[SPIKE] Investigate current state of Neuvector chart
We need to evaluate the current state of the chart and steps required to align with BB standards. This includes:
-
Baseline chart with proper naming/versioning ( https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/18 ) -
Preconfigured baseline setup - https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/9 / https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/10 -
Ironbank images ( dsop/neuvector/neuvector/scanner#6 / https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/23 / https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/2 ) -
Hub/spoke support https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/3 -
Proper baseline docs (readme, contributing, changelog, overview, package_maintenance, CODEOWNERS) -
NetworkPolicies -
Integration with Istio: VirtualService, injection, mtls - this looks complete based off the manifests https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/20 -
Integration with monitoring: servicemonitor, dashboards ( https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/21 ) -
SSO integration ( https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/8 ) -
CI/CD Pipeline: pointing to the main package pipeline, Cypress/script tests via Gluon with basic functionality checks ( https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/19) -
Clean up additional files in repo (anything not part of the BB install methodology) - https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/26 -
Flux/Umbrella integration ( https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/1237 ) -
Database/Object storage integration: Provide (as needed) for in cluster postgres/minio for development, values to point to external (likely not required?) -
Policy enforcement: Gatekeeper/kyverno, should adhere to all policies in enforcing mode OR have documented exceptions/justifications - https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/24 -
NeuVector usage documentation: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/12 / https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/7 / https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/5 / https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/4 / https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector/-/issues/6 (leverage upstream docs where we can and link to them, providing summaries as needed)
Edited by Micah Nagel