Skip to content

Commit

Permalink
chore: Prepare v1.4.0-beta.0 release (#949)
Browse files Browse the repository at this point in the history
Signed-off-by: Sertac Ozercan <[email protected]>
Co-authored-by: ashnamehrotra <[email protected]>
  • Loading branch information
github-actions[bot] and ashnamehrotra authored Jan 12, 2024
1 parent 0dd595c commit ef4af34
Show file tree
Hide file tree
Showing 27 changed files with 1,031 additions and 31 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
VERSION := v1.3.0-beta.0
VERSION := v1.4.0-beta.0

MANAGER_TAG ?= ${VERSION}
TRIVY_SCANNER_TAG ?= ${VERSION}
Expand Down
4 changes: 2 additions & 2 deletions charts/eraser/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ apiVersion: v2
name: eraser
description: A Helm chart for Eraser
type: application
version: 1.3.0-beta.0
appVersion: v1.3.0-beta.0
version: 1.4.0-beta.0
appVersion: v1.4.0-beta.0
home: https://github.com/eraser-dev/eraser
sources:
- https://github.com/eraser-dev/eraser.git
15 changes: 9 additions & 6 deletions charts/eraser/values.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
runtimeConfig:
apiVersion: eraser.sh/v1alpha2
apiVersion: eraser.sh/v1alpha3
kind: EraserConfig
health: {}
# healthProbeBindAddress: :8081
Expand All @@ -11,7 +11,9 @@ runtimeConfig:
# leaderElect: true
# resourceName: e29e094a.k8s.io
manager:
runtime: containerd
runtime:
name: containerd
address: unix:///run/containerd/containerd.sock
otlpEndpoint: ""
logLevel: info
scheduling: {}
Expand All @@ -37,7 +39,7 @@ runtimeConfig:
enabled: true
image:
# repo: ""
tag: "v1.3.0-beta.0"
tag: "v1.4.0-beta.0"
request: {}
# mem: ""
# cpu: ""
Expand All @@ -48,7 +50,7 @@ runtimeConfig:
enabled: true
image:
# repo: ""
tag: "v1.3.0-beta.0"
tag: "v1.4.0-beta.0"
request: {}
# mem: ""
# cpu: ""
Expand All @@ -72,13 +74,14 @@ runtimeConfig:
# - HIGH
# - MEDIUM
# - LOW
# ignoredStatuses:
# timeout:
# total: 23h
# perImage: 1h
remover:
image:
# repo: ""
tag: "v1.3.0-beta.0"
tag: "v1.4.0-beta.0"
request: {}
# mem: ""
# cpu: ""
Expand All @@ -91,7 +94,7 @@ deploy:
repo: ghcr.io/eraser-dev/eraser-manager
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v1.3.0-beta.0"
tag: "v1.4.0-beta.0"
additionalArgs: []
priorityClassName: ""

Expand Down
15 changes: 9 additions & 6 deletions deploy/eraser.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -382,10 +382,12 @@ subjects:
apiVersion: v1
data:
controller_manager_config.yaml: |
apiVersion: eraser.sh/v1alpha2
apiVersion: eraser.sh/v1alpha3
kind: EraserConfig
manager:
runtime: containerd
runtime:
name: containerd
address: unix:///run/containerd/containerd.sock
otlpEndpoint: ""
logLevel: info
scheduling:
Expand All @@ -411,7 +413,7 @@ data:
enabled: true
image:
repo: ghcr.io/eraser-dev/collector
tag: v1.3.0-beta.0
tag: v1.4.0-beta.0
request:
mem: 25Mi
cpu: 7m
Expand All @@ -423,7 +425,7 @@ data:
enabled: true
image:
repo: ghcr.io/eraser-dev/eraser-trivy-scanner # supply custom image for custom scanner
tag: v1.3.0-beta.0
tag: v1.4.0-beta.0
request:
mem: 500Mi
cpu: 1000m
Expand Down Expand Up @@ -453,13 +455,14 @@ data:
- HIGH
- MEDIUM
- LOW
ignoredStatuses:
timeout:
total: 23h
perImage: 1h
remover:
image:
repo: ghcr.io/eraser-dev/remover
tag: v1.3.0-beta.0
tag: v1.4.0-beta.0
request:
mem: 25Mi
# https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#how-pods-with-resource-limits-are-run
Expand Down Expand Up @@ -502,7 +505,7 @@ spec:
fieldPath: metadata.namespace
- name: OTEL_SERVICE_NAME
value: eraser-manager
image: ghcr.io/eraser-dev/eraser-manager:v1.3.0-beta.0
image: ghcr.io/eraser-dev/eraser-manager:v1.4.0-beta.0
livenessProbe:
httpGet:
path: /healthz
Expand Down
21 changes: 21 additions & 0 deletions docs/versioned_docs/version-v1.4.0-beta.0/architecture.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
title: Architecture
---
At a high level, Eraser has two main modes of operation: manual and automated.

Manual image removal involves supplying a list of images to remove; Eraser then
deploys pods to clean up the images you supplied.

Automated image removal runs on a timer. By default, the automated process
removes images based on the results of a vulnerability scan. The default
vulnerability scanner is Trivy, but others can be provided in its place. Or,
the scanner can be disabled altogether, in which case Eraser acts as a garbage
collector -- it will remove all non-running images in your cluster.

## Manual image cleanup

<img title="manual cleanup" src="/eraser/docs/img/eraser_manual.png" />

## Automated analysis, scanning, and cleanup

<img title="automated cleanup" src="/eraser/docs/img/eraser_timer.png" />
10 changes: 10 additions & 0 deletions docs/versioned_docs/version-v1.4.0-beta.0/code-of-conduct.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
title: Code of Conduct
---

This project has adopted the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).

Resources:

- [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md)
- [Code of Conduct Reporting](https://github.com/cncf/foundation/blob/main/code-of-conduct.md)
14 changes: 14 additions & 0 deletions docs/versioned_docs/version-v1.4.0-beta.0/contributing.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
title: Contributing
---

There are several ways to get involved with Eraser

- Join the [mailing list](https://groups.google.com/u/1/g/eraser-dev) to get notifications for releases, security announcements, etc.
- Participate in the [biweekly community meetings](https://docs.google.com/document/d/1Sj5u47K3WUGYNPmQHGFpb52auqZb1FxSlWAQnPADhWI/edit) to disucss development, issues, use cases, etc.
- Join the `#eraser` channel on the [Kubernetes Slack](https://slack.k8s.io/)
- View the [development setup instructions](https://eraser-dev.github.io/eraser/docs/development)

This project welcomes contributions and suggestions.

This project has adopted the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
12 changes: 12 additions & 0 deletions docs/versioned_docs/version-v1.4.0-beta.0/custom-scanner.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
title: Custom Scanner
---

## Creating a Custom Scanner
To create a custom scanner for non-compliant images, use the following [template](https://github.com/eraser-dev/eraser-scanner-template/).

In order to customize your scanner, start by creating a `NewImageProvider()`. The ImageProvider interface can be found can be found [here](../../pkg/scanners/template/scanner_template.go).

The ImageProvider will allow you to retrieve the list of all non-running and non-excluded images from the collector container through the `ReceiveImages()` function. Process these images with your customized scanner and threshold, and use `SendImages()` to pass the images found non-compliant to the eraser container for removal. Finally, complete the scanning process by calling `Finish()`.

When complete, provide your custom scanner image to Eraser in deployment.
Loading

0 comments on commit ef4af34

Please sign in to comment.