diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 8b45b086..d8bb89c7 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -104,10 +104,10 @@ dependencies: version: "0.1.4" repository: "file://../spark" condition: spark.enabled -- name: neuvectorPolicies +- name: neuvector version: "0.1.0" - repository: "file://../neuvector-policies" - condition: neuvectorPolicies.enabled + repository: "file://../neuvector" + condition: neuvector.enabled - name: elasticsearch diff --git a/helm/gen3/values.yaml b/helm/gen3/values.yaml index c22e9893..ea492539 100644 --- a/helm/gen3/values.yaml +++ b/helm/gen3/values.yaml @@ -401,5 +401,23 @@ elasticsearch: # Here we can add elasticsearch config -neuvectorPolicies: - enabled: false \ No newline at end of file +neuvector: + # install Neuvector + enabled: false + policies: + # deploy predefined Neuvector policies for Gen3 + include: false + # Discover, Monitor, or Protect + policyMode: Monitor + # Configure your ingress controller information for enabling ingress to containers + ingress: + # service name of your ingress controller + controller: nginx-ingress-controller + # installation namespace of your ingress controller + namespace: nginx + # classname of your ingress + class: nginx + # Required to allow egress to in-cluster database or external, managed database + DB_HOST: development-gen3-postgresql + + diff --git a/helm/neuvector-policies/.helmignore b/helm/neuvector/.helmignore similarity index 100% rename from helm/neuvector-policies/.helmignore rename to helm/neuvector/.helmignore diff --git a/helm/neuvector-policies/Chart.yaml b/helm/neuvector/Chart.yaml similarity index 88% rename from helm/neuvector-policies/Chart.yaml rename to helm/neuvector/Chart.yaml index c93b3b2a..d7e9965c 100644 --- a/helm/neuvector-policies/Chart.yaml +++ b/helm/neuvector/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: neuvector-policies +name: neuvector description: A Helm chart for Kubernetes # A chart can be either an 'application' or a 'library' chart. @@ -22,3 +22,8 @@ version: 0.1.0 # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "1.16.0" + +# dependencies: +# - name: neuvector +# version: "5.2.2-s1" +# repository: "https://neuvector.github.io/neuvector-helm/core" diff --git a/helm/neuvector-policies/templates/_helpers.tpl b/helm/neuvector/templates/_helpers.tpl similarity index 71% rename from helm/neuvector-policies/templates/_helpers.tpl rename to helm/neuvector/templates/_helpers.tpl index a6bc51f6..cc8472e7 100644 --- a/helm/neuvector-policies/templates/_helpers.tpl +++ b/helm/neuvector/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "neuvector-policies.name" -}} +{{- define "neuvector.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "neuvector-policies.fullname" -}} +{{- define "neuvector.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "neuvector-policies.chart" -}} +{{- define "neuvector.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "neuvector-policies.labels" -}} -helm.sh/chart: {{ include "neuvector-policies.chart" . }} -{{ include "neuvector-policies.selectorLabels" . }} +{{- define "neuvector.labels" -}} +helm.sh/chart: {{ include "neuvector.chart" . }} +{{ include "neuvector.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,17 +45,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "neuvector-policies.selectorLabels" -}} -app.kubernetes.io/name: {{ include "neuvector-policies.name" . }} +{{- define "neuvector.selectorLabels" -}} +app.kubernetes.io/name: {{ include "neuvector.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "neuvector-policies.serviceAccountName" -}} +{{- define "neuvector.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "neuvector-policies.fullname" .) .Values.serviceAccount.name }} +{{- default (include "neuvector.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} diff --git a/helm/neuvector-policies/templates/ambassador-nvsecurityrule.yaml b/helm/neuvector/templates/ambassador-nvsecurityrule.yaml similarity index 93% rename from helm/neuvector-policies/templates/ambassador-nvsecurityrule.yaml rename to helm/neuvector/templates/ambassador-nvsecurityrule.yaml index ef85b790..01166345 100644 --- a/helm/neuvector-policies/templates/ambassador-nvsecurityrule.yaml +++ b/helm/neuvector/templates/ambassador-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -193,7 +194,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -207,4 +208,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/arborist-nvsecurityrule.yaml b/helm/neuvector/templates/arborist-nvsecurityrule.yaml similarity index 94% rename from helm/neuvector-policies/templates/arborist-nvsecurityrule.yaml rename to helm/neuvector/templates/arborist-nvsecurityrule.yaml index 9518a941..5ee722d7 100644 --- a/helm/neuvector-policies/templates/arborist-nvsecurityrule.yaml +++ b/helm/neuvector/templates/arborist-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -199,7 +200,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -213,4 +214,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/audit-nvsecurityrule.yaml b/helm/neuvector/templates/audit-nvsecurityrule.yaml similarity index 91% rename from helm/neuvector-policies/templates/audit-nvsecurityrule.yaml rename to helm/neuvector/templates/audit-nvsecurityrule.yaml index ce42fc89..5320e394 100644 --- a/helm/neuvector-policies/templates/audit-nvsecurityrule.yaml +++ b/helm/neuvector/templates/audit-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -79,7 +80,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -93,4 +94,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/elasticsearch-nvsecurityrule.yaml b/helm/neuvector/templates/elasticsearch-nvsecurityrule.yaml similarity index 91% rename from helm/neuvector-policies/templates/elasticsearch-nvsecurityrule.yaml rename to helm/neuvector/templates/elasticsearch-nvsecurityrule.yaml index f59b03a4..4089bf63 100644 --- a/helm/neuvector-policies/templates/elasticsearch-nvsecurityrule.yaml +++ b/helm/neuvector/templates/elasticsearch-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -68,7 +69,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -82,4 +83,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/fence-nvsecurityrule.yaml b/helm/neuvector/templates/fence-nvsecurityrule.yaml similarity index 94% rename from helm/neuvector-policies/templates/fence-nvsecurityrule.yaml rename to helm/neuvector/templates/fence-nvsecurityrule.yaml index 67cbf2bb..8dc08b8f 100644 --- a/helm/neuvector-policies/templates/fence-nvsecurityrule.yaml +++ b/helm/neuvector/templates/fence-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -275,7 +276,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -289,4 +290,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/gcp-pubsub-indexing-nvsecurityrule.yaml b/helm/neuvector/templates/gcp-pubsub-indexing-nvsecurityrule.yaml similarity index 88% rename from helm/neuvector-policies/templates/gcp-pubsub-indexing-nvsecurityrule.yaml rename to helm/neuvector/templates/gcp-pubsub-indexing-nvsecurityrule.yaml index 88c782cc..f2ed1090 100644 --- a/helm/neuvector-policies/templates/gcp-pubsub-indexing-nvsecurityrule.yaml +++ b/helm/neuvector/templates/gcp-pubsub-indexing-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -53,7 +54,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -67,4 +68,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/guppy-nvsecurityrule.yaml b/helm/neuvector/templates/guppy-nvsecurityrule.yaml similarity index 91% rename from helm/neuvector-policies/templates/guppy-nvsecurityrule.yaml rename to helm/neuvector/templates/guppy-nvsecurityrule.yaml index 701a9b06..6d05c7fd 100644 --- a/helm/neuvector-policies/templates/guppy-nvsecurityrule.yaml +++ b/helm/neuvector/templates/guppy-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -110,7 +111,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -124,4 +125,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/hatchery-nvsecurityrule.yaml b/helm/neuvector/templates/hatchery-nvsecurityrule.yaml similarity index 92% rename from helm/neuvector-policies/templates/hatchery-nvsecurityrule.yaml rename to helm/neuvector/templates/hatchery-nvsecurityrule.yaml index cf1d8425..cf46a487 100644 --- a/helm/neuvector-policies/templates/hatchery-nvsecurityrule.yaml +++ b/helm/neuvector/templates/hatchery-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -121,7 +122,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -135,4 +136,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/indexd-nvsecurityrule.yaml b/helm/neuvector/templates/indexd-nvsecurityrule.yaml similarity index 92% rename from helm/neuvector-policies/templates/indexd-nvsecurityrule.yaml rename to helm/neuvector/templates/indexd-nvsecurityrule.yaml index a8347eed..db1e1000 100644 --- a/helm/neuvector-policies/templates/indexd-nvsecurityrule.yaml +++ b/helm/neuvector/templates/indexd-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -133,7 +134,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -147,4 +148,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/ingress-nvclustersecurityrule.yaml b/helm/neuvector/templates/ingress-nvclustersecurityrule.yaml similarity index 94% rename from helm/neuvector-policies/templates/ingress-nvclustersecurityrule.yaml rename to helm/neuvector/templates/ingress-nvclustersecurityrule.yaml index 001c9a7c..febb5ef0 100644 --- a/helm/neuvector-policies/templates/ingress-nvclustersecurityrule.yaml +++ b/helm/neuvector/templates/ingress-nvclustersecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvClusterSecurityRule metadata: @@ -125,4 +126,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/manifestservice-nvsecurityrule.yaml b/helm/neuvector/templates/manifestservice-nvsecurityrule.yaml similarity index 92% rename from helm/neuvector-policies/templates/manifestservice-nvsecurityrule.yaml rename to helm/neuvector/templates/manifestservice-nvsecurityrule.yaml index 1fea1965..1efd07f5 100644 --- a/helm/neuvector-policies/templates/manifestservice-nvsecurityrule.yaml +++ b/helm/neuvector/templates/manifestservice-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -147,7 +148,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -161,4 +162,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/metadata-nvsecurityrule.yaml b/helm/neuvector/templates/metadata-nvsecurityrule.yaml similarity index 89% rename from helm/neuvector-policies/templates/metadata-nvsecurityrule.yaml rename to helm/neuvector/templates/metadata-nvsecurityrule.yaml index 083768c7..3d85201c 100644 --- a/helm/neuvector-policies/templates/metadata-nvsecurityrule.yaml +++ b/helm/neuvector/templates/metadata-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -68,7 +69,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -82,4 +83,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/peregrine-nvsecurityrule.yaml b/helm/neuvector/templates/peregrine-nvsecurityrule.yaml similarity index 93% rename from helm/neuvector-policies/templates/peregrine-nvsecurityrule.yaml rename to helm/neuvector/templates/peregrine-nvsecurityrule.yaml index 472ed746..f9df4477 100644 --- a/helm/neuvector-policies/templates/peregrine-nvsecurityrule.yaml +++ b/helm/neuvector/templates/peregrine-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -239,7 +240,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -253,4 +254,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/pidgin-nvsecurityrule.yaml b/helm/neuvector/templates/pidgin-nvsecurityrule.yaml similarity index 91% rename from helm/neuvector-policies/templates/pidgin-nvsecurityrule.yaml rename to helm/neuvector/templates/pidgin-nvsecurityrule.yaml index e7b4965d..8f68b21a 100644 --- a/helm/neuvector-policies/templates/pidgin-nvsecurityrule.yaml +++ b/helm/neuvector/templates/pidgin-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -116,7 +117,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -130,4 +131,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/portal-nvsecurityrule.yaml b/helm/neuvector/templates/portal-nvsecurityrule.yaml similarity index 93% rename from helm/neuvector-policies/templates/portal-nvsecurityrule.yaml rename to helm/neuvector/templates/portal-nvsecurityrule.yaml index 53232cff..0bbb87f3 100644 --- a/helm/neuvector-policies/templates/portal-nvsecurityrule.yaml +++ b/helm/neuvector/templates/portal-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -163,7 +164,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -177,4 +178,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/postgresql-nvsecurityrule.yaml b/helm/neuvector/templates/postgresql-nvsecurityrule.yaml similarity index 93% rename from helm/neuvector-policies/templates/postgresql-nvsecurityrule.yaml rename to helm/neuvector/templates/postgresql-nvsecurityrule.yaml index 62b8b80a..d1d1f076 100644 --- a/helm/neuvector-policies/templates/postgresql-nvsecurityrule.yaml +++ b/helm/neuvector/templates/postgresql-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -119,7 +120,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -133,4 +134,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/presigned-url-fence-nvsecurityrule.yaml b/helm/neuvector/templates/presigned-url-fence-nvsecurityrule.yaml similarity index 92% rename from helm/neuvector-policies/templates/presigned-url-fence-nvsecurityrule.yaml rename to helm/neuvector/templates/presigned-url-fence-nvsecurityrule.yaml index e4c3de7b..5677d408 100644 --- a/helm/neuvector-policies/templates/presigned-url-fence-nvsecurityrule.yaml +++ b/helm/neuvector/templates/presigned-url-fence-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -154,7 +155,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -168,4 +169,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/revproxy-nvsecurityrule.yaml b/helm/neuvector/templates/revproxy-nvsecurityrule.yaml similarity index 93% rename from helm/neuvector-policies/templates/revproxy-nvsecurityrule.yaml rename to helm/neuvector/templates/revproxy-nvsecurityrule.yaml index 69ba04fd..3661369b 100644 --- a/helm/neuvector-policies/templates/revproxy-nvsecurityrule.yaml +++ b/helm/neuvector/templates/revproxy-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -156,7 +157,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -170,4 +171,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/sheepdog-nvsecurityrule.yaml b/helm/neuvector/templates/sheepdog-nvsecurityrule.yaml similarity index 92% rename from helm/neuvector-policies/templates/sheepdog-nvsecurityrule.yaml rename to helm/neuvector/templates/sheepdog-nvsecurityrule.yaml index fad4de0c..d587e45a 100644 --- a/helm/neuvector-policies/templates/sheepdog-nvsecurityrule.yaml +++ b/helm/neuvector/templates/sheepdog-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -165,7 +166,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -179,4 +180,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/sower-nvsecurityrule.yaml b/helm/neuvector/templates/sower-nvsecurityrule.yaml similarity index 79% rename from helm/neuvector-policies/templates/sower-nvsecurityrule.yaml rename to helm/neuvector/templates/sower-nvsecurityrule.yaml index d4d55770..fac23984 100644 --- a/helm/neuvector-policies/templates/sower-nvsecurityrule.yaml +++ b/helm/neuvector/templates/sower-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -13,7 +14,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -27,4 +28,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/templates/wts-nvsecurityrule.yaml b/helm/neuvector/templates/wts-nvsecurityrule.yaml similarity index 93% rename from helm/neuvector-policies/templates/wts-nvsecurityrule.yaml rename to helm/neuvector/templates/wts-nvsecurityrule.yaml index d2cf6be6..de07659a 100644 --- a/helm/neuvector-policies/templates/wts-nvsecurityrule.yaml +++ b/helm/neuvector/templates/wts-nvsecurityrule.yaml @@ -1,3 +1,4 @@ +{{- if .Values.policies.include }} apiVersion: neuvector.com/v1 kind: NvSecurityRule metadata: @@ -180,7 +181,7 @@ spec: process_profile: baseline: zero-drift target: - policymode: {{ .Values.POLICY_MODE }} + policymode: {{ .Values.policies.policyMode }} selector: comment: "" criteria: @@ -194,4 +195,5 @@ spec: original_name: "" waf: settings: [] - status: true \ No newline at end of file + status: true +{{- end }} \ No newline at end of file diff --git a/helm/neuvector-policies/values.yaml b/helm/neuvector/values.yaml similarity index 60% rename from helm/neuvector-policies/values.yaml rename to helm/neuvector/values.yaml index 3b4f5cd9..1755c9c9 100644 --- a/helm/neuvector-policies/values.yaml +++ b/helm/neuvector/values.yaml @@ -1,4 +1,4 @@ -# Default values for neuvector-policies. +# Default values for neuvector. # This is a YAML-formatted file. # Declare variables to be passed into your templates. @@ -7,6 +7,14 @@ nameOverride: "" fullnameOverride: "" +policies: + # deploy predefined Neuvector policies for Gen3 + include: true + # Neuvector policy enforcement mode + # Discover, Monitor, or Protect + # dev: Monitor + # prod: Protect + policyMode: Monitor # hostname/service name for our DB DB_HOST: development-gen3-postgresql @@ -14,11 +22,7 @@ DB_HOST: development-gen3-postgresql # Prefix for relevant services deployed through Argo ARGOCD_PREFIX: development-gen3 -# Neuvector policy enforcement mode -# dev: Monitor -# prod: Protect -POLICY_MODE: Monitor # Protect - +# Configure your ingress controller information for enabling ingress to containers ingress: # service name of your ingress controller controller: nginx-ingress-controller