Adds support for sidecars to address #511 (#531)

blang9238 · HN23 · web-flow · commit 1002fd5b9e7a · 2025-12-05T14:15:22.000-05:00
* enterprise: adding support for additional initContainers
* enterprise: bumping chart version to 3.18, update readme and adding sidecar keys to jobs in values
Signed-off-by: Ben Lang &lt;blang@anchore.com&gt;
Signed-off-by: Hung Nguyen &lt;me@hnguy.com&gt;

---------

Signed-off-by: Ben Lang &lt;blang@anchore.com&gt;
Signed-off-by: Hung Nguyen &lt;me@hnguy.com&gt;
Co-authored-by: Hung Nguyen &lt;me@hnguy.com&gt;
diff --git a/stable/enterprise/.helmignore b/stable/enterprise/.helmignore
@@ -1,2 +1,4 @@
 .git
+.DS_Store
+*/.DS_Store
 examples/
diff --git a/stable/enterprise/Chart.yaml b/stable/enterprise/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: enterprise
-version: "3.17.2"
+version: "3.18.0"
 appVersion: "5.23.0"
 kubeVersion: 1.23.x - 1.34.x || 1.23.x-x - 1.34.x-x
 description: |
diff --git a/stable/enterprise/README.md b/stable/enterprise/README.md
diff --git a/stable/enterprise/templates/_common.tpl b/stable/enterprise/templates/_common.tpl
@@ -468,6 +468,49 @@ Setup the common anchore volume mounts
 {{- end }}
 {{- end -}}
 
+{{/*
+Helper: returns a truthy value if any initContainers (global or component-specific)
+are configured for the given component.
+
+Usage:
+  {{- if include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .) }}
+    ...
+  {{- end }}
+*/}}
+{{- define "enterprise.common.hasInitContainers" -}}
+{{- $component := .component -}}
+
+{{- with .Values.initContainers -}}
+true
+{{- end }}
+
+{{- if $component }}
+  {{- with (index .Values (print $component)).initContainers -}}
+true
+  {{- end }}
+{{- end }}
+
+{{- end -}}
+
+{{/*
+Render initContainers for a specific component
+Usage: {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
+*/}}
+{{- define "enterprise.common.initContainers" -}}
+{{- $component := .component -}}
+
+{{/* First add any global initContainers */}}
+{{- with .Values.initContainers }}
+{{ toYaml . }}
+{{- end }}
+
+{{/* Then add component-specific initContainers */}}
+{{- if $component }}
+  {{- with (index .Values (print $component)).initContainers }}
+{{ toYaml . }}
+  {{- end }}
+{{- end }}
+{{- end -}}
 
 {{/*
 Setup the common anchore volumes
@@ -522,4 +565,4 @@ When calling this template, .anchoreService can be included in the context for a
 {{- toYaml $server | nindent 6 }}
 {{- else -}}
 {}{{- end }}
-{{- end }}
+{{- end }}
diff --git a/stable/enterprise/templates/analyzer_deployment.yaml b/stable/enterprise/templates/analyzer_deployment.yaml
@@ -30,12 +30,19 @@ spec:
         - name: analyzer-config-volume
           configMap:
             name: {{ template "enterprise.analyzer.fullname" . }}
-    {{- if or (and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup) (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar)) }}
+      {{- if or
+            (and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup)
+            (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar))
+            (include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .))
+        }}
       initContainers:
         {{- if and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup }}
         {{- include "enterprise.common.fixPermissionsInitContainer" . | nindent 8 }}
         {{- end -}}
+        {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
         {{- include "enterprise.common.cloudsqlInitContainer" . | nindent 8 }}
+        {{- end }}
+        {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
     {{- end }}
       containers:
         {{- include "enterprise.common.cloudsqlContainer" . | nindent 8 }}
diff --git a/stable/enterprise/templates/api_deployment.yaml b/stable/enterprise/templates/api_deployment.yaml
@@ -32,9 +32,15 @@ spec:
           configMap:
             name: {{ template "enterprise.fullname" . }}-policy-bundles
       {{- end }}
-      {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
+      {{- if or
+            (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar))
+            (include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .))
+        }}
       initContainers:
+        {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
+        {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
         {{- include "enterprise.common.cloudsqlInitContainer" . | nindent 8 }}
+        {{- end }}
       {{- end }}
       containers:
         {{- include "enterprise.common.cloudsqlContainer" . | nindent 8 }}
diff --git a/stable/enterprise/templates/catalog_deployment.yaml b/stable/enterprise/templates/catalog_deployment.yaml
@@ -34,12 +34,19 @@ spec:
           configMap:
             name: {{ template "enterprise.fullname" . }}-policy-bundles
       {{- end }}
-    {{- if or (and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup) (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar)) }}
+      {{- if or
+            (and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup)
+            (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar))
+            (include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .))
+        }}
       initContainers:
         {{- if and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup }}
         {{- include "enterprise.common.fixPermissionsInitContainer" . | nindent 8 }}
         {{- end -}}
+        {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
         {{- include "enterprise.common.cloudsqlInitContainer" . | nindent 8 }}
+        {{- end }}
+        {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
     {{- end }}
       containers:
       {{- if .Values.cloudsql.enabled  }}
diff --git a/stable/enterprise/templates/datasyncer_deployment.yaml b/stable/enterprise/templates/datasyncer_deployment.yaml
@@ -26,12 +26,19 @@ spec:
       volumes: {{- include "enterprise.common.volumes" (merge (dict "component" $component) .) | nindent 8 }}
         - name: anchore-scratch
           {{- include "enterprise.common.scratchVolume.details" (merge (dict "component" $component) .) | nindent 10 }}
-    {{- if or (and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup) (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar)) }}
+      {{- if or
+            (and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup)
+            (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar))
+            (include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .))
+        }}
       initContainers:
         {{- if and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup }}
         {{- include "enterprise.common.fixPermissionsInitContainer" . | nindent 8 }}
         {{- end -}}
+        {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
         {{- include "enterprise.common.cloudsqlInitContainer" . | nindent 8 }}
+        {{- end }}
+        {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
     {{- end }}
       containers:
       {{- if .Values.cloudsql.enabled  }}
diff --git a/stable/enterprise/templates/hooks/post-upgrade/upgrade_job.yaml b/stable/enterprise/templates/hooks/post-upgrade/upgrade_job.yaml
@@ -35,9 +35,15 @@ spec:
           secret:
             secretName: {{ .Values.cloudsql.serviceAccSecretName }}
       {{- end }}
-      {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
+      {{- if or
+            (and .Values.cloudsql.enabled .Values.cloudsql.useSideCar)
+            (include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .))
+        }}
       initContainers:
+        {{- if and .Values.cloudsql.enabled .Values.cloudsql.useSideCar }}
         {{- include "enterprise.common.cloudsqlContainer" . | nindent 8 }}
+        {{- end }}
+        {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
       {{- end }}
       containers:
         {{- if and (.Values.cloudsql.enabled) (not .Values.cloudsql.useSideCar) }}
diff --git a/stable/enterprise/templates/hooks/pre-upgrade/object_store_analysis_archive_migration_job.yaml b/stable/enterprise/templates/hooks/pre-upgrade/object_store_analysis_archive_migration_job.yaml
@@ -99,6 +99,9 @@ spec:
           {{- with .Values.osaaMigrationJob.resources }}
           resources: {{- toYaml . | nindent 12 }}
           {{- end }}
+        {{- if include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .) }}
+        {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
+        {{- end }}
       containers:
       {{- if .Values.cloudsql.enabled  }}
         {{- include "enterprise.common.cloudsqlContainer" . | nindent 8 }}
diff --git a/stable/enterprise/templates/hooks/pre-upgrade/upgrade_job.yaml b/stable/enterprise/templates/hooks/pre-upgrade/upgrade_job.yaml
@@ -39,7 +39,11 @@ spec:
           secret:
             secretName: {{ .Values.cloudsql.serviceAccSecretName }}
       {{- end }}
-      {{- if or (eq (include "enterprise.appVersionChanged" .) "true") (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar)) }}
+      {{- if or
+            (eq (include "enterprise.appVersionChanged" .) "true")
+            (and .Values.cloudsql.enabled .Values.cloudsql.useSideCar)
+            (include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .))
+        }}
       initContainers:
       {{- if eq (include "enterprise.appVersionChanged" .) "true" }}
         - name: scale-down-anchore
@@ -87,6 +91,9 @@ spec:
           resources: {{- toYaml . | nindent 12 }}
           {{- end }}
           {{- end }}
+          {{- if include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .) }}
+          {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
+          {{- end }}
           {{- include "enterprise.common.cloudsqlInitContainer" . | nindent 8 }}
       {{- end }}
       containers:
diff --git a/stable/enterprise/templates/notifications_deployment.yaml b/stable/enterprise/templates/notifications_deployment.yaml
@@ -24,9 +24,15 @@ spec:
     spec:
       {{- include "enterprise.common.podSpec" (merge (dict "component" $component) .) | indent 6 }}
       volumes: {{- include "enterprise.common.volumes" (merge (dict "component" $component) .) | nindent 8 }}
-      {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
+      {{- if or
+            (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar))
+            (include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .))
+        }}
       initContainers:
+        {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
+        {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
         {{- include "enterprise.common.cloudsqlInitContainer" . | nindent 8 }}
+        {{- end }}
       {{- end }}
       containers:
       {{- if .Values.cloudsql.enabled  }}
diff --git a/stable/enterprise/templates/policyengine_deployment.yaml b/stable/enterprise/templates/policyengine_deployment.yaml
@@ -25,12 +25,19 @@ spec:
       volumes: {{- include "enterprise.common.volumes" (merge (dict "component" $component) .) | nindent 8 }}
         - name: anchore-scratch
           {{- include "enterprise.common.scratchVolume.details" (merge (dict "component" $component) .) | nindent 10 }}
-    {{- if or (and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup) (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar)) }}
+      {{- if or
+            (and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup)
+            (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar))
+            (include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .))
+        }}
       initContainers:
         {{- if and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup }}
         {{- include "enterprise.common.fixPermissionsInitContainer" . | nindent 8 }}
         {{- end -}}
+        {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
         {{- include "enterprise.common.cloudsqlInitContainer" . | nindent 8 }}
+        {{- end }}
+        {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
     {{- end }}
       containers:
       {{- if .Values.cloudsql.enabled  }}
diff --git a/stable/enterprise/templates/reports_deployment.yaml b/stable/enterprise/templates/reports_deployment.yaml
@@ -28,12 +28,19 @@ spec:
         - name: "anchore-scratch"
           {{- include "enterprise.common.scratchVolume.details" (merge (dict "component" $component) .) | nindent 10 }}
       {{- end }}
-    {{- if or (and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup .Values.anchoreConfig.reports.use_volume) (and .Values.cloudsql.enabled .Values.cloudsql.useSideCar) }}
+      {{- if or
+            (and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup .Values.anchoreConfig.reports.use_volume)
+            (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar))
+            (include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .))
+        }}
       initContainers:
         {{- if and .Values.scratchVolume.fixGroupPermissions .Values.securityContext.fsGroup .Values.anchoreConfig.reports.use_volume }}
         {{- include "enterprise.common.fixPermissionsInitContainer" . | nindent 8 }}
         {{- end -}}
+        {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
+        {{- if and .Values.cloudsql.enabled .Values.cloudsql.useSideCar }}
         {{- include "enterprise.common.cloudsqlInitContainer" . | nindent 8 }}
+        {{- end }}
     {{- end }}
       containers:
       {{- if .Values.cloudsql.enabled  }}
diff --git a/stable/enterprise/templates/reportsworker_deployment.yaml b/stable/enterprise/templates/reportsworker_deployment.yaml
@@ -24,9 +24,15 @@ spec:
     spec:
       {{- include "enterprise.common.podSpec" (merge (dict "component" $component) .) | indent 6 }}
       volumes: {{- include "enterprise.common.volumes" (merge (dict "component" $component) .) | nindent 8 }}
-      {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
+      {{- if or
+            (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar))
+            (include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .))
+        }}
       initContainers:
+        {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
+        {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
         {{- include "enterprise.common.cloudsqlInitContainer" . | nindent 8 }}
+        {{- end }}
       {{- end }}
       containers:
       {{- if and (.Values.cloudsql.enabled) (not .Values.cloudsql.useSideCar) }}
diff --git a/stable/enterprise/templates/simplequeue_deployment.yaml b/stable/enterprise/templates/simplequeue_deployment.yaml
@@ -23,9 +23,15 @@ spec:
     spec:
       {{- include "enterprise.common.podSpec" (merge (dict "component" $component) .) | indent 6 }}
       volumes: {{- include "enterprise.common.volumes" (merge (dict "component" $component) .) | nindent 8 }}
-      {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
+      {{- if or
+            (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar))
+            (include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .))
+        }}
       initContainers:
+        {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
+        {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
         {{- include "enterprise.common.cloudsqlInitContainer" . | nindent 8 }}
+        {{- end }}
       {{- end }}
       containers:
       {{- if .Values.cloudsql.enabled  }}
diff --git a/stable/enterprise/templates/ui_deployment.yaml b/stable/enterprise/templates/ui_deployment.yaml
@@ -39,9 +39,15 @@ spec:
           secret:
             secretName: {{ .Values.cloudsql.serviceAccSecretName }}
       {{- end }}
-      {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
+      {{- if or
+            (and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar))
+            (include "enterprise.common.hasInitContainers" (merge (dict "component" $component) .))
+        }}
       initContainers:
+        {{- include "enterprise.common.initContainers" (merge (dict "component" $component) .) | nindent 8 }}
+        {{- if and (.Values.cloudsql.enabled) (.Values.cloudsql.useSideCar) }}
         {{- include "enterprise.common.cloudsqlInitContainer" . | nindent 8 }}
+        {{- end }}
       {{- end }}
       containers:
         {{- if .Values.cloudsql.enabled }}
diff --git a/stable/enterprise/values.yaml b/stable/enterprise/values.yaml
