Merge branch 'anchore' into 'master'

upgrade anchore version Summary - Bump Anchore Helm chart to 1.12.7 - Bump Anchore Engine image to 0.9.3 - Bump Anchore Enterprise image to 3.0.2 Closes #281 See merge request platform-one/big-bang/bigbang!357

Merge branch 'anchore' into 'master'
14af1599 · joshwolf · a2490c69 · c7a10fb7 · 14af1599 · 14af1599
Commit 14af1599 authored 4 years ago by joshwolf
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -498,7 +498,7 @@ addons:
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
      path: "./chart"
-      tag: "1.12.4-bb.1"
+      tag: "1.12.7-bb.1"

    # -- Initial admin password used to authenticate to Anchore.
    adminPassword: ""

--- a/scripts/deploy/02_wait_for_helmreleases.sh
+++ b/scripts/deploy/02_wait_for_helmreleases.sh
@@ -35,6 +35,47 @@ function wait_on() {
  kubectl wait --for=condition=Ready --timeout 600s helmrelease -n bigbang $1;
 }

+## Function to wait on all statefulsets
+function wait_sts() {
+   timeElapsed=0
+   while true; do
+      sts=$(kubectl get sts -A -o jsonpath='{.items[*].status.replicas}' | xargs)
+      totalSum=$(echo $sts | awk '{for (i=1; i<=NF; i++) c+=$i} {print c}')
+      readySts=$(kubectl get sts -A -o jsonpath='{.items[*].status.readyReplicas}' | xargs)
+      readySum=$(echo $readySts | awk '{for (i=1; i<=NF; i++) c+=$i} {print c}')
+      if [[ $totalSum -eq $readySum ]]; then
+         break
+      fi
+      sleep 5
+      timeElapsed=$(($timeElapsed+5))
+      if [[ $timeElapsed -ge 600 ]]; then
+         echo "Timed out while waiting for stateful sets to be ready."
+         exit 1
+      fi
+   done
+}
+
+## Function to wait on all daemonsets
+function wait_daemonset(){
+   timeElapsed=0
+   while true; do
+      dmnset=$(kubectl get daemonset -A -o jsonpath='{.items[*].status.desiredNumberScheduled}' | xargs)
+      totalSum=$(echo $dmnset | awk '{for (i=1; i<=NF; i++) c+=$i} {print c}')
+      readyDmnset=$(kubectl get daemonset -A -o jsonpath='{.items[*].status.numberReady}' | xargs)
+      readySum=$(echo $readyDmnset | awk '{for (i=1; i<=NF; i++) c+=$i} {print c}')
+      if [[ $totalSum -eq $readySum ]]; then
+         break
+      fi
+      sleep 5
+      timeElapsed=$(($timeElapsed+5))
+      if [[ $timeElapsed -ge 600 ]]; then
+         echo "Timed out while waiting for daemon sets to be ready."
+         exit 1
+      fi
+   done
+}
+
+
 for package in $ORDERED_HELMRELEASES;
 do
  if array_contains DEPLOYED_HELMRELEASES "$package";
@@ -57,3 +98,9 @@ done

 echo "Waiting on Secrets Kustomization"
 kubectl wait --for=condition=Ready --timeout 300s kustomizations.kustomize.toolkit.fluxcd.io -n bigbang secrets
+
+# In case some helm releases are marked as ready before all objects are live...
+echo "Waiting on all deployments, statefulsets, and daemonsets"
+kubectl wait --for=condition=available --timeout 600s -A deployment --all > /dev/null
+wait_sts
+wait_daemonset
--- a/scripts/package/synker.yaml
+++ b/scripts/package/synker.yaml
@@ -29,7 +29,7 @@ source:
    - registry:2

    - registry1.dso.mil/ironbank/twistlock/defender/defender:20.12.531
-    - registry1.dso.mil/ironbank/anchore/enterprise/enterprise:3.0.1
+    - registry1.dso.mil/ironbank/anchore/enterprise/enterprise:3.0.2
    - registry1.dso.mil/ironbank/anchore/enterpriseui/enterpriseui:3.0.1
    # Images used by pipeline-templates
    # NOTE: These are __not__ fully inclusive yet, see this issue for updates: https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/145