Merge branch 'documentation-standard' into 'main'

Documentation standard See merge request !33

Merge branch 'documentation-standard' into 'main'
Documentation standard See merge request !33
aba4931b · Jason Krause · a441c2cf · e8b1ceba · aba4931b · aba4931b
Commit aba4931b authored May 19, 2021 by Jason Krause 🎱
9 changed files
--- a/docs/Affinity.md
+++ b/docs/Affinity.md
 # Node Affinity & Anti-Affinity with Anchore

-Affinity is exposed through values options for Anchore. If you want to schedule your pods to deploy on specific nodes you can do that through the `nodeSelector` value and as needed the `affinity` value. Additional info is provided below as well to help in configuring this. 
+Affinity is exposed through values options for Anchore. If you want to schedule your pods to deploy on specific nodes you can do that through the `nodeSelector` value and as needed the `affinity` value. Additional info is provided below as well to help in configuring this.

-It is good to have a basic knowledge of node affinity and available options to you before customizing in this way - the upstream kubernetes documentation [has a good walkthrough of this](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).
+It is good to have a basic knowledge of node affinity and available options to you before customizing in this way - the upstream kubernetes documentation [has a good walk-through of this](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).

 ## Values for NodeSelector

@@ -84,4 +84,4 @@ anchoreEnterpriseUi:
 anchoreEnterpriseEngineUpgradeJob:
  nodeSelector: {}
  affinity: {}
-```
\ No newline at end of file
+```
--- a/docs/BBCHANGES.md
+++ b/docs/BBCHANGES.md
 # Changes needed for Big Bang and Ironbank Images

 Due to how Big Bang is making use of Anchore (from within Umbrella) there were values and chart changes that needed to be made.
-Additionally, the Ironbank images function in slightly different ways than upstream Dockerhub images, so additional 
+Additionally, the Ironbank images function in slightly different ways than upstream Dockerhub images, so additional
 modifications were made to support their use.

 This provides a log of these changes to make updates from upstream faster.
@@ -141,6 +141,7 @@ anchoreEnterpriseRbac:
 ## Other Modifications

 To support the BigBang wrapper to simplify SSO setup the following global saml option needs to bet set:
+
 ```yaml
 anchoreGlobal:
  saml:
@@ -148,6 +149,7 @@ anchoreGlobal:
 ```

 The following block needs to be added to the end of the _helpers.tpl file:
+
 ```yaml
 {{/*
 Expand the name of the chart.
@@ -176,6 +178,7 @@ tls.key: {{ $cert.Key | b64enc }}
 ```

 In `chart/templates/engine_configmap.yaml`, modify the metrics lines as such:
+
 ```yaml
    metrics:
      enabled: {{ .Values.monitoring.enabled }}
@@ -183,6 +186,7 @@ In `chart/templates/engine_configmap.yaml`, modify the metrics lines as such:
 ```

 Do the same in `chart/templates/enterprise_configmap.yaml`:
+
 ```yaml
    metrics:
      enabled: {{ .Values.monitoring.enabled }}
@@ -190,6 +194,7 @@ Do the same in `chart/templates/enterprise_configmap.yaml`:
 ```

 In `chart/templates/enterprise_feeds_configmap.yaml` also modify the metrics lines:
+
 ```yaml
    metrics:
      enabled: {{ .Values.monitoring.enabled }}

--- a/docs/CHART.md
+++ b/docs/CHART.md
@@ -8,16 +8,16 @@ Each of these services can be scaled and configured independently.

 See [Anchore Engine](https://github.com/anchore/anchore-engine) for more project details.

-NOTE: Big Bang's implementation is designed to be enabled and consumed from within a customer implementation of the Big Bang release. It is fully functional as a standalone Helm install, but Big Bang will enable best integration for Big Bang "extras" and ease of use. 
+NOTE: Big Bang's implementation is designed to be enabled and consumed from within a customer implementation of the Big Bang release. It is fully functional as a standalone Helm install, but Big Bang will enable best integration for Big Bang "extras" and ease of use.

 ## Chart Details

 The chart is split into global and service specific configurations for the OSS Anchore Engine, as well as global and services specific configurations for the Enterprise components. Additionally included are Big Bang specific configs.

-  * The top section provides customizable Big Bang values for SSO, Istio, and automating the license secret creation for enterprise.
-  * The `anchoreGlobal` section is for configuration values required by all Anchore Engine components.
-  * The `anchoreEnterpriseGlobal` section is for configuration values required by all Anchore Engine Enterprise components.
-  * Service specific configuration values allow customization for each individual service.
+* The top section provides customizable Big Bang values for SSO, Istio, and automating the license secret creation for enterprise.
+* The `anchoreGlobal` section is for configuration values required by all Anchore Engine components.
+* The `anchoreEnterpriseGlobal` section is for configuration values required by all Anchore Engine Enterprise components.
+* Service specific configuration values allow customization for each individual service.

 For a description of each component, view the official documentation at: [Anchore Enterprise Service Overview](https://docs.anchore.com/current/docs/overview/architecture/)

@@ -59,15 +59,15 @@ stringData:

 The following features are available to Anchore Enterprise customers. Please contact the Anchore team for more information about getting a license for the enterprise features. [Anchore Enterprise Demo](https://anchore.com/demo/)

-    * Role based access control
-    * LDAP integration
-    * Graphical user interface
-    * Customizable UI dashboards
-    * On-premises feeds service
-    * Proprietary vulnerability data feed (vulnDB, MSRC)
-    * Anchore reporting API
-    * Notifications - Slack, GitHub, Jira, etc
-    * Microsoft image vulnerability scanning
+* Role based access control
+* LDAP integration
+* Graphical user interface
+* Customizable UI dashboards
+* On-premises feeds service
+* Proprietary vulnerability data feed (vulnDB, MSRC)
+* Anchore reporting API
+* Notifications - Slack, GitHub, Jira, etc
+* Microsoft image vulnerability scanning

 ### Enabling Enterprise Services

@@ -179,6 +179,7 @@ stringData:
 ### Configuring Istio

 Istio can be configured to utilize your desired gateway(s) and host(s). To configure istio, pass the following options to the Anchore values:
+
 ```yaml
 stringData:
  values.yaml: |-

--- a/docs/KEYCLOAK.md
+++ b/docs/KEYCLOAK.md
@@ -6,7 +6,7 @@ This document summarizes helm values and manual steps that are required to integ

 ## Configuration Steps

-These are the items you need to do to configure Keycloak and Anchore for SSO in your Big Bang installation. 
+These are the items you need to do to configure Keycloak and Anchore for SSO in your Big Bang installation.

 ### Keycloak Configuration


--- a/docs/README.md
+++ b/docs/README.md
@@ -10,7 +10,7 @@ This repo contains Big Bang's implementation of Anchore. This includes the upstr
 - [Chart](./CHART.md)
 - [Affinity](./Affinity.md)

-# Structure
+## Structure

 This repo contains 3 main sections. The main chart is provided under the `chart` folder. Documentation is provided under the `docs` folder. Test and CI files are under the `tests` folder.


--- a/docs/metrics.md
+++ b/docs/metrics.md
@@ -3,99 +3,126 @@
 ## Anchore metrics

 anchore_db_read_seconds_count
+
 * Duration of the read processes conducted by anchore.

 anchore_db_read_seconds_created
+
 * Duration of the construction processes for read.

 anchore_db_read_seconds_sum
+
 * The sum of the duration of all read processes.

 anchore_db_readwrite_seconds_count
+
 * Duration of the readwrite processes conducted by anchore.

 anchore_db_readwrite_seconds_created
+
 * Duration of the construction processes for readwrite.

 anchore-db_readwrite_seconds_sum
+
 * The sum of the durations of all readwrite processes.

 anchore_db_write_seconds_count
+
 * Duration of the write processes conducted by anchore.

 anchore_db_write_seconds_created
+
 * Duration of the construction processes for write.

 anchore_db_write_seconds_sum
-*  The sum of the duration of all write processes.
+
+* The sum of the duration of all write processes.

 anchore_monitor_runtime_seconds_count
+
 * Duration of the runtime monitor processes conducted by anchore.

 anchore_monitor_runtime_seconds_created
+
 * Duration of the construction processes for runtime monitor.

 anchore_monitor_runtime_seconds_sum
+
 * The sum of the duration of all monitor process.

 anchore_queue_length
+
 * Number of images pending analysis.

 anchore_service_info
+
 * Returns info and status on the 4 services of Anchore.

 anchore_tmpspace_available_bytes
+
 * Available space in the "tmp_dir" location of each container.

 process_resident_memory_bytes
+
 * Memory consumed by the instance

 ### API service

 prometheus_api_remote_read_queries
+
 * Returns number of queries coming from the remote stream.

 ### Engine

 prometheus_engine_queries
+
 * The number of concurrent queries that the engine is reading.

 prometheus_engine_queries_concurrent_max
+
 * The number of maximum concurrent queries that the engine can read.

 prometheus_engine_query_duration_seconds_count
+
 * Duration of the query processes conducted by prometheus.

 prometheus_engine_query_duration_seconds
+
 * Duration of each process
-    * Differs from prometheus_engine_query_duration_seconds_count as the duration for every process is listed seperatly
+  * Differs from prometheus_engine_query_duration_seconds_count as the duration for every process is listed seperatly

 prometheus_engine_query_duration_seconds_sum
+
 * The sum of the duration of all engine query processes.

-## Prometheus metric queries 
+## Prometheus metric queries

 promhttp_metric_handler_requests_in_flight
+
 * The number of metric requests that are currently being processed.

 promhttp_metric_handler_requests_total
-* The total number of requests made. 
+
+* The total number of requests made.

 ### Troubleshooting

 If you encounter an error running a query, see the list below for guidance on resolving errors.

-Error executing query: invalid parameter 'query': 
-* This results whenever a syntax error is thown when a query is parsed. 
-    * Make sure that you have no spaces in your query.
-    * Make sure certain characters (e.g <>/;) are not inteferring your query.
+Error executing query: invalid parameter 'query':
+
+* This results whenever a syntax error is thrown when a query is parsed.
+  * Make sure that you have no spaces in your query.
+  * Make sure certain characters (e.g <>/;) are not interfering your query.

 parse error: unknown function
+
 * This error occurs when the query database parses a function that is not in the database
-    * Make sure the function that you are running is part of the database
+  * Make sure the function that you are running is part of the database

 No data
+
 * This results when the query is not in the list of available queries
-    * Make sure your query is among ones that are listed.
-    * Make sure that that your expression is spelled correctly.  
-    * Make sure the app is integrated correctly
\ No newline at end of file
+  * Make sure your query is among ones that are listed.
+  * Make sure that that your expression is spelled correctly.  
+  * Make sure the app is integrated correctly
--- a/docs/overview.md
+++ b/docs/overview.md
+# Anchore Enterprise
+
+Anchore Enterprise provides container inspection and compliance solutions. It protects against internal and external threats, enforces
+security best practices, and speed up DevSecOps workflows. Anchore Enterprise integrates seamlessly to enforce defined polices.
+
+Anchore Enterprises can be installed using the [Helm Chart](https://github.com/anchore/anchore-charts/tree/master/stable/anchore-engine), integrated into container based CI/CD
+pipeline with a [Jenkins Plugin](https://plugins.jenkins.io/anchore-container-scanner/), and used with the GitLab CI pipelines with the [GitLab integration guide](https://docs.anchore.com/current/docs/using/integration/ci_cd/gitlab/).
+
+## Anchore Software Components
+
+- On-premises Anchore Enterprise
+  - Web UI
+  - API
+  - Notifications
+  - RBAC
+  - Reporting
+  - Worker
+  - Queue
+  - Catalog
+  - CLI
+
+- On-premises Feed Service
+  - Enterprise UI
+  - Anchore CLI
+  - Jenkins Plugin
+  - CI Integration
+  - Enterprise RBAC
+  - Anchore Engine
+
+## Quick Start
+
+- [Docker Compose File](https://docs.anchore.com/current/docs/quickstart/docker-compose.yaml)
+- [Prometheus Configuration for Monitoring](https://docs.anchore.com/current/docs/quickstart/anchore-prometheus.yml)
+  - [Enabling Prometheus](https://docs.anchore.com/current/docs/quickstart/#optional-enabling-prometheus-monitoring)
+- [Swagger UI Nginx Proxy](https://docs.anchore.com/current/docs/quickstart/anchore-swaggerui-nginx.conf)
+  - [Enabling Swagger](https://docs.anchore.com/current/docs/quickstart/#optional-enabling-swagger-ui)
+  
+## More Topics
+
+- [Security](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/documentation-standard/docs/security.md)
+- [Troubleshooting](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/documentation-standard/docs/troubleshooting.md)
+
+Find more information on Anchore Enterprise [here](https://docs.anchore.com/current/docs/overview/).
--- a/docs/security.md
+++ b/docs/security.md
+# Security
+
+Anchore Enterprise supports user login to the User Interface through identities from external identity providers that support Security Assertion Markup Language (SAML). Anchore
+does not store any user credentials. However, usernames and anchore permissions are stored. The identity provider validates the user's access while an external provider validates the username and all first time user login information.
+
+The Anchore Enterprise deployment must be configured to utilize the SAML SSO.
+
+- It is required to Enable Oauth to ensure that Anchore can issue bearer tokens for subsequent API usage by the UI to the system APIs.
+
+- Hashed passwords are recommended.
+
+- From the user's browser, reach the Identity Provider's login URL.
+
+- Access the metadata XML endpoint in the Identity Provider.
+
+Configuration of SAML SSO is done using API/UI operations but requires configuration both in the user's Identity Provider and within Anchore.
+
+The Identity Provider must:
+
+- Support HTTP Redirect binding
+- Support signed assertions and signed documents
+- Allow unsigned client requests from Anchore
+- Allow unencrypted requests and responses
+
+Click the [link](https://docs.anchore.com/current/docs/overview/sso/) for more Anchore security information.
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
+# Troubleshooting Guide
+
+In this troubleshooting guide, we'll walk through several best-practice techniques to debug Anchore Enterprise.
+
+- The first recommended approach is to verify that the services are up and running and are in a healthy state.
+- The Event Subsystem can be utilized to identify issues.
+- Explore the event logs
+- Remove Repositories or Images
+
+For more Anchore Enterprise troubleshooting information click [here](https://docs.anchore.com/current/docs/troubleshooting/).