Skip to content

Commit 4d1efec

Browse files
ashnamehrotraashnamehrotra
authored
ci: Prepare v0.4.0 release (#355)
* Prepare v0.4.0 release Signed-off-by: ashnamehrotra <[email protected]> * bring back additionalArgs in charts/eraser README
1 parent 8cf8c5a commit 4d1efec

File tree

16 files changed

+53
-319
lines changed

16 files changed

+53
-319
lines changed

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
VERSION := v0.3.0
1+
VERSION := v0.4.0
22

33
# Image URL to use all building/pushing image targets
44
TRIVY_SCANNER_IMG ?= ghcr.io/azure/eraser-trivy-scanner:${VERSION}

charts/eraser/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ apiVersion: v2
22
name: eraser
33
description: A Helm chart for Eraser
44
type: application
5-
version: 0.3.0
6-
appVersion: v0.3.0
5+
version: 0.4.0
6+
appVersion: v0.4.0
77
home: https://github.com/Azure/eraser
88
sources:
99
- https://github.com/Azure/eraser.git

charts/eraser/README.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -33,14 +33,14 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
3333
| Parameter | Description | Default |
3434
| :-------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ |
3535
| controllerManager.image.repository | Image repository | `ghcr.io/azure/eraser-manager` |
36-
| controllerManager.image.tag | Image tag | Current release version: `v0.3.0` |
36+
| controllerManager.image.tag | Image tag | Current release version: `v0.4.0` |
3737
| controllerManager.image.pullPolicy | Image pull policy | `Always` |
3838
| controllerManager.securityContext | Security context applied on the container | `{ allowPrivilegeEscalation: false }` |
3939
| controllerManager.resources | The resource request/limits for the container image | limits: 0.1 CPU, 30Mi, requests: 0.1 CPU, 20Mi |
4040
| controllerManager.nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
4141
| controllerManager.tolerations | The tolerations to use for pod scheduling | `[]` |
42-
| controllerManager.affinity | The node affinity to use for pod scheduling | `{}`
43-
| controllerManager.additionalArgs | Arguments to pass to the manager, such as `--job-cleanup-on-success-delay=30m` | `{}` |
42+
| controllerManager.affinity | The node affinity to use for pod scheduling | `{}` |
43+
| controllerManager.additionalArgs | Arguments to pass to the manager, such as `--job-cleanup-on-success-delay=30m` | `{}`
4444
| eraser.image.repository | Image repository for worker | `ghcr.io/azure/eraser` |
45-
| eraser.image.tag | Image tag for worker | Current release version: `v0.3.0` |
45+
| eraser.image.tag | Image tag for worker | Current release version: `v0.4.0` |
4646
| nameOverride | Override name if needed | `""` |

charts/eraser/templates/eraser-controller-manager-deployment.yaml

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,9 @@ spec:
3636
- --collector-image={{ if .Values.collector.image.repository }}{{ .Values.collector.image.repository }}:{{ .Values.collector.image.tag | default .Chart.AppVersion }}{{ end }}
3737
- --scanner-image={{ if .Values.scanner.image.repository }}{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag | default .Chart.AppVersion }}{{ end }}
3838
{{- if .Values.scanner.image.args }}{{- range .Values.scanner.image.args }}{{ nindent 8 "- --scanner-arg=" }}{{ . }}{{- end -}}{{ end }}
39-
{{- if .Values.controllerManager.image.additionalArgs }}{{- range .Values.controllerManager.image.additionalArgs }}{{ nindent 8 "- " }}{{ . }}{{- end -}}{{ end }}
39+
{{- if .Values.eraser.image.args }}{{- range .Values.eraser.image.args }}{{ nindent 8 "- --eraser-arg=" }}{{ . }}{{- end -}}{{ end }}
40+
{{- if .Values.collector.image.args }}{{- range .Values.collector.image.args }}{{ nindent 8 "- --collector-arg=" }}{{ . }}{{- end -}}{{ end }}
41+
{{- if .Values.controllerManager.additionalArgs }}{{- range .Values.controllerManager.additionalArgs }}{{ nindent 8 "- " }}{{ . }}{{- end -}}{{ end }}
4042
command:
4143
- /manager
4244
env:
@@ -64,6 +66,15 @@ spec:
6466
{{- toYaml .Values.controllerManager.resources | nindent 10 }}
6567
securityContext:
6668
allowPrivilegeEscalation: false
69+
capabilities:
70+
drop:
71+
- ALL
72+
readOnlyRootFilesystem: true
73+
runAsGroup: 65532
74+
runAsNonRoot: true
75+
runAsUser: 65532
76+
seccompProfile:
77+
type: RuntimeDefault
6778
nodeSelector:
6879
{{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
6980
serviceAccountName: eraser-controller-manager

charts/eraser/templates/eraser-imagejob-pods-cluster-role-clusterrole.yaml

Lines changed: 0 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -8,30 +8,3 @@ metadata:
88
app.kubernetes.io/name: '{{ template "eraser.name" . }}'
99
helm.sh/chart: '{{ template "eraser.name" . }}'
1010
name: eraser-imagejob-pods-cluster-role
11-
rules:
12-
- apiGroups:
13-
- eraser.sh
14-
resources:
15-
- imagecollectors
16-
verbs:
17-
- create
18-
- delete
19-
- get
20-
- list
21-
- patch
22-
- update
23-
- watch
24-
- apiGroups:
25-
- eraser.sh
26-
resources:
27-
- imagecollectors/finalizers
28-
verbs:
29-
- update
30-
- apiGroups:
31-
- eraser.sh
32-
resources:
33-
- imagecollectors/status
34-
verbs:
35-
- get
36-
- patch
37-
- update

charts/eraser/templates/eraser-manager-role-clusterrole.yaml

Lines changed: 0 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,6 @@ rules:
1616
verbs:
1717
- get
1818
- list
19-
- update
2019
- watch
2120
- apiGroups:
2221
- ""
@@ -38,34 +37,7 @@ rules:
3837
- delete
3938
- get
4039
- list
41-
- update
42-
- watch
43-
- apiGroups:
44-
- eraser.sh
45-
resources:
46-
- imagecollectors
47-
verbs:
48-
- create
49-
- delete
50-
- get
51-
- list
52-
- patch
53-
- update
5440
- watch
55-
- apiGroups:
56-
- eraser.sh
57-
resources:
58-
- imagecollectors/finalizers
59-
verbs:
60-
- update
61-
- apiGroups:
62-
- eraser.sh
63-
resources:
64-
- imagecollectors/status
65-
verbs:
66-
- get
67-
- patch
68-
- update
6941
- apiGroups:
7042
- eraser.sh
7143
resources:
@@ -78,12 +50,6 @@ rules:
7850
- patch
7951
- update
8052
- watch
81-
- apiGroups:
82-
- eraser.sh
83-
resources:
84-
- imagejobs/finalizers
85-
verbs:
86-
- update
8753
- apiGroups:
8854
- eraser.sh
8955
resources:
@@ -104,12 +70,6 @@ rules:
10470
- patch
10571
- update
10672
- watch
107-
- apiGroups:
108-
- eraser.sh
109-
resources:
110-
- imagelists/finalizers
111-
verbs:
112-
- update
11373
- apiGroups:
11474
- eraser.sh
11575
resources:

charts/eraser/templates/imagecollectors.eraser.sh-customresourcedefinition.yaml

Lines changed: 0 additions & 79 deletions
This file was deleted.

charts/eraser/templates/imagelists.eraser.sh-customresourcedefinition.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ spec:
3636
description: ImageListSpec defines the desired state of ImageList.
3737
properties:
3838
images:
39-
description: The list of vulnerable images to delete if non-running.
39+
description: The list of non-compliant images to delete if non-running.
4040
items:
4141
type: string
4242
type: array

charts/eraser/values.yaml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ controllerManager:
55
pullPolicy: IfNotPresent
66
# Overrides the image tag whose default is the chart appVersion.
77
tag: ""
8-
additionalArgs: []
8+
additionalArgs: []
99

1010
securityContext:
1111
allowPrivilegeEscalation: false
@@ -29,11 +29,13 @@ eraser:
2929
image:
3030
repository: ghcr.io/azure/eraser
3131
tag: ""
32+
args: []
3233

3334
collector:
3435
image:
3536
repository: ghcr.io/azure/collector
3637
tag: ""
38+
args: []
3739

3840
scanner:
3941
image:

config/manager/kustomization.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,18 +13,18 @@ kind: Kustomization
1313
images:
1414
- name: controller
1515
newName: ghcr.io/azure/eraser-manager
16-
newTag: v0.3.0
16+
newTag: v0.4.0
1717

1818
patches:
1919
- patch: |-
2020
- op: add
2121
path: /spec/template/spec/containers/0/args/-
22-
value: --eraser-image=ghcr.io/azure/eraser:v0.3.0
22+
value: --eraser-image=ghcr.io/azure/eraser:v0.4.0
2323
- op: add
2424
path: /spec/template/spec/containers/0/args/-
25-
value: --collector-image=ghcr.io/azure/collector:v0.3.0
25+
value: --collector-image=ghcr.io/azure/collector:v0.4.0
2626
- op: add
2727
path: /spec/template/spec/containers/0/args/-
28-
value: --scanner-image=ghcr.io/azure/eraser-trivy-scanner:v0.3.0
28+
value: --scanner-image=ghcr.io/azure/eraser-trivy-scanner:v0.4.0
2929
target:
3030
kind: Deployment

0 commit comments

Comments
 (0)