Skip to content

Commit

Permalink
Add fields for scanner volume mounts
Browse files Browse the repository at this point in the history
Signed-off-by: Zhecheng Li <[email protected]>
  • Loading branch information
lzhecheng committed Aug 16, 2024
1 parent 142f1d5 commit d819789
Show file tree
Hide file tree
Showing 16 changed files with 84 additions and 7 deletions.
7 changes: 5 additions & 2 deletions api/unversioned/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,11 @@ import (
"sync"
"time"

v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"

"github.com/eraser-dev/eraser/api/unversioned"
"github.com/eraser-dev/eraser/version"
"k8s.io/apimachinery/pkg/api/resource"
)

var defaultScannerConfig = `
Expand Down Expand Up @@ -142,7 +144,8 @@ func Default() *unversioned.EraserConfig {
Mem: resource.MustParse("2Gi"),
CPU: resource.MustParse("1500m"),
},
Config: &defaultScannerConfig,
Config: &defaultScannerConfig,
Volumes: []v1.Volume{},
},
},
Remover: unversioned.ContainerConfig{
Expand Down
2 changes: 2 additions & 0 deletions api/unversioned/eraserconfig_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"net/url"
"time"

corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
Expand Down Expand Up @@ -153,6 +154,7 @@ type ContainerConfig struct {
Request ResourceRequirements `json:"request,omitempty"`
Limit ResourceRequirements `json:"limit,omitempty"`
Config *string `json:"config,omitempty"`
Volumes []corev1.Volume `json:"volumes,omitempty"`
}

type ManagerConfig struct {
Expand Down
8 changes: 8 additions & 0 deletions api/unversioned/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions api/v1alpha1/eraserconfig_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"time"

"github.com/eraser-dev/eraser/api/unversioned"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/conversion"
Expand Down Expand Up @@ -88,6 +89,7 @@ type ContainerConfig struct {
Request ResourceRequirements `json:"request,omitempty"`
Limit ResourceRequirements `json:"limit,omitempty"`
Config *string `json:"config,omitempty"`
Volumes []corev1.Volume `json:"volumes,omitempty"`
}

type ManagerConfig struct {
Expand Down
13 changes: 8 additions & 5 deletions api/v1alpha1/zz_generated.conversion.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions api/v1alpha2/eraserconfig_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"fmt"
"time"

corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
Expand Down Expand Up @@ -86,6 +87,7 @@ type ContainerConfig struct {
Request ResourceRequirements `json:"request,omitempty"`
Limit ResourceRequirements `json:"limit,omitempty"`
Config *string `json:"config,omitempty"`
Volumes []corev1.Volume `json:"volumes,omitempty"`
}

type ManagerConfig struct {
Expand Down
3 changes: 3 additions & 0 deletions api/v1alpha2/zz_generated.conversion.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions api/v1alpha2/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions api/v1alpha3/eraserconfig_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"net/url"
"time"

corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
Expand Down Expand Up @@ -153,6 +154,7 @@ type ContainerConfig struct {
Request ResourceRequirements `json:"request,omitempty"`
Limit ResourceRequirements `json:"limit,omitempty"`
Config *string `json:"config,omitempty"`
Volumes []corev1.Volume `json:"volumes,omitempty"`
}

type ManagerConfig struct {
Expand Down
3 changes: 3 additions & 0 deletions api/v1alpha3/zz_generated.conversion.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions api/v1alpha3/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions config/manager/controller_manager_config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ components:
timeout:
total: 23h
perImage: 1h
volumes: {}
remover:
image:
repo: REMOVER_REPO
Expand Down
20 changes: 20 additions & 0 deletions controllers/imagecollector/imagecollector_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -448,6 +448,26 @@ func (r *Reconciler) createImageJob(ctx context.Context) (ctrl.Result, error) {
},
},
}

log.Info("extra mount for scanner starts")
scannerVolumes := compCfg.Scanner.Volumes
if len(scannerVolumes) != 0 {
jobTemplate.Spec.Volumes = append(jobTemplate.Spec.Volumes, scannerVolumes...)
scannerVolumeMounts := []corev1.VolumeMount{}
for _, volume := range scannerVolumes {

Check failure on line 457 in controllers/imagecollector/imagecollector_controller.go

View workflow job for this annotation

GitHub Actions / Lint

rangeValCopy: each iteration copies 248 bytes (consider pointers or indexing) (gocritic)
if volume.HostPath == nil {
log.Error(fmt.Errorf("volume hostPath is nil"), "invalid volume", "volumeName", volume.Name)
continue
}
scannerVolumeMounts = append(scannerVolumeMounts, corev1.VolumeMount{
Name: volume.Name,
MountPath: volume.HostPath.Path,
ReadOnly: true,
})
}
scannerContainer.VolumeMounts = append(scannerContainer.VolumeMounts, scannerVolumeMounts...)
}

jobTemplate.Spec.Containers = append(jobTemplate.Spec.Containers, scannerContainer)
}

Expand Down
3 changes: 3 additions & 0 deletions docs/docs/customization.md
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,8 @@ manager:
pullSecrets: [] # image pull secrets for collector/scanner/remover
priorityClassName: "" # priority class name for collector/scanner/remover
additionalPodLabels: {}
extraScannerVolumes: {}
extraScannerVolumeMounts: {}
nodeFilter:
type: exclude # must be either exclude|include
selectors:
Expand Down Expand Up @@ -228,6 +230,7 @@ timeout:
| components.scanner.limit.mem | The maximum amount of memory the scanner container is allowed to use. | 2Gi |
| components.scanner.limit.cpu | The maximum amount of CPU the scanner container is allowed to use. | 0 |
| components.scanner.config | The configuration to pass to the scanner container, as a YAML string. | See YAML below |
| components.scanner.volumes | Extra volumes for scanner. | `{}` |
| components.remover.image.repo | The repository containing the remover image. | ghcr.io/eraser-dev/remover |
| components.remover.image.tag | The tag of the remover image. | v1.0.0 |
| components.remover.request.mem | The amount of memory to request for the remover container. | 25Mi |
Expand Down
1 change: 1 addition & 0 deletions manifest_staging/deploy/eraser.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -489,6 +489,7 @@ data:
timeout:
total: 23h
perImage: 1h
volumes: {}
remover:
image:
repo: ghcr.io/eraser-dev/remover
Expand Down

0 comments on commit d819789

Please sign in to comment.