From b2614b4913951b436a9c960f79f72312bb953c86 Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Mon, 23 Aug 2021 12:40:11 -0400 Subject: [PATCH] initial redeploy fix --- CHANGELOG.md | 4 ++++ chart/Chart.yaml | 2 +- chart/templates/engine_secret.yaml | 10 +++++++--- chart/templates/enterprise_feeds_secret.yaml | 8 ++++++-- docs/BBCHANGES.md | 12 ++++++++++++ 5 files changed, 30 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b3ea840..2cdfef2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), --- +## [1.13.0-bb.7] +### Fixed +- modified `./chart/templates/engine_secret.yaml` and `./chart/templates/enterprise_feeds_secret.yaml` to set `ANCHORE_SAML_SECRET` to a randomly generated value if not set and the previous secret does not exist + ## [1.13.0-bb.6] ## Changed - updated bb-test-lib dependency to gluon `0.2.3` to resolve OPA Gatekeeper violations diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 405d6bb..780a361 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: anchore-engine -version: 1.13.0-bb.6 +version: 1.13.0-bb.7 appVersion: 0.10.0 description: Anchore container analysis and policy evaluation engine service keywords: diff --git a/chart/templates/engine_secret.yaml b/chart/templates/engine_secret.yaml index e23cc63..9138cf9 100644 --- a/chart/templates/engine_secret.yaml +++ b/chart/templates/engine_secret.yaml @@ -14,7 +14,11 @@ metadata: type: Opaque stringData: ANCHORE_DB_PASSWORD: {{ index .Values "postgresql" "postgresPassword" | quote }} - {{- with .Values.anchoreGlobal.saml.secret }} - ANCHORE_SAML_SECRET: {{ . }} + {{- $anchorefullname := include "anchore-engine.fullname" . -}} + {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }} + {{- if or (not $old_secret) (not $old_secret.data) }} + ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNum 12) | quote }} + {{ else }} + ANCHORE_SAML_SECRET: {{ index $old_secret.data "ANCHORE_SAML_SECRET" }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/templates/enterprise_feeds_secret.yaml b/chart/templates/enterprise_feeds_secret.yaml index 6addc0c..924c11b 100644 --- a/chart/templates/enterprise_feeds_secret.yaml +++ b/chart/templates/enterprise_feeds_secret.yaml @@ -15,8 +15,12 @@ metadata: type: Opaque stringData: ANCHORE_FEEDS_DB_PASSWORD: {{ index .Values "anchore-feeds-db" "postgresPassword" | quote }} - {{- with .Values.anchoreGlobal.saml.secret }} - ANCHORE_SAML_SECRET: {{ . }} + {{- $anchorefullname := include "anchore-engine.fullname" . -}} + {{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }} + {{- if or (not $old_secret) (not $old_secret.data) }} + ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNum 12) | quote }} + {{ else }} + ANCHORE_SAML_SECRET: {{ index $old_secret.data "ANCHORE_SAML_SECRET" }} {{- end }} {{- with .Values.anchoreEnterpriseFeeds.msrcApiKey }} ANCHORE_MSRC_KEY: {{ . | quote }} diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md index 267ef24..09c4f09 100644 --- a/docs/BBCHANGES.md +++ b/docs/BBCHANGES.md @@ -210,4 +210,16 @@ Additionally, a field was added to `chart/templates/engine_upgrade_job.yaml`, `e ```yaml resources: {{ toYaml .Values.anchoreEngineUpgradeJob.resources | nindent 10 }} +``` + +To resolve an issue where Anchore would redeploy after every update, `./chart/templates/engine_secret.yaml` and `./chart/templates/enterprise_feeds_secret.yaml` were modified to set `ANCHORE_SAML_SECRET` to a randomly generated value if not set and the previous secret does not exist: + +```yaml +{{- $anchorefullname := include "anchore-engine.fullname" . -}} +{{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }} +{{- if or (not $old_secret) (not $old_secret.data) }} +ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNum 12) | quote }} +{{ else }} +ANCHORE_SAML_SECRET: {{ index $old_secret.data "ANCHORE_SAML_SECRET" }} +{{- end }} ``` \ No newline at end of file -- GitLab