Skip to content

Commit

Permalink
Update anchore engine 090 (#98)
Browse files Browse the repository at this point in the history 
* bump chart version and use chart.lock file

* allow adding custom policy bundles to values file

* update to latest anchore-engine v0.9.0 image

Signed-off-by: Brady Todhunter <[email protected]>
  • Loading branch information
@Btodhunter
Btodhunter authored Jan 7, 2021
1 parent e60ac75 commit 68c6323
Show file tree
Hide file tree
Showing 11 changed files with 220 additions and 13 deletions.
2 changes: 1 addition & 1 deletion stable/anchore-engine/requirements.lock → stable/anchore-engine/Chart.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,4 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
version: 10.9.0
digest: sha256:f764fed6fb7081e73c57591d26e99b82b66e643809a2ba02c1e66bb42782f2b1
generated: "2020-11-04T15:19:28.960612-08:00"
generated: "2020-12-16T13:32:27.349956-08:00"
4 changes: 2 additions & 2 deletions stable/anchore-engine/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
name: anchore-engine
version: 1.10.8
appVersion: 0.8.2
version: 1.11.0
appVersion: 0.9.0
description: Anchore container analysis and policy evaluation engine service
keywords:
- analysis
Expand Down
6 changes: 3 additions & 3 deletions stable/anchore-engine/templates/analyzer_configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,6 @@ metadata:
{{- end }}
data:
analyzer_config.yaml: |
{{- with .Values.anchoreAnalyzer.configFile }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.anchoreAnalyzer.configFile }}
{{- toYaml . | nindent 4 }}
{{- end }}
13 changes: 9 additions & 4 deletions stable/anchore-engine/templates/analyzer_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,11 +127,13 @@ spec:
subPath: license.yaml
{{- end }}
- name: analyzer-config-volume
mountPath: /anchore_service/analyzer_config.yaml
mountPath: {{ .Values.anchoreGlobal.serviceDir }}/analyzer_config.yaml
subPath: analyzer_config.yaml
- name: config-volume
mountPath: /config/config.yaml
subPath: config.yaml
- name: policy-bundle-volume
mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
{{- if (.Values.anchoreGlobal.certStoreSecretName) }}
- name: certs
mountPath: /home/anchore/certs/
Expand Down Expand Up @@ -183,6 +185,12 @@ spec:
name: {{ template "anchore-engine.fullname" .}}
- name: {{ $component }}-scratch
{{ toYaml .Values.anchoreGlobal.scratchVolume.details | nindent 10 }}
- name: analyzer-config-volume
configMap:
name: {{ template "anchore-engine.analyzer.fullname" . }}
- name: policy-bundle-volume
configMap:
name: {{ template "anchore-engine.fullname" . }}-policy-bundles
{{- if .Values.anchoreGlobal.openShiftDeployment }}
- name: service-config-volume
emptyDir: {}
Expand All @@ -191,9 +199,6 @@ spec:
- name: run
emptyDir: {}
{{- end }}
- name: analyzer-config-volume
configMap:
name: {{ template "anchore-engine.analyzer.fullname" . }}
{{- with .Values.anchoreGlobal.certStoreSecretName }}
- name: certs
secret:
Expand Down
13 changes: 13 additions & 0 deletions stable/anchore-engine/templates/api_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,8 @@ spec:
- name: config-volume
mountPath: /config/config.yaml
subPath: config.yaml
- name: policy-bundle-volume
mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
{{- if .Values.anchoreGlobal.openShiftDeployment }}
- name: service-config-volume
mountPath: /anchore_service_config
Expand Down Expand Up @@ -193,6 +195,8 @@ spec:
- name: enterprise-config-volume
mountPath: /config/config.yaml
subPath: config.yaml
- name: policy-bundle-volume
mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
{{- if (.Values.anchoreGlobal.certStoreSecretName) }}
- name: certs
mountPath: /home/anchore/certs/
Expand Down Expand Up @@ -263,6 +267,8 @@ spec:
- name: enterprise-config-volume
mountPath: /config/config.yaml
subPath: config.yaml
- name: policy-bundle-volume
mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
{{- if (.Values.anchoreGlobal.certStoreSecretName) }}
- name: certs
mountPath: /home/anchore/certs/
Expand Down Expand Up @@ -333,6 +339,8 @@ spec:
- name: anchore-license
mountPath: /home/anchore/license.yaml
subPath: license.yaml
- name: policy-bundle-volume
mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
{{- if (.Values.anchoreGlobal.certStoreSecretName) }}
- name: certs
mountPath: /home/anchore/certs/
Expand Down Expand Up @@ -405,6 +413,8 @@ spec:
- name: anchore-license
mountPath: /home/anchore/license.yaml
subPath: license.yaml
- name: policy-bundle-volume
mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
{{- if (.Values.anchoreGlobal.certStoreSecretName) }}
- name: certs
mountPath: /home/anchore/certs/
Expand Down Expand Up @@ -448,6 +458,9 @@ spec:
- name: config-volume
configMap:
name: {{ template "anchore-engine.fullname" . }}
- name: policy-bundle-volume
configMap:
name: {{ template "anchore-engine.fullname" . }}-policy-bundles
{{- if .Values.anchoreGlobal.openShiftDeployment }}
- name: service-config-volume
emptyDir: {}
Expand Down
5 changes: 5 additions & 0 deletions stable/anchore-engine/templates/catalog_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,8 @@ spec:
- name: config-volume
mountPath: /config/config.yaml
subPath: config.yaml
- name: policy-bundle-volume
mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
{{- if .Values.anchoreGlobal.openShiftDeployment }}
- name: service-config-volume
mountPath: /anchore_service_config
Expand Down Expand Up @@ -162,6 +164,9 @@ spec:
- name: config-volume
configMap:
name: {{ template "anchore-engine.fullname" . }}
- name: policy-bundle-volume
configMap:
name: {{ template "anchore-engine.fullname" . }}-policy-bundles
{{- if .Values.anchoreGlobal.openShiftDeployment }}
- name: service-config-volume
emptyDir: {}
Expand Down
2 changes: 1 addition & 1 deletion stable/anchore-engine/templates/engine_configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ data:
tmp_dir: {{ .Values.anchoreGlobal.scratchVolume.mountPath }}
log_level: {{ .Values.anchoreGlobal.logLevel }}
image_analyze_timeout_seconds: {{ .Values.anchoreGlobal.imageAnalyzeTimeoutSeconds }}
cleanup_images: {{ .Values.anchoreGlobal.cleanupImages }}
allow_awsecr_iam_auto: {{ .Values.anchoreGlobal.allowECRUseIAMRole }}
host_id: "${ANCHORE_POD_NAME}"
internal_ssl_verify: {{ .Values.anchoreGlobal.internalServicesSsl.verifyCerts }}
Expand Down Expand Up @@ -205,6 +204,7 @@ data:
analyzer_queue: {{ .Values.anchoreCatalog.cycleTimers.analyzer_queue }}
# Interval at which the catalog archival tasks are triggered.
archive_tasks: {{ .Values.anchoreCatalog.cycleTimers.archive_tasks }}
image_gc: {{ .Values.anchoreCatalog.cycleTimers.image_gc }}
# Interval notifications will be processed for state changes
{{- if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseNotifications.enabled }}
notifications: 0
Expand Down
152 changes: 152 additions & 0 deletions stable/anchore-engine/templates/policy_bundle_configmap.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ template "anchore-engine.fullname" . }}-policy-bundles
labels:
app: {{ template "anchore-engine.fullname" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.anchoreGlobal.labels }}
{{ toYaml . | nindent 4 }}
{{- end }}
data:
anchore_default_bundle.json: |
{
"id": "2c53a13c-1765-11e8-82ef-23527761d060",
"version": "1_0",
"name": "Default bundle",
"comment": "Default bundle",
"whitelisted_images": [],
"blacklisted_images": [],
"mappings": [
{
"name": "default",
"repository": "*",
"image": {
"type": "tag",
"value": "*"
},
"whitelist_ids": [
"37fd763e-1765-11e8-add4-3b16c029ac5c"
],
"registry": "*",
"id": "c4f9bf74-dc38-4ddf-b5cf-00e9c0074611",
"policy_id": "48e6f7d6-1765-11e8-b5f9-8b6f228548b6"
}
],
"whitelists": [
{
"comment": "Default global whitelist",
"items": [],
"version": "1_0",
"id": "37fd763e-1765-11e8-add4-3b16c029ac5c",
"name": "Global Whitelist"
}
],
"policies": [
{
"comment": "System default policy",
"rules": [
{
"action": "STOP",
"gate": "dockerfile",
"trigger": "exposed_ports",
"params": [
{
"name": "ports",
"value": "22"
},
{
"name": "type",
"value": "blacklist"
}
],
"id": "ce7b8000-829b-4c27-8122-69cd59018400"
},
{
"action": "WARN",
"gate": "dockerfile",
"trigger": "instruction",
"params": [
{
"name": "instruction",
"value": "HEALTHCHECK"
},
{
"name": "check",
"value": "not_exists"
}
],
"id": "312d9e41-1c05-4e2f-ad89-b7d34b0855bb"
},
{
"action": "WARN",
"gate": "vulnerabilities",
"trigger": "stale_feed_data",
"params": [
{
"name": "max_days_since_sync",
"value": "2"
}
],
"id": "6b5c14e7-a6f7-48cc-99d2-959273a2c6fa"
},
{
"action": "WARN",
"gate": "vulnerabilities",
"trigger": "vulnerability_data_unavailable",
"params": [],
"id": "3e79ea94-18c4-4d26-9e29-3b9172a62c2e"
},
{
"action": "WARN",
"gate": "vulnerabilities",
"trigger": "package",
"params": [
{
"name": "package_type",
"value": "all"
},
{
"name": "severity_comparison",
"value": "="
},
{
"name": "severity",
"value": "medium"
}
],
"id": "6063fdde-b1c5-46af-973a-915739451ac4"
},
{
"action": "STOP",
"gate": "vulnerabilities",
"trigger": "package",
"params": [
{
"name": "package_type",
"value": "all"
},
{
"name": "severity_comparison",
"value": ">"
},
{
"name": "severity",
"value": "medium"
}
],
"id": "b30e8abc-444f-45b1-8a37-55be1b8c8bb5"
}
],
"version": "1_0",
"id": "48e6f7d6-1765-11e8-b5f9-8b6f228548b6",
"name": "DefaultPolicy"
}
]
}
{{- with .Values.anchoreGlobal.policyBundles }}
{{- toYaml . | nindent 2 }}
{{- end }}
5 changes: 5 additions & 0 deletions stable/anchore-engine/templates/policy_engine_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,8 @@ spec:
- name: config-volume
mountPath: /config/config.yaml
subPath: config.yaml
- name: policy-bundle-volume
mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
- name: {{ $component }}-scratch
mountPath: {{ .Values.anchoreGlobal.scratchVolume.mountPath }}
{{- if .Values.anchoreGlobal.openShiftDeployment }}
Expand Down Expand Up @@ -178,6 +180,9 @@ spec:
- name: config-volume
configMap:
name: {{ template "anchore-engine.fullname" . }}
- name: policy-bundle-volume
configMap:
name: {{ template "anchore-engine.fullname" . }}-policy-bundles
- name: {{ $component }}-scratch
{{ toYaml .Values.anchoreGlobal.scratchVolume.details | nindent 10 }}
{{- if .Values.anchoreGlobal.openShiftDeployment }}
Expand Down
5 changes: 5 additions & 0 deletions stable/anchore-engine/templates/simplequeue_deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,8 @@ spec:
- name: config-volume
mountPath: /config/config.yaml
subPath: config.yaml
- name: policy-bundle-volume
mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
{{- if .Values.anchoreGlobal.openShiftDeployment }}
- name: service-config-volume
mountPath: /anchore_service_config
Expand Down Expand Up @@ -162,6 +164,9 @@ spec:
- name: config-volume
configMap:
name: {{ template "anchore-engine.fullname" .}}
- name: policy-bundle-volume
configMap:
name: {{ template "anchore-engine.fullname" . }}-policy-bundles
{{- if .Values.anchoreGlobal.openShiftDeployment }}
- name: service-config-volume
emptyDir: {}
Expand Down
Loading

0 comments on commit 68c6323

Please sign in to comment.