Eraser helps Kubernetes admins remove a list of non-running images from all Kubernetes nodes in a cluster.
🚨 This project is currently in early alpha stage. Do NOT use for production.
Create an ImageList and specify the images you would like to remove.
Example:
cat <<EOF | kubectl apply -f -
apiVersion: eraser.sh/v1alpha1
kind: ImageList
metadata:
name: imagelist
spec:
images:
- sha256:2834dc507516af02784808c5f48b7cbe38b8ed5d0f4837f16e78d00deb7e7767
- docker.io/library/nginx:latest
- redis
EOF
ImageList is a cluster-scoped resource and must be called imagelist
. You can specify "*"
for all non-running images.
Creating an imagelist should trigger an ImageJob that will deploy eraser pods on every node to perform the removal given the list of images.
$ kubectl get pods -n eraser-system
eraser-system eraser-controller-manager-55d54c4fb6-dcglq 1/1 Running 0 9m8s
eraser-system eraser-kind-control-plane 1/1 Running 0 11s
eraser-system eraser-kind-worker 1/1 Running 0 11s
eraser-system eraser-kind-worker2 1/1 Running 0 11s
Pods will run to completion and the images will be removed.
$ kubectl get pods -n eraser-system
eraser-system eraser-controller-manager-6d6d5594d4-phl2q 1/1 Running 0 4m16s
eraser-system eraser-kind-control-plane 0/1 Completed 0 22s
eraser-system eraser-kind-worker 0/1 Completed 0 22s
eraser-system eraser-kind-worker2 0/1 Completed 0 22s
The imagelist
custom resource status field will contain the status of the last job.
$ kubectl describe ImageList imagelist
...
Status:
Failed: 0
Success: 3
Timestamp: 2022-02-25T23:41:55Z
...
By default, successful jobs will be deleted after a period of time. You can change this behavior by setting the following flags in the eraser-controller-manager:
--job-cleanup-on-success-delay
: Seconds to delay job deletion after successful runs. 0 means no delay. Defaults to0
.--job-cleanup-on-error-delay
: Seconds to delay job deletion after errored runs. 0 means no delay. Defaults to86400
(24 hours).--job-success-ratio
: Ratio of successful/total runs to consider a job successful. 1.0 means all runs must succeed. Defaults to1.0
.
Developing this project requires access to a Kubernetes cluster and Go version 1.16 or later.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.