Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

anchore-enterprise 5.13 add max_scan_time for analyzer malware #425

Merged
merged 2 commits into from
Dec 13, 2024
Merged

anchore-enterprise 5.13 add max_scan_time for analyzer malware #425

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a0cb475
anchore-enterprise 5.13 add max_scan_time for analyzer malware
HN23 Dec 12, 2024
01ce999
bump malware scanning internal timeout to 30 min in ms
HN23 Dec 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion stable/enterprise/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: enterprise
version: "3.2.3"
version: "3.2.4"
appVersion: "5.12.0"
kubeVersion: 1.23.x - 1.31.x || 1.23.x-x - 1.31.x-x
description: |
Expand Down
18 changes: 0 additions & 18 deletions stable/enterprise/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -639,7 +639,6 @@ To restore your deployment to using your previous driver configurations:
| `global.fullnameOverride` | overrides the fullname set on resources | `""` |
| `global.nameOverride` | overrides the name set on resources | `""` |
### Common Resource Parameters
| Name | Description | Value |
Expand Down Expand Up @@ -694,7 +693,6 @@ To restore your deployment to using your previous driver configurations:
| `scripts` | Collection of helper scripts usable in all anchore enterprise pods | `{}` |
| `domainSuffix` | domain suffix for appending to the ANCHORE_ENDPOINT_HOSTNAME. If blank, domainSuffix will be "namespace.svc.cluster.local". | `""` |
### Anchore Configuration Parameters
| Name | Description | Value |
Expand Down Expand Up @@ -824,7 +822,6 @@ To restore your deployment to using your previous driver configurations:
| `anchoreConfig.ui.dbUser` | allows overriding and separation of the ui database user. | `""` |
| `anchoreConfig.ui.dbPassword` | allows overriding and separation of the ui database user authentication | `""` |
### Anchore Analyzer k8s Deployment Parameters
| Name | Description | Value |
Expand All @@ -842,7 +839,6 @@ To restore your deployment to using your previous driver configurations:
| `analyzer.serviceAccountName` | Service account name for Anchore API pods | `""` |
| `analyzer.scratchVolume.details` | Details for the k8s volume to be created for Anchore Analyzer scratch space | `{}` |
### Anchore API k8s Deployment Parameters
| Name | Description | Value |
Expand All @@ -865,7 +861,6 @@ To restore your deployment to using your previous driver configurations:
| `api.affinity` | Affinity for Anchore API pod assignment | `{}` |
| `api.serviceAccountName` | Service account name for Anchore API pods | `""` |
### Anchore Catalog k8s Deployment Parameters
| Name | Description | Value |
Expand All @@ -889,7 +884,6 @@ To restore your deployment to using your previous driver configurations:
| `catalog.serviceAccountName` | Service account name for Anchore Catalog pods | `""` |
| `catalog.scratchVolume.details` | Details for the k8s volume to be created for Anchore Catalog scratch space | `{}` |
### Anchore DataSyncer k8s Deployment Parameters
| Name | Description | Value |
Expand All @@ -913,7 +907,6 @@ To restore your deployment to using your previous driver configurations:
| `dataSyncer.serviceAccountName` | Service account name for Anchore DataSyncer pods | `""` |
| `dataSyncer.scratchVolume.details` | Details for the k8s volume to be created for Anchore DataSyncer scratch space | `{}` |
### Anchore Notifications Parameters
| Name | Description | Value |
Expand All @@ -936,7 +929,6 @@ To restore your deployment to using your previous driver configurations:
| `notifications.affinity` | Affinity for Anchore Notifications pod assignment | `{}` |
| `notifications.serviceAccountName` | Service account name for Anchore Notifications pods | `""` |
### Anchore Policy Engine k8s Deployment Parameters
| Name | Description | Value |
Expand All @@ -960,7 +952,6 @@ To restore your deployment to using your previous driver configurations:
| `policyEngine.serviceAccountName` | Service account name for Anchore Policy Engine pods | `""` |
| `policyEngine.scratchVolume.details` | Details for the k8s volume to be created for Anchore Policy Engine scratch space | `{}` |
### Anchore Reports Parameters
| Name | Description | Value |
Expand All @@ -984,7 +975,6 @@ To restore your deployment to using your previous driver configurations:
| `reports.serviceAccountName` | Service account name for Anchore Reports pods | `""` |
| `reports.scratchVolume.details` | Details for the k8s volume to be created for Anchore Reports scratch space | `{}` |
### Anchore Reports Worker Parameters
| Name | Description | Value |
Expand All @@ -1007,7 +997,6 @@ To restore your deployment to using your previous driver configurations:
| `reportsWorker.affinity` | Affinity for Anchore Reports Worker pod assignment | `{}` |
| `reportsWorker.serviceAccountName` | Service account name for Anchore Reports Worker pods | `""` |
### Anchore Simple Queue Parameters
| Name | Description | Value |
Expand All @@ -1030,7 +1019,6 @@ To restore your deployment to using your previous driver configurations:
| `simpleQueue.affinity` | Affinity for Anchore Simple Queue pod assignment | `{}` |
| `simpleQueue.serviceAccountName` | Service account name for Anchore Simple Queue pods | `""` |
### Anchore UI Parameters
| Name | Description | Value |
Expand All @@ -1057,7 +1045,6 @@ To restore your deployment to using your previous driver configurations:
| `ui.affinity` | Affinity for Anchore ui pod assignment | `{}` |
| `ui.serviceAccountName` | Service account name for Anchore UI pods | `""` |
### Anchore Upgrade Job Parameters
| Name | Description | Value |
Expand All @@ -1076,7 +1063,6 @@ To restore your deployment to using your previous driver configurations:
| `upgradeJob.labels` | Labels for the Anchore upgrade job | `{}` |
| `upgradeJob.ttlSecondsAfterFinished` | The time period in seconds the upgrade job, and it's related pods should be retained for | `-1` |
### Ingress Parameters
| Name | Description | Value |
Expand All @@ -1091,7 +1077,6 @@ To restore your deployment to using your previous driver configurations:
| `ingress.tls` | Configure tls for the ingress resource | `[]` |
| `ingress.ingressClassName` | sets the ingress class name. As of k8s v1.18, this should be nginx | `nginx` |
### Google CloudSQL DB Parameters
| Name | Description | Value |
Expand All @@ -1105,7 +1090,6 @@ To restore your deployment to using your previous driver configurations:
| `cloudsql.serviceAccJsonName` | | `""` |
| `cloudsql.extraArgs` | a list of extra arguments to be passed into the cloudsql container command. eg | `[]` |
### Anchore UI Redis Parameters
| Name | Description | Value |
Expand All @@ -1119,7 +1103,6 @@ To restore your deployment to using your previous driver configurations:
| `ui-redis.image.repository` | Specifies the image repository to use for this chart. | `bitnami/redis` |
| `ui-redis.image.tag` | Specifies the image to use for this chart. | `7.0.12-debian-11-r0` |
### Anchore Database Parameters
| Name | Description | Value |
Expand All @@ -1138,7 +1121,6 @@ To restore your deployment to using your previous driver configurations:
| `postgresql.image.registry` | Specifies the image registry to use for this chart. | `docker.io` |
| `postgresql.image.tag` | Specifies the image to use for this chart. | `13.11.0-debian-11-r15` |
### Anchore Object Store and Analysis Archive Migration
| Name | Description | Value |
Expand Down
1 change: 1 addition & 0 deletions stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ should render the configmaps:
clamav:
db_update_enabled: true
enabled: <ALLOW_API_CONFIGURATION>
max_scan_time: 600000
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the latest code change I'm making the new default will be 180000
(= 30 minutes) rather than 600000 (= 10 minutes).

Probably the helm chart should have that as default too?

retrieve_files:
file_list:
- /etc/passwd
Expand Down
2 changes: 2 additions & 0 deletions stable/enterprise/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -503,6 +503,8 @@ anchoreConfig:
clamav:
enabled: "<ALLOW_API_CONFIGURATION>" # false
db_update_enabled: true
# Maximum time in milliseconds that a ClamAV scan is allowed to run
max_scan_time: 600000
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dito.


catalog:
## @param anchoreConfig.catalog.cycle_timers.image_watcher Interval (seconds) to check for an update to a tag
Expand Down
Loading