github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-14 13:16:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
826 Commits 28 Branches 117 Tags
patch-release
Commit Graph

826 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Brennan
d0dc7f4b0e simplify GetSupportedControllerFromString 2019-12-23 20:32:38 +00:00
Robert Brennan
3304285b4e move rest of pod checks over to schema 2019-12-23 20:32:38 +00:00
Robert Brennan
d80d326f7c swap out host_network for a schema-based check 2019-12-23 20:32:38 +00:00
Robert Brennan
df48615a26 Merge branch 'master' into rb/custom-checks 2019-12-23 15:31:40 -05:00
Robert Brennan
59785196d4 circleci: set env for go mod (#233) 
* circleci: set env for go mod

* fix dockerfile to support go mod

* update go mod

* update go in docker
 2019-12-23 15:31:24 -05:00
Robert Brennan
02252c690d move more security checks to jsonschema 2019-12-23 19:26:43 +00:00
Robert Brennan
25be9e41dd fix up exclusions 2019-12-23 19:03:37 +00:00
Robert Brennan
ddf815d636 move runAsRootAllowed over to jsonschema 2019-12-23 18:59:26 +00:00
Robert Brennan
95c04b1e9d move networking checks over to json schema 2019-12-23 17:04:44 +00:00
Robert Brennan
0f2e5e0def implement image checks using json schema 2019-12-23 16:19:57 +00:00
Robert Brennan
8b20fd9dcf migrate health checks to schemas 2019-12-20 21:37:58 +00:00
Robert Brennan
d4e3258d53 simplify GetSupportedControllerFromString 2019-12-20 20:14:49 +00:00
Robert Brennan
b4e3f78b72 move rest of pod checks over to schema 2019-12-20 17:33:52 +00:00
Robert Brennan
20257cd917 swap out host_network for a schema-based check 2019-12-19 21:25:01 +00:00
Robert Brennan
317dfcefd2 update go.sum 2019-12-19 17:58:42 +00:00
Robert Brennan
42e8666356 add envrc 2019-12-19 17:53:23 +00:00
Robert Brennan
49a419548f move from gopkg to go mod 2019-12-19 17:53:12 +00:00
Robert Brennan
790607c6c0 remove vendor 2019-12-19 17:52:35 +00:00
Robert Brennan
91378c3d92 Bump version to 0.6 (#231) 
* bump version to 0.6.0

* update changelog
0.6.0 		2019-12-09 12:20:15 -05:00
Robert Brennan
207297c11d move to using fairwinds quay repo (#230) 2019-12-09 08:51:17 -05:00
Robert Brennan
0d86096f09 remove extensionsv1beta1 reference to support 1.16 (#229) 2019-12-06 11:03:38 -05:00
Robert Brennan
67ab987f7e Add support for annotation-based exemptions (#227) 
* add controllers_to_scan to example config-full

* add support for annotation-based exemptions

* fix lint errors

* add docs
 2019-12-06 08:29:30 -05:00
Robert Brennan
97457d71c0 Full support for validating webhook, now that tests are in place (#226) 2019-12-04 14:12:13 -05:00
Andrew Suderman
1159a380ba Adding an exception for flannel being privileged to example config (#225) 2019-11-22 12:02:35 -07:00
Robert Brennan
ca6aa76729 Add default exemptions (#220) 
* Update config.yaml

* Update config.yaml

* add a couple more exemptions
 2019-11-15 14:45:58 -05:00
Robert Brennan
7ce71f1632 bump to version 0.5.2 (#224) 0.5.2 2019-11-13 15:27:24 -05:00
Robert Brennan
98b47e0aeb Fix resource success messages (#223) 
* add success messages when resources are set

* add tests
 2019-11-13 14:07:32 -05:00
Robert Brennan
159c165468 bump version (#221) 0.5.1 2019-11-12 11:40:54 -05:00
Robert Brennan
4eeabb2c7f pass RunAsNonRoot if RunAsUser > 0 (#219) 2019-11-11 13:21:32 -05:00
Barnabas Makonda
7e35b03452 Merge pull request #218 from FairwindsOps/kind-exceptions 
Checks exemption for kubehunter, polaris and goldilocks
 2019-11-08 23:35:42 +02:00
MAKOSCAFEE
c8e4f766a2 revert version upgrade for dashboard and webhook 2019-11-07 23:03:29 +02:00
MAKOSCAFEE
0ee39a4470 revert version upgrade 2019-11-07 23:01:47 +02:00
MAKOSCAFEE
fc7c913122 update exemption rules and check controller name prefix 2019-11-07 19:16:06 +02:00
MAKOSCAFEE
3e15586597 add kind exception configurations 2019-11-07 15:37:13 +02:00
Robert Brennan
3d07ce8004 update to 0.5.0 (#205) 
* update to 0.5.0

* update changelog

* incorporate changes to polaris chart
0.5.0 		2019-11-06 13:57:18 -05:00
Robert Brennan
22ab851681 skip health checks for jobs, cronjobs, and initContainers (#216) 2019-11-06 13:31:17 -05:00
Robert Brennan
152c876067 Update CODEOWNERS 
Co-Authored-By: Andrew Suderman <andrew@sudermanjr.com>
 2019-11-05 09:42:23 -07:00
Robert Brennan
c10b2e0e55 Update CODEOWNERS 2019-11-05 09:42:23 -07:00
Robert Brennan
2b15f11d57 Add exemptions to config (#204) 
* first pass at adding exemptions

* Update config.yaml

* make config_test more reliable

* add flag to disallow exemptions in dashboard

* add disallow-exemptions flag to CLI

* add comments

* fix exemptions flag

* fix alert on dashboard

* minor style changes
 2019-10-23 17:14:03 -04:00
Robert Brennan
b172f61c5f Remove Kim as codeowner (#214) 2019-10-16 08:39:45 -04:00
Adam Shannon
150b812371 pkg/dashboard: setup basePath as a path prefix in routing (#201) 2019-10-02 12:17:59 -04:00
Robert Brennan
434b1f604f Create capabilitiesAdded and capabilitiesDropped IDs (#207) 
* ensure check IDs are unique

* create capabilitiesAdded and capabilitiesDropped check IDs
 2019-10-02 08:51:47 -04:00
Robert Brennan
6e3ab067d7 skip kubernetes tests for forked PRs (#202) 2019-09-18 10:12:36 -04:00
Robert Brennan
2e44d151fe fix empty dashboard when load-audit-file not specified (#203) 2019-09-18 09:39:43 -04:00
Robert Brennan
c91a85a08a add IDs to each check (#197) 2019-09-11 14:07:08 -04:00
Robert Brennan
f8bb171209 audit deploy configs in CI/CD (#198) 2019-09-09 13:10:19 -04:00
Bobby Brennan
f860c34d62 upgrade alpine and golang images (#193) 2019-08-22 16:08:13 -04:00
Will Ledingham
b8422a93b7 Wl/stored audits (#188) 
* added ability to run dashboard from a stored audit result file.

* added ability to run dashboard from a stored audit result file.

* more changes

* debugging

* de

* all working as anticipated locally

* .

* updated way of decoding YAML/JSON files.

* remmoved unneded code

* renamed fn names, moved logic around and cleaned up main.go

* deleted output files from weird places.

* deleted test file
 2019-08-14 17:20:19 -04:00
Bobby Brennan
15b14555a6 sleep to ensure dashboard/webhook are ready (#189) 2019-08-14 09:17:42 -04:00
Will Ledingham
467ab945cd Wl/webhook test (#182) 
* Added testing for webhook using KIND

* fixed branching error

* added tests to CircleCI

* added tests to CircleCI

* attempt to stop failing circleci test

* moved location of testing for webhook in CircleCI

* debugging

* more debugging

* .

* .

* added download of webhook to test

* ..

* ...

* corrected sleep comand

* .

* .

* code working now, clean up

* testing smaller sleep times

* increased sleep time

* responded to comments on github

* .

* debug

* more edits

* debugging second test failing.

* debugging

* tests doing opposite of what they should be debugging.

* debugging

* .

* .

* fixing error in installation of webhook.

* .

* timeout increase

* trying to install webhook

* .

* .

* webhook still not i installing properly

* ..

* ..

* add log message

* ..

* changed order of test_k8s, removed set -e

* ..

* namespace polaris

* .

* .......

* intial testing for new strategy.

* intial testing for new strategy.

* .

* ...

* final edits, working now

* fixed files, cleaned up logs, added more detail to webhook starting documentation.

* ?

* added test files for other controller types, adding testing for them in webhook_test.sh

* increased sleep time

* testing

* finally added tests for jobs

* changed while loop condition to include webhook.

* .

* lskdfsjkl

* sd

* lskfjlskj

* .

* final

* added timeout test for dashboard to try to aleviate error

* .

* .

* install the dashboard

* ...

* initial test for new kube_dashboard_test

* initial test for new kube_dashboard_test

* ?

* deleting unused code

* final change for dashboard test

* final
 2019-08-09 16:00:55 -04:00