Merge pull request #422 from selvamt94/aws-addon

Adding support for AWS Addon

charts/core/README.md

@@ -23,6 +23,7 @@ Parameter | Description | Default | Notes
 `psp` | NeuVector Pod Security Policy when psp policy is enabled | `false` |
 `serviceAccount` | Service account name for NeuVector components | `default` |
 `leastPrivilege` | Use least privileged service account | `false` |
+`bootstrapPassword` | Set password for admin user account if present | `false` | Random password generated if aws billing is enabled
 `autoGenerateCert` | Automatically generate certificate or not | `true` |
 `internal.certmanager.enabled` | cert-manager is installed for the internal certificates | `false` |
 `internal.certmanager.secretname` | Name of the secret to be used for the internal certificates | `neuvector-internal` |

charts/core/templates/NOTES.txt

@@ -21,3 +21,14 @@ Get the NeuVector URL by running these commands:
   echo https://$SERVICE_IP:8443
 {{- end }}
 {{- end }}
+
+
+{{- if or (.Values.global.aws.enabled) (.Values.bootstrapPassword) }}
+
+NOTE: Use below command to get the password to login to NeuVector WebUi using admin account if it is a fresh install and not a restore from PVC, no admin password is set in the configmap or secret. The password is randomly generated during the deployment if AWS cloud billing is enabled.
+
+To get the bootstrap password:
+
+kubectl get secret --namespace {{ .Release.Namespace }} neuvector-bootstrap-secret -o go-template='{{ "{{" }}.data.bootstrapPassword|base64decode{{ "}}" }}{{ "{{" }} "\n" {{ "}}" }}'
+
+{{- end }}

charts/core/templates/admission-webhook-service.yaml

@@ -6,7 +6,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
   ports:
     - port: 443

charts/core/templates/bootstrap-secret.yaml

@@ -0,0 +1,19 @@
+{{/* Use the bootstrap password from values.yaml or random value*/}}
+{{- $bootstrapPassword := .Values.bootstrapPassword -}}
+{{- if .Values.global.aws.enabled -}}
+    {{- $bootstrapPassword = randAlphaNum 18 -}}
+{{- end -}}
+{{/* If a bootstrap password was found in the values or AWS is enabled */}}
+{{- if $bootstrapPassword }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "neuvector-bootstrap-secret"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    chart: {{ template "neuvector.chart" . }}
+    release: {{ .Release.Name }}
+type: Opaque
+data:
+  bootstrapPassword: {{ $bootstrapPassword | b64enc |quote }}
+{{- end }}

charts/core/templates/clusterrole.yaml

@@ -14,7 +14,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 rules:
 - apiGroups:
   - ""
@@ -44,7 +43,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 rules:
 {{- if .Values.openshift }}
 - apiGroups:
@@ -83,7 +81,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 rules:
 - apiGroups:
   - admissionregistration.k8s.io
@@ -108,7 +105,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 rules:
 - apiGroups:
   - config.openshift.io

charts/core/templates/clusterrolebinding-least.yaml

@@ -15,7 +15,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 roleRef:
 {{- if not $oc3 }}
   apiGroup: rbac.authorization.k8s.io
@@ -46,7 +45,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 roleRef:
 {{- if not $oc3 }}
   apiGroup: rbac.authorization.k8s.io
@@ -77,7 +75,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 roleRef:
 {{- if not $oc3 }}
   apiGroup: rbac.authorization.k8s.io
@@ -108,7 +105,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 roleRef:
 {{- if not $oc3 }}
   apiGroup: rbac.authorization.k8s.io
@@ -134,7 +130,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

charts/core/templates/clusterrolebinding.yaml

@@ -15,7 +15,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 roleRef:
 {{- if not $oc3 }}
   apiGroup: rbac.authorization.k8s.io
@@ -46,7 +45,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 roleRef:
 {{- if not $oc3 }}
   apiGroup: rbac.authorization.k8s.io
@@ -77,7 +75,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 roleRef:
 {{- if not $oc3 }}
   apiGroup: rbac.authorization.k8s.io
@@ -108,7 +105,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 roleRef:
 {{- if not $oc3 }}
   apiGroup: rbac.authorization.k8s.io
@@ -134,7 +130,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole

charts/core/templates/controller-deployment.yaml

@@ -15,7 +15,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 {{- with .Values.controller.annotations }}
   annotations:
 {{ toYaml . | indent 4 }}
@@ -153,7 +152,7 @@ spec:
             - name: CSP_ENV
               value: "azure"
           {{- end }}
-          {{- if or .Values.global.aws.enabled .Values.global.azure.enabled }}
+          {{- if .Values.global.azure.enabled }}
             - name: NO_DEFAULT_ADMIN
               value: "1"
           {{- end }}

charts/core/templates/controller-ingress.yaml

@@ -13,7 +13,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
 {{- if .Values.controller.ingress.ingressClassName }}
   ingressClassName: {{ .Values.controller.ingress.ingressClassName | quote }}
@@ -50,7 +49,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
 {{- if .Values.controller.ingress.tls }}
   tls:
@@ -85,7 +83,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
 {{- if .Values.controller.federation.mastersvc.ingress.ingressClassName }}
   ingressClassName: {{ .Values.controller.federation.mastersvc.ingress.ingressClassName | quote }}
@@ -123,7 +120,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
 {{- if .Values.controller.federation.mastersvc.ingress.tls }}
   tls:
@@ -158,7 +154,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
 {{- if .Values.controller.federation.managedsvc.ingress.ingressClassName }}
   ingressClassName: {{ .Values.controller.federation.managedsvc.ingress.ingressClassName | quote }}
@@ -196,7 +191,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
 {{- if .Values.controller.federation.managedsvc.ingress.tls }}
   tls:

charts/core/templates/controller-route.yaml

@@ -12,7 +12,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
 {{- if .Values.controller.apisvc.route.host }}
   host: {{ .Values.controller.apisvc.route.host }}
@@ -45,7 +44,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
 {{- if .Values.controller.federation.mastersvc.route.host }}
   host: {{ .Values.controller.federation.mastersvc.route.host }}
@@ -77,7 +75,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
 {{- if .Values.controller.federation.managedsvc.route.host }}
   host: {{ .Values.controller.federation.managedsvc.route.host }}

charts/core/templates/controller-secret.yaml

@@ -10,7 +10,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 type: Opaque
 data:
   ssl-cert.key: {{ include "neuvector.secrets.lookup" (dict "namespace" .Release.Namespace "secret" "neuvector-controller-secret" "key" "ssl-cert.key" "defaultValue" $cert.Key) }}

charts/core/templates/controller-service.yaml

@@ -7,7 +7,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
   clusterIP: None
   ports:
@@ -36,7 +35,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
   type: {{ .Values.controller.apisvc.type }}
   ports:
@@ -61,7 +59,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
   type: {{ .Values.controller.federation.mastersvc.type }}
 {{- if and .Values.controller.federation.mastersvc.loadBalancerIP (eq .Values.controller.federation.mastersvc.type "LoadBalancer") }}
@@ -101,7 +98,6 @@ metadata:
   labels:
     chart: {{ template "neuvector.chart" . }}
     release: {{ .Release.Name }}
-    heritage: Helm
 spec:
   type: {{ .Values.controller.federation.managedsvc.type }}
 {{- if and .Values.controller.federation.managedsvc.loadBalancerIP (eq .Values.controller.federation.managedsvc.type "LoadBalancer") }}