Remove Anchore Enterprise quitquitquit
General MR
Summary
Removed the obsolete Istio sidecar readiness wait and /quitquitquit shutdown call from the Anchore Enterprise SSO configuration job. Native sidecars no longer need this manual shutdown path, and Ambient mode has no sidecar for the job to terminate.
Also added the required Big Bang package release hygiene for this change: chart version bump, changelog entry, README version badge update, and docs/BBCHANGES.md cleanup for the removed snippet.
Relevant logs/screenshots
Local validation:
rg -n "quitquitquit|localhost:15020|localhost:15021|Waiting for Istio sidecar" chart/templates chart/scripts
helm unittest chart
helm template anchore-enterprise chart --set sso.enabled=true --set istio.enabled=true --set istio.sidecar.enabled=true --set istio.injection=enabled --set upstream.anchoreConfig.database.ssl=false --set upstream.anchoreConfig.database.sslMode=disable --set enterpriseLicenseYaml='fake-license' > /tmp/anchore-enterprise-render.yaml
rg -n "quitquitquit|localhost:15020|localhost:15021|Waiting for Istio sidecar" /tmp/anchore-enterprise-render.yamlResult: active templates/scripts and the rendered chart contain no legacy sidecar shutdown/wait logic. helm unittest chart passes the configure-sso regression test that renders with istio.sidecar.enabled=true and asserts the removed sidecar logic is absent.
Live cluster tests
Click to expand
Wed May 6 18:32:06 MST 2026
NAME STATUS AGE LABELS
anchore Active 75m app.kubernetes.io/component=security,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=anchore-enterprise,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=3.23.0,helm.sh/chart=bigbang-3.23.0,istio.io/dataplane-mode=ambient,kubernetes.io/metadata.name=anchore
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ztunnel-6bjt7 1/1 Running 0 72m 10.42.1.11 k3d-bb-helm-server-0 <none> <none>
ztunnel-rr56d 1/1 Running 0 72m 10.42.0.13 k3d-bb-helm-agent-0 <none> <none>
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
istio-cni-node 2 2 2 2 2 kubernetes.io/os=linux 72m
anchore-enterprise-anchore-enterprise-analyzer-7764cb544f-xzqgm enabled upstream-analyzer
anchore-enterprise-anchore-enterprise-api-6779486486-7wzcl enabled upstream-api
anchore-enterprise-anchore-enterprise-catalog-65cc7d4589-gsmqf enabled upstream-catalog
anchore-enterprise-anchore-enterprise-datasyncer-5f586fbf7f5882 enabled upstream-datasyncer
anchore-enterprise-anchore-enterprise-notifications-64bcf5dssj5 enabled upstream-notifications
anchore-enterprise-anchore-enterprise-policy-6f8794b9f-z76dn enabled upstream-policyengine
anchore-enterprise-anchore-enterprise-reports-77f8584758-w9tl8 enabled upstream-reports
anchore-enterprise-anchore-enterprise-reportsworker-8556df22zfg enabled upstream-reportsworker
anchore-enterprise-anchore-enterprise-simplequeue-6889c8c9pn6nm enabled upstream-simplequeue
anchore-enterprise-anchore-enterprise-ui-588976b9-sktmv enabled upstream-ui
anchore-enterprise-postgresql-0 enabled postgresql
anchore-enterprise-ui-redis-master-0 enabled redis
configure-sso-l5sk6 configure-sso
NAME READY STATUS RESTARTS AGE
pod/anchore-enterprise-anchore-enterprise-analyzer-7764cb544f-xzqgm 1/1 Running 0 61m
pod/anchore-enterprise-anchore-enterprise-api-6779486486-7wzcl 1/1 Running 0 61m
pod/anchore-enterprise-anchore-enterprise-catalog-65cc7d4589-gsmqf 1/1 Running 0 61m
pod/anchore-enterprise-anchore-enterprise-datasyncer-5f586fbf7f5882 1/1 Running 0 61m
pod/anchore-enterprise-anchore-enterprise-notifications-64bcf5dssj5 1/1 Running 0 61m
pod/anchore-enterprise-anchore-enterprise-policy-6f8794b9f-z76dn 1/1 Running 0 61m
pod/anchore-enterprise-anchore-enterprise-reports-77f8584758-w9tl8 1/1 Running 0 61m
pod/anchore-enterprise-anchore-enterprise-reportsworker-8556df22zfg 1/1 Running 0 61m
pod/anchore-enterprise-anchore-enterprise-simplequeue-6889c8c9pn6nm 1/1 Running 0 61m
pod/anchore-enterprise-anchore-enterprise-ui-588976b9-sktmv 1/1 Running 0 61m
pod/anchore-enterprise-postgresql-0 1/1 Running 0 61m
pod/anchore-enterprise-ui-redis-master-0 1/1 Running 0 61m
pod/configure-sso-l5sk6 0/1 Completed 0 60m
NAME STATUS COMPLETIONS DURATION AGE
job.batch/configure-sso Complete 1/1 7s 60m
NAME POD-SELECTOR AGE
networkpolicy.networking.k8s.io/allow-egress-from-analyzer-to-registry-subnets app.kubernetes.io/component=analyzer 61m
networkpolicy.networking.k8s.io/allow-egress-from-api-to-notification-services app.kubernetes.io/component=api 61m
networkpolicy.networking.k8s.io/allow-egress-from-catalog-to-registry-subnets app.kubernetes.io/component=catalog 61m
networkpolicy.networking.k8s.io/allow-egress-from-datasyncer-to-anchore-data-service app.kubernetes.io/component=datasyncer 61m
networkpolicy.networking.k8s.io/allow-egress-from-notifications-to-notification-services app.kubernetes.io/component=notifications 61m
networkpolicy.networking.k8s.io/allow-egress-from-smoketest-to-registry-subnets app.kubernetes.io/component=smoketest 61m
networkpolicy.networking.k8s.io/allow-egress-from-ui-to-ldap-subnets app.kubernetes.io/component=ui 61m
networkpolicy.networking.k8s.io/allow-ingress-to-anchore-api-any-port-from-ns-istio-gateway-pod-public-ingressgateway app.kubernetes.io/component=api 61m
networkpolicy.networking.k8s.io/allow-ingress-to-anchore-ui-3000-from-ns-istio-gateway-pod-public-ingressgateway app.kubernetes.io/component=ui 61m
networkpolicy.networking.k8s.io/default-egress-allow-all-in-ns <none> 61m
networkpolicy.networking.k8s.io/default-egress-allow-istiod <none> 61m
networkpolicy.networking.k8s.io/default-egress-allow-kube-dns <none> 61m
networkpolicy.networking.k8s.io/default-egress-deny-all <none> 61m
networkpolicy.networking.k8s.io/default-ingress-allow-all-in-ns <none> 61m
networkpolicy.networking.k8s.io/default-ingress-allow-ambient-kubelet <none> 61m
networkpolicy.networking.k8s.io/default-ingress-allow-prometheus-to-istio-sidecar <none> 61m
networkpolicy.networking.k8s.io/default-ingress-deny-all <none> 61m
NAME ACTION AGE
authorizationpolicy.security.istio.io/anchore-api-public-ingressgateway-authz-policy ALLOW 61m
authorizationpolicy.security.istio.io/anchore-ui-public-ingressgateway-authz-policy ALLOW 61m
authorizationpolicy.security.istio.io/default-authz-allow-all-in-ns ALLOW 61m
authorizationpolicy.security.istio.io/default-authz-allow-nothing 61m
NAME HOSTS LOCATION RESOLUTION AGE
serviceentry.networking.istio.io/anchore-api-internal ["anchore-api.dev.bigbang.mil"] MESH_EXTERNAL DNS 61m
serviceentry.networking.istio.io/anchore-data-service-external ["data.anchore-enterprise.com"] MESH_EXTERNAL DNS 61m
serviceentry.networking.istio.io/anchore-ui-internal ["anchore.dev.bigbang.mil"] MESH_EXTERNAL DNS 61mLinked Issue
Upgrade Notices
N/A
Edited by Dax McDonald