From be2ada26874378b91a0d7eb27072d8b652fa26b1 Mon Sep 17 00:00:00 2001
From: mr-bot <project2872_bot1@noreply.repo1.dso.mil>
Date: Wed, 15 Feb 2023 02:35:34 +0000
Subject: [PATCH] Enable metrics with Neuvector

---
 chart/templates/neuvector/values.yaml | 35 ++++++++++++++++++++++++++-
 chart/values.yaml                     |  2 +-
 docs/packages.md                      |  2 +-
 3 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/chart/templates/neuvector/values.yaml b/chart/templates/neuvector/values.yaml
index 25fd143dd0..e4c656ecf2 100644
--- a/chart/templates/neuvector/values.yaml
+++ b/chart/templates/neuvector/values.yaml
@@ -1,4 +1,7 @@
 {{- define "bigbang.defaults.neuvector" -}}
+# Includes suffix of "A1a" to ensure password always meets default minimum password requirements
+{{- $neuvectorMetricsPass := join "" (list (randAlphaNum 12) (randAlpha 2 | upper) (randAlpha 2 | lower) (randNumeric 2))}}
+
 # hostname is deprecated and replaced with domain. But if hostname exists then use it.
 domain: {{ default .Values.domain .Values.hostname }}
 istio:
@@ -6,8 +9,38 @@ istio:
   neuvector:
     gateways:
     - istio-system/{{ default "public" .Values.neuvector.ingress.gateway }}
+{{- if .Values.monitoring.enabled }}
 monitoring:
-  enabled: {{ .Values.monitoring.enabled }}
+  enabled: true
+
+controller:
+  podAnnotations:
+    checksum/metrics-pass: {{ sha256sum $neuvectorMetricsPass }}
+  secret:
+    enabled: true
+    data: 
+      # This configuration is read in at deploy time and users are created.
+      userinitcfg.yaml:
+        always_reload: true
+        users:
+        - username: metrics
+          password: {{ $neuvectorMetricsPass }}
+          role: reader
+          fullname: metrics
+    
+monitor:
+  install: true
+  exporter:
+    enabled: true
+    serviceMonitor:
+      enabled: true
+    svc:
+      enabled: true
+      type: ClusterIP
+    CTRL_USERNAME: metrics
+    CTRL_PASSWORD: {{ $neuvectorMetricsPass }}
+{{- end }}
+
 manager:
   env:
     ssl: false
diff --git a/chart/values.yaml b/chart/values.yaml
index 2742695d10..33c3dd35f2 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -590,7 +590,7 @@ neuvector:
   git:
     repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector.git
     path: "./chart"
-    tag: "2.4.0-bb.2"
+    tag: "2.4.0-bb.4"
 
   # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
   ingress:
diff --git a/docs/packages.md b/docs/packages.md
index 4706ade786..f29f8371d3 100644
--- a/docs/packages.md
+++ b/docs/packages.md
@@ -22,7 +22,7 @@
 | [Jaeger](https://repo1.dso.mil/big-bang/apps/core/jaeger) |  ![Jaeger Build](https://repo1.dso.mil/big-bang/apps/core/jaeger/badges/main/pipeline.svg) | Yes | Yes | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/602) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/1295) |
 | [Kiali](https://repo1.dso.mil/big-bang/apps/core/kiali) |  ![Kiali Build](https://repo1.dso.mil/big-bang/apps/core/kiali/badges/main/pipeline.svg) | No | Yes | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/589) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/1296) |
 | [Monitoring](https://repo1.dso.mil/big-bang/apps/core/monitoring) |  ![Monitoring Build](https://repo1.dso.mil/big-bang/apps/core/monitoring/badges/main/pipeline.svg) | Yes | Yes | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/509) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/1900) |
-| [NeuVector](https://repo1.dso.mil/big-bang/apps/sandbox/neuvector)           ![](https://img.shields.io/badge/BETA-purple?style=flat-square) |  ![NeuVector Build](https://repo1.dso.mil/big-bang/apps/sandbox/neuvector/badges/main/pipeline.svg) | [No](https://repo1.dso.mil/big-bang/apps/sandbox/neuvector/-/merge_requests/10) | No | Yes | [Yes (STRICT)](https://repo1.dso.mil/big-bang/apps/sandbox/neuvector/-/blob/main/chart/templates/bigbang/peerauthentication/peerauthentication/peer-authentication.yaml) |
+| [NeuVector](https://repo1.dso.mil/big-bang/apps/sandbox/neuvector)           ![](https://img.shields.io/badge/BETA-purple?style=flat-square) |  ![NeuVector Build](https://repo1.dso.mil/big-bang/apps/sandbox/neuvector/badges/main/pipeline.svg) | Yes | No | Yes | [Yes (STRICT)](https://repo1.dso.mil/big-bang/apps/sandbox/neuvector/-/blob/main/chart/templates/bigbang/peerauthentication/peerauthentication/peer-authentication.yaml) |
 | [Twistlock](https://repo1.dso.mil/big-bang/apps/security-tools/twistlock) |  ![Twistlock Build](https://repo1.dso.mil/big-bang/apps/security-tools/twistlock/badges/main/pipeline.svg) | Yes | Yes | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/498) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/1396) |
 | [ECK Operator](https://repo1.dso.mil/big-bang/apps/core/eck-operator) |  ![ECK Operator Build](https://repo1.dso.mil/big-bang/apps/core/eck-operator/badges/main/pipeline.svg) | No | Yes | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/510) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/1236) |
 | [Elasticsearch Kibana](https://repo1.dso.mil/big-bang/apps/core/elasticsearch-kibana) |  ![EK Operator Build](https://repo1.dso.mil/big-bang/apps/core/elasticsearch-kibana/badges/main/pipeline.svg) | Yes | Yes | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/527) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/1537) |
-- 
GitLab