Skip to content

Commit

Permalink
Set default registry to registry.neuvector.com. Support OEM images.
Browse files Browse the repository at this point in the history
  • Loading branch information
becitsthere committed Jul 12, 2021
1 parent 957e56d commit 5d70f17
Show file tree
Hide file tree
Showing 10 changed files with 63 additions and 4 deletions.
11 changes: 11 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,17 @@ A collection of Helm charts for deploying NeuVector product in Kubernetes and Op

## Installing charts

### Helm Charts

This repository contains three Helm charts
Chart | Description
----- | -----------
core | to deploy NeuVector container security core services.
crd | to deploy CRD services before installing NeuVector container security platform
monitor | to deploy monitoring services, such as Prometheus exporter

**IMPORTANT** - Each chart has a set of configuration values, especially for the 'core' chart. Review the Helm chart configuration values [here](charts/core) and make any required changes to the values.yaml file for your deployment.

### Adding chart repo

```console
Expand Down
4 changes: 2 additions & 2 deletions charts/core/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: core
apiVersion: v1
version: 1.7.7
appVersion: 4.2.2
version: 1.8.0
appVersion: 4.3.0
description: Helm chart for NeuVector's core services
home: https://neuvector.com
icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4
Expand Down
3 changes: 2 additions & 1 deletion charts/core/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,9 @@ The following table lists the configurable parameters of the NeuVector chart and
Parameter | Description | Default | Notes
--------- | ----------- | ------- | -----
`openshift` | If deploying in OpenShift, set this to true | `false` |
`registry` | image registry | `docker.io` | If Azure, set to my-reg.azurecr.io;<br>if OpenShift, set to docker-registry.default.svc:5000
`registry` | image registry | `registry.neuvector.com` | If Azure, set to my-reg.azurecr.io;<br>if OpenShift, set to docker-registry.default.svc:5000
`tag` | image tag for controller enforcer manager | `latest` |
`oem` | OEM release name | `nil` |
`imagePullSecrets` | image pull secret | `nil` |
`psp` | NeuVector Pod Security Policy when psp policy is enabled | `false` |
`serviceAccount` | Service account name for NeuVector components | `default` |
Expand Down
4 changes: 4 additions & 0 deletions charts/core/templates/controller-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,11 @@ spec:
containers:
- name: neuvector-controller-pod
{{ if eq .Values.registry "registry.neuvector.com" }}
{{ if .Values.oem }}
image: "{{ .Values.registry }}/{{ .Values.oem }}/controller:{{ .Values.tag }}"
{{- else }}
image: "{{ .Values.registry }}/controller:{{ .Values.tag }}"
{{- end }}
{{- else }}
image: "{{ .Values.registry }}/{{ .Values.controller.image.repository }}:{{ .Values.tag }}"
{{- end }}
Expand Down
4 changes: 4 additions & 0 deletions charts/core/templates/enforcer-daemonset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,11 @@ spec:
containers:
- name: neuvector-enforcer-pod
{{ if eq .Values.registry "registry.neuvector.com" }}
{{ if .Values.oem }}
image: "{{ .Values.registry }}/{{ .Values.oem }}/enforcer:{{ .Values.tag }}"
{{- else }}
image: "{{ .Values.registry }}/enforcer:{{ .Values.tag }}"
{{- end }}
{{- else }}
image: "{{ .Values.registry }}/{{ .Values.enforcer.image.repository }}:{{ .Values.tag }}"
{{- end }}
Expand Down
4 changes: 4 additions & 0 deletions charts/core/templates/manager-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,11 @@ spec:
containers:
- name: neuvector-manager-pod
{{ if eq .Values.registry "registry.neuvector.com" }}
{{ if .Values.oem }}
image: "{{ .Values.registry }}/{{ .Values.oem }}/manager:{{ .Values.tag }}"
{{- else }}
image: "{{ .Values.registry }}/manager:{{ .Values.tag }}"
{{- end }}
{{- else }}
image: "{{ .Values.registry }}/{{ .Values.manager.image.repository }}:{{ .Values.tag }}"
{{- end }}
Expand Down
4 changes: 4 additions & 0 deletions charts/core/templates/scanner-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,11 @@ spec:
containers:
- name: neuvector-scanner-pod
{{ if eq .Values.registry "registry.neuvector.com" }}
{{ if .Values.oem }}
image: "{{ .Values.registry }}/{{ .Values.oem }}/scanner:{{ .Values.cve.scanner.image.tag }}"
{{- else }}
image: "{{ .Values.registry }}/scanner:{{ .Values.cve.scanner.image.tag }}"
{{- end }}
{{- else }}
image: "{{ .Values.registry }}/{{ .Values.cve.scanner.image.repository }}:{{ .Values.cve.scanner.image.tag }}"
{{- end }}
Expand Down
4 changes: 4 additions & 0 deletions charts/core/templates/updater-cronjob.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,11 @@ spec:
containers:
- name: neuvector-updater-pod
{{ if eq .Values.registry "registry.neuvector.com" }}
{{ if .Values.oem }}
image: "{{ .Values.registry }}/{{ .Values.oem }}/updater:{{ .Values.cve.updater.image.tag }}"
{{- else }}
image: "{{ .Values.registry }}/updater:{{ .Values.cve.updater.image.tag }}"
{{- end }}
{{- else }}
image: "{{ .Values.registry }}/{{ .Values.cve.updater.image.repository }}:{{ .Values.cve.updater.image.tag }}"
{{- end }}
Expand Down
3 changes: 2 additions & 1 deletion charts/core/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,9 @@

openshift: false

registry: docker.io
registry: registry.neuvector.com
tag: latest
oem:
imagePullSecrets:
psp: false
serviceAccount: default
Expand Down
26 changes: 26 additions & 0 deletions test/deployment_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,32 @@ func TestControllerDeploymentRegistry(t *testing.T) {
}
}

func TestControllerDeploymentOEM(t *testing.T) {
helmChartPath := "../charts/core"

options := &helm.Options{
SetValues: map[string]string{
"registry": "registry.neuvector.com",
"oem": "oem",
"tag": "0.9",
},
}

// Test ingress
out := helm.RenderTemplate(t, options, helmChartPath, []string{"templates/controller-deployment.yaml"})
outs := splitYaml(out)

if len(outs) != 1 {
t.Errorf("Resource count is wrong. count=%v\n", len(outs))
}

var dep appsv1.Deployment
helm.UnmarshalK8SYaml(t, outs[0], &dep)
if dep.Spec.Template.Spec.Containers[0].Image != "registry.neuvector.com/oem/controller:0.9" {
t.Errorf("Image location is wrong, %v\n", dep.Spec.Template.Spec.Containers[0].Image)
}
}

func TestControllerDeploymentCert(t *testing.T) {
helmChartPath := "../charts/core"

Expand Down

0 comments on commit 5d70f17

Please sign in to comment.