chore: Prepare v1.3.0 release

eraser-dev · Jan 12, 2024 · de5edb6 · de5edb6
1 parent 0dd595c
commit de5edb6
Show file tree

Hide file tree

Showing 27 changed files with 1,031 additions and 31 deletions.
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-VERSION := v1.3.0-beta.0
+VERSION := v1.3.0
 
 MANAGER_TAG ?= ${VERSION}
 TRIVY_SCANNER_TAG ?= ${VERSION}

diff --git a/charts/eraser/Chart.yaml b/charts/eraser/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: eraser
 description: A Helm chart for Eraser
 type: application
-version: 1.3.0-beta.0
-appVersion: v1.3.0-beta.0
+version: 1.3.0
+appVersion: v1.3.0
 home: https://github.com/eraser-dev/eraser
 sources:
   - https://github.com/eraser-dev/eraser.git
diff --git a/charts/eraser/values.yaml b/charts/eraser/values.yaml
@@ -1,5 +1,5 @@
 runtimeConfig:
-  apiVersion: eraser.sh/v1alpha2
+  apiVersion: eraser.sh/v1alpha3
   kind: EraserConfig
   health: {}
     # healthProbeBindAddress: :8081
@@ -11,7 +11,9 @@ runtimeConfig:
     # leaderElect: true
     # resourceName: e29e094a.k8s.io
   manager:
-    runtime: containerd
+    runtime:
+      name: containerd
+      address: unix:///run/containerd/containerd.sock
     otlpEndpoint: ""
     logLevel: info
     scheduling: {}
@@ -37,7 +39,7 @@ runtimeConfig:
       enabled: true
       image:
         # repo: ""
-        tag: "v1.3.0-beta.0"
+        tag: "v1.3.0"
       request: {}
         # mem: ""
         # cpu: ""
@@ -48,7 +50,7 @@ runtimeConfig:
       enabled: true
       image:
         # repo: ""
-        tag: "v1.3.0-beta.0"
+        tag: "v1.3.0"
       request: {}
         # mem: ""
         # cpu: ""
@@ -72,13 +74,14 @@ runtimeConfig:
         #     - HIGH
         #     - MEDIUM
         #     - LOW
+        #   ignoredStatuses:
         # timeout:
         #   total: 23h
         #   perImage: 1h
     remover:
       image:
         # repo: ""
-        tag: "v1.3.0-beta.0"
+        tag: "v1.3.0"
       request: {}
         # mem: ""
         # cpu: ""
@@ -91,7 +94,7 @@ deploy:
     repo: ghcr.io/eraser-dev/eraser-manager
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "v1.3.0-beta.0"
+    tag: "v1.3.0"
   additionalArgs: []
   priorityClassName: ""
 

diff --git a/deploy/eraser.yaml b/deploy/eraser.yaml
@@ -382,10 +382,12 @@ subjects:
 apiVersion: v1
 data:
   controller_manager_config.yaml: |
-    apiVersion: eraser.sh/v1alpha2
+    apiVersion: eraser.sh/v1alpha3
     kind: EraserConfig
     manager:
-      runtime: containerd
+      runtime:
+        name: containerd
+        address: unix:///run/containerd/containerd.sock
       otlpEndpoint: ""
       logLevel: info
       scheduling:
@@ -411,7 +413,7 @@ data:
         enabled: true
         image:
           repo: ghcr.io/eraser-dev/collector
-          tag: v1.3.0-beta.0
+          tag: v1.3.0
         request:
           mem: 25Mi
           cpu: 7m
@@ -423,7 +425,7 @@ data:
         enabled: true
         image:
           repo: ghcr.io/eraser-dev/eraser-trivy-scanner # supply custom image for custom scanner
-          tag: v1.3.0-beta.0
+          tag: v1.3.0
         request:
           mem: 500Mi
           cpu: 1000m
@@ -453,13 +455,14 @@ data:
               - HIGH
               - MEDIUM
               - LOW
+            ignoredStatuses:
           timeout:
             total: 23h
             perImage: 1h
       remover:
         image:
           repo: ghcr.io/eraser-dev/remover
-          tag: v1.3.0-beta.0
+          tag: v1.3.0
         request:
           mem: 25Mi
           # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#how-pods-with-resource-limits-are-run
@@ -502,7 +505,7 @@ spec:
               fieldPath: metadata.namespace
         - name: OTEL_SERVICE_NAME
           value: eraser-manager
-        image: ghcr.io/eraser-dev/eraser-manager:v1.3.0-beta.0
+        image: ghcr.io/eraser-dev/eraser-manager:v1.3.0
         livenessProbe:
           httpGet:
             path: /healthz

diff --git a/docs/versioned_docs/version-v1.3.0/architecture.md b/docs/versioned_docs/version-v1.3.0/architecture.md
@@ -0,0 +1,21 @@
+---
+title: Architecture
+---
+At a high level, Eraser has two main modes of operation: manual and automated.
+
+Manual image removal involves supplying a list of images to remove; Eraser then
+deploys pods to clean up the images you supplied.
+
+Automated image removal runs on a timer. By default, the automated process
+removes images based on the results of a vulnerability scan. The default
+vulnerability scanner is Trivy, but others can be provided in its place. Or,
+the scanner can be disabled altogether, in which case Eraser acts as a garbage
+collector -- it will remove all non-running images in your cluster.
+
+## Manual image cleanup
+
+<img title="manual cleanup" src="/eraser/docs/img/eraser_manual.png" />
+
+## Automated analysis, scanning, and cleanup
+
+<img title="automated cleanup" src="/eraser/docs/img/eraser_timer.png" />
diff --git a/docs/versioned_docs/version-v1.3.0/code-of-conduct.md b/docs/versioned_docs/version-v1.3.0/code-of-conduct.md
@@ -0,0 +1,10 @@
+---
+title: Code of Conduct
+---
+
+This project has adopted the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
+
+Resources:
+
+- [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md)
+- [Code of Conduct Reporting](https://github.com/cncf/foundation/blob/main/code-of-conduct.md)
diff --git a/docs/versioned_docs/version-v1.3.0/contributing.md b/docs/versioned_docs/version-v1.3.0/contributing.md
@@ -0,0 +1,14 @@
+---
+title: Contributing
+---
+
+There are several ways to get involved with Eraser
+
+- Join the [mailing list](https://groups.google.com/u/1/g/eraser-dev) to get notifications for releases, security announcements, etc.
+- Participate in the [biweekly community meetings](https://docs.google.com/document/d/1Sj5u47K3WUGYNPmQHGFpb52auqZb1FxSlWAQnPADhWI/edit) to disucss development, issues, use cases, etc.
+- Join the `#eraser` channel on the [Kubernetes Slack](https://slack.k8s.io/)
+- View the [development setup instructions](https://eraser-dev.github.io/eraser/docs/development)
+
+This project welcomes contributions and suggestions.
+
+This project has adopted the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
diff --git a/docs/versioned_docs/version-v1.3.0/custom-scanner.md b/docs/versioned_docs/version-v1.3.0/custom-scanner.md
@@ -0,0 +1,12 @@
+---
+title: Custom Scanner
+---
+
+## Creating a Custom Scanner
+To create a custom scanner for non-compliant images, use the following [template](https://github.com/eraser-dev/eraser-scanner-template/).
+
+In order to customize your scanner, start by creating a `NewImageProvider()`. The ImageProvider interface can be found can be found [here](../../pkg/scanners/template/scanner_template.go). 
+
+The ImageProvider will allow you to retrieve the list of all non-running and non-excluded images from the collector container through the `ReceiveImages()` function. Process these images with your customized scanner and threshold, and use `SendImages()` to pass the images found non-compliant to the eraser container for removal. Finally, complete the scanning process by calling `Finish()`.
+
+When complete, provide your custom scanner image to Eraser in deployment.