From 16d0efc7c23d099c117f3e2d9a29e574d9f5190f Mon Sep 17 00:00:00 2001 From: atung Date: Wed, 22 Feb 2017 14:26:20 -0800 Subject: [PATCH] neuvector catalog for rancher --- templates/neuvector/0/README.md | 19 ++++++++ templates/neuvector/0/docker-compose.yml | 41 ++++++++++++++++++ templates/neuvector/0/rancher-compose.yml | 18 ++++++++ templates/neuvector/catalogIcon-neuvector.png | Bin 0 -> 7304 bytes templates/neuvector/config.yml | 6 +++ 5 files changed, 84 insertions(+) create mode 100644 templates/neuvector/0/README.md create mode 100644 templates/neuvector/0/docker-compose.yml create mode 100644 templates/neuvector/0/rancher-compose.yml create mode 100644 templates/neuvector/catalogIcon-neuvector.png create mode 100644 templates/neuvector/config.yml diff --git a/templates/neuvector/0/README.md b/templates/neuvector/0/README.md new file mode 100644 index 0000000..3969ac6 --- /dev/null +++ b/templates/neuvector/0/README.md @@ -0,0 +1,19 @@ +# NeuVector + +### Info: + +NeuVector provides continuous network security for application containers. + +Deploy the NeuVector containers to protect running containers from violations, threats, and vulnerabilities. NeuVector also detects host and container privilege escalations / break outs. + +NeuVector can be deployed on greenfield or brownfield (already running) application environments. + + +### Usage: + +Contact info@neuvector.com with your Docker Hub Id so we can add you to our private registry. +After we confirm that you have been added, you can select the NeuVector catalog to deploy the Allinone and Enforcer containers. + +In Configuration Options, enter the Allinone/Controller IP address or name where the Controller will run. + +The Manager default port is 8443 for logging in to the console. diff --git a/templates/neuvector/0/docker-compose.yml b/templates/neuvector/0/docker-compose.yml new file mode 100644 index 0000000..7fa0b86 --- /dev/null +++ b/templates/neuvector/0/docker-compose.yml @@ -0,0 +1,41 @@ +allinone: + image: neuvector/allinone + container_name: neuvector.allinone + restart: always + privileged: true + environment: + - affinity:com.myself.name!=neuvector + - CLUSTER_JOIN_ADDR=${ALLINONE_ADDRESS} + ports: + - 18300:18300 + - 18301:18301 + - 18301:18301/udp + - 8443:8443 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /proc:/host/proc:ro + - /sys/fs/cgroup:/host/cgroup:ro + labels: + com.myself.name: "neuvector" + io.rancher.scheduler.affinity:host_label: ${NV_ALLINONE_LABEL} + io.rancher.container.hostname_override: container_name +enforcer: + image: neuvector/enforcer + container_name: neuvector.enforcer + restart: always + privileged: true + environment: + - affinity:com.myself.name!=neuvector + - CLUSTER_JOIN_ADDR=${ALLINONE_ADDRESS} + ports: + - 18301:18301 + - 18301:18301/udp + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /proc:/host/proc:ro + - /sys/fs/cgroup/:/host/cgroup/:ro + labels: + com.myself.name: "neuvector" + io.rancher.scheduler.global: true + io.rancher.scheduler.affinity:host_label_ne: ${NV_ALLINONE_LABEL} + io.rancher.container.hostname_override: container_name diff --git a/templates/neuvector/0/rancher-compose.yml b/templates/neuvector/0/rancher-compose.yml new file mode 100644 index 0000000..de7ef3a --- /dev/null +++ b/templates/neuvector/0/rancher-compose.yml @@ -0,0 +1,18 @@ +.catalog: + name: "NeuVector" + version: "v0.9" + description: "Container Security Solution" + questions: + - variable: "NV_ALLINONE_LABEL" + label: "Allinone Host label" + description: "Specify a host label here that can be used to deploy the NeuVector AllInOne container, the NeuVector enforcer container will be deployed on any other hosts. Eg: neuvector.allinone_node=true (you could then add the label 'neuvector.allinone_node=true' to one host to use as management node)." + type: "string" + default: "neuvector.allinone_node=true" + required: true + - variable: "ALLINONE_ADDRESS" + description: Input the allinone service IP address here. + label: "NeuVector Allinone/Controller IP address" + default: "[allinone.neuvector.rancher.internal]" + required: true + type: "string" + \ No newline at end of file diff --git a/templates/neuvector/catalogIcon-neuvector.png b/templates/neuvector/catalogIcon-neuvector.png new file mode 100644 index 0000000000000000000000000000000000000000..50e426dc36706f633f207f2ccfd750f56a64e757 GIT binary patch literal 7304 zcmV;39Czc1P)KLZ*U+IBfRsybQWXdwQbLP>6pAqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uhf59&ghTmgWD0l;*T zI709Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-rV&neh&#Q1i z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_IfqH8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4 zfg=2N-7=cNnjjOr{yriy6mMFgG#l znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U zt5vFIcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya? z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0 z?2xS?_ve_-kiKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$ z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4 z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i& z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01 z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3| zawq-H%e&ckC+@AhPrP6BKT#_XdT7&;F71j}Joy zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F} z000rQNklA4^EH-1CtxGkJx{l% zd+qJ+ba(#PS!s5(uY0VmQ1h$$X>Ui})6Z}JzQ14h%nEBQvBVNfZIN*o#1cykkXT|_ zk~n{V*HuUXQdp#DPa(#FHinKwHJx*m`gH_<0bIJsTl&B~*7C{U{MAQt@i4~HHh{d0 zWpCA%eONrK#ZucB61A=f0niPkft%xDjOFJ7Ad|Cs)@EN(`Fee!c-j-lVA8k9_Uzez z0IrXRFqW4RAe}&F1@CWxX<)u`;g#$ADu2HDr_X)`5Oi<6iLF8v5@k?mAMI;=t-oA|Ic5^X?8;uv)-Z3oB(10%+W z*U*mj*wO|3sSxTK;Ks5w5dhjZ;5uo>#zzhSUu<@(VsY+mrBeRGz5#6ng4lq>(q@1d zD+eU%H2~K7Sp3KYw^XtIMO?Gi;-~~tcvx$G#p3M(z9OU(q;&xggz$#;UByDloR2RH z@4x=X%*@RIWVAL|t3bHKdz`Vn1Qx`5msCltEkbD{uDufQ5kerPtWqHbN=lS;Q7VCw z>bx{kN|Y*pI?ChullwU{cL*gskh(WtnET2z`cDpTh4=9Q$l{w_=5Umc}z90#Qw97o|g3dc#} zx=FO1oS!c}m-NllYq9nstQ6%vM+sIUZ28j)7e{rxSIX2nC6iFfZ-BXL0DCHTFzdQq zNadjmGnWBxu7MB(oCL%iaac1XFk?__4 zkWM?>uy$Lm@{HB<`9khq;8SPjkIWb&kTQW%31A@}!C2Z05FtDq)qz1{kvK|u=lK`F zgX6mZP?Gm{WG=Zq>vwgnO$Y>*vITIQRSj~AbS8P}J90B) zZycZa(e3NHt~Ej=rK8dy&cq`aOWS=Al*%A&5g{awqav079y$I8l}j5g>e~GERp|}N z7{8?gq;&9go{7m9A3S}+9$dG+tFP!UAcaT5>i`Qye;%zDDm&!W@DPx2R&mkl&Dp8B zgC9@3zi6dQ<2V_>jYlw+Hd_$s;y4+6Qvgx+JHqm0?$hBFetXxdS7xPf5VDcwum}WF zI-Hq(k<(MhKR8#b7>v;v zWASy#$rmQq%#@xYo#>?K6*xWnzrsm$;5ZqCNW>!;OS>sn0@uk<(s_iCsE`E#P%0h% zx;5c;VQgdPSPBUO#!ozc%;JA&>*en|Jh$Qa1LKqT9Vrw`*Io7MZR87ccON-5^%h5Y zoXkCW$I}np@=+;O$oKHM>8gL&Y*X^FXHLK1D3v0a$TBrIL07s1&+Ww5jq7ps)mLYM zy+AK82J8ezoAgN!uph_*yMUn!Y|OfY`gI3&+tp&e-XI^q4Zz3+)~;+&zn(?5tK9%` zaa9IK%>foiRRhG@DvKgrmBCoufKn-p@p zF)9;lFK{)GYmz4${C(>M2#|rGEdc$%aEp_DPw4MkgMPS>q%QzRrCmcUEN1Noh?E|# zn?d<$gveLiTqcd|SU*)-7 z2$>K+e(dkaFBAaj21uV-Bokd2;E`v)zwh*!@g1`Zg&gpuiRmNPB@?T0oiqpsgu}Y7Ev)O>a_@Y8 zfudf(Q3;fjz;Ti|ZlF#Q&s#-0xrTINHFJd-9v>Uw@k2i(H+KpvT(l8?v&0p+=l?M+ zj)I}TMS2yM;n=%q*+~xo;-nB_1{I-Lel^Wcx=xCOa4@!f^44Ne(!uu&9C+&P?@pW< zzge4P0l5C;)ZtI06Kk;6pp=UUqE4&RmjQg?b(d{lclhM}Z<{VnIoR^i6k{#c8mzHc zi=$0(-NgJ;Oq_Y1h2kvPRQD+%_`ytZ{5y_R`{J>C&PN%qfg&+=kq6?%*`##knlR_NL`HQqi=;+dO) z0?_%!P4E7CS7yC*R1()o?bx(={q{|-UHcoG zuDp2LrYqLmxasn)cWzsseye|C@&yXT1*Aw&)Wto(2Y`LcXm^Ebt%N^tfO15Z{WqHt>tWvOiRIwhkp5 z2>NHSb&d9IPo&LzDl9`x%WpVd^3vJQ=`njP+hz0)OE7K_(uD7f254cwXA&j=^t|U z14BG_{7FFKI&PI_S8WXIE-#U}vt-3l;GcjUM^BHve(d;9uLH&}z3BA-n>Sy6?Z;h} zBH?C8cpW4Yon%s3r1Z{eGnt*8L2Iqb&w+4Oja9-}MZV}Tv#{vn?z;ne5+2aSI)gnm z2DzS<+FN4)n|*J^Va-J*dbR;b!V_?;4nUUMrV4Fs)gKC%)r{_qM50-JL0PSajeDE) z_do*+g`8cO@5_nP6ZkrKSW0WOEe~t$CI1swWQo_#tk;y(70ah;52mPUP`kGj( zFtZp9gW0L9!rA~ecG4%NPgZ^3_g`PfQ7)d7{G{V}^T6jOrb`t4BCe8uJTm%i$5@LH zqWnyWkVv6|?~Px~aQL~y=Uod^EU|JA5blaNuX|dIYW1`j4H}B@@ZL6sR)<2Xd4*;T z*YQn8BJ^^l+LVm|vEE{n3xKnC8IiOo;0GJjwLg+?r~#{}yEw|q>Rd7w5LJ61mtD4= zfBch2F;<;b$H{>3C~CueA^%z6lNF?D!*;1sI8GX+Qf12|JPZnLu8E)5N_~-M`MjnK5ar+~hf6MAb2ia82SzbQV9xUc1T*>RLEwX(>9y}G`Z`t1 zPiUr3Jn=;N#SFDH;-oLr2Z^pS!^@0n9jXz|w46Kh6b58FWHd6sVXN5Nz^QL%o7%az zl#KwS*&^7=0+nkCAbvox97masj?{SxzwnW7F<;1=^CzjG;QQa0FD!h@Siw>NQgO&@ zsn(`l0HKC&u%`{H{ooSl)ne)pjb`=MuqMMRJaL!Orj@X$ty+a>8M);EM3w|7@*`na!9uAZr}NVpW95Zbvpqv7U8koP2&7fbG#-Lsi~*C zmoQltEpi72%ay;_MjjkOR>3sa=Y&>qH8EM~ZmvJJ{vjJ2sNj&H~T8mLS4wg$awcblRSuDwD2p-}qh z4*hTws?$>=O(klV4fS0%6xz+!=)W7;Zo#hF*d;4Mx6KHuS>hqk5Z6+FA=oI7rY(^*%?qu9Y;CoWCcttOu_gVBT7G z7|ZWj*a39aN+`}ON)`p{XcLQeLr{KysHXHw{Mw&ig|X!yxoI^2ise%x0YFNu?OM;5f9JNH!0@i2?G5t^ zK$Ra;=Ob^p1?~Gm7}r0y*Acv^x}>W>vN^Bk9=qq{T~5*FDgRUgp9gNKB>2(b%l=em zEI-H6((i-J7e#ok;~QDtB%GfS0AKp;e@4$&_AUJ2jqEp@=M_c?azD8-B)J}UoUJZ!PNYydf$Ysg^!0~kZd?wN&o_C9o1 zd3Qu`z5~5N*HouMS_x%$XB4A(<1UCL imKY$h#Ihv$zX1RbPt+jFQJYi%0000 \ No newline at end of file