Skip to content

Commit

Permalink
robot: project neuvector chart upgrades from 2.4.2 to 2.8.3
Browse files Browse the repository at this point in the history
Signed-off-by: robot <[email protected]>
  • Loading branch information
robot committed Nov 27, 2024
1 parent 85a380b commit d886272
Show file tree
Hide file tree
Showing 56 changed files with 5,673 additions and 512 deletions.
2 changes: 1 addition & 1 deletion charts/neuvector/config
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ export USE_OPENSOURCE_CHART=false
export REPO_URL=https://neuvector.github.io/neuvector-helm
export REPO_NAME=neuvector
export CHART_NAME=core
export VERSION=2.4.2
export VERSION=2.8.3

# pr, issue, none
export UPGRADE_METHOD=pr
Expand Down
10 changes: 6 additions & 4 deletions charts/neuvector/neuvector/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,17 +1,19 @@
apiVersion: v1
appVersion: 5.1.1
appVersion: 5.4.1
description: Helm chart for NeuVector's core services
engine: gotpl
home: https://neuvector.com
icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
maintainers:
- email: [email protected]
name: becitsthere
name: neuvector
version: 2.4.2
sources:
- https://github.com/neuvector/neuvector
- https://github.com/neuvector/neuvector-helm
version: 2.8.3
dependencies:
- name: core
version: "2.4.2"
version: "2.8.3"
repository: "https://neuvector.github.io/neuvector-helm"
keywords:
- monitoring
Expand Down
150 changes: 134 additions & 16 deletions charts/neuvector/neuvector/README.md

Large diffs are not rendered by default.

8 changes: 5 additions & 3 deletions charts/neuvector/neuvector/charts/core/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
apiVersion: v1
appVersion: 5.1.1
appVersion: 5.4.1
description: Helm chart for NeuVector's core services
engine: gotpl
home: https://neuvector.com
icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
maintainers:
- email: [email protected]
name: becitsthere
name: core
version: 2.4.2
sources:
- https://github.com/neuvector/neuvector
- https://github.com/neuvector/neuvector-helm
version: 2.8.3
150 changes: 134 additions & 16 deletions charts/neuvector/neuvector/charts/core/README.md

Large diffs are not rendered by default.

16 changes: 15 additions & 1 deletion charts/neuvector/neuvector/charts/core/templates/NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
{{- if and .Values.manager.enabled .Values.manager.ingress.enabled }}
From outside the cluster, the NeuVector URL is:
http://{{ .Values.manager.ingress.host }}
{{- else if and .Values.manager.enabled .Values.manager.ingress.enabled .Values.manager.ingress.tls}}
From outside the cluster, the NeuVector URL is:
https://{{ .Values.manager.ingress.host }}
{{- else if not .Values.openshift }}
Get the NeuVector URL by running these commands:
{{- if contains "NodePort" .Values.manager.svc.type }}
Expand All @@ -17,4 +20,15 @@ Get the NeuVector URL by running these commands:
SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} neuvector-service-webui -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
echo https://$SERVICE_IP:8443
{{- end }}
{{- end }}
{{- end }}


{{- if or (.Values.global.aws.enabled) (.Values.bootstrapPassword) }}

NOTE: Use below command to get the password to login to NeuVector WebUi using admin account if it is a fresh install and not a restore from PVC, no admin password is set in the configmap or secret. The password is randomly generated during the deployment if AWS cloud billing is enabled.

To get the bootstrap password:

kubectl get secret --namespace {{ .Release.Namespace }} neuvector-bootstrap-secret -o go-template='{{ "{{" }}.data.bootstrapPassword|base64decode{{ "}}" }}{{ "{{" }} "\n" {{ "}}" }}'

{{- end }}
36 changes: 36 additions & 0 deletions charts/neuvector/neuvector/charts/core/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,39 @@ Create chart name and version as used by the chart label.
{{- define "neuvector.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Lookup secret.
*/}}
{{- define "neuvector.secrets.lookup" -}}
{{- $value := "" -}}
{{- $secretData := (lookup "v1" "Secret" .namespace .secret).data -}}
{{- if and $secretData (hasKey $secretData .key) -}}
{{- $value = index $secretData .key -}}
{{- else if .defaultValue -}}
{{- $value = .defaultValue | toString | b64enc -}}
{{- end -}}
{{- if $value -}}
{{- printf "%s" $value -}}
{{- end -}}
{{- end -}}

{{- define "neuvector.controller.image" -}}
{{- if .Values.global.azure.enabled }}
{{- printf "%s/%s:%s" .Values.global.azure.images.controller.registry .Values.global.azure.images.controller.image .Values.global.azure.images.controller.tag }}
{{- else }}
{{- if eq .Values.registry "registry.neuvector.com" }}
{{- if .Values.oem }}
{{- printf "%s/%s/controller:%s" .Values.registry .Values.oem .Values.tag }}
{{- else }}
{{- printf "%s/controller:%s" .Values.registry .Values.tag }}
{{- end }}
{{- else }}
{{- if .Values.controller.image.hash }}
{{- printf "%s/%s@%s" .Values.registry .Values.controller.image.repository .Values.controller.image.hash }}
{{- else }}
{{- printf "%s/%s:%s" .Values.registry .Values.controller.image.repository .Values.tag }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ metadata:
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
ports:
- port: 443
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{{/* Use the bootstrap password from values.yaml or random value*/}}
{{- $bootstrapPassword := .Values.bootstrapPassword -}}
{{- if and .Values.global.aws.enabled (not .Values.bootstrapPassword) -}}
{{- $bootstrapPassword = randAlphaNum 18 -}}
{{- end -}}
{{/* If a bootstrap password was found in the values or AWS is enabled */}}
{{- if $bootstrapPassword }}
apiVersion: v1
kind: Secret
metadata:
name: "neuvector-bootstrap-secret"
namespace: {{ .Release.Namespace }}
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
type: Opaque
data:
bootstrapPassword: {{ $bootstrapPassword | b64enc |quote }}
{{- end }}
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
{{- if .Values.internal.certmanager.enabled }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ .Values.internal.certmanager.secretname }}
namespace: {{ .Release.Namespace }}
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .Values.internal.certmanager.secretname }}
namespace: {{ .Release.Namespace }}
spec:
duration: 17520h # 2 years
subject:
organizations:
- NeuVector
isCA: true
commonName: neuvector.internal
dnsNames:
- neuvector.internal
- NeuVector
secretName: {{ .Values.internal.certmanager.secretname }}
usages:
- digital signature
- key encipherment
issuerRef:
group: cert-manager.io
kind: Issuer
name: {{ .Values.internal.certmanager.secretname }}
{{- end }}
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ metadata:
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- ""
Expand Down Expand Up @@ -44,7 +43,6 @@ metadata:
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
{{- if .Values.openshift }}
- apiGroups:
Expand Down Expand Up @@ -83,7 +81,6 @@ metadata:
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- admissionregistration.k8s.io
Expand All @@ -108,7 +105,6 @@ metadata:
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- config.openshift.io
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
{{- if and .Values.rbac .Values.leastPrivilege -}}
{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}
{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}}

{{- if $oc3 }}
apiVersion: authorization.openshift.io/v1
{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
apiVersion: rbac.authorization.k8s.io/v1
{{- else }}
apiVersion: v1
{{- end }}
kind: ClusterRoleBinding
metadata:
name: neuvector-binding-app
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
roleRef:
{{- if not $oc3 }}
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
{{- end }}
name: neuvector-binding-app
subjects:
- kind: ServiceAccount
name: controller
namespace: {{ .Release.Namespace }}
{{- if $oc3 }}
userNames:
- system:serviceaccount:{{ .Release.Namespace }}:controller
{{- end }}

---

{{- if $oc3 }}
apiVersion: authorization.openshift.io/v1
{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
apiVersion: rbac.authorization.k8s.io/v1
{{- else }}
apiVersion: v1
{{- end }}
kind: ClusterRoleBinding
metadata:
name: neuvector-binding-rbac
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
roleRef:
{{- if not $oc3 }}
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
{{- end }}
name: neuvector-binding-rbac
subjects:
- kind: ServiceAccount
name: controller
namespace: {{ .Release.Namespace }}
{{- if $oc3 }}
userNames:
- system:serviceaccount:{{ .Release.Namespace }}:controller
{{- end }}

---

{{- if $oc3 }}
apiVersion: authorization.openshift.io/v1
{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
apiVersion: rbac.authorization.k8s.io/v1
{{- else }}
apiVersion: v1
{{- end }}
kind: ClusterRoleBinding
metadata:
name: neuvector-binding-admission
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
roleRef:
{{- if not $oc3 }}
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
{{- end }}
name: neuvector-binding-admission
subjects:
- kind: ServiceAccount
name: controller
namespace: {{ .Release.Namespace }}
{{- if $oc3 }}
userNames:
- system:serviceaccount:{{ .Release.Namespace }}:controller
{{- end }}

---

{{- if $oc3 }}
apiVersion: authorization.openshift.io/v1
{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }}
apiVersion: rbac.authorization.k8s.io/v1
{{- else }}
apiVersion: v1
{{- end }}
kind: ClusterRoleBinding
metadata:
name: neuvector-binding-view
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
roleRef:
{{- if not $oc3 }}
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
{{- end }}
name: view
subjects:
- kind: ServiceAccount
name: controller
namespace: {{ .Release.Namespace }}
{{- if $oc3 }}
userNames:
- system:serviceaccount:{{ .Release.Namespace }}:controller
{{- end }}

---

{{- if $oc4 }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: neuvector-binding-co
labels:
chart: {{ template "neuvector.chart" . }}
release: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: neuvector-binding-co
subjects:
- kind: ServiceAccount
name: controller
namespace: {{ .Release.Namespace }}
- kind: ServiceAccount
name: enforcer
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
Loading

0 comments on commit d886272

Please sign in to comment.