Anchore redeploys after every update due to randomly generated SAML secret

Bug

Description

After every helm update, Anchore will completely redeploy. This is because all of the resources have a checksum on the configmaps and secrets, which redeploy when the values change. And here we use a randomly generated SAML secret.

BigBang Version

1.14

Possible solution

This solution suggests the following code:

# store the secret-name as var
# in my case, the name was very long and containing a lot of fields
# so it helps me a lot
{{- $secret_name := "your-secret-name" -}}

apiVersion: v1
kind: Secret
metadata:
  name: {{ $secret_name }}

data:
  # try to get the old secret
  # keep in mind, that a dry-run only returns an empty map 
  {{- $old_sec := lookup "v1" "Secret" .Release.Namespace $secret_name }}

  # check, if a secret is already set
  {{- if or (not $old_sec) (not $old_sec.data) }}
  # if not set, then generate a new password
  db-password: {{ randAlphaNum 20 | b64enc }}
  {{ else }}
  # if set, then use the old value
  db-password: {{ index $old_sec.data "db-password" }}
  {{ end }}

Admin message

Anchore redeploys after every update due to randomly generated SAML secret

Bug

Description

BigBang Version

Possible solution