chore: Prepare v1.3.1 release

Signed-off-by: ashnamehrotra <[email protected]>
eraser-dev · Feb 1, 2024 · 1ba9a73 · 1ba9a73
1 parent 4eef4e6
commit 1ba9a73
Show file tree

Hide file tree

Showing 31 changed files with 1,096 additions and 108 deletions.
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-VERSION := v1.3.0
+VERSION := v1.3.1
 
 MANAGER_TAG ?= ${VERSION}
 TRIVY_SCANNER_TAG ?= ${VERSION}

diff --git a/charts/eraser/Chart.yaml b/charts/eraser/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: eraser
 description: A Helm chart for Eraser
 type: application
-version: 1.3.0
-appVersion: v1.3.0
+version: 1.3.1
+appVersion: v1.3.1
 home: https://github.com/eraser-dev/eraser
 sources:
   - https://github.com/eraser-dev/eraser.git
diff --git a/charts/eraser/templates/eraser-imagejob-pods-cluster-role-clusterrole.yaml b/charts/eraser/templates/eraser-imagejob-pods-cluster-role-clusterrole.yaml
diff --git a/charts/eraser/templates/eraser-manager-role-clusterrole.yaml b/charts/eraser/templates/eraser-manager-role-clusterrole.yaml
@@ -9,18 +9,6 @@ metadata:
     helm.sh/chart: '{{ template "eraser.name" . }}'
   name: eraser-manager-role
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - ""
   resources:
@@ -29,29 +17,6 @@ rules:
   - get
   - list
   - watch
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - update
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - podtemplates
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - eraser.sh
   resources:
@@ -61,8 +26,6 @@ rules:
   - delete
   - get
   - list
-  - patch
-  - update
   - watch
 - apiGroups:
   - eraser.sh
@@ -77,12 +40,8 @@ rules:
   resources:
   - imagelists
   verbs:
-  - create
-  - delete
   - get
   - list
-  - patch
-  - update
   - watch
 - apiGroups:
   - eraser.sh

diff --git a/charts/eraser/templates/eraser-manager-role-role.yaml b/charts/eraser/templates/eraser-manager-role-role.yaml
@@ -0,0 +1,47 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/instance: '{{ .Release.Name }}'
+    app.kubernetes.io/managed-by: '{{ .Release.Service }}'
+    app.kubernetes.io/name: '{{ template "eraser.name" . }}'
+    helm.sh/chart: '{{ template "eraser.name" . }}'
+  name: eraser-manager-role
+  namespace: '{{ .Release.Namespace }}'
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - podtemplates
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/...uster-rolebinding-clusterrolebinding.yaml → ...aser-manager-rolebinding-rolebinding.yaml b/...uster-rolebinding-clusterrolebinding.yaml → ...aser-manager-rolebinding-rolebinding.yaml
@@ -1,17 +1,18 @@
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
   labels:
     app.kubernetes.io/instance: '{{ .Release.Name }}'
     app.kubernetes.io/managed-by: '{{ .Release.Service }}'
     app.kubernetes.io/name: '{{ template "eraser.name" . }}'
     helm.sh/chart: '{{ template "eraser.name" . }}'
-  name: eraser-imagejob-pods-cluster-rolebinding
+  name: eraser-manager-rolebinding
+  namespace: '{{ .Release.Namespace }}'
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: eraser-imagejob-pods-cluster-role
+  kind: Role
+  name: eraser-manager-role
 subjects:
 - kind: ServiceAccount
-  name: eraser-imagejob-pods
+  name: eraser-controller-manager
   namespace: '{{ .Release.Namespace }}'
diff --git a/charts/eraser/values.yaml b/charts/eraser/values.yaml
@@ -39,7 +39,7 @@ runtimeConfig:
       enabled: true
       image:
         # repo: ""
-        tag: "v1.3.0"
+        tag: "v1.3.1"
       request: {}
         # mem: ""
         # cpu: ""
@@ -50,7 +50,7 @@ runtimeConfig:
       enabled: true
       image:
         # repo: ""
-        tag: "v1.3.0"
+        tag: "v1.3.1"
       request: {}
         # mem: ""
         # cpu: ""
@@ -81,7 +81,7 @@ runtimeConfig:
     remover:
       image:
         # repo: ""
-        tag: "v1.3.0"
+        tag: "v1.3.1"
       request: {}
         # mem: ""
         # cpu: ""
@@ -94,7 +94,7 @@ deploy:
     repo: ghcr.io/eraser-dev/eraser-manager
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "v1.3.0"
+    tag: "v1.3.1"
   additionalArgs: []
   priorityClassName: ""
 

diff --git a/deploy/eraser.yaml b/deploy/eraser.yaml
@@ -258,16 +258,11 @@ metadata:
   namespace: eraser-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  name: eraser-imagejob-pods-cluster-role
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
   creationTimestamp: null
   name: eraser-manager-role
+  namespace: eraser-system
 rules:
 - apiGroups:
   - ""
@@ -284,33 +279,40 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - nodes
+  - pods
   verbs:
+  - create
+  - delete
   - get
   - list
+  - update
   - watch
 - apiGroups:
   - ""
   resources:
-  - pods
+  - podtemplates
   verbs:
   - create
   - delete
   - get
   - list
+  - patch
   - update
   - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: eraser-manager-role
+rules:
 - apiGroups:
   - ""
   resources:
-  - podtemplates
+  - nodes
   verbs:
-  - create
-  - delete
   - get
   - list
-  - patch
-  - update
   - watch
 - apiGroups:
   - eraser.sh
@@ -321,8 +323,6 @@ rules:
   - delete
   - get
   - list
-  - patch
-  - update
   - watch
 - apiGroups:
   - eraser.sh
@@ -337,12 +337,8 @@ rules:
   resources:
   - imagelists
   verbs:
-  - create
-  - delete
   - get
   - list
-  - patch
-  - update
   - watch
 - apiGroups:
   - eraser.sh
@@ -354,16 +350,17 @@ rules:
   - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
-  name: eraser-imagejob-pods-cluster-rolebinding
+  name: eraser-manager-rolebinding
+  namespace: eraser-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: eraser-imagejob-pods-cluster-role
+  kind: Role
+  name: eraser-manager-role
 subjects:
 - kind: ServiceAccount
-  name: eraser-imagejob-pods
+  name: eraser-controller-manager
   namespace: eraser-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -413,7 +410,7 @@ data:
         enabled: true
         image:
           repo: ghcr.io/eraser-dev/collector
-          tag: v1.3.0
+          tag: v1.3.1
         request:
           mem: 25Mi
           cpu: 7m
@@ -425,7 +422,7 @@ data:
         enabled: true
         image:
           repo: ghcr.io/eraser-dev/eraser-trivy-scanner # supply custom image for custom scanner
-          tag: v1.3.0
+          tag: v1.3.1
         request:
           mem: 500Mi
           cpu: 1000m
@@ -462,7 +459,7 @@ data:
       remover:
         image:
           repo: ghcr.io/eraser-dev/remover
-          tag: v1.3.0
+          tag: v1.3.1
         request:
           mem: 25Mi
           # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#how-pods-with-resource-limits-are-run
@@ -505,7 +502,7 @@ spec:
               fieldPath: metadata.namespace
         - name: OTEL_SERVICE_NAME
           value: eraser-manager
-        image: ghcr.io/eraser-dev/eraser-manager:v1.3.0
+        image: ghcr.io/eraser-dev/eraser-manager:v1.3.1
         livenessProbe:
           httpGet:
             path: /healthz

diff --git a/docs/versioned_docs/version-v1.3.1/architecture.md b/docs/versioned_docs/version-v1.3.1/architecture.md
@@ -0,0 +1,21 @@
+---
+title: Architecture
+---
+At a high level, Eraser has two main modes of operation: manual and automated.
+
+Manual image removal involves supplying a list of images to remove; Eraser then
+deploys pods to clean up the images you supplied.
+
+Automated image removal runs on a timer. By default, the automated process
+removes images based on the results of a vulnerability scan. The default
+vulnerability scanner is Trivy, but others can be provided in its place. Or,
+the scanner can be disabled altogether, in which case Eraser acts as a garbage
+collector -- it will remove all non-running images in your cluster.
+
+## Manual image cleanup
+
+<img title="manual cleanup" src="/eraser/docs/img/eraser_manual.png" />
+
+## Automated analysis, scanning, and cleanup
+
+<img title="automated cleanup" src="/eraser/docs/img/eraser_timer.png" />
diff --git a/docs/versioned_docs/version-v1.3.1/code-of-conduct.md b/docs/versioned_docs/version-v1.3.1/code-of-conduct.md
@@ -0,0 +1,10 @@
+---
+title: Code of Conduct
+---
+
+This project has adopted the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
+
+Resources:
+
+- [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md)
+- [Code of Conduct Reporting](https://github.com/cncf/foundation/blob/main/code-of-conduct.md)