From a88c54a33f1bd0f7d5d10fdc93f16f91068cc7fd Mon Sep 17 00:00:00 2001
From: kaymonty <kmontakhab@vivsoft.io>
Date: Mon, 13 Jan 2025 17:29:27 -0500
Subject: [PATCH 01/11] ability to disable ensure-anchore-db job
---
CHANGELOG.md | 6 ++++++
README.md | 3 ++-
chart/Chart.yaml | 2 +-
chart/templates/bigbang/db/ensure-anchore-db.yaml | 3 ++-
chart/values.yaml | 4 ++++
5 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7fdf7704..c6203469 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
---
+## [3.3.1-bb.1] - 2025-01-13
+
+### Changed
+
+- ability to disable `ensure-anchore-db` job
+
## [3.3.1-bb.0] - 2025-01-06
### Changed
diff --git a/README.md b/README.md
index d742cfdd..c7c3f9f7 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
# anchore
-  
+  
Anchore Enterprise is a complete container security workflow solution for professional teams. Easily integrating with CI/CD systems,
it allows developers to bolster security without compromising velocity and enables security teams to audit and verify compliance in real-time.
@@ -541,6 +541,7 @@ helm install anchore chart/
| ui-redis.commonConfiguration | string | `"maxmemory 200mb\nsave \"\""` | |
| postgresql.enabled | bool | `true` | |
| postgresql.externalEndpoint | string | `""` | |
+| postgresql.externalDBCheckEnabled | bool | `false` | |
| postgresql.primary.resources | object | `{}` | |
| postgresql.primary.service.ports.postgresql | int | `5432` | |
| postgresql.primary.podSecurityContext.enabled | bool | `true` | |
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 34a3f089..f7bf3dc4 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,5 +1,5 @@
name: anchore
-version: 3.3.1-bb.0
+version: 3.3.1-bb.1
apiVersion: v2
appVersion: 5.13.1
kubeVersion: ">=1.23.x || >=1.23.x-x"
diff --git a/chart/templates/bigbang/db/ensure-anchore-db.yaml b/chart/templates/bigbang/db/ensure-anchore-db.yaml
index 32426f04..6870ecf8 100644
--- a/chart/templates/bigbang/db/ensure-anchore-db.yaml
+++ b/chart/templates/bigbang/db/ensure-anchore-db.yaml
@@ -1,5 +1,6 @@
{{- if hasKey .Values.postgresql "enabled" }}
-{{- if (not .Values.postgresql.enabled) }}
+{{- if and .Values.postgresql.enabled .Values.externalDBCheckEnabled }}
+#{{- if (not .Values.postgresql.enabled) }}
# Job to sync db and db user with external postgres for Anchore's primary data store
apiVersion: batch/v1
kind: Job
diff --git a/chart/values.yaml b/chart/values.yaml
index fa96f01d..4e556e9f 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1916,6 +1916,10 @@ postgresql:
##
externalEndpoint: ""
+ ## ** Big Bang Change **
+ ## switch to true for externalDBCheckEnabled if externalEndpoint is used. This disables ensure-anchore-db job
+ externalDBCheckEnabled: false
+
## ** Big Bang Change **
## @param postgresql.postgresUser Username used to connect to postgresql
## @param postgresql.postgresPassword Password used to connect to postgresql
--
GitLab
From 922135eb822ad5f120484eb3d43f14c38b0e283c Mon Sep 17 00:00:00 2001
From: kaymonty <kmontakhab@vivsoft.io>
Date: Mon, 13 Jan 2025 17:37:04 -0500
Subject: [PATCH 02/11] edited ensure-anchore-db.yaml
---
chart/templates/bigbang/db/ensure-anchore-db.yaml | 1 -
1 file changed, 1 deletion(-)
diff --git a/chart/templates/bigbang/db/ensure-anchore-db.yaml b/chart/templates/bigbang/db/ensure-anchore-db.yaml
index 6870ecf8..73c86c1e 100644
--- a/chart/templates/bigbang/db/ensure-anchore-db.yaml
+++ b/chart/templates/bigbang/db/ensure-anchore-db.yaml
@@ -1,6 +1,5 @@
{{- if hasKey .Values.postgresql "enabled" }}
{{- if and .Values.postgresql.enabled .Values.externalDBCheckEnabled }}
-#{{- if (not .Values.postgresql.enabled) }}
# Job to sync db and db user with external postgres for Anchore's primary data store
apiVersion: batch/v1
kind: Job
--
GitLab
From 6672f93727e2994a9282764f47a7acb5e446fe7a Mon Sep 17 00:00:00 2001
From: kaymonty <kmontakhab@vivsoft.io>
Date: Mon, 13 Jan 2025 20:15:55 -0500
Subject: [PATCH 03/11] fixing the logic
---
chart/templates/bigbang/db/ensure-anchore-db.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chart/templates/bigbang/db/ensure-anchore-db.yaml b/chart/templates/bigbang/db/ensure-anchore-db.yaml
index 73c86c1e..c9e37d6f 100644
--- a/chart/templates/bigbang/db/ensure-anchore-db.yaml
+++ b/chart/templates/bigbang/db/ensure-anchore-db.yaml
@@ -1,5 +1,5 @@
{{- if hasKey .Values.postgresql "enabled" }}
-{{- if and .Values.postgresql.enabled .Values.externalDBCheckEnabled }}
+{{- if and (not .Values.postgresql.enabled) (.Values.postgresql.externalDBCheckEnabled) }}
# Job to sync db and db user with external postgres for Anchore's primary data store
apiVersion: batch/v1
kind: Job
--
GitLab
From 42eb804da3c3633edbda54153096b5e862710703 Mon Sep 17 00:00:00 2001
From: kaymonty <kmontakhab@vivsoft.io>
Date: Tue, 14 Jan 2025 09:02:52 -0500
Subject: [PATCH 04/11] adjusting the logic ensure-anchore-db job
---
chart/templates/bigbang/db/ensure-anchore-db.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chart/templates/bigbang/db/ensure-anchore-db.yaml b/chart/templates/bigbang/db/ensure-anchore-db.yaml
index c9e37d6f..bb084e81 100644
--- a/chart/templates/bigbang/db/ensure-anchore-db.yaml
+++ b/chart/templates/bigbang/db/ensure-anchore-db.yaml
@@ -1,5 +1,5 @@
{{- if hasKey .Values.postgresql "enabled" }}
-{{- if and (not .Values.postgresql.enabled) (.Values.postgresql.externalDBCheckEnabled) }}
+{{- if and (not .Values.postgresql.enabled) ( not .Values.postgresql.externalDBCheckEnabled) }}
# Job to sync db and db user with external postgres for Anchore's primary data store
apiVersion: batch/v1
kind: Job
--
GitLab
From 0e8e0aca33e14a100c82efecf90b3f0ad28b237d Mon Sep 17 00:00:00 2001
From: kaymonty <kmontakhab@vivsoft.io>
Date: Fri, 17 Jan 2025 11:12:49 -0500
Subject: [PATCH 05/11] testing no ensure-anchore-db job
---
chart/values.yaml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/chart/values.yaml b/chart/values.yaml
index 4e556e9f..78c173b6 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1909,16 +1909,16 @@ ui-redis:
## @section Anchore Database Parameters
#######################################
postgresql:
- enabled: true
+ enabled: false
## @param postgresql.externalEndpoint External Postgresql hostname when not using Helm managed chart (eg. mypostgres.myserver.io)
## externalEndpoint, auth.username, auth.password, auth.database, & primary.service.ports.postgresql are required values for external Postgres
##
- externalEndpoint: ""
+ externalEndpoint: "87.10.135.34.bc.googleusercontent.com"
## ** Big Bang Change **
## switch to true for externalDBCheckEnabled if externalEndpoint is used. This disables ensure-anchore-db job
- externalDBCheckEnabled: false
+ externalDBCheckEnabled: true
## ** Big Bang Change **
## @param postgresql.postgresUser Username used to connect to postgresql
@@ -1994,7 +1994,7 @@ postgresql:
host all all all scram-sha-256
# PG creds
postgresUser: anchore
- postgresPassword: anchore-postgres,123
+ postgresPassword: BigB@ng123!
postgresDatabase: anchore
# Configure resource limits and requests for the postgresql deployment
resources:
--
GitLab
From 66472ea7fe87ce9c71873895226ee9d8536f7fac Mon Sep 17 00:00:00 2001
From: kaymonty <kmontakhab@vivsoft.io>
Date: Fri, 17 Jan 2025 11:27:33 -0500
Subject: [PATCH 06/11] adding exdb IP
---
.../bigbang/networkpolicies/allow-egress-ingress-from-jobs.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chart/templates/bigbang/networkpolicies/allow-egress-ingress-from-jobs.yaml b/chart/templates/bigbang/networkpolicies/allow-egress-ingress-from-jobs.yaml
index 6d43be45..a3e3669b 100644
--- a/chart/templates/bigbang/networkpolicies/allow-egress-ingress-from-jobs.yaml
+++ b/chart/templates/bigbang/networkpolicies/allow-egress-ingress-from-jobs.yaml
@@ -17,7 +17,7 @@ spec:
egress:
- to:
- ipBlock:
- cidr: 0.0.0.0/0
+ cidr: 34.135.10.87/32
# ONLY Block requests to AWS metadata IP
except:
- 169.254.169.254/32
--
GitLab
From 7616cd9399ef5d21ffcb91172da241cd6e263213 Mon Sep 17 00:00:00 2001
From: kaymonty <kmontakhab@vivsoft.io>
Date: Fri, 17 Jan 2025 13:24:39 -0500
Subject: [PATCH 07/11] adding external db credentials n hostname
---
chart/values.yaml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/chart/values.yaml b/chart/values.yaml
index 78c173b6..a621fe8f 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -949,17 +949,17 @@ anchoreConfig:
## @param anchoreConfig.ui.dbUser allows overriding and separation of the ui database user.
## The UI config defaults to postgresql.postgresUser if not set
##
- dbUser: ""
+ dbUser: "anchore"
## @param anchoreConfig.ui.dbPassword allows overriding and separation of the ui database user authentication
## The UI config defaults to postgresql.postgresPassword if not set
##
- dbPassword: ""
+ dbPassword: "BigB@ng123!"
## @param anchoreConfig.ui.dbHostname allows overriding and separation of the ui database hostname.
## The UI config defaults to postgresql.externalEndpoint if not set
##
- dbHostname: ""
+ dbHostname: "87.10.135.34.bc.googleusercontent.com"
## @param anchoreConfig.ui.dbPort allows overriding and separation of the ui database port.
## The UI config defaults to postgresql.postgresPort if not set
@@ -969,7 +969,7 @@ anchoreConfig:
## @param anchoreConfig.ui.dbPort allows overriding and separation of the ui database name.
## The UI config defaults to postgresql.postgresDatabase if not set
##
- dbDatabase: ""
+ dbDatabase: "anchore"
#################################################
## @section Anchore API k8s Deployment Parameters
--
GitLab
From 4b65410dcae51ae3423d7f35736e4c0e294f5b29 Mon Sep 17 00:00:00 2001
From: kaymonty <kmontakhab@vivsoft.io>
Date: Fri, 17 Jan 2025 16:09:03 -0500
Subject: [PATCH 08/11] adding credentials
---
chart/values.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/chart/values.yaml b/chart/values.yaml
index a621fe8f..21568bfa 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -105,8 +105,8 @@ openshift: false
# Use Database instance Superuser to create postgresql.postgresDatabase, postgresql.postgresUser, anchore-feeds-db.postgresDatabase, and anchore-feeds-db.postgresUser
postgresqlSuperUser:
- postgresUsername: ""
- postgresPassword: ""
+ postgresUsername: "anchore"
+ postgresPassword: "BigB@ng123!"
# Optionally use an existing secret for the superuser credentials with the following defined:
# PGUSER
# PGPASSWORD
--
GitLab
From cf9e8e97a3731a8f121ceeaeae93248d24fc86b2 Mon Sep 17 00:00:00 2001
From: kaymonty <kmontakhab@vivsoft.io>
Date: Fri, 17 Jan 2025 16:18:54 -0500
Subject: [PATCH 09/11] adding postgres user credentials
---
chart/values.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chart/values.yaml b/chart/values.yaml
index 21568bfa..f820a088 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -105,7 +105,7 @@ openshift: false
# Use Database instance Superuser to create postgresql.postgresDatabase, postgresql.postgresUser, anchore-feeds-db.postgresDatabase, and anchore-feeds-db.postgresUser
postgresqlSuperUser:
- postgresUsername: "anchore"
+ postgresUsername: "postgres"
postgresPassword: "BigB@ng123!"
# Optionally use an existing secret for the superuser credentials with the following defined:
# PGUSER
--
GitLab
From 3275f0772289b9a30557e2fc42bb3983720e97ae Mon Sep 17 00:00:00 2001
From: kaymonty <kmontakhab@vivsoft.io>
Date: Tue, 21 Jan 2025 14:03:38 -0500
Subject: [PATCH 10/11] adjusting values.yaml
---
chart/values.yaml | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/chart/values.yaml b/chart/values.yaml
index f820a088..4e556e9f 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -105,8 +105,8 @@ openshift: false
# Use Database instance Superuser to create postgresql.postgresDatabase, postgresql.postgresUser, anchore-feeds-db.postgresDatabase, and anchore-feeds-db.postgresUser
postgresqlSuperUser:
- postgresUsername: "postgres"
- postgresPassword: "BigB@ng123!"
+ postgresUsername: ""
+ postgresPassword: ""
# Optionally use an existing secret for the superuser credentials with the following defined:
# PGUSER
# PGPASSWORD
@@ -949,17 +949,17 @@ anchoreConfig:
## @param anchoreConfig.ui.dbUser allows overriding and separation of the ui database user.
## The UI config defaults to postgresql.postgresUser if not set
##
- dbUser: "anchore"
+ dbUser: ""
## @param anchoreConfig.ui.dbPassword allows overriding and separation of the ui database user authentication
## The UI config defaults to postgresql.postgresPassword if not set
##
- dbPassword: "BigB@ng123!"
+ dbPassword: ""
## @param anchoreConfig.ui.dbHostname allows overriding and separation of the ui database hostname.
## The UI config defaults to postgresql.externalEndpoint if not set
##
- dbHostname: "87.10.135.34.bc.googleusercontent.com"
+ dbHostname: ""
## @param anchoreConfig.ui.dbPort allows overriding and separation of the ui database port.
## The UI config defaults to postgresql.postgresPort if not set
@@ -969,7 +969,7 @@ anchoreConfig:
## @param anchoreConfig.ui.dbPort allows overriding and separation of the ui database name.
## The UI config defaults to postgresql.postgresDatabase if not set
##
- dbDatabase: "anchore"
+ dbDatabase: ""
#################################################
## @section Anchore API k8s Deployment Parameters
@@ -1909,16 +1909,16 @@ ui-redis:
## @section Anchore Database Parameters
#######################################
postgresql:
- enabled: false
+ enabled: true
## @param postgresql.externalEndpoint External Postgresql hostname when not using Helm managed chart (eg. mypostgres.myserver.io)
## externalEndpoint, auth.username, auth.password, auth.database, & primary.service.ports.postgresql are required values for external Postgres
##
- externalEndpoint: "87.10.135.34.bc.googleusercontent.com"
+ externalEndpoint: ""
## ** Big Bang Change **
## switch to true for externalDBCheckEnabled if externalEndpoint is used. This disables ensure-anchore-db job
- externalDBCheckEnabled: true
+ externalDBCheckEnabled: false
## ** Big Bang Change **
## @param postgresql.postgresUser Username used to connect to postgresql
@@ -1994,7 +1994,7 @@ postgresql:
host all all all scram-sha-256
# PG creds
postgresUser: anchore
- postgresPassword: BigB@ng123!
+ postgresPassword: anchore-postgres,123
postgresDatabase: anchore
# Configure resource limits and requests for the postgresql deployment
resources:
--
GitLab
From 4764878ce904d442bc18f52b3220a701ef310503 Mon Sep 17 00:00:00 2001
From: kaymonty <kmontakhab@vivsoft.io>
Date: Tue, 21 Jan 2025 14:10:04 -0500
Subject: [PATCH 11/11] removing externalDB IP
---
.../bigbang/networkpolicies/allow-egress-ingress-from-jobs.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chart/templates/bigbang/networkpolicies/allow-egress-ingress-from-jobs.yaml b/chart/templates/bigbang/networkpolicies/allow-egress-ingress-from-jobs.yaml
index a3e3669b..6d43be45 100644
--- a/chart/templates/bigbang/networkpolicies/allow-egress-ingress-from-jobs.yaml
+++ b/chart/templates/bigbang/networkpolicies/allow-egress-ingress-from-jobs.yaml
@@ -17,7 +17,7 @@ spec:
egress:
- to:
- ipBlock:
- cidr: 34.135.10.87/32
+ cidr: 0.0.0.0/0
# ONLY Block requests to AWS metadata IP
except:
- 169.254.169.254/32
--
GitLab