From 0565fa7ff890323f53f2136f4872aae571a90fdf Mon Sep 17 00:00:00 2001
From: Joe Foster <joefoster@seed-innovations.com>
Date: Wed, 13 Nov 2024 22:02:51 +0000
Subject: [PATCH] Merge branch 'update-neuvector-tag-2.8.2-bb.1' into 'master'

neuvector update to 2.8.2-bb.1

See merge request big-bang/bigbang!5398

(cherry picked from commit a6b4e7e5ef7397275e7da5591d82a2fe8540657c)

dc6ae04e test scanner fixes
cacbb472 don't need an exception for require-non-root-group
7c484fd8 update tag
6ea2bd7b Updated neuvector git tag
d62ce96e added kyverno exceptions for neuvector

Co-authored-by: Michael Martin <michaelmartin@seed-innovations.com>
---
 chart/templates/kyverno-policies/values.yaml | 6 ++++++
 chart/values.yaml                            | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/chart/templates/kyverno-policies/values.yaml b/chart/templates/kyverno-policies/values.yaml
index 4ae26acdcd..e47fadfa64 100644
--- a/chart/templates/kyverno-policies/values.yaml
+++ b/chart/templates/kyverno-policies/values.yaml
@@ -111,6 +111,7 @@ policies:
           names:
           - neuvector-enforcer-pod*
           - neuvector-controller-pod*
+          - neuvector-scanner-pod*
       {{- end }}
   {{- end }}
 
@@ -204,7 +205,9 @@ policies:
           - neuvector
           names:
           - neuvector-enforcer-pod*
+          - neuvector-cert-upgrader-job-*
           - neuvector-controller-pod*
+          - neuvector-scanner-pod*
           - neuvector-prometheus-exporter-pod*
       {{- end }}
       {{- if .Values.addons.holocron.enabled }}
@@ -354,6 +357,7 @@ policies:
           names:
           - neuvector-enforcer-pod-*
           - neuvector-controller-pod-*
+          - neuvector-cert-upgrader-job-*
       {{- end }}
     {{- end }}
 
@@ -577,6 +581,7 @@ policies:
           - neuvector
           names:
           - neuvector-enforcer-pod*
+          - neuvector-cert-upgrader-job-*
           - neuvector-controller-pod*
       {{- end }}
       {{- if $deployNodeAgent }}
@@ -887,6 +892,7 @@ policies:
           allow:
           - neuvector-manager-pod-*
           - neuvector-scanner-pod-*
+          - neuvector-cert-upgrader-job-*
           - neuvector-controller-pod-*
           - neuvector-enforcer-pod-*
           - neuvector-updater-pod-*
diff --git a/chart/values.yaml b/chart/values.yaml
index d652f1b62f..dbd345edaa 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -758,11 +758,11 @@ neuvector:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/neuvector.git
     path: "./chart"
-    tag: "2.7.8-bb.4"
+    tag: "2.8.2-bb.1"
   helmRepo:
     repoName: "registry1"
     chartName: "neuvector"
-    tag: "2.7.8-bb.4"
+    tag: "2.8.2-bb.1"
 
   # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
   ingress:
-- 
GitLab