Broken ability to place passwords outside values.yaml
Summary
This is likely an issue because I'm not working with this chart within the context of Big Bang.
I can't use the ability to put passwords in a secret instead of in the values.yaml as implemented in the underlying work of Anchore's charts because the big bang templates enforce placing it in values.yaml here. https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/chart/templates/bigbang/db/anchore-db-secret.yaml#L21
Then it also runs a job that fails because the above job doesn't use the proper credentials.
Steps to reproduce
Create a secert with ANCHORE_DB_PASSWORD
, ANCHORE_ADMIN_PASSWORD
and ANCHORE_SAML_SECRET
env set named anchore-engine.
In values.yaml, place:
anchoreGlobal:
existingSecret: anchore-engine
postgresql:
enabled: false
externalEndpoint: my-host:5432
postgresUser: anchore
postgresDatabase: anchore
What is the current behavior?
Fail to start Anchore because it uses incorrect credentials.
What is the expected behavior?
Use the database password identified in the anchore-engine secret as the underlying Anchore charts would expect.
Possible fixes
I'd recommend following the example of Anchore's charts with handling the use of that Secret to set the ENV as an option instead of using the chart. I'd even prefer to see that enforced as a best practice in the case of the DoD.
/cc {put CODEOWNERs @githandles here}