | nindent 4}} +{{- end }} +data: + nv_dashboard.json: | +{{ .Files.Get "dashboards/nv_dashboard.json" | indent 4 }} +{{- end }} diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-deployment.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-deployment.yaml new file mode 100644 index 0000000000..5353c05a6a --- /dev/null +++ b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-deployment.yaml @@ -0,0 +1,56 @@ +{{- if .Values.exporter.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: neuvector-prometheus-exporter-pod + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: 1 + selector: + matchLabels: + app: neuvector-prometheus-exporter-pod + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8068" + prometheus.io/scrape: "true" + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + labels: + app: neuvector-prometheus-exporter-pod + release: {{ .Release.Name }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + {{- if .Values.leastPrivilege }} + serviceAccountName: basic + serviceAccount: basic + {{- end }} + containers: + - name: neuvector-prometheus-exporter-pod + {{ if eq .Values.registry "registry.neuvector.com" }} + {{ if .Values.oem }} + image: "{{ .Values.registry }}/{{ .Values.oem }}/prometheus-exporter:{{ .Values.exporter.image.tag }}" + {{- else }} + image: "{{ .Values.registry }}/prometheus-exporter:{{ .Values.exporter.image.tag }}" + {{- end }} + {{- else }} + image: {{ template "system_default_registry" . }}{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }} + {{- end }} + imagePullPolicy: Always + env: + - name: CTRL_API_SERVICE + value: {{ .Values.exporter.apiSvc }} + - name: EXPORTER_PORT + value: "8068" + envFrom: + - secretRef: + name: neuvector-prometheus-exporter-pod-secret + restartPolicy: Always +{{- end }} diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-service.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-service.yaml new file mode 100644 index 0000000000..b304562709 --- /dev/null +++ b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-service.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.exporter.enabled .Values.exporter.svc.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: neuvector-prometheus-exporter + namespace: {{ .Release.Namespace }} + {{- with .Values.exporter.svc.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + app: neuvector-prometheus-exporter +spec: + type: {{ .Values.exporter.svc.type }} + {{- if and .Values.exporter.svc.loadBalancerIP (eq .Values.exporter.svc.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.exporter.svc.loadBalancerIP }} + {{- end }} + ports: + - port: 8068 + name: metrics + targetPort: 8068 + protocol: TCP + selector: + app: neuvector-prometheus-exporter-pod +{{- end }} diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-servicemonitor.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-servicemonitor.yaml new file mode 100644 index 0000000000..25ca23d121 --- /dev/null +++ b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/exporter-servicemonitor.yaml @@ -0,0 +1,39 @@ +{{- if .Values.exporter.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: neuvector-prometheus-exporter + namespace: {{ .Release.Namespace }} + {{- with .Values.exporter.serviceMonitor.annotations }} + annotations: + {{ toYaml . | nindent 4 }} + {{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.exporter.serviceMonitor.labels }} + {{- toYaml .Values.exporter.serviceMonitor.labels | nindent 4}} +{{- end }} +spec: + selector: + matchLabels: + app: neuvector-prometheus-exporter + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: metrics + {{- if .Values.exporter.serviceMonitor.interval }} + interval: {{ .Values.exporter.serviceMonitor.interval }} + {{- end }} + path: "/metrics" + {{- if .Values.exporter.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml .Values.exporter.serviceMonitor.metricRelabelings | nindent 6 }} + {{- end }} + {{- if .Values.exporter.serviceMonitor.relabelings }} + relabelings: + {{- toYaml .Values.exporter.serviceMonitor.relabelings | nindent 6 }} + {{- end }} +{{- end }} diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/templates/secret.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/secret.yaml new file mode 100644 index 0000000000..9a04ac476d --- /dev/null +++ b/charts/neuvector-monitor/102.0.4+up2.6.2/templates/secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.exporter.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: neuvector-prometheus-exporter-pod-secret + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + CTRL_USERNAME: {{ .Values.exporter.CTRL_USERNAME | b64enc | quote }} + CTRL_PASSWORD: {{ .Values.exporter.CTRL_PASSWORD | b64enc | quote }} +{{- end }} diff --git a/charts/neuvector-monitor/102.0.4+up2.6.2/values.yaml b/charts/neuvector-monitor/102.0.4+up2.6.2/values.yaml new file mode 100644 index 0000000000..9885e33669 --- /dev/null +++ b/charts/neuvector-monitor/102.0.4+up2.6.2/values.yaml @@ -0,0 +1,51 @@ +# Default values for neuvector. +# This is a YAML-formatted file. +# Declare variables to be passed into the templates. + +global: + cattle: + systemDefaultRegistry: "" + +registry: docker.io +oem: '' +leastPrivilege: false + +exporter: + # If false, exporter will not be installed + enabled: true + image: + repository: rancher/mirrored-neuvector-prometheus-exporter + tag: 5.2.1 + # changes this to a readonly user ! + CTRL_USERNAME: admin + CTRL_PASSWORD: admin + + apiSvc: neuvector-svc-controller-api:10443 + + svc: + enabled: true + type: ClusterIP + loadBalancerIP: '' + annotations: {} + # service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet" + + grafanaDashboard: + enabled: false + namespace: "" # Release namespace, if empty + labels: {} + + serviceMonitor: + enabled: false + # labels for the ServiceMonitor. + labels: {} + # annotations for the ServiceMonitor. + annotations: {} + # Scrape interval. If not set, the Prometheus default scrape interval is used. + interval: "" + # MetricRelabelConfigs to apply to samples after scraping, but before ingestion. + # ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + metricRelabelings: [] + # RelabelConfigs to apply to samples before scraping + # ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig + relabelings: [] diff --git a/index.yaml b/index.yaml index a6ce13a2bc..f4f41dd8a4 100755 --- a/index.yaml +++ b/index.yaml @@ -4529,6 +4529,36 @@ entries: - assets/neuvector-crd/neuvector-crd-100.0.0+up2.2.0.tgz version: 100.0.0+up2.2.0 neuvector-monitor: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: NeuVector Monitor + catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.28.0-0' + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/os: linux + catalog.cattle.io/permit-os: linux + catalog.cattle.io/provides-gvr: neuvector.com/v1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: neuvector-monitor + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 2.6.2 + apiVersion: v1 + appVersion: 5.2.1 + created: "2023-09-06T13:08:11.677673-03:00" + description: Helm feature chart for NeuVector monitor services + digest: 556987f92462d53a1c1a8906d6d13e6d3fef501c7a2d59b31fa7ae13eca57d9c + home: https://neuvector.com + icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 + keywords: + - security + maintainers: + - email: support@neuvector.com + name: becitsthere + name: neuvector-monitor + sources: + - https://github.com/neuvector/neuvector + urls: + - assets/neuvector-monitor/neuvector-monitor-102.0.4+up2.6.2.tgz + version: 102.0.4+up2.6.2 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: NeuVector Monitor diff --git a/release.yaml b/release.yaml index a148636774..caf28f83fd 100644 --- a/release.yaml +++ b/release.yaml @@ -56,3 +56,5 @@ neuvector: - 102.0.4+up2.6.2 neuvector-crd: - 102.0.4+up2.6.2 +neuvector-monitor: + - 102.0.4+up2.6.2