diff --git a/CHANGELOG.md b/CHANGELOG.md index 2ed0a0ac593b8c145bf8209cebd1d2ca5d731e41..c5b044bbc889d61300d7d504622fdf4335e043bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [1.12.7-bb.2] ### Changed - Added secrets and jobs for automated external Postgres database creation and user/password synchronization +- Updated virtual services and values.yaml to allow for customizable gateways and hosts +- Updated docs around dependencies ## [1.12.7-bb.1] ### Fixed diff --git a/chart/README.md b/chart/README.md index 3c0e4143e7aa529138983f857c3e01dcecafb5b6..7c54421968d2acc249503db202a7708ad1f3d1e5 100644 --- a/chart/README.md +++ b/chart/README.md @@ -242,21 +242,14 @@ See the anchore-engine [CHANGELOG](https://github.com/anchore/anchore-engine/blo A Helm post-upgrade hook job will shut down all previously running Anchore services and perform the Anchore DB upgrade process using a kubernetes job. The upgrade will only be considered successful when this job completes successfully. Performing an upgrade will cause the Helm client to block until the upgrade job completes and the new Anchore service pods are started. To view progress of the upgrade process, tail the logs of the upgrade jobs `anchore-engine-upgrade` and `anchore-enterprise-upgrade`. These job resources will be removed upon a successful helm upgrade. -## Chart version 1.12.7 - -* Anchore Engine image updated to v0.9.3 -* Anchore Enterprise image updated to v3.0.2 (Anchore Enterprise UI image remains at v3.0.1) -* An [issue](https://github.com/anchore/anchore-engine/issues/950) was found that effects users of Anchore Engine 0.9.0 - 0.9.2 scanning certain Java images. A new version of anchore-engine 0.9.3 fixes the issue. Anchore Enterprise customers using Anchore Enterprise 3.0.0 or 3.0.1 should upgrade to 3.0.2. - -## Chart version 1.12.4 +## Chart version 1.12.0 --- -* Anchore Engine image updated to v0.9.2 -* Anchore Enterprise images updated to v3.0.1 +* Anchore Engine image updated to v0.9.1 +* Anchore Enterprise images updated to v3.0.0 * Existing secrets now work for Enterprise Feeds and Enterprise UI - see [existing secrets configuration](#-Utilize-an-Existing-Secret) * Anchore admin default password no longer defaults to `foobar`, if no password is specified a random string will be generated. -* Bitnami redis helm chart replaced by Big Bang redis ## Chart version 1.10.0 @@ -766,4 +759,4 @@ To update the number in a running configuration: ```bash helm upgrade --set anchoreAnalyzer.replicaCount=2 anchore/anchore-engine -f anchore_values.yaml -``` +``` \ No newline at end of file diff --git a/chart/templates/bigbang/anchore-vs.yaml b/chart/templates/bigbang/anchore-vs.yaml index 3a13e46624394e632a0d73fc0e528c7496b623f0..bd0327138ca947800ad86e62c78208aac4d8e80e 100644 --- a/chart/templates/bigbang/anchore-vs.yaml +++ b/chart/templates/bigbang/anchore-vs.yaml @@ -1,15 +1,27 @@ --- -{{- if and .Values.istio.enabled .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseUi.enabled }} +{{- if and .Values.istio.enabled .Values.istio.ui.enabled .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseUi.enabled }} apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: anchore-enterprise-ui-service namespace: {{ .Release.Namespace }} + {{- if .Values.istio.ui.labels }} + labels: +{{ toYaml .Values.istio.ui.labels | indent 4 }} + {{- end }} + {{- if .Values.istio.ui.annotations }} + annotations: +{{ toYaml .Values.istio.ui.annotations | indent 4 }} + {{- end }} spec: gateways: - - istio-system/main + {{- range .Values.istio.ui.gateways }} + - {{ . }} + {{- end }} hosts: - - "anchore.{{ .Values.hostname }}" + {{- range .Values.istio.ui.hosts }} + - {{ tpl . $ }} + {{- end }} http: - match: - uri: @@ -21,17 +33,29 @@ spec: host: {{ .Release.Name }}-anchore-engine-enterprise-ui {{- end }} --- -{{- if .Values.istio.enabled }} +{{- if and .Values.istio.enabled .Values.istio.api.enabled }} apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: anchore-engine-api-service namespace: {{ .Release.Namespace }} + {{- if .Values.istio.api.labels }} + labels: +{{ toYaml .Values.istio.api.labels | indent 4 }} + {{- end }} + {{- if .Values.istio.api.annotations }} + annotations: +{{ toYaml .Values.istio.api.annotations | indent 4 }} + {{- end }} spec: gateways: - - istio-system/main + {{- range .Values.istio.api.gateways }} + - {{ . }} + {{- end }} hosts: - - "anchore-api.{{ .Values.hostname }}" + {{- range .Values.istio.api.hosts }} + - {{ tpl . $ }} + {{- end }} http: - match: - uri: diff --git a/chart/values.yaml b/chart/values.yaml index c24743193633077cf49d172f098d6f374f0c3de0..398851e66a6feafebde4a391acda9ae474b93db9 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -5,7 +5,26 @@ hostname: bigbang.dev istio: + # Toggle istio integration enabled: false + ui: + # Toggle vs creation + enabled: true + annotations: {} + labels: {} + gateways: + - istio-system/main + hosts: + - "anchore.{{ .Values.hostname }}" + api: + # Toggle vs creation + enabled: true + annotations: {} + labels: {} + gateways: + - istio-system/main + hosts: + - "anchore-api.{{ .Values.hostname }}" # Enable Prometheus Monitoring monitoring: diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md index 2dca5c8c045b8403c9f2c602d8763ecd720f642f..71e342b49bdcc02e19cff9c91d082589740d9f2e 100644 --- a/docs/BBCHANGES.md +++ b/docs/BBCHANGES.md @@ -16,7 +16,26 @@ Added at the top of the values file are changes to support Istio, automated lice hostname: bigbang.dev istio: + # Toggle istio integration enabled: false + ui: + # Toggle vs creation + enabled: true + annotations: {} + labels: {} + gateways: + - istio-system/main + hosts: + - "anchore.{{ .Values.hostname }}" + api: + # Toggle vs creation + enabled: true + annotations: {} + labels: {} + gateways: + - istio-system/main + hosts: + - "anchore-api.{{ .Values.hostname }}" # Enable Prometheus Monitoring monitoring: diff --git a/docs/CHART.md b/docs/CHART.md index 418cd1e6099f5fff0abf2c198a71ef1dc15bf196..798e2dc9e568d29f6b1670123a54035a93a072ec 100644 --- a/docs/CHART.md +++ b/docs/CHART.md @@ -176,6 +176,37 @@ stringData: password: "password" ``` +### Configuring Istio + +Istio can be configured to utilize your desired gateway(s) and host(s). To configure istio, pass the following options to the Anchore values: +```yaml +stringData: + values.yaml: |- + addons: + anchore: + values: + istio: + enabled: true + ui: + # Toggle vs creation + enabled: true + annotations: {} + labels: {} + gateways: + - istio-system/ + hosts: + - ".{{ .Values.hostname }}" + api: + # Toggle vs creation + enabled: true + annotations: {} + labels: {} + gateways: + - istio-system/ + hosts: + - ".{{ .Values.hostname }}" +``` + ### Enable SSO Big Bang has provided an automated way to configure SSO with Keycloak via the Helm chart. To enable and configure SSO follow the instructions in the main KEYCLOAK document. diff --git a/docs/KEYCLOAK.md b/docs/KEYCLOAK.md index d025f9bf60deeda71b5bace0e6e9bf15625fd151..5b1b3862840c245873b27b812a76f17f75e013ac 100644 --- a/docs/KEYCLOAK.md +++ b/docs/KEYCLOAK.md @@ -2,6 +2,8 @@ This document summarizes helm values and manual steps that are required to integrate with Keycloak. +**NOTE:** SSO requires an Anchore Enterprise license. To be onboarded and provided with a trial or production license, please send an email to publicsector@anchore.com including program name and contact details. + ## Configuration Steps These are the items you need to do to configure Keycloak and Anchore for SSO in your Big Bang installation.