From 8032b13a3a180214b583af1cfb2bf23a7b8c79dc Mon Sep 17 00:00:00 2001 From: Pedro Tashima Date: Fri, 27 Sep 2024 16:30:29 -0300 Subject: [PATCH] forwardport neuvector 103.0.6+up2.8.0 --- .../neuvector-crd-103.0.6+up2.8.0.tgz | Bin 0 -> 3490 bytes .../neuvector-crd/103.0.6+up2.8.0/Chart.yaml | 16 + .../neuvector-crd/103.0.6+up2.8.0/README.md | 14 + .../103.0.6+up2.8.0/templates/_helpers.tpl | 32 + .../103.0.6+up2.8.0/templates/crd.yaml | 983 ++++++++++++++++++ .../neuvector-crd/103.0.6+up2.8.0/values.yaml | 9 + index.yaml | 20 + release.yaml | 2 + 8 files changed, 1076 insertions(+) create mode 100644 assets/neuvector-crd/neuvector-crd-103.0.6+up2.8.0.tgz create mode 100644 charts/neuvector-crd/103.0.6+up2.8.0/Chart.yaml create mode 100644 charts/neuvector-crd/103.0.6+up2.8.0/README.md create mode 100644 charts/neuvector-crd/103.0.6+up2.8.0/templates/_helpers.tpl create mode 100644 charts/neuvector-crd/103.0.6+up2.8.0/templates/crd.yaml create mode 100644 charts/neuvector-crd/103.0.6+up2.8.0/values.yaml diff --git a/assets/neuvector-crd/neuvector-crd-103.0.6+up2.8.0.tgz b/assets/neuvector-crd/neuvector-crd-103.0.6+up2.8.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..89837de240abdcf0a25458503ebb317e0259b858 GIT binary patch literal 3490 zcmV;T4PEjdiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PJ0FbK5qP&ue~)J>_~y+K`qk$8I&3yUW?VYo@L1NjmA=D+MA~ z5-uRY0-zi}vA_E>0I0tvK}uHaqy^qsCYFoEVzK)Juo5yXW*93j!dN5+r&A(SbVXA3 zXpg1a?RJlkj?CX~x4Zebdve@+)H^ypdC@!W9ruqPb$k7jlcPt_-KP+BrI3nwD*iYUr6IS2q^q6p)YC?-lVj3_^dQ7Ag5m<&LWES{pMB%9JC!E68>B?|0R zl4K-BnUfd?U>}A{!IbNkrb^{GV1|CBEeyWM}Ay*vt1LNi5ZhC&X4 z5HKZ_4L}xo&V~A~_0|AvuSXbDCDjxK232}cS2+%V2r7P4oZo_+(@LA077le*WJ_c?@SbCIwSq$KK40r4a^?;rA(( zKqV0PzgNHh5{|h@iBg!rm@?D^XBaag5N1SBGGZt}aTp=wL`qD6W{QKFA}CCAMij~@ z2zZW}oYJuxz?d+JK@f}N5=T?cKWIN>4f>Q7QlWT#5ddJOc_#zV4rbGeec83F&;P{` z9So<)auhOB`JG)s!~8$&_WK+2|G0nL^Yi~c%BN2U-@=Th1CXf9l-5)4WvbN@PjLX> z9^BjnnkxA5V@|TfOl2K|fRD{*6Hud|qzfUzG0hM~z zq>()e{y@v!&@0`B?uXQomJ|{}@)Y6cVuT_?h0^wTOpzrLw6kM0rP>J^-$o@o9bFl1 zoSnbbv^1N5%rSlz1+T|YLKw?L0|Y`dSt1ehj4HUKjA^e~XrD>6yVb&%(mIr@sn!)t z#|wSVD;GMQ)6^2QQaY1MPXB5;FnHO1Tvy~==)!V|-dIK1mlv|GJ>6QsT+mF7q4SLl zzmc5{ZnoWREUoVIngy;5t)4O^7}LXQhPSj8OU1|tnRAE@U8lA~tNON|OArj#ATVbn zM(BLkfzGhARZkz;D%oy2n2L-$&U97)ul$m4JKc z=y`mk{k(Q)bMgg@ho=(L8H!V$<~lrf{^MmY>K%sN4m_2`NGbt62zwBnlAMevql%)8 zbbKv+RrJ49l^>ryTWz!NXfxx=i1nf-gg{@b<30J-2f3e9o(3}8Ou%Ti6J3r+;eTTcO~!nESCi#SgW}$MYo0L zdu3;K75B(d;GYE*n7CPnS}hF}JZ~T{qC07<)O_^+7^_CZsh@n%Fae>hg1Dd)nh`eK z1Ggqc+lb_xv$cwG@eWHrU0GGrWVmnv6_rj|>W5}bS%nIB4?cPAy!!m!eS}joqxBBb z9s5$AQN_hDo|0@*H{v0T7>_>;NgSh;yT*bsWeRJ>YE) z(;Z*l(UR_F6T@8aYIy86ff13&XjY@BdIMOT8Q0XxDMgmlRE~(GaZTMnQ1CDjbX?8Z zse6YC6%iAx2&HcAgcLRyFTW(3ljRV(z-l3N?((S$o1P)9T7XoWbM@rD~8v`|P( zq|t&?%CljLO3=88jVt~DOhi7E+BwHX?LwfG6tVSeDhL<#{k8y2yxvkFu z#+(*Y&(#5`92^r?F?ZcQM50nOo7DIhr-N$aoZO%b8h{rxf-h(SV9?gXJTzu^z$Iwo zdE8z{Dx!*-adJ;@N5hw7?9J_V@#gk9%&oe&VTpEwMjmSqR}Q+vF#Nk^Tf{c6{VPej zD6{aLxfc~Q6)6~1{Wc`4nHUvB%Y=-w9iNTivoUIG{b__hjhOTCrx9z#pGNr8h^=^k zDW?%W8^ac#jj`;Z&&H^(_4vo*pE)0of7Xh}KOX;V#rsRaKRz2{lZns9@Yxufl|CE8 zXJdfR#+VnMjj=T+pN-+OG5qnkKOXnl7`AwGTWS7FGB=-%vA1lDgymmJCdL`domm(g z^%WTyn|(FatJxPD1U~cP!80!;X0mGK<_-YP6p-1&SCjOkiB zR|>T?u(V;w1IsOdB}q~$HD7I|g0rs#Wxkq=eQL#aLQWTP1^#rZECK#v$J7nyVa@M1oP{;4LE5c9npRA$QC|}lZpp@Vu)Y-|S&W8lGMieh z<+fSPwb7|9TOjmyYmF^gwuJp#acu|v8({E~r~&`CTLH92_wDkYV1c)W1`X}QS`FDg z7_}JFZ8#10Bv`XqG#G@_6q<~n#qc)`d_twYTE_Xl>%5mXyz4wlEf_k$P*aTSbZV|Ba()K{#&H~V^P!M#D?*Vqrf#`dQ_4MMdNt!&7j{;U)F)1R8+ zPk*Y5KmGBiKTaMVST29$g{L{AB#W{9g2opNEl(G+URYUgfy-MIRX^`?tH-wh<}DHr zF&`XaE-roB7G;(jCqsLA_ipDWm?=?8Soo z^(|X$jzueN-FL((hqQgr@sY$GNoEDhP}nY9efh!U-Kw~C@uZ5VBBWGy{Z>?|qVj>| z!2`>VUrhbHAz@!Xt&or_XXI$}g)D%Cr-a^lM`DjLil$`Z-q^Tbc^>+UAzx0EtXrDp zD<0O##1&CjBiXE12C27YvQ0%yTHG2eXK@&dBrI=@okxV6#1-+xJhpD=Ge@hHAAt$Y zKLa>A>X)jp-;ud6Py5~F^IUMnW6lQf`{_mb%=UM^hgOlg`P;YV>N+dw`gg8Lz8XBk zGNFy32y>pSj>bLT|GR$w^P3-Eo&EY_lqP#^!+rmAw|Cq<+PMF@-#_g8`=9TlJce^D z-WdykpOB?sZjcWG^VwcdKjvbEXmNN7^OK?{5>DTo%~SJav?MNTo?5gEbGQpjy!#Ad zlB+`4d-4;EnZ`LQze2TW#r`4#MF~g*y8@b-JM?p!n_sbbuK&x*%kz^ZaZEB8AtabH zeuW7rK0!4_0hd%w?JfL^4z2$9RTKpOjWH=C8Y10|TAm{ubAfB!j`f3F@T7>97L7`f zm=mFW+jOZ~Dj^m~6ebb;4;QAX5s5!s5|L=6k`qNOss({W^6WXxFJ{;8W?X^5l+Q4k z>*I-T`H5v8!Rs+x@d9iwsDvl6NXp9RkQ>(t5*56^eed^sP#nfYuXL(d2M|1d45uao zv=ByTLGb$&Vayrhmo%Gz(tHf)mvcp1V*Oa_B1MHl0w0^|6%#YM(FUQWNX7j3M(mcb z9+`{z%Ww^6C}Tl$V=MYUOL`6GT%pvl%@(+ZFs%4*{wa9BxL5o=Tx-SI;nf|X8T^)G z_EuLuH~KQlRNP>7xQ6#ePw(M6c)t+}G_P1BP(CxEL%&e2NnT&*mmb;&_~MH%f6wyI Q00030|E*nfQvj3z0G@89>Hq)$ literal 0 HcmV?d00001 diff --git a/charts/neuvector-crd/103.0.6+up2.8.0/Chart.yaml b/charts/neuvector-crd/103.0.6+up2.8.0/Chart.yaml new file mode 100644 index 0000000000..2dc5280742 --- /dev/null +++ b/charts/neuvector-crd/103.0.6+up2.8.0/Chart.yaml @@ -0,0 +1,16 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/release-name: neuvector-crd +apiVersion: v1 +appVersion: 5.4.0 +description: Helm chart for NeuVector's CRD services +home: https://neuvector.com +icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 +maintainers: +- email: support@neuvector.com + name: becitsthere +name: neuvector-crd +type: application +version: 103.0.6+up2.8.0 diff --git a/charts/neuvector-crd/103.0.6+up2.8.0/README.md b/charts/neuvector-crd/103.0.6+up2.8.0/README.md new file mode 100644 index 0000000000..a5379e6ba6 --- /dev/null +++ b/charts/neuvector-crd/103.0.6+up2.8.0/README.md @@ -0,0 +1,14 @@ +# NeuVector Helm Chart + +Helm chart for NeuVector container security's CRD services. NeuVector's CRD (Custom Resource Definition) capture and declare application security policies early in the pipeline, then defined policies can be deployed together with the container applications. + +Because the CRD policies can be deployed before NeuVector's core product, this separate helm chart is created. For the backward compatibility reason, crd.yaml is not removed in the 'core' chart. If you use this 'crd' chart, please set `crdwebhook.enabled` to false in the 'core' chart. + +## Configuration + +The following table lists the configurable parameters of the NeuVector chart and their default values. + +Parameter | Description | Default | Notes +--------- | ----------- | ------- | ----- +`openshift` | If deploying in OpenShift, set this to true | `false` | +`crdwebhook.type` | crd webhook type | `ClusterIP` | diff --git a/charts/neuvector-crd/103.0.6+up2.8.0/templates/_helpers.tpl b/charts/neuvector-crd/103.0.6+up2.8.0/templates/_helpers.tpl new file mode 100644 index 0000000000..c0cc49294e --- /dev/null +++ b/charts/neuvector-crd/103.0.6+up2.8.0/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "neuvector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "neuvector.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "neuvector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/neuvector-crd/103.0.6+up2.8.0/templates/crd.yaml b/charts/neuvector-crd/103.0.6+up2.8.0/templates/crd.yaml new file mode 100644 index 0000000000..72cd24a3d3 --- /dev/null +++ b/charts/neuvector-crd/103.0.6+up2.8.0/templates/crd.yaml @@ -0,0 +1,983 @@ +{{- if .Values.crdwebhook.enabled -}} +{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} +{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} +spec: + group: neuvector.com + names: + kind: NvSecurityRule + listKind: NvSecurityRuleList + plural: nvsecurityrules + singular: nvsecurityrule + scope: Namespaced +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + egress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + file: + items: + properties: + app: + items: + type: string + type: array + behavior: + enum: + - monitor_change + - block_access + type: string + filter: + type: string + recursive: + type: boolean + required: + - behavior + - filter + type: object + type: array + ingress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + process: + items: + properties: + action: + enum: + - allow + - deny + type: string + allow_update: + type: boolean + name: + type: string + path: + type: string + required: + - action + type: object + type: array + process_profile: + properties: + baseline: + enum: + - default + - shield + - basic + - zero-drift + type: string + type: object + target: + properties: + policymode: + enum: + - Discover + - Monitor + - Protect + - N/A + type: string + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + mon_metric: + type: boolean + grp_sess_cur: + type: integer + grp_sess_rate: + type: integer + grp_band_width: + type: integer + required: + - name + type: object + required: + - selector + type: object + dlp: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + waf: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + required: + - target + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvclustersecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} +spec: + group: neuvector.com + names: + kind: NvClusterSecurityRule + listKind: NvClusterSecurityRuleList + plural: nvclustersecurityrules + singular: nvclustersecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + egress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + file: + items: + properties: + app: + items: + type: string + type: array + behavior: + enum: + - monitor_change + - block_access + type: string + filter: + type: string + recursive: + type: boolean + required: + - behavior + - filter + type: object + type: array + ingress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + process: + items: + properties: + action: + enum: + - allow + - deny + type: string + allow_update: + type: boolean + name: + type: string + path: + type: string + required: + - action + type: object + type: array + process_profile: + properties: + baseline: + enum: + - default + - shield + - basic + - zero-drift + type: string + type: object + target: + properties: + policymode: + enum: + - Discover + - Monitor + - Protect + - N/A + type: string + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + mon_metric: + type: boolean + grp_sess_cur: + type: integer + grp_sess_rate: + type: integer + grp_band_width: + type: integer + required: + - name + type: object + required: + - selector + type: object + dlp: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + waf: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + required: + - target + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvdlpsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} +spec: + group: neuvector.com + names: + kind: NvDlpSecurityRule + listKind: NvDlpSecurityRuleList + plural: nvdlpsecurityrules + singular: nvdlpsecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + sensor: + properties: + comment: + type: string + name: + type: string + rules: + items: + properties: + name: + type: string + patterns: + items: + properties: + context: + enum: + - url + - header + - body + - packet + type: string + key: + enum: + - pattern + type: string + op: + enum: + - regex + - '!regex' + type: string + value: + type: string + required: + - key + - op + - value + - context + type: object + type: array + required: + - name + - patterns + type: object + type: array + required: + - name + type: object + required: + - sensor + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvadmissioncontrolsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} +spec: + group: neuvector.com + names: + kind: NvAdmissionControlSecurityRule + listKind: NvAdmissionControlSecurityRuleList + plural: nvadmissioncontrolsecurityrules + singular: nvadmissioncontrolsecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + config: + properties: + client_mode: + enum: + - service + - url + type: string + enable: + type: boolean + mode: + enum: + - monitor + - protect + type: string + required: + - enable + - mode + - client_mode + type: object + rules: + items: + properties: + action: + enum: + - allow + - deny + type: string + comment: + type: string + criteria: + items: + properties: + name: + type: string + op: + type: string + path: + type: string + sub_criteria: + items: + properties: + name: + type: string + op: + type: string + value: + type: string + required: + - name + - op + - value + type: object + type: array + template_kind: + type: string + type: + type: string + value: + type: string + value_type: + type: string + required: + - name + - op + - value + type: object + type: array + disabled: + type: boolean + id: + type: integer + rule_mode: + enum: + - "" + - monitor + - protect + type: string + containers: + items: + enum: + - containers + - init_containers + - ephemeral_containers + type: string + type: array + required: + - action + - criteria + type: object + type: array + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvwafsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} +spec: + group: neuvector.com + names: + kind: NvWafSecurityRule + listKind: NvWafSecurityRuleList + plural: nvwafsecurityrules + singular: nvwafsecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + sensor: + properties: + comment: + type: string + name: + type: string + rules: + items: + properties: + name: + type: string + patterns: + items: + properties: + context: + enum: + - url + - header + - body + - packet + type: string + key: + enum: + - pattern + type: string + op: + enum: + - regex + - '!regex' + type: string + value: + type: string + required: + - key + - op + - value + - context + type: object + type: array + required: + - name + - patterns + type: object + type: array + required: + - name + type: object + required: + - sensor + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvcomplianceprofiles.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} +spec: + group: neuvector.com + names: + kind: NvComplianceProfile + listKind: NvComplianceProfileList + plural: nvcomplianceprofiles + singular: nvcomplianceprofile + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + templates: + properties: + disable_system: + type: boolean + entries: + items: + properties: + tags: + items: + type: string + type: array + test_number: + type: string + required: + - test_number + type: object + type: array + required: + - entries + type: object + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvvulnerabilityprofiles.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} +spec: + group: neuvector.com + names: + kind: NvVulnerabilityProfile + listKind: NvVulnerabilityProfileList + plural: nvvulnerabilityprofiles + singular: nvvulnerabilityprofile + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + profile: + properties: + entries: + items: + properties: + comment: + type: string + days: + type: integer + domains: + items: + type: string + type: array + images: + items: + type: string + type: array + name: + type: string + required: + - name + type: object + type: array + required: + - entries + type: object + required: + - profile + type: object + type: object +{{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: neuvector-svc-crd-webhook + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} +spec: + ports: + - port: 443 + targetPort: 30443 + protocol: TCP + name: crd-webhook + type: {{ .Values.crdwebhook.type }} + selector: + app: neuvector-controller-pod +{{- end }} diff --git a/charts/neuvector-crd/103.0.6+up2.8.0/values.yaml b/charts/neuvector-crd/103.0.6+up2.8.0/values.yaml new file mode 100644 index 0000000000..e899decf01 --- /dev/null +++ b/charts/neuvector-crd/103.0.6+up2.8.0/values.yaml @@ -0,0 +1,9 @@ +# Default values for neuvector. +# This is a YAML-formatted file. +# Declare variables to be passed into the templates. + +openshift: false + +crdwebhook: + type: ClusterIP + enabled: true diff --git a/index.yaml b/index.yaml index db351aa9fe..0b23f0f2d5 100755 --- a/index.yaml +++ b/index.yaml @@ -5107,6 +5107,26 @@ entries: urls: - assets/neuvector-crd/neuvector-crd-104.0.0+up2.7.7.tgz version: 104.0.0+up2.7.7 + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/release-name: neuvector-crd + apiVersion: v1 + appVersion: 5.4.0 + created: "2024-09-27T16:30:12.025336375-03:00" + description: Helm chart for NeuVector's CRD services + digest: 792854d3da9e4cc1a477a8876bd13231a3a85ace9b23676130efa81aeb3bd1ad + home: https://neuvector.com + icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 + maintainers: + - email: support@neuvector.com + name: becitsthere + name: neuvector-crd + type: application + urls: + - assets/neuvector-crd/neuvector-crd-103.0.6+up2.8.0.tgz + version: 103.0.6+up2.8.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" diff --git a/release.yaml b/release.yaml index 2702834362..f79366f268 100644 --- a/release.yaml +++ b/release.yaml @@ -1,2 +1,4 @@ neuvector: - 103.0.6+up2.8.0 +neuvector-crd: + - 103.0.6+up2.8.0