github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-02-14 18:09:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

rename all the things

Browse Source
This commit is contained in:
Bobby Brennan
2019-05-09 15:56:36 +00:00
parent 7c34d6ffb5
commit 9bcb832bbd
48 changed files with 272 additions and 272 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.circleci/config.yml
View File

@@ -11,7 +11,7 @@ references:
echo 'export CI_TAG=$CIRCLE_TAG' >> ${BASH_ENV}
echo 'export EXTERNAL_REGISTRY_BASE_DOMAIN=quay.io' >> ${BASH_ENV}
echo 'export DOCKERFILE=Dockerfile' >> ${BASH_ENV}
echo 'export REPOSITORY_NAME=reactiveops/fairwinds' >> ${BASH_ENV}
echo 'export REPOSITORY_NAME=reactiveops/polaris' >> ${BASH_ENV}
echo 'export REGISTRY_EMAIL=none' >> ${BASH_ENV}
echo 'export DOCKERTAG=${EXTERNAL_REGISTRY_BASE_DOMAIN}/${REPOSITORY_NAME}' >> ${BASH_ENV}
docker_build_and_push: &docker_build_and_push
@@ -35,7 +35,7 @@ jobs:
- *docker_build_and_push
test:
working_directory: /go/src/github.com/reactiveops/fairwinds/
working_directory: /go/src/github.com/reactiveops/polaris/
docker:
- image: circleci/golang:1.11
@@ -56,7 +56,7 @@ jobs:
name: Verify helm chart synced with dashboard.yaml
command: |
diff \
<(helm template deploy/helm/fairwinds/ --name fairwinds --namespace fairwinds --set templateOnly=true) \
<(helm template deploy/helm/polaris/ --name polaris --namespace polaris --set templateOnly=true) \
deploy/dashboard.yaml || (echo "
Make sure to regenerate k8s deploy config with make helm-to-k8s" &&
exit 1)
@@ -65,7 +65,7 @@ jobs:
name: Verify helm chart synced with webhook.yaml
command: |
diff \
<(helm template deploy/helm/fairwinds/ --name fairwinds --namespace fairwinds --set templateOnly=true --set webhook.enable=true --set dashboard.enable=false) \
<(helm template deploy/helm/polaris/ --name polaris --namespace polaris --set templateOnly=true --set webhook.enable=true --set dashboard.enable=false) \
deploy/webhook.yaml || (echo "
Make sure to regenerate k8s deploy config with make helm-to-k8s" &&
exit 1)

4
.gitignore vendored
View File

@@ -4,9 +4,9 @@
*.dll
*.so
*.dylib
fairwinds
polaris
!deploy/helm/fairwinds
!deploy/helm/polaris
# Test binary, build with `go test -c`
*.test

8
CONTRIBUTING.md
View File

@@ -1,6 +1,6 @@
# Contributing
Issues, whether bugs, tasks, or feature requests are essential for keeping Fairwinds great. We believe it should be as easy as possible to contribute changes that get things working in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
Issues, whether bugs, tasks, or feature requests are essential for keeping Polaris great. We believe it should be as easy as possible to contribute changes that get things working in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
## Code of Conduct
@@ -8,15 +8,15 @@ This project adheres to a [code of conduct](CODE_OF_CONDUCT.md). Please review t
## Project Structure
Fairwinds is built on top of [controller-runtime](https://github.com/kubernetes-sigs/controller-runtime). It can run in 3 different modes, a dashboard, a webhook, or a reporter that prints or exports validation results. All of these modes make use of the shared `validator` and `config` packages. Adding new validations is possible by only making additions to those packages.
Polaris is built on top of [controller-runtime](https://github.com/kubernetes-sigs/controller-runtime). It can run in 3 different modes, a dashboard, a webhook, or a reporter that prints or exports validation results. All of these modes make use of the shared `validator` and `config` packages. Adding new validations is possible by only making additions to those packages.
## Getting Started
We label issues with the ["good first issue" tag](https://github.com/reactiveops/fairwinds/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) if we believe they'll be a good starting point for new contributors. If you're interested in working on an issue, please start a conversation on that issue, and we can help answer any questions as they come up.
We label issues with the ["good first issue" tag](https://github.com/reactiveops/polaris/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) if we believe they'll be a good starting point for new contributors. If you're interested in working on an issue, please start a conversation on that issue, and we can help answer any questions as they come up.
## Running Tests
The following commands are all required to pass as part of Fairwinds testing:
The following commands are all required to pass as part of Polaris testing:
```
go list ./... | grep -v vendor | xargs golint -set_exit_status

14
Dockerfile
View File

@@ -1,20 +1,20 @@
FROM golang:1.12.4 AS build-env
WORKDIR /go/src/github.com/reactiveops/fairwinds/
WORKDIR /go/src/github.com/reactiveops/polaris/
COPY . .
RUN go get -u github.com/gobuffalo/packr/v2/packr2
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 packr2 build -a -o fairwinds *.go
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 packr2 build -a -o polaris *.go
FROM alpine:3.9
WORKDIR /usr/local/bin
RUN apk --no-cache add ca-certificates
RUN addgroup -S fairwinds && adduser -S -G fairwinds fairwinds
USER fairwinds
COPY --from=build-env /go/src/github.com/reactiveops/fairwinds/fairwinds .
RUN addgroup -S polaris && adduser -S -G polaris polaris
USER polaris
COPY --from=build-env /go/src/github.com/reactiveops/polaris/polaris .
WORKDIR /opt/app
COPY --from=build-env /go/src/github.com/reactiveops/fairwinds/config.yaml ./config.yaml
COPY --from=build-env /go/src/github.com/reactiveops/polaris/config.yaml ./config.yaml
CMD ["fairwinds"]
CMD ["polaris"]

4
Makefile
View File

@@ -1,3 +1,3 @@
helm-to-k8s:
helm template deploy/helm/fairwinds/ --name fairwinds --namespace fairwinds --set templateOnly=true > deploy/dashboard.yaml
helm template deploy/helm/fairwinds/ --name fairwinds --namespace fairwinds --set templateOnly=true --set webhook.enable=true --set dashboard.enable=false > deploy/webhook.yaml
helm template deploy/helm/polaris/ --name polaris --namespace polaris --set templateOnly=true > deploy/dashboard.yaml
helm template deploy/helm/polaris/ --name polaris --namespace polaris --set templateOnly=true --set webhook.enable=true --set dashboard.enable=false > deploy/webhook.yaml

40
README.md
View File

@@ -1,32 +1,32 @@
<p align="center">
<img src="/pkg/dashboard/assets/images/logo.png" alt="Fairwinds Logo" />
<img src="/pkg/dashboard/assets/images/logo.png" alt="Polaris Logo" />
</p>
Fairwinds keeps your cluster sailing smoothly. It runs a variety of checks to ensure that Kubernetes deployments are configured using best practices that will avoid potential problems in the future. The project includes two primary parts:
Polaris keeps your cluster sailing smoothly. It runs a variety of checks to ensure that Kubernetes deployments are configured using best practices that will avoid potential problems in the future. The project includes two primary parts:
- A dashboard to display the results of these validations on your existing deployments
- A beta version of a webhook that can prevent poorly configured deployments from reaching your cluster
## Dashboard
The Fairwinds Dashboard provides an overview of your current deployments in a cluster along with their validation scores. An overall score is provided for a cluster on a 0 - 100 scale. Results are then broken down by namespace and deployment.
The Polaris Dashboard provides an overview of your current deployments in a cluster along with their validation scores. An overall score is provided for a cluster on a 0 - 100 scale. Results are then broken down by namespace and deployment.
<p align="center">
<img src="/dashboard-screenshot.png" alt="Fairwinds Dashboard" />
<img src="/dashboard-screenshot.png" alt="Polaris Dashboard" />
</p>
### Deploying
To deploy Fairwinds with kubectl:
To deploy Polaris with kubectl:
```
kubectl apply -f https://raw.githubusercontent.com/reactiveops/fairwinds/master/deploy/dashboard.yaml
kubectl apply -f https://raw.githubusercontent.com/reactiveops/polaris/master/deploy/dashboard.yaml
```
Fairwinds can also be deployed with Helm:
Polaris can also be deployed with Helm:
```
helm upgrade --install fairwinds deploy/helm/fairwinds/ --namespace fairwinds
helm upgrade --install polaris deploy/helm/polaris/ --namespace polaris
```
### Viewing the Dashboard
@@ -34,47 +34,47 @@ helm upgrade --install fairwinds deploy/helm/fairwinds/ --namespace fairwinds
Once the dashboard is deployed, it can be viewed by using kubectl port-forward:
```
kubectl port-forward --namespace fairwinds svc/fairwinds-dashboard 8080:80
kubectl port-forward --namespace polaris svc/polaris-dashboard 8080:80
```
With the port forwarding in place, you can open http://localhost:8080 in your browser to view the dashboard.
### Using a Binary Release
If you'd prefer to run Fairwinds locally, binary releases are available on the [releases page](https://github.com/reactiveops/fairwinds/releases). When running as a binary, Fairwinds will use your local kubeconfig to connect to a cluster. There are a variety of options available, but the most common usage may be to view the dashboard:
If you'd prefer to run Polaris locally, binary releases are available on the [releases page](https://github.com/reactiveops/polaris/releases). When running as a binary, Polaris will use your local kubeconfig to connect to a cluster. There are a variety of options available, but the most common usage may be to view the dashboard:
```
fairwinds --dashboard
polaris --dashboard
```
## Webhook
Fairwinds includes experimental support for an optional validating webhook. This accepts the same configuration as the dashboard, and can run the same validations. This webhook will reject any deployments that trigger a validation error. This is indicative of the greater goal of Fairwinds, not just to encourage better configuration through dashboard visibility, but to actually enforce it with this webhook. *Although we are working towards greater stability and better test coverage, we do not currently consider this webhook component production ready.*
Polaris includes experimental support for an optional validating webhook. This accepts the same configuration as the dashboard, and can run the same validations. This webhook will reject any deployments that trigger a validation error. This is indicative of the greater goal of Polaris, not just to encourage better configuration through dashboard visibility, but to actually enforce it with this webhook. *Although we are working towards greater stability and better test coverage, we do not currently consider this webhook component production ready.*
Unfortunately we have not found a way to disply warnings as part of `kubectl` output unless we are rejecting a deployment altogether. That means that any checks with a severity of `warning` will still pass webhook validation, and the only evidence of that warning will either be in the Fairwinds dashboard or the Fairwinds webhook logs.
Unfortunately we have not found a way to disply warnings as part of `kubectl` output unless we are rejecting a deployment altogether. That means that any checks with a severity of `warning` will still pass webhook validation, and the only evidence of that warning will either be in the Polaris dashboard or the Polaris webhook logs.
### Deploying
The Fairwinds webhook can be deployed with kubectl:
The Polaris webhook can be deployed with kubectl:
```
kubectl apply -f https://raw.githubusercontent.com/reactiveops/fairwinds/master/deploy/webhook.yaml
kubectl apply -f https://raw.githubusercontent.com/reactiveops/polaris/master/deploy/webhook.yaml
```
Alternatively, the webhook can be enabled with Helm by setting `webhook.enable` to true:
```
helm upgrade --install fairwinds deploy/helm/fairwinds/ --namespace fairwinds --set webhook.enable=true
helm upgrade --install polaris deploy/helm/polaris/ --namespace polaris --set webhook.enable=true
```
## Configuration
Fairwinds supports a wide range of validations covering a number of Kubernetes best practices. Here's a sample configuration file that includes all currently supported checks. The [default configuration](https://github.com/reactiveops/fairwinds/blob/master/config.yaml) contains a number of those checks. This repository also includes a sample [full configuration file](https://github.com/reactiveops/fairwinds/blob/master/config-full.yaml) that enables all available checks.
Polaris supports a wide range of validations covering a number of Kubernetes best practices. Here's a sample configuration file that includes all currently supported checks. The [default configuration](https://github.com/reactiveops/polaris/blob/master/config.yaml) contains a number of those checks. This repository also includes a sample [full configuration file](https://github.com/reactiveops/polaris/blob/master/config-full.yaml) that enables all available checks.
Each check can be assigned a `severity`. Only checks with a severity of `error` or `warning` will be validated. The results of these validations are visible on the dashboard. In the case of the validating webhook, only failures with a severity of `error` will result in a change being rejected.
Fairwinds validation checks fall into several different categories:
Polaris validation checks fall into several different categories:
- [Health Checks](docs/health-checks.md)
- [Images](docs/images.md)
@@ -84,8 +84,8 @@ Fairwinds validation checks fall into several different categories:
## CLI Options
* `config`: Specify a location for the Fairwinds config
* `dashboard`: Runs the webserver for Fairwinds dashboard.
* `config`: Specify a location for the Polaris config
* `dashboard`: Runs the webserver for Polaris dashboard.
* `dashboard-port`: Port for the dashboard webserver (default 8080)
* `webhook`: Runs the webhook webserver.
* `webhook-port`: Port for the webhook webserver (default 9876)

74
deploy/dashboard.yaml
View File

@@ -1,18 +1,18 @@
---
# Source: fairwinds/templates/namespace.yaml
# Source: polaris/templates/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: fairwinds
name: polaris
---
# Source: fairwinds/templates/configmap.yaml
# Source: polaris/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: fairwinds
namespace: fairwinds
name: polaris
namespace: polaris
labels:
app: fairwinds
app: polaris
data:
config.yaml: |
resources:
@@ -59,23 +59,23 @@ data:
- AUDIT_WRITE
---
# Source: fairwinds/templates/serviceaccount.yaml
# Source: polaris/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fairwinds
namespace: fairwinds
name: polaris
namespace: polaris
labels:
app: fairwinds
app: polaris
---
# Source: fairwinds/templates/clusterrole.yaml
# Source: polaris/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: fairwinds
name: polaris
labels:
app: fairwinds
app: polaris
rules:
- apiGroups:
- ''
@@ -86,30 +86,30 @@ rules:
verbs:
- '*'
---
# Source: fairwinds/templates/clusterrolebinding.yaml
# Source: polaris/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: fairwinds
name: polaris
labels:
app: fairwinds
app: polaris
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: fairwinds
name: polaris
subjects:
- kind: ServiceAccount
name: fairwinds
namespace: fairwinds
name: polaris
namespace: polaris
---
# Source: fairwinds/templates/dashboard.service.yaml
# Source: polaris/templates/dashboard.service.yaml
apiVersion: v1
kind: Service
metadata:
name: fairwinds-dashboard
namespace: fairwinds
name: polaris-dashboard
namespace: polaris
labels:
app: fairwinds
app: polaris
spec:
ports:
- name: dashboard
@@ -117,42 +117,42 @@ spec:
protocol: TCP
targetPort: 8080
selector:
app: fairwinds
app: polaris
component: dashboard
type: ClusterIP
---
# Source: fairwinds/templates/dashboard.deployment.yaml
# Source: polaris/templates/dashboard.deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
checksum/config: '5702aca235561630172c22b6b900f5cebd4e82fae60389df18a3537ff82e2f09'
name: fairwinds-dashboard
namespace: fairwinds
name: polaris-dashboard
namespace: polaris
labels:
app: fairwinds
app: polaris
component: dashboard
spec:
replicas: 1
selector:
matchLabels:
app: fairwinds
app: polaris
component: dashboard
template:
metadata:
labels:
app: fairwinds
app: polaris
component: dashboard
spec:
volumes:
- name: config
configMap:
name: fairwinds
name: polaris
containers:
- command:
- fairwinds
- polaris
- --dashboard
image: 'quay.io/reactiveops/fairwinds:master'
image: 'quay.io/reactiveops/polaris:master'
imagePullPolicy: 'Always'
name: dashboard
ports:
@@ -181,13 +181,13 @@ spec:
mountPath: /opt/app/config.yaml
subPath: config.yaml
readOnly: true
serviceAccountName: fairwinds
serviceAccountName: polaris
---
# Source: fairwinds/templates/secret.yaml
# Source: polaris/templates/secret.yaml
---
# Source: fairwinds/templates/webhook.deployment.yaml
# Source: polaris/templates/webhook.deployment.yaml
---
# Source: fairwinds/templates/webhook.service.yaml
# Source: polaris/templates/webhook.service.yaml

7
deploy/helm/fairwinds/templates/serviceaccount.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "fairwinds.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "fairwinds.labels" . | nindent 4 }}

4
deploy/helm/fairwinds/Chart.yaml → deploy/helm/polairs/Chart.yaml
View File

@@ -1,4 +1,4 @@
apiVersion: v1
description: Validation of best practices in your Kubernetes clusters
name: fairwinds
version: 0.1.0
name: polaris
version: 1.0.0

4
deploy/helm/fairwinds/templates/NOTES.txt → deploy/helm/polairs/templates/NOTES.txt
View File

@@ -1,12 +1,12 @@
** Please be patient while the chart is being deployed **
Enjoy Fairwinds and smooth sailing!
Enjoy Polaris and smooth sailing!
{{- if contains "ClusterIP" .Values.dashboard.service.type }}
## To view the dashboard execute these commands:
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "fairwinds.fullname" . }}-dashboard 8080:80 &
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "polaris.fullname" . }}-dashboard 8080:80 &
open http://localhost:8080
{{- end }}

20
deploy/helm/fairwinds/templates/_helpers.tpl → deploy/helm/polairs/templates/_helpers.tpl
View File

@@ -2,7 +2,7 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "fairwinds.name" -}}
{{- define "polaris.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "fairwinds.fullname" -}}
{{- define "polaris.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
@@ -27,19 +27,19 @@ If release name contains chart name it will be used as a full name.
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "fairwinds.chart" -}}
{{- define "polaris.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Standard labels
*/}}
{{- define "fairwinds.labels" -}}
{{- define "polaris.labels" -}}
{{- if .Values.templateOnly -}}
app: {{ include "fairwinds.name" . }}
app: {{ include "polaris.name" . }}
{{- else -}}
app.kubernetes.io/name: {{ include "fairwinds.name" . }}
helm.sh/chart: {{ include "fairwinds.chart" . }}
app.kubernetes.io/name: {{ include "polaris.name" . }}
helm.sh/chart: {{ include "polaris.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
@@ -48,11 +48,11 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
{{/*
Standard selector
*/}}
{{- define "fairwinds.selectors" -}}
{{- define "polaris.selectors" -}}
{{- if .Values.templateOnly -}}
app: {{ include "fairwinds.name" . }}
app: {{ include "polaris.name" . }}
{{- else -}}
app.kubernetes.io/name: {{ include "fairwinds.name" . }}
app.kubernetes.io/name: {{ include "polaris.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- end -}}

4
deploy/helm/fairwinds/templates/clusterrole.yaml → deploy/helm/polairs/templates/clusterrole.yaml
View File

@@ -2,9 +2,9 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: {{ include "fairwinds.fullname" . }}
name: {{ include "polaris.fullname" . }}
labels:
{{- include "fairwinds.labels" . | nindent 4 }}
{{- include "polaris.labels" . | nindent 4 }}
rules:
- apiGroups:
- ''

8
deploy/helm/fairwinds/templates/clusterrolebinding.yaml → deploy/helm/polairs/templates/clusterrolebinding.yaml
View File

@@ -2,15 +2,15 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: {{ include "fairwinds.fullname" . }}
name: {{ include "polaris.fullname" . }}
labels:
{{- include "fairwinds.labels" . | nindent 4 }}
{{- include "polaris.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "fairwinds.fullname" . }}
name: {{ include "polaris.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "fairwinds.fullname" . }}
name: {{ include "polaris.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

4
deploy/helm/fairwinds/templates/configmap.yaml → deploy/helm/polairs/templates/configmap.yaml
View File

@@ -1,9 +1,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "fairwinds.fullname" . }}
name: {{ include "polaris.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "fairwinds.labels" . | nindent 4 }}
{{- include "polaris.labels" . | nindent 4 }}
data:
config.yaml: {{- toYaml .Values.config | indent 2 -}}

14
deploy/helm/fairwinds/templates/dashboard.deployment.yaml → deploy/helm/polairs/templates/dashboard.deployment.yaml
View File

@@ -4,30 +4,30 @@ kind: Deployment
metadata:
annotations:
checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
name: {{ include "fairwinds.fullname" . }}-dashboard
name: {{ include "polaris.fullname" . }}-dashboard
namespace: {{ .Release.Namespace }}
labels:
{{- include "fairwinds.labels" . | nindent 4 }}
{{- include "polaris.labels" . | nindent 4 }}
component: dashboard
spec:
replicas: {{.Values.dashboard.replicas}}
selector:
matchLabels:
{{- include "fairwinds.selectors" . | nindent 6 }}
{{- include "polaris.selectors" . | nindent 6 }}
component: dashboard
template:
metadata:
labels:
{{- include "fairwinds.selectors" . | nindent 8 }}
{{- include "polaris.selectors" . | nindent 8 }}
component: dashboard
spec:
volumes:
- name: config
configMap:
name: {{ include "fairwinds.fullname" . }}
name: {{ include "polaris.fullname" . }}
containers:
- command:
- fairwinds
- polaris
- --dashboard
image: '{{.Values.webhook.image.repository}}:{{.Values.webhook.image.tag}}'
imagePullPolicy: '{{.Values.webhook.image.pullPolicy}}'
@@ -58,5 +58,5 @@ spec:
mountPath: /opt/app/config.yaml
subPath: config.yaml
readOnly: true
serviceAccountName: {{ include "fairwinds.fullname" . }}
serviceAccountName: {{ include "polaris.fullname" . }}
{{- end -}}

6
deploy/helm/fairwinds/templates/dashboard.service.yaml → deploy/helm/polairs/templates/dashboard.service.yaml
View File

@@ -2,10 +2,10 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "fairwinds.fullname" . }}-dashboard
name: {{ include "polaris.fullname" . }}-dashboard
namespace: {{ .Release.Namespace }}
labels:
{{- include "fairwinds.labels" . | nindent 4 }}
{{- include "polaris.labels" . | nindent 4 }}
spec:
ports:
- name: dashboard
@@ -13,7 +13,7 @@ spec:
protocol: TCP
targetPort: 8080
selector:
{{- include "fairwinds.selectors" . | nindent 4 }}
{{- include "polaris.selectors" . | nindent 4 }}
component: dashboard
type: {{ .Values.dashboard.service.type }}
{{- end -}}

0
deploy/helm/fairwinds/templates/namespace.yaml → deploy/helm/polairs/templates/namespace.yaml
View File

4
deploy/helm/fairwinds/templates/secret.yaml → deploy/helm/polairs/templates/secret.yaml
View File

@@ -2,10 +2,10 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "fairwinds.fullname" . }}
name: {{ include "polaris.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "fairwinds.labels" . | nindent 4 }}
{{- include "polaris.labels" . | nindent 4 }}
type: Opaque
data:
{{- end -}}

7
deploy/helm/polairs/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "polaris.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "polaris.labels" . | nindent 4 }}

20
deploy/helm/fairwinds/templates/webhook.deployment.yaml → deploy/helm/polairs/templates/webhook.deployment.yaml
View File

@@ -4,33 +4,33 @@ kind: Deployment
metadata:
annotations:
checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}'
name: {{ include "fairwinds.fullname" . }}-webhook
name: {{ include "polaris.fullname" . }}-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "fairwinds.labels" . | nindent 4 }}
{{- include "polaris.labels" . | nindent 4 }}
component: webhook
spec:
replicas: {{ .Values.webhook.replicas }}
selector:
matchLabels:
{{- include "fairwinds.selectors" . | nindent 6 }}
{{- include "polaris.selectors" . | nindent 6 }}
component: webhook
template:
metadata:
labels:
{{- include "fairwinds.selectors" . | nindent 8 }}
{{- include "polaris.selectors" . | nindent 8 }}
component: webhook
spec:
volumes:
- name: config
configMap:
name: {{ include "fairwinds.fullname" . }}
name: {{ include "polaris.fullname" . }}
- name: secret
secret:
secretName: {{ include "fairwinds.fullname" . }}
secretName: {{ include "polaris.fullname" . }}
containers:
- command:
- fairwinds
- polaris
- --webhook
image: '{{.Values.webhook.image.repository}}:{{.Values.webhook.image.tag}}'
imagePullPolicy: '{{.Values.webhook.image.pullPolicy}}'
@@ -45,7 +45,7 @@ spec:
command:
- sh
- -c
- ps -ef | grep fairwinds
- ps -ef | grep polaris
initialDelaySeconds: 5
periodSeconds: 5
readinessProbe:
@@ -53,7 +53,7 @@ spec:
command:
- sh
- -c
- ps -ef | grep fairwinds
- ps -ef | grep polaris
initialDelaySeconds: 5
periodSeconds: 5
resources:
@@ -71,5 +71,5 @@ spec:
- name: secret
mountPath: /tmp/cert/
readOnly: true
serviceAccountName: {{ include "fairwinds.fullname" . }}
serviceAccountName: {{ include "polaris.fullname" . }}
{{- end -}}

6
deploy/helm/fairwinds/templates/webhook.service.yaml → deploy/helm/polairs/templates/webhook.service.yaml
View File

@@ -2,10 +2,10 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "fairwinds.fullname" . }}-dashboard
name: {{ include "polaris.fullname" . }}-dashboard
namespace: {{ .Release.Namespace }}
labels:
{{- include "fairwinds.labels" . | nindent 4 }}
{{- include "polaris.labels" . | nindent 4 }}
spec:
ports:
- name: dashboard
@@ -13,7 +13,7 @@ spec:
protocol: TCP
targetPort: 8080
selector:
{{- include "fairwinds.selectors" . | nindent 4 }}
{{- include "polaris.selectors" . | nindent 4 }}
component: dashboard
type: ClusterIP
{{- end -}}

4
deploy/helm/fairwinds/values.yaml → deploy/helm/polairs/values.yaml
View File

@@ -49,7 +49,7 @@ dashboard:
service:
type: ClusterIP
image:
repository: quay.io/reactiveops/fairwinds
repository: quay.io/reactiveops/polaris
tag: master
pullPolicy: Always
@@ -57,7 +57,7 @@ webhook:
enable: false
replicas: 1
image:
repository: quay.io/reactiveops/fairwinds
repository: quay.io/reactiveops/polaris
tag: master
pullPolicy: Always

94
deploy/webhook.yaml
View File

@@ -1,29 +1,29 @@
---
# Source: fairwinds/templates/namespace.yaml
# Source: polaris/templates/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: fairwinds
name: polaris
---
# Source: fairwinds/templates/secret.yaml
# Source: polaris/templates/secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: fairwinds
namespace: fairwinds
name: polaris
namespace: polaris
labels:
app: fairwinds
app: polaris
type: Opaque
data:
---
# Source: fairwinds/templates/configmap.yaml
# Source: polaris/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: fairwinds
namespace: fairwinds
name: polaris
namespace: polaris
labels:
app: fairwinds
app: polaris
data:
config.yaml: |
resources:
@@ -70,23 +70,23 @@ data:
- AUDIT_WRITE
---
# Source: fairwinds/templates/serviceaccount.yaml
# Source: polaris/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fairwinds
namespace: fairwinds
name: polaris
namespace: polaris
labels:
app: fairwinds
app: polaris
---
# Source: fairwinds/templates/clusterrole.yaml
# Source: polaris/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: fairwinds
name: polaris
labels:
app: fairwinds
app: polaris
rules:
- apiGroups:
- ''
@@ -97,30 +97,30 @@ rules:
verbs:
- '*'
---
# Source: fairwinds/templates/clusterrolebinding.yaml
# Source: polaris/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: fairwinds
name: polaris
labels:
app: fairwinds
app: polaris
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: fairwinds
name: polaris
subjects:
- kind: ServiceAccount
name: fairwinds
namespace: fairwinds
name: polaris
namespace: polaris
---
# Source: fairwinds/templates/dashboard.service.yaml
# Source: polaris/templates/dashboard.service.yaml
apiVersion: v1
kind: Service
metadata:
name: fairwinds-dashboard
namespace: fairwinds
name: polaris-dashboard
namespace: polaris
labels:
app: fairwinds
app: polaris
spec:
ports:
- name: dashboard
@@ -128,18 +128,18 @@ spec:
protocol: TCP
targetPort: 8080
selector:
app: fairwinds
app: polaris
component: dashboard
type: ClusterIP
---
# Source: fairwinds/templates/webhook.service.yaml
# Source: polaris/templates/webhook.service.yaml
apiVersion: v1
kind: Service
metadata:
name: fairwinds-dashboard
namespace: fairwinds
name: polaris-dashboard
namespace: polaris
labels:
app: fairwinds
app: polaris
spec:
ports:
- name: dashboard
@@ -147,45 +147,45 @@ spec:
protocol: TCP
targetPort: 8080
selector:
app: fairwinds
app: polaris
component: dashboard
type: ClusterIP
---
# Source: fairwinds/templates/webhook.deployment.yaml
# Source: polaris/templates/webhook.deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
checksum/config: '5702aca235561630172c22b6b900f5cebd4e82fae60389df18a3537ff82e2f09'
name: fairwinds-webhook
namespace: fairwinds
name: polaris-webhook
namespace: polaris
labels:
app: fairwinds
app: polaris
component: webhook
spec:
replicas: 1
selector:
matchLabels:
app: fairwinds
app: polaris
component: webhook
template:
metadata:
labels:
app: fairwinds
app: polaris
component: webhook
spec:
volumes:
- name: config
configMap:
name: fairwinds
name: polaris
- name: secret
secret:
secretName: fairwinds
secretName: polaris
containers:
- command:
- fairwinds
- polaris
- --webhook
image: 'quay.io/reactiveops/fairwinds:master'
image: 'quay.io/reactiveops/polaris:master'
imagePullPolicy: 'Always'
name: webhook
ports:
@@ -198,7 +198,7 @@ spec:
command:
- sh
- -c
- ps -ef | grep fairwinds
- ps -ef | grep polaris
initialDelaySeconds: 5
periodSeconds: 5
readinessProbe:
@@ -206,7 +206,7 @@ spec:
command:
- sh
- -c
- ps -ef | grep fairwinds
- ps -ef | grep polaris
initialDelaySeconds: 5
periodSeconds: 5
resources:
@@ -224,7 +224,7 @@ spec:
- name: secret
mountPath: /tmp/cert/
readOnly: true
serviceAccountName: fairwinds
serviceAccountName: polaris
---
# Source: fairwinds/templates/dashboard.deployment.yaml
# Source: polaris/templates/dashboard.deployment.yaml

4
docs/health-checks.md
View File

@@ -1,6 +1,6 @@
# Health Checks
Fairwinds supports validating the presence of readiness and liveness probes in pods.
Polaris supports validating the presence of readiness and liveness probes in pods.
key | default | description
----|---------|------------
@@ -19,4 +19,4 @@ Liveness probes are designed to ensure that an application stays in a healthy st
- [Kubernetes Docs: Configure Livenss and Readiness Probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/)
- [Utilizing Kubernetes Liveness and Readiness Probes to Automatically Recover From Failure](https://medium.com/spire-labs/utilizing-kubernetes-liveness-and-readiness-probes-to-automatically-recover-from-failure-2fe0314f2b2e)
- [Kubernetes Liveness and Readiness Probes: How to Avoid Shooting Yourself in the Foot](https://blog.colinbreck.com/kubernetes-liveness-and-readiness-probes-how-to-avoid-shooting-yourself-in-the-foot/)
- [Kubernetes Liveness and Readiness Probes: How to Avoid Shooting Yourself in the Foot](https://blog.colinbreck.com/kubernetes-liveness-and-readiness-probes-how-to-avoid-shooting-yourself-in-the-foot/)

6
docs/images.md
View File

@@ -1,6 +1,6 @@
# Images
Fairwinds supports a number of checks related to the image specified by pods.
Polaris supports a number of checks related to the image specified by pods.
key | default | description
----|---------|------------
@@ -11,10 +11,10 @@ key | default | description
Docker's `latest` tag is applied by default to images where a tag hasn't been specified. Not specifying a specific version of an image can lead to a wide variety of problems. The underlying image could include unexpected breaking changes that break your application whenever the latest image is pulled. Reusing the same tag for multiple versions of an image can lead to different nodes in the same cluster having different versions of an image, even if the tag is identical.
Related to that, relying on cached versions of a Docker image can become a security vulnerability. By default, an image will be pulled if it isn't already cached on the node attempting to run it. This can result in variations in images that are running per node, or potentially provide a way to gain access to an image without having direct access to the ImagePullSecret. With that in mind, it's often better to ensure the a pod has `pullPolicy: Always` specified, so images are always pulled directly from their source. This is not a check enabled by default with Fairwinds as organizations may not wish to add the overhead involved with pulling images for each pod.
Related to that, relying on cached versions of a Docker image can become a security vulnerability. By default, an image will be pulled if it isn't already cached on the node attempting to run it. This can result in variations in images that are running per node, or potentially provide a way to gain access to an image without having direct access to the ImagePullSecret. With that in mind, it's often better to ensure the a pod has `pullPolicy: Always` specified, so images are always pulled directly from their source. This is not a check enabled by default with Polaris as organizations may not wish to add the overhead involved with pulling images for each pod.
## Further Reading
- [What's Wrong With The Docker :latest Tag?](https://vsupalov.com/docker-latest-tag/)
- [Kubernetes AlwaysPullImages Admission Controlthe Importance, Implementation, and Security Vulnerability in its Absence](https://medium.com/@trstringer/kubernetes-alwayspullimages-admission-control-the-importance-implementation-and-security-d83ff3815840)
- [Kubernetes AlwaysPullImages Admission Controlthe Importance, Implementation, and Security Vulnerability in its Absence](https://medium.com/@trstringer/kubernetes-alwayspullimages-admission-control-the-importance-implementation-and-security-d83ff3815840)

4
docs/networking.md
View File

@@ -1,6 +1,6 @@
# Networking
Fairwinds supports a number of checks related to pod networking.
Polaris supports a number of checks related to pod networking.
key | default | description
----|---------|------------
@@ -19,4 +19,4 @@ Setting the `hostPort` attribute on a container will ensure that it is accessibl
- [Kubernetes Docs: Configuration Best Practices](https://kubernetes.io/docs/concepts/configuration/overview/#services)
- [Accessing Kubernetes Pods from Outside of the Cluster](http://alesnosek.com/blog/2017/02/14/accessing-kubernetes-pods-from-outside-of-the-cluster/)
- [Accessing Kubernetes Pods from Outside of the Cluster](http://alesnosek.com/blog/2017/02/14/accessing-kubernetes-pods-from-outside-of-the-cluster/)

6
docs/resources.md
View File

@@ -1,6 +1,6 @@
# Resources
Fairwinds supports a number of checks related to CPU and Memory requests and limits.
Polaris supports a number of checks related to CPU and Memory requests and limits.
## Presence Checks
@@ -15,7 +15,7 @@ key | default | description
## Range Checks
Fairwinds can also verify that those values fall within a certain range. These checks are not enabled by default, and as such do not have default values. The `cpuRequestRanges`, `cpuLimitRanges`, `memoryRequestRanges`, and `memoryLimitRanges` all support the following attributes:
Polaris can also verify that those values fall within a certain range. These checks are not enabled by default, and as such do not have default values. The `cpuRequestRanges`, `cpuLimitRanges`, `memoryRequestRanges`, and `memoryLimitRanges` all support the following attributes:
key | description
----|------------
@@ -40,4 +40,4 @@ Having these values appropriately configured ensures that:
- [Kubernetes best practices: Resource requests and limits](https://cloud.google.com/blog/products/gcp/kubernetes-best-practices-resource-requests-and-limits)
- [Vertical Pod Autoscaler (can automatically set resource requests and limits)](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler)
- [Vertical Pod Autoscaler (can automatically set resource requests and limits)](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler)

2
docs/security-capabilities.md
View File

@@ -1,6 +1,6 @@
# Security Capabilities
Fairwinds supports a number of checks to ensure pods are running with a limited set of capabilities. Under `security.capabilities`, there are `error` and `warning` sections indicating the severity of failures for the following checks.
Polaris supports a number of checks to ensure pods are running with a limited set of capabilities. Under `security.capabilities`, there are `error` and `warning` sections indicating the severity of failures for the following checks.
key | default | description
----|---------|------------

4
docs/security.md
View File

@@ -1,6 +1,6 @@
# Security
Fairwinds supports a number of checks related to security.
Polaris supports a number of checks related to security.
key | default | description
----|---------|------------
@@ -19,7 +19,7 @@ Additional validations are available to ensure pods are running with a limited s
Securing workloads in Kubernetes is an important part of overall cluster security. The overall goal should be to ensure that containers are running with as minimal privileges as possible. This includes avoiding privilege escalation, not running containers with a root user, and using read only file systems wherever possible.
Much of this configuration can be found in the `securityContext` attribute for both Kubernetes pods and containers. Where configuration is available at both a pod and container level, Fairwinds validates both.
Much of this configuration can be found in the `securityContext` attribute for both Kubernetes pods and containers. Where configuration is available at both a pod and container level, Polaris validates both.
## Further Reading
- [Kubernetes Docs: Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)

44
main.go
View File

@@ -25,11 +25,11 @@ import (
"strings"
"github.com/gorilla/mux"
conf "github.com/reactiveops/fairwinds/pkg/config"
"github.com/reactiveops/fairwinds/pkg/dashboard"
"github.com/reactiveops/fairwinds/pkg/kube"
"github.com/reactiveops/fairwinds/pkg/validator"
fwebhook "github.com/reactiveops/fairwinds/pkg/webhook"
conf "github.com/reactiveops/polaris/pkg/config"
"github.com/reactiveops/polaris/pkg/dashboard"
"github.com/reactiveops/polaris/pkg/kube"
"github.com/reactiveops/polaris/pkg/validator"
fwebhook "github.com/reactiveops/polaris/pkg/webhook"
"github.com/sirupsen/logrus"
"gopkg.in/yaml.v2"
appsv1 "k8s.io/api/apps/v1"
@@ -42,7 +42,7 @@ import (
)
func main() {
dashboard := flag.Bool("dashboard", false, "Runs the webserver for Fairwinds dashboard.")
dashboard := flag.Bool("dashboard", false, "Runs the webserver for Polaris dashboard.")
webhook := flag.Bool("webhook", false, "Runs the webhook webserver.")
audit := flag.Bool("audit", false, "Runs a one-time audit.")
auditPath := flag.String("audit-path", "", "If specified, audits one or more YAML files instead of a cluster")
@@ -50,7 +50,7 @@ func main() {
webhookPort := flag.Int("webhook-port", 9876, "Port for the webhook webserver")
auditOutputURL := flag.String("output-url", "", "Destination URL to send audit results")
auditOutputFile := flag.String("output-file", "", "Destination file for audit results")
configPath := flag.String("config", "config.yaml", "Location of Fairwinds configuration file")
configPath := flag.String("config", "config.yaml", "Location of Polaris configuration file")
logLevel := flag.String("log-level", logrus.InfoLevel.String(), "Logrus log level")
disableWebhookConfigInstaller := flag.Bool("disable-webhook-config-installer", false,
"disable the installer in the webhook server, so it won't install webhook configuration resources during bootstrapping")
@@ -119,7 +119,7 @@ func startDashboardServer(c conf.Configuration, k *kube.ResourceProvider, port i
http.Handle("/static/", http.StripPrefix("/static/", fileServer))
http.Handle("/", router)
logrus.Infof("Starting Fairwinds dashboard server on port %d", port)
logrus.Infof("Starting Polaris dashboard server on port %d", port)
logrus.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), nil))
}
@@ -131,39 +131,39 @@ func startWebhookServer(c conf.Configuration, disableWebhookConfigInstaller bool
os.Exit(1)
}
fairwindsResourceName := "fairwinds"
fairwindsNamespaceBytes, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
polarisResourceName := "polaris"
polarisNamespaceBytes, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
if err != nil {
// Not exiting here as we have fallback options
logrus.Debugf("Error reading namespace information: %v", err)
}
fairwindsNamespace := string(fairwindsNamespaceBytes)
if fairwindsNamespace == "" {
fairwindsNamespace = fairwindsResourceName
logrus.Debugf("Could not determine current namespace, creating resources in %s namespace", fairwindsNamespace)
polarisNamespace := string(polarisNamespaceBytes)
if polarisNamespace == "" {
polarisNamespace = polarisResourceName
logrus.Debugf("Could not determine current namespace, creating resources in %s namespace", polarisNamespace)
}
logrus.Info("Setting up webhook server")
as, err := webhook.NewServer(fairwindsResourceName, mgr, webhook.ServerOptions{
as, err := webhook.NewServer(polarisResourceName, mgr, webhook.ServerOptions{
Port: int32(port),
CertDir: "/tmp/cert",
DisableWebhookConfigInstaller: &disableWebhookConfigInstaller,
BootstrapOptions: &webhook.BootstrapOptions{
ValidatingWebhookConfigName: fairwindsResourceName,
ValidatingWebhookConfigName: polarisResourceName,
Secret: &apitypes.NamespacedName{
Namespace: fairwindsNamespace,
Name: fairwindsResourceName,
Namespace: polarisNamespace,
Name: polarisResourceName,
},
Service: &webhook.Service{
Namespace: fairwindsNamespace,
Name: fairwindsResourceName,
Namespace: polarisNamespace,
Name: polarisResourceName,
// Selectors should select the pods that runs this webhook server.
Selectors: map[string]string{
"app": fairwindsResourceName,
"app": polarisResourceName,
},
},
},
@@ -174,7 +174,7 @@ func startWebhookServer(c conf.Configuration, disableWebhookConfigInstaller bool
os.Exit(1)
}
logrus.Infof("Fairwinds webhook server listening on port %d", port)
logrus.Infof("Polaris webhook server listening on port %d", port)
d := fwebhook.NewWebhook("deploy", mgr, fwebhook.Validator{Config: c}, &appsv1.Deployment{})
logrus.Debug("Registering webhooks to the webhook server")

6
pkg/dashboard/assets/js/charts.js
View File

@@ -5,9 +5,9 @@ $(function () {
labels: ["Passing", "Warning", "Error"],
datasets: [{
data: [
fairwindsAuditData.ClusterSummary.Results.Totals.Successes,
fairwindsAuditData.ClusterSummary.Results.Totals.Warnings,
fairwindsAuditData.ClusterSummary.Results.Totals.Errors,
polarisAuditData.ClusterSummary.Results.Totals.Successes,
polarisAuditData.ClusterSummary.Results.Totals.Warnings,
polarisAuditData.ClusterSummary.Results.Totals.Errors,
],
backgroundColor: ['#8BD2DC', '#f26c21', '#a11f4c'],
}]

6
pkg/dashboard/dashboard.go
View File

@@ -21,9 +21,9 @@ import (
"net/http"
packr "github.com/gobuffalo/packr/v2"
conf "github.com/reactiveops/fairwinds/pkg/config"
"github.com/reactiveops/fairwinds/pkg/kube"
"github.com/reactiveops/fairwinds/pkg/validator"
conf "github.com/reactiveops/polaris/pkg/config"
"github.com/reactiveops/polaris/pkg/kube"
"github.com/reactiveops/polaris/pkg/validator"
"github.com/sirupsen/logrus"
"gitlab.com/golang-commonmark/markdown"
)

2
pkg/dashboard/helpers.go
View File

@@ -15,7 +15,7 @@
package dashboard
import (
"github.com/reactiveops/fairwinds/pkg/validator"
"github.com/reactiveops/polaris/pkg/validator"
"strings"
)

2
pkg/dashboard/templates/footer.gohtml
View File

@@ -1,5 +1,5 @@
{{define "footer"}}
<div class="footer">
<a href="https://reactiveops.com?source=fairwinds" target="_blank">&copy;2019 ReactiveOps Inc.</a>
<a href="https://reactiveops.com?source=polaris" target="_blank">&copy;2019 ReactiveOps Inc.</a>
</div>
{{end}}

2
pkg/dashboard/templates/head.gohtml
View File

@@ -1,7 +1,7 @@
{{ define "head" }}
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<title>Fairwinds</title>
<title>ReactiveOps Polaris</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">

2
pkg/dashboard/templates/main.gohtml
View File

@@ -7,7 +7,7 @@
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.2/Chart.min.js"></script>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/cash/3.0.0-beta.3/cash.min.js"></script>
<script>
window.fairwindsAuditData = {{ .JSON }};
window.polarisAuditData = {{ .JSON }};
</script>
<script type="text/javascript" src="/static/js/main.js"></script>
</head>

2
pkg/dashboard/templates/navbar.gohtml
View File

@@ -5,7 +5,7 @@
<img class="logo" src="/static/images/polaris-logo.png" alt="Polaris" />
</a>
<div class="navbar-right">
<a href="https://reactiveops.com?source=fairwinds" target="_blank">
<a href="https://reactiveops.com?source=polaris" target="_blank">
<span class="oss-text">Open Source Project By</span>
<img class="ro-logo" src="/static/images/ro-logo.png" alt="ReactiveOps" />
</a>

4
pkg/kube/resources_test.go
View File

@@ -38,6 +38,6 @@ func TestGetMultipleResourceFromSingleFile(t *testing.T) {
assert.Equal(t, "dashboard", resources.Deployments[0].Spec.Template.Spec.Containers[0].Name)
assert.Equal(t, 2, len(resources.Namespaces), "Should have a namespace")
assert.Equal(t, "fairwinds", resources.Namespaces[0].ObjectMeta.Name)
assert.Equal(t, "fairwinds-2", resources.Namespaces[1].ObjectMeta.Name)
assert.Equal(t, "polaris", resources.Namespaces[0].ObjectMeta.Name)
assert.Equal(t, "polaris-2", resources.Namespaces[1].ObjectMeta.Name)
}

30
pkg/kube/test_files/test_2/multi.yaml
View File

@@ -1,53 +1,53 @@
---
# Source: fairwinds/templates/namespace.yaml
# Source: polaris/templates/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: fairwinds
name: polaris
---
# Source: fairwinds/templates/dashboard.deployment.yaml
# Source: polaris/templates/dashboard.deployment.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
annotations:
checksum/config: '5702aca235561630172c22b6b900f5cebd4e82fae60389df18a3537ff82e2f09'
name: fairwinds-dashboard
namespace: fairwinds
name: polaris-dashboard
namespace: polaris
labels:
app: fairwinds
app: polaris
component: dashboard
spec:
replicas: 1
selector:
matchLabels:
app: fairwinds
app: polaris
component: dashboard
template:
metadata:
labels:
app: fairwinds
app: polaris
component: dashboard
spec:
containers:
- command:
- fairwinds
- polaris
- --dashboard
image: 'quay.io/reactiveops/fairwinds:master'
image: 'quay.io/reactiveops/polaris:master'
imagePullPolicy: 'Always'
name: dashboard
---
# Source: fairwinds/templates/secret.yaml
# Source: polaris/templates/secret.yaml
---
# Source: fairwinds/templates/webhook.deployment.yaml
# Source: polaris/templates/webhook.deployment.yaml
---
# Source: fairwinds/templates/webhook.service.yaml
# Source: polaris/templates/webhook.service.yaml
---
# Source: fairwinds/templates/namespace.yaml
# Source: polaris/templates/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: fairwinds-2
name: polaris-2
---

6
pkg/validator/container.go
View File

@@ -18,8 +18,8 @@ import (
"fmt"
"strings"
conf "github.com/reactiveops/fairwinds/pkg/config"
"github.com/reactiveops/fairwinds/pkg/validator/messages"
conf "github.com/reactiveops/polaris/pkg/config"
"github.com/reactiveops/polaris/pkg/validator/messages"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
)
@@ -30,7 +30,7 @@ type ContainerValidation struct {
Container *corev1.Container
}
// ValidateContainer validates that each pod conforms to the Fairwinds config, returns a ResourceResult.
// ValidateContainer validates that each pod conforms to the Polaris config, returns a ResourceResult.
func ValidateContainer(cnConf *conf.Configuration, container *corev1.Container) ContainerResult {
cv := ContainerValidation{
Container: container,

2
pkg/validator/container_test.go
View File

@@ -17,7 +17,7 @@ package validator
import (
"testing"
conf "github.com/reactiveops/fairwinds/pkg/config"
conf "github.com/reactiveops/polaris/pkg/config"
"github.com/stretchr/testify/assert"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"

6
pkg/validator/deployment.go
View File

@@ -15,8 +15,8 @@
package validator
import (
conf "github.com/reactiveops/fairwinds/pkg/config"
"github.com/reactiveops/fairwinds/pkg/kube"
conf "github.com/reactiveops/polaris/pkg/config"
"github.com/reactiveops/polaris/pkg/kube"
appsv1 "k8s.io/api/apps/v1"
)
@@ -31,7 +31,7 @@ func ValidateDeployment(conf conf.Configuration, deploy *appsv1.Deployment) Cont
}
}
// ValidateDeployments validates that each deployment conforms to the Fairwinds config,
// ValidateDeployments validates that each deployment conforms to the Polaris config,
// returns a list of ResourceResults organized by namespace.
func ValidateDeployments(config conf.Configuration, kubeResources *kube.ResourceProvider) (NamespacedResults, error) {
nsResults := NamespacedResults{}

22
pkg/validator/fullaudit.go
View File

@@ -1,16 +1,16 @@
package validator
import (
conf "github.com/reactiveops/fairwinds/pkg/config"
"github.com/reactiveops/fairwinds/pkg/kube"
conf "github.com/reactiveops/polaris/pkg/config"
"github.com/reactiveops/polaris/pkg/kube"
)
const (
// FairwindsOutputVersion is the version of the current output structure
FairwindsOutputVersion = "0.0"
// PolarisOutputVersion is the version of the current output structure
PolarisOutputVersion = "0.0"
)
// ClusterSummary contains Fairwinds results as well as some high-level stats
// ClusterSummary contains Polaris results as well as some high-level stats
type ClusterSummary struct {
Results ResultSummary
Version string
@@ -20,14 +20,14 @@ type ClusterSummary struct {
Deployments int
}
// AuditData contains all the data from a full Fairwinds audit
// AuditData contains all the data from a full Polaris audit
type AuditData struct {
FairwindsOutputVersion string
ClusterSummary ClusterSummary
NamespacedResults NamespacedResults
PolarisOutputVersion string
ClusterSummary ClusterSummary
NamespacedResults NamespacedResults
}
// RunAudit runs a full Fairwinds audit and returns an AuditData object
// RunAudit runs a full Polaris audit and returns an AuditData object
func RunAudit(config conf.Configuration, kubeResources *kube.ResourceProvider) (AuditData, error) {
// TODO: Validate StatefulSets, DaemonSets, Cron jobs
// in addition to deployments
@@ -50,7 +50,7 @@ func RunAudit(config conf.Configuration, kubeResources *kube.ResourceProvider) (
}
auditData := AuditData{
FairwindsOutputVersion: FairwindsOutputVersion,
PolarisOutputVersion: PolarisOutputVersion,
ClusterSummary: ClusterSummary{
Version: kubeResources.ServerVersion,
Nodes: len(kubeResources.Nodes),

6
pkg/validator/fullaudit_test.go
View File

@@ -3,9 +3,9 @@ package validator
import (
"testing"
conf "github.com/reactiveops/fairwinds/pkg/config"
"github.com/reactiveops/fairwinds/pkg/kube"
"github.com/reactiveops/fairwinds/test"
conf "github.com/reactiveops/polaris/pkg/config"
"github.com/reactiveops/polaris/pkg/kube"
"github.com/reactiveops/polaris/test"
"github.com/stretchr/testify/assert"
)

6
pkg/validator/pod.go
View File

@@ -15,8 +15,8 @@
package validator
import (
conf "github.com/reactiveops/fairwinds/pkg/config"
"github.com/reactiveops/fairwinds/pkg/validator/messages"
conf "github.com/reactiveops/polaris/pkg/config"
"github.com/reactiveops/polaris/pkg/validator/messages"
corev1 "k8s.io/api/core/v1"
)
@@ -26,7 +26,7 @@ type PodValidation struct {
Pod *corev1.PodSpec
}
// ValidatePod validates that each pod conforms to the Fairwinds config, returns a ResourceResult.
// ValidatePod validates that each pod conforms to the Polaris config, returns a ResourceResult.
func ValidatePod(podConf conf.Configuration, pod *corev1.PodSpec) PodResult {
pv := PodValidation{
Pod: pod,

4
pkg/validator/pod_test.go
View File

@@ -17,8 +17,8 @@ package validator
import (
"testing"
conf "github.com/reactiveops/fairwinds/pkg/config"
"github.com/reactiveops/fairwinds/test"
conf "github.com/reactiveops/polaris/pkg/config"
"github.com/reactiveops/polaris/test"
"github.com/stretchr/testify/assert"
)

2
pkg/validator/resource.go
View File

@@ -15,7 +15,7 @@
package validator
import (
conf "github.com/reactiveops/fairwinds/pkg/config"
conf "github.com/reactiveops/polaris/pkg/config"
"github.com/sirupsen/logrus"
)

6
pkg/webhook/validator.go
View File

@@ -20,8 +20,8 @@ import (
"net/http"
"os"
conf "github.com/reactiveops/fairwinds/pkg/config"
validator "github.com/reactiveops/fairwinds/pkg/validator"
conf "github.com/reactiveops/polaris/pkg/config"
validator "github.com/reactiveops/polaris/pkg/validator"
"github.com/sirupsen/logrus"
admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
appsv1 "k8s.io/api/apps/v1"
@@ -118,7 +118,7 @@ func (v *Validator) Handle(ctx context.Context, req types.Request) types.Respons
}
func getFailureReason(podResult validator.PodResult) string {
reason := "\nFairwinds prevented this deployment due to configuration problems:\n"
reason := "\nPolaris prevented this deployment due to configuration problems:\n"
for _, message := range podResult.Messages {
if message.Type == validator.MessageTypeError {