Added NeuVector scripts (#77)

* added neuvector and formatting updates

* added airgap and formatting updates

docs/registry-docs/copying-images.md

@@ -9,20 +9,20 @@ If you're copying images into an airgap, check the documents [here](downloading-
 ## Requirements
 
 * [Cosign](https://docs.sigstore.dev/cosign/installation/)
-* [Helm](https://helm.sh/docs/intro/install/) (For Cert Manager Only)
+* [Helm](https://helm.sh/docs/intro/install/)
 
 ## Carbide
 
 ```bash
-# To login with the shared credentials
+# Log into the registry
 cosign login -u <redacted> -p <redacted> rgcrprod.azurecr.us
 
 # Your target registry (and login if it requires authentication)
 TARGET_REGISTRY=YOUR_REGISTRY_DOMAIN_HERE
-# cosign login -u YOUR_USER -p YOUR_PASSWORD $TARGET_REGISTRY  
+# cosign login -u YOUR_USER -p YOUR_PASSWORD $TARGET_REGISTRY
 
 # Set the specific release of Carbide you're targeting: https://github.com/rancherfederal/carbide-releases/releases
-CARBIDE_RELEASE=0.1.0
+CARBIDE_RELEASE=0.1.1
 
 CARBIDE_IMAGES=$(curl --silent -L https://github.com/rancherfederal/carbide-releases/releases/download/$CARBIDE_RELEASE/carbide-images.txt)
 for image in $CARBIDE_IMAGES; do
@@ -35,12 +35,12 @@ done
 ## K3s
 
 ```bash
-# To login with the shared credentials
+# Log into the registry
 cosign login -u <redacted> -p <redacted> rgcrprod.azurecr.us
 
 # Your target registry (and login if it requires authentication)
 TARGET_REGISTRY=YOUR_REGISTRY_DOMAIN_HERE
-# cosign login -u YOUR_USER -p YOUR_PASSWORD $TARGET_REGISTRY  
+# cosign login -u YOUR_USER -p YOUR_PASSWORD $TARGET_REGISTRY
 
 # Set the specific release of K3s you're targeting: https://github.com/k3s-io/k3s/releases
 K3S_RELEASE=v1.24.4+k3s1
@@ -56,12 +56,12 @@ done
 ## RKE2
 
 ```bash
-# To login with the shared credentials
+# Log into the registry
 cosign login -u <redacted> -p <redacted> rgcrprod.azurecr.us
 
 # Your target registry (and login if it requires authentication)
 TARGET_REGISTRY=YOUR_REGISTRY_DOMAIN_HERE
-# cosign login -u YOUR_USER -p YOUR_PASSWORD $TARGET_REGISTRY  
+# cosign login -u YOUR_USER -p YOUR_PASSWORD $TARGET_REGISTRY
 
 # Set the specific release of RKE2 you're targeting: https://github.com/rancher/rke2/releases
 RKE2_RELEASE=v1.24.3+rke2r1
@@ -77,12 +77,12 @@ done
 ## Longhorn
 
 ```bash
-# To login with the shared credentials
+# Log into the registry
 cosign login -u <redacted> -p <redacted> rgcrprod.azurecr.us
 
 # Your target registry (and login if it requires authentication)
 TARGET_REGISTRY=YOUR_REGISTRY_DOMAIN_HERE
-# cosign login -u YOUR_USER -p YOUR_PASSWORD $TARGET_REGISTRY  
+# cosign login -u YOUR_USER -p YOUR_PASSWORD $TARGET_REGISTRY
 
 # Set the specific release of Longhorn you're targeting: https://github.com/longhorn/longhorn/releases
 LONGHORN_RELEASE=v1.3.1
@@ -95,19 +95,46 @@ for image in $LONGHORN_IMAGES; do
 done
 ```
 
+## NeuVector
+
+```bash
+# Log into the registry
+cosign login -u <redacted> -p <redacted> rgcrprod.azurecr.us
+
+# Your target registry (and login if it requires authentication)
+TARGET_REGISTRY=YOUR_REGISTRY_DOMAIN_HERE
+# cosign login -u YOUR_USER -p YOUR_PASSWORD $TARGET_REGISTRY
+
+# NeuVector Chart Version
+NEUVECTOR_RELEASE=v2.4.2
+
+# Add the neuvector repo (required Helm)
+helm repo add neuvector https://neuvector.github.io/neuvector-helm
+helm repo update
+
+# Grab the list of images and download them (requires docker, grep, sed, and awk)
+for image in $(helm template neuvector neuvector/core --version $NEUVECTOR_RELEASE | grep 'image:' | sed 's/"//g' | awk '{ print $2 }'); do
+    source_image=$(echo $image | sed 's/docker.io/rgcrprod.azurecr.us/g')
+    dest_image=$(echo $image | sed "s/docker.io/$TARGET_REGISTRY/g")
+    cosign copy $source_image $dest_image
+done
+```
+
 ## Kubewarden
 
 ```bash
 # Log into the registry
 cosign login -u <redacted> -p <redacted> rgcrprod.azurecr.us
 
+# Your target registry (and login if it requires authentication)
+TARGET_REGISTRY=YOUR_REGISTRY_DOMAIN_HERE
+# cosign login -u YOUR_USER -p YOUR_PASSWORD $TARGET_REGISTRY
+
 # Add the Kubewarden repo (required Helm)
 helm repo add kubewarden https://charts.kubewarden.io
 helm repo update
 
 # Grab the list of images and download them (requires docker, grep, sed, and awk)
-
-
 for image in $(helm template kubewarden/kubewarden-controller | grep 'image:' | sed 's/"//g' | sed "s/'//g" | awk '{ print $2 }'); do
     source_image=$(echo $image | sed 's/quay.io/rgcrprod.azurecr.us/g')
     dest_image=$(echo $image | sed "s/quay.io/$TARGET_REGISTRY/g")
@@ -129,18 +156,20 @@ done
 # Log into the registry
 cosign login -u <redacted> -p <redacted> rgcrprod.azurecr.us
 
+# Your target registry (and login if it requires authentication)
+TARGET_REGISTRY=YOUR_REGISTRY_DOMAIN_HERE
+# cosign login -u YOUR_USER -p YOUR_PASSWORD $TARGET_REGISTRY
+
 # Rancher supports v1.7.1 currently. See here for more info:
 # https://ranchermanager.docs.rancher.com/pages-for-subheaders/install-upgrade-on-a-kubernetes-cluster#4-install-cert-manager
-CERT_MANAGER_VERSION="v1.7.1"
+CERT_MANAGER_RELEASE="v1.7.1"
 
 # Add the cert manager repo (required Helm)
 helm repo add jetstack https://charts.jetstack.io
 helm repo update
 
 # Grab the list of images and download them (requires docker, grep, sed, and awk)
-
-
-for image in $(helm template jetstack/cert-manager --version $CERT_MANAGER_VERSION | grep 'image:' | sed 's/"//g' | awk '{ print $2 }'); do
+for image in $(helm template jetstack/cert-manager --version $CERT_MANAGER_RELEASE | grep 'image:' | sed 's/"//g' | awk '{ print $2 }'); do
     source_image=$(echo $image | sed 's/quay.io/rgcrprod.azurecr.us/g')
     dest_image=$(echo $image | sed "s/quay.io/$TARGET_REGISTRY/g")
     cosign copy $source_image $dest_image
@@ -152,12 +181,12 @@ See [Rancher Manager Configuration](rancher-config.md) for configuring the Cert
 ### Rancher
 
 ```bash
-# To login with the shared credentials
+# Log into the registry
 cosign login -u <redacted> -p <redacted> rgcrprod.azurecr.us
 
 # Your target registry (and login if it requires authentication)
 TARGET_REGISTRY=YOUR_REGISTRY_DOMAIN_HERE
-# cosign login -u YOUR_USER -p YOUR_PASSWORD $TARGET_REGISTRY  
+# cosign login -u YOUR_USER -p YOUR_PASSWORD $TARGET_REGISTRY
 
 # Set the specific release of Rancher you're targeting: https://github.com/rancher/rancher/releases
 RANCHER_RELEASE=v2.7.1

docs/registry-docs/downloading-images.md

@@ -1,11 +1,13 @@
 # Downloading Release Images
 
-This page will walk you through how you can locally download secured images from the hardened registry and package them to move over an airgap.
+This page will walk you through how you can locally download secured images from the hardened registry and package them to move over an airgap to your registry.
+
+If you're copying images into a connected registry, check the documents [here](copying-images.md).
 
 ## Requirements
 
 * [Cosign](https://docs.sigstore.dev/cosign/installation/)
-* [Helm](https://helm.sh/docs/intro/install/) (For Cert Manager Only)
+* [Helm](https://helm.sh/docs/intro/install/)
 
 ## Carbide
 
@@ -20,7 +22,7 @@ DEST_DIRECTORY=/tmp/carbide-images
 DEST_TAR=/tmp/carbide-images.tar.gz  # Change this to the location you want for your resulting TAR 
 
 # Carbide Version
-CARBIDE_RELEASE=0.1.0
+CARBIDE_RELEASE=0.1.1
 
 if [[ -d "$DEST_DIRECTORY" ]]; then
     echo "ERROR: Directory '$DEST_DIRECTORY' exists."
@@ -212,6 +214,60 @@ tar zcf "$DEST_TAR" -C "$DEST_DIRECTORY" .
 rm -rf $DEST_DIRECTORY
 ```
 
+## NeuVector
+```bash
+# Carbide Registry
+SOURCE_REGISTRY=rgcrprod.azurecr.us
+SOURCE_REGISTRY_USER=YOUR_CARBIDE_USER
+SOURCE_REGISTRY_PASS=YOUR_CARBIDE_PASS
+
+# Working directories & TAR
+DEST_DIRECTORY=/tmp/neuvector-images
+DEST_TAR=/tmp/neuvector-images.tar.gz  # Change this to the location you want for your resulting TAR 
+
+# NeuVector Chart Version
+NEUVECTOR_RELEASE=v2.4.2
+
+if [[ -d "$DEST_DIRECTORY" ]]; then
+    echo "ERROR: Directory '$DEST_DIRECTORY' exists."
+    echo "Change or delete it before running."
+    exit 1
+fi
+
+if [[ -d "$DEST_TAR" ]]; then
+    echo "ERROR: Directory '$DEST_TAR' exists."
+    echo "Change or delete it before running."
+    exit 1
+fi
+
+cosign login -u $SOURCE_REGISTRY_USER -p $SOURCE_REGISTRY_PASS $SOURCE_REGISTRY
+mkdir -p "$DEST_DIRECTORY"
+
+# Add the neuvector repo (required Helm)
+helm repo add neuvector https://neuvector.github.io/neuvector-helm
+helm repo update
+
+# Grab the list of images and download them (requires docker, grep, sed, and awk)
+for image in $(helm template neuvector neuvector/core --version $NEUVECTOR_RELEASE | grep 'image:' | sed 's/"//g' | sed "s/'//g" | awk '{ print $2 }'); do
+    source_image=$(echo $image | sed "s/docker.io/$SOURCE_REGISTRY/g")
+    dest_image=$(echo $image | sed "s/docker.io/TARGET_REGISTRY/g")
+
+    # Create manifest to use during load
+    img_id_num=$(mktemp -d XXXXXXXXXXXXXXXXXXXX)
+    echo "$img_id_num|$dest_image" >> $DEST_DIRECTORY/manifest.txt
+
+    # Save image locally
+    mkdir $DEST_DIRECTORY/$img_id_num
+    cosign save --dir "$DEST_DIRECTORY/$img_id_num" $source_image
+done
+
+# Compress directory
+tar zcf "$DEST_TAR" -C "$DEST_DIRECTORY" .
+
+# Clean up working directory
+rm -rf $DEST_DIRECTORY
+```
+
 ## Kubewarden
 
 ```bash
@@ -385,4 +441,4 @@ tar zcf "$DEST_TAR" -C "$DEST_DIRECTORY" .
 rm -rf $DEST_DIRECTORY
 ```
 
-See [Validate Images in the Airgap](validating-airgap-images.md) and [Loading Local Images to Registry](loading-images.md) for information on loading these into your airgapped registry.
+See [Validate Images in the Airgap](validating-airgap-images.md) and [Loading Local Images to Registry](loading-images.md) for information on validating the images and loading the images into your airgapped registry.

docs/registry-docs/loading-images.md

@@ -15,6 +15,14 @@ Make sure you've checked out the section on [Downloading Images](downloading-ima
 ## Copying a Local Image to a Registry
 
 Update/run the following script to load your images from the generated TAR (will work for any component TAR):
+* Rancher Government Carbide - `carbide-images.tar.gz`
+* K3s - `k3s-images.tar.gz`
+* RKE2 - `rke2-images.tar.gz`
+* Longhorn - `longhorn-images.tar.gz`
+* NeuVector - `neuvector-images.tar.gz`
+* Kubewarden - `kubewarden-images.tar.gz`
+* Cert Manager - `cert-manager-images.tar.gz`
+* Rancher - `rancher-images.tar.gz`
 
 ```bash
 # Remote Registry