Anchore Engine Helm Chart Changes

As part of my upcoming article about installing Anchore Engine on OpenShift with Helm, I've made a couple of changes to the official **anchore-engine** helm chart (the blueprint for installing Anchore Engine on Kubernetes).

Anchore Engine Helm Chart Changes

As part of my upcoming article about installing Anchore Engine on OpenShift with Helm, I've made a couple of changes to the official anchore-engine helm chart (the blueprint for installing Anchore Engine on Kubernetes), which you can find here:

https://github.com/helm/charts/tree/master/stable/anchore-engine

The changes are related to the fact that I'm going to use the PostgreSQL database that comes as part of OpenShift. The chart is not correctly checking to see if we want to use an external database in a couple places. It is also defined as a formal dependency of the Anchore Engine chart, even though we can install the engine chart without installing the PostgreSQL chart.

First, I'm going to comment out the requirement of postgresql in requirements.yaml (or I could simply remove the requirements file), so that I don't need it to run the chart:


diff --git a/stable/anchore-engine/requirements.yaml b/stable/anchore-engine/requirem
ents.yaml
index 13a717f..a51f0e9 100644
--- a/stable/anchore-engine/requirements.yaml
+++ b/stable/anchore-engine/requirements.yaml
@@ -1,5 +1,5 @@
 dependencies:
-  - name: postgresql
-    version: "*"
-    repository: "alias:stable"
-    condition: postgresql.enabled
+#   - name: postgresql
+#     version: "*"
+#     repository: "alias:stable"
+#     condition: postgresql.enabled

Next, I'm going to modify the hardcoded value for the DB Host in the templates/core_deployment.yaml and templates/worker_deployment.yaml files so that it takes the postgresql.enabled flag into account (I don't want the generated name that comes as part of the postgresql template - I want to use the postgresql.externalEndpoint value):


diff --git a/stable/anchore-engine/templates/core_deployment.yaml b/stable/anchore-engine/templates/core_deployment.yaml
index d818a89..d98efc0 100644
--- a/stable/anchore-engine/templates/core_deployment.yaml
+++ b/stable/anchore-engine/templates/core_deployment.yaml
@@ -44,7 +44,11 @@ spec:
         - name: ANCHORE_DB
           value: {{ .Values.postgresql.postgresDatabase }}
         - name: ANCHORE_DB_HOST
+          {{ if .Values.postgresql.enabled }}
           value: {{ template "postgres.fullname" . }}
+          {{ else }}
+          value: {{ .Values.postgresql.externalEndpoint }}
+          {{ end }}
         - name: ANCHORE_IO_USER
           valueFrom:
             secretKeyRef:

diff --git a/stable/anchore-engine/templates/worker_deployment.yaml b/stable/anchore-
engine/templates/worker_deployment.yaml
index e84b37e..6090a42 100644
--- a/stable/anchore-engine/templates/worker_deployment.yaml
+++ b/stable/anchore-engine/templates/worker_deployment.yaml
@@ -25,7 +25,11 @@ spec:
         - name: ANCHORE_DB
           value: {{ .Values.postgresql.postgresDatabase }}
         - name: ANCHORE_DB_HOST
-          value: {{ template "postgres.fullname" . }}
+          {{ if .Values.postgresql.enabled  }}
+          value: {{ template "postgres.fullname" .  }}
+          {{ else  }}
+          value: {{ .Values.postgresql.externalEndpoint  }}
+          {{ end  }}
         - name: ANCHORE_DB_USER
           valueFrom:
             secretKeyRef:

Finally, although the core_configmap.yaml checks the postresql.enabled flag, the worker_configmap.yaml does not:


diff --git a/stable/anchore-engine/templates/worker_configmap.yaml b/stable/anchore-engine/templates/worker_configmap.yaml
index 28e7922..f01f42f 100644
--- a/stable/anchore-engine/templates/worker_configmap.yaml
+++ b/stable/anchore-engine/templates/worker_configmap.yaml
@@ -35,7 +35,11 @@ data:
            #auto_policy_sync: true

       database:
-        db_connect: "postgresql+pg8000://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@${ANCHORE_DB_HOST}:5432/${ANCHORE_DB}"
+        {{ if .Values.postgresql.enabled }}
+        db_connect: 'postgresql+pg8000://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@{{ template "postgres.fullname" . }}:5432/{{ .Values.postgresql.postgresDatabase }}'
+        {{ else }}
+        db_connect: 'postgresql+pg8000://${ANCHORE_DB_USER}:${ANCHORE_DB_PASSWORD}@{{ .Values.postgresql.externalEndpoint}}/{{ .Values.postgresql.postgresDatabase }}'
+        {{ end }}
         db_connect_args:
           timeout: 120

I am going to change some values in the values.yaml to enable my external database and set the user, password, database name and database host:


diff --git a/stable/anchore-engine/values.yaml b/stable/anchore-engine/values.yaml
index 6b79bb8..afb4486 100644
--- a/stable/anchore-engine/values.yaml
+++ b/stable/anchore-engine/values.yaml
@@ -29,15 +29,15 @@ ingress:

 # Dependency on Postgresql, configure here
 postgresql:
-  enabled: true
-  postgresUser: anchoreengine
-  postgresPassword: anchore-postgres,123
+  enabled: false
+  postgresUser: anchore
+  postgresPassword: mysecretpassword
   postgresDatabase: anchore


   # Use this config if you set enabled=False and want to specify an external (already existing) postres deployment for use.
   # Set this to the host and port. eg. mypostgres.myserver.io:5432
-  externalEndpoint: Null
+  externalEndpoint: anchore-db:5432


 # Global configuration shared by both core and worker

The updated chart is available at https://github.com/openshiftninja/anchore-engine-helm.

Related Article