diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 4cbb87f8..42586b41 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -2,13 +2,12 @@ name: "Test using kind and chart-testing tool" on: - pull_request - jobs: test: strategy: fail-fast: false matrix: - kubernetesVersion: ["v1.19.16", "v1.22.0", "v1.25.0"] + kubernetesVersion: ["v1.23.17", "v1.24.15", "v1.25.11", "v1.26.6", "v1.27.3"] runs-on: ubuntu-latest steps: - name: Checkout diff --git a/README.md b/README.md index 532cc939..d3774568 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,8 @@ This repository contains Helm charts for deploying [Anchore](https://www.anchore ## Prerequisites -- [Helm](https://helm.sh/) - Helm is a package manager for Kubernetes that makes it easy to install and manage applications on your cluster. -- [Kubernetes](https://kubernetes.io/) - Kubernetes is an open-source container orchestration platform that is required to use Helm charts. +- [Helm](https://helm.sh/) (>=3.8) - Helm is a package manager for Kubernetes that makes it easy to install and manage applications on your cluster. +- [Kubernetes](https://kubernetes.io/) (>=1.25) - Kubernetes is an open-source container orchestration platform that is required to use Helm charts. ## Installation diff --git a/stable/anchore-engine/Chart.yaml b/stable/anchore-engine/Chart.yaml index 54cdeb94..ebaa78f8 100644 --- a/stable/anchore-engine/Chart.yaml +++ b/stable/anchore-engine/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: anchore-engine -version: 1.26.6 +version: 1.27.0 appVersion: 1.1.0 description: Anchore container analysis and policy evaluation engine service keywords: diff --git a/stable/anchore-engine/README.md b/stable/anchore-engine/README.md index 1e96193e..1a60793b 100644 --- a/stable/anchore-engine/README.md +++ b/stable/anchore-engine/README.md @@ -198,6 +198,10 @@ A Helm post-upgrade hook job will shut down all previously running Anchore servi The upgrade will only be considered successful when this job completes successfully. Performing an upgrade will cause the Helm client to block until the upgrade job completes and the new Anchore service pods are started. To view progress of the upgrade process, tail the logs of the upgrade jobs `anchore-engine-upgrade` and `anchore-enterprise-upgrade`. These job resources will be removed upon a successful Helm upgrade. +# Chart Version 1.27.0 + +* Anchore Enterprise image updated to v4.9.0 - [Release Notes](https://docs.anchore.com/current/docs/releasenotes/490/) + # Chart Version 1.26.3 * Anchore Enterprise image updated to v4.8.1 - [Release Notes](https://docs.anchore.com/current/docs/releasenotes/481/) @@ -527,6 +531,7 @@ metadata: name: anchore-enterprise-ui-env type: Opaque stringData: + # if using TLS to connect to Postgresql you must add the ?ssl=[require|verify-ca|verify-full] parameter to the end of the URI ANCHORE_APPDB_URI: postgresql://anchoreengine:anchore-postgres,123@anchore-postgresql:5432/anchore ANCHORE_REDIS_URI: redis://nouser:anchore-redis,123@anchore-ui-redis-master:6379 ``` diff --git a/stable/anchore-engine/templates/engine_configmap.yaml b/stable/anchore-engine/templates/engine_configmap.yaml index 7c3d95f0..fde3c424 100644 --- a/stable/anchore-engine/templates/engine_configmap.yaml +++ b/stable/anchore-engine/templates/engine_configmap.yaml @@ -67,6 +67,8 @@ data: # Defines a maximum compressed image size (MB) to be added for analysis # Value < 0 disables feature. Disabled by default max_compressed_image_size_mb: {{ default -1 .Values.anchoreGlobal.maxCompressedImageSizeMB }} + max_source_import_size_mb: {{ default 100 .Values.anchoreGlobal.maxSourceImportSizeMB }} + max_import_content_size_mb: {{ default 100 .Values.anchoreGlobal.maxImportContentSizeMB }} # Locations for keys used for signing and encryption. Only one of 'secret' or 'public_key_path'/'private_key_path' needs to be set. If all are set then the keys take precedence over the secret value # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs. diff --git a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml index 941c4d13..abe5e3ab 100644 --- a/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml +++ b/stable/anchore-engine/templates/enterprise_feeds_configmap.yaml @@ -172,6 +172,8 @@ data: {{- end }} sles: enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.slesDriverEnabled | quote) }} + mariner: + enabled: {{ default "true" (.Values.anchoreEnterpriseFeeds.marinerDriverEnabled) }} msrc: enabled: {{ .Values.anchoreEnterpriseFeeds.msrcDriverEnabled | quote }} {{- with .Values.anchoreEnterpriseFeeds.msrcWhitelist }} diff --git a/stable/anchore-engine/values.yaml b/stable/anchore-engine/values.yaml index 84b351e6..3ff6c7c8 100644 --- a/stable/anchore-engine/values.yaml +++ b/stable/anchore-engine/values.yaml @@ -760,7 +760,7 @@ anchoreEnterpriseGlobal: # Create this secret with the following command - kubectl create secret generic anchore-enterprise-license --from-file=license.yaml= licenseSecretName: anchore-enterprise-license - image: docker.io/anchore/enterprise:v4.8.1 + image: docker.io/anchore/enterprise:v4.9.0 imagePullPolicy: IfNotPresent # Name of the kubernetes secret containing your dockerhub creds with access to the anchore enterprise images. @@ -1124,7 +1124,7 @@ anchoreEnterpriseNotifications: anchoreEnterpriseUi: # If enabled is set to false, set ui-redis.enabled to false to ensure that helm doesn't stand up a unneccessary redis instance. enabled: true - image: docker.io/anchore/enterprise-ui:v4.8.0 + image: docker.io/anchore/enterprise-ui:v4.9.0 imagePullPolicy: IfNotPresent # Set extra environment variables. These will be set on all UI containers. diff --git a/stable/ecs-inventory/Chart.yaml b/stable/ecs-inventory/Chart.yaml index a4d302c4..87596fe2 100644 --- a/stable/ecs-inventory/Chart.yaml +++ b/stable/ecs-inventory/Chart.yaml @@ -20,7 +20,7 @@ maintainers: email: hung.nguyen@anchore.com type: application -version: 0.0.2 +version: 0.0.3 appVersion: "1.0.0" icon: https://anchore.com/wp-content/uploads/2016/08/anchore.png diff --git a/stable/ecs-inventory/values.yaml b/stable/ecs-inventory/values.yaml index f19cd0f9..ce4624ef 100644 --- a/stable/ecs-inventory/values.yaml +++ b/stable/ecs-inventory/values.yaml @@ -7,9 +7,10 @@ ## replicaCount: 1 -## @param image Image used for all Anchore Enterprise deployments, excluding Anchore UI +## @param image Image used for all Ecs Inventory deployment deployments +## use docker.io/anchore/ecs-inventory:v1.1.0-fips-amd64 if you want an image built for fips use ## -image: "docker.io/anchore/ecs-inventory:v1.0.0" +image: "docker.io/anchore/ecs-inventory:v1.1.0" ## @param imagePullPolicy Image pull policy used by all deployments ## ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy diff --git a/stable/k8s-inventory/Chart.yaml b/stable/k8s-inventory/Chart.yaml index c9216728..85002f75 100644 --- a/stable/k8s-inventory/Chart.yaml +++ b/stable/k8s-inventory/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: k8s-inventory -version: 0.0.2 +version: 0.0.4 appVersion: "1.0.0" description: A Helm chart for Kubernetes Automated Inventory, which describes which images are in use in a given Kubernetes Cluster keywords: diff --git a/stable/k8s-inventory/values.yaml b/stable/k8s-inventory/values.yaml index 6cae8857..2438eb41 100644 --- a/stable/k8s-inventory/values.yaml +++ b/stable/k8s-inventory/values.yaml @@ -10,11 +10,12 @@ replicaCount: 1 ## @param image.pullPolicy Image pull policy used by the K8s Inventory deployment ## @param image.repository Image used for the K8s Inventory deployment ## @param image.tag Image tag used for the K8s Inventory deployment +## use tag v1.0.2-fips-amd64 if you want an image built for fips use ## image: pullPolicy: "IfNotPresent" repository: "anchore/k8s-inventory" - tag: "v1.0.0" + tag: "v1.1.1" ## @param imagePullSecrets secrets where Kubernetes should get the credentials for pulling private images ##