Update enterprise 3.0 (#118)

* remove policy hub uri from UI config Signed-off-by: Brady Todhunter <[email protected]> * add max_compressed_image_size_md config Signed-off-by: Brady Todhunter <[email protected]> * bump image versions Signed-off-by: Brady Todhunter <[email protected]> * Add units to max image size config value Signed-off-by: Zane Burstein <[email protected]> * remove default admin password from values Signed-off-by: Brady Todhunter <[email protected]> * Policy bundle updates (#115) * Add new policy bundles. Signed-off-by: Daniel Palmer <[email protected]> * Helm changes to add policy bundle files. Signed-off-by: Daniel Palmer <[email protected]> * bump app version Signed-off-by: Brady Todhunter <[email protected]> * fix linting issues Signed-off-by: Brady Todhunter <[email protected]> * add release notes for v1.12.0 Signed-off-by: Brady Todhunter <[email protected]> Co-authored-by: Zane Burstein <[email protected]> Co-authored-by: Dan Palmer <[email protected]>
anchore · Feb 4, 2021 · ee88474 · ee88474
1 parent 70e3d21
commit ee88474
Show file tree

Hide file tree

Showing 11 changed files with 373 additions and 451 deletions.
diff --git a/stable/anchore-engine/Chart.yaml b/stable/anchore-engine/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: anchore-engine
-version: 1.11.7
-appVersion: 0.9.0
+version: 1.12.0
+appVersion: 0.9.1
 description: Anchore container analysis and policy evaluation engine service
 keywords:
  - analysis

diff --git a/stable/anchore-engine/README.md b/stable/anchore-engine/README.md
diff --git a/stable/anchore-engine/templates/analyzer_deployment.yaml b/stable/anchore-engine/templates/analyzer_deployment.yaml
@@ -132,8 +132,6 @@ spec:
         - name: config-volume
           mountPath: /config/config.yaml
           subPath: config.yaml
-        - name: policy-bundle-volume
-          mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
         {{- if (.Values.anchoreGlobal.certStoreSecretName) }}
         - name: certs
           mountPath: /home/anchore/certs/
@@ -188,9 +186,6 @@ spec:
         - name: analyzer-config-volume
           configMap:
             name: {{ template "anchore-engine.analyzer.fullname" . }}
-        - name: policy-bundle-volume
-          configMap:
-            name: {{ template "anchore-engine.fullname" . }}-policy-bundles
         {{- if .Values.anchoreGlobal.openShiftDeployment }}
         - name: service-config-volume
           emptyDir: {}

diff --git a/stable/anchore-engine/templates/api_deployment.yaml b/stable/anchore-engine/templates/api_deployment.yaml
@@ -122,8 +122,13 @@ spec:
         - name: config-volume
           mountPath: /config/config.yaml
           subPath: config.yaml
+        {{- if .Values.anchoreGlobal.policyBundles }}
+        {{- range $key, $value := .Values.anchoreGlobal.policyBundles }}
         - name: policy-bundle-volume
-          mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
+          mountPath: {{ $.Values.anchoreGlobal.serviceDir  }}/bundles/{{ $key }}
+          subPath: {{ $key }}
+        {{- end }}
+        {{- end }}
         {{- if .Values.anchoreGlobal.openShiftDeployment }}
         - name: service-config-volume
           mountPath: /anchore_service_config
@@ -195,8 +200,6 @@ spec:
         - name: enterprise-config-volume
           mountPath: /config/config.yaml
           subPath: config.yaml
-        - name: policy-bundle-volume
-          mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
         {{- if (.Values.anchoreGlobal.certStoreSecretName) }}
         - name: certs
           mountPath: /home/anchore/certs/
@@ -267,8 +270,6 @@ spec:
         - name: enterprise-config-volume
           mountPath: /config/config.yaml
           subPath: config.yaml
-        - name: policy-bundle-volume
-          mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
         {{- if (.Values.anchoreGlobal.certStoreSecretName) }}
         - name: certs
           mountPath: /home/anchore/certs/
@@ -339,8 +340,6 @@ spec:
         - name: anchore-license
           mountPath: /home/anchore/license.yaml
           subPath: license.yaml
-        - name: policy-bundle-volume
-          mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
         {{- if (.Values.anchoreGlobal.certStoreSecretName) }}
         - name: certs
           mountPath: /home/anchore/certs/
@@ -413,8 +412,6 @@ spec:
         - name: anchore-license
           mountPath: /home/anchore/license.yaml
           subPath: license.yaml
-        - name: policy-bundle-volume
-          mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
         {{- if (.Values.anchoreGlobal.certStoreSecretName) }}
         - name: certs
           mountPath: /home/anchore/certs/
@@ -458,9 +455,11 @@ spec:
         - name: config-volume
           configMap:
             name: {{ template "anchore-engine.fullname" . }}
+        {{- if .Values.anchoreGlobal.policyBundles }}
         - name: policy-bundle-volume
           configMap:
             name: {{ template "anchore-engine.fullname" . }}-policy-bundles
+        {{- end }}
         {{- if .Values.anchoreGlobal.openShiftDeployment }}
         - name: service-config-volume
           emptyDir: {}

diff --git a/stable/anchore-engine/templates/catalog_deployment.yaml b/stable/anchore-engine/templates/catalog_deployment.yaml
@@ -115,8 +115,13 @@ spec:
         - name: config-volume
           mountPath: /config/config.yaml
           subPath: config.yaml
+        {{- if .Values.anchoreGlobal.policyBundles }}
+        {{- range $key, $value := .Values.anchoreGlobal.policyBundles }}
         - name: policy-bundle-volume
-          mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
+          mountPath: {{ $.Values.anchoreGlobal.serviceDir  }}/bundles/{{ $key }}
+          subPath: {{ $key }}
+        {{- end }}
+        {{- end }}
         {{- if .Values.anchoreGlobal.openShiftDeployment }}
         - name: service-config-volume
           mountPath: /anchore_service_config
@@ -164,9 +169,11 @@ spec:
         - name: config-volume
           configMap:
             name: {{ template "anchore-engine.fullname" . }}
+        {{- if .Values.anchoreGlobal.policyBundles }}
         - name: policy-bundle-volume
           configMap:
             name: {{ template "anchore-engine.fullname" . }}-policy-bundles
+        {{- end }}
         {{- if .Values.anchoreGlobal.openShiftDeployment }}
         - name: service-config-volume
           emptyDir: {}

diff --git a/stable/anchore-engine/templates/engine_configmap.yaml b/stable/anchore-engine/templates/engine_configmap.yaml
@@ -28,6 +28,7 @@ data:
 
     global_client_connect_timeout: {{ default 0 .Values.anchoreGlobal.clientConnectTimeout }}
     global_client_read_timeout: {{ default 0 .Values.anchoreGlobal.clientReadTimeout }}
+    max_compressed_image_size_mb: {{ default -1 .Values.anchoreGlobal.maxCompressedImageSizeMB }}
 
     metrics:
       enabled: {{ .Values.anchoreGlobal.enableMetrics }}

diff --git a/stable/anchore-engine/templates/enterprise_ui_configmap.yaml b/stable/anchore-engine/templates/enterprise_ui_configmap.yaml
@@ -51,7 +51,6 @@ data:
     enable_proxy: {{ .Values.anchoreEnterpriseUi.enableProxy }}
     allow_shared_login: {{ .Values.anchoreEnterpriseUi.enableSharedLogin }}
     redis_flushdb: {{ .Values.anchoreEnterpriseUi.redisFlushdb }}
-    policy_hub_uri: {{ .Values.anchoreEnterpriseUi.policyHubUri }}
     {{- with .Values.anchoreEnterpriseUi.customLinks }}
     custom_links:
       title: {{ .title }}

diff --git a/stable/anchore-engine/templates/policy_bundle_configmap.yaml b/stable/anchore-engine/templates/policy_bundle_configmap.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.anchoreGlobal.policyBundles }}
 kind: ConfigMap
 apiVersion: v1
 metadata:
@@ -11,142 +12,7 @@ metadata:
     {{ toYaml . | nindent 4 }}
     {{- end }}
 data:
-  anchore_default_bundle.json: |
-    {
-      "id": "2c53a13c-1765-11e8-82ef-23527761d060",
-      "version": "1_0",
-      "name": "Default bundle",
-      "comment": "Default bundle",
-      "whitelisted_images": [],
-      "blacklisted_images": [],
-      "mappings": [
-        {
-          "name": "default",
-          "repository": "*",
-          "image": {
-            "type": "tag",
-            "value": "*"
-          },
-          "whitelist_ids": [
-            "37fd763e-1765-11e8-add4-3b16c029ac5c"
-          ],
-          "registry": "*",
-          "id": "c4f9bf74-dc38-4ddf-b5cf-00e9c0074611",
-          "policy_id": "48e6f7d6-1765-11e8-b5f9-8b6f228548b6"
-        }
-      ],
-      "whitelists": [
-        {
-          "comment": "Default global whitelist",
-          "items": [],
-          "version": "1_0",
-          "id": "37fd763e-1765-11e8-add4-3b16c029ac5c",
-          "name": "Global Whitelist"
-        }
-      ],
-      "policies": [
-        {
-          "comment": "System default policy",
-          "rules": [
-            {
-              "action": "STOP",
-              "gate": "dockerfile",
-              "trigger": "exposed_ports",
-              "params": [
-                {
-                  "name": "ports",
-                  "value": "22"
-                },
-                {
-                  "name": "type",
-                  "value": "blacklist"
-                }
-              ],
-              "id": "ce7b8000-829b-4c27-8122-69cd59018400"
-            },
-            {
-              "action": "WARN",
-              "gate": "dockerfile",
-              "trigger": "instruction",
-              "params": [
-                {
-                  "name": "instruction",
-                  "value": "HEALTHCHECK"
-                },
-                {
-                  "name": "check",
-                  "value": "not_exists"
-                }
-              ],
-              "id": "312d9e41-1c05-4e2f-ad89-b7d34b0855bb"
-            },
-            {
-              "action": "WARN",
-              "gate": "vulnerabilities",
-              "trigger": "stale_feed_data",
-              "params": [
-                {
-                  "name": "max_days_since_sync",
-                  "value": "2"
-                }
-              ],
-              "id": "6b5c14e7-a6f7-48cc-99d2-959273a2c6fa"
-            },
-            {
-              "action": "WARN",
-              "gate": "vulnerabilities",
-              "trigger": "vulnerability_data_unavailable",
-              "params": [],
-              "id": "3e79ea94-18c4-4d26-9e29-3b9172a62c2e"
-            },
-            {
-              "action": "WARN",
-              "gate": "vulnerabilities",
-              "trigger": "package",
-              "params": [
-                {
-                  "name": "package_type",
-                  "value": "all"
-                },
-                {
-                  "name": "severity_comparison",
-                  "value": "="
-                },
-                {
-                  "name": "severity",
-                  "value": "medium"
-                }
-              ],
-              "id": "6063fdde-b1c5-46af-973a-915739451ac4"
-            },
-            {
-              "action": "STOP",
-              "gate": "vulnerabilities",
-              "trigger": "package",
-              "params": [
-                {
-                  "name": "package_type",
-                  "value": "all"
-                },
-                {
-                  "name": "severity_comparison",
-                  "value": ">"
-                },
-                {
-                  "name": "severity",
-                  "value": "medium"
-                }
-              ],
-              "id": "b30e8abc-444f-45b1-8a37-55be1b8c8bb5"
-            }
-          ],
-          "version": "1_0",
-          "id": "48e6f7d6-1765-11e8-b5f9-8b6f228548b6",
-          "name": "DefaultPolicy"
-        }
-      ]
-    }
-
 {{- with .Values.anchoreGlobal.policyBundles }}
 {{- toYaml . | nindent 2 }}
-{{- end }} 
+{{- end }}
+{{- end }}
diff --git a/stable/anchore-engine/templates/policy_engine_deployment.yaml b/stable/anchore-engine/templates/policy_engine_deployment.yaml
@@ -129,8 +129,6 @@ spec:
         - name: config-volume
           mountPath: /config/config.yaml
           subPath: config.yaml
-        - name: policy-bundle-volume
-          mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
         - name: {{ $component }}-scratch
           mountPath: {{ .Values.anchoreGlobal.scratchVolume.mountPath }}
         {{- if .Values.anchoreGlobal.openShiftDeployment }}
@@ -180,9 +178,6 @@ spec:
         - name: config-volume
           configMap:
             name: {{ template "anchore-engine.fullname" . }}
-        - name: policy-bundle-volume
-          configMap:
-            name: {{ template "anchore-engine.fullname" . }}-policy-bundles
         - name: {{ $component }}-scratch
           {{ toYaml .Values.anchoreGlobal.scratchVolume.details | nindent 10 }}
         {{- if .Values.anchoreGlobal.openShiftDeployment }}

diff --git a/stable/anchore-engine/templates/simplequeue_deployment.yaml b/stable/anchore-engine/templates/simplequeue_deployment.yaml
@@ -115,8 +115,6 @@ spec:
         - name: config-volume
           mountPath: /config/config.yaml
           subPath: config.yaml
-        - name: policy-bundle-volume
-          mountPath: {{ .Values.anchoreGlobal.serviceDir }}/bundles
         {{- if .Values.anchoreGlobal.openShiftDeployment }}
         - name: service-config-volume
           mountPath: /anchore_service_config
@@ -164,9 +162,6 @@ spec:
         - name: config-volume
           configMap:
             name: {{ template "anchore-engine.fullname" .}}
-        - name: policy-bundle-volume
-          configMap:
-            name: {{ template "anchore-engine.fullname" . }}-policy-bundles
         {{- if .Values.anchoreGlobal.openShiftDeployment }}
         - name: service-config-volume
           emptyDir: {}