From daf45d36a4ac4d4c6af082b166fc80534bcfb865 Mon Sep 17 00:00:00 2001 From: Brady Todhunter Date: Tue, 30 Apr 2024 16:50:35 -0700 Subject: [PATCH 1/5] add 5.5.0 configs Signed-off-by: Brady Todhunter --- stable/feeds/README.md | 17 +++++++- stable/feeds/files/default_config.yaml | 8 +++- .../__snapshot__/configmap_test.yaml.snap | 21 +++++++++- stable/feeds/values.yaml | 40 ++++++++++++++++++- 4 files changed, 81 insertions(+), 5 deletions(-) diff --git a/stable/feeds/README.md b/stable/feeds/README.md index 05304411..bee7b940 100644 --- a/stable/feeds/README.md +++ b/stable/feeds/README.md @@ -373,7 +373,22 @@ anchoreConfig: | Name | Description | Value | | -------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | | `anchoreConfig.service_dir` | Path to directory where default Anchore configs are placed at startup | `/anchore_service` | -| `anchoreConfig.log_level` | The log level for Anchore services | `INFO` | +| `anchoreConfig.log_level` | The log level for Anchore services: NOTE: This is deprecated, use logging.log_level | `INFO` | +| `anchoreConfig.logging.colored_logging` | Enable colored output in the logs | `false` | +| `anchoreConfig.logging.exception_backtrace_logging` | Enable stack traces in the logs | `false` | +| `anchoreConfig.logging.exception_diagnose_logging` | Enable detailed exception information in the logs | `false` | +| `anchoreConfig.logging.file_rotation_rule` | Maximum size of a log file before it is rotated | `10 MB` | +| `anchoreConfig.logging.file_retention_rule` | Number of log files to retain before deleting the oldest | `10` | +| `anchoreConfig.logging.log_level` | Log level for the service code | `INFO` | +| `anchoreConfig.logging.server_access_logging` | Set whether to print server access to logging | `true` | +| `anchoreConfig.logging.server_response_debug_logging` | Log the elapsed time to process the request and the response size (debug log level) | `false` | +| `anchoreConfig.logging.server_log_level` | Log level specifically for the server (uvicorn) | `info` | +| `anchoreConfig.logging.structured_logging` | Enable structured logging output (JSON) | `false` | +| `anchoreConfig.server.max_connection_backlog` | Max connections permitted in the backlog before dropping | `2048` | +| `anchoreConfig.server.max_wsgi_middleware_worker_queue_size` | Max number of requests to queue for processing by ASGI2WSGI middleware | `100` | +| `anchoreConfig.server.max_wsgi_middleware_worker_count` | Max number of workers to have in the ASGI2WSGI middleware worker pool | `50` | +| `anchoreConfig.server.timeout_graceful_shutdown` | Seconds to permit for graceful shutdown or false to disable | `false` | +| `anchoreConfig.server.timeout_keep_alive` | Seconds to keep a connection alive before closing | `5` | | `anchoreConfig.keys.secret` | The shared secret used for signing & encryption, auto-generated by Helm if not set | `""` | | `anchoreConfig.keys.privateKeyFileName` | The file name of the private key used for signing & encryption, found in the k8s secret specified in .Values.certStoreSecretName | `""` | | `anchoreConfig.keys.publicKeyFileName` | The file name of the public key used for signing & encryption, found in the k8s secret specified in .Values.certStoreSecretName | `""` | diff --git a/stable/feeds/files/default_config.yaml b/stable/feeds/files/default_config.yaml index 2db8efa2..40c08fc0 100644 --- a/stable/feeds/files/default_config.yaml +++ b/stable/feeds/files/default_config.yaml @@ -1,6 +1,12 @@ service_dir: ${ANCHORE_SERVICE_DIR} tmp_dir: ${ANCHORE_FEEDS_TMP_DIR} -log_level: ${ANCHORE_LOG_LEVEL} +log_level: ${ANCHORE_LOG_LEVEL} # Deprecated - prefer use of logging.log_level + +logging: + {{- toYaml .Values.anchoreConfig.logging | nindent 2 }} + +server: + {{- toYaml .Values.anchoreConfig.server | nindent 2 }} host_id: "${ANCHORE_HOST_ID}" internal_ssl_verify: ${ANCHORE_INTERNAL_SSL_VERIFY} diff --git a/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap b/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap index 2361fcbf..be939b18 100644 --- a/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap +++ b/stable/feeds/tests/__snapshot__/configmap_test.yaml.snap @@ -7,7 +7,26 @@ should render the configmaps: # service_dir: ${ANCHORE_SERVICE_DIR} tmp_dir: ${ANCHORE_FEEDS_TMP_DIR} - log_level: ${ANCHORE_LOG_LEVEL} + log_level: ${ANCHORE_LOG_LEVEL} # Deprecated - prefer use of logging.log_level + + logging: + colored_logging: false + exception_backtrace_logging: false + exception_diagnose_logging: false + file_retention_rule: 10 + file_rotation_rule: 10 MB + log_level: INFO + server_access_logging: true + server_log_level: info + server_response_debug_logging: false + structured_logging: false + + server: + max_connection_backlog: 2048 + max_wsgi_middleware_worker_count: 50 + max_wsgi_middleware_worker_queue_size: 100 + timeout_graceful_shutdown: false + timeout_keep_alive: 5 host_id: "${ANCHORE_HOST_ID}" internal_ssl_verify: ${ANCHORE_INTERNAL_SSL_VERIFY} diff --git a/stable/feeds/values.yaml b/stable/feeds/values.yaml index 694a93f0..72ce6ab4 100644 --- a/stable/feeds/values.yaml +++ b/stable/feeds/values.yaml @@ -243,11 +243,47 @@ anchoreConfig: ## service_dir: /anchore_service - ## @param anchoreConfig.log_level The log level for Anchore services - ## options available: FATAL, ERROR, WARN, INFO, DEBUG, SPEW + ## @param anchoreConfig.log_level The log level for Anchore services: NOTE: This is deprecated, use logging.log_level + ## options available: CRITICAL, ERROR, WARNING, SUCCESS, INFO, DEBUG, TRACE ## log_level: INFO + ## @param anchoreConfig.logging.colored_logging Enable colored output in the logs + ## @param anchoreConfig.logging.exception_backtrace_logging Enable stack traces in the logs + ## @param anchoreConfig.logging.exception_diagnose_logging Enable detailed exception information in the logs + ## @param anchoreConfig.logging.file_rotation_rule Maximum size of a log file before it is rotated + ## @param anchoreConfig.logging.file_retention_rule Number of log files to retain before deleting the oldest + ## @param anchoreConfig.logging.log_level Log level for the service code + ## @param anchoreConfig.logging.server_access_logging Set whether to print server access to logging + ## @param anchoreConfig.logging.server_response_debug_logging Log the elapsed time to process the request and the response size (debug log level) + ## @param anchoreConfig.logging.server_log_level Log level specifically for the server (uvicorn) + ## @param anchoreConfig.logging.structured_logging Enable structured logging output (JSON) + ## + logging: + colored_logging: false + exception_backtrace_logging: false + exception_diagnose_logging: false + file_rotation_rule: "10 MB" + file_retention_rule: 10 + log_level: INFO + server_access_logging: true + server_response_debug_logging: false + server_log_level: "info" + structured_logging: false + + ## @param anchoreConfig.server.max_connection_backlog Max connections permitted in the backlog before dropping + ## @param anchoreConfig.server.max_wsgi_middleware_worker_queue_size Max number of requests to queue for processing by ASGI2WSGI middleware + ## @param anchoreConfig.server.max_wsgi_middleware_worker_count Max number of workers to have in the ASGI2WSGI middleware worker pool + ## @param anchoreConfig.server.timeout_graceful_shutdown Seconds to permit for graceful shutdown or false to disable + ## @param anchoreConfig.server.timeout_keep_alive Seconds to keep a connection alive before closing + ## + server: + max_connection_backlog: 2048 + max_wsgi_middleware_worker_queue_size: 100 + max_wsgi_middleware_worker_count: 50 + timeout_graceful_shutdown: false + timeout_keep_alive: 5 + ## @param anchoreConfig.keys.secret The shared secret used for signing & encryption, auto-generated by Helm if not set ## @param anchoreConfig.keys.privateKeyFileName The file name of the private key used for signing & encryption, found in the k8s secret specified in .Values.certStoreSecretName ## @param anchoreConfig.keys.publicKeyFileName The file name of the public key used for signing & encryption, found in the k8s secret specified in .Values.certStoreSecretName From 861dbe16d91e3391e5f21b6e0343b1593d441972 Mon Sep 17 00:00:00 2001 From: Brady Todhunter Date: Tue, 30 Apr 2024 16:51:27 -0700 Subject: [PATCH 2/5] add service annotations Signed-off-by: Brady Todhunter --- stable/feeds/README.md | 7 ++++- stable/feeds/templates/_common.tpl | 16 ++++++++++ stable/feeds/templates/deployment.yaml | 2 +- stable/feeds/tests/common_helpers_test.yaml | 35 +++++++++++++++++++++ stable/feeds/values.yaml | 2 +- 5 files changed, 59 insertions(+), 3 deletions(-) diff --git a/stable/feeds/README.md b/stable/feeds/README.md index bee7b940..71dd465d 100644 --- a/stable/feeds/README.md +++ b/stable/feeds/README.md @@ -313,7 +313,7 @@ anchoreConfig: | `url` | Set a custom feeds URL. Useful when using a feeds service endpoint that is external from the cluster. | `""` | | `fullnameOverride` | overrides the fullname set on resources | `""` | | `nameOverride` | overrides the name set on resources | `""` | -| `image` | Image used for feeds deployment | `docker.io/anchore/enterprise:v5.4.1` | +| `image` | Image used for feeds deployment | `docker.io/anchore/enterprise:v5.5.0` | | `imagePullPolicy` | Image pull policy used by all deployments | `IfNotPresent` | | `imagePullSecretName` | Name of Docker credentials secret for access to private repos | `anchore-enterprise-pullcreds` | | `serviceAccountName` | Name of a service account used to run all Feeds pods | `""` | @@ -502,6 +502,11 @@ For the latest updates and features in Anchore Enterprise, see the official [Rel - **Minor Chart Version Change (e.g., v0.1.2 -> v0.2.0)**: Indicates a significant change to the deployment that does not require manual intervention. - **Patch Chart Version Change (e.g., v0.1.2 -> v0.1.3)**: Indicates a backwards-compatible bug fix or documentation update. +### v2.5.x + +- Update Anchore Feds image to v5.4.0. See the [Release Notes](https://docs.anchore.com/current/docs/releasenotes/550/) for more information. +- Added support for service specific annotations. + ### v2.4.0 - Update Anchore Feeds image to v5.4.0. See the [Release Notes](https://docs.anchore.com/current/docs/releasenotes/540/) for more information. diff --git a/stable/feeds/templates/_common.tpl b/stable/feeds/templates/_common.tpl index 3afaecc0..b41d2ce9 100644 --- a/stable/feeds/templates/_common.tpl +++ b/stable/feeds/templates/_common.tpl @@ -11,6 +11,22 @@ Common annotations {{- end }} {{- end -}} +{{/* +Service annotations +*/}} +{{- define "feeds.service.annotations" -}} +{{- if and (not .nil) (not .Values.service.annotations) (not .Values.annotations) }} + {{- print "{}" }} +{{- else }} + {{- with .Values.service.annotations }} +{{ toYaml . }} + {{- end }} + {{- with .Values.annotations }} +{{ toYaml . }} + {{- end }} +{{- end }} +{{- end -}} + {{/* Setup a container for the cloudsql proxy to run in all pods when .Values.cloudsql.enabled = true */}} diff --git a/stable/feeds/templates/deployment.yaml b/stable/feeds/templates/deployment.yaml index 82a7bf43..524685c2 100644 --- a/stable/feeds/templates/deployment.yaml +++ b/stable/feeds/templates/deployment.yaml @@ -185,7 +185,7 @@ metadata: name: {{ template "feeds.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "feeds.common.labels" . | nindent 4 }} - annotations: {{- include "feeds.common.annotations" . | nindent 4 }} + annotations: {{- include "feeds.service.annotations" . | nindent 4 }} spec: type: {{ .Values.service.type }} selector: {{- include "feeds.common.matchLabels" . | nindent 4 }} diff --git a/stable/feeds/tests/common_helpers_test.yaml b/stable/feeds/tests/common_helpers_test.yaml index 7893d7ab..c3b5d123 100644 --- a/stable/feeds/tests/common_helpers_test.yaml +++ b/stable/feeds/tests/common_helpers_test.yaml @@ -44,6 +44,41 @@ tests: foo: bar bar: baz + - it: should render service annotations + template: deployment.yaml + documentIndex: 1 + set: + service: + annotations: + foo: bar + bar: baz + asserts: + - isSubset: + path: metadata.annotations + content: + foo: bar + bar: baz + + - it: should render service annotations and global annotations + template: deployment.yaml + documentIndex: 1 + set: + service: + annotations: + foo: bar + bar: baz + annotations: + fizz: buzz + boo: blah + asserts: + - isSubset: + path: metadata.annotations + content: + fizz: buzz + boo: blah + foo: bar + bar: baz + - it: should render file checksum/secret annotation template: deployment.yaml documentIndex: 0 diff --git a/stable/feeds/values.yaml b/stable/feeds/values.yaml index 72ce6ab4..f5d2d28f 100644 --- a/stable/feeds/values.yaml +++ b/stable/feeds/values.yaml @@ -21,7 +21,7 @@ nameOverride: "" ## @param image Image used for feeds deployment ## -image: docker.io/anchore/enterprise:v5.4.1 +image: docker.io/anchore/enterprise:v5.5.0 ## @param imagePullPolicy Image pull policy used by all deployments ## ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy From fd8e249f99eb82948ba06c5b1c68f3a11a2093d3 Mon Sep 17 00:00:00 2001 From: Brady Todhunter Date: Tue, 30 Apr 2024 16:52:11 -0700 Subject: [PATCH 3/5] bump chart version Signed-off-by: Brady Todhunter --- stable/feeds/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/feeds/Chart.yaml b/stable/feeds/Chart.yaml index 145ff879..7d77b04a 100644 --- a/stable/feeds/Chart.yaml +++ b/stable/feeds/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: feeds type: application -version: "2.4.3" -appVersion: "5.4.1" +version: "2.5.0" +appVersion: "5.5.0" kubeVersion: 1.23.x - 1.27.x || 1.23.x-x - 1.29.x-x description: Anchore feeds service keywords: From f0b79ffa52ca0270fe4ccc2107abccbbbddf93e1 Mon Sep 17 00:00:00 2001 From: Brady Todhunter Date: Tue, 30 Apr 2024 16:53:41 -0700 Subject: [PATCH 4/5] fix readme Signed-off-by: Brady Todhunter --- stable/feeds/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/feeds/README.md b/stable/feeds/README.md index 71dd465d..3fbf2fde 100644 --- a/stable/feeds/README.md +++ b/stable/feeds/README.md @@ -504,7 +504,7 @@ For the latest updates and features in Anchore Enterprise, see the official [Rel ### v2.5.x -- Update Anchore Feds image to v5.4.0. See the [Release Notes](https://docs.anchore.com/current/docs/releasenotes/550/) for more information. +- Update Anchore Feeds image to v5.5.0. See the [Release Notes](https://docs.anchore.com/current/docs/releasenotes/550/) for more information. - Added support for service specific annotations. ### v2.4.0 From f157a68191a60708ac7e15e0aa6e03839d35b687 Mon Sep 17 00:00:00 2001 From: Brady Todhunter Date: Tue, 30 Apr 2024 16:55:37 -0700 Subject: [PATCH 5/5] update test snapshots Signed-off-by: Brady Todhunter --- .../tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap b/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap index d8cbe6a1..cc6dacf1 100644 --- a/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap +++ b/stable/feeds/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap @@ -143,6 +143,6 @@ should render proper initContainers: value: test-release-feeds.test-namespace.svc.cluster.local - name: ANCHORE_PORT value: "8448" - image: docker.io/anchore/enterprise:v5.4.1 + image: docker.io/anchore/enterprise:v5.5.0 imagePullPolicy: IfNotPresent name: wait-for-db