diff --git a/stable/enterprise/Chart.lock b/stable/enterprise/Chart.lock index bf84f177..605b4775 100644 --- a/stable/enterprise/Chart.lock +++ b/stable/enterprise/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 17.11.8 - name: feeds repository: https://charts.anchore.io/stable - version: 2.4.0 -digest: sha256:9179b9a84b9f974b98c1182a25f7d5976a256371cee3733b9ffb9d09d7339c0f -generated: "2024-04-03T17:23:43.082782-07:00" + version: 2.4.1 +digest: sha256:fc8274f1cbd805dc79cecefdcb4bb9cddbb7e4863ed738aee9ccdb60611d939b +generated: "2024-04-10T17:13:17.54518-04:00" diff --git a/stable/enterprise/Chart.yaml b/stable/enterprise/Chart.yaml index 689c899b..8c18ec0c 100644 --- a/stable/enterprise/Chart.yaml +++ b/stable/enterprise/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: enterprise -version: "2.5.1" +version: "2.5.2" appVersion: "5.4.0" kubeVersion: 1.23.x - 1.28.x || 1.23.x-x - 1.29.x-x description: | diff --git a/stable/enterprise/README.md b/stable/enterprise/README.md index 1da76296..2215a3a3 100644 --- a/stable/enterprise/README.md +++ b/stable/enterprise/README.md @@ -918,50 +918,51 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `global.fullnameOverride` | overrides the fullname set on resources | `""` | | `global.nameOverride` | overrides the name set on resources | `""` | - ### Common Resource Parameters -| Name | Description | Value | -| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- | -| `image` | Image used for all Anchore Enterprise deployments, excluding Anchore UI | `docker.io/anchore/enterprise-dev:latest` | -| `imagePullPolicy` | Image pull policy used by all deployments | `IfNotPresent` | -| `imagePullSecretName` | Name of Docker credentials secret for access to private repos | `anchore-enterprise-pullcreds` | -| `startMigrationPod` | Spin up a Database migration pod to help migrate the database to the new schema | `false` | -| `migrationPodImage` | The image reference to the migration pod | `docker.io/postgres:13-bookworm` | -| `migrationAnchoreEngineSecretName` | The name of the secret that has anchore-engine values | `my-engine-anchore-engine` | -| `serviceAccountName` | Name of a service account used to run all Anchore pods | `""` | -| `injectSecretsViaEnv` | Enable secret injection into pod via environment variables instead of via k8s secrets | `false` | -| `licenseSecretName` | Name of the Kubernetes secret containing your license.yaml file | `anchore-enterprise-license` | -| `certStoreSecretName` | Name of secret containing the certificates & keys used for SSL, SAML & CAs | `""` | -| `extraEnv` | Common environment variables set on all containers | `[]` | -| `useExistingSecrets` | forgoes secret creation and uses the secret defined in existingSecretName | `false` | -| `existingSecretName` | Name of an existing secret to be used for Anchore core services, excluding Anchore UI | `anchore-enterprise-env` | -| `labels` | Common labels set on all Kubernetes resources | `{}` | -| `annotations` | Common annotations set on all Kubernetes resources | `{}` | -| `scratchVolume.mountPath` | The mount path of an external volume for scratch space. Used for the following pods: analyzer, policy-engine, catalog, and reports | `/analysis_scratch` | -| `scratchVolume.fixGroupPermissions` | Enable an initContainer that will fix the fsGroup permissions on all scratch volumes | `false` | -| `scratchVolume.fixerInitContainerImage` | The image to use for the mode-fixer initContainer | `alpine` | -| `scratchVolume.details` | Details for the k8s volume to be created (defaults to default emptyDir) | `{}` | -| `extraVolumes` | mounts additional volumes to each pod | `[]` | -| `extraVolumeMounts` | mounts additional volumes to each pod | `[]` | -| `securityContext.runAsUser` | The securityContext runAsUser for all Anchore pods | `1000` | -| `securityContext.runAsGroup` | The securityContext runAsGroup for all Anchore pods | `1000` | -| `securityContext.fsGroup` | The securityContext fsGroup for all Anchore pods | `1000` | -| `containerSecurityContext` | The securityContext for all containers | `{}` | -| `probes.liveness.initialDelaySeconds` | Initial delay seconds for liveness probe | `120` | -| `probes.liveness.timeoutSeconds` | Timeout seconds for liveness probe | `10` | -| `probes.liveness.periodSeconds` | Period seconds for liveness probe | `10` | -| `probes.liveness.failureThreshold` | Failure threshold for liveness probe | `6` | -| `probes.liveness.successThreshold` | Success threshold for liveness probe | `1` | -| `probes.readiness.timeoutSeconds` | Timeout seconds for the readiness probe | `10` | -| `probes.readiness.periodSeconds` | Period seconds for the readiness probe | `10` | -| `probes.readiness.failureThreshold` | Failure threshold for the readiness probe | `3` | -| `probes.readiness.successThreshold` | Success threshold for the readiness probe | `1` | -| `doSourceAtEntry.enabled` | Does a `source` of the file path defined before starting Anchore services | `false` | -| `doSourceAtEntry.filePaths` | List of file paths to `source` before starting Anchore services | `[]` | -| `configOverride` | Allows for overriding the default Anchore configuration file | `""` | -| `scripts` | Collection of helper scripts usable in all anchore enterprise pods | `{}` | - +| Name | Description | Value | +| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- | +| `image` | Image used for all Anchore Enterprise deployments, excluding Anchore UI | `docker.io/anchore/enterprise:v5.4.0` | +| `imagePullPolicy` | Image pull policy used by all deployments | `IfNotPresent` | +| `imagePullSecretName` | Name of Docker credentials secret for access to private repos | `anchore-enterprise-pullcreds` | +| `startMigrationPod` | Spin up a Database migration pod to help migrate the database to the new schema | `false` | +| `migrationPodImage` | The image reference to the migration pod | `docker.io/postgres:13-bookworm` | +| `migrationAnchoreEngineSecretName` | The name of the secret that has anchore-engine values | `my-engine-anchore-engine` | +| `serviceAccountName` | Name of a service account used to run all Anchore pods | `""` | +| `injectSecretsViaEnv` | Enable secret injection into pod via environment variables instead of via k8s secrets | `false` | +| `licenseSecretName` | Name of the Kubernetes secret containing your license.yaml file | `anchore-enterprise-license` | +| `certStoreSecretName` | Name of secret containing the certificates & keys used for SSL, SAML & CAs | `""` | +| `extraEnv` | Common environment variables set on all containers | `[]` | +| `useExistingSecrets` | forgoes secret creation and uses the secret defined in existingSecretName | `false` | +| `existingSecretName` | Name of an existing secret to be used for Anchore core services, excluding Anchore UI | `anchore-enterprise-env` | +| `labels` | Common labels set on all Kubernetes resources | `{}` | +| `annotations` | Common annotations set on all Kubernetes resources | `{}` | +| `nodeSelector` | Common nodeSelector set on all Kubernetes pods | `{}` | +| `tolerations` | Common tolerations set on all Kubernetes pods | `[]` | +| `affinity` | Common affinity set on all Kubernetes pods | `{}` | +| `scratchVolume.mountPath` | The mount path of an external volume for scratch space. Used for the following pods: analyzer, policy-engine, catalog, and reports | `/analysis_scratch` | +| `scratchVolume.fixGroupPermissions` | Enable an initContainer that will fix the fsGroup permissions on all scratch volumes | `false` | +| `scratchVolume.fixerInitContainerImage` | The image to use for the mode-fixer initContainer | `alpine` | +| `scratchVolume.details` | Details for the k8s volume to be created (defaults to default emptyDir) | `{}` | +| `extraVolumes` | mounts additional volumes to each pod | `[]` | +| `extraVolumeMounts` | mounts additional volumes to each pod | `[]` | +| `securityContext.runAsUser` | The securityContext runAsUser for all Anchore pods | `1000` | +| `securityContext.runAsGroup` | The securityContext runAsGroup for all Anchore pods | `1000` | +| `securityContext.fsGroup` | The securityContext fsGroup for all Anchore pods | `1000` | +| `containerSecurityContext` | The securityContext for all containers | `{}` | +| `probes.liveness.initialDelaySeconds` | Initial delay seconds for liveness probe | `120` | +| `probes.liveness.timeoutSeconds` | Timeout seconds for liveness probe | `10` | +| `probes.liveness.periodSeconds` | Period seconds for liveness probe | `10` | +| `probes.liveness.failureThreshold` | Failure threshold for liveness probe | `6` | +| `probes.liveness.successThreshold` | Success threshold for liveness probe | `1` | +| `probes.readiness.timeoutSeconds` | Timeout seconds for the readiness probe | `10` | +| `probes.readiness.periodSeconds` | Period seconds for the readiness probe | `10` | +| `probes.readiness.failureThreshold` | Failure threshold for the readiness probe | `3` | +| `probes.readiness.successThreshold` | Success threshold for the readiness probe | `1` | +| `doSourceAtEntry.enabled` | Does a `source` of the file path defined before starting Anchore services | `false` | +| `doSourceAtEntry.filePaths` | List of file paths to `source` before starting Anchore services | `[]` | +| `configOverride` | Allows for overriding the default Anchore configuration file | `""` | +| `scripts` | Collection of helper scripts usable in all anchore enterprise pods | `{}` | ### Anchore Configuration Parameters @@ -1069,7 +1070,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `anchoreConfig.ui.dbUser` | allows overriding and separation of the ui database user. | `""` | | `anchoreConfig.ui.dbPassword` | allows overriding and separation of the ui database user authentication | `""` | - ### Anchore Analyzer k8s Deployment Parameters | Name | Description | Value | @@ -1086,7 +1086,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `analyzer.serviceAccountName` | Service account name for Anchore API pods | `""` | | `analyzer.scratchVolume.details` | Details for the k8s volume to be created for Anchore Analyzer scratch space | `{}` | - ### Anchore API k8s Deployment Parameters | Name | Description | Value | @@ -1108,7 +1107,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `api.affinity` | Affinity for Anchore API pod assignment | `{}` | | `api.serviceAccountName` | Service account name for Anchore API pods | `""` | - ### Anchore Catalog k8s Deployment Parameters | Name | Description | Value | @@ -1131,7 +1129,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `catalog.serviceAccountName` | Service account name for Anchore Catalog pods | `""` | | `catalog.scratchVolume.details` | Details for the k8s volume to be created for Anchore Catalog scratch space | `{}` | - ### Anchore Feeds Chart Parameters | Name | Description | Value | @@ -1141,7 +1138,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `feeds.url` | Set the URL for a standalone Feeds service. Use when chartEnabled=false. | `""` | | `feeds.resources` | Resource requests and limits for Anchore Feeds pods | `{}` | - ### Anchore Notifications Parameters | Name | Description | Value | @@ -1163,7 +1159,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `notifications.affinity` | Affinity for Anchore Notifications pod assignment | `{}` | | `notifications.serviceAccountName` | Service account name for Anchore Notifications pods | `""` | - ### Anchore Policy Engine k8s Deployment Parameters | Name | Description | Value | @@ -1186,7 +1181,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `policyEngine.serviceAccountName` | Service account name for Anchore Policy Engine pods | `""` | | `policyEngine.scratchVolume.details` | Details for the k8s volume to be created for Anchore Policy Engine scratch space | `{}` | - ### Anchore Reports Parameters | Name | Description | Value | @@ -1209,7 +1203,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `reports.serviceAccountName` | Service account name for Anchore Reports pods | `""` | | `reports.scratchVolume.details` | Details for the k8s volume to be created for Anchore Reports scratch space | `{}` | - ### Anchore Reports Worker Parameters | Name | Description | Value | @@ -1231,7 +1224,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `reportsWorker.affinity` | Affinity for Anchore Reports Worker pod assignment | `{}` | | `reportsWorker.serviceAccountName` | Service account name for Anchore Reports Worker pods | `""` | - ### Anchore Simple Queue Parameters | Name | Description | Value | @@ -1253,12 +1245,11 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `simpleQueue.affinity` | Affinity for Anchore Simple Queue pod assignment | `{}` | | `simpleQueue.serviceAccountName` | Service account name for Anchore Simple Queue pods | `""` | - ### Anchore UI Parameters | Name | Description | Value | | ---------------------------- | ----------------------------------------------------------------------------- | ---------------------------------------- | -| `ui.image` | Image used for the Anchore UI container | `docker.io/anchore/enterprise-ui:v5.3.2` | +| `ui.image` | Image used for the Anchore UI container | `docker.io/anchore/enterprise-ui:v5.4.0` | | `ui.imagePullPolicy` | Image pull policy for Anchore UI image | `IfNotPresent` | | `ui.existingSecretName` | Name of an existing secret to be used for Anchore UI DB and Redis endpoints | `anchore-enterprise-ui-env` | | `ui.ldapsRootCaCertName` | Name of the custom CA certificate file store in `.Values.certStoreSecretName` | `""` | @@ -1279,7 +1270,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `ui.affinity` | Affinity for Anchore ui pod assignment | `{}` | | `ui.serviceAccountName` | Service account name for Anchore UI pods | `""` | - ### Anchore Upgrade Job Parameters | Name | Description | Value | @@ -1298,7 +1288,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `upgradeJob.labels` | Labels for the Anchore upgrade job | `{}` | | `upgradeJob.ttlSecondsAfterFinished` | The time period in seconds the upgrade job, and it's related pods should be retained for | `-1` | - ### Ingress Parameters | Name | Description | Value | @@ -1315,7 +1304,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `ingress.tls` | Configure tls for the ingress resource | `[]` | | `ingress.ingressClassName` | sets the ingress class name. As of k8s v1.18, this should be nginx | `nginx` | - ### Google CloudSQL DB Parameters | Name | Description | Value | @@ -1329,7 +1317,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `cloudsql.serviceAccJsonName` | | `""` | | `cloudsql.extraArgs` | a list of extra arguments to be passed into the cloudsql container command. eg | `[]` | - ### Anchore UI Redis Parameters | Name | Description | Value | @@ -1340,7 +1327,6 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `ui-redis.architecture` | Redis deployment architecture | `standalone` | | `ui-redis.master.persistence.enabled` | enables persistence | `false` | - ### Anchore Database Parameters | Name | Description | Value |