From 28ef4d9aca9ad7e6188c6ce97b930216d7c4f0e6 Mon Sep 17 00:00:00 2001 From: Brady Todhunter Date: Tue, 30 Apr 2024 17:10:14 -0700 Subject: [PATCH] stable/feeds: Update to Enterprise v5.5.0 (#374) * add 5.5.0 configs * add service annotations * bump chart version * update readme * update test snapshots --------- Signed-off-by: Brady Todhunter --- stable/feeds/Chart.yaml | 4 +- stable/feeds/README.md | 24 ++++++++++- stable/feeds/files/default_config.yaml | 8 +++- stable/feeds/templates/_common.tpl | 16 +++++++ stable/feeds/templates/deployment.yaml | 2 +- .../__snapshot__/configmap_test.yaml.snap | 21 +++++++++- .../prehook_upgrade_resources_test.yaml.snap | 2 +- stable/feeds/tests/common_helpers_test.yaml | 35 ++++++++++++++++ stable/feeds/values.yaml | 42 +++++++++++++++++-- 9 files changed, 143 insertions(+), 11 deletions(-) diff --git a/stable/feeds/Chart.yaml b/stable/feeds/Chart.yaml index 145ff879..7d77b04a 100644 --- a/stable/feeds/Chart.yaml +++ b/stable/feeds/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: feeds type: application -version: "2.4.3" -appVersion: "5.4.1" +version: "2.5.0" +appVersion: "5.5.0" kubeVersion: 1.23.x - 1.27.x || 1.23.x-x - 1.29.x-x description: Anchore feeds service keywords: diff --git a/stable/feeds/README.md b/stable/feeds/README.md index 05304411..3fbf2fde 100644 --- a/stable/feeds/README.md +++ b/stable/feeds/README.md @@ -313,7 +313,7 @@ anchoreConfig: | `url` | Set a custom feeds URL. Useful when using a feeds service endpoint that is external from the cluster. | `""` | | `fullnameOverride` | overrides the fullname set on resources | `""` | | `nameOverride` | overrides the name set on resources | `""` | -| `image` | Image used for feeds deployment | `docker.io/anchore/enterprise:v5.4.1` | +| `image` | Image used for feeds deployment | `docker.io/anchore/enterprise:v5.5.0` | | `imagePullPolicy` | Image pull policy used by all deployments | `IfNotPresent` | | `imagePullSecretName` | Name of Docker credentials secret for access to private repos | `anchore-enterprise-pullcreds` | | `serviceAccountName` | Name of a service account used to run all Feeds pods | `""` | @@ -373,7 +373,22 @@ anchoreConfig: | Name | Description | Value | | -------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | | `anchoreConfig.service_dir` | Path to directory where default Anchore configs are placed at startup | `/anchore_service` | -| `anchoreConfig.log_level` | The log level for Anchore services | `INFO` | +| `anchoreConfig.log_level` | The log level for Anchore services: NOTE: This is deprecated, use logging.log_level | `INFO` | +| `anchoreConfig.logging.colored_logging` | Enable colored output in the logs | `false` | +| `anchoreConfig.logging.exception_backtrace_logging` | Enable stack traces in the logs | `false` | +| `anchoreConfig.logging.exception_diagnose_logging` | Enable detailed exception information in the logs | `false` | +| `anchoreConfig.logging.file_rotation_rule` | Maximum size of a log file before it is rotated | `10 MB` | +| `anchoreConfig.logging.file_retention_rule` | Number of log files to retain before deleting the oldest | `10` | +| `anchoreConfig.logging.log_level` | Log level for the service code | `INFO` | +| `anchoreConfig.logging.server_access_logging` | Set whether to print server access to logging | `true` | +| `anchoreConfig.logging.server_response_debug_logging` | Log the elapsed time to process the request and the response size (debug log level) | `false` | +| `anchoreConfig.logging.server_log_level` | Log level specifically for the server (uvicorn) | `info` | +| `anchoreConfig.logging.structured_logging` | Enable structured logging output (JSON) | `false` | +| `anchoreConfig.server.max_connection_backlog` | Max connections permitted in the backlog before dropping | `2048` | +| `anchoreConfig.server.max_wsgi_middleware_worker_queue_size` | Max number of requests to queue for processing by ASGI2WSGI middleware | `100` | +| `anchoreConfig.server.max_wsgi_middleware_worker_count` | Max number of workers to have in the ASGI2WSGI middleware worker pool | `50` | +| `anchoreConfig.server.timeout_graceful_shutdown` | Seconds to permit for graceful shutdown or false to disable | `false` | +| `anchoreConfig.server.timeout_keep_alive` | Seconds to keep a connection alive before closing | `5` | | `anchoreConfig.keys.secret` | The shared secret used for signing & encryption, auto-generated by Helm if not set | `""` | | `anchoreConfig.keys.privateKeyFileName` | The file name of the private key used for signing & encryption, found in the k8s secret specified in .Values.certStoreSecretName | `""` | | `anchoreConfig.keys.publicKeyFileName` | The file name of the public key used for signing & encryption, found in the k8s secret specified in .Values.certStoreSecretName | `""` | @@ -487,6 +502,11 @@ For the latest updates and features in Anchore Enterprise, see the official [Rel - **Minor Chart Version Change (e.g., v0.1.2 -> v0.2.0)**: Indicates a significant change to the deployment that does not require manual intervention. - **Patch Chart Version Change (e.g., v0.1.2 -> v0.1.3)**: Indicates a backwards-compatible bug fix or documentation update. +### v2.5.x + +- Update Anchore Feeds image to v5.5.0. See the [Release Notes](https://docs.anchore.com/current/docs/releasenotes/550/) for more information. +- Added support for service specific annotations. + ### v2.4.0 - Update Anchore Feeds image to v5.4.0. See the [Release Notes](https://docs.anchore.com/current/docs/releasenotes/540/) for more information. diff --git a/stable/feeds/files/default_config.yaml b/stable/feeds/files/default_config.yaml index 2db8efa2..40c08fc0 100644 --- a/stable/feeds/files/default_config.yaml +++ b/stable/feeds/files/default_config.yaml @@ -1,6 +1,12 @@ service_dir: ${ANCHORE_SERVICE_DIR} tmp_dir: ${ANCHORE_FEEDS_TMP_DIR} -log_level: ${ANCHORE_LOG_LEVEL} +log_level: ${ANCHORE_LOG_LEVEL} # Deprecated - prefer use of logging.log_level + +logging: + {{- toYaml .Values.anchoreConfig.logging | nindent 2 }} + +server: + {{- toYaml .Values.anchoreConfig.server | nindent 2 }} host_id: "${ANCHORE_HOST_ID}" internal_ssl_verify: ${ANCHORE_INTERNAL_SSL_VERIFY} diff --git a/stable/feeds/templates/_common.tpl b/stable/feeds/templates/_common.tpl index 3afaecc0..b41d2ce9 100644 --- a/stable/feeds/templates/_common.tpl +++ b/stable/feeds/templates/_common.tpl @@ -11,6 +11,22 @@ Common annotations {{- end }} {{- end -}} +{{/* +Service annotations +*/}} +{{- define "feeds.service.annotations" -}} +{{- if and (not .nil) (not .Values.service.annotations) (not .Values.annotations) }} + {{- print "{}" }} +{{- else }} + {{- with .Values.service.annotations }} +{{ toYaml . }} + {{- end }} + {{- with .Values.annotations }} +{{ toYaml . }} + {{- end }} +{{- end }} +{{- end -}} + {{/* Setup a container for the cloudsql proxy to run in all pods when .Values.cloudsql.enabled = true */}} diff --git a/stable/feeds/templates/deployment.yaml b/stable/feeds/templates/deployment.yaml index 82a7bf43..524685c2 100644 --- a/stable/feeds/templates/deployment.yaml +++ b/stable/feeds/templates/deployment.yaml @@ -185,7 +185,7 @@ metadata: name: {{ template "feeds.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "feeds.common.labels" . | nindent 4 }} - annotations: {{- include "feeds.common.annotations" . | nindent 4 }} + annotations: {{- include "feeds.service.annotations" . | nindent 4 }} spec: type: {{ .Values.service.type }} selector: {{- include "feeds.common.matchLabels" . | nindent 4 }} diff --git a/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap b/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap index 2361fcbf..be939b18 100644 --- a/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap +++ b/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap @@ -7,7 +7,26 @@ should render the configmaps: # service_dir: ${ANCHORE_SERVICE_DIR} tmp_dir: ${ANCHORE_FEEDS_TMP_DIR} - log_level: ${ANCHORE_LOG_LEVEL} + log_level: ${ANCHORE_LOG_LEVEL} # Deprecated - prefer use of logging.log_level + + logging: + colored_logging: false + exception_backtrace_logging: false + exception_diagnose_logging: false + file_retention_rule: 10 + file_rotation_rule: 10 MB + log_level: INFO + server_access_logging: true + server_log_level: info + server_response_debug_logging: false + structured_logging: false + + server: + max_connection_backlog: 2048 + max_wsgi_middleware_worker_count: 50 + max_wsgi_middleware_worker_queue_size: 100 + timeout_graceful_shutdown: false + timeout_keep_alive: 5 host_id: "${ANCHORE_HOST_ID}" internal_ssl_verify: ${ANCHORE_INTERNAL_SSL_VERIFY} diff --git a/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap b/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap index d8cbe6a1..cc6dacf1 100644 --- a/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap +++ b/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap @@ -143,6 +143,6 @@ should render proper initContainers: value: test-release-feeds.test-namespace.svc.cluster.local - name: ANCHORE_PORT value: "8448" - image: docker.io/anchore/enterprise:v5.4.1 + image: docker.io/anchore/enterprise:v5.5.0 imagePullPolicy: IfNotPresent name: wait-for-db diff --git a/stable/feeds/tests/common_helpers_test.yaml b/stable/feeds/tests/common_helpers_test.yaml index 7893d7ab..c3b5d123 100644 --- a/stable/feeds/tests/common_helpers_test.yaml +++ b/stable/feeds/tests/common_helpers_test.yaml @@ -44,6 +44,41 @@ tests: foo: bar bar: baz + - it: should render service annotations + template: deployment.yaml + documentIndex: 1 + set: + service: + annotations: + foo: bar + bar: baz + asserts: + - isSubset: + path: metadata.annotations + content: + foo: bar + bar: baz + + - it: should render service annotations and global annotations + template: deployment.yaml + documentIndex: 1 + set: + service: + annotations: + foo: bar + bar: baz + annotations: + fizz: buzz + boo: blah + asserts: + - isSubset: + path: metadata.annotations + content: + fizz: buzz + boo: blah + foo: bar + bar: baz + - it: should render file checksum/secret annotation template: deployment.yaml documentIndex: 0 diff --git a/stable/feeds/values.yaml b/stable/feeds/values.yaml index 694a93f0..f5d2d28f 100644 --- a/stable/feeds/values.yaml +++ b/stable/feeds/values.yaml @@ -21,7 +21,7 @@ nameOverride: "" ## @param image Image used for feeds deployment ## -image: docker.io/anchore/enterprise:v5.4.1 +image: docker.io/anchore/enterprise:v5.5.0 ## @param imagePullPolicy Image pull policy used by all deployments ## ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy @@ -243,11 +243,47 @@ anchoreConfig: ## service_dir: /anchore_service - ## @param anchoreConfig.log_level The log level for Anchore services - ## options available: FATAL, ERROR, WARN, INFO, DEBUG, SPEW + ## @param anchoreConfig.log_level The log level for Anchore services: NOTE: This is deprecated, use logging.log_level + ## options available: CRITICAL, ERROR, WARNING, SUCCESS, INFO, DEBUG, TRACE ## log_level: INFO + ## @param anchoreConfig.logging.colored_logging Enable colored output in the logs + ## @param anchoreConfig.logging.exception_backtrace_logging Enable stack traces in the logs + ## @param anchoreConfig.logging.exception_diagnose_logging Enable detailed exception information in the logs + ## @param anchoreConfig.logging.file_rotation_rule Maximum size of a log file before it is rotated + ## @param anchoreConfig.logging.file_retention_rule Number of log files to retain before deleting the oldest + ## @param anchoreConfig.logging.log_level Log level for the service code + ## @param anchoreConfig.logging.server_access_logging Set whether to print server access to logging + ## @param anchoreConfig.logging.server_response_debug_logging Log the elapsed time to process the request and the response size (debug log level) + ## @param anchoreConfig.logging.server_log_level Log level specifically for the server (uvicorn) + ## @param anchoreConfig.logging.structured_logging Enable structured logging output (JSON) + ## + logging: + colored_logging: false + exception_backtrace_logging: false + exception_diagnose_logging: false + file_rotation_rule: "10 MB" + file_retention_rule: 10 + log_level: INFO + server_access_logging: true + server_response_debug_logging: false + server_log_level: "info" + structured_logging: false + + ## @param anchoreConfig.server.max_connection_backlog Max connections permitted in the backlog before dropping + ## @param anchoreConfig.server.max_wsgi_middleware_worker_queue_size Max number of requests to queue for processing by ASGI2WSGI middleware + ## @param anchoreConfig.server.max_wsgi_middleware_worker_count Max number of workers to have in the ASGI2WSGI middleware worker pool + ## @param anchoreConfig.server.timeout_graceful_shutdown Seconds to permit for graceful shutdown or false to disable + ## @param anchoreConfig.server.timeout_keep_alive Seconds to keep a connection alive before closing + ## + server: + max_connection_backlog: 2048 + max_wsgi_middleware_worker_queue_size: 100 + max_wsgi_middleware_worker_count: 50 + timeout_graceful_shutdown: false + timeout_keep_alive: 5 + ## @param anchoreConfig.keys.secret The shared secret used for signing & encryption, auto-generated by Helm if not set ## @param anchoreConfig.keys.privateKeyFileName The file name of the private key used for signing & encryption, found in the k8s secret specified in .Values.certStoreSecretName ## @param anchoreConfig.keys.publicKeyFileName The file name of the public key used for signing & encryption, found in the k8s secret specified in .Values.certStoreSecretName