Merge pull request #279 from anchore/dev-sync

Enterprise v4.9.0
anchore · Aug 23, 2023 · 157216c · 157216c
2 parents f7f5d23 + 43b72c0
commit 157216c
Show file tree

Hide file tree

Showing 11 changed files with 22 additions and 12 deletions.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -2,13 +2,12 @@ name: "Test using kind and chart-testing tool"
 
 on:
   - pull_request
-
 jobs:
   test:
     strategy:
       fail-fast: false
       matrix:
-        kubernetesVersion: ["v1.19.16", "v1.22.0", "v1.25.0"]
+        kubernetesVersion: ["v1.23.17", "v1.24.15", "v1.25.11", "v1.26.6", "v1.27.3"]
     runs-on: ubuntu-latest
     steps:
     - name: Checkout

diff --git a/README.md b/README.md
@@ -4,8 +4,8 @@ This repository contains Helm charts for deploying [Anchore](https://www.anchore
 
 ## Prerequisites
 
-- [Helm](https://helm.sh/) - Helm is a package manager for Kubernetes that makes it easy to install and manage applications on your cluster.
-- [Kubernetes](https://kubernetes.io/) - Kubernetes is an open-source container orchestration platform that is required to use Helm charts.
+- [Helm](https://helm.sh/) (>=3.8) - Helm is a package manager for Kubernetes that makes it easy to install and manage applications on your cluster.
+- [Kubernetes](https://kubernetes.io/) (>=1.25) - Kubernetes is an open-source container orchestration platform that is required to use Helm charts.
 
 ## Installation
 

diff --git a/stable/anchore-engine/Chart.yaml b/stable/anchore-engine/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: anchore-engine
-version: 1.26.6
+version: 1.27.0
 appVersion: 1.1.0
 description: Anchore container analysis and policy evaluation engine service
 keywords:

diff --git a/stable/anchore-engine/README.md b/stable/anchore-engine/README.md
@@ -198,6 +198,10 @@ A Helm post-upgrade hook job will shut down all previously running Anchore servi
 
 The upgrade will only be considered successful when this job completes successfully. Performing an upgrade will cause the Helm client to block until the upgrade job completes and the new Anchore service pods are started. To view progress of the upgrade process, tail the logs of the upgrade jobs `anchore-engine-upgrade` and `anchore-enterprise-upgrade`. These job resources will be removed upon a successful Helm upgrade.
 
+# Chart Version 1.27.0
+
+* Anchore Enterprise image updated to v4.9.0 - [Release Notes](https://docs.anchore.com/current/docs/releasenotes/490/)
+
 # Chart Version 1.26.3
 
 * Anchore Enterprise image updated to v4.8.1 - [Release Notes](https://docs.anchore.com/current/docs/releasenotes/481/)
@@ -527,6 +531,7 @@ metadata:
   name: anchore-enterprise-ui-env
 type: Opaque
 stringData:
+  # if using TLS to connect to Postgresql you must add the ?ssl=[require|verify-ca|verify-full] parameter to the end of the URI
   ANCHORE_APPDB_URI: postgresql://anchoreengine:anchore-postgres,123@anchore-postgresql:5432/anchore
   ANCHORE_REDIS_URI: redis://nouser:anchore-redis,123@anchore-ui-redis-master:6379
 ```

diff --git a/stable/anchore-engine/templates/engine_configmap.yaml b/stable/anchore-engine/templates/engine_configmap.yaml
@@ -67,6 +67,8 @@ data:
     # Defines a maximum compressed image size (MB) to be added for analysis
     # Value < 0 disables feature. Disabled by default
     max_compressed_image_size_mb: {{ default -1 .Values.anchoreGlobal.maxCompressedImageSizeMB }}
+    max_source_import_size_mb: {{ default 100 .Values.anchoreGlobal.maxSourceImportSizeMB }}
+    max_import_content_size_mb: {{ default 100 .Values.anchoreGlobal.maxImportContentSizeMB }}
 
     # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value
     # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.

diff --git a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml
@@ -172,6 +172,8 @@ data:
           {{- end }}
           sles:
             enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.slesDriverEnabled | quote) }}
+          mariner:
+            enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.marinerDriverEnabled) }}
           msrc:
             enabled: {{ .Values.anchoreEnterpriseFeeds.msrcDriverEnabled | quote }}
             {{- with .Values.anchoreEnterpriseFeeds.msrcWhitelist }}

diff --git a/stable/anchore-engine/values.yaml b/stable/anchore-engine/values.yaml
@@ -760,7 +760,7 @@ anchoreEnterpriseGlobal:
   # Create this secret with the following command - kubectl create secret generic anchore-enterprise-license --from-file=license.yaml=<PATH TO LICENSE.YAML>
   licenseSecretName: anchore-enterprise-license
 
-  image: docker.io/anchore/enterprise:v4.8.1
+  image: docker.io/anchore/enterprise:v4.9.0
 
   imagePullPolicy: IfNotPresent
   # Name of the kubernetes secret containing your dockerhub creds with access to the anchore enterprise images.
@@ -1124,7 +1124,7 @@ anchoreEnterpriseNotifications:
 anchoreEnterpriseUi:
   # If enabled is set to false, set ui-redis.enabled to false to ensure that helm doesn't stand up a unneccessary redis instance.
   enabled: true
-  image: docker.io/anchore/enterprise-ui:v4.8.0
+  image: docker.io/anchore/enterprise-ui:v4.9.0
   imagePullPolicy: IfNotPresent
 
   # Set extra environment variables. These will be set on all UI containers.

diff --git a/stable/ecs-inventory/Chart.yaml b/stable/ecs-inventory/Chart.yaml
@@ -20,7 +20,7 @@ maintainers:
     email: [email protected]
 
 type: application
-version: 0.0.2
+version: 0.0.3
 appVersion: "1.0.0"
 
 icon: https://anchore.com/wp-content/uploads/2016/08/anchore.png
diff --git a/stable/ecs-inventory/values.yaml b/stable/ecs-inventory/values.yaml
@@ -7,9 +7,10 @@
 ##
 replicaCount: 1
 
-## @param image Image used for all Anchore Enterprise deployments, excluding Anchore UI
+## @param image Image used for all Ecs Inventory deployment deployments
+## use docker.io/anchore/ecs-inventory:v1.1.0-fips-amd64 if you want an image built for fips use
 ##
-image: "docker.io/anchore/ecs-inventory:v1.0.0"
+image: "docker.io/anchore/ecs-inventory:v1.1.0"
 
 ## @param imagePullPolicy Image pull policy used by all deployments
 ## ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy

diff --git a/stable/k8s-inventory/Chart.yaml b/stable/k8s-inventory/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: k8s-inventory
-version: 0.0.2
+version: 0.0.4
 appVersion: "1.0.0"
 description: A Helm chart for Kubernetes Automated Inventory, which describes which images are in use in a given Kubernetes Cluster
 keywords:

diff --git a/stable/k8s-inventory/values.yaml b/stable/k8s-inventory/values.yaml
@@ -10,11 +10,12 @@ replicaCount: 1
 ## @param image.pullPolicy Image pull policy used by the K8s Inventory deployment
 ## @param image.repository Image used for the K8s Inventory deployment
 ## @param image.tag Image tag used for the K8s Inventory deployment
+## use tag v1.0.2-fips-amd64 if you want an image built for fips use
 ##
 image:
   pullPolicy: "IfNotPresent"
   repository: "anchore/k8s-inventory"
-  tag: "v1.0.0"
+  tag: "v1.1.1"
 
 ## @param imagePullSecrets secrets where Kubernetes should get the credentials for pulling private images
 ##