Merge branch 'configurable-gws' into 'main'

add configurable gws See merge request !29

Merge branch 'configurable-gws' into 'main'
add configurable gws See merge request !29
6560201b · bhearn · 67b5cdaa · 37f0f0a5 · 6560201b · 6560201b
Commit 6560201b authored Apr 02, 2021 by bhearn
7 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ## [1.12.7-bb.2]
 ### Changed
 - Added secrets and jobs for automated external Postgres database creation and user/password synchronization
+- Updated virtual services and values.yaml to allow for customizable gateways and hosts
+- Updated docs around dependencies
 ## [1.12.7-bb.1]
 ### Fixed

--- a/chart/README.md
+++ b/chart/README.md
@@ -242,21 +242,14 @@ See the anchore-engine [CHANGELOG](https://github.com/anchore/anchore-engine/blo
 A Helm post-upgrade hook job will shut down all previously running Anchore services and perform the Anchore DB upgrade process using a kubernetes job. The upgrade will only be considered successful when this job completes successfully. Performing an upgrade will cause the Helm client to block until the upgrade job completes and the new Anchore service pods are started. To view progress of the upgrade process, tail the logs of the upgrade jobs `anchore-engine-upgrade` and `anchore-enterprise-upgrade`. These job resources will be removed upon a successful helm upgrade.
-## Chart version 1.12.7
+## Chart version 1.12.0
-* Anchore Engine image updated to v0.9.3
-* Anchore Enterprise image updated to v3.0.2 (Anchore Enterprise UI image remains at v3.0.1)
-* An [issue](https://github.com/anchore/anchore-engine/issues/950) was found that effects users of Anchore Engine 0.9.0 - 0.9.2 scanning certain Java images. A new version of anchore-engine 0.9.3 fixes the issue.  Anchore Enterprise customers using Anchore Enterprise 3.0.0 or 3.0.1 should upgrade to 3.0.2.
-## Chart version 1.12.4
 ---
-* Anchore Engine image updated to v0.9.2
+* Anchore Engine image updated to v0.9.1
-* Anchore Enterprise images updated to v3.0.1
+* Anchore Enterprise images updated to v3.0.0
 * Existing secrets now work for Enterprise Feeds and Enterprise UI - see [existing secrets configuration](#-Utilize-an-Existing-Secret)
 * Anchore admin default password no longer defaults to `foobar`, if no password is specified a random string will be generated.
-* Bitnami redis helm chart replaced by Big Bang redis
 ## Chart version 1.10.0

--- a/chart/templates/bigbang/anchore-vs.yaml
+++ b/chart/templates/bigbang/anchore-vs.yaml
 ---
-{{- if and .Values.istio.enabled .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseUi.enabled }}
+{{- if and .Values.istio.enabled .Values.istio.ui.enabled .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseUi.enabled }}
 apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
 metadata:
  name: anchore-enterprise-ui-service
  namespace: {{ .Release.Namespace }}
+  {{- if .Values.istio.ui.labels }}
+  labels:
+{{ toYaml .Values.istio.ui.labels | indent 4 }}
+  {{- end }}
+  {{- if .Values.istio.ui.annotations }}
+  annotations:
+{{ toYaml .Values.istio.ui.annotations | indent 4 }}
+  {{- end }}
 spec:
  gateways:
-    - istio-system/main
+  {{- range .Values.istio.ui.gateways }}
+    - {{ . }}
+  {{- end }}
  hosts:
-    - "anchore.{{ .Values.hostname }}"
+  {{- range .Values.istio.ui.hosts }}
+    - {{ tpl . $ }}
+  {{- end }}
  http:
    - match:
        - uri:
@@ -21,17 +33,29 @@ spec:
            host: {{ .Release.Name }}-anchore-engine-enterprise-ui
 {{- end }}
 ---
-{{- if .Values.istio.enabled }}
+{{- if and .Values.istio.enabled .Values.istio.api.enabled }}
 apiVersion: networking.istio.io/v1beta1
 kind: VirtualService
 metadata:
  name: anchore-engine-api-service
  namespace: {{ .Release.Namespace }}
+  {{- if .Values.istio.api.labels }}
+  labels:
+{{ toYaml .Values.istio.api.labels | indent 4 }}
+  {{- end }}
+  {{- if .Values.istio.api.annotations }}
+  annotations:
+{{ toYaml .Values.istio.api.annotations | indent 4 }}
+  {{- end }}
 spec:
  gateways:
-    - istio-system/main
+  {{- range .Values.istio.api.gateways }}
+    - {{ . }}
+  {{- end }}
  hosts:
-    - "anchore-api.{{ .Values.hostname }}"
+  {{- range .Values.istio.api.hosts }}
+    - {{ tpl . $ }}
+  {{- end }}
  http:
    - match:
        - uri:

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -5,7 +5,26 @@
 hostname: bigbang.dev
 istio:
+  # Toggle istio integration
  enabled: false
+  ui:
+    # Toggle vs creation
+    enabled: true
+    annotations: {}
+    labels: {}
+    gateways:
+      - istio-system/main
+    hosts:
+      - "anchore.{{ .Values.hostname }}"
+  api:
+    # Toggle vs creation
+    enabled: true
+    annotations: {}
+    labels: {}
+    gateways:
+      - istio-system/main
+    hosts:
+      - "anchore-api.{{ .Values.hostname }}"
 # Enable Prometheus Monitoring
 monitoring:

--- a/docs/BBCHANGES.md
+++ b/docs/BBCHANGES.md
@@ -16,7 +16,26 @@ Added at the top of the values file are changes to support Istio, automated lice
 hostname: bigbang.dev
 istio:
+  # Toggle istio integration
  enabled: false
+  ui:
+    # Toggle vs creation
+    enabled: true
+    annotations: {}
+    labels: {}
+    gateways:
+      - istio-system/main
+    hosts:
+      - "anchore.{{ .Values.hostname }}"
+  api:
+    # Toggle vs creation
+    enabled: true
+    annotations: {}
+    labels: {}
+    gateways:
+      - istio-system/main
+    hosts:
+      - "anchore-api.{{ .Values.hostname }}"
 # Enable Prometheus Monitoring
 monitoring:

--- a/docs/CHART.md
+++ b/docs/CHART.md
@@ -176,6 +176,37 @@ stringData:
          password: "password"
 ```
+### Configuring Istio
+Istio can be configured to utilize your desired gateway(s) and host(s). To configure istio, pass the following options to the Anchore values:
+```yaml
+stringData:
+  values.yaml: |-
+    addons:
+      anchore:
+        values:
+          istio:
+            enabled: true
+            ui:
+              # Toggle vs creation
+              enabled: true
+              annotations: {}
+              labels: {}
+              gateways:
+                - istio-system/<INSERT_GATEWAY_HERE>
+              hosts:
+                - "<INSERT_ANCHORE_UI_HOST_HERE>.{{ .Values.hostname }}"
+            api:
+              # Toggle vs creation
+              enabled: true
+              annotations: {}
+              labels: {}
+              gateways:
+                - istio-system/<INSERT_GATEWAY_HERE>
+              hosts:
+                - "<INSERT_ANCHORE_API_HOST_HERE>.{{ .Values.hostname }}"
+```
 ### Enable SSO
 Big Bang has provided an automated way to configure SSO with Keycloak via the Helm chart. To enable and configure SSO follow the instructions in the main KEYCLOAK document.

--- a/docs/KEYCLOAK.md
+++ b/docs/KEYCLOAK.md
@@ -2,6 +2,8 @@
 This document summarizes helm values and manual steps that are required to integrate with Keycloak.
+**NOTE:** SSO requires an Anchore Enterprise license. To be onboarded and provided with a trial or production license, please send an email to publicsector@anchore.com including program name and contact details.
 ## Configuration Steps
 These are the items you need to do to configure Keycloak and Anchore for SSO in your Big Bang installation.