Add fields for scanner volume mounts

Signed-off-by: Zhecheng Li <zhechengli@microsoft.com>

api/unversioned/config/config.go

@@ -5,9 +5,11 @@ import (
 	"sync"
 	"time"
 
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
+
 	"github.com/eraser-dev/eraser/api/unversioned"
 	"github.com/eraser-dev/eraser/version"
-	"k8s.io/apimachinery/pkg/api/resource"
 )
 
 var defaultScannerConfig = `
@@ -106,7 +108,9 @@ func Default() *unversioned.EraserConfig {
 					"eraser.sh/cleanup.filter",
 				},
 			},
-			AdditionalPodLabels: map[string]string{},
+			AdditionalPodLabels:      map[string]string{},
+			ExtraScannerVolumes:      []v1.Volume{},
+			ExtraScannerVolumeMounts: []v1.VolumeMount{},
 		},
 		Components: unversioned.Components{
 			Collector: unversioned.OptionalContainerConfig{

api/unversioned/eraserconfig_types.go

@@ -22,6 +22,7 @@ import (
 	"net/url"
 	"time"
 
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -156,16 +157,18 @@ type ContainerConfig struct {
 }
 
 type ManagerConfig struct {
-	Runtime             RuntimeSpec       `json:"runtime,omitempty"`
-	OTLPEndpoint        string            `json:"otlpEndpoint,omitempty"`
-	LogLevel            string            `json:"logLevel,omitempty"`
-	Scheduling          ScheduleConfig    `json:"scheduling,omitempty"`
-	Profile             ProfileConfig     `json:"profile,omitempty"`
-	ImageJob            ImageJobConfig    `json:"imageJob,omitempty"`
-	PullSecrets         []string          `json:"pullSecrets,omitempty"`
-	NodeFilter          NodeFilterConfig  `json:"nodeFilter,omitempty"`
-	PriorityClassName   string            `json:"priorityClassName,omitempty"`
-	AdditionalPodLabels map[string]string `json:"additionalPodLabels,omitempty"`
+	Runtime                  RuntimeSpec          `json:"runtime,omitempty"`
+	OTLPEndpoint             string               `json:"otlpEndpoint,omitempty"`
+	LogLevel                 string               `json:"logLevel,omitempty"`
+	Scheduling               ScheduleConfig       `json:"scheduling,omitempty"`
+	Profile                  ProfileConfig        `json:"profile,omitempty"`
+	ImageJob                 ImageJobConfig       `json:"imageJob,omitempty"`
+	PullSecrets              []string             `json:"pullSecrets,omitempty"`
+	NodeFilter               NodeFilterConfig     `json:"nodeFilter,omitempty"`
+	PriorityClassName        string               `json:"priorityClassName,omitempty"`
+	AdditionalPodLabels      map[string]string    `json:"additionalPodLabels,omitempty"`
+	ExtraScannerVolumes      []corev1.Volume      `json:"extraScannerVolumes,omitempty"`
+	ExtraScannerVolumeMounts []corev1.VolumeMount `json:"extraScannerVolumeMounts,omitempty"`
 }
 
 type ScheduleConfig struct {

api/v1alpha3/eraserconfig_types.go

@@ -22,6 +22,7 @@ import (
 	"net/url"
 	"time"
 
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -156,16 +157,18 @@ type ContainerConfig struct {
 }
 
 type ManagerConfig struct {
-	Runtime             RuntimeSpec       `json:"runtime,omitempty"`
-	OTLPEndpoint        string            `json:"otlpEndpoint,omitempty"`
-	LogLevel            string            `json:"logLevel,omitempty"`
-	Scheduling          ScheduleConfig    `json:"scheduling,omitempty"`
-	Profile             ProfileConfig     `json:"profile,omitempty"`
-	ImageJob            ImageJobConfig    `json:"imageJob,omitempty"`
-	PullSecrets         []string          `json:"pullSecrets,omitempty"`
-	NodeFilter          NodeFilterConfig  `json:"nodeFilter,omitempty"`
-	PriorityClassName   string            `json:"priorityClassName,omitempty"`
-	AdditionalPodLabels map[string]string `json:"additionalPodLabels,omitempty"`
+	Runtime                  RuntimeSpec          `json:"runtime,omitempty"`
+	OTLPEndpoint             string               `json:"otlpEndpoint,omitempty"`
+	LogLevel                 string               `json:"logLevel,omitempty"`
+	Scheduling               ScheduleConfig       `json:"scheduling,omitempty"`
+	Profile                  ProfileConfig        `json:"profile,omitempty"`
+	ImageJob                 ImageJobConfig       `json:"imageJob,omitempty"`
+	PullSecrets              []string             `json:"pullSecrets,omitempty"`
+	NodeFilter               NodeFilterConfig     `json:"nodeFilter,omitempty"`
+	PriorityClassName        string               `json:"priorityClassName,omitempty"`
+	AdditionalPodLabels      map[string]string    `json:"additionalPodLabels,omitempty"`
+	ExtraScannerVolumes      []corev1.Volume      `json:"extraScannerVolumes,omitempty"`
+	ExtraScannerVolumeMounts []corev1.VolumeMount `json:"extraScannerVolumeMounts,omitempty"`
 }
 
 type ScheduleConfig struct {

config/manager/controller_manager_config.yaml

@@ -20,6 +20,8 @@ manager:
   pullSecrets: [] # image pull secrets for collector/scanner/eraser
   priorityClassName: "" # priority class name for collector/scanner/eraser
   additionalPodLabels: {}
+  extraScannerVolumes: {}
+  extraScannerVolumeMounts: {}
   nodeFilter:
     type: exclude # must be either exclude|include
     selectors:

controllers/imagecollector/imagecollector_controller.go

@@ -448,6 +448,11 @@ func (r *Reconciler) createImageJob(ctx context.Context) (ctrl.Result, error) {
 				},
 			},
 		}
+
+		log.Info("extra mount for scanner starts")
+		jobTemplate.Spec.Volumes = append(jobTemplate.Spec.Volumes, mgrCfg.ExtraScannerVolumes...)
+		scannerContainer.VolumeMounts = append(scannerContainer.VolumeMounts, mgrCfg.ExtraScannerVolumeMounts...)
+
 		jobTemplate.Spec.Containers = append(jobTemplate.Spec.Containers, scannerContainer)
 	}
 

docs/docs/customization.md

@@ -105,6 +105,8 @@ manager:
   pullSecrets: [] # image pull secrets for collector/scanner/remover
   priorityClassName: "" # priority class name for collector/scanner/remover
   additionalPodLabels: {}
+  extraScannerVolumes: {}
+  extraScannerVolumeMounts: {}
   nodeFilter:
     type: exclude # must be either exclude|include
     selectors:
@@ -211,6 +213,8 @@ timeout:
 | manager.pullSecrets | The image pull secrets to use for collector, scanner, and remover containers. | [] |
 | manager.priorityClassName | The priority class to use for collector, scanner, and remover containers. | "" |
 | manager.additionalPodLabels | Additional labels for all pods that the controller creates at runtime. | `{}` |
+| manager.extraScannerVolumes | Extra volumes for scanner. | `{}` |
+| manager.extraScannerVolumeMounts | Extra volume mounts for scanner. | `{}` |
 | manager.nodeFilter.type | The type of node filter to use. Must be either "exclude" or "include". | exclude |
 | manager.nodeFilter.selectors | A list of selectors used to filter nodes. | [] |
 | components.collector.enabled | Whether to enable the collector component. | true |

manifest_staging/charts/eraser/README.md

@@ -46,6 +46,8 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen
 | runtimeConfig.manager.pullSecrets               | Image pull secrets for collector/scanner/eraser.                                                     | `[]`                           |
 | runtimeConfig.manager.priorityClassName         | Priority class name for collector/scanner/eraser.                                                    | `""`                           |
 | runtimeConfig.manager.additionalPodLabels       | Additional labels for all pods that the controller creates at runtime.                               | `{}`                           |
+| runtimeConfig.manager.extraScannerVolumes       | Extra volumes for scanner.                                                                           | `{}`                           |
+| runtimeConfig.manager.extraScannerVolumeMounts  | Extra volume mounts for scanner.                                                                     | `{}`                           |
 | runtimeConfig.manager.nodeFilter                | Filter for nodes.                                                                                    | `{}`                           |
 | runtimeConfig.components.collector              | Settings for the collector component.                                                                | `{ enabled: true }`           |
 | runtimeConfig.components.scanner                | Settings for the scanner component.                                                                  | `{ enabled: true }`           |

manifest_staging/charts/eraser/values.yaml

@@ -30,6 +30,8 @@ runtimeConfig:
     pullSecrets: [] # image pull secrets for collector/scanner/eraser
     priorityClassName: "" # priority class name for collector/scanner/eraser
     additionalPodLabels: {}
+    extraScannerVolumes: {}
+    extraScannerVolumeMounts: {}
     nodeFilter:
       type: exclude # must be either exclude|include
       selectors: