Deploy neuvector on workload clusters (!3256) · Merge requests · Sylva-projects / sylva-core

What does this MR do and why?

This merge request aims to enable the deployment of Neuvector on workload clusters to facilitate further cluster federation (see !4467 (merged)). Currently, Neuvector is not deployed on the workload cluster, and simply enabling the unit in the workload cluster values is insufficient due to its dependencies on management cluster units, such as Keycloak.

TLS

The Neuvector workload cluster now has a TLS certificate for its webui.

Cleanup

In the context of TLS certificate management, an unused file named neuvector-tls.yaml has been removed.

Related reference(s)

Test coverage

Verify the successful deployment of Neuvector on workload clusters, ensuring that all necessary dependencies are addressed.

Closes #1462 (closed)

CI configuration

Below you can choose test deployment variants to run in this MR's CI.

Click to open to CI configuration

Legend:

Icon	Meaning	Available values
☁️	Infra Provider	`capd`, `capo`, `capm3`
🚀	Bootstrap Provider	`kubeadm` (alias `kadm`), `rke2`
🐧	Node OS	`ubuntu`, `suse`
🛠️	Deployment Options	`light-deploy`, `dev-sources`, `ha`, `misc`
🎬	Pipeline Scenarios	Available scenario list and description

Global config for deployment pipelines

autorun pipelines
allow failure on pipelines

Notes:

Enabling autorun will make deployment pipelines to be run automatically without human interaction
Disabling allow failure will make deployment pipelines mandatory for pipeline success.
if both autorun and allow failure are disabled, deployment pipelines will need manual triggering but will be blocking the pipeline

Be aware: after configuration change, pipeline is not triggered automatically. Please run it manually (by clicking the run pipeline button in Pipelines tab) or push new code.

Edited May 20, 2025 by François-Régis Menguy

Deploy neuvector on workload clusters