UNCLASSIFIED - NO CUI

anchoreEnterprise update to 3.21.0-bb.2

BB_AUTO_MR_TOKENrequested to merge
update-anchoreEnterprise-tag-3.21.0-bb.2 into master

Package Merge Request

Package Changes

https://repo1.dso.mil/big-bang/product/packages/anchore-enterprise/-/blob/3.21.0-bb.2/CHANGELOG.md

Package MR

big-bang/product/packages/anchore-enterprise!409 (merged)

For Issue

Closes big-bang/product/packages/anchore-enterprise#272 (closed)

Upgrade Notices

The internal PostgreSQL dependency has been migrated from a bundled chart to the upstream Bitnami chart. This migration requires two manual steps before running helm upgrade:

Warning: Platform One does not support the internal PostgreSQL database for production deployments. These steps are only applicable to development environments using the chart's built-in PostgreSQL.

  1. Migrate the PostgreSQL secret keys:

    The new chart expects different key names in the PostgreSQL secret. This must be done before the upgrade because Helm's template rendering will fail if the expected keys are not present.

    kubectl patch secret anchore-enterprise-postgresql -n anchore --type='json' -p="[
  {\"op\":\"add\",\"path\":\"/data/password\",\"value\":\"$(kubectl get secret anchore-enterprise-postgresql -n anchore -o jsonpath='{.data.postgresql-password}')\"},
  {\"op\":\"add\",\"path\":\"/data/postgres-password\",\"value\":\"$(kubectl get secret anchore-enterprise-postgresql -n anchore -o jsonpath='{.data.postgresql-postgres-password}')\"}
]"

  2. Delete the PostgreSQL StatefulSet while preserving the running pod:

    The new chart changes an immutable field on the PostgreSQL StatefulSet, which will cause the upgrade to fail. The --cascade=orphan flag is critical, because it deletes the StatefulSet while leaving the database pod running, allowing the upgrade to recreate the StatefulSet and adopt the existing pod.

    kubectl delete statefulset anchore-enterprise-postgresql -n anchore --cascade=orphan

After completing both steps, proceed with helm upgrade as normal.

The value postgresql.externalDBCheckEnabled along with the associated ensure-anchore-db-xyz job has been removed from this release. Prior to this release, the ensure-anchore-db job might cause issues and hang when using an external database. If the ensure-anchore-db job hangs on startup in earlier Big Bang releases, you can prevent that job from starting by setting externalDBCheckEnabled to true ( which is counter-intuitive due to a logic issue with that job's deploymment ):

addons:
  anchoreEnterprise:
    values:
      postgresql:
        externalDBCheckEnabled: true
Edited by Michael Martin

Merge request reports

UNCLASSIFIED - NO CUI