Update chart to enterprise v2.4.0 (#61)

* update engine/enterprise image versions * add enterprise feeds upgrade job * bump chart version Signed-off-by: Brady Todhunter <[email protected]>
anchore · Aug 31, 2020 · a27ab1a · a27ab1a
1 parent 5848fc1
commit a27ab1a
Show file tree

Hide file tree

Showing 3 changed files with 69 additions and 5 deletions.
diff --git a/stable/anchore-engine/Chart.yaml b/stable/anchore-engine/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: anchore-engine
-version: 1.8.1
-appVersion: 0.8.0
+version: 1.9.0
+appVersion: 0.8.1
 description: Anchore container analysis and policy evaluation engine service
 keywords:
  - analysis

diff --git a/stable/anchore-engine/templates/enterprise_feeds_upgrade_job.yaml b/stable/anchore-engine/templates/enterprise_feeds_upgrade_job.yaml
@@ -0,0 +1,63 @@
+{{- if .Values.anchoreEnterpriseGlobal.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: "{{ .Release.Name }}-enterprise-feeds-upgrade"
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    "helm.sh/hook": post-upgrade
+    "helm.sh/hook-weight": "-3"
+spec:
+  template:
+    metadata:
+      name: "{{ .Release.Name }}-enterprise-feeds-upgrade"
+      labels:
+        app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+        app.kubernetes.io/instance: {{ .Release.Name | quote }}
+        helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    spec:
+      {{- with .Values.anchoreGlobal.securityContext }}
+      securityContext:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      imagePullSecrets:
+      - name: {{ .Values.anchoreEnterpriseGlobal.imagePullSecretName }}
+      restartPolicy: Never
+      containers:
+      - name: "{{ .Release.Name }}-enterprise-feeds-upgrade"
+        imagePullPolicy: {{ .Values.anchoreEnterpriseGlobal.imagePullPolicy }}
+        image: {{ .Values.anchoreEnterpriseGlobal.image }}
+        {{- if .Values.anchoreGlobal.dbConfig.ssl }}
+        args: ["/bin/bash", "-c", "anchore-enterprise-manager db --db-use-ssl --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME}?sslmode={{ .Values.anchoreGlobal.dbConfig.sslMode }}\\&sslrootcert=/home/anchore/certs/{{ .Values.anchoreGlobal.dbConfig.sslRootCertName }} upgrade --dontask"]
+        {{- else }}
+        args: ["/bin/bash", "-c", "anchore-enterprise-manager db --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME} upgrade --dontask"]
+        {{- end }}
+        envFrom:
+        - secretRef:
+            name: {{ default (include "anchore-engine.fullname" .) .Values.anchoreGlobal.existingSecret }}
+        - configMapRef:
+            name: {{ template "anchore-engine.enterprise-feeds.fullname" . }}-env
+        env:
+        {{- with .Values.anchoreGlobal.extraEnv }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- with .Values.anchoreEnterpriseFeeds.extraEnv }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- if (.Values.anchoreGlobal.certStoreSecretName) }}
+        volumeMounts:
+        - name: certs
+          mountPath: /home/anchore/certs/
+          readOnly: true
+        {{- end }}
+    {{- with .Values.anchoreGlobal.certStoreSecretName }}
+      volumes:
+      - name: certs
+        secret:
+          secretName: {{ . }}
+      {{- end }}
+{{- end }}
diff --git a/stable/anchore-engine/values.yaml b/stable/anchore-engine/values.yaml
@@ -90,7 +90,7 @@ ingress:
 # Global configuration shared by all anchore-engine services.
 anchoreGlobal:
   # Image used for all anchore engine deployments (excluding enterprise components).
-  image: docker.io/anchore/anchore-engine:v0.8.0
+  image: docker.io/anchore/anchore-engine:v0.8.1
   imagePullPolicy: IfNotPresent
   # Set image pull secret name if using an anchore-engine image from a private registry
   imagePullSecretName:
@@ -506,7 +506,7 @@ anchoreEnterpriseGlobal:
   # Create this secret with the following command - kubectl create secret generic anchore-license --from-file=license.yaml=<PATH TO LICENSE.YAML>
   licenseSecretName: anchore-enterprise-license
 
-  image: docker.io/anchore/enterprise:v2.3.2
+  image: docker.io/anchore/enterprise:v2.4.0
   imagePullPolicy: IfNotPresent
   # Name of the kubernetes secret containing your dockerhub creds with access to the anchore enterprise images.
   # Create this secret with the following command - kubectl create secret docker-registry anchore-dockerhub-creds --docker-server=docker.io --docker-username=<USERNAME> --docker-password=<PASSWORD> --docker-email=<EMAIL_ADDRESS>
@@ -561,6 +561,7 @@ anchoreEnterpriseFeeds:
 
   # Enable microsoft feeds
   msrcDriverEnabled: false
+  # For instructions on getting API key, see the msrc section of the Feeds docs - https://docs.anchore.com/current/docs/installation/feeds/
   msrcApiKey: null
   # Uncomment to add MSRC product IDs for generating their feed data, this extends the pre-defined list of product IDs
   # msrcWhitelist:
@@ -716,7 +717,7 @@ anchoreEnterpriseNotifications:
 anchoreEnterpriseUi:
   # If enabled is set to false, set anchore-ui-redis.enabled to false to ensure that helm doesn't stand up a unneccessary redis instance.
   enabled: true
-  image: docker.io/anchore/enterprise-ui:v2.3.2
+  image: docker.io/anchore/enterprise-ui:v2.4.0
   imagePullPolicy: IfNotPresent
 
   # Set extra environment variables. These will be set on all UI containers.