Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Prepare v1.4.0-beta.0 release #949

Merged
merged 1 commit into from
Jan 12, 2024
Merged

chore: Prepare v1.4.0-beta.0 release #949

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
VERSION := v1.3.0-beta.0
VERSION := v1.4.0-beta.0

MANAGER_TAG ?= ${VERSION}
TRIVY_SCANNER_TAG ?= ${VERSION}
Expand Down
4 changes: 2 additions & 2 deletions charts/eraser/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ apiVersion: v2
name: eraser
description: A Helm chart for Eraser
type: application
version: 1.3.0-beta.0
appVersion: v1.3.0-beta.0
version: 1.4.0-beta.0
appVersion: v1.4.0-beta.0
home: https://github.com/eraser-dev/eraser
sources:
- https://github.com/eraser-dev/eraser.git
15 changes: 9 additions & 6 deletions charts/eraser/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
runtimeConfig:
apiVersion: eraser.sh/v1alpha2
apiVersion: eraser.sh/v1alpha3
kind: EraserConfig
health: {}
# healthProbeBindAddress: :8081
Expand All @@ -11,7 +11,9 @@ runtimeConfig:
# leaderElect: true
# resourceName: e29e094a.k8s.io
manager:
runtime: containerd
runtime:
name: containerd
address: unix:///run/containerd/containerd.sock
otlpEndpoint: ""
logLevel: info
scheduling: {}
Expand All @@ -37,7 +39,7 @@ runtimeConfig:
enabled: true
image:
# repo: ""
tag: "v1.3.0-beta.0"
tag: "v1.4.0-beta.0"
request: {}
# mem: ""
# cpu: ""
Expand All @@ -48,7 +50,7 @@ runtimeConfig:
enabled: true
image:
# repo: ""
tag: "v1.3.0-beta.0"
tag: "v1.4.0-beta.0"
request: {}
# mem: ""
# cpu: ""
Expand All @@ -72,13 +74,14 @@ runtimeConfig:
# - HIGH
# - MEDIUM
# - LOW
# ignoredStatuses:
# timeout:
# total: 23h
# perImage: 1h
remover:
image:
# repo: ""
tag: "v1.3.0-beta.0"
tag: "v1.4.0-beta.0"
request: {}
# mem: ""
# cpu: ""
Expand All @@ -91,7 +94,7 @@ deploy:
repo: ghcr.io/eraser-dev/eraser-manager
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v1.3.0-beta.0"
tag: "v1.4.0-beta.0"
additionalArgs: []
priorityClassName: ""

Expand Down
15 changes: 9 additions & 6 deletions deploy/eraser.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -382,10 +382,12 @@ subjects:
apiVersion: v1
data:
controller_manager_config.yaml: |
apiVersion: eraser.sh/v1alpha2
apiVersion: eraser.sh/v1alpha3
kind: EraserConfig
manager:
runtime: containerd
runtime:
name: containerd
address: unix:///run/containerd/containerd.sock
otlpEndpoint: ""
logLevel: info
scheduling:
Expand All @@ -411,7 +413,7 @@ data:
enabled: true
image:
repo: ghcr.io/eraser-dev/collector
tag: v1.3.0-beta.0
tag: v1.4.0-beta.0
request:
mem: 25Mi
cpu: 7m
Expand All @@ -423,7 +425,7 @@ data:
enabled: true
image:
repo: ghcr.io/eraser-dev/eraser-trivy-scanner # supply custom image for custom scanner
tag: v1.3.0-beta.0
tag: v1.4.0-beta.0
request:
mem: 500Mi
cpu: 1000m
Expand Down Expand Up @@ -453,13 +455,14 @@ data:
- HIGH
- MEDIUM
- LOW
ignoredStatuses:
timeout:
total: 23h
perImage: 1h
remover:
image:
repo: ghcr.io/eraser-dev/remover
tag: v1.3.0-beta.0
tag: v1.4.0-beta.0
request:
mem: 25Mi
# https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#how-pods-with-resource-limits-are-run
Expand Down Expand Up @@ -502,7 +505,7 @@ spec:
fieldPath: metadata.namespace
- name: OTEL_SERVICE_NAME
value: eraser-manager
image: ghcr.io/eraser-dev/eraser-manager:v1.3.0-beta.0
image: ghcr.io/eraser-dev/eraser-manager:v1.4.0-beta.0
livenessProbe:
httpGet:
path: /healthz
Expand Down
21 changes: 21 additions & 0 deletions docs/versioned_docs/version-v1.4.0-beta.0/architecture.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
title: Architecture
---
At a high level, Eraser has two main modes of operation: manual and automated.

Manual image removal involves supplying a list of images to remove; Eraser then
deploys pods to clean up the images you supplied.

Automated image removal runs on a timer. By default, the automated process
removes images based on the results of a vulnerability scan. The default
vulnerability scanner is Trivy, but others can be provided in its place. Or,
the scanner can be disabled altogether, in which case Eraser acts as a garbage
collector -- it will remove all non-running images in your cluster.

## Manual image cleanup

<img title="manual cleanup" src="/eraser/docs/img/eraser_manual.png" />

## Automated analysis, scanning, and cleanup

<img title="automated cleanup" src="/eraser/docs/img/eraser_timer.png" />
10 changes: 10 additions & 0 deletions docs/versioned_docs/version-v1.4.0-beta.0/code-of-conduct.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
title: Code of Conduct
---

This project has adopted the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).

Resources:

- [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md)
- [Code of Conduct Reporting](https://github.com/cncf/foundation/blob/main/code-of-conduct.md)
14 changes: 14 additions & 0 deletions docs/versioned_docs/version-v1.4.0-beta.0/contributing.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
---
title: Contributing
---

There are several ways to get involved with Eraser

- Join the [mailing list](https://groups.google.com/u/1/g/eraser-dev) to get notifications for releases, security announcements, etc.
- Participate in the [biweekly community meetings](https://docs.google.com/document/d/1Sj5u47K3WUGYNPmQHGFpb52auqZb1FxSlWAQnPADhWI/edit) to disucss development, issues, use cases, etc.
- Join the `#eraser` channel on the [Kubernetes Slack](https://slack.k8s.io/)
- View the [development setup instructions](https://eraser-dev.github.io/eraser/docs/development)

This project welcomes contributions and suggestions.

This project has adopted the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
12 changes: 12 additions & 0 deletions docs/versioned_docs/version-v1.4.0-beta.0/custom-scanner.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
title: Custom Scanner
---

## Creating a Custom Scanner
To create a custom scanner for non-compliant images, use the following [template](https://github.com/eraser-dev/eraser-scanner-template/).

In order to customize your scanner, start by creating a `NewImageProvider()`. The ImageProvider interface can be found can be found [here](../../pkg/scanners/template/scanner_template.go).

The ImageProvider will allow you to retrieve the list of all non-running and non-excluded images from the collector container through the `ReceiveImages()` function. Process these images with your customized scanner and threshold, and use `SendImages()` to pass the images found non-compliant to the eraser container for removal. Finally, complete the scanning process by calling `Finish()`.

When complete, provide your custom scanner image to Eraser in deployment.
Loading
Loading