UNCLASSIFIED

Skip to content

GitLab

Commit b65ec397 authored by bhearn7's avatar bhearn7
Browse files

update saml in configmaps

parent c3c03e6a
Pipeline #439006 passed with stages
in 3 minutes and 13 seconds
Show whitespace changes
Inline Side-by-side
Showing with 31 additions and 4 deletions
CHANGELOG.md
View file @ b65ec397
...@@ -7,6 +7,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ...@@ -7,6 +7,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
## [1.13.0-bb.7] ## [1.13.0-bb.7]
### Fixed ### Fixed
- to resolve an issue where Anchore would redeploy after every update, `./chart/templates/engine_secret.yaml` and `./chart/templates/enterprise_feeds_secret.yaml` were modified to set `ANCHORE_SAML_SECRET` to a randomly generated value if not set and the previous secret does not exist - to resolve an issue where Anchore would redeploy after every update, `./chart/templates/engine_secret.yaml` and `./chart/templates/enterprise_feeds_secret.yaml` were modified to set `ANCHORE_SAML_SECRET` to a randomly generated value if not set and the previous secret does not exist
### Changed
- `./chart/templates/engine_configmap.yaml`, `./chart/templates/enterprise_configmap.yaml`, and `./chart/templates/enterprise_feeds_confimap.yaml` were modified to set appropriate saml secret credentials when a saml secret has been randomly generated but left `Null` by the user at `.Values.anchoreGlobal.saml.secret`
## [1.13.0-bb.6] ## [1.13.0-bb.6]
### Changed ### Changed
......
chart/templates/engine_configmap.yaml
View file @ b65ec397
...@@ -59,7 +59,9 @@ data: ...@@ -59,7 +59,9 @@ data:
# Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
# Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs. # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
keys: keys:
{{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret }} {{- $anchorefullname := include "anchore-engine.fullname" . -}}
{{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
{{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret $old_secret }}
secret: ${ANCHORE_SAML_SECRET} secret: ${ANCHORE_SAML_SECRET}
{{- end }} {{- end }}
{{- with .Values.anchoreGlobal.saml.publicKeyName }} {{- with .Values.anchoreGlobal.saml.publicKeyName }}
......
chart/templates/enterprise_configmap.yaml
View file @ b65ec397
...@@ -41,7 +41,9 @@ data: ...@@ -41,7 +41,9 @@ data:
# Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
# Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs. # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
keys: keys:
{{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret }} {{- $anchorefullname := include "anchore-engine.fullname" . -}}
{{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
{{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret $old_secret }}
secret: ${ANCHORE_SAML_SECRET} secret: ${ANCHORE_SAML_SECRET}
{{- end }} {{- end }}
{{- with .Values.anchoreGlobal.saml.publicKeyName }} {{- with .Values.anchoreGlobal.saml.publicKeyName }}
......
chart/templates/enterprise_feeds_configmap.yaml
View file @ b65ec397
...@@ -35,7 +35,9 @@ data: ...@@ -35,7 +35,9 @@ data:
# Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
# Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs. # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
keys: keys:
{{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret }} {{- $anchorefullname := include "anchore-engine.fullname" . -}}
{{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
{{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret $old_secret }}
secret: ${ANCHORE_SAML_SECRET} secret: ${ANCHORE_SAML_SECRET}
{{- end }} {{- end }}
{{- with .Values.anchoreGlobal.saml.publicKeyName }} {{- with .Values.anchoreGlobal.saml.publicKeyName }}
......
docs/BBCHANGES.md
View file @ b65ec397
...@@ -164,6 +164,8 @@ Create chart name and version as used by the chart label. ...@@ -164,6 +164,8 @@ Create chart name and version as used by the chart label.
{{- end -}} {{- end -}}
``` ```
---
In `chart/templates/engine_configmap.yaml`, modify the metrics lines as such: In `chart/templates/engine_configmap.yaml`, modify the metrics lines as such:
```yaml ```yaml
...@@ -197,6 +199,8 @@ And set required environment variables in `chart/templates/enterprise_feed_deplo ...@@ -197,6 +199,8 @@ And set required environment variables in `chart/templates/enterprise_feed_deplo
value: {{ .Values.monitoring.enabled | quote }} value: {{ .Values.monitoring.enabled | quote }}
``` ```
---
To resolve a race condition in Big Bang CI pipelines, an additional sleep argument was added in `chart/templates/engine_upgrade_job.yaml`, `enterprise_upgrade_job.yaml`, and `enterprise_feeds_upgrade_jobs.yaml`: To resolve a race condition in Big Bang CI pipelines, an additional sleep argument was added in `chart/templates/engine_upgrade_job.yaml`, `enterprise_upgrade_job.yaml`, and `enterprise_feeds_upgrade_jobs.yaml`:
```yaml ```yaml
...@@ -205,13 +209,17 @@ To resolve a race condition in Big Bang CI pipelines, an additional sleep argume ...@@ -205,13 +209,17 @@ To resolve a race condition in Big Bang CI pipelines, an additional sleep argume
anchore-manager db --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME} upgrade --dontask; anchore-manager db --db-connect postgresql://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}/${ANCHORE_DB_NAME} upgrade --dontask;
``` ```
Additionally, a field was added to `chart/templates/engine_upgrade_job.yaml`, `enterprise_upgrade_job.yaml`, and `enterprise_feeds_upgrade_jobs.yaml` to allow users to specify container resource requests and limits for the jobs. This was done to resolve OPA Gatekeeper violations around container resources and ratios: ---
To resolve OPA Gatekeeper violations around container resources and ratios, a field was added to `chart/templates/engine_upgrade_job.yaml`, `enterprise_upgrade_job.yaml`, and `enterprise_feeds_upgrade_jobs.yaml` to allow users to specify container resource requests and limits for the jobs:
```yaml ```yaml
resources: resources:
{{ toYaml .Values.anchoreEngineUpgradeJob.resources | nindent 10 }} {{ toYaml .Values.anchoreEngineUpgradeJob.resources | nindent 10 }}
``` ```
---
To resolve an issue where Anchore would redeploy after every update, `./chart/templates/engine_secret.yaml` and `./chart/templates/enterprise_feeds_secret.yaml` were modified to set `ANCHORE_SAML_SECRET` to a randomly generated value if not set and the previous secret does not exist: To resolve an issue where Anchore would redeploy after every update, `./chart/templates/engine_secret.yaml` and `./chart/templates/enterprise_feeds_secret.yaml` were modified to set `ANCHORE_SAML_SECRET` to a randomly generated value if not set and the previous secret does not exist:
```yaml ```yaml
...@@ -223,3 +231,14 @@ ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNu ...@@ -223,3 +231,14 @@ ANCHORE_SAML_SECRET: {{ .Values.anchoreGlobal.saml.secret | default (randAlphaNu
ANCHORE_SAML_SECRET: {{ index $old_secret.data "ANCHORE_SAML_SECRET" }} ANCHORE_SAML_SECRET: {{ index $old_secret.data "ANCHORE_SAML_SECRET" }}
{{- end }} {{- end }}
``` ```
Additionally, `./chart/templates/engine_configmap.yaml`, `./chart/templates/enterprise_configmap.yaml`, and `./chart/templates/enterprise_feeds_confimap.yaml` were modified to set appropriate saml secret credentials when the saml secret has been randomly generated but left `Null` by the user at `.Values.anchoreGlobal.saml.secret`:
```yaml
keys:
{{- $anchorefullname := include "anchore-engine.fullname" . -}}
{{- $old_secret := lookup "v1" "Secret" .Release.Namespace $anchorefullname }}
{{- if or .Values.anchoreGlobal.saml.secret .Values.anchoreGlobal.saml.useExistingSecret $old_secret }}
secret: ${ANCHORE_SAML_SECRET}
{{- end }}
```
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED