diff --git a/charts/core/README.md b/charts/core/README.md index af89e395..d92a4e20 100644 --- a/charts/core/README.md +++ b/charts/core/README.md @@ -23,6 +23,7 @@ Parameter | Description | Default | Notes `psp` | NeuVector Pod Security Policy when psp policy is enabled | `false` | `serviceAccount` | Service account name for NeuVector components | `default` | `leastPrivilege` | Use least privileged service account | `false` | +`bootstrapPassword` | Set password for admin user account if present | `false` | Random password generated if aws billing is enabled `autoGenerateCert` | Automatically generate certificate or not | `true` | `internal.certmanager.enabled` | cert-manager is installed for the internal certificates | `false` | `internal.certmanager.secretname` | Name of the secret to be used for the internal certificates | `neuvector-internal` | diff --git a/charts/core/templates/NOTES.txt b/charts/core/templates/NOTES.txt index 2360cee8..f2492a0f 100644 --- a/charts/core/templates/NOTES.txt +++ b/charts/core/templates/NOTES.txt @@ -21,3 +21,14 @@ Get the NeuVector URL by running these commands: echo https://$SERVICE_IP:8443 {{- end }} {{- end }} + + +{{- if or (.Values.global.aws.enabled) (.Values.bootstrapPassword) }} + +NOTE: Use below command to get the password to login to NeuVector WebUi using admin account if it is a fresh install and not a restore from PVC, no admin password is set in the configmap or secret. The password is randomly generated during the deployment if AWS cloud billing is enabled. + +To get the bootstrap password: + +kubectl get secret --namespace {{ .Release.Namespace }} neuvector-bootstrap-secret -o go-template='{{ "{{" }}.data.bootstrapPassword|base64decode{{ "}}" }}{{ "{{" }} "\n" {{ "}}" }}' + +{{- end }} diff --git a/charts/core/templates/admission-webhook-service.yaml b/charts/core/templates/admission-webhook-service.yaml index 0d92eec7..6a1bfa63 100644 --- a/charts/core/templates/admission-webhook-service.yaml +++ b/charts/core/templates/admission-webhook-service.yaml @@ -6,7 +6,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: ports: - port: 443 diff --git a/charts/core/templates/bootstrap-secret.yaml b/charts/core/templates/bootstrap-secret.yaml new file mode 100644 index 00000000..b631d506 --- /dev/null +++ b/charts/core/templates/bootstrap-secret.yaml @@ -0,0 +1,19 @@ +{{/* Use the bootstrap password from values.yaml or random value*/}} +{{- $bootstrapPassword := .Values.bootstrapPassword -}} +{{- if .Values.global.aws.enabled -}} + {{- $bootstrapPassword = randAlphaNum 18 -}} +{{- end -}} +{{/* If a bootstrap password was found in the values or AWS is enabled */}} +{{- if $bootstrapPassword }} +apiVersion: v1 +kind: Secret +metadata: + name: "neuvector-bootstrap-secret" + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} +type: Opaque +data: + bootstrapPassword: {{ $bootstrapPassword | b64enc |quote }} +{{- end }} diff --git a/charts/core/templates/clusterrole.yaml b/charts/core/templates/clusterrole.yaml index 54f33a90..49228b70 100644 --- a/charts/core/templates/clusterrole.yaml +++ b/charts/core/templates/clusterrole.yaml @@ -14,7 +14,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - "" @@ -44,7 +43,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: {{- if .Values.openshift }} - apiGroups: @@ -83,7 +81,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - admissionregistration.k8s.io @@ -108,7 +105,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - config.openshift.io diff --git a/charts/core/templates/clusterrolebinding-least.yaml b/charts/core/templates/clusterrolebinding-least.yaml index bcfca9a2..edb1007f 100644 --- a/charts/core/templates/clusterrolebinding-least.yaml +++ b/charts/core/templates/clusterrolebinding-least.yaml @@ -15,7 +15,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -46,7 +45,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -77,7 +75,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -108,7 +105,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -134,7 +130,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/core/templates/clusterrolebinding.yaml b/charts/core/templates/clusterrolebinding.yaml index 7147a9ff..4ea258c0 100644 --- a/charts/core/templates/clusterrolebinding.yaml +++ b/charts/core/templates/clusterrolebinding.yaml @@ -15,7 +15,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -46,7 +45,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -77,7 +75,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -108,7 +105,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -134,7 +130,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/core/templates/controller-deployment.yaml b/charts/core/templates/controller-deployment.yaml index 8c2a1d5f..88496f2a 100644 --- a/charts/core/templates/controller-deployment.yaml +++ b/charts/core/templates/controller-deployment.yaml @@ -15,7 +15,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm {{- with .Values.controller.annotations }} annotations: {{ toYaml . | indent 4 }} @@ -153,7 +152,7 @@ spec: - name: CSP_ENV value: "azure" {{- end }} - {{- if or .Values.global.aws.enabled .Values.global.azure.enabled }} + {{- if .Values.global.azure.enabled }} - name: NO_DEFAULT_ADMIN value: "1" {{- end }} diff --git a/charts/core/templates/controller-ingress.yaml b/charts/core/templates/controller-ingress.yaml index 1ea0cdce..d8bcb32a 100644 --- a/charts/core/templates/controller-ingress.yaml +++ b/charts/core/templates/controller-ingress.yaml @@ -13,7 +13,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.controller.ingress.ingressClassName }} ingressClassName: {{ .Values.controller.ingress.ingressClassName | quote }} @@ -50,7 +49,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.controller.ingress.tls }} tls: @@ -85,7 +83,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.controller.federation.mastersvc.ingress.ingressClassName }} ingressClassName: {{ .Values.controller.federation.mastersvc.ingress.ingressClassName | quote }} @@ -123,7 +120,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.controller.federation.mastersvc.ingress.tls }} tls: @@ -158,7 +154,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.controller.federation.managedsvc.ingress.ingressClassName }} ingressClassName: {{ .Values.controller.federation.managedsvc.ingress.ingressClassName | quote }} @@ -196,7 +191,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.controller.federation.managedsvc.ingress.tls }} tls: diff --git a/charts/core/templates/controller-route.yaml b/charts/core/templates/controller-route.yaml index 377917af..b80816f1 100644 --- a/charts/core/templates/controller-route.yaml +++ b/charts/core/templates/controller-route.yaml @@ -12,7 +12,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.controller.apisvc.route.host }} host: {{ .Values.controller.apisvc.route.host }} @@ -45,7 +44,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.controller.federation.mastersvc.route.host }} host: {{ .Values.controller.federation.mastersvc.route.host }} @@ -77,7 +75,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.controller.federation.managedsvc.route.host }} host: {{ .Values.controller.federation.managedsvc.route.host }} diff --git a/charts/core/templates/controller-secret.yaml b/charts/core/templates/controller-secret.yaml index e07504dc..b03c16db 100644 --- a/charts/core/templates/controller-secret.yaml +++ b/charts/core/templates/controller-secret.yaml @@ -10,7 +10,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm type: Opaque data: ssl-cert.key: {{ include "neuvector.secrets.lookup" (dict "namespace" .Release.Namespace "secret" "neuvector-controller-secret" "key" "ssl-cert.key" "defaultValue" $cert.Key) }} diff --git a/charts/core/templates/controller-service.yaml b/charts/core/templates/controller-service.yaml index 9fbd0655..4705d491 100644 --- a/charts/core/templates/controller-service.yaml +++ b/charts/core/templates/controller-service.yaml @@ -7,7 +7,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: clusterIP: None ports: @@ -36,7 +35,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: type: {{ .Values.controller.apisvc.type }} ports: @@ -61,7 +59,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: type: {{ .Values.controller.federation.mastersvc.type }} {{- if and .Values.controller.federation.mastersvc.loadBalancerIP (eq .Values.controller.federation.mastersvc.type "LoadBalancer") }} @@ -101,7 +98,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: type: {{ .Values.controller.federation.managedsvc.type }} {{- if and .Values.controller.federation.managedsvc.loadBalancerIP (eq .Values.controller.federation.managedsvc.type "LoadBalancer") }} diff --git a/charts/core/templates/crd-role-least.yaml b/charts/core/templates/crd-role-least.yaml index 64517f12..45222a48 100644 --- a/charts/core/templates/crd-role-least.yaml +++ b/charts/core/templates/crd-role-least.yaml @@ -15,7 +15,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - apiextensions.k8s.io @@ -43,7 +42,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -75,7 +73,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - neuvector.com @@ -103,7 +100,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -135,7 +131,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - neuvector.com @@ -162,7 +157,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - neuvector.com @@ -189,7 +183,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -221,7 +214,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -253,7 +245,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - neuvector.com @@ -280,7 +271,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -312,7 +302,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - neuvector.com @@ -339,7 +328,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -371,7 +359,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - neuvector.com @@ -398,7 +385,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io diff --git a/charts/core/templates/crd-role.yaml b/charts/core/templates/crd-role.yaml index 46d99761..ffa029c4 100644 --- a/charts/core/templates/crd-role.yaml +++ b/charts/core/templates/crd-role.yaml @@ -15,7 +15,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - apiextensions.k8s.io @@ -43,7 +42,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -75,7 +73,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - neuvector.com @@ -103,7 +100,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -135,7 +131,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - neuvector.com @@ -162,7 +157,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - neuvector.com @@ -189,7 +183,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -221,7 +214,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -253,7 +245,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - neuvector.com @@ -280,7 +271,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -312,7 +302,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - neuvector.com @@ -339,7 +328,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -371,7 +359,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - neuvector.com @@ -398,7 +385,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io diff --git a/charts/core/templates/crd.yaml b/charts/core/templates/crd.yaml index 48c5b07f..72cd24a3 100644 --- a/charts/core/templates/crd.yaml +++ b/charts/core/templates/crd.yaml @@ -12,7 +12,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: group: neuvector.com names: @@ -286,7 +285,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: group: neuvector.com names: @@ -560,7 +558,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: group: neuvector.com names: @@ -646,7 +643,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: group: neuvector.com names: @@ -773,7 +769,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: group: neuvector.com names: @@ -859,7 +854,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: group: neuvector.com names: @@ -916,7 +910,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: group: neuvector.com names: @@ -978,7 +971,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: ports: - port: 443 diff --git a/charts/core/templates/csp-clusterrole.yaml b/charts/core/templates/csp-clusterrole.yaml index 5e5dea5c..234f50db 100644 --- a/charts/core/templates/csp-clusterrole.yaml +++ b/charts/core/templates/csp-clusterrole.yaml @@ -14,7 +14,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - susecloud.net @@ -41,7 +40,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - susecloud.net diff --git a/charts/core/templates/csp-clusterrolebinding.yaml b/charts/core/templates/csp-clusterrolebinding.yaml index 244e7b43..bb0a331b 100644 --- a/charts/core/templates/csp-clusterrolebinding.yaml +++ b/charts/core/templates/csp-clusterrolebinding.yaml @@ -14,7 +14,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -46,7 +45,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/core/templates/csp-crd.yaml b/charts/core/templates/csp-crd.yaml index a0ddf655..b879776e 100644 --- a/charts/core/templates/csp-crd.yaml +++ b/charts/core/templates/csp-crd.yaml @@ -12,7 +12,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: group: susecloud.net names: diff --git a/charts/core/templates/csp-deployment.yaml b/charts/core/templates/csp-deployment.yaml index 6ea55792..82ef4739 100644 --- a/charts/core/templates/csp-deployment.yaml +++ b/charts/core/templates/csp-deployment.yaml @@ -7,7 +7,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm {{- with .Values.global.aws.annotations }} annotations: {{ toYaml . | indent 4 }} diff --git a/charts/core/templates/csp-role.yaml b/charts/core/templates/csp-role.yaml index 4c7df981..3bba9540 100644 --- a/charts/core/templates/csp-role.yaml +++ b/charts/core/templates/csp-role.yaml @@ -15,7 +15,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - "" diff --git a/charts/core/templates/csp-rolebinding.yaml b/charts/core/templates/csp-rolebinding.yaml index 946b2c52..0327fdc7 100644 --- a/charts/core/templates/csp-rolebinding.yaml +++ b/charts/core/templates/csp-rolebinding.yaml @@ -15,7 +15,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/core/templates/csp-serviceaccount.yaml b/charts/core/templates/csp-serviceaccount.yaml index 0f777c2b..32827502 100644 --- a/charts/core/templates/csp-serviceaccount.yaml +++ b/charts/core/templates/csp-serviceaccount.yaml @@ -14,7 +14,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm annotations: {{- if .Values.global.aws.enabled }} eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.global.aws.accountNumber }}:role/{{ .Values.global.aws.roleName }} diff --git a/charts/core/templates/enforcer-daemonset.yaml b/charts/core/templates/enforcer-daemonset.yaml index 4177c4dd..61195c31 100644 --- a/charts/core/templates/enforcer-daemonset.yaml +++ b/charts/core/templates/enforcer-daemonset.yaml @@ -28,7 +28,6 @@ metadata: namespace: {{ .Release.Namespace }} labels: chart: {{ template "neuvector.chart" . }} - heritage: Helm release: {{ .Release.Name }} spec: updateStrategy: {{- toYaml .Values.enforcer.updateStrategy | nindent 4 }} diff --git a/charts/core/templates/init-configmap.yaml b/charts/core/templates/init-configmap.yaml index 1300794a..5c29ca25 100644 --- a/charts/core/templates/init-configmap.yaml +++ b/charts/core/templates/init-configmap.yaml @@ -7,7 +7,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm data: {{ toYaml .Values.controller.configmap.data | indent 2 }} {{- end }} diff --git a/charts/core/templates/init-secret.yaml b/charts/core/templates/init-secret.yaml index d4bfca59..d9b4676c 100644 --- a/charts/core/templates/init-secret.yaml +++ b/charts/core/templates/init-secret.yaml @@ -7,7 +7,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm data: {{- range $key, $val := .Values.controller.secret.data }} {{ $key }}: | {{ toYaml $val | b64enc | nindent 4 }} diff --git a/charts/core/templates/manager-deployment.yaml b/charts/core/templates/manager-deployment.yaml index fa68e34e..ff96c5ec 100644 --- a/charts/core/templates/manager-deployment.yaml +++ b/charts/core/templates/manager-deployment.yaml @@ -11,7 +11,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: replicas: 1 selector: diff --git a/charts/core/templates/manager-ingress.yaml b/charts/core/templates/manager-ingress.yaml index 52826fc5..9dc4bb53 100644 --- a/charts/core/templates/manager-ingress.yaml +++ b/charts/core/templates/manager-ingress.yaml @@ -12,7 +12,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.manager.ingress.ingressClassName }} ingressClassName: {{ .Values.manager.ingress.ingressClassName | quote }} @@ -49,7 +48,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.manager.ingress.tls }} tls: diff --git a/charts/core/templates/manager-route.yaml b/charts/core/templates/manager-route.yaml index 77262d5b..f79a7332 100644 --- a/charts/core/templates/manager-route.yaml +++ b/charts/core/templates/manager-route.yaml @@ -12,7 +12,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.manager.route.host }} host: {{ .Values.manager.route.host }} diff --git a/charts/core/templates/manager-secret.yaml b/charts/core/templates/manager-secret.yaml index 601dae37..622391ac 100644 --- a/charts/core/templates/manager-secret.yaml +++ b/charts/core/templates/manager-secret.yaml @@ -10,7 +10,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm type: Opaque data: ssl-cert.key: {{ include "neuvector.secrets.lookup" (dict "namespace" .Release.Namespace "secret" "neuvector-manager-secret" "key" "ssl-cert.key" "defaultValue" $cert.Key) }} diff --git a/charts/core/templates/manager-service.yaml b/charts/core/templates/manager-service.yaml index 0778d897..b310f63d 100644 --- a/charts/core/templates/manager-service.yaml +++ b/charts/core/templates/manager-service.yaml @@ -11,7 +11,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: type: {{ .Values.manager.svc.type }} {{- if and .Values.manager.svc.loadBalancerIP (eq .Values.manager.svc.type "LoadBalancer") }} diff --git a/charts/core/templates/psp.yaml b/charts/core/templates/psp.yaml index 97bf757e..2d9d77e8 100644 --- a/charts/core/templates/psp.yaml +++ b/charts/core/templates/psp.yaml @@ -7,7 +7,6 @@ metadata: seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' labels: chart: {{ template "neuvector.chart" . }} - heritage: Helm release: {{ .Release.Name }} spec: privileged: true @@ -44,7 +43,6 @@ metadata: namespace: {{ .Release.Namespace }} labels: chart: {{ template "neuvector.chart" . }} - heritage: Helm release: {{ .Release.Name }} rules: - apiGroups: @@ -64,7 +62,6 @@ metadata: namespace: {{ .Release.Namespace }} labels: chart: {{ template "neuvector.chart" . }} - heritage: Helm release: {{ .Release.Name }} roleRef: apiGroup: rbac.authorization.k8s.io @@ -89,7 +86,6 @@ metadata: name: neuvector-binding-psp-controller labels: chart: {{ template "neuvector.chart" . }} - heritage: Helm release: {{ .Release.Name }} spec: privileged: false @@ -125,7 +121,6 @@ metadata: namespace: {{ .Release.Namespace }} labels: chart: {{ template "neuvector.chart" . }} - heritage: Helm release: {{ .Release.Name }} rules: - apiGroups: @@ -145,7 +140,6 @@ metadata: namespace: {{ .Release.Namespace }} labels: chart: {{ template "neuvector.chart" . }} - heritage: Helm release: {{ .Release.Name }} roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/charts/core/templates/pvc.yaml b/charts/core/templates/pvc.yaml index b7e97e7d..d0c51962 100644 --- a/charts/core/templates/pvc.yaml +++ b/charts/core/templates/pvc.yaml @@ -8,7 +8,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: accessModes: {{ toYaml .Values.controller.pvc.accessModes | indent 4 }} diff --git a/charts/core/templates/registry-adapter-ingress.yaml b/charts/core/templates/registry-adapter-ingress.yaml index aec7161c..ab05054f 100644 --- a/charts/core/templates/registry-adapter-ingress.yaml +++ b/charts/core/templates/registry-adapter-ingress.yaml @@ -14,7 +14,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.cve.adapter.ingress.ingressClassName }} ingressClassName: {{ .Values.cve.adapter.ingress.ingressClassName | quote }} @@ -51,7 +50,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.cve.adapter.ingress.tls }} tls: @@ -87,7 +85,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: {{- if .Values.cve.adapter.route.host }} host: {{ .Values.cve.adapter.route.host }} diff --git a/charts/core/templates/registry-adapter.yaml b/charts/core/templates/registry-adapter.yaml index 7ae073e4..6d74b139 100644 --- a/charts/core/templates/registry-adapter.yaml +++ b/charts/core/templates/registry-adapter.yaml @@ -11,7 +11,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: replicas: 1 selector: @@ -172,7 +171,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: type: {{ .Values.cve.adapter.svc.type }} {{- if and .Values.cve.adapter.svc.loadBalancerIP (eq .Values.cve.adapter.svc.type "LoadBalancer") }} diff --git a/charts/core/templates/role-least.yaml b/charts/core/templates/role-least.yaml index 85202c9b..7520d7c9 100644 --- a/charts/core/templates/role-least.yaml +++ b/charts/core/templates/role-least.yaml @@ -15,7 +15,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - apps diff --git a/charts/core/templates/role.yaml b/charts/core/templates/role.yaml index 01dc47c4..8b2bd825 100644 --- a/charts/core/templates/role.yaml +++ b/charts/core/templates/role.yaml @@ -14,7 +14,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - "" diff --git a/charts/core/templates/rolebinding-least.yaml b/charts/core/templates/rolebinding-least.yaml index 19cdec08..e06d4dde 100644 --- a/charts/core/templates/rolebinding-least.yaml +++ b/charts/core/templates/rolebinding-least.yaml @@ -16,7 +16,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -51,7 +50,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -78,7 +76,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -135,7 +132,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm rules: - apiGroups: - security.openshift.io @@ -156,7 +152,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/core/templates/rolebinding.yaml b/charts/core/templates/rolebinding.yaml index 23c07f4f..dc722ee2 100644 --- a/charts/core/templates/rolebinding.yaml +++ b/charts/core/templates/rolebinding.yaml @@ -16,7 +16,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -48,7 +47,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: {{- if not $oc3 }} apiGroup: rbac.authorization.k8s.io @@ -75,7 +73,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/core/templates/scanner-deployment.yaml b/charts/core/templates/scanner-deployment.yaml index 0e41c334..4ab69cb5 100644 --- a/charts/core/templates/scanner-deployment.yaml +++ b/charts/core/templates/scanner-deployment.yaml @@ -10,7 +10,6 @@ metadata: namespace: {{ .Release.Namespace }} labels: chart: {{ template "neuvector.chart" . }} - heritage: Helm release: {{ .Release.Name }} spec: strategy: diff --git a/charts/core/templates/serviceaccount-least.yaml b/charts/core/templates/serviceaccount-least.yaml index 8b925644..cf47dcd1 100644 --- a/charts/core/templates/serviceaccount-least.yaml +++ b/charts/core/templates/serviceaccount-least.yaml @@ -7,7 +7,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm --- @@ -19,7 +18,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm --- @@ -31,7 +29,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm --- @@ -43,7 +40,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm --- @@ -55,7 +51,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm --- @@ -67,6 +62,5 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm {{- end }} diff --git a/charts/core/templates/serviceaccount.yaml b/charts/core/templates/serviceaccount.yaml index 46a3027c..dc625cde 100644 --- a/charts/core/templates/serviceaccount.yaml +++ b/charts/core/templates/serviceaccount.yaml @@ -8,6 +8,5 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm {{- end }} {{- end }} diff --git a/charts/core/templates/updater-cronjob.yaml b/charts/core/templates/updater-cronjob.yaml index eb179b0c..9232d4c6 100644 --- a/charts/core/templates/updater-cronjob.yaml +++ b/charts/core/templates/updater-cronjob.yaml @@ -13,7 +13,6 @@ metadata: labels: chart: {{ template "neuvector.chart" . }} release: {{ .Release.Name }} - heritage: Helm spec: schedule: {{ .Values.cve.updater.schedule | quote }} jobTemplate: diff --git a/charts/core/values.yaml b/charts/core/values.yaml index 7591f18b..7d16befa 100644 --- a/charts/core/values.yaml +++ b/charts/core/values.yaml @@ -57,6 +57,9 @@ global: # required for rancher authentication (https:///) tag: latest imagePullPolicy: IfNotPresent +# Set a bootstrap password. If leave empty, default admin password used. +bootstrapPassword: "" + autoGenerateCert: true defaultValidityPeriod: 365