eraser
eraser copied to clipboard
Published
20 hours ago •
eraser-dev
eraser-dev
feat: add support for "pinned" images
TODO (very likely) - move logic from the scanner to the collector & remover
What this PR does / why we need it:
Add support for CRI pinned images. Pinned is a field images which should not be garbage collected have. When scanning images for removal we should .
We also make this configurable to allow users to decide whether or not they care about pinned images.
Which issue(s) this PR fixes: Fixes #380
Special notes for your reviewer:
The configurability can be removed if we think that images being pinned is enough for us to assume they should never be deleted.
Notes for me (Fabian) so I ensure these behaviors occur...
deletePinnedImages: true
| isPinned | notPinned | |
|---|---|---|
| isVulnerable | delete | delete |
| notVulnerable | keep | keep |
deletePinnedImages: false (default)
| isPinned | notPinned | |
|---|---|---|
| isVulnerable | keep | delete |
| notVulnerable | keep | keep |
- Do we care about scanning pinned images if
deletePinnedImages: false? Since we'll be keeping them either way...- As of now, I don't believe we have any reporting of CVEs, so scanning images we know we won't delete won't help with anything, but could keep us open to add to reports if we do so in the future (#356). I'll look into how/if we do special case handling for
deleteEOLand other similar flags.
- As of now, I don't believe we have any reporting of CVEs, so scanning images we know we won't delete won't help with anything, but could keep us open to add to reports if we do so in the future (#356). I'll look into how/if we do special case handling for
