-
Notifications
You must be signed in to change notification settings - Fork 60
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: ashnamehrotra <[email protected]>
- Loading branch information
1 parent
4eef4e6
commit 1ba9a73
Showing
31 changed files
with
1,096 additions
and
108 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
VERSION := v1.3.0 | ||
VERSION := v1.3.1 | ||
|
||
MANAGER_TAG ?= ${VERSION} | ||
TRIVY_SCANNER_TAG ?= ${VERSION} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 0 additions & 10 deletions
10
charts/eraser/templates/eraser-imagejob-pods-cluster-role-clusterrole.yaml
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
creationTimestamp: null | ||
labels: | ||
app.kubernetes.io/instance: '{{ .Release.Name }}' | ||
app.kubernetes.io/managed-by: '{{ .Release.Service }}' | ||
app.kubernetes.io/name: '{{ template "eraser.name" . }}' | ||
helm.sh/chart: '{{ template "eraser.name" . }}' | ||
name: eraser-manager-role | ||
namespace: '{{ .Release.Namespace }}' | ||
rules: | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- configmaps | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- pods | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- update | ||
- watch | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- podtemplates | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch |
11 changes: 6 additions & 5 deletions
11
...uster-rolebinding-clusterrolebinding.yaml → ...aser-manager-rolebinding-rolebinding.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,18 @@ | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
kind: RoleBinding | ||
metadata: | ||
labels: | ||
app.kubernetes.io/instance: '{{ .Release.Name }}' | ||
app.kubernetes.io/managed-by: '{{ .Release.Service }}' | ||
app.kubernetes.io/name: '{{ template "eraser.name" . }}' | ||
helm.sh/chart: '{{ template "eraser.name" . }}' | ||
name: eraser-imagejob-pods-cluster-rolebinding | ||
name: eraser-manager-rolebinding | ||
namespace: '{{ .Release.Namespace }}' | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: eraser-imagejob-pods-cluster-role | ||
kind: Role | ||
name: eraser-manager-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: eraser-imagejob-pods | ||
name: eraser-controller-manager | ||
namespace: '{{ .Release.Namespace }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
--- | ||
title: Architecture | ||
--- | ||
At a high level, Eraser has two main modes of operation: manual and automated. | ||
|
||
Manual image removal involves supplying a list of images to remove; Eraser then | ||
deploys pods to clean up the images you supplied. | ||
|
||
Automated image removal runs on a timer. By default, the automated process | ||
removes images based on the results of a vulnerability scan. The default | ||
vulnerability scanner is Trivy, but others can be provided in its place. Or, | ||
the scanner can be disabled altogether, in which case Eraser acts as a garbage | ||
collector -- it will remove all non-running images in your cluster. | ||
|
||
## Manual image cleanup | ||
|
||
<img title="manual cleanup" src="/eraser/docs/img/eraser_manual.png" /> | ||
|
||
## Automated analysis, scanning, and cleanup | ||
|
||
<img title="automated cleanup" src="/eraser/docs/img/eraser_timer.png" /> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- | ||
title: Code of Conduct | ||
--- | ||
|
||
This project has adopted the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md). | ||
|
||
Resources: | ||
|
||
- [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md) | ||
- [Code of Conduct Reporting](https://github.com/cncf/foundation/blob/main/code-of-conduct.md) |
Oops, something went wrong.