Skip to content

Commit d2744fa

Browse files
sozercansozercan
authored
chore: release v1.1.0-beta.0 (#646)
Signed-off-by: Sertac Ozercan <[email protected]>
1 parent dce0e83 commit d2744fa

File tree

13 files changed

+263
-78
lines changed

13 files changed

+263
-78
lines changed

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
VERSION := v1.0.0-beta.3
1+
VERSION := v1.1.0-beta.0
22

33
MANAGER_TAG ?= ${VERSION}
44
TRIVY_SCANNER_TAG ?= ${VERSION}

charts/eraser/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ apiVersion: v2
22
name: eraser
33
description: A Helm chart for Eraser
44
type: application
5-
version: 1.0.0-beta.3
6-
appVersion: v1.0.0-beta.3
5+
version: 1.1.0-beta.0
6+
appVersion: v1.1.0-beta.0
77
home: https://github.com/Azure/eraser
88
sources:
99
- https://github.com/Azure/eraser.git

charts/eraser/README.md

Lines changed: 32 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -30,16 +30,35 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
3030

3131
## Parameters
3232

33-
| Parameter | Description | Default |
34-
| :-------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------ |
35-
| controllerManager.image.repository | Image repository | `ghcr.io/azure/eraser-manager` |
36-
| controllerManager.image.tag | Image tag | Current release version: `v1.0.0-beta.3` |
37-
| controllerManager.image.pullPolicy | Image pull policy | `Always` |
38-
| controllerManager.securityContext | Security context applied on the container | `{ allowPrivilegeEscalation: false }` |
39-
| controllerManager.resources | The resource request/limits for the container image | limits: 0.1 CPU, 30Mi, requests: 0.1 CPU, 20Mi |
40-
| controllerManager.nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
41-
| controllerManager.tolerations | The tolerations to use for pod scheduling | `[]` |
42-
| controllerManager.affinity | The node affinity to use for pod scheduling | `{}` |
43-
| eraser.image.repository | Image repository for worker | `ghcr.io/azure/eraser` |
44-
| eraser.image.tag | Image tag for worker | Current release version: `v1.0.0-beta.3` |
45-
| nameOverride | Override name if needed | `""` |
33+
| Parameter | Description | Default |
34+
| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------------ |
35+
| runtimeConfig.health | Settings for the health server. | `{}` |
36+
| runtimeConfig.metrics | Settings for the metrics server. | `{}` |
37+
| runtimeConfig.webhook | Settings for the webhook server. | `{}` |
38+
| runtimeConfig.leaderElection | Settings for leader election. | `{}` |
39+
| runtimeConfig.manager.runtime | The container runtime to use. | `containerd` |
40+
| runtimeConfig.manager.otlpEndpoint | The OTLP endpoint to send metrics to. | `""` |
41+
| runtimeConfig.manager.logLevel | The logging level for the manager. | `info` |
42+
| runtimeConfig.manager.scheduling | Settings for scheduling. | `{}` |
43+
| runtimeConfig.manager.profile | Settings for the profiler. | `{}` |
44+
| runtimeConfig.manager.imageJob.successRatio | The minimum ratio of successful image jobs required for the overall job to be considered successful. | `1.0` |
45+
| runtimeConfig.manager.imageJob.cleanup | Settings for image job cleanup. | `{}` |
46+
| runtimeConfig.manager.pullSecrets | Image pull secrets for collector/scanner/eraser. | `[]` |
47+
| runtimeConfig.manager.priorityClassName | Priority class name for collector/scanner/eraser. | `""` |
48+
| runtimeConfig.manager.nodeFilter | Filter for nodes. | `{}` |
49+
| runtimeConfig.components.collector | Settings for the collector component. | `{ enabled: false }` |
50+
| runtimeConfig.components.scanner | Settings for the scanner component. | `{ enabled: false }` |
51+
| runtimeConfig.components.eraser | Settings for the eraser component. | `{}` |
52+
| deploy.image.repo | Repository for the image. | `ghcr.io/azure/eraser-manager` |
53+
| deploy.image.pullPolicy | Policy for pulling the image. | `IfNotPresent` |
54+
| deploy.image.tag | Overrides the default image tag. | `""` |
55+
| deploy.additionalArgs | Additional arguments to pass to the command. | `[]` |
56+
| deploy.priorityClassName | Priority class name. | `""` |
57+
| deploy.securityContext.allowPrivilegeEscalation | Whether to allow privilege escalation. | `false` |
58+
| deploy.resources.limits.memory | Memory limit for the resources. | `30Mi` |
59+
| deploy.resources.requests.cpu | CPU request for the resources. | `100m` |
60+
| deploy.resources.requests.memory | Memory request for the resources. | `20Mi` |
61+
| deploy.nodeSelector | Node Selector for manager. | kubernetes.io/os: linux |
62+
| deploy.tolerations | Tolerations for the manager. | [] |
63+
| deploy.affinity | Affinity for the manager. | {} |
64+
| nameOverride | Override name if needed. | "" |

charts/eraser/templates/configmap.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
apiVersion: v1
2+
kind: ConfigMap
3+
metadata:
4+
name: eraser-manager-config
5+
namespace: "{{ .Release.Namespace }}"
6+
data:
7+
controller_manager_config.yaml: |
8+
{{- toYaml .Values.runtimeConfig | nindent 4 }}

charts/eraser/templates/eraser-controller-manager-deployment.yaml

Lines changed: 20 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -27,36 +27,30 @@ spec:
2727
control-plane: controller-manager
2828
helm.sh/chart: '{{ template "eraser.name" . }}'
2929
spec:
30-
{{- if .Values.imagePullSecrets }}
30+
{{- if .Values.runtimeConfig.manager.pullSecrets }}
3131
imagePullSecrets:
32-
{{- toYaml .Values.imagePullSecrets | nindent 8 }}
32+
{{- range .Values.runtimeConfig.manager.pullSecrets }}
33+
- name: {{ . }}
34+
{{- end }}
3335
{{- end }}
3436
affinity:
35-
{{- toYaml .Values.controllerManager.affinity | nindent 8 }}
37+
{{- toYaml .Values.deploy.affinity | nindent 8 }}
3638
containers:
3739
- args:
38-
- --leader-elect=false
39-
- --eraser-image={{ .Values.eraser.image.repository }}:{{ .Values.eraser.image.tag | default .Chart.AppVersion }}
40-
- --collector-image={{ if .Values.collector.image.repository }}{{ .Values.collector.image.repository }}:{{ .Values.collector.image.tag | default .Chart.AppVersion }}{{ end }}
41-
- --scanner-image={{ if .Values.scanner.image.repository }}{{ .Values.scanner.image.repository }}:{{ .Values.scanner.image.tag | default .Chart.AppVersion }}{{ end }}
42-
{{- if .Values.scanner.image.args }}{{- range .Values.scanner.image.args }}{{ nindent 8 "- --scanner-arg=" }}{{ . }}{{- end -}}{{ end }}
43-
{{- if .Values.eraser.image.args }}{{- range .Values.eraser.image.args }}{{ nindent 8 "- --eraser-arg=" }}{{ . }}{{- end -}}{{ end }}
44-
{{- if .Values.collector.image.args }}{{- range .Values.collector.image.args }}{{ nindent 8 "- --collector-arg=" }}{{ . }}{{- end -}}{{ end }}
45-
{{- if .Values.controllerManager.additionalArgs }}{{- range .Values.controllerManager.additionalArgs }}{{ nindent 8 "- " }}{{ . }}{{- end -}}{{ end }}
40+
- --config=/config/controller_manager_config.yaml
41+
{{- if .Values.deploy.additionalArgs }}{{- range .Values.deploy.additionalArgs }}{{ nindent 8 "- " }}{{ . }}{{- end -}}{{ end }}
4642
command:
4743
- /manager
4844
env:
49-
- name: ERASER_PULL_SECRET_NAMES
50-
value: "{{- range $i, $e := .Values.imagePullSecrets -}}{{- range $k, $v := $e }}{{- if $i -}},{{- end -}}{{- $v -}}{{- end -}}{{- end }}"
5145
- name: POD_NAMESPACE
5246
valueFrom:
5347
fieldRef:
5448
apiVersion: v1
5549
fieldPath: metadata.namespace
5650
- name: OTEL_SERVICE_NAME
5751
value: eraser-manager
58-
image: '{{ .Values.controllerManager.image.repository }}:{{ .Values.controllerManager.image.tag | default .Chart.AppVersion }}'
59-
imagePullPolicy: '{{ .Values.controllerManager.image.pullPolicy }}'
52+
image: '{{ .Values.deploy.image.repo }}:{{ .Values.deploy.image.tag | default .Chart.AppVersion }}'
53+
imagePullPolicy: '{{ .Values.deploy.image.pullPolicy }}'
6054
livenessProbe:
6155
httpGet:
6256
path: /healthz
@@ -71,7 +65,7 @@ spec:
7165
initialDelaySeconds: 5
7266
periodSeconds: 10
7367
resources:
74-
{{- toYaml .Values.controllerManager.resources | nindent 10 }}
68+
{{- toYaml .Values.deploy.resources | nindent 10 }}
7569
securityContext:
7670
allowPrivilegeEscalation: false
7771
capabilities:
@@ -83,9 +77,17 @@ spec:
8377
runAsUser: 65532
8478
seccompProfile:
8579
type: RuntimeDefault
80+
volumeMounts:
81+
- mountPath: /config
82+
name: eraser-manager-config
8683
nodeSelector:
87-
{{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
84+
{{- toYaml .Values.deploy.nodeSelector | nindent 8 }}
85+
priorityClassName: '{{ .Values.deploy.priorityClassName }}'
8886
serviceAccountName: eraser-controller-manager
8987
terminationGracePeriodSeconds: 10
9088
tolerations:
91-
{{- toYaml .Values.controllerManager.tolerations | nindent 8 }}
89+
{{- toYaml .Values.deploy.tolerations | nindent 8 }}
90+
volumes:
91+
- configMap:
92+
name: eraser-manager-config
93+
name: eraser-manager-config

charts/eraser/values.yaml

Lines changed: 85 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,93 @@
1-
controllerManager:
1+
runtimeConfig:
2+
health: {}
3+
# healthProbeBindAddress: :8081
4+
metrics: {}
5+
# bindAddress: 127.0.0.1:8080
6+
webhook: {}
7+
# port: 9443
8+
leaderElection: {}
9+
# leaderElect: true
10+
# resourceName: e29e094a.k8s.io
11+
manager:
12+
runtime: containerd
13+
otlpEndpoint: ""
14+
logLevel: info
15+
scheduling: {}
16+
# repeatInterval: ""
17+
# beginImmediately: true
18+
profile: {}
19+
# enabled: false
20+
# port: 0
21+
imageJob:
22+
successRatio: 1.0
23+
cleanup: {}
24+
# delayOnSuccess: ""
25+
# delayOnFailure: ""
26+
pullSecrets: [] # image pull secrets for collector/scanner/eraser
27+
priorityClassName: "" # priority class name for collector/scanner/eraser
28+
nodeFilter:
29+
type: exclude # must be either exclude|include
30+
selectors:
31+
- eraser.sh/cleanup.filter
32+
- kubernetes.io/os=windows
33+
components:
34+
collector:
35+
enabled: true
36+
image:
37+
# repo: ""
38+
tag: "v1.1.0-beta.0"
39+
request: {}
40+
# mem: ""
41+
# cpu: ""
42+
limit: {}
43+
# mem: ""
44+
# cpu: ""
45+
scanner:
46+
enabled: true
47+
image:
48+
# repo: ""
49+
tag: "v1.1.0-beta.0"
50+
request: {}
51+
# mem: ""
52+
# cpu: ""
53+
limit: {}
54+
# mem: ""
55+
# cpu: ""
56+
config: "" # |
57+
# cacheDir: /var/lib/trivy
58+
# dbRepo: ghcr.io/aquasecurity/trivy-db
59+
# deleteFailedImages: true
60+
# vulnerabilities:
61+
# ignoreUnfixed: true
62+
# types:
63+
# - os
64+
# - library
65+
# securityChecks:
66+
# - vuln
67+
# severities:
68+
# - CRITICAL
69+
# timeout:
70+
# total: 23h
71+
# perImage: 1h
72+
eraser:
73+
image:
74+
# repo: ""
75+
tag: "v1.1.0-beta.0"
76+
request: {}
77+
# mem: ""
78+
# cpu: ""
79+
limit: {}
80+
# mem: ""
81+
# cpu: ""
282

83+
deploy:
384
image:
4-
repository: ghcr.io/azure/eraser-manager
85+
repo: ghcr.io/azure/eraser-manager
586
pullPolicy: IfNotPresent
687
# Overrides the image tag whose default is the chart appVersion.
7-
tag: ""
88+
tag: "v1.1.0-beta.0"
889
additionalArgs: []
90+
priorityClassName: ""
991

1092
securityContext:
1193
allowPrivilegeEscalation: false
@@ -24,23 +106,4 @@ controllerManager:
24106

25107
affinity: {}
26108

27-
eraser:
28-
image:
29-
repository: ghcr.io/azure/eraser
30-
tag: ""
31-
args: []
32-
33-
collector:
34-
image:
35-
repository: ghcr.io/azure/collector
36-
tag: ""
37-
args: []
38-
39-
scanner:
40-
image:
41-
repository: ghcr.io/azure/eraser-trivy-scanner
42-
tag: ""
43-
args: []
44-
45109
nameOverride: ""
46-
imagePullSecrets: []

0 commit comments

Comments
 (0)