bumping enterprise chart version to 3.3.1 (Anchore Enterprise 5.13.1)

Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
anchore · Dec 18, 2024 · 7037635 · 7037635
1 parent 127a7eb
commit 7037635
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 15 deletions.
diff --git a/stable/enterprise/Chart.yaml b/stable/enterprise/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: enterprise
-version: "3.3.0"
-appVersion: "5.13.0"
+version: "3.3.1"
+appVersion: "5.13.1"
 kubeVersion: 1.23.x - 1.31.x || 1.23.x-x - 1.31.x-x
 description: |
   Anchore Enterprise is a complete container security workflow solution for professional teams. Easily integrating with CI/CD systems,

diff --git a/stable/enterprise/README.md b/stable/enterprise/README.md
@@ -89,7 +89,7 @@ This guide covers deploying Anchore Enterprise on a Kubernetes cluster with the
 
 ### Installing on Openshift
 
-You will need to either disable or properly set the parameters for `containerSecurityContext`, `runAsUser`, and `fsGroup` for the `ui-redis` and any PostgreSQL database that you deploy using the Enterprise chart (e.g., via `postgresql.chartEnabled`).
+You will need to either disable or properly set the parameters for `containerSecurityContext`, `runAsUser`, and `fsGroup` for the `ui-redis` and any PostgreSQL database that you deploy using the Enterprise chart (e.g., via `postgresql.chartEnabled`). Also, by default, Anchore Enterprise creates a user that normally runs the application with a uid/gid/group of 1000. If your deployment uses any other user as openshift usually does, you will need to update the HOME environment variable to a directory where the analyzer service can write to.
 
 For example:
 
@@ -103,7 +103,9 @@ For example:
       --set postgresql.primary.containerSecurityContext.enabled=false \
       --set postgresql.primary.podSecurityContext.enabled=false \
       --set ui-redis.master.podSecurityContext.enabled=false \
-      --set ui-redis.master.containerSecurityContext.enabled=false
+      --set ui-redis.master.containerSecurityContext.enabled=false \
+      --set analyzer.extraEnv[0].name=HOME \
+      --set analyzer.extraEnv[0].value=/tmp
     ```
 
     > **Note:** disabling the containerSecurityContext and podSecurityContext may not be suitable for production. See [Redhat's documentation](https://docs.openshift.com/container-platform/4.13/authentication/managing-security-context-constraints.html#managing-pod-security-policies) on what may be suitable for production. For more information on the openshift.io/sa.scc.uid-range annotation, see the [openshift docs](https://docs.openshift.com/dedicated/authentication/managing-security-context-constraints.html#security-context-constraints-pre-allocated-values_configuring-internal-oauth)
@@ -129,6 +131,10 @@ ui-redis:
       enabled: false
     containerSecurityContext:
       enabled: false
+analyzer:
+  extraEnv:
+    - name: HOME
+      value: /tmp
 ```
 
 ## Upgrading the Chart

diff --git a/stable/enterprise/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap b/stable/enterprise/tests/__snapshot__/prehook_upgrade_resources_test.yaml.snap
@@ -26,7 +26,7 @@ migration job should match snapshot:
               name: test-release-enterprise-config-env-vars
           - secretRef:
               name: test-release-enterprise
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: migrate-analysis-archive
         volumeMounts:
@@ -89,7 +89,7 @@ migration job should match snapshot:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.name
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: wait-for-db
     restartPolicy: Never
@@ -148,7 +148,7 @@ migration job should match snapshot analysisArchiveMigration and objectStoreMigr
               name: test-release-enterprise-config-env-vars
           - secretRef:
               name: test-release-enterprise
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: migrate-analysis-archive
         volumeMounts:
@@ -211,7 +211,7 @@ migration job should match snapshot analysisArchiveMigration and objectStoreMigr
             valueFrom:
               fieldRef:
                 fieldPath: metadata.name
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: wait-for-db
     restartPolicy: Never
@@ -268,7 +268,7 @@ migration job should match snapshot analysisArchiveMigration to true:
               name: test-release-enterprise-config-env-vars
           - secretRef:
               name: test-release-enterprise
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: migrate-analysis-archive
         volumeMounts:
@@ -331,7 +331,7 @@ migration job should match snapshot analysisArchiveMigration to true:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.name
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: wait-for-db
     restartPolicy: Never
@@ -387,7 +387,7 @@ migration job should match snapshot objectStoreMigration to true:
               name: test-release-enterprise-config-env-vars
           - secretRef:
               name: test-release-enterprise
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: migrate-analysis-archive
         volumeMounts:
@@ -450,7 +450,7 @@ migration job should match snapshot objectStoreMigration to true:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.name
-        image: docker.io/anchore/enterprise:v5.13.0
+        image: docker.io/anchore/enterprise:v5.13.1
         imagePullPolicy: IfNotPresent
         name: wait-for-db
     restartPolicy: Never
@@ -621,6 +621,6 @@ should render proper initContainers:
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
-      image: docker.io/anchore/enterprise:v5.13.0
+      image: docker.io/anchore/enterprise:v5.13.1
       imagePullPolicy: IfNotPresent
       name: wait-for-db
diff --git a/stable/enterprise/values.yaml b/stable/enterprise/values.yaml
@@ -19,7 +19,7 @@ global:
 
 ## @param image Image used for all Anchore Enterprise deployments, excluding Anchore UI
 ##
-image: docker.io/anchore/enterprise:v5.13.0
+image: docker.io/anchore/enterprise:v5.13.1
 
 ## @param imagePullPolicy Image pull policy used by all deployments
 ## ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
@@ -1435,7 +1435,7 @@ simpleQueue:
 ui:
   ## @param ui.image Image used for the Anchore UI container
   ##
-  image: docker.io/anchore/enterprise-ui:v5.13.0
+  image: docker.io/anchore/enterprise-ui:v5.13.1
 
   ## @param ui.imagePullPolicy Image pull policy for Anchore UI image
   ##