From af4d32a967b7e1707a43a28c53ba14604e9e4e7a Mon Sep 17 00:00:00 2001 From: Zach Hill Date: Fri, 10 May 2024 14:52:39 -0700 Subject: [PATCH 1/3] fix: allow override of entire db_connect_args, not just single values Signed-off-by: Zach Hill --- stable/enterprise/Chart.yaml | 2 +- stable/enterprise/files/default_config.yaml | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/enterprise/Chart.yaml b/stable/enterprise/Chart.yaml index 2def8053..c5039d20 100644 --- a/stable/enterprise/Chart.yaml +++ b/stable/enterprise/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: enterprise -version: "2.5.6" +version: "2.5.7" appVersion: "5.4.1" kubeVersion: 1.23.x - 1.28.x || 1.23.x-x - 1.29.x-x description: | diff --git a/stable/enterprise/files/default_config.yaml b/stable/enterprise/files/default_config.yaml index b6744018..ac3245be 100644 --- a/stable/enterprise/files/default_config.yaml +++ b/stable/enterprise/files/default_config.yaml @@ -52,6 +52,11 @@ credentials: host: "${ANCHORE_DB_HOST}" port: "${ANCHORE_DB_PORT}" name: "${ANCHORE_DB_NAME}" + {{- if .Values.anchoreConfig.database.dbConnectArgs }} + {{- with .Values.anchoreConfig.database.dbConnectArgs }} + db_connect_args: {{- toYaml . | nindent 6 }} + {{- end }} + {{ else }} db_connect_args: timeout: ${ANCHORE_DB_TIMEOUT} ssl: ${ANCHORE_DB_SSL} @@ -59,6 +64,7 @@ credentials: sslmode: ${ANCHORE_DB_SSL_MODE} sslrootcert: ${ANCHORE_DB_SSL_ROOT_CERT} {{- end }} + {{- end }} db_pool_size: ${ANCHORE_DB_POOL_SIZE} db_pool_max_overflow: ${ANCHORE_DB_POOL_MAX_OVERFLOW} {{- with .Values.anchoreConfig.database.engineArgs }} From e01d155de185ce1e8fcb49936e84ab18d632eb71 Mon Sep 17 00:00:00 2001 From: Zach Hill Date: Fri, 10 May 2024 16:50:26 -0700 Subject: [PATCH 2/3] add default and better conventions and indents Signed-off-by: Zach Hill --- stable/enterprise/files/default_config.yaml | 6 +++--- stable/enterprise/values.yaml | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/stable/enterprise/files/default_config.yaml b/stable/enterprise/files/default_config.yaml index ac3245be..0e1593dc 100644 --- a/stable/enterprise/files/default_config.yaml +++ b/stable/enterprise/files/default_config.yaml @@ -52,11 +52,11 @@ credentials: host: "${ANCHORE_DB_HOST}" port: "${ANCHORE_DB_PORT}" name: "${ANCHORE_DB_NAME}" - {{- if .Values.anchoreConfig.database.dbConnectArgs }} + {{- if .Values.anchoreConfig.database.dbConnectArgs }} {{- with .Values.anchoreConfig.database.dbConnectArgs }} db_connect_args: {{- toYaml . | nindent 6 }} {{- end }} - {{ else }} + {{- else }} db_connect_args: timeout: ${ANCHORE_DB_TIMEOUT} ssl: ${ANCHORE_DB_SSL} @@ -64,7 +64,7 @@ credentials: sslmode: ${ANCHORE_DB_SSL_MODE} sslrootcert: ${ANCHORE_DB_SSL_ROOT_CERT} {{- end }} - {{- end }} + {{- end }} db_pool_size: ${ANCHORE_DB_POOL_SIZE} db_pool_max_overflow: ${ANCHORE_DB_POOL_MAX_OVERFLOW} {{- with .Values.anchoreConfig.database.engineArgs }} diff --git a/stable/enterprise/values.yaml b/stable/enterprise/values.yaml index 1edb0cea..0f1c4cef 100644 --- a/stable/enterprise/values.yaml +++ b/stable/enterprise/values.yaml @@ -324,6 +324,7 @@ anchoreConfig: db_pool_size: 30 db_pool_max_overflow: 100 engineArgs: {} + dbConnectArgs: {} ## @param anchoreConfig.internalServicesSSL.enabled Force all Enterprise services to use SSL for internal communication ## @param anchoreConfig.internalServicesSSL.verifyCerts Enable cert verification against the local cert bundle, if this set to false self-signed certs are allowed From 24dd914b62e89989be0191a164eb21a10a88ded7 Mon Sep 17 00:00:00 2001 From: Zach Hill Date: Fri, 10 May 2024 16:57:11 -0700 Subject: [PATCH 3/3] add param doc for dbConnectArgs Signed-off-by: Zach Hill --- stable/enterprise/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/stable/enterprise/README.md b/stable/enterprise/README.md index fedf3146..1565d1c4 100644 --- a/stable/enterprise/README.md +++ b/stable/enterprise/README.md @@ -967,7 +967,7 @@ This rollback procedure is designed to revert your environment to its pre-migrat ### Anchore Configuration Parameters | Name | Description | Value | -| -------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------ | +|----------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------| ------------------ | | `anchoreConfig.service_dir` | Path to directory where default Anchore config files are placed at startup | `/anchore_service` | | `anchoreConfig.log_level` | The log level for Anchore services | `INFO` | | `anchoreConfig.allow_awsecr_iam_auto` | Enable AWS IAM instance role for ECR auth | `true` | @@ -995,6 +995,7 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `anchoreConfig.database.db_pool_size` | The database max connection pool size | `30` | | `anchoreConfig.database.db_pool_max_overflow` | The maximum overflow size of the database connection pool | `100` | | `anchoreConfig.database.engineArgs` | Set custom database engine arguments for SQLAlchemy | `{}` | +| `anchoreConfig.database.dbConnectArgs` | Set custom database connection arguments for SQLAlchemy. This is mutually exclusive with ssl, sslmode, and sslRootCertFilename | `{}` | | `anchoreConfig.internalServicesSSL.enabled` | Force all Enterprise services to use SSL for internal communication | `false` | | `anchoreConfig.internalServicesSSL.verifyCerts` | Enable cert verification against the local cert bundle, if this set to false self-signed certs are allowed | `false` | | `anchoreConfig.internalServicesSSL.certSecretKeyFileName` | File name of the private key used for internal SSL stored in the secret specified in .Values.certStoreSecretName | `""` |