diff --git a/.github/workflows/chart-readme-table-generator.yaml b/.github/workflows/chart-readme-table-generator.yaml deleted file mode 100644 index a7bdd087..00000000 --- a/.github/workflows/chart-readme-table-generator.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright VMware, Inc. -# SPDX-License-Identifier: APACHE-2.0 - -name: 'CHART README TABLE GENERATOR' - -on: - pull_request_target: - branches: - - main - paths: - # specify this for now until we get the readme table for all charts - - 'stable/enterprise/values.yaml' - - 'stable/feeds/values.yaml' -# Remove all permissions by default -permissions: {} -jobs: - update-readme-metadata: - env: - REPO: "${{ github.repository }}" - REPO_NAME: "${{ github.event.repository.name }}" - TARGET_BRANCH: "${{ github.event.pull_request.base.ref }}" - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 # v2.5.1 - with: - egress-policy: audit - - - name: Install readme-generator-for-helm - run: npm install -g @bitnami/readme-generator-for-helm - - - name: Checkout charts - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - with: - path: ${{ github.repository }} - ref: ${{github.event.pull_request.head.ref}} - repository: ${{github.event.pull_request.head.repo.full_name}} - token: ${{ secrets.CI_WRITE_GITHUB_TOKEN }} - - - run: cd "${REPO}" && git fetch origin ${TARGET_BRANCH} - - - name: Execute readme-generator-for-helm - run: | - cd "${REPO}" - files_changed="$(git diff --name-only origin/${TARGET_BRANCH} | sort | uniq)" - # Adding || true to avoid "Process exited with code 1" errors - charts_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "stable/[^/]*" | sort | uniq || true)" - - for chart in ${charts_dirs_changed}; do - if [[ "$chart" == "stable/enterprise" || "$chart" == "stable/feeds" ]]; then - echo "Updating README.md for ${chart}" - readme-generator --values "${chart}/values.yaml" --readme "${chart}/README.md" --schema "/tmp/schema.json" - else - echo "'chart' is not equal to 'stable/enterprise' or 'stable/feeds'. Moving on." - fi - done - - name: Push changes - run: | - # Push all the changes - cd "${REPO}" - if git status -s | grep stable; then - git config user.name "Anchore BitnamiReadmeGenerator" - git config user.email "anchoreops-ci@anchore.com" - git add stable && git commit -m "Update README.md with readme-generator-for-helm" --signoff && git push - fi diff --git a/.github/workflows/helm-unittests.yaml b/.github/workflows/helm-unittests.yaml index cd93e8ec..b3c5fa01 100644 --- a/.github/workflows/helm-unittests.yaml +++ b/.github/workflows/helm-unittests.yaml @@ -13,6 +13,8 @@ on: permissions: {} jobs: helm-unittests: + permissions: + contents: read # for helm-unittest to read the chart env: REPO: "${{ github.repository }}" REPO_NAME: "${{ github.event.repository.name }}" @@ -30,7 +32,7 @@ jobs: path: ${{ github.repository }} ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - token: ${{ secrets.CI_WRITE_GITHUB_TOKEN }} + token: ${{ secrets.GITHUB_TOKEN }} - name: Set up Helm uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index c2350bd6..f8736b42 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -41,4 +41,3 @@ jobs: id: lint run: ct lint --config 'ct-config.yaml' if: steps.list-changed.outputs.CHANGED == 'true' - diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d8562a43..2118a205 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,4 +1,18 @@ repos: +# - repo: local +# hooks: +# - id: helm-unittest +# name: helm-unittest +# entry: scripts/hooks/helm-unittest.sh +# language: script +# files: ^stable/(enterprise|feeds)/templates/.*$ +- repo: local + hooks: + - id: readme-generator + name: readme-generator + entry: scripts/hooks/readme-generator.sh + language: script + files: ^stable/(enterprise|feeds|ecs-inventory)/values\.yaml$ - repo: https://github.com/gitleaks/gitleaks rev: v8.16.3 hooks: diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst index 1aa66080..e3b516f1 100644 --- a/CONTRIBUTING.rst +++ b/CONTRIBUTING.rst @@ -10,15 +10,15 @@ way to contribute to the Anchore project. The process is to certify the below DCO 1.1 text :: - + Developer's Certificate of Origin 1.1 - + By making a contribution to this project, I certify that: - + (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or - + (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that @@ -26,11 +26,11 @@ The process is to certify the below DCO 1.1 text by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or - + (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. - + (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is diff --git a/README.md b/README.md index 8821742b..c7a0e5f8 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ This repository contains Helm charts for deploying [Anchore](https://www.anchore - [Helm](https://helm.sh/) (>=3.8) - Helm is a package manager for Kubernetes that makes it easy to install and manage applications on your cluster. - [Kubernetes](https://kubernetes.io/) (>=1.23) - Kubernetes is an open-source container orchestration platform that is required to use Helm charts. +- [pre-commit](https://pre-commit.com/) - pre-commit is a tool that is used to ensure that all commits to the repository are properly formatted. It is not required to use the charts in this repository, but it is recommended to install it to ensure that your commits are properly formatted. ## Installation diff --git a/build.sh b/build.sh index 398a6d46..31a082f2 100755 --- a/build.sh +++ b/build.sh @@ -32,4 +32,3 @@ if [ "${do_push}" == "true" ]; then else echo "Skipping push" fi - diff --git a/ct-config.yaml b/ct-config.yaml index bbd1fc0c..75ba48da 100644 --- a/ct-config.yaml +++ b/ct-config.yaml @@ -7,4 +7,4 @@ chart-repos: - bitnami=https://charts.bitnami.com/bitnami namespace: anchore release-label: anchore -helm-extra-args: --timeout 600s \ No newline at end of file +helm-extra-args: --timeout 600s diff --git a/scripts/Dockerfile b/scripts/enterprise-value-converter/Dockerfile similarity index 90% rename from scripts/Dockerfile rename to scripts/enterprise-value-converter/Dockerfile index 02266e32..c0a0d708 100644 --- a/scripts/Dockerfile +++ b/scripts/enterprise-value-converter/Dockerfile @@ -10,4 +10,4 @@ RUN pip install argparse pyyaml ENTRYPOINT ["python3", "convert.py"] -CMD ["-e", "values.yaml"] \ No newline at end of file +CMD ["-e", "values.yaml"] diff --git a/scripts/README.md b/scripts/enterprise-value-converter/README.md similarity index 92% rename from scripts/README.md rename to scripts/enterprise-value-converter/README.md index 8fd1eaba..13667f51 100644 --- a/scripts/README.md +++ b/scripts/enterprise-value-converter/README.md @@ -9,7 +9,7 @@ This script converts the values file of Anchore Engine to the values file format ## Usage 1. **The Docker Image**: - To build the docker image yourself, from the `scripts` directory, build the Docker image using the following command: + To build the docker image yourself, from the `scripts/enterprise-value-converter` directory, build the Docker image using the following command: ```bash docker build -t script-container . diff --git a/scripts/convert.py b/scripts/enterprise-value-converter/convert.py similarity index 99% rename from scripts/convert.py rename to scripts/enterprise-value-converter/convert.py index f9f4a5a3..5613719a 100644 --- a/scripts/convert.py +++ b/scripts/enterprise-value-converter/convert.py @@ -22,4 +22,4 @@ args = parser.parse_args() engine_file = args.engine_file results_dir = args.results_dir - convert_values_file(file=engine_file, results_dir=results_dir) \ No newline at end of file + convert_values_file(file=engine_file, results_dir=results_dir) diff --git a/scripts/helpers.py b/scripts/enterprise-value-converter/helpers.py similarity index 99% rename from scripts/helpers.py rename to scripts/enterprise-value-converter/helpers.py index 31de35cb..252c090a 100644 --- a/scripts/helpers.py +++ b/scripts/enterprise-value-converter/helpers.py @@ -292,4 +292,4 @@ def merge_dicts(dict1, dict2): else: merged_dict[key] = value - return merged_dict \ No newline at end of file + return merged_dict diff --git a/scripts/mappings.py b/scripts/enterprise-value-converter/mappings.py similarity index 100% rename from scripts/mappings.py rename to scripts/enterprise-value-converter/mappings.py diff --git a/scripts/tests/configs/test_convert_values_file.yaml b/scripts/enterprise-value-converter/tests/configs/test_convert_values_file.yaml similarity index 100% rename from scripts/tests/configs/test_convert_values_file.yaml rename to scripts/enterprise-value-converter/tests/configs/test_convert_values_file.yaml diff --git a/scripts/tests/configs/test_convert_values_file_result.yaml b/scripts/enterprise-value-converter/tests/configs/test_convert_values_file_result.yaml similarity index 94% rename from scripts/tests/configs/test_convert_values_file_result.yaml rename to scripts/enterprise-value-converter/tests/configs/test_convert_values_file_result.yaml index 3729a2bd..80be9ff8 100644 --- a/scripts/tests/configs/test_convert_values_file_result.yaml +++ b/scripts/enterprise-value-converter/tests/configs/test_convert_values_file_result.yaml @@ -14,4 +14,4 @@ "hashed_passwords": False "extraEnv": - "name": "ANCHORE_MAX_REQUEST_THREADS" - "value": "9876543210" \ No newline at end of file + "value": "9876543210" diff --git a/scripts/tests/test_anchoreAnalyzer_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreAnalyzer_value_mapping.py similarity index 99% rename from scripts/tests/test_anchoreAnalyzer_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchoreAnalyzer_value_mapping.py index fef76645..0afacc04 100644 --- a/scripts/tests/test_anchoreAnalyzer_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreAnalyzer_value_mapping.py @@ -347,4 +347,4 @@ def test_enableOwnedPackageFiltering_value(self): } result = replace_keys_with_mappings(dot_string_dict, self.results_dir) self.assertEqual(result[0], {'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}}) - self.assertEqual(result[1], expected_result) \ No newline at end of file + self.assertEqual(result[1], expected_result) diff --git a/scripts/tests/test_anchoreApi_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreApi_value_mapping.py similarity index 99% rename from scripts/tests/test_anchoreApi_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchoreApi_value_mapping.py index 3d7f687f..8edde953 100644 --- a/scripts/tests/test_anchoreApi_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreApi_value_mapping.py @@ -245,4 +245,4 @@ def test_anchoreApi_external_value(self): result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) \ No newline at end of file + self.assertEqual(result[0], expected_result) diff --git a/scripts/tests/test_anchoreCatalog_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreCatalog_value_mapping.py similarity index 99% rename from scripts/tests/test_anchoreCatalog_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchoreCatalog_value_mapping.py index 3bc1b482..f045ca88 100644 --- a/scripts/tests/test_anchoreCatalog_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreCatalog_value_mapping.py @@ -404,4 +404,4 @@ def test_anchoreCatalog_downAnalyzerTaskRequeue_value(self): } } result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) \ No newline at end of file + self.assertEqual(result[0], expected_result) diff --git a/scripts/tests/test_anchoreEngineUpgradeJob_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEngineUpgradeJob_value_mapping.py similarity index 100% rename from scripts/tests/test_anchoreEngineUpgradeJob_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchoreEngineUpgradeJob_value_mapping.py diff --git a/scripts/tests/test_anchoreEnterpriseEngineUpgradeJob_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseEngineUpgradeJob_value_mapping.py similarity index 100% rename from scripts/tests/test_anchoreEnterpriseEngineUpgradeJob_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchoreEnterpriseEngineUpgradeJob_value_mapping.py diff --git a/scripts/tests/test_anchoreEnterpriseFeedsUpgradeJob_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeedsUpgradeJob_value_mapping.py similarity index 100% rename from scripts/tests/test_anchoreEnterpriseFeedsUpgradeJob_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeedsUpgradeJob_value_mapping.py diff --git a/scripts/tests/test_anchoreEnterpriseFeeds_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeeds_value_mapping.py similarity index 99% rename from scripts/tests/test_anchoreEnterpriseFeeds_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeeds_value_mapping.py index 8c5f205c..16e946ee 100644 --- a/scripts/tests/test_anchoreEnterpriseFeeds_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseFeeds_value_mapping.py @@ -777,4 +777,4 @@ def test_anchoreFeedsGemDB_extraEnv_values(self): } } result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) \ No newline at end of file + self.assertEqual(result[0], expected_result) diff --git a/scripts/tests/test_anchoreEnterpriseNotifications_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseNotifications_value_mapping.py similarity index 99% rename from scripts/tests/test_anchoreEnterpriseNotifications_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchoreEnterpriseNotifications_value_mapping.py index f1264207..e0201cba 100644 --- a/scripts/tests/test_anchoreEnterpriseNotifications_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseNotifications_value_mapping.py @@ -255,7 +255,7 @@ def test_anchoreEnterpriseNotifications_cycleTimers_value(self): } result = replace_keys_with_mappings(dot_string_dict, self.results_dir) self.assertEqual(result[0], expected_result) - + def test_anchoreEnterpriseNotifications_uiUrl_value(self): dot_string_dict = { "anchoreEnterpriseNotifications.uiUrl": "http://myurl.myurl" @@ -269,4 +269,4 @@ def test_anchoreEnterpriseNotifications_uiUrl_value(self): } } result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) \ No newline at end of file + self.assertEqual(result[0], expected_result) diff --git a/scripts/tests/test_anchoreEnterpriseRbac_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseRbac_value_mapping.py similarity index 99% rename from scripts/tests/test_anchoreEnterpriseRbac_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchoreEnterpriseRbac_value_mapping.py index 6c810284..dbfb95b0 100644 --- a/scripts/tests/test_anchoreEnterpriseRbac_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseRbac_value_mapping.py @@ -299,4 +299,4 @@ def test_anchoreEnterpriseRbac_managerResources_value(self): } } result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) \ No newline at end of file + self.assertEqual(result[0], expected_result) diff --git a/scripts/tests/test_anchoreEnterpriseReports_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseReports_value_mapping.py similarity index 99% rename from scripts/tests/test_anchoreEnterpriseReports_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchoreEnterpriseReports_value_mapping.py index d1fe1922..35bfd427 100644 --- a/scripts/tests/test_anchoreEnterpriseReports_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseReports_value_mapping.py @@ -339,4 +339,4 @@ def test_anchoreEnterpriseReports_cycleTimers_value(self): } } result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) \ No newline at end of file + self.assertEqual(result[0], expected_result) diff --git a/scripts/tests/test_anchoreEnterpriseUi_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseUi_value_mapping.py similarity index 99% rename from scripts/tests/test_anchoreEnterpriseUi_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchoreEnterpriseUi_value_mapping.py index 814eb997..8b50d9bd 100644 --- a/scripts/tests/test_anchoreEnterpriseUi_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreEnterpriseUi_value_mapping.py @@ -559,4 +559,4 @@ def test_uiRedis_externalEndpoint_value(self): } } result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) \ No newline at end of file + self.assertEqual(result[0], expected_result) diff --git a/scripts/tests/test_anchoreGlobal_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreGlobal_value_mapping.py similarity index 99% rename from scripts/tests/test_anchoreGlobal_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchoreGlobal_value_mapping.py index 7dc02732..d2bc7d4f 100644 --- a/scripts/tests/test_anchoreGlobal_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreGlobal_value_mapping.py @@ -189,7 +189,7 @@ def test_anchoreGlobal_serviceAccountName_value(self): result = replace_keys_with_mappings(dot_string_dict, self.results_dir) self.assertEqual(result[0], expected_result) self.assertEqual(result[1], {}) - + def test_anchoreGlobal_labels_value(self): dot_string_dict = { "anchoreGlobal.labels.mylabel": "myvalue", @@ -785,4 +785,4 @@ def test_anchoreGlobal_maxCompressedImageSizeMB_value(self): if __name__ == '__main__': - unittest.main() \ No newline at end of file + unittest.main() diff --git a/scripts/tests/test_anchorePolicyEngine_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchorePolicyEngine_value_mapping.py similarity index 99% rename from scripts/tests/test_anchorePolicyEngine_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchorePolicyEngine_value_mapping.py index 67f1a18c..89e1a75b 100644 --- a/scripts/tests/test_anchorePolicyEngine_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchorePolicyEngine_value_mapping.py @@ -298,4 +298,4 @@ def test_anchorePolicyEngine_enablePackageDbLoad_value(self): } } result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[1], expected_result) \ No newline at end of file + self.assertEqual(result[1], expected_result) diff --git a/scripts/tests/test_anchoreSimpleQueue_value_mapping.py b/scripts/enterprise-value-converter/tests/test_anchoreSimpleQueue_value_mapping.py similarity index 99% rename from scripts/tests/test_anchoreSimpleQueue_value_mapping.py rename to scripts/enterprise-value-converter/tests/test_anchoreSimpleQueue_value_mapping.py index 5fb35a48..7edb3b2d 100644 --- a/scripts/tests/test_anchoreSimpleQueue_value_mapping.py +++ b/scripts/enterprise-value-converter/tests/test_anchoreSimpleQueue_value_mapping.py @@ -233,4 +233,4 @@ def test_anchoreSimpleQueue_service_value(self): } } result = replace_keys_with_mappings(dot_string_dict, self.results_dir) - self.assertEqual(result[0], expected_result) \ No newline at end of file + self.assertEqual(result[0], expected_result) diff --git a/scripts/tests/test_helpers.py b/scripts/enterprise-value-converter/tests/test_helpers.py similarity index 99% rename from scripts/tests/test_helpers.py rename to scripts/enterprise-value-converter/tests/test_helpers.py index f312a372..b488c57c 100644 --- a/scripts/tests/test_helpers.py +++ b/scripts/enterprise-value-converter/tests/test_helpers.py @@ -316,4 +316,4 @@ def test_replace_keys_with_mappings_env_var(self): self.assertEqual(result[0], anchore_config_expected_results) if __name__ == '__main__': - unittest.main() \ No newline at end of file + unittest.main() diff --git a/scripts/hooks/helm-unittest.sh b/scripts/hooks/helm-unittest.sh new file mode 100755 index 00000000..b01e4a45 --- /dev/null +++ b/scripts/hooks/helm-unittest.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash + +readonly DEBUG=${DEBUG:-unset} +if [ "${DEBUG}" != unset ]; then + set -x +fi + +if [[ ! $(which helm) ]]; then + echo "helm not found. Please install helm and try again" + exit 1 +fi + +if ! helm plugin list | grep -q unittest; then + echo "helm-unittest plugin not found. Press 'y' to install with helm or any other key to skip" + read -r install_helm_unittest + if [[ "$install_helm_unittest" != "y" ]]; then + exit 1 + fi + helm plugin install https://github.com/helm-unittest/helm-unittest.git +fi + +files_changed="$(git diff --name-only origin/main | sort | uniq)" +# Adding || true to avoid "Process exited with code 1" errors +charts_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "stable/[^/]*" | sort | uniq || true)" + +charts_to_test=("stable/enterprise" "stable/feeds") + +for chart in ${charts_dirs_changed}; do + for charts_to_test in "${charts_to_test[@]}"; do + if [[ "$chart" == "$charts_to_test" ]]; then + echo "Running unit tests for ${chart}" + pushd "${chart}" || exit + helm repo add anchore https://charts.anchore.io/stable + helm dep up + helm unittest . + popd || exit + fi + done +done diff --git a/scripts/hooks/readme-generator.sh b/scripts/hooks/readme-generator.sh new file mode 100755 index 00000000..ce2f11b2 --- /dev/null +++ b/scripts/hooks/readme-generator.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + +readonly DEBUG=${DEBUG:-unset} +if [ "${DEBUG}" != unset ]; then + set -x +fi + +if [[ ! $(which readme-generator) ]]; then + echo "readme-generator not found. Press 'y' to install with npm or any other key to skip" + read -r install_readme_generator + if [[ "$install_readme_generator" != "y" ]]; then + exit 1 + fi + if [[ ! $(which npm) ]]; then + echo "npm not found. Please install npm and try again" + exit 1 + fi + npm install -g @bitnami/readme-generator-for-helm +fi + +files_changed="$(git diff --name-only origin/main | sort | uniq)" +# Adding || true to avoid "Process exited with code 1" errors +charts_dirs_changed="$(echo "$files_changed" | xargs dirname | grep -o "stable/[^/]*" | sort | uniq || true)" + +chart_with_metadata=("stable/enterprise" "stable/feeds" "stable/ecs-inventory") + +for chart in ${charts_dirs_changed}; do + for chart_with_metadata in "${chart_with_metadata[@]}"; do + if [[ "$chart" == "$chart_with_metadata" ]]; then + echo "Updating README.md for ${chart}" + readme-generator --values "${chart}/values.yaml" --readme "${chart}/README.md" + fi + done +done diff --git a/stable/anchore-admission-controller/Chart.yaml b/stable/anchore-admission-controller/Chart.yaml index e7adf65b..ddf85753 100644 --- a/stable/anchore-admission-controller/Chart.yaml +++ b/stable/anchore-admission-controller/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: anchore-admission-controller -version: 0.4.6 +version: 0.4.7 appVersion: 0.4.0 description: A kubernetes admission controller for validating and mutating webhooks that operates against Anchore Engine to make access decisions and annotations home: https://github.com/anchore/kubernetes-admission-controller diff --git a/stable/anchore-admission-controller/README.md b/stable/anchore-admission-controller/README.md index 7c5579a9..9cd5d86e 100644 --- a/stable/anchore-admission-controller/README.md +++ b/stable/anchore-admission-controller/README.md @@ -16,7 +16,7 @@ to deploy one with: helm install --name anchore stable/anchore-engine ``` -Setup of policies and users is covered in the anchore documentation, for this readme we'll use admin user credentials, but it +Setup of policies and users is covered in the anchore documentation, for this readme we'll use admin user credentials, but it is *strongly* suggested that you use a non-admin user for the controller credential. 1. Create a secret for the anchore credentials that the controller will use to make api calls to Anchore. This must be done out-of-band of the chart creation and should be in the @@ -27,7 +27,7 @@ same namespace you will deploy the chart to. The file must be a json file with t "users": [ { "username": "user1", "password": "password"}, { "uesrname": "user2", "password": "password2"}, - ... + ... ] } ``` @@ -71,7 +71,7 @@ It will remove kubernetes objects which are not removed by a helm delete. Pass t | Key | Expected Type | Default Value | Description | |---|---|---|---| -|replicaCount | int | 1 | replicas, should generally only need one +|replicaCount | int | 1 | replicas, should generally only need one |---|---|---|---| |logVerbosity | int | 6 | log verbosity of controller, 1 = error, 2 warn, 3 debug.... |---|---|---|---| diff --git a/stable/anchore-engine/.gitignore b/stable/anchore-engine/.gitignore index 56bef8cb..d838da98 100644 --- a/stable/anchore-engine/.gitignore +++ b/stable/anchore-engine/.gitignore @@ -1 +1 @@ -examples/ \ No newline at end of file +examples/ diff --git a/stable/anchore-engine/.helmignore b/stable/anchore-engine/.helmignore index 84f81b9a..0f9b0a02 100644 --- a/stable/anchore-engine/.helmignore +++ b/stable/anchore-engine/.helmignore @@ -2,4 +2,3 @@ # OWNERS file for Kubernetes OWNERS - diff --git a/stable/anchore-engine/Chart.yaml b/stable/anchore-engine/Chart.yaml index e766bb04..200c25e4 100644 --- a/stable/anchore-engine/Chart.yaml +++ b/stable/anchore-engine/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: anchore-engine -version: 1.27.3 +version: 1.27.4 appVersion: 1.1.0 description: Anchore container analysis and policy evaluation engine service keywords: diff --git a/stable/anchore-engine/README.md b/stable/anchore-engine/README.md index d3d9082d..6b0952b0 100644 --- a/stable/anchore-engine/README.md +++ b/stable/anchore-engine/README.md @@ -247,7 +247,7 @@ The upgrade will only be considered successful when this job completes successfu - /path/to/file2 ``` -* Updated the configuration for Anchore Enterprise database connections. This will ensure that special characters are handled properly in database passwords. Also allows configuring the db hostname and port separately. +* Updated the configuration for Anchore Enterprise database connections. This will ensure that special characters are handled properly in database passwords. Also allows configuring the db hostname and port separately. * If your postgresql connection is using a non-standard port, you will need to update your values file to include the hostname and port. For example: @@ -680,7 +680,7 @@ anchoreCatalog: ```yaml anchoreCatalog: archive: - storage_driver: + storage_driver: name: swift config: auth_version: '2' @@ -731,7 +731,7 @@ know about each pod, and the ports it provides to scrape the metrics. ## Using custom certificates -A secret needs to be created in the same namespace as the anchore-engine chart installation. This secret should contain all custom certs, including CA certs & any certs used for internal TLS communication. +A secret needs to be created in the same namespace as the anchore-engine chart installation. This secret should contain all custom certs, including CA certs & any certs used for internal TLS communication. This secret will be mounted to all Anchore pods at /home/anchore/certs to be utilized by the system. ## Event Notifications diff --git a/stable/anchore-engine/templates/NOTES.txt b/stable/anchore-engine/templates/NOTES.txt index 8438e118..b324f121 100644 --- a/stable/anchore-engine/templates/NOTES.txt +++ b/stable/anchore-engine/templates/NOTES.txt @@ -8,7 +8,7 @@ Anchore can be accessed via port {{ .Values.anchoreApi.service.port }} on the fo During this time the system status will report 'partially_down' and any images added for analysis will stay in the 'not_analyzed' state. Once the sync is complete, any queued images will be analyzed and the system status will change to 'all_up'. -Initial setup time can be >120sec for postgresql setup and readiness checks to pass for the services as indicated by pod state. +Initial setup time can be >120sec for postgresql setup and readiness checks to pass for the services as indicated by pod state. You can check with: kubectl get pods -l app={{ template "anchore-engine.fullname" .}},component=api @@ -48,4 +48,4 @@ To verify that your Postgresql version is compatible with Anchore Enterprise v5. kubectl logs -l component=anchore-enterprise-upgrade | grep WARN kubectl logs -l component=anchore-enterprise-feeds-upgrade | grep WARN -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/anchore-engine/templates/analyzer_configmap.yaml b/stable/anchore-engine/templates/analyzer_configmap.yaml index df8a3575..f75ba47c 100644 --- a/stable/anchore-engine/templates/analyzer_configmap.yaml +++ b/stable/anchore-engine/templates/analyzer_configmap.yaml @@ -16,4 +16,4 @@ data: analyzer_config.yaml: | {{- with .Values.anchoreAnalyzer.configFile }} {{- toYaml . | nindent 4 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/anchore-engine/templates/api_deployment.yaml b/stable/anchore-engine/templates/api_deployment.yaml index 9019b2b8..fa2d8e3e 100644 --- a/stable/anchore-engine/templates/api_deployment.yaml +++ b/stable/anchore-engine/templates/api_deployment.yaml @@ -216,7 +216,7 @@ spec: {{ toYaml . | nindent 10 }} {{- end }} command: ["/bin/sh", "-c"] - args: + args: - {{ print (include "doSourceFile" .) }} /docker-entrypoint.sh anchore-enterprise-manager service start --no-auto-upgrade rbac_authorizer envFrom: {{- if not .Values.inject_secrets_via_env }} @@ -301,7 +301,7 @@ spec: {{ toYaml . | nindent 10 }} {{- end }} command: ["/bin/sh", "-c"] - args: + args: - {{ print (include "doSourceFile" .) }} /docker-entrypoint.sh anchore-enterprise-manager service start --no-auto-upgrade reports ports: - containerPort: {{ .Values.anchoreEnterpriseReports.service.apiPort }} diff --git a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml index abe5e3ab..9c9c9b8d 100644 --- a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml +++ b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml @@ -132,7 +132,7 @@ data: enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.amazonDriverEnabled | quote) }} alpine: enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.alpineDriverEnabled | quote) }} - centos: + centos: enabled: false debian: enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.debianDriverEnabled | quote) }} diff --git a/stable/anchore-engine/templates/enterprise_upgrade_job.yaml b/stable/anchore-engine/templates/enterprise_upgrade_job.yaml index b80ed0cb..b1c48dc1 100644 --- a/stable/anchore-engine/templates/enterprise_upgrade_job.yaml +++ b/stable/anchore-engine/templates/enterprise_upgrade_job.yaml @@ -165,4 +165,4 @@ spec: {{- with .Values.anchoreGlobal.serviceAccountName }} serviceAccountName: {{ . }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/anchore-engine/templates/hooks/pre-upgrade/0-db-upgrade.yaml b/stable/anchore-engine/templates/hooks/pre-upgrade/0-db-upgrade.yaml index 41785829..ddfac108 100644 --- a/stable/anchore-engine/templates/hooks/pre-upgrade/0-db-upgrade.yaml +++ b/stable/anchore-engine/templates/hooks/pre-upgrade/0-db-upgrade.yaml @@ -281,4 +281,4 @@ spec: - | sql_proxy_pid=$(pgrep cloud_sql_proxy) && kill -INT $sql_proxy_pid; {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/anchore-engine/templates/hooks/pre-upgrade/anchore_upgrade_role.yaml b/stable/anchore-engine/templates/hooks/pre-upgrade/anchore_upgrade_role.yaml index 12a61043..2277dea0 100644 --- a/stable/anchore-engine/templates/hooks/pre-upgrade/anchore_upgrade_role.yaml +++ b/stable/anchore-engine/templates/hooks/pre-upgrade/anchore_upgrade_role.yaml @@ -51,7 +51,7 @@ rules: - watch - update - patch - - apiGroups: + - apiGroups: - apps resources: - deployments/scale @@ -66,4 +66,4 @@ rules: - list - get -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/anchore-engine/templates/hooks/pre-upgrade/anchore_upgrade_rolebinding.yaml b/stable/anchore-engine/templates/hooks/pre-upgrade/anchore_upgrade_rolebinding.yaml index dc3e2848..b75898b0 100644 --- a/stable/anchore-engine/templates/hooks/pre-upgrade/anchore_upgrade_rolebinding.yaml +++ b/stable/anchore-engine/templates/hooks/pre-upgrade/anchore_upgrade_rolebinding.yaml @@ -45,4 +45,4 @@ subjects: - kind: ServiceAccount name: {{ template "anchore-engine.fullname" . }}-upgrade-sa namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/anchore-engine/templates/hooks/pre-upgrade/anchore_upgrade_service_account.yaml b/stable/anchore-engine/templates/hooks/pre-upgrade/anchore_upgrade_service_account.yaml index f30e037a..07716066 100644 --- a/stable/anchore-engine/templates/hooks/pre-upgrade/anchore_upgrade_service_account.yaml +++ b/stable/anchore-engine/templates/hooks/pre-upgrade/anchore_upgrade_service_account.yaml @@ -37,4 +37,4 @@ metadata: {{- with .Values.anchoreEnterpriseFeedsUpgradeJob.annotations }} {{ toYaml . | nindent 4 }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/anchore-engine/templates/policy_bundle_configmap.yaml b/stable/anchore-engine/templates/policy_bundle_configmap.yaml index 10b06c68..a05a0cb0 100644 --- a/stable/anchore-engine/templates/policy_bundle_configmap.yaml +++ b/stable/anchore-engine/templates/policy_bundle_configmap.yaml @@ -15,4 +15,4 @@ data: {{- with .Values.anchoreGlobal.policyBundles }} {{- toYaml . | nindent 2 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/ecs-inventory/Chart.yaml b/stable/ecs-inventory/Chart.yaml index 87596fe2..4e9a5234 100644 --- a/stable/ecs-inventory/Chart.yaml +++ b/stable/ecs-inventory/Chart.yaml @@ -20,7 +20,7 @@ maintainers: email: hung.nguyen@anchore.com type: application -version: 0.0.3 +version: 0.0.4 appVersion: "1.0.0" icon: https://anchore.com/wp-content/uploads/2016/08/anchore.png diff --git a/stable/ecs-inventory/README.md b/stable/ecs-inventory/README.md index 9e77a2eb..9bbe2402 100644 --- a/stable/ecs-inventory/README.md +++ b/stable/ecs-inventory/README.md @@ -55,36 +55,37 @@ See the [ecs-inventory repo](https://github.com/anchore/ecs-inventory) for more ### Common Resource Parameters -| Name | Description | Value | -| ------------------------------------- | ----------------------------------------------------------------------- | ---------------------------------------- | -| `replicaCount` | Number of replicas for the Ecs Inventory deployment | `1` | -| `image` | Image used for all Anchore Enterprise deployments, excluding Anchore UI | `docker.io/anchore/ecs-inventory:v1.0.0` | -| `imagePullPolicy` | Image pull policy used by all deployments | `Always` | -| `imagePullSecretName` | Name of Docker credentials secret for access to private repos | `""` | -| `serviceAccountName` | Name of a service account used to run all Anchore Ecs Inventory pods | `""` | -| `useExistingSecret` | set to true to use an existing/precreated secret | `false` | -| `existingSecretName` | the name of the precreated secret | `""` | -| `injectSecretsViaEnv` | Enable secret injection into pod environment variables | `false` | -| `extraEnv` | extra environment variables. These will be set on all containers. | `[]` | -| `annotations` | Common annotations set on all Kubernetes resources | `{}` | -| `deploymentAnnotations` | annotations to set on the ecs-inventory deployment | `{}` | -| `securityContext.runAsUser` | The securityContext runAsUser for all Anchore ECS Inventory pods | `1000` | -| `securityContext.runAsGroup` | The securityContext runAsGroup for all Anchore ECS Inventory pods | `1000` | -| `securityContext.fsGroup` | The securityContext fsGroup for all Anchore ECS Inventory pods | `1000` | -| `resources` | Resource requests and limits for Anchore ECS Inventory pods | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `labels` | Adds additionnal labels to all kubernetes resources | `{}` | -| `probes.liveness.initialDelaySeconds` | Initial delay seconds for liveness probe | `1` | -| `probes.liveness.timeoutSeconds` | Timeout seconds for liveness probe | `10` | -| `probes.liveness.periodSeconds` | Period seconds for liveness probe | `5` | -| `probes.liveness.failureThreshold` | Failure threshold for liveness probe | `6` | -| `probes.liveness.successThreshold` | Success threshold for liveness probe | `1` | -| `probes.readiness.timeoutSeconds` | Timeout seconds for the readiness probe | `10` | -| `probes.readiness.periodSeconds` | Period seconds for the readiness probe | `15` | -| `probes.readiness.failureThreshold` | Failure threshold for the readiness probe | `3` | -| `probes.readiness.successThreshold` | Success threshold for the readiness probe | `1` | +| Name | Description | Value | +| ------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------- | +| `replicaCount` | Number of replicas for the Ecs Inventory deployment | `1` | +| `image` | Image used for all Ecs Inventory deployment deployments | `docker.io/anchore/ecs-inventory:v1.1.0` | +| `imagePullPolicy` | Image pull policy used by all deployments | `IfNotPresent` | +| `imagePullSecretName` | Name of Docker credentials secret for access to private repos | `""` | +| `serviceAccountName` | Name of a service account used to run all Anchore Ecs Inventory pods | `""` | +| `useExistingSecret` | set to true to use an existing/precreated secret | `false` | +| `existingSecretName` | the name of the precreated secret | `""` | +| `injectSecretsViaEnv` | Enable secret injection into pod environment variables | `false` | +| `extraEnv` | extra environment variables. These will be set on all containers. | `[]` | +| `annotations` | Common annotations set on all Kubernetes resources | `{}` | +| `deploymentAnnotations` | annotations to set on the ecs-inventory deployment | `{}` | +| `securityContext.runAsUser` | The securityContext runAsUser for all Anchore ECS Inventory pods | `1000` | +| `securityContext.runAsGroup` | The securityContext runAsGroup for all Anchore ECS Inventory pods | `1000` | +| `securityContext.fsGroup` | The securityContext fsGroup for all Anchore ECS Inventory pods | `1000` | +| `resources` | Resource requests and limits for Anchore ECS Inventory pods | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `labels` | Adds additionnal labels to all kubernetes resources | `{}` | +| `probes.liveness.initialDelaySeconds` | Initial delay seconds for liveness probe | `1` | +| `probes.liveness.timeoutSeconds` | Timeout seconds for liveness probe | `10` | +| `probes.liveness.periodSeconds` | Period seconds for liveness probe | `5` | +| `probes.liveness.failureThreshold` | Failure threshold for liveness probe | `6` | +| `probes.liveness.successThreshold` | Success threshold for liveness probe | `1` | +| `probes.readiness.timeoutSeconds` | Timeout seconds for the readiness probe | `10` | +| `probes.readiness.periodSeconds` | Period seconds for the readiness probe | `15` | +| `probes.readiness.failureThreshold` | Failure threshold for the readiness probe | `3` | +| `probes.readiness.successThreshold` | Success threshold for the readiness probe | `1` | + ### ecsInventory Parameters ## diff --git a/stable/ecs-inventory/templates/NOTES.txt b/stable/ecs-inventory/templates/NOTES.txt index d9ae3157..5ef3999d 100644 --- a/stable/ecs-inventory/templates/NOTES.txt +++ b/stable/ecs-inventory/templates/NOTES.txt @@ -3,4 +3,4 @@ Anchore ECS Inventory must be able to resolve the Anchore URL and requires API c For more info see: https://github.com/anchore/ecs-inventory -ECS Inventory is now installed. \ No newline at end of file +ECS Inventory is now installed. diff --git a/stable/ecs-inventory/templates/_helpers.tpl b/stable/ecs-inventory/templates/_helpers.tpl index 5b0219fa..0313182b 100644 --- a/stable/ecs-inventory/templates/_helpers.tpl +++ b/stable/ecs-inventory/templates/_helpers.tpl @@ -23,4 +23,4 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} app: {{ include "ecsInventory.fullname" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/ecs-inventory/templates/_names.tpl b/stable/ecs-inventory/templates/_names.tpl index 9348254f..f975897e 100644 --- a/stable/ecs-inventory/templates/_names.tpl +++ b/stable/ecs-inventory/templates/_names.tpl @@ -35,4 +35,4 @@ Create the name of the service account to use */}} {{- define "ecsInventory.serviceAccountName" -}} {{- default "default" .Values.serviceAccountName }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/enterprise/.helmignore b/stable/enterprise/.helmignore index 4f68e0e2..f188d49f 100644 --- a/stable/enterprise/.helmignore +++ b/stable/enterprise/.helmignore @@ -1,2 +1,2 @@ .git -tests/ \ No newline at end of file +tests/ diff --git a/stable/enterprise/Chart.lock b/stable/enterprise/Chart.lock index d0f73c8d..87484348 100644 --- a/stable/enterprise/Chart.lock +++ b/stable/enterprise/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 17.11.8 - name: feeds repository: https://charts.anchore.io/stable - version: 0.0.2 -digest: sha256:23485379ed6b385e257be94156cb0e5ed255e6fad733b8534ec605679549cbf2 -generated: "2023-09-06T14:04:35.141202-07:00" + version: 0.0.3 +digest: sha256:35fd0bff9327cb7033bff96e8dcff85ba6b65ba5a8675270b45a40035718db57 +generated: "2023-09-15T16:31:47.040512-07:00" diff --git a/stable/enterprise/Chart.yaml b/stable/enterprise/Chart.yaml index 1ca5b02d..746d3a38 100644 --- a/stable/enterprise/Chart.yaml +++ b/stable/enterprise/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: enterprise -version: "0.0.5" +version: "0.0.6" appVersion: "4.9.1" kubeVersion: 1.23.x - 1.27.x || 1.23.x-x - 1.27.x-x description: | @@ -39,7 +39,7 @@ dependencies: condition: ui-redis.chartEnabled alias: ui-redis - name: feeds - version: "0.0.2" + version: "0.0.3" repository: "@anchore" condition: feeds.chartEnabled import-values: diff --git a/stable/enterprise/README.md b/stable/enterprise/README.md index c462c18f..04aedc42 100644 --- a/stable/enterprise/README.md +++ b/stable/enterprise/README.md @@ -757,6 +757,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `doSourceAtEntry.filePaths` | List of file paths to `source` before starting Anchore services | `[]` | | `configOverride` | Allows for overriding the default Anchore configuration file | `""` | + ### Anchore Configuration Parameters | Name | Description | Value | @@ -850,6 +851,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `anchoreConfig.ui.dbUser` | allows overriding and separation of the ui database user. | `""` | | `anchoreConfig.ui.dbPassword` | allows overriding and separation of the ui database user authentication | `""` | + ### Anchore API k8s Deployment Parameters | Name | Description | Value | @@ -871,6 +873,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `api.affinity` | Affinity for Anchore API pod assignment | `{}` | | `api.serviceAccountName` | Service account name for Anchore API pods | `""` | + ### Anchore Analyzer k8s Deployment Parameters | Name | Description | Value | @@ -886,6 +889,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `analyzer.affinity` | Affinity for Anchore Analyzer pod assignment | `{}` | | `analyzer.serviceAccountName` | Service account name for Anchore API pods | `""` | + ### Anchore Catalog k8s Deployment Parameters | Name | Description | Value | @@ -905,6 +909,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `catalog.affinity` | Affinity for Anchore Catalog pod assignment | `{}` | | `catalog.serviceAccountName` | Service account name for Anchore Catalog pods | `""` | + ### Anchore Feeds Chart Parameters | Name | Description | Value | @@ -913,6 +918,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `feeds.standalone` | Sets the Anchore Feeds chart to run into non-standalone mode, for use with Anchore Enterprise. | `false` | | `feeds.url` | Set the URL for a standalone Feeds service. Use when chartEnabled=false. | `""` | + ### Anchore Policy Engine k8s Deployment Parameters | Name | Description | Value | @@ -932,6 +938,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `policyEngine.affinity` | Affinity for Anchore Policy Engine pod assignment | `{}` | | `policyEngine.serviceAccountName` | Service account name for Anchore Policy Engine pods | `""` | + ### Anchore Simple Queue Parameters | Name | Description | Value | @@ -951,6 +958,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `simpleQueue.affinity` | Affinity for Anchore Simple Queue pod assignment | `{}` | | `simpleQueue.serviceAccountName` | Service account name for Anchore Simple Queue pods | `""` | + ### Anchore Notifications Parameters | Name | Description | Value | @@ -971,6 +979,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `notifications.affinity` | Affinity for Anchore Notifications pod assignment | `{}` | | `notifications.serviceAccountName` | Service account name for Anchore Notifications pods | `""` | + ### Anchore Reports Parameters | Name | Description | Value | @@ -991,6 +1000,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `reports.affinity` | Affinity for Anchore Reports pod assignment | `{}` | | `reports.serviceAccountName` | Service account name for Anchore Reports pods | `""` | + ### Anchore RBAC Authentication Parameters | Name | Description | Value | @@ -998,6 +1008,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `rbacAuth.extraEnv` | Set extra environment variables for Anchore RBAC Authentication containers | `[]` | | `rbacAuth.resources` | Resource requests and limits for Anchore RBAC Authentication containers | `{}` | + ### Anchore RBAC Manager Parameters | Name | Description | Value | @@ -1018,6 +1029,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `rbacManager.affinity` | Affinity for Anchore RBAC Manager pod assignment | `{}` | | `rbacManager.serviceAccountName` | Service account name for Anchore RBAC Manager pods | `""` | + ### Anchore UI Parameters | Name | Description | Value | @@ -1041,6 +1053,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `ui.affinity` | Affinity for Anchore ui pod assignment | `{}` | | `ui.serviceAccountName` | Service account name for Anchore UI pods | `""` | + ### Anchore Upgrade Job Parameters | Name | Description | Value | @@ -1057,6 +1070,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `upgradeJob.resources` | Resource requests and limits for the Anchore upgrade job | `{}` | | `upgradeJob.labels` | Labels for the Anchore upgrade job | `{}` | + ### Ingress Parameters | Name | Description | Value | @@ -1075,6 +1089,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `ingress.tls` | Configure tls for the ingress resource | `[]` | | `ingress.ingressClassName` | sets the ingress class name. As of k8s v1.18, this should be nginx | `nginx` | + ### Google CloudSQL DB Parameters | Name | Description | Value | @@ -1088,6 +1103,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `cloudsql.serviceAccJsonName` | | `""` | | `cloudsql.extraArgs` | a list of extra arguments to be passed into the cloudsql container command. eg | `[]` | + ### Anchore UI Redis Parameters | Name | Description | Value | @@ -1098,6 +1114,7 @@ A [migration script](https://github.com/anchore/anchore-charts/tree/main/scripts | `ui-redis.architecture` | Redis deployment architecture | `standalone` | | `ui-redis.master.persistence.enabled` | enables persistence | `false` | + ### Anchore Database Parameters | Name | Description | Value | diff --git a/stable/enterprise/templates/NOTES.txt b/stable/enterprise/templates/NOTES.txt index 35363189..1cfa8a97 100644 --- a/stable/enterprise/templates/NOTES.txt +++ b/stable/enterprise/templates/NOTES.txt @@ -16,7 +16,7 @@ Get the default admin password using the following command: During this time the system status will report 'partially_down' and any images added for analysis will stay in the 'not_analyzed' state. Once the sync is complete, any queued images will be analyzed and the system status will change to 'all_up'. -Initial setup time can be >120sec for postgresql setup and readiness checks to pass for the services as indicated by pod state. +Initial setup time can be >120sec for postgresql setup and readiness checks to pass for the services as indicated by pod state. You can check with: - kubectl get pods -l app.kubernetes.io/name={{- template "enterprise.fullname" . -}},app.kubernetes.io/component=api \ No newline at end of file + kubectl get pods -l app.kubernetes.io/name={{- template "enterprise.fullname" . -}},app.kubernetes.io/component=api diff --git a/stable/enterprise/templates/_helpers.tpl b/stable/enterprise/templates/_helpers.tpl index bbe85fcc..fe0caa04 100644 --- a/stable/enterprise/templates/_helpers.tpl +++ b/stable/enterprise/templates/_helpers.tpl @@ -129,4 +129,4 @@ Set the nodePort for services if its defined {{- if (index .Values (print $component)).service.nodePort -}} nodePort: {{ (index .Values (print $component)).service.nodePort }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/enterprise/templates/anchore_configmap.yaml b/stable/enterprise/templates/anchore_configmap.yaml index c77c38e3..f8683e25 100644 --- a/stable/enterprise/templates/anchore_configmap.yaml +++ b/stable/enterprise/templates/anchore_configmap.yaml @@ -14,4 +14,4 @@ data: {{ tpl .Values.configOverride . | indent 4 }} {{- else }} {{ tpl (.Files.Get "files/default_config.yaml") . | indent 4 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/enterprise/templates/envvars_configmap.yaml b/stable/enterprise/templates/envvars_configmap.yaml index 13a23b42..4b33b193 100644 --- a/stable/enterprise/templates/envvars_configmap.yaml +++ b/stable/enterprise/templates/envvars_configmap.yaml @@ -96,4 +96,4 @@ data: ANCHORE_SSL_KEY: "null" {{- end }} ANCHORE_SSO_REQUIRES_EXISTING_USERS: "{{ .Values.anchoreConfig.user_authentication.sso_require_existing_users }}" - ANCHORE_TMP_DIR: "{{ .Values.scratchVolume.mountPath }}" \ No newline at end of file + ANCHORE_TMP_DIR: "{{ .Values.scratchVolume.mountPath }}" diff --git a/stable/enterprise/templates/hooks/pre-upgrade/upgrade_job.yaml b/stable/enterprise/templates/hooks/pre-upgrade/upgrade_job.yaml index 8c2915fe..67e2494d 100644 --- a/stable/enterprise/templates/hooks/pre-upgrade/upgrade_job.yaml +++ b/stable/enterprise/templates/hooks/pre-upgrade/upgrade_job.yaml @@ -67,4 +67,4 @@ spec: - | {{ print (include "enterprise.doSourceFile" .) }} anchore-enterprise-manager db --db-use-ssl --db-connect postgresql://"${ANCHORE_DB_USER}":"${ANCHORE_DB_PASSWORD}"@"${ANCHORE_DB_HOST}":"${ANCHORE_DB_PORT}"/"${ANCHORE_DB_NAME}"?sslmode={{- .Values.anchoreConfig.database.sslMode -}}\&sslrootcert=/home/anchore/certs/{{- .Values.anchoreConfig.database.sslRootCertFileName }} upgrade --dontask; {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/enterprise/templates/hooks/pre-upgrade/upgrade_rbac.yaml b/stable/enterprise/templates/hooks/pre-upgrade/upgrade_rbac.yaml index 5b48f70c..515f4f9e 100644 --- a/stable/enterprise/templates/hooks/pre-upgrade/upgrade_rbac.yaml +++ b/stable/enterprise/templates/hooks/pre-upgrade/upgrade_rbac.yaml @@ -59,7 +59,7 @@ rules: - watch - update - patch - - apiGroups: + - apiGroups: - apps resources: - deployments/scale @@ -73,4 +73,4 @@ rules: - watch - list - get -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/enterprise/templates/ui_configmap.yaml b/stable/enterprise/templates/ui_configmap.yaml index be6b9818..77e9f5d5 100644 --- a/stable/enterprise/templates/ui_configmap.yaml +++ b/stable/enterprise/templates/ui_configmap.yaml @@ -45,4 +45,4 @@ data: appdb_config: {{ toYaml .Values.anchoreConfig.ui.appdb_config | nindent 6}} log_level: {{ .Values.anchoreConfig.ui.log_level | squote }} enrich_inventory_view: {{ .Values.anchoreConfig.ui.enrich_inventory_view }} - enable_prometheus_metrics: {{ .Values.anchoreConfig.metrics.enabled }} \ No newline at end of file + enable_prometheus_metrics: {{ .Values.anchoreConfig.metrics.enabled }} diff --git a/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap b/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap index 13cd5514..9fa7837e 100644 --- a/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap +++ b/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap @@ -32,10 +32,10 @@ should render the configmaps: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: test-release-enterprise app.kubernetes.io/part-of: anchore - app.kubernetes.io/version: 4.9.1 + app.kubernetes.io/version: 9.9.9 bar: baz foo: bar - helm.sh/chart: enterprise-0.0.5 + helm.sh/chart: enterprise-9.9.9 name: test-release-enterprise-analyzer namespace: test-namespace 2: | @@ -333,10 +333,10 @@ should render the configmaps: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: test-release-enterprise app.kubernetes.io/part-of: anchore - app.kubernetes.io/version: 4.9.1 + app.kubernetes.io/version: 9.9.9 bar: baz foo: bar - helm.sh/chart: enterprise-0.0.5 + helm.sh/chart: enterprise-9.9.9 name: test-release-enterprise namespace: test-namespace 3: | @@ -418,10 +418,10 @@ should render the configmaps: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: test-release-enterprise app.kubernetes.io/part-of: anchore - app.kubernetes.io/version: 4.9.1 + app.kubernetes.io/version: 9.9.9 bar: baz foo: bar - helm.sh/chart: enterprise-0.0.5 + helm.sh/chart: enterprise-9.9.9 name: test-release-enterprise-config-env-vars namespace: test-namespace 4: | @@ -462,16 +462,16 @@ should render the configmaps: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: test-release-enterprise app.kubernetes.io/part-of: anchore - app.kubernetes.io/version: 4.9.1 + app.kubernetes.io/version: 9.9.9 bar: baz foo: bar - helm.sh/chart: enterprise-0.0.5 + helm.sh/chart: enterprise-9.9.9 name: test-release-enterprise-policy-bundles namespace: test-namespace 5: | apiVersion: v1 data: - config-ui.yaml: "# Anchore UI configuration\nengine_uri: 'http://test-release-enterprise-api:8228/v2'\nreports_uri: 'http://test-release-enterprise-api:8558/v2'\nnotifications_uri: 'http://test-release-enterprise-notifications:8668/v2'\nrbac_uri: 'http://test-release-enterprise-rbac-manager:8229/v2'\nenterprise_uri: 'http://test-release-enterprise-api:8228/v2'\n# redis_uri: overridden in deployment using the `ANCHORE_REDIS_URI` environment variable\n# appdb_uri: overridden in deployment using the `ANCHORE_APPDB_URI` environment variable\nlicense_path: '/home/anchore/'\nenable_ssl: false\nenable_proxy: false\nallow_shared_login: true\nredis_flushdb: true\nforce_websocket: false\nauthentication_lock:\n count: 5\n expires: 300\nappdb_config: \n native: true\n pool:\n acquire: 30000\n idle: 10000\n max: 10\n min: 0\nlog_level: 'http'\nenrich_inventory_view: true\nenable_prometheus_metrics: false" + config-ui.yaml: "# Anchore UI configuration\nengine_uri: 'http://test-release-enterprise-api:8228/v2'\nreports_uri: 'http://test-release-enterprise-api:8558/v2'\nnotifications_uri: 'http://test-release-enterprise-notifications:8668/v2'\nrbac_uri: 'http://test-release-enterprise-rbac-manager:8229/v2'\nenterprise_uri: 'http://test-release-enterprise-api:8228/v2'\n# redis_uri: overridden in deployment using the `ANCHORE_REDIS_URI` environment variable\n# appdb_uri: overridden in deployment using the `ANCHORE_APPDB_URI` environment variable\nlicense_path: '/home/anchore/'\nenable_ssl: false\nenable_proxy: false\nallow_shared_login: true\nredis_flushdb: true\nforce_websocket: false\nauthentication_lock:\n count: 5\n expires: 300\nappdb_config: \n native: true\n pool:\n acquire: 30000\n idle: 10000\n max: 10\n min: 0\nlog_level: 'http'\nenrich_inventory_view: true\nenable_prometheus_metrics: false\n" kind: ConfigMap metadata: annotations: @@ -483,9 +483,9 @@ should render the configmaps: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: test-release-enterprise app.kubernetes.io/part-of: anchore - app.kubernetes.io/version: 4.9.1 + app.kubernetes.io/version: 9.9.9 bar: baz foo: bar - helm.sh/chart: enterprise-0.0.5 + helm.sh/chart: enterprise-9.9.9 name: test-release-enterprise-ui namespace: test-namespace diff --git a/stable/enterprise/tests/api_resources_test.yaml b/stable/enterprise/tests/api_resources_test.yaml index 2cf64059..bd693d86 100644 --- a/stable/enterprise/tests/api_resources_test.yaml +++ b/stable/enterprise/tests/api_resources_test.yaml @@ -199,7 +199,7 @@ tests: path: spec.template.spec.containers[1].env content: name: ANCHORE_CLI_PASS - valueFrom: + valueFrom: secretKeyRef: name: test-release-enterprise key: ANCHORE_ADMIN_PASSWORD @@ -239,7 +239,7 @@ tests: path: spec.template.spec.containers[1].env content: name: ANCHORE_CLI_PASS - valueFrom: + valueFrom: secretKeyRef: name: existing-secret key: ANCHORE_ADMIN_PASSWORD @@ -448,4 +448,4 @@ tests: content: app.kubernetes.io/name: test-release-enterprise app.kubernetes.io/component: api - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/enterprise/tests/catalog_resources_test.yaml b/stable/enterprise/tests/catalog_resources_test.yaml index 89332b7b..89da24d4 100644 --- a/stable/enterprise/tests/catalog_resources_test.yaml +++ b/stable/enterprise/tests/catalog_resources_test.yaml @@ -362,4 +362,4 @@ tests: content: app.kubernetes.io/name: test-release-enterprise app.kubernetes.io/component: catalog - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/enterprise/tests/common_helpers_test.yaml b/stable/enterprise/tests/common_helpers_test.yaml index 1f884553..bb21d842 100644 --- a/stable/enterprise/tests/common_helpers_test.yaml +++ b/stable/enterprise/tests/common_helpers_test.yaml @@ -1,5 +1,5 @@ suite: Common Helper Template Tests -templates: +templates: - analyzer_deployment.yaml - api_deployment.yaml - catalog_deployment.yaml @@ -435,7 +435,7 @@ tests: path: spec.template.spec.containers[0].securityContext - it: should render the rbacAuthContainer - templates: + templates: - api_deployment.yaml - notifications_deployment.yaml - rbacmanager_deployment.yaml @@ -1071,4 +1071,4 @@ tests: path: spec.ports[0] content: nodePort: 9999 - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/enterprise/tests/configmap_test.yaml b/stable/enterprise/tests/configmap_test.yaml index 38e979e1..d40e0d71 100644 --- a/stable/enterprise/tests/configmap_test.yaml +++ b/stable/enterprise/tests/configmap_test.yaml @@ -6,6 +6,9 @@ values: release: name: test-release namespace: test-namespace +chart: + version: 9.9.9 + appVersion: 9.9.9 tests: - it: should render the configmaps asserts: @@ -28,4 +31,4 @@ tests: service_dir: /foobar tmp_dir: /test - log_level: DEBUG \ No newline at end of file + log_level: DEBUG diff --git a/stable/enterprise/tests/notifications_resources_test.yaml b/stable/enterprise/tests/notifications_resources_test.yaml index 8b0fa16a..ec56ed44 100644 --- a/stable/enterprise/tests/notifications_resources_test.yaml +++ b/stable/enterprise/tests/notifications_resources_test.yaml @@ -293,4 +293,4 @@ tests: content: app.kubernetes.io/name: test-release-enterprise app.kubernetes.io/component: notifications - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/enterprise/tests/policyengine_resources_test.yaml b/stable/enterprise/tests/policyengine_resources_test.yaml index 69c81a2a..3d1175ce 100644 --- a/stable/enterprise/tests/policyengine_resources_test.yaml +++ b/stable/enterprise/tests/policyengine_resources_test.yaml @@ -331,4 +331,4 @@ tests: content: app.kubernetes.io/name: test-release-enterprise app.kubernetes.io/component: policyengine - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/enterprise/tests/posthook_upgrade_resources_test.yaml b/stable/enterprise/tests/posthook_upgrade_resources_test.yaml index 133ce4d9..8486088e 100644 --- a/stable/enterprise/tests/posthook_upgrade_resources_test.yaml +++ b/stable/enterprise/tests/posthook_upgrade_resources_test.yaml @@ -227,4 +227,4 @@ tests: content: cpu: 200m memory: 256Mi - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/enterprise/tests/prehook_upgrade_resources_test.yaml b/stable/enterprise/tests/prehook_upgrade_resources_test.yaml index 6a794761..76a68385 100644 --- a/stable/enterprise/tests/prehook_upgrade_resources_test.yaml +++ b/stable/enterprise/tests/prehook_upgrade_resources_test.yaml @@ -303,4 +303,4 @@ tests: content: cpu: 200m memory: 256Mi - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/enterprise/tests/rbacmanager_resources_test.yaml b/stable/enterprise/tests/rbacmanager_resources_test.yaml index 1a2ac964..01a1c81d 100644 --- a/stable/enterprise/tests/rbacmanager_resources_test.yaml +++ b/stable/enterprise/tests/rbacmanager_resources_test.yaml @@ -290,4 +290,4 @@ tests: content: app.kubernetes.io/name: test-release-enterprise app.kubernetes.io/component: rbacmanager - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/enterprise/tests/reports_resources_test.yaml b/stable/enterprise/tests/reports_resources_test.yaml index 3db9a360..e602cd96 100644 --- a/stable/enterprise/tests/reports_resources_test.yaml +++ b/stable/enterprise/tests/reports_resources_test.yaml @@ -290,4 +290,4 @@ tests: content: app.kubernetes.io/name: test-release-enterprise app.kubernetes.io/component: reports - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/enterprise/tests/simplequeue_resources_test.yaml b/stable/enterprise/tests/simplequeue_resources_test.yaml index 4fa713ec..5d66c2e0 100644 --- a/stable/enterprise/tests/simplequeue_resources_test.yaml +++ b/stable/enterprise/tests/simplequeue_resources_test.yaml @@ -265,4 +265,4 @@ tests: content: app.kubernetes.io/name: test-release-enterprise app.kubernetes.io/component: simplequeue - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/enterprise/tests/ui_resources_test.yaml b/stable/enterprise/tests/ui_resources_test.yaml index 308873e7..ac56cc61 100644 --- a/stable/enterprise/tests/ui_resources_test.yaml +++ b/stable/enterprise/tests/ui_resources_test.yaml @@ -301,4 +301,4 @@ tests: content: app.kubernetes.io/name: test-release-enterprise app.kubernetes.io/component: ui - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/enterprise/tests/values.yaml b/stable/enterprise/tests/values.yaml index 5313c36b..9b015f99 100644 --- a/stable/enterprise/tests/values.yaml +++ b/stable/enterprise/tests/values.yaml @@ -37,4 +37,4 @@ anchoreConfig: "mappings": [], "whitelists": [], "policies": [] - } \ No newline at end of file + } diff --git a/stable/feeds/Chart.yaml b/stable/feeds/Chart.yaml index 136e86ca..45ab73cc 100644 --- a/stable/feeds/Chart.yaml +++ b/stable/feeds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: feeds type: application -version: "0.0.4" +version: "0.0.5" appVersion: "4.9.1" kubeVersion: 1.23.x - 1.27.x || 1.23.x-x - 1.27.x-x description: Anchore feeds service diff --git a/stable/feeds/README.md b/stable/feeds/README.md index 5ee239cb..2b3ccdbf 100644 --- a/stable/feeds/README.md +++ b/stable/feeds/README.md @@ -268,6 +268,7 @@ feeds-db: | `existingSecretName` | Name of the existing secret to be used for Anchore Feeds Service | `anchore-enterprise-feeds-env` | | `configOverride` | Allows for overriding the default Anchore configuration file | `{}` | + ### Anchore Feeds Configuration Parameters | Name | Description | Value | @@ -307,6 +308,7 @@ feeds-db: | `anchoreConfig.feeds.drivers.github.enabled` | Enable GitHub advisory feeds (requires GitHub PAT) | `false` | | `anchoreConfig.feeds.drivers.github.token` | GitHub developer personal access token with zero permission scopes | `""` | + ### Anchore Feeds Database Parameters | Name | Description | Value | @@ -321,6 +323,7 @@ feeds-db: | `feeds-db.primary.extraEnvVars` | An array to add extra environment variables | `[]` | | `feeds-db.image.tag` | Specifies the image to use for this chart. | `13.11.0-debian-11-r15` | + ### Feeds Gem Database Parameters | Name | Description | Value | @@ -335,6 +338,7 @@ feeds-db: | `gem-db.primary.extraEnvVars` | An array to add extra environment variables | `[]` | | `gem-db.image.tag` | Specifies the image to use for this chart. | `13.11.0-debian-11-r15` | + ### Anchore Feeds Upgrade Job Parameters | Name | Description | Value | @@ -351,6 +355,7 @@ feeds-db: | `feedsUpgradeJob.labels` | Labels for the Anchore Feeds upgrade job | `{}` | | `feedsUpgradeJob.resources` | Resources for the Anchore Feeds upgrade job | `{}` | + ### Ingress Parameters | Name | Description | Value | @@ -363,6 +368,7 @@ feeds-db: | `ingress.tls` | Configure tls for the ingress resource | `[]` | | `ingress.ingressClassName` | sets the ingress class name. As of k8s v1.18, this should be nginx | `nginx` | + ### Google CloudSQL DB Parameters | Name | Description | Value | @@ -376,6 +382,7 @@ feeds-db: | `cloudsql.serviceAccJsonName` | | `""` | | `cloudsql.extraArgs` | a list of extra arguments to be passed into the cloudsql container command. eg | `[]` | + ## Release Notes A major chart version change (v0.1.2 -> v1.0.0) indicates that there is an **incompatible breaking change needing manual actions.** diff --git a/stable/feeds/files/default_config.yaml b/stable/feeds/files/default_config.yaml index ed3d1b8f..f23d98fb 100644 --- a/stable/feeds/files/default_config.yaml +++ b/stable/feeds/files/default_config.yaml @@ -124,4 +124,4 @@ services: enabled: ${ANCHORE_FEEDS_DRIVER_CHAINGUARD_ENABLED} ssl_enable: ${ANCHORE_SSL_ENABLED} ssl_cert: ${ANCHORE_SSL_CERT} - ssl_key: ${ANCHORE_SSL_KEY} \ No newline at end of file + ssl_key: ${ANCHORE_SSL_KEY} diff --git a/stable/feeds/templates/NOTES.txt b/stable/feeds/templates/NOTES.txt index ef6fda7e..48b65441 100644 --- a/stable/feeds/templates/NOTES.txt +++ b/stable/feeds/templates/NOTES.txt @@ -4,7 +4,7 @@ The Feeds API can be accessed via port {{ .Values.service.port }} on the followi {{ include "feeds.fullname" . -}}.{{- .Release.Namespace -}}.svc.cluster.local -Initial setup time can be >120sec for postgresql setup and readiness checks to pass for the services as indicated by pod state. +Initial setup time can be >120sec for postgresql setup and readiness checks to pass for the services as indicated by pod state. You can check with: - kubectl get pods -l app.kubernetes.io/name={{- template "feeds.fullname" . -}},app.kubernetes.io/component=feeds \ No newline at end of file + kubectl get pods -l app.kubernetes.io/name={{- template "feeds.fullname" . -}},app.kubernetes.io/component=feeds diff --git a/stable/feeds/templates/_common.tpl b/stable/feeds/templates/_common.tpl index b8b473a5..f4f2bf3f 100644 --- a/stable/feeds/templates/_common.tpl +++ b/stable/feeds/templates/_common.tpl @@ -78,4 +78,4 @@ Return anchore default selector match labels {{- define "feeds.common.matchLabels" -}} app.kubernetes.io/name: {{ template "feeds.fullname" . }} app.kubernetes.io/component: feeds -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/feeds/templates/_helpers.tpl b/stable/feeds/templates/_helpers.tpl index 1b35b3a0..1481d3e2 100644 --- a/stable/feeds/templates/_helpers.tpl +++ b/stable/feeds/templates/_helpers.tpl @@ -32,4 +32,4 @@ Return the proper protocol when internal SSL is enabled {{- else }} {{- print "http" }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/feeds/templates/anchore_vars_configmap.yaml b/stable/feeds/templates/anchore_vars_configmap.yaml index 02ddc0cb..d7ee24ae 100644 --- a/stable/feeds/templates/anchore_vars_configmap.yaml +++ b/stable/feeds/templates/anchore_vars_configmap.yaml @@ -87,4 +87,4 @@ data: ANCHORE_SSL_KEY: "null" {{- end }} ANCHORE_SSO_REQUIRES_EXISTING_USERS: "{{ .Values.anchoreConfig.user_authentication.sso_require_existing_users }}" - ANCHORE_TMP_DIR: "{{ .Values.scratchVolume.mountPath }}" \ No newline at end of file + ANCHORE_TMP_DIR: "{{ .Values.scratchVolume.mountPath }}" diff --git a/stable/feeds/templates/deployment.yaml b/stable/feeds/templates/deployment.yaml index 9176f83d..69ccdf22 100644 --- a/stable/feeds/templates/deployment.yaml +++ b/stable/feeds/templates/deployment.yaml @@ -179,4 +179,4 @@ spec: protocol: TCP {{- with .Values.service.nodePort }} nodePort: {{ . }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/stable/feeds/templates/hooks/pre-upgrade/upgrade_job.yaml b/stable/feeds/templates/hooks/pre-upgrade/upgrade_job.yaml index 02cefd07..2a85298a 100644 --- a/stable/feeds/templates/hooks/pre-upgrade/upgrade_job.yaml +++ b/stable/feeds/templates/hooks/pre-upgrade/upgrade_job.yaml @@ -123,4 +123,4 @@ spec: - | {{ print (include "feeds.doSourceFile" .) }} anchore-enterprise-manager db --db-use-ssl --db-connect postgresql://"${ANCHORE_FEEDS_DB_USER}":"${ANCHORE_FEEDS_DB_PASSWORD}"@"${ANCHORE_FEEDS_DB_HOST}":"${ANCHORE_FEEDS_DB_PORT}"/"${ANCHORE_FEEDS_DB_NAME}"?sslmode={{- .Values.anchoreConfig.database.sslMode -}}\&sslrootcert=/home/anchore/certs/{{- .Values.anchoreConfig.database.sslRootCertFileName }} upgrade --dontask; {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/feeds/templates/hooks/pre-upgrade/upgrade_rbac.yaml b/stable/feeds/templates/hooks/pre-upgrade/upgrade_rbac.yaml index ca9c1a0d..f7f55279 100644 --- a/stable/feeds/templates/hooks/pre-upgrade/upgrade_rbac.yaml +++ b/stable/feeds/templates/hooks/pre-upgrade/upgrade_rbac.yaml @@ -58,7 +58,7 @@ rules: - watch - update - patch - - apiGroups: + - apiGroups: - apps resources: - deployments/scale @@ -72,4 +72,4 @@ rules: - watch - list - get -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/feeds/templates/pvc.yaml b/stable/feeds/templates/pvc.yaml index ae346bfe..5cc7978a 100644 --- a/stable/feeds/templates/pvc.yaml +++ b/stable/feeds/templates/pvc.yaml @@ -23,4 +23,4 @@ spec: storageClassName: "{{ .Values.persistence.storageClass }}" {{- end }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/feeds/templates/secret.yaml b/stable/feeds/templates/secret.yaml index 4d46f975..dc7ace82 100644 --- a/stable/feeds/templates/secret.yaml +++ b/stable/feeds/templates/secret.yaml @@ -12,7 +12,7 @@ stringData: ANCHORE_FEEDS_DB_USER: {{ index .Values "feeds-db" "auth" "username" | quote }} ANCHORE_FEEDS_DB_PASSWORD: {{ index .Values "feeds-db" "auth" "password" | quote }} ANCHORE_FEEDS_DB_HOST: {{ include "feeds.dbHostname" . | quote }} - ANCHORE_FEEDS_DB_PORT: {{ index .Values "feeds-db" "primary" "service" "ports" "postgresql" | quote }} + ANCHORE_FEEDS_DB_PORT: {{ index .Values "feeds-db" "primary" "service" "ports" "postgresql" | quote }} {{- with .Values.anchoreConfig.keys.secret }} ANCHORE_SAML_SECRET: {{ . | quote }} {{- end }} @@ -29,4 +29,4 @@ stringData: ANCHORE_GEM_DB_PASSWORD: {{ index .Values "gem-db" "auth" "password" | quote }} ANCHORE_GEM_DB_PORT: {{ index .Values "gem-db" "primary" "service" "ports" "postgresql" | quote }} {{- end }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap b/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap index 5a26f34b..c701ed31 100644 --- a/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap +++ b/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap @@ -124,9 +124,9 @@ should render the configmaps: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: test-release-feeds app.kubernetes.io/part-of: anchore - app.kubernetes.io/version: 4.9.1 + app.kubernetes.io/version: 9.9.9 bar: baz-label foo: bar-label - helm.sh/chart: feeds-0.0.4 + helm.sh/chart: feeds-9.9.9 name: test-release-feeds namespace: test-namespace diff --git a/stable/feeds/tests/configmap_test.yaml b/stable/feeds/tests/configmap_test.yaml index 29e84833..b65b0eb8 100644 --- a/stable/feeds/tests/configmap_test.yaml +++ b/stable/feeds/tests/configmap_test.yaml @@ -6,6 +6,9 @@ values: release: name: test-release namespace: test-namespace +chart: + version: 9.9.9 + appVersion: 9.9.9 tests: - it: should render the configmaps asserts: diff --git a/stable/feeds/tests/feeds_resources_test.yaml b/stable/feeds/tests/feeds_resources_test.yaml index f71f03d5..a83f895e 100644 --- a/stable/feeds/tests/feeds_resources_test.yaml +++ b/stable/feeds/tests/feeds_resources_test.yaml @@ -335,4 +335,4 @@ tests: protocol: TCP targetPort: 8448 nodePort: 9999 - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/feeds/tests/posthook_upgrade_resources_test.yaml b/stable/feeds/tests/posthook_upgrade_resources_test.yaml index c5f0a032..fef7578d 100644 --- a/stable/feeds/tests/posthook_upgrade_resources_test.yaml +++ b/stable/feeds/tests/posthook_upgrade_resources_test.yaml @@ -175,4 +175,4 @@ tests: content: cpu: 200m memory: 256Mi - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/feeds/tests/prehook_upgrade_resources_test.yaml b/stable/feeds/tests/prehook_upgrade_resources_test.yaml index 1195e72d..b325aab2 100644 --- a/stable/feeds/tests/prehook_upgrade_resources_test.yaml +++ b/stable/feeds/tests/prehook_upgrade_resources_test.yaml @@ -250,4 +250,4 @@ tests: content: cpu: 200m memory: 256Mi - count: 1 \ No newline at end of file + count: 1 diff --git a/stable/k8s-inventory/Chart.yaml b/stable/k8s-inventory/Chart.yaml index 85002f75..599590aa 100644 --- a/stable/k8s-inventory/Chart.yaml +++ b/stable/k8s-inventory/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: k8s-inventory -version: 0.0.4 +version: 0.0.5 appVersion: "1.0.0" description: A Helm chart for Kubernetes Automated Inventory, which describes which images are in use in a given Kubernetes Cluster keywords: diff --git a/stable/k8s-inventory/README.md b/stable/k8s-inventory/README.md index 06953983..6aa26164 100644 --- a/stable/k8s-inventory/README.md +++ b/stable/k8s-inventory/README.md @@ -1,7 +1,7 @@ # K8s Inventory Helm Chart K8s Inventory is the foundation of Anchore Enterprise's Runtime Inventory feature. Running K8s Inventory via Helm is a great way to retrieve your Kubernetes Image inventory without providing Cluster Credentials to Anchore. The minimum version of the Anchore Enterprise platform required for K8s Inventory is 4.7. -K8s Inventory runs as a read-only service account in the cluster it's deployed to. +K8s Inventory runs as a read-only service account in the cluster it's deployed to. In order to report the inventory to Anchore, K8s Inventory does require authentication material for your Anchore Enterprise deployment. K8s Inventory's helm chart automatically creates a kubernetes secret for the Anchore Password based on the values file you use, Ex.: @@ -31,7 +31,7 @@ You can install the chart via via: ``` helm repo add anchore https://charts.anchore.io helm install -f anchore/k8s-inventory -``` +``` A basic values file can always be found [here](https://github.com/anchore/anchore-charts/tree/master/stable/k8s-inventory/values.yaml) The key configurations are in the k8sInventory.anchore section. K8s Inventory must be able to resolve the Anchore URL and requires API credentials. @@ -49,9 +49,9 @@ See the [K8s Inventory repo](https://github.com/anchore/k8s-inventory) for more | Name | Description | Value | | ------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `replicaCount` | Number of replicas for the K8s Inventory deployment | `1` | -| `image.pullPolicy` | Image pull policy used by the K8s Inventory deployment | `Always` | +| `image.pullPolicy` | Image pull policy used by the K8s Inventory deployment | `IfNotPresent` | | `image.repository` | Image used for the K8s Inventory deployment | `anchore/k8s-inventory` | -| `image.tag` | Image tag used for the K8s Inventory deployment | `v1.0.0` | +| `image.tag` | Image tag used for the K8s Inventory deployment | `v1.1.1` | | `imagePullSecrets` | secrets where Kubernetes should get the credentials for pulling private images | `[]` | | `nameOverride` | overrides the name set on resources | `""` | | `fullnameOverride` | overrides the fullname set on resources | `""` | @@ -82,6 +82,7 @@ See the [K8s Inventory repo](https://github.com/anchore/k8s-inventory) for more | `useExistingSecret` | Specify whether to use an existing secret | `false` | | `existingSecretName` | if using an existing secret, specify the existing secret name | `""` | + ### k8sInventory Parameters ## | Name | Description | Value | diff --git a/stable/k8s-inventory/templates/NOTES.txt b/stable/k8s-inventory/templates/NOTES.txt index 58271b4d..df5bd75b 100644 --- a/stable/k8s-inventory/templates/NOTES.txt +++ b/stable/k8s-inventory/templates/NOTES.txt @@ -3,4 +3,4 @@ K8s Inventory must be able to resolve the Anchore URL and requires API credentia For more info see: https://github.com/anchore/k8s-inventory -K8s Inventory is now installed. \ No newline at end of file +K8s Inventory is now installed. diff --git a/stable/k8s-inventory/templates/_helpers.tpl b/stable/k8s-inventory/templates/_helpers.tpl index b048ac64..c034fc91 100644 --- a/stable/k8s-inventory/templates/_helpers.tpl +++ b/stable/k8s-inventory/templates/_helpers.tpl @@ -67,4 +67,3 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} - diff --git a/stable/k8s-inventory/templates/cluster-role-binding.yaml b/stable/k8s-inventory/templates/cluster-role-binding.yaml index 533bbc59..b9bb06ff 100644 --- a/stable/k8s-inventory/templates/cluster-role-binding.yaml +++ b/stable/k8s-inventory/templates/cluster-role-binding.yaml @@ -17,4 +17,4 @@ subjects: roleRef: kind: ClusterRole name: {{ include "k8sInventory.fullname" . }}-read-only - apiGroup: rbac.authorization.k8s.io \ No newline at end of file + apiGroup: rbac.authorization.k8s.io diff --git a/stable/k8s-inventory/templates/cluster-role-readonly.yaml b/stable/k8s-inventory/templates/cluster-role-readonly.yaml index 2559a844..45a8ab3f 100644 --- a/stable/k8s-inventory/templates/cluster-role-readonly.yaml +++ b/stable/k8s-inventory/templates/cluster-role-readonly.yaml @@ -13,4 +13,4 @@ metadata: rules: - apiGroups: [""] resources: ["pods","namespaces", "nodes"] - verbs: ["get", "watch", "list"] \ No newline at end of file + verbs: ["get", "watch", "list"] diff --git a/stable/k8s-inventory/templates/deployment.yaml b/stable/k8s-inventory/templates/deployment.yaml index bed2a5e4..9978e1f5 100644 --- a/stable/k8s-inventory/templates/deployment.yaml +++ b/stable/k8s-inventory/templates/deployment.yaml @@ -20,7 +20,7 @@ spec: annotations: {{- with .Values.annotations }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} diff --git a/stable/kai/Chart.yaml b/stable/kai/Chart.yaml index 20dd6dc1..1151bbc8 100644 --- a/stable/kai/Chart.yaml +++ b/stable/kai/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: kai -version: 0.5.0 +version: 0.5.1 appVersion: 0.5.0 description: A Helm chart for Kubernetes Automated Inventory, which describes which images are in use in a given Kubernetes Cluster keywords: diff --git a/stable/kai/README.md b/stable/kai/README.md index ee61cf1f..c7d3633e 100644 --- a/stable/kai/README.md +++ b/stable/kai/README.md @@ -1,7 +1,7 @@ # KAI Helm Chart KAI is the foundation of Anchore Enterprise's Runtime Inventory feature. Running KAI via Helm is a great way to retrieve your Kubernetes Image inventory without providing Cluster Credentials to Anchore. -KAI runs as a read-only service account in the cluster it's deployed to. +KAI runs as a read-only service account in the cluster it's deployed to. In order to report the inventory to Anchore, KAI does require authentication material for your Anchore Enterprise deployment. KAI's helm chart automatically creates a kubernetes secret for the Anchore Password based on the values file you use, Ex.: @@ -31,7 +31,7 @@ You can install the chart via via: ``` helm repo add anchore https://charts.anchore.io helm install -f anchore/kai -``` +``` A basic values file can always be found [here](https://github.com/anchore/anchore-charts/tree/master/stable/kai/values.yaml) The key configurations are in the kai.anchore section. Kai must be able to resolve the Anchore URL and requires API credentials. @@ -40,4 +40,4 @@ Note: the Anchore API Password can be provided via a kubernetes secret, or injec * For injecting the environment variable, see: inject_secrets_via_env * For providing your own secret for the Anchore API Password, see: kai.existing_secret. kai creates it's own secret based on your values.yaml file for key kai.anchore.password, but the kai.existingSecret key allows you to create your own secret and provide it in the values file. -See the [kai repo](https://github.com/anchore/kai) for more information about the KAI-specific configuration \ No newline at end of file +See the [kai repo](https://github.com/anchore/kai) for more information about the KAI-specific configuration diff --git a/stable/kai/templates/cluster-role-binding.yaml b/stable/kai/templates/cluster-role-binding.yaml index 0ae275bf..971da80b 100644 --- a/stable/kai/templates/cluster-role-binding.yaml +++ b/stable/kai/templates/cluster-role-binding.yaml @@ -9,4 +9,4 @@ subjects: roleRef: kind: ClusterRole name: {{ include "kai.fullname" . }}-read-only - apiGroup: rbac.authorization.k8s.io \ No newline at end of file + apiGroup: rbac.authorization.k8s.io diff --git a/stable/kai/templates/cluster-role-readonly.yaml b/stable/kai/templates/cluster-role-readonly.yaml index f26d9a51..abb821a4 100644 --- a/stable/kai/templates/cluster-role-readonly.yaml +++ b/stable/kai/templates/cluster-role-readonly.yaml @@ -5,4 +5,4 @@ metadata: rules: - apiGroups: [""] resources: ["pods","namespaces"] - verbs: ["get", "watch", "list"] \ No newline at end of file + verbs: ["get", "watch", "list"]