From a5c636ed8d57f0d032e4b15eb249782b8a45440b Mon Sep 17 00:00:00 2001 From: Brady Todhunter Date: Thu, 18 Jan 2024 15:44:41 -0800 Subject: [PATCH 1/4] quote passwords in config file Signed-off-by: Brady Todhunter --- stable/enterprise/files/default_config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/enterprise/files/default_config.yaml b/stable/enterprise/files/default_config.yaml index 55268bf8..8ef2da94 100644 --- a/stable/enterprise/files/default_config.yaml +++ b/stable/enterprise/files/default_config.yaml @@ -25,11 +25,11 @@ metrics: webhooks: {{- toYaml .Values.anchoreConfig.webhooks | nindent 2 }} -default_admin_password: ${ANCHORE_ADMIN_PASSWORD} +default_admin_password: "${ANCHORE_ADMIN_PASSWORD}" default_admin_email: ${ANCHORE_ADMIN_EMAIL} keys: - secret: ${ANCHORE_SAML_SECRET} + secret: "${ANCHORE_SAML_SECRET}" public_key_path: ${ANCHORE_AUTH_PRIVKEY} private_key_path: ${ANCHORE_AUTH_PUBKEY} From 5a178fe2ac2e01656888d0dfb92e2440c5e88c28 Mon Sep 17 00:00:00 2001 From: Brady Todhunter Date: Thu, 18 Jan 2024 15:45:06 -0800 Subject: [PATCH 2/4] bump chart version Signed-off-by: Brady Todhunter --- stable/enterprise/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/enterprise/Chart.yaml b/stable/enterprise/Chart.yaml index 0f260edd..ec65ee01 100644 --- a/stable/enterprise/Chart.yaml +++ b/stable/enterprise/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: enterprise -version: "2.2.3" +version: "2.2.4" appVersion: "5.1.1" kubeVersion: 1.23.x - 1.28.x || 1.23.x-x - 1.28.x-x description: | From a32b5467a3834bc949bf0b917a8a73df38204b14 Mon Sep 17 00:00:00 2001 From: Brady Todhunter Date: Thu, 18 Jan 2024 15:57:52 -0800 Subject: [PATCH 3/4] update migration instructions to install latest 1.0.x patch release Signed-off-by: Brady Todhunter --- stable/enterprise/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/enterprise/README.md b/stable/enterprise/README.md index 72d025d4..eef7be81 100644 --- a/stable/enterprise/README.md +++ b/stable/enterprise/README.md @@ -791,7 +791,7 @@ See the [Migration Rollback Steps](#migration-rollback-steps) section for more d # export ADMIN_PASS=$(kubectl get secret -n ${NAMESPACE} ${ENGINE_RELEASE}-anchore-engine-admin-pass -o jsonpath="{.data.ANCHORE_ADMIN_PASSWORD}" | base64 -d -) # export SET_ADMIN_PASS=("--set" "anchoreConfig.default_admin_password=${ADMIN_PASS}") - helm install ${ENTERPRISE_RELEASE} -n ${NAMESPACE} ${SET_ADMIN_PASS[@]} -f ${ENTERPRISE_VALUES_FILE} anchore/enterprise --version=1.0.0 + helm install ${ENTERPRISE_RELEASE} -n ${NAMESPACE} ${SET_ADMIN_PASS[@]} -f ${ENTERPRISE_VALUES_FILE} anchore/enterprise --version=^1.0.0 ``` 1. **Verification and Cleanup**: After confirming that the Anchore Enterprise deployment is functional, you can safely uninstall the old Anchore Engine deployment. @@ -840,7 +840,7 @@ See the [Migration Rollback Steps](#migration-rollback-steps) section for more d export ADMIN_PASS=$(kubectl get secret -n ${NAMESPACE} ${ENGINE_RELEASE}-anchore-engine-admin-pass -o jsonpath="{.data.ANCHORE_ADMIN_PASSWORD}" | base64 -d -) export SET_ADMIN_PASS=("--set" "anchoreConfig.default_admin_password=${ADMIN_PASS}") - helm install ${ENTERPRISE_RELEASE} -n ${NAMESPACE} --set startMigrationPod=true --set migrationAnchoreEngineSecretName=${ENGINE_RELEASE}-anchore-engine ${SET_ADMIN_PASS[@]} anchore/enterprise -f ${ENTERPRISE_VALUES_FILE} --version=1.0.0 + helm install ${ENTERPRISE_RELEASE} -n ${NAMESPACE} --set startMigrationPod=true --set migrationAnchoreEngineSecretName=${ENGINE_RELEASE}-anchore-engine ${SET_ADMIN_PASS[@]} anchore/enterprise -f ${ENTERPRISE_VALUES_FILE} --version=^1.0.0 ``` 1. **Scale Down Anchore Enterprise**: Before migrating the database, scale down the new Anchore Enterprise deployment to zero replicas. @@ -890,7 +890,7 @@ See the [Migration Rollback Steps](#migration-rollback-steps) section for more d export ENTERPRISE_RELEASE= export ENTERPRISE_VALUES_FILE=${PWD}/output/enterprise.my-values-file.yaml # The converted file - helm upgrade ${ENTERPRISE_RELEASE} -n ${NAMESPACE} --set startMigrationPod=false anchore/enterprise -f ${ENTERPRISE_VALUES_FILE} --version=1.0.0 + helm upgrade ${ENTERPRISE_RELEASE} -n ${NAMESPACE} --set startMigrationPod=false anchore/enterprise -f ${ENTERPRISE_VALUES_FILE} --version=^1.0.0 ``` 1. **Final Verification and Cleanup**: After ensuring the new deployment is operational, uninstall the old Anchore Engine deployment. From fa6951dd749e41444e508b135aca3c7fc71cdc27 Mon Sep 17 00:00:00 2001 From: Brady Todhunter Date: Thu, 18 Jan 2024 16:00:21 -0800 Subject: [PATCH 4/4] update test snapshots Signed-off-by: Brady Todhunter --- stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap b/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap index 1364e8c8..1fb1cac9 100644 --- a/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap +++ b/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap @@ -72,11 +72,11 @@ should render the configmaps: webhooks: {} - default_admin_password: ${ANCHORE_ADMIN_PASSWORD} + default_admin_password: "${ANCHORE_ADMIN_PASSWORD}" default_admin_email: ${ANCHORE_ADMIN_EMAIL} keys: - secret: ${ANCHORE_SAML_SECRET} + secret: "${ANCHORE_SAML_SECRET}" public_key_path: ${ANCHORE_AUTH_PRIVKEY} private_key_path: ${ANCHORE_AUTH_PUBKEY}