From 16d0efc7c23d099c117f3e2d9a29e574d9f5190f Mon Sep 17 00:00:00 2001
From: atung <atung@neuvector.com>
Date: Wed, 22 Feb 2017 14:26:20 -0800
Subject: [PATCH 1/7] neuvector catalog for rancher

---
 templates/neuvector/0/README.md               |  19 ++++++++
 templates/neuvector/0/docker-compose.yml      |  41 ++++++++++++++++++
 templates/neuvector/0/rancher-compose.yml     |  18 ++++++++
 templates/neuvector/catalogIcon-neuvector.png | Bin 0 -> 7304 bytes
 templates/neuvector/config.yml                |   6 +++
 5 files changed, 84 insertions(+)
 create mode 100644 templates/neuvector/0/README.md
 create mode 100644 templates/neuvector/0/docker-compose.yml
 create mode 100644 templates/neuvector/0/rancher-compose.yml
 create mode 100644 templates/neuvector/catalogIcon-neuvector.png
 create mode 100644 templates/neuvector/config.yml

diff --git a/templates/neuvector/0/README.md b/templates/neuvector/0/README.md
new file mode 100644
index 0000000..3969ac6
--- /dev/null
+++ b/templates/neuvector/0/README.md
@@ -0,0 +1,19 @@
+# NeuVector
+
+### Info:
+
+NeuVector provides continuous network security for application containers. 
+
+Deploy the NeuVector containers to protect running containers from violations, threats, and vulnerabilities. NeuVector also detects host and container privilege escalations / break outs.
+
+NeuVector can be deployed on greenfield or brownfield (already running) application environments.
+
+ 
+### Usage:
+
+Contact <a style="color:red;font-weight:bold" href="mailto:info@neuvector.com?Subject=Rancher%20Catalog" target="_top">info@neuvector.com</a> with your Docker Hub Id so we can add you to our private registry.
+After we confirm that you have been added, you can select the NeuVector catalog to deploy the Allinone and Enforcer containers.
+
+In Configuration Options, enter the Allinone/Controller IP address or name where the Controller will run.
+
+The Manager default port is 8443 for logging in to the console.
diff --git a/templates/neuvector/0/docker-compose.yml b/templates/neuvector/0/docker-compose.yml
new file mode 100644
index 0000000..7fa0b86
--- /dev/null
+++ b/templates/neuvector/0/docker-compose.yml
@@ -0,0 +1,41 @@
+allinone:
+    image: neuvector/allinone
+    container_name: neuvector.allinone
+    restart: always
+    privileged: true
+    environment:
+        - affinity:com.myself.name!=neuvector
+        - CLUSTER_JOIN_ADDR=${ALLINONE_ADDRESS}
+    ports:
+        - 18300:18300
+        - 18301:18301
+        - 18301:18301/udp
+        - 8443:8443
+    volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+        - /proc:/host/proc:ro
+        - /sys/fs/cgroup:/host/cgroup:ro
+    labels:
+        com.myself.name: "neuvector"
+        io.rancher.scheduler.affinity:host_label: ${NV_ALLINONE_LABEL}
+        io.rancher.container.hostname_override: container_name
+enforcer:
+    image: neuvector/enforcer
+    container_name: neuvector.enforcer
+    restart: always
+    privileged: true
+    environment:
+        - affinity:com.myself.name!=neuvector
+        - CLUSTER_JOIN_ADDR=${ALLINONE_ADDRESS}
+    ports:
+        - 18301:18301
+        - 18301:18301/udp
+    volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+        - /proc:/host/proc:ro     
+        - /sys/fs/cgroup/:/host/cgroup/:ro
+    labels:
+        com.myself.name: "neuvector"
+        io.rancher.scheduler.global: true
+        io.rancher.scheduler.affinity:host_label_ne: ${NV_ALLINONE_LABEL}
+        io.rancher.container.hostname_override: container_name
diff --git a/templates/neuvector/0/rancher-compose.yml b/templates/neuvector/0/rancher-compose.yml
new file mode 100644
index 0000000..de7ef3a
--- /dev/null
+++ b/templates/neuvector/0/rancher-compose.yml
@@ -0,0 +1,18 @@
+.catalog:
+  name: "NeuVector"
+  version: "v0.9"
+  description: "Container Security Solution"
+  questions:
+    - variable: "NV_ALLINONE_LABEL"
+      label: "Allinone Host label"
+      description: "Specify a host label here that can be used to deploy the NeuVector AllInOne container, the NeuVector enforcer container will be deployed on any other hosts. Eg: neuvector.allinone_node=true (you could then add the label 'neuvector.allinone_node=true' to one host to use as management node)."
+      type: "string"
+      default: "neuvector.allinone_node=true" 
+      required: true
+    - variable: "ALLINONE_ADDRESS"
+      description: Input the allinone service IP address here.
+      label: "NeuVector Allinone/Controller IP address"
+      default: "[allinone.neuvector.rancher.internal]"
+      required: true
+      type: "string"
+      
\ No newline at end of file
diff --git a/templates/neuvector/catalogIcon-neuvector.png b/templates/neuvector/catalogIcon-neuvector.png
new file mode 100644
index 0000000000000000000000000000000000000000..50e426dc36706f633f207f2ccfd750f56a64e757
GIT binary patch
literal 7304
zcmV;39Czc1P)<h;3K|Lk000e1NJLTq0077U001xu1^@s6RGBsE00009a7bBm000XU
z000XU0RWnu7ytkYPiaF#P*7-ZbZ>KLZ*U+<Lqi~Na&Km7Y-Iodc-oy)XH-+^7Crag
z^g>IBfRsybQWXdwQbLP>6p<z>Aqfylh#{fb6;Z(vMMVS~$e@S=j*ftg6;Uh<iVD~V
z<RPMtgQJLw%KPDaqifc@_vX$1wbwr9tn;0-&j-K=43<bUQ8j=JsX`tR;Dg7+#^K~H
zK!FM*Z~zbpvt%K2{UZSY_<lS*D<Z%Lz5oGu(+dayz)hRLFdT>f59&ghTmgWD0l;*T
zI7<kC6aYYajzXpYKt=(8otP$50H6c_V9R4-;{Z@C0AMG7=F<Rxo%or10RUT+Ar%3j
zkpLhQWr#!oXgdI`&sK^>09Y^p6lP1rIRMx#05C~cW=H_Aw*bJ-5DT&Z2n+x)QHX^p
z00esgV8|mQcmRZ%02D^@S3L16t`O%c004NIvOKvYIYoh62rY33S640`D9%Y2D-<?i
z0%4j!F2Z@488U%158(66005wo6%pWr^Zj_v4zAA5HjcIqUoGmt2LB>rV&neh&#Q1i
z007~1e$oCcFS8neI|hJl{-P!B1ZZ9hpmq0)X0i`JwE&>$+E?>%_<lS*MWK+n+1cgf
z<k(8YLR(?VSAG6x!e78w{cQPuJpA|d;J)G{fihizM+Erb!p!tcr5w+a34~(Y=8s4G
zw+sLL9n&JjNn*KJDiq^U5^;`1nvC-@r6P$!k}1U{(*I=Q-z@tBKHoI}uxdU5dyy@u
zU1J0GOD7Ombim^G008p4Z^6_k2m^p<gW=D2|L;HjN1!DDfM!XOaR2~bL?kX$%CkSm
z2mk;?pn)o|K^yeJ7%adB9Ki+L!3+FgHiSYX#KJ-lLJDMn9CBbOtb#%)hRv`YDqt_v
zKpix|QD}yfa1JiQRk#j4a1Z)n2%f<xynzV>LC6RbVIkUx0b+_+BaR3cnT7Zv!AJxW
zizFb)h!jyGOOZ85F;a?DAXP{m@;!0_Ifq<Ex{*7`05XF7hP+2Hl!3BQJ=6@fL%FCo
z8iYoo3(#bAF`ADSpqtQgv>H8(HlgRxt7s3}k3K`kFu>>-2Q$QMFfPW!La{h336o>X
zu_CMttHv6zR;&ZNiS=X8v3CR#fknUxHUxJ<AYmRsNLWl*PS{AOARHt#5!wki2?K;t
z!Y3k=s7tgax)J%r7-BLphge7~Bi0g+6E6^Zh(p9TBoc{3GAFr^0!gu?RMHaCM$&Fl
zBk3%un>0uoBa_M6WNWeqIg~6QE69c9o#eyhGvpiOA@W-aonk<7r1(?fC{oI5N*U!4
z<uv66WtcKSRim0x-Ke2d5jBrmLam{;Qm;{ms1r1GnmNsb7D-E`t)i9F8fX`2_i3-_
zbh;7Ul^#x)&{xvS=|||7=mYe33=M`AgU5(xC>fg=2N-7=cNnjjOr{yriy6mMFgG#l
znCF=fnQv8CDz++o6_Lscl}eQ+l^ZHARH>?_s@|##Rr6KLRFA1%Q+=*RRWnoLsR`7U
zt5vF<Q0r40Q)j6=sE4X&sBct1q<&fbi3VB2Ov6t@q*0);U*o*SAPZv|vv@2aYYnT0
zb%8a+Cb7-ge0D0knEf5Qi#@8Tp*ce{N;6lpQuCB%KL_KOarm5cP6_8Ir<e17iry6O
zDdH&`rZh~sF=bq9s+O0QSgS~@QL9Jmy*94xr=6y~MY~!1fet~(N+(<=M`w@D1)b+p
z*;C!83a1uLJv#NSE~;y#8=<>IcfW3@?wFpwUVxrVZ>QdQz32KIeJ}k~{cZZE^+ya?
z2D1z#2HOnI7(B%_ac?{wFUQ;QQA1tBKtrWrm0_3Rgps+?Jfqb{jYbcQX~taRB;#$y
zZN{S}1|}gUOHJxc?wV3fxuz+mJ4`!F$IZ;mqRrNsHJd##*D~ju=bP7?-?v~|cv>vB
zsJ6IeNwVZxrdjT`yl#bBIa#GxRa#xMMy;K#CDyyGyQdMSxlWT#tDe?p!?5wT$+oGt
z8L;Kp2HUQ-ZMJ=3XJQv;x5ci*?vuTfeY$;({XGW_huIFR9a<fJbF^|4I#xQ~n$Dc=
zKYhjYmgz5NSkDm8*fZm{6U!;YX`NG>(?@3)XSs8O^N5RyOM=TTmp(3=8^+zpz2r)C
z^>JO{deZfso3oq3?Wo(Y?l$ge?uXo;%ru`Vo>?<<(8I_>;8Eq#KMS9gFl*neeosSB
zfoHYnBQIkwkyowPu(zdms`p{<7e4kra-ZWq<2*OsGTvEV%s0Td$hXT+!*8Bnh2KMe
zBmZRodjHV?r+_5^X9J0WL4jKW`}lf%A-|44I@@LTvf1rHjG(ze6+w@Jt%Bvjts!X0
z?2xS?_ve_-k<Mujg;0Lz*3buG=3$G&ehepthlN*$KaOySSQ^nWmo<0M+(UEUMEXRQ
zMBbZcF;6+KElM>iKB_KiJlZ$9G`c^=E@oNG)mWWaNo-3TIW8)$Hg0Ub-~8?KhvJ>$
z3*&nim@mj(aCxE5!t{lw7O5^0EIO7zOo&c6l<+|iDySBWCGrz@C5{St!X3hAA}`T4
z(TLbXTq+(;@<=L8dXnssyft|w#WSTW<++3>sgS%(4NTpeI-VAqb|7ssJvzNHgOZVu
zaYCvgO_R1~>SyL=cFU|~g|hy|Zi}}s9+d~lYqOB71z9Z$wnC=pR9Yz4DhIM>Wmjgu
z&56o6maCpC&F##y%G;1PobR9i?GnNg;gYtchD%p19a!eQtZF&3JaKv33gZ<8D~47E
ztUS1iwkmDaPpj=$m#%)jCVEY4fnLGNg2A-`YwHVD3gv};>)hAvT~AmqS>Lr``i7kw
zJ{5_It`yrBmlc25DBO7E8;5VoznR>Ww5hAaxn$2~(q`%A-YuS64wkBy=9dm`4cXeX
z4c}I@?e+FW+b@^RDBHV(wnMq2zdX3SWv9u`%{xC-q*U}&`cyXV(%rRT*Z6MH?i+i&
z_B8C(+grT%{XWUQ+f@NoP1R=AW&26{v-dx)iK^-Nmiuj8txj!m?Z*Ss1N{dh4z}01
z)YTo*JycSU)+_5r4#yw9{+;i4Ee$peRgIj+;v;ZGdF1K$3E%e~4LaI(jC-u%2h$&R
z9cLXcYC@Xwnns&bn)_Q~Te?roKGD|d-g^8;+aC{{G(1^(O7m37Y1-+6)01cN&y1aw
zoqc{T`P^XJqPBbIW6s}d4{z_f5Om?vMgNQEJG?v2T=KYd^0M3I6IZxbny)%vZR&LD
zJpPl@Psh8QyPB@KTx+@RdcC!KX7}kEo;S|j^u2lU7XQ}Oo;f|;z4Ll+_r>@1-xl3|
zawq-H%e&ckC+@AhPrP6BK<z=<L*0kfKU@CX*zeqbYQT4(^U>T#_XdT7&;F71j}Joy
zkC~6lh7E@6o;W@^IpRNZ{ptLtL(gQ-CY~4mqW;US7Zxvm_|@yz&e53Bp_lTPlfP|z
zrTyx_>lv@x#=^!PzR7qqF<$gm`|ZJZ+;<)Cqu&ot<a{81DF0~rvGr5Xr~8u`lav1h
z1DNytV>2z=0000WV@Og>004R=004l4008;_004mL004C`008P>0026e000+nl3&F}
z000rQNkl<Zc-ripdypJQeaAoDJu~|{-Dzc8vSdNbIT$2_NcoHdl&KheCg4P|P&fr}
z2#<tQDil>A4^EH-1C<b8LBSsoQo1-KA$ABlE2fG#K<O}$IF27WKQXav>txGkJx{l%
zd+qJ+ba(#PS!s5(uY0VmQ1h$$X>Ui})6Z}JzQ14h%nEBQvBVNfZIN*o#1cykkXT|_
zk~n{V*HuUXQdp#DPa(#FHinKwHJx*m`gH_<0bIJsTl&B~*7C{U{MAQt@i4~HHh{d0
zWpCA%eONrK#ZucB61A=f0niPkft%xDjOFJ7Ad|Cs)@EN(`Fee!c-j-lVA8k9_Uzez
z0IrXRFqW4RAe}&F1@CWxX<)u`;g#$ADu2HDr_X)`5Oi<6iLF<D6m2xdXtXwHtudzj
zsg1^HgEf-*g=75e`M*Z%0z$Nl6vh%uH9$53pD~sjfmJIEkV)W9;IDu)2Y&WtuGumG
zu+G<Iwp8@<53cTf^_>8v5@k?mAMI;=t<k;?fFd>-oA|Ic5^X?8;uv)-Z3oB(10%+W
z*U*mj*wO|3sSxTK;Ks5w5dhjZ;5uo>#zzhSUu<@(VsY+mrBeRGz5#6ng4lq>(q@1d
zD+eU%H2~K7Sp3KYw^XtIMO?Gi;-~~tcvx$G#p3M(z9OU(q;&xggz$#;UByDloR2RH
z@4x=X%*@RIWVAL|t3bHKdz`Vn1Qx`5msCltEkbD{uDufQ5kerPtWqHbN=lS;Q7VCw
z>bx{kN|Y*pI?ChullwU{cL*gskh(WtnET2z<M*(od%G4Qjg)Chdd4sMC8%Q&zWtMT
z@s6$E0zhjYA(ANJ;p;*?g0Zw2AR>`cDpTh4=9Q$l{w_=5Umc}z90#Qw97o|g3dc#}
zx=FO1oS!c}m-NllYq9nstQ6%vM+sIUZ28j)7e{rxSIX2nC6iFfZ-BXL0DCHTFzdQq
zNadjmGnWBxu7MB(oCL<c|LFU9=NtCoYYifSQj(G}@d(D!Zh&}3sSH+Fd^Cu{V_5dq
z%W&_Z_mJ||yjdypXRedF1|d4a6zd$#vS7h;G6~Pk0+30q|D{A?%>%iaac1XFk?__4
zkWM?>uy$Lm@{HB<`9khq;8SPjkIWb&kTQW%31A@}!C2Z05FtDq)qz1{kvK|u=lK`F
zgX6mZP?Gm{WG=Zq<z-blT`P`&KuVa;PwV1>>vwgnO$Y>*vITIQRSj~AbS8P}J90B)
zZycZa(e3NHt~Ej=rK8dy&cq`aOWS=Al*%A&5g{awqav079y$I8l}j5g>e~GERp|}N
z7{8?gq;&9go{7m9A3S}+9$dG+tFP!UAcaT5>i`Qye;%zDDm&!W@DPx2R&mkl&Dp8B
zgC9@3zi6dQ<2V_>jYlw+Hd_$s;y4+6Qvgx+JHqm0?$hBFetXxdS7xPf5VDcwum}WF
zI-Hq(k<(MhKR<u!l1DcF!m6+R^49G$+PBk3P9Dh47f!hrgCvuG%`0}yl>8#b7>v;v
zWASy#$rmQq%#@xYo#>?K6*xWnzrsm$;5ZqCNW>!;OS>sn0@uk<(s_iCsE`E#P%0h%
zx;5c;VQgdPSPBUO#!ozc%;JA&>*en|Jh$Qa1LKqT9Vrw`*Io7MZR87ccON-5^%h5Y
zoXkCW$I}np@=+;O$oKHM>8gL&Y*X^FXHLK1D3v0a$TBrIL07s1&+Ww5jq7ps)mLYM
zy+AK82J8ezoAgN!uph_*yMUn!Y|OfY`gI3&+tp&e-XI^q4Zz3+)~;+&zn(?5tK9%`
zaa9IK%>foiRRhG@DvKgrmBCoufKn-p@p<aVe?H<W_dVOLy=CI)#FLMf=45uEQ2ZG%
z1)z;7xlRVxNwH9x+XDPyB#LG4d*+Lmu3fcN3fIMTGFU4pF@dFnBPX8Vcy6rOPT@c>
zF)9;lFK{)GYmz4${C(>M2#|rGEdc$%aEp_DPw4MkgMPS>q%QzRrCmcUEN1Noh?E|#
zn?d<$gveL<AZ4;tb%@ZqZW?WB14K!OlE1*?W8eQ?!cE=$_NzaUo0>iTqcd|SU*)-7
z2$>K+e(dkaFBAaj2<ejaR`dERw!H~!-xP5_Fs6jIKAy7yS9y5ODmpuJJp1DP%+8-i
zDyP{-NKcK`cL3PkWF@Qh_k|+48kV6MKzc)<x=<zC<onAaQV0*v&ETjM$g&R-R*R}q
z*UjL%>1uV-Bokd2;E`v)zwh*!@g1`Zg&gpuiRmNPB@?T0oiqpsgu}Y7Ev)O>a_@Y8
zfudf(Q3;fjz;Ti|ZlF#Q&s#-0xrTINHFJd-9v>Uw@k2i(H+KpvT(l8?v&0p+=l?M+
zj)I}TMS2yM;n=%q*+~xo;-nB_1{I-Lel^Wcx=xCOa4@!f^44Ne(!uu&9C+&P?@pW<
zzge4P0l5C;)ZtI06Kk;6pp=UUqE4&RmjQg?b(d{lclhM}Z<{VnIoR^i6k{#c8mzHc
zi=$0(-NgJ;Oq_Y1h2kvPRQD+%_`ytZ{5y_R`<B@5R;bp643M#qMaZ^bMWP@Yil=^y
z7DUMep4)-zq=0gmH>{J>C&PN%qfg&+=kq6?%*`##knlR_NL`HQq<QG6yZ>i=;+dO)
z0?_%!P4E7CS7yC*R1()o<GE?dXCu%0G}FL`w`{!Wb#Hh@-=-~>?bx(={q{|-UHcoG
zuDp2LrYqLmxasn)cWzsseye|C@&yXT1*Aw&)Wto(2Y`LcXm^Ebt%N^tfO15<q6eDX
zyNB`#XWJy*K#=B84SF<GgTFVj9@&WX$gOajqU8-l^4q`%>Z{WqHt>tWvOiRIwhkp5
z2>NHSb&d9IPo&LzDl9`<Bpu1sq?2n9QlV6}mb4D5b0YWR&SMkLZF%zWe}CxVr$_EO
zeC&zY0|$Tb!ol%}cLFo3J2&x`Ex+}djhAe`Qc8z}n=Y%9IZM;N`IC=@D?10w)Y4LE
zVcORvEH2tAv{lR$PU(rc7neGrhw3=+i<RDBlHXc`uJr`h57nV^{gEI*JwASG2+aM<
z1V}6NYB_BR2LkrjX;*(>x%WpVd^3vJQ=`njP+hz0)OE7K_(uD7f254cwXA&j=^t|U
z14BG_{7FFKI&PI_S8WXIE-#U}vt-3l;GcjUM^BHve(d;9uLH&}z3BA-n>Sy6?Z;h}
zBH?C8cpW4Yon%s3r1Z{eGnt*8L2Iqb&w+4Oja9-}MZV}Tv#{vn?z;ne5+2aSI)gnm
z2DzS<+FN4)n|*J^Va-J*dbR;b!V_?;4nUUMrV4Fs)gKC%)r{_qM50-JL0PSajeDE)
z_do*+g`8cO<FP~ca`*k;pis)=xo(xF6WOp%-`x9|9l+O~J@zyYA9@JjIbcl6)f}C8
zfvw%wefHAqtGslwi%fDgj!NSDK9kcYm|K`Tt9$m>@5_nP6ZkrKSW0WOE<gVf21-Sj
z5CPh~OsciF#)`Zq2vJ`V@dZ|j%GHwLCYGWynX)bT9?NZ0Uj(2z%KI21(5oYpye9;v
z(I8DUvUo#q{e}=F%tpf1l{QuCx~4`OTUi80gLYQxy1P=YW2{8VBxr*b^1Pk&6H`@m
z#vV90LbhZ5$DTiNa1I!F{O}X3&YX4Zdvdd<-~HYDZ(}x}V`hGexrHfa^JgfO=FySk
zDPR5GE_UDaovLd`k5$trtu?+W2MdH)v57St8qk4Y0<^N1&=*;OMksGShF9ntB7Q@E
z(BZi@03;V0{65a#Tx*41twfumtKH5>e~t$CI1swWQo_#tk;y(70ah;52mPUP`kGj(
zFtZp9gW0L9!rA~ecG4%NPgZ^3_g`PfQ7)d7{G{V}^T6jOrb`t4BCe8uJTm%i$5@LH
zqWnyWkVv6|?~Px~aQL~y=Uod^EU|JA5blaNuX|dIYW1`j4H}B@@ZL6sR)<2Xd4*;T
z*YQn8BJ^^l+LVm|vEE{n3xKnC8IiOo;0GJjwLg+?r~#{}yEw|q>Rd7w5LJ61mtD4=
zfBch2F;<;b$H{>3C~CueA^%z6lNF?D!*;1sI8GX+Qf12|JPZnL<ylJ**3a#GHvk8p
zJ{ZucYW01MZ*0xH{?Z=@St`})sbQMyne0YBM7wBKUjuqI+@?0Qnm<fsu3%}q<UJ9~
zmTOQ>u8E)5N_~-M`MjnK5ar+~hf6MAb2ia82SzbQV9xUc1T*>RLEwX(>9y}G`Z`t1
zPiUr3Jn=;N#SFDH;-oLr2Z^pS!^@0n9jXz|w46Kh6b58FWHd6sVXN5Nz^QL%o7%az
zl#KwS*&^7=0+nkCAbvox97masj?{SxzwnW7F<;1=^CzjG;QQa0FD!h@Siw>NQgO&@
zsn(`l0HKC&u%`{H{ooSl)ne)pjb`=MuqMMRJaL!Orj@X$ty+a>8M);EM3w<!QOYBe
zT9pZ+0q1G9b3>|7@*`na!9uAZr}NVpW95<nqP5>Zbvpqv7U8koP2&7fbG#-Lsi~*C
zmoQlt<G>Epi72%ay;_MjjkOR>3sa=Y&>qH8EM~ZmvJJ{vjJ2sNj&H~T8<j{hdgxvz
zW={ORvF3y4ob2+a=O*!-bf)agM{iT^H`Dy#!qc@bYF+<yu)p$AtXivKZ;SM5v_@2A
zutCIYPbdnMt20<VHSXKD$W=8QmFsOn!&bUYV^kk~sq|$n$9GR13fStxF%rpF@8Ib`
zjeJW3h&J2-+$x02kyD2`bo^inILEQ<xyNcfH-RHvv{~}|cJ?k7AY}_;S2~JSE2?#<
zMLH9n43(YSFjeafCRtwy0NtU9I96jYE0ef8xM$xY>mLS4wg$awcblRSuDwD2p-}qh
z4*hTws?$>=O(klV4fS0%6xz+!=)W<RarR6a!&kN8-%G}VaB!V;wYq6MH-qP900%#q
ztiHAsechUmQU1Km8166zqFO6@Ri*8tSm93G-D29EHCEioh%+0VprZ{YMmOiq0UZkR
zjxEw>7;Zo#hF*d;4Mx6KHuS>hqk5Z6+FA=oI7rY(^*%?qu9Y;CoWCcttOu_gVBT7G
z7|ZWj*a39aN+`<jEx8<6i?wCSCDqt;ek$iFuhFX;P6@bON$#lipYM6qC(v3`G^NHA
z%Ys<E;mR!{x-uB7T76COR5rc#w%}|I*BGD*7;kL=*2?{R77-a5s&UVu7V|E*O@#9I
zwoum28uf~vQm#k2hN<39X*BjbYtXCQVx08Kws{Ho+dv!89li#9%-22_cV5izzWw8$
z`pbX&qrFQ(=FP9&jUT*!7eE<V6C_m|g^LHsU?}w2iiOw}@d0+$NjDNWvjcVfmq8lu
z&JPBYp+Ay$cW6=%29u!G5ba=yA~l-Gw5d(G03>}ON)`p{XcLQeLr{Ky<i3NEe3hdx
z{egBz065&hkIID>sHXHw{Mw&ig|X!yxoI^2ise%x0YFNu?OM;5f9JNH!0@i2?G5t^
zK$Ra;=Ob^p1?~Gm7}r0y*Acv^x}>W>vN^Bk9=qq{T~5*FDgRUgp9gNKB>2(b%l=em
zEI-H6((i-J7e#ok;~QDtB%GfS0AKp;e@4$&_AUJ2jqE<Yf6k96RYJDDZdjH;;A=l*
zK}<lg;+Iv&asdKlCNFAHEwly`Jew|kwW5_0R!|BKHkK_6XiE%_SS~DpOwHBY@CbYY
zi`IHRtumA-t$4+xg_7}SjWuW+_#mM=#1hNP3XqA}n)9$!rdZ`2bXR)YfDP@coI<Ui
zIz1%|MIWQi)+c@;Z!9k_Ku%28U8Em?@~eQ(<mb5KzJKXgLIppaR({!nu@-Ag@ZDmJ
z34NBYo8YAk)oIPS>p@=M_c?azD8-B)J}UoUJZ!PNYydf$Ysg^!0~kZd?wN&o_C9o1
zd3Qu`z5~5N*HouMS_x%$XB4<M9=2F67$-gImT1EVEPMyVC7w#Pr&ghuvGEDs0nhV7
z@F68)iWSR+3lM<&tmRq@p9bCvtZrldD#r&#gy0JT#^WK2<)sv1;~)BqC6>A(<1UCL
imKY$h#Ihv$zX1RbPt+jFQJYi%0000<MNUMnLSTZMjsTGW

literal 0
HcmV?d00001

diff --git a/templates/neuvector/config.yml b/templates/neuvector/config.yml
new file mode 100644
index 0000000..7e07e06
--- /dev/null
+++ b/templates/neuvector/config.yml
@@ -0,0 +1,6 @@
+name: NeuVector
+description: |
+  Container Application Security
+version: v0.9
+category: Security
+maintainer: support <support@neuvector.com>
\ No newline at end of file

From a8c1df5e5593abba674a2d7f746e115319e6e6d1 Mon Sep 17 00:00:00 2001
From: atung <atung@neuvector.com>
Date: Wed, 22 Feb 2017 15:02:59 -0800
Subject: [PATCH 2/7] add newline

---
 templates/neuvector/0/rancher-compose.yml | 1 -
 templates/neuvector/config.yml            | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/templates/neuvector/0/rancher-compose.yml b/templates/neuvector/0/rancher-compose.yml
index de7ef3a..7de3570 100644
--- a/templates/neuvector/0/rancher-compose.yml
+++ b/templates/neuvector/0/rancher-compose.yml
@@ -15,4 +15,3 @@
       default: "[allinone.neuvector.rancher.internal]"
       required: true
       type: "string"
-      
\ No newline at end of file
diff --git a/templates/neuvector/config.yml b/templates/neuvector/config.yml
index 7e07e06..bdc91dc 100644
--- a/templates/neuvector/config.yml
+++ b/templates/neuvector/config.yml
@@ -3,4 +3,4 @@ description: |
   Container Application Security
 version: v0.9
 category: Security
-maintainer: support <support@neuvector.com>
\ No newline at end of file
+maintainer: support <support@neuvector.com>

From bd063c7f9a923eb200d8e3712f2b7c179c6b917c Mon Sep 17 00:00:00 2001
From: atung <atung@neuvector.com>
Date: Wed, 22 Feb 2017 15:24:53 -0800
Subject: [PATCH 3/7] add double quote for maintainer info

---
 templates/neuvector/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/neuvector/config.yml b/templates/neuvector/config.yml
index bdc91dc..4c3182e 100644
--- a/templates/neuvector/config.yml
+++ b/templates/neuvector/config.yml
@@ -3,4 +3,4 @@ description: |
   Container Application Security
 version: v0.9
 category: Security
-maintainer: support <support@neuvector.com>
+maintainer: "support <support@neuvector.com>"

From 28109313051ff508e005a25af7f27ba363375dbc Mon Sep 17 00:00:00 2001
From: atung <atung@neuvector.com>
Date: Wed, 22 Feb 2017 15:35:39 -0800
Subject: [PATCH 4/7] compliant with rancher's format

---
 templates/neuvector/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/neuvector/config.yml b/templates/neuvector/config.yml
index 4c3182e..244920b 100644
--- a/templates/neuvector/config.yml
+++ b/templates/neuvector/config.yml
@@ -3,4 +3,4 @@ description: |
   Container Application Security
 version: v0.9
 category: Security
-maintainer: "support <support@neuvector.com>"
+maintainer: neuvector support <support@neuvector.com>

From ad5f0dd462d43f0482b8829ebe5bafd722470a87 Mon Sep 17 00:00:00 2001
From: atung <atung@neuvector.com>
Date: Fri, 24 Feb 2017 11:17:50 -0800
Subject: [PATCH 5/7] feedback from rawmind0 use allinone stack name for join
 address add version in image tag

---
 templates/neuvector/0/docker-compose.yml | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/templates/neuvector/0/docker-compose.yml b/templates/neuvector/0/docker-compose.yml
index 7fa0b86..a84cf29 100644
--- a/templates/neuvector/0/docker-compose.yml
+++ b/templates/neuvector/0/docker-compose.yml
@@ -1,15 +1,12 @@
 allinone:
-    image: neuvector/allinone
+    image: neuvector/allinone:0.9
     container_name: neuvector.allinone
     restart: always
     privileged: true
     environment:
         - affinity:com.myself.name!=neuvector
-        - CLUSTER_JOIN_ADDR=${ALLINONE_ADDRESS}
+        - CLUSTER_JOIN_ADDR=allinone
     ports:
-        - 18300:18300
-        - 18301:18301
-        - 18301:18301/udp
         - 8443:8443
     volumes:
         - /var/run/docker.sock:/var/run/docker.sock
@@ -20,16 +17,13 @@ allinone:
         io.rancher.scheduler.affinity:host_label: ${NV_ALLINONE_LABEL}
         io.rancher.container.hostname_override: container_name
 enforcer:
-    image: neuvector/enforcer
+    image: neuvector/enforcer:0.9
     container_name: neuvector.enforcer
     restart: always
     privileged: true
     environment:
         - affinity:com.myself.name!=neuvector
-        - CLUSTER_JOIN_ADDR=${ALLINONE_ADDRESS}
-    ports:
-        - 18301:18301
-        - 18301:18301/udp
+        - CLUSTER_JOIN_ADDR=allinone
     volumes:
         - /var/run/docker.sock:/var/run/docker.sock
         - /proc:/host/proc:ro     

From 00e1da6f14b2b24c1318a7795b19545daccc7216 Mon Sep 17 00:00:00 2001
From: atung <atung@neuvector.com>
Date: Fri, 24 Feb 2017 11:19:21 -0800
Subject: [PATCH 6/7] feedback from rawmind0 remove ALLINONE_ADDRESS variable.
 use allinone stack name instead

---
 templates/neuvector/0/rancher-compose.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/templates/neuvector/0/rancher-compose.yml b/templates/neuvector/0/rancher-compose.yml
index 7de3570..df7deae 100644
--- a/templates/neuvector/0/rancher-compose.yml
+++ b/templates/neuvector/0/rancher-compose.yml
@@ -9,9 +9,3 @@
       type: "string"
       default: "neuvector.allinone_node=true" 
       required: true
-    - variable: "ALLINONE_ADDRESS"
-      description: Input the allinone service IP address here.
-      label: "NeuVector Allinone/Controller IP address"
-      default: "[allinone.neuvector.rancher.internal]"
-      required: true
-      type: "string"

From 2186e8e999011c71b7db346e9ea29b8b5a0feeb7 Mon Sep 17 00:00:00 2001
From: atung <atung@neuvector.com>
Date: Fri, 24 Feb 2017 11:19:40 -0800
Subject: [PATCH 7/7] feedback from rawmind0 add default username and password
 info

---
 templates/neuvector/0/README.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/templates/neuvector/0/README.md b/templates/neuvector/0/README.md
index 3969ac6..cbbba90 100644
--- a/templates/neuvector/0/README.md
+++ b/templates/neuvector/0/README.md
@@ -14,6 +14,5 @@ NeuVector can be deployed on greenfield or brownfield (already running) applicat
 Contact <a style="color:red;font-weight:bold" href="mailto:info@neuvector.com?Subject=Rancher%20Catalog" target="_top">info@neuvector.com</a> with your Docker Hub Id so we can add you to our private registry.
 After we confirm that you have been added, you can select the NeuVector catalog to deploy the Allinone and Enforcer containers.
 
-In Configuration Options, enter the Allinone/Controller IP address or name where the Controller will run.
-
-The Manager default port is 8443 for logging in to the console.
+The Manager default port is 8443 using HTTPS for logging in to the console.
+The default username is admin and password is admin. After successful login, the admin user should update the account with a more secure password.