Merge pull request #437 from andsont/master

neuvector catalog for rancher

templates/neuvector/0/README.md

@@ -0,0 +1,18 @@
+# NeuVector
+
+### Info:
+
+NeuVector provides continuous network security for application containers. 
+
+Deploy the NeuVector containers to protect running containers from violations, threats, and vulnerabilities. NeuVector also detects host and container privilege escalations / break outs.
+
+NeuVector can be deployed on greenfield or brownfield (already running) application environments.
+
+ 
+### Usage:
+
+Contact <a style="color:red;font-weight:bold" href="mailto:info@neuvector.com?Subject=Rancher%20Catalog" target="_top">info@neuvector.com</a> with your Docker Hub Id so we can add you to our private registry.
+After we confirm that you have been added, you can select the NeuVector catalog to deploy the Allinone and Enforcer containers.
+
+The Manager default port is 8443 using HTTPS for logging in to the console.
+The default username is admin and password is admin. After successful login, the admin user should update the account with a more secure password.

templates/neuvector/0/docker-compose.yml

@@ -0,0 +1,35 @@
+allinone:
+    image: neuvector/allinone:0.9
+    container_name: neuvector.allinone
+    restart: always
+    privileged: true
+    environment:
+        - affinity:com.myself.name!=neuvector
+        - CLUSTER_JOIN_ADDR=allinone
+    ports:
+        - 8443:8443
+    volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+        - /proc:/host/proc:ro
+        - /sys/fs/cgroup:/host/cgroup:ro
+    labels:
+        com.myself.name: "neuvector"
+        io.rancher.scheduler.affinity:host_label: ${NV_ALLINONE_LABEL}
+        io.rancher.container.hostname_override: container_name
+enforcer:
+    image: neuvector/enforcer:0.9
+    container_name: neuvector.enforcer
+    restart: always
+    privileged: true
+    environment:
+        - affinity:com.myself.name!=neuvector
+        - CLUSTER_JOIN_ADDR=allinone
+    volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+        - /proc:/host/proc:ro     
+        - /sys/fs/cgroup/:/host/cgroup/:ro
+    labels:
+        com.myself.name: "neuvector"
+        io.rancher.scheduler.global: true
+        io.rancher.scheduler.affinity:host_label_ne: ${NV_ALLINONE_LABEL}
+        io.rancher.container.hostname_override: container_name

templates/neuvector/0/rancher-compose.yml

@@ -0,0 +1,11 @@
+.catalog:
+  name: "NeuVector"
+  version: "v0.9"
+  description: "Container Security Solution"
+  questions:
+    - variable: "NV_ALLINONE_LABEL"
+      label: "Allinone Host label"
+      description: "Specify a host label here that can be used to deploy the NeuVector AllInOne container, the NeuVector enforcer container will be deployed on any other hosts. Eg: neuvector.allinone_node=true (you could then add the label 'neuvector.allinone_node=true' to one host to use as management node)."
+      type: "string"
+      default: "neuvector.allinone_node=true" 
+      required: true

templates/neuvector/config.yml

@@ -0,0 +1,6 @@
+name: NeuVector
+description: |
+  Container Application Security
+version: v0.9
+category: Security
+maintainer: neuvector support <support@neuvector.com>