rename chart to neuvector, update values interface

helm/gen3/Chart.yaml

@@ -104,10 +104,10 @@ dependencies:
   version: "0.1.4"
   repository: "file://../spark"
   condition: spark.enabled
-- name: neuvectorPolicies
+- name: neuvector
   version: "0.1.0"
-  repository: "file://../neuvector-policies"
-  condition: neuvectorPolicies.enabled
+  repository: "file://../neuvector"
+  condition: neuvector.enabled
 
 
 - name: elasticsearch

helm/gen3/values.yaml

@@ -401,5 +401,23 @@ elasticsearch:
       # Here we can add elasticsearch config
 
 
-neuvectorPolicies:
-  enabled: false
+neuvector:
+  # install Neuvector
+  enabled: false
+  policies:
+    # deploy predefined Neuvector policies for Gen3
+    include: false
+    # Discover, Monitor, or Protect
+    policyMode: Monitor
+  # Configure your ingress controller information for enabling ingress to containers
+  ingress:
+    # service name of your ingress controller
+    controller: nginx-ingress-controller
+    # installation namespace of your ingress controller
+    namespace: nginx
+    # classname of your ingress
+    class: nginx
+  # Required to allow egress to in-cluster database or external, managed database
+  DB_HOST: development-gen3-postgresql
+
+

helm/neuvector-policies/Chart.yaml → helm/neuvector/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-name: neuvector-policies
+name: neuvector
 description: A Helm chart for Kubernetes
 
 # A chart can be either an 'application' or a 'library' chart.
@@ -22,3 +22,8 @@ version: 0.1.0
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "1.16.0"
+
+# dependencies:
+# - name: neuvector
+#   version: "5.2.2-s1"
+#   repository: "https://neuvector.github.io/neuvector-helm/core"

helm/neuvector-policies/templates/_helpers.tpl → helm/neuvector/templates/_helpers.tpl

@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "neuvector-policies.name" -}}
+{{- define "neuvector.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "neuvector-policies.fullname" -}}
+{{- define "neuvector.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "neuvector-policies.chart" -}}
+{{- define "neuvector.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "neuvector-policies.labels" -}}
-helm.sh/chart: {{ include "neuvector-policies.chart" . }}
-{{ include "neuvector-policies.selectorLabels" . }}
+{{- define "neuvector.labels" -}}
+helm.sh/chart: {{ include "neuvector.chart" . }}
+{{ include "neuvector.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "neuvector-policies.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "neuvector-policies.name" . }}
+{{- define "neuvector.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "neuvector.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
 {{/*
 Create the name of the service account to use
 */}}
-{{- define "neuvector-policies.serviceAccountName" -}}
+{{- define "neuvector.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
-{{- default (include "neuvector-policies.fullname" .) .Values.serviceAccount.name }}
+{{- default (include "neuvector.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}

helm/neuvector-policies/templates/ambassador-nvsecurityrule.yaml → helm/neuvector/templates/ambassador-nvsecurityrule.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.policies.include }}
 apiVersion: neuvector.com/v1
 kind: NvSecurityRule
 metadata:
@@ -193,7 +194,7 @@ spec:
   process_profile:
     baseline: zero-drift
   target:
-    policymode: {{ .Values.POLICY_MODE }}
+    policymode: {{ .Values.policies.policyMode }}
     selector:
       comment: ""
       criteria:
@@ -207,4 +208,5 @@ spec:
       original_name: ""
   waf:
     settings: []
-    status: true
+    status: true
+{{- end }}

helm/neuvector-policies/templates/arborist-nvsecurityrule.yaml → helm/neuvector/templates/arborist-nvsecurityrule.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.policies.include }}
 apiVersion: neuvector.com/v1
 kind: NvSecurityRule
 metadata:
@@ -199,7 +200,7 @@ spec:
   process_profile:
     baseline: zero-drift
   target:
-    policymode: {{ .Values.POLICY_MODE }}
+    policymode: {{ .Values.policies.policyMode }}
     selector:
       comment: ""
       criteria:
@@ -213,4 +214,5 @@ spec:
       original_name: ""
   waf:
     settings: []
-    status: true
+    status: true
+{{- end }}

helm/neuvector-policies/templates/audit-nvsecurityrule.yaml → helm/neuvector/templates/audit-nvsecurityrule.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.policies.include }}
 apiVersion: neuvector.com/v1
 kind: NvSecurityRule
 metadata:
@@ -79,7 +80,7 @@ spec:
   process_profile:
     baseline: zero-drift
   target:
-    policymode: {{ .Values.POLICY_MODE }}
+    policymode: {{ .Values.policies.policyMode }}
     selector:
       comment: ""
       criteria:
@@ -93,4 +94,5 @@ spec:
       original_name: ""
   waf:
     settings: []
-    status: true
+    status: true
+{{- end }}

helm/neuvector-policies/templates/elasticsearch-nvsecurityrule.yaml → helm/neuvector/templates/elasticsearch-nvsecurityrule.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.policies.include }}
 apiVersion: neuvector.com/v1
 kind: NvSecurityRule
 metadata:
@@ -68,7 +69,7 @@ spec:
   process_profile:
     baseline: zero-drift
   target:
-    policymode: {{ .Values.POLICY_MODE }}
+    policymode: {{ .Values.policies.policyMode }}
     selector:
       comment: ""
       criteria:
@@ -82,4 +83,5 @@ spec:
       original_name: ""
   waf:
     settings: []
-    status: true
+    status: true
+{{- end }}

helm/neuvector-policies/templates/fence-nvsecurityrule.yaml → helm/neuvector/templates/fence-nvsecurityrule.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.policies.include }}
 apiVersion: neuvector.com/v1
 kind: NvSecurityRule
 metadata:
@@ -275,7 +276,7 @@ spec:
   process_profile:
     baseline: zero-drift
   target:
-    policymode: {{ .Values.POLICY_MODE }}
+    policymode: {{ .Values.policies.policyMode }}
     selector:
       comment: ""
       criteria:
@@ -289,4 +290,5 @@ spec:
       original_name: ""
   waf:
     settings: []
-    status: true
+    status: true
+{{- end }}

helm/neuvector-policies/templates/gcp-pubsub-indexing-nvsecurityrule.yaml → helm/neuvector/templates/gcp-pubsub-indexing-nvsecurityrule.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.policies.include }}
 apiVersion: neuvector.com/v1
 kind: NvSecurityRule
 metadata:
@@ -53,7 +54,7 @@ spec:
   process_profile:
     baseline: zero-drift
   target:
-    policymode: {{ .Values.POLICY_MODE }}
+    policymode: {{ .Values.policies.policyMode }}
     selector:
       comment: ""
       criteria:
@@ -67,4 +68,5 @@ spec:
       original_name: ""
   waf:
     settings: []
-    status: true
+    status: true
+{{- end }}

helm/neuvector-policies/templates/guppy-nvsecurityrule.yaml → helm/neuvector/templates/guppy-nvsecurityrule.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.policies.include }}
 apiVersion: neuvector.com/v1
 kind: NvSecurityRule
 metadata:
@@ -110,7 +111,7 @@ spec:
   process_profile:
     baseline: zero-drift
   target:
-    policymode: {{ .Values.POLICY_MODE }}
+    policymode: {{ .Values.policies.policyMode }}
     selector:
       comment: ""
       criteria:
@@ -124,4 +125,5 @@ spec:
       original_name: ""
   waf:
     settings: []
-    status: true
+    status: true
+{{- end }}

helm/neuvector-policies/templates/hatchery-nvsecurityrule.yaml → helm/neuvector/templates/hatchery-nvsecurityrule.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.policies.include }}
 apiVersion: neuvector.com/v1
 kind: NvSecurityRule
 metadata:
@@ -121,7 +122,7 @@ spec:
   process_profile:
     baseline: zero-drift
   target:
-    policymode: {{ .Values.POLICY_MODE }}
+    policymode: {{ .Values.policies.policyMode }}
     selector:
       comment: ""
       criteria:
@@ -135,4 +136,5 @@ spec:
       original_name: ""
   waf:
     settings: []
-    status: true
+    status: true
+{{- end }}

helm/neuvector-policies/templates/indexd-nvsecurityrule.yaml → helm/neuvector/templates/indexd-nvsecurityrule.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.policies.include }}
 apiVersion: neuvector.com/v1
 kind: NvSecurityRule
 metadata:
@@ -133,7 +134,7 @@ spec:
   process_profile:
     baseline: zero-drift
   target:
-    policymode: {{ .Values.POLICY_MODE }}
+    policymode: {{ .Values.policies.policyMode }}
     selector:
       comment: ""
       criteria:
@@ -147,4 +148,5 @@ spec:
       original_name: ""
   waf:
     settings: []
-    status: true
+    status: true
+{{- end }}

helm/neuvector-policies/templates/ingress-nvclustersecurityrule.yaml → helm/neuvector/templates/ingress-nvclustersecurityrule.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.policies.include }}
 apiVersion: neuvector.com/v1
 kind: NvClusterSecurityRule
 metadata:
@@ -125,4 +126,5 @@ spec:
       original_name: ""
   waf:
     settings: []
-    status: true
+    status: true
+{{- end }}

helm/neuvector-policies/templates/manifestservice-nvsecurityrule.yaml → helm/neuvector/templates/manifestservice-nvsecurityrule.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.policies.include }}
 apiVersion: neuvector.com/v1
 kind: NvSecurityRule
 metadata:
@@ -147,7 +148,7 @@ spec:
   process_profile:
     baseline: zero-drift
   target:
-    policymode: {{ .Values.POLICY_MODE }}
+    policymode: {{ .Values.policies.policyMode }}
     selector:
       comment: ""
       criteria:
@@ -161,4 +162,5 @@ spec:
       original_name: ""
   waf:
     settings: []
-    status: true
+    status: true
+{{- end }}

helm/neuvector-policies/templates/metadata-nvsecurityrule.yaml → helm/neuvector/templates/metadata-nvsecurityrule.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.policies.include }}
 apiVersion: neuvector.com/v1
 kind: NvSecurityRule
 metadata:
@@ -68,7 +69,7 @@ spec:
   process_profile:
     baseline: zero-drift
   target:
-    policymode: {{ .Values.POLICY_MODE }}
+    policymode: {{ .Values.policies.policyMode }}
     selector:
       comment: ""
       criteria:
@@ -82,4 +83,5 @@ spec:
       original_name: ""
   waf:
     settings: []
-    status: true
+    status: true
+{{- end }}