neuvector · kakabisht · Aug 26, 2025 · Aug 26, 2025 · Aug 28, 2025 · Sep 2, 2025
@@ -78,14 +78,19 @@ kubectl label  namespace neuvector "pod-security.kubernetes.io/enforce=privilege
 <li>
 Create the custom resources (CRD) for NeuVector security rules. For Kubernetes 1.19+:
 
+[!NOTE]
+If you are upgrading to version `5.4.6` using YAML, you must deploy the `responserules-crd-k8s.yaml` file. If you are using Helm charts, this step is handled automatically and no action is required.
+
 ```shell
 kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/crd-k8s-1.19.yaml
 kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/waf-crd-k8s-1.19.yaml
 kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/dlp-crd-k8s-1.19.yaml
 kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/com-crd-k8s-1.19.yaml
 kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/vul-crd-k8s-1.19.yaml
 kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/admission-crd-k8s-1.19.yaml
-kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/5.4.3_group-definition-k8s.yaml
+kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/5.4.3_group-definition-k8s
+kubectl apply -f https://raw.githubusercontent.com/neuvector/manifests/main/kubernetes/5.4.0/responserules-crd-k8s.yaml
+yaml
 ```
 </li>
 <li>
@@ -150,30 +155,33 @@ kubectl create clusterrole neuvector-binding-nvgroupdefinitions --verb=list,get,
 kubectl create clusterrolebinding neuvector-binding-nvgroupdefinitions --clusterrole=neuvector-binding-nvgroupdefinitions --serviceaccount=neuvector:controller
 kubectl create role neuvector-binding-secret-controller --verb=create,patch,update --resource=secrets -n neuvector
 kubectl create rolebinding neuvector-binding-secret-controller --role=neuvector-binding-secret-controller --serviceaccount=neuvector:controller --serviceaccount=neuvector:default -n neuvector
+kubectl create clusterrole neuvector-binding-nvresponserulesecurityrules --verb=get,list,delete --resource=nvresponserulesecurityrules
+kubectl create clusterrolebinding neuvector-binding-nvresponserulesecurityrules --clusterrole=neuvector-binding-nvresponserulesecurityrules --serviceaccount=neuvector:controller
+
 ```
 
 </li>
 <li>
 Run the following commands to check if the neuvector/controller and neuvector/updater service accounts are added successfully.
 
 ```shell
-kubectl get ClusterRoleBinding neuvector-binding-app neuvector-binding-rbac neuvector-binding-admission neuvector-binding-customresourcedefinition neuvector-binding-nvsecurityrules neuvector-binding-view neuvector-binding-nvwafsecurityrules neuvector-binding-nvadmissioncontrolsecurityrules neuvector-binding-nvdlpsecurityrules neuvector-binding-nvgroupdefinitions -o wide
+kubectl get ClusterRoleBinding neuvector-binding-app neuvector-binding-rbac neuvector-binding-admission neuvector-binding-customresourcedefinition neuvector-binding-nvsecurityrules neuvector-binding-view neuvector-binding-nvwafsecurityrules neuvector-binding-nvadmissioncontrolsecurityrules neuvector-binding-nvdlpsecurityrules neuvector-binding-nvgroupdefinitions neuvector-binding-nvresponserulesecurityrules -o wide
 ```
 
 Sample output:
 
 ```shell
 NAME                                                ROLE                                                            AGE   USERS   GROUPS   SERVICEACCOUNTS
-neuvector-binding-app                               ClusterRole/neuvector-binding-app                               45s                    neuvector/controller
-neuvector-binding-rbac                              ClusterRole/neuvector-binding-rbac                              45s                    neuvector/controller
-neuvector-binding-admission                         ClusterRole/neuvector-binding-admission                         44s                    neuvector/controller
-neuvector-binding-customresourcedefinition          ClusterRole/neuvector-binding-customresourcedefinition          44s                    neuvector/controller
-neuvector-binding-nvsecurityrules                   ClusterRole/neuvector-binding-nvsecurityrules                   43s                    neuvector/controller
-neuvector-binding-view                              ClusterRole/view                                                43s                    neuvector/controller
-neuvector-binding-nvwafsecurityrules                ClusterRole/neuvector-binding-nvwafsecurityrules                43s                    neuvector/controller
-neuvector-binding-nvadmissioncontrolsecurityrules   ClusterRole/neuvector-binding-nvadmissioncontrolsecurityrules   43s                    neuvector/controller
-neuvector-binding-nvdlpsecurityrules                ClusterRole/neuvector-binding-nvdlpsecurityrules                43s                    neuvector/controller
-neuvector-binding-nvgroupdefinitions                ClusterRole/neuvector-binding-nvgroupdefinitions                40s                    neuvector/controller</code>
+neuvector-binding-app                               ClusterRole/neuvector-binding-app                               66d                    neuvector/controller
+neuvector-binding-rbac                              ClusterRole/neuvector-binding-rbac                              66d                    neuvector/controller
+neuvector-binding-admission                         ClusterRole/neuvector-binding-admission                         66d                    neuvector/controller
+neuvector-binding-customresourcedefinition          ClusterRole/neuvector-binding-customresourcedefinition          66d                    neuvector/controller
+neuvector-binding-nvsecurityrules                   ClusterRole/neuvector-binding-nvsecurityrules                   66d                    neuvector/controller
+neuvector-binding-view                              ClusterRole/view                                                66d                    neuvector/controller
+neuvector-binding-nvwafsecurityrules                ClusterRole/neuvector-binding-nvwafsecurityrules                66d                    neuvector/controller
+neuvector-binding-nvadmissioncontrolsecurityrules   ClusterRole/neuvector-binding-nvadmissioncontrolsecurityrules   66d                    neuvector/controller
+neuvector-binding-nvdlpsecurityrules                ClusterRole/neuvector-binding-nvdlpsecurityrules                66d                    neuvector/controller
+neuvector-binding-nvgroupdefinitions                ClusterRole/neuvector-binding-nvgroupdefinitions                66d                    neuvector/controller
 ```
 
 And this command: