diff --git a/api/unversioned/config/config.go b/api/unversioned/config/config.go index 2ddad4b85c..74ebea3e72 100644 --- a/api/unversioned/config/config.go +++ b/api/unversioned/config/config.go @@ -5,9 +5,11 @@ import ( "sync" "time" + v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + "github.com/eraser-dev/eraser/api/unversioned" "github.com/eraser-dev/eraser/version" - "k8s.io/apimachinery/pkg/api/resource" ) var defaultScannerConfig = ` @@ -106,7 +108,9 @@ func Default() *unversioned.EraserConfig { "eraser.sh/cleanup.filter", }, }, - AdditionalPodLabels: map[string]string{}, + AdditionalPodLabels: map[string]string{}, + ExtraScannerVolumes: []v1.Volume{}, + ExtraScannerVolumeMounts: []v1.VolumeMount{}, }, Components: unversioned.Components{ Collector: unversioned.OptionalContainerConfig{ diff --git a/api/unversioned/eraserconfig_types.go b/api/unversioned/eraserconfig_types.go index 6f0bc5db80..047bbecf7a 100644 --- a/api/unversioned/eraserconfig_types.go +++ b/api/unversioned/eraserconfig_types.go @@ -22,6 +22,7 @@ import ( "net/url" "time" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -156,16 +157,18 @@ type ContainerConfig struct { } type ManagerConfig struct { - Runtime RuntimeSpec `json:"runtime,omitempty"` - OTLPEndpoint string `json:"otlpEndpoint,omitempty"` - LogLevel string `json:"logLevel,omitempty"` - Scheduling ScheduleConfig `json:"scheduling,omitempty"` - Profile ProfileConfig `json:"profile,omitempty"` - ImageJob ImageJobConfig `json:"imageJob,omitempty"` - PullSecrets []string `json:"pullSecrets,omitempty"` - NodeFilter NodeFilterConfig `json:"nodeFilter,omitempty"` - PriorityClassName string `json:"priorityClassName,omitempty"` - AdditionalPodLabels map[string]string `json:"additionalPodLabels,omitempty"` + Runtime RuntimeSpec `json:"runtime,omitempty"` + OTLPEndpoint string `json:"otlpEndpoint,omitempty"` + LogLevel string `json:"logLevel,omitempty"` + Scheduling ScheduleConfig `json:"scheduling,omitempty"` + Profile ProfileConfig `json:"profile,omitempty"` + ImageJob ImageJobConfig `json:"imageJob,omitempty"` + PullSecrets []string `json:"pullSecrets,omitempty"` + NodeFilter NodeFilterConfig `json:"nodeFilter,omitempty"` + PriorityClassName string `json:"priorityClassName,omitempty"` + AdditionalPodLabels map[string]string `json:"additionalPodLabels,omitempty"` + ExtraScannerVolumes []corev1.Volume `json:"extraScannerVolumes,omitempty"` + ExtraScannerVolumeMounts []corev1.VolumeMount `json:"extraScannerVolumeMounts,omitempty"` } type ScheduleConfig struct { diff --git a/api/unversioned/zz_generated.deepcopy.go b/api/unversioned/zz_generated.deepcopy.go index 1e4a4f2d1c..3450027f23 100644 --- a/api/unversioned/zz_generated.deepcopy.go +++ b/api/unversioned/zz_generated.deepcopy.go @@ -21,6 +21,7 @@ limitations under the License. package unversioned import ( + "k8s.io/api/core/v1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -310,6 +311,20 @@ func (in *ManagerConfig) DeepCopyInto(out *ManagerConfig) { (*out)[key] = val } } + if in.ExtraScannerVolumes != nil { + in, out := &in.ExtraScannerVolumes, &out.ExtraScannerVolumes + *out = make([]v1.Volume, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExtraScannerVolumeMounts != nil { + in, out := &in.ExtraScannerVolumeMounts, &out.ExtraScannerVolumeMounts + *out = make([]v1.VolumeMount, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerConfig. diff --git a/api/v1alpha1/zz_generated.conversion.go b/api/v1alpha1/zz_generated.conversion.go index 98f62f724c..6d2d05696b 100644 --- a/api/v1alpha1/zz_generated.conversion.go +++ b/api/v1alpha1/zz_generated.conversion.go @@ -633,6 +633,8 @@ func autoConvert_unversioned_ManagerConfig_To_v1alpha1_ManagerConfig(in *unversi } out.PriorityClassName = in.PriorityClassName // WARNING: in.AdditionalPodLabels requires manual conversion: does not exist in peer-type + // WARNING: in.ExtraScannerVolumes requires manual conversion: does not exist in peer-type + // WARNING: in.ExtraScannerVolumeMounts requires manual conversion: does not exist in peer-type return nil } diff --git a/api/v1alpha2/zz_generated.conversion.go b/api/v1alpha2/zz_generated.conversion.go index b7e282cf68..58cb84bd5b 100644 --- a/api/v1alpha2/zz_generated.conversion.go +++ b/api/v1alpha2/zz_generated.conversion.go @@ -364,6 +364,8 @@ func autoConvert_unversioned_ManagerConfig_To_v1alpha2_ManagerConfig(in *unversi } out.PriorityClassName = in.PriorityClassName // WARNING: in.AdditionalPodLabels requires manual conversion: does not exist in peer-type + // WARNING: in.ExtraScannerVolumes requires manual conversion: does not exist in peer-type + // WARNING: in.ExtraScannerVolumeMounts requires manual conversion: does not exist in peer-type return nil } diff --git a/api/v1alpha3/eraserconfig_types.go b/api/v1alpha3/eraserconfig_types.go index 6f7ef2e434..8d06006030 100644 --- a/api/v1alpha3/eraserconfig_types.go +++ b/api/v1alpha3/eraserconfig_types.go @@ -22,6 +22,7 @@ import ( "net/url" "time" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -156,16 +157,18 @@ type ContainerConfig struct { } type ManagerConfig struct { - Runtime RuntimeSpec `json:"runtime,omitempty"` - OTLPEndpoint string `json:"otlpEndpoint,omitempty"` - LogLevel string `json:"logLevel,omitempty"` - Scheduling ScheduleConfig `json:"scheduling,omitempty"` - Profile ProfileConfig `json:"profile,omitempty"` - ImageJob ImageJobConfig `json:"imageJob,omitempty"` - PullSecrets []string `json:"pullSecrets,omitempty"` - NodeFilter NodeFilterConfig `json:"nodeFilter,omitempty"` - PriorityClassName string `json:"priorityClassName,omitempty"` - AdditionalPodLabels map[string]string `json:"additionalPodLabels,omitempty"` + Runtime RuntimeSpec `json:"runtime,omitempty"` + OTLPEndpoint string `json:"otlpEndpoint,omitempty"` + LogLevel string `json:"logLevel,omitempty"` + Scheduling ScheduleConfig `json:"scheduling,omitempty"` + Profile ProfileConfig `json:"profile,omitempty"` + ImageJob ImageJobConfig `json:"imageJob,omitempty"` + PullSecrets []string `json:"pullSecrets,omitempty"` + NodeFilter NodeFilterConfig `json:"nodeFilter,omitempty"` + PriorityClassName string `json:"priorityClassName,omitempty"` + AdditionalPodLabels map[string]string `json:"additionalPodLabels,omitempty"` + ExtraScannerVolumes []corev1.Volume `json:"extraScannerVolumes,omitempty"` + ExtraScannerVolumeMounts []corev1.VolumeMount `json:"extraScannerVolumeMounts,omitempty"` } type ScheduleConfig struct { diff --git a/api/v1alpha3/zz_generated.conversion.go b/api/v1alpha3/zz_generated.conversion.go index b40453f670..7e208c3c61 100644 --- a/api/v1alpha3/zz_generated.conversion.go +++ b/api/v1alpha3/zz_generated.conversion.go @@ -24,6 +24,7 @@ import ( unsafe "unsafe" unversioned "github.com/eraser-dev/eraser/api/unversioned" + v1 "k8s.io/api/core/v1" conversion "k8s.io/apimachinery/pkg/conversion" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -341,6 +342,8 @@ func autoConvert_v1alpha3_ManagerConfig_To_unversioned_ManagerConfig(in *Manager } out.PriorityClassName = in.PriorityClassName out.AdditionalPodLabels = *(*map[string]string)(unsafe.Pointer(&in.AdditionalPodLabels)) + out.ExtraScannerVolumes = *(*[]v1.Volume)(unsafe.Pointer(&in.ExtraScannerVolumes)) + out.ExtraScannerVolumeMounts = *(*[]v1.VolumeMount)(unsafe.Pointer(&in.ExtraScannerVolumeMounts)) return nil } @@ -370,6 +373,8 @@ func autoConvert_unversioned_ManagerConfig_To_v1alpha3_ManagerConfig(in *unversi } out.PriorityClassName = in.PriorityClassName out.AdditionalPodLabels = *(*map[string]string)(unsafe.Pointer(&in.AdditionalPodLabels)) + out.ExtraScannerVolumes = *(*[]v1.Volume)(unsafe.Pointer(&in.ExtraScannerVolumes)) + out.ExtraScannerVolumeMounts = *(*[]v1.VolumeMount)(unsafe.Pointer(&in.ExtraScannerVolumeMounts)) return nil } diff --git a/api/v1alpha3/zz_generated.deepcopy.go b/api/v1alpha3/zz_generated.deepcopy.go index 689915b1dd..5a6aede51b 100644 --- a/api/v1alpha3/zz_generated.deepcopy.go +++ b/api/v1alpha3/zz_generated.deepcopy.go @@ -21,6 +21,7 @@ limitations under the License. package v1alpha3 import ( + "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" ) @@ -142,6 +143,20 @@ func (in *ManagerConfig) DeepCopyInto(out *ManagerConfig) { (*out)[key] = val } } + if in.ExtraScannerVolumes != nil { + in, out := &in.ExtraScannerVolumes, &out.ExtraScannerVolumes + *out = make([]v1.Volume, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ExtraScannerVolumeMounts != nil { + in, out := &in.ExtraScannerVolumeMounts, &out.ExtraScannerVolumeMounts + *out = make([]v1.VolumeMount, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagerConfig. diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml index b13aba7b1e..6494335534 100644 --- a/config/manager/controller_manager_config.yaml +++ b/config/manager/controller_manager_config.yaml @@ -20,6 +20,8 @@ manager: pullSecrets: [] # image pull secrets for collector/scanner/eraser priorityClassName: "" # priority class name for collector/scanner/eraser additionalPodLabels: {} + extraScannerVolumes: {} + extraScannerVolumeMounts: {} nodeFilter: type: exclude # must be either exclude|include selectors: diff --git a/controllers/imagecollector/imagecollector_controller.go b/controllers/imagecollector/imagecollector_controller.go index 400ba36f46..508c54ff4f 100644 --- a/controllers/imagecollector/imagecollector_controller.go +++ b/controllers/imagecollector/imagecollector_controller.go @@ -448,6 +448,11 @@ func (r *Reconciler) createImageJob(ctx context.Context) (ctrl.Result, error) { }, }, } + + log.Info("extra mount for scanner starts") + jobTemplate.Spec.Volumes = append(jobTemplate.Spec.Volumes, mgrCfg.ExtraScannerVolumes...) + scannerContainer.VolumeMounts = append(scannerContainer.VolumeMounts, mgrCfg.ExtraScannerVolumeMounts...) + jobTemplate.Spec.Containers = append(jobTemplate.Spec.Containers, scannerContainer) } diff --git a/docs/docs/customization.md b/docs/docs/customization.md index b89706e46b..aa75dcc099 100644 --- a/docs/docs/customization.md +++ b/docs/docs/customization.md @@ -105,6 +105,8 @@ manager: pullSecrets: [] # image pull secrets for collector/scanner/remover priorityClassName: "" # priority class name for collector/scanner/remover additionalPodLabels: {} + extraScannerVolumes: {} + extraScannerVolumeMounts: {} nodeFilter: type: exclude # must be either exclude|include selectors: @@ -211,6 +213,8 @@ timeout: | manager.pullSecrets | The image pull secrets to use for collector, scanner, and remover containers. | [] | | manager.priorityClassName | The priority class to use for collector, scanner, and remover containers. | "" | | manager.additionalPodLabels | Additional labels for all pods that the controller creates at runtime. | `{}` | +| manager.extraScannerVolumes | Extra volumes for scanner. | `{}` | +| manager.extraScannerVolumeMounts | Extra volume mounts for scanner. | `{}` | | manager.nodeFilter.type | The type of node filter to use. Must be either "exclude" or "include". | exclude | | manager.nodeFilter.selectors | A list of selectors used to filter nodes. | [] | | components.collector.enabled | Whether to enable the collector component. | true | diff --git a/manifest_staging/charts/eraser/README.md b/manifest_staging/charts/eraser/README.md index 10174402c2..e6724cdbe3 100644 --- a/manifest_staging/charts/eraser/README.md +++ b/manifest_staging/charts/eraser/README.md @@ -46,6 +46,8 @@ _See [helm install](https://helm.sh/docs/helm/helm_install/) for command documen | runtimeConfig.manager.pullSecrets | Image pull secrets for collector/scanner/eraser. | `[]` | | runtimeConfig.manager.priorityClassName | Priority class name for collector/scanner/eraser. | `""` | | runtimeConfig.manager.additionalPodLabels | Additional labels for all pods that the controller creates at runtime. | `{}` | +| runtimeConfig.manager.extraScannerVolumes | Extra volumes for scanner. | `{}` | +| runtimeConfig.manager.extraScannerVolumeMounts | Extra volume mounts for scanner. | `{}` | | runtimeConfig.manager.nodeFilter | Filter for nodes. | `{}` | | runtimeConfig.components.collector | Settings for the collector component. | `{ enabled: true }` | | runtimeConfig.components.scanner | Settings for the scanner component. | `{ enabled: true }` | diff --git a/manifest_staging/charts/eraser/values.yaml b/manifest_staging/charts/eraser/values.yaml index 78ef93781e..11cf539e82 100644 --- a/manifest_staging/charts/eraser/values.yaml +++ b/manifest_staging/charts/eraser/values.yaml @@ -30,6 +30,8 @@ runtimeConfig: pullSecrets: [] # image pull secrets for collector/scanner/eraser priorityClassName: "" # priority class name for collector/scanner/eraser additionalPodLabels: {} + extraScannerVolumes: {} + extraScannerVolumeMounts: {} nodeFilter: type: exclude # must be either exclude|include selectors: