Air-gapped NeuVector docs (suse-edge#242)

* Update air-gapped-eib-deployments.adoc

* Update air-gapped-eib-deployments.adoc

asciidoc/guides/air-gapped-eib-deployments.adoc

@@ -194,7 +194,7 @@ The `embeddedArtifactRegistry` section will include all images which are only re
 The <<components-rancher,Rancher>> deployment that will be demonstrated will be highly slimmed down for demonstration purposes. For your actual deployments, additional artifacts may be necessary depending on your configuration.
 ====
 
-The release assets of https://github.com/rancher/rancher/releases/tag/v2.8.3[Rancher v2.8.3] contain a `rancher-images.txt` file which lists all the images required for an air-gapped installation.
+The https://github.com/rancher/rancher/releases/tag/v2.8.3[Rancher v2.8.3] release assets contain a `rancher-images.txt` file which lists all the images required for an air-gapped installation.
 
 There are about 602 container images in total which means that the resulting CRB image would be roughly 28GB+. For our Rancher installation, we will strip down that list to the smallest working configuration. From there, you can add back any images you may need for your deployments.
 
@@ -515,6 +515,132 @@ And when we go to `https://192.168.100.50.sslip.io` and log in with the `adminad
 
 image::air-gapped-rancher.png[]
 
+== NeuVector Installation
+
+Unlike the Rancher installation, the NeuVector installation does not require any special handling in EIB. EIB will automatically air-gap every image required by NeuVector.
+
+We will create the definition file:
+[,console]
+----
+apiVersion: 1.0
+image:
+  imageType: iso
+  arch: x86_64
+  baseImage: slemicro.iso
+  outputImageName: eib-image.iso
+operatingSystem:
+  users:
+    - username: root
+      encryptedPassword: $6$jHugJNNd3HElGsUZ$eodjVe4te5ps44SVcWshdfWizrP.xAyd71CVEXazBJ/.v799/WRCBXxfYmunlBO2yp1hm/zb4r8EmnrrNCF.P/
+kubernetes:
+  version: v1.28.8+rke2r1
+  helm:
+    charts:
+      - name: neuvector-crd
+        version: 103.0.3+up2.7.6
+        repositoryName: rancher-charts
+        targetNamespace: neuvector
+        createNamespace: true
+        installationNamespace: kube-system
+        valuesFile: neuvector-values.yaml
+      - name: neuvector
+        version: 103.0.3+up2.7.6
+        repositoryName: rancher-charts
+        targetNamespace: neuvector
+        createNamespace: true
+        installationNamespace: kube-system
+        valuesFile: neuvector-values.yaml
+    repositories:
+      - name: rancher-charts
+        url: https://charts.rancher.io/
+----
+
+We will also create a Helm values file for NeuVector:
+[,shell]
+----
+cat << EOF > $CONFIG_DIR/kubernetes/helm/values/neuvector-values.yaml
+controller:
+  replicas: 1
+manager:
+  enabled: false
+cve:
+  scanner:
+    enabled: false
+    replicas: 1
+k3s:
+  enabled: true
+crdwebhook:
+  enabled: false
+EOF
+----
+
+Let's build the image:
+[,shell]
+----
+podman run --rm -it --privileged -v $CONFIG_DIR:/eib \
+registry.suse.com/edge/edge-image-builder:1.0.1 \
+build --definition-file eib-iso-definition.yaml
+----
+
+The output should be similar to the following:
+[,console]
+----
+Generating image customization components...
+Identifier ................... [SUCCESS]
+Custom Files ................. [SKIPPED]
+Time ......................... [SKIPPED]
+Network ...................... [SUCCESS]
+Groups ....................... [SKIPPED]
+Users ........................ [SUCCESS]
+Proxy ........................ [SKIPPED]
+Rpm .......................... [SKIPPED]
+Systemd ...................... [SKIPPED]
+Elemental .................... [SKIPPED]
+Suma ......................... [SKIPPED]
+Populating Embedded Artifact Registry... 100% (6/6, 20 it/min)         
+Embedded Artifact Registry ... [SUCCESS]
+Keymap ....................... [SUCCESS]
+Configuring Kubernetes component...
+The Kubernetes CNI is not explicitly set, defaulting to 'cilium'.
+Downloading file: rke2_installer.sh
+Kubernetes ................... [SUCCESS]
+Certificates ................. [SKIPPED]
+Building ISO image...
+Kernel Params ................ [SKIPPED]
+Image build complete!
+----
+
+Once a node using the built image is provisioned, we can verify the NeuVector installation:
+
+[,shell]
+----
+/var/lib/rancher/rke2/bin/kubectl get all -A --kubeconfig /etc/rancher/rke2/rke2.yaml
+----
+
+The output should be similar to the following, showing that everything has been successfully deployed:
+[,console]
+----
+NAME                                           READY   STATUS    RESTARTS   AGE
+pod/neuvector-controller-pod-bc74745cf-x9fsc   1/1     Running   0          13m
+pod/neuvector-enforcer-pod-vzw7t               1/1     Running   0          13m
+
+NAME                                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                         AGE
+service/neuvector-svc-admission-webhook   ClusterIP   10.43.240.25   <none>        443/TCP                         13m
+service/neuvector-svc-controller          ClusterIP   None           <none>        18300/TCP,18301/TCP,18301/UDP   13m
+
+NAME                                    DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
+daemonset.apps/neuvector-enforcer-pod   1         1         1       1            1           <none>          13m
+
+NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/neuvector-controller-pod   1/1     1            1           13m
+
+NAME                                                 DESIRED   CURRENT   READY   AGE
+replicaset.apps/neuvector-controller-pod-bc74745cf   1         1         1       13m
+
+NAME                                  SCHEDULE    SUSPEND   ACTIVE   LAST SCHEDULE   AGE
+cronjob.batch/neuvector-updater-pod   0 0 * * *   False     0        <none>          13m
+----
+
 == Longhorn Installation [[longhorn-install]]
 
 The https://longhorn.io/docs/1.6.1/deploy/install/airgap/[official documentation] for Longhorn contains a `longhorn-images.txt` file which lists all the images required for an air-gapped installation.