polaris

mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-12 20:27:18 +00:00

Author	SHA1	Message	Date
baderbuddy	7c9f01639b	Update dependencies (#400 ) * Start working on updating dependencies: * Fix webhook * Rollback jsonschema update * Checkin new config * Fix run as root * Update versions of kind * Fix typo in kind URL * Fix kind config * Add csr permissions * Fix weird image thing * Fixed certificates * Add to logging * Approve cert manually * Fix approval * Add cert script * Fix deployment * Add requests/limits * Wait if certificate doesn't exist yet * Add check for file size * Add variable * Try a different imagE * Fix command * Update certificate logic * Add healthz * Don't check cert size * Remove stat * Fix vet * Put in change that makes no sense * Fix cert names * Roll back * Try changing config * Add logging for each request * Cleanup code some * Remove bad deployments * Fix client injection * Update timeout * Add logging * Fixed e2e webhook tests * Add permissions for approval * Fix permissions for CSR * Remove logging code * Remove refresh certs file * Fix merge issues * Update deployments * Try beta of admission controller config * Target 1.15 for testing * Add beta versions of resourceS * Lower webhook timeout * Refactor out a method * Fix up PR issues * Fix more tabs * Remove unnecessary messageS * Fix go.sum * Fix go.sum	2020-09-11 08:53:14 -04:00
Robert Brennan	6792fba91f	Delete controllers package (#270 ) * rename root fs check * speed up docker build * refactor webhook to be more generic * delete controllers pkg * revert deploy * fix example config * remove controllersToScan config * fix lint error * fix webhook name * FileSystem -> Filesystem * update deps * skip node owners * clean up meta tracking Co-authored-by: Robert Brennan <bobby.brennan@gmail.com>	2020-04-27 10:43:02 -04:00
Bader Boland	68fe23018a	Feedback from PR	2020-03-23 09:27:36 -04:00
Robert Brennan	dfa34e1880	explicitly handle schema validation errors	2020-01-14 14:50:35 +00:00
Robert Brennan	7637108234	refactor ValidateContainers	2020-01-14 14:50:34 +00:00
Robert Brennan	51cd3523fc	messages -> results	2020-01-14 14:50:34 +00:00
Robert Brennan	49c540e993	type -> kind	2020-01-14 14:50:34 +00:00
Robert Brennan	2770be643f	Refactor validation	2020-01-14 14:50:34 +00:00
Robert Brennan	5efa416ea9	implement custom checks, implement resource ranges as custom check	2020-01-02 17:55:21 +00:00
Robert Brennan	7b0fe81d01	implement capabilities checks in JSON schema	2020-01-02 17:55:21 +00:00
Robert Brennan	f7dccc079b	move more security checks to jsonschema	2019-12-23 20:32:38 +00:00
Robert Brennan	ad3a8e6748	move runAsRootAllowed over to jsonschema	2019-12-23 20:32:38 +00:00
Robert Brennan	3fa627a2cd	move networking checks over to json schema	2019-12-23 20:32:38 +00:00
Robert Brennan	30b49c4d7b	implement image checks using json schema	2019-12-23 20:32:38 +00:00
Robert Brennan	f2c5752718	migrate health checks to schemas	2019-12-23 20:32:38 +00:00
Robert Brennan	98b47e0aeb	Fix resource success messages (#223 ) * add success messages when resources are set * add tests	2019-11-13 14:07:32 -05:00
Robert Brennan	4eeabb2c7f	pass RunAsNonRoot if RunAsUser > 0 (#219 )	2019-11-11 13:21:32 -05:00
Robert Brennan	22ab851681	skip health checks for jobs, cronjobs, and initContainers (#216 )	2019-11-06 13:31:17 -05:00
Robert Brennan	2b15f11d57	Add exemptions to config (#204 ) * first pass at adding exemptions * Update config.yaml * make config_test more reliable * add flag to disallow exemptions in dashboard * add disallow-exemptions flag to CLI * add comments * fix exemptions flag * fix alert on dashboard * minor style changes	2019-10-23 17:14:03 -04:00
Robert Brennan	434b1f604f	Create capabilitiesAdded and capabilitiesDropped IDs (#207 ) * ensure check IDs are unique * create capabilitiesAdded and capabilitiesDropped check IDs	2019-10-02 08:51:47 -04:00
Robert Brennan	c91a85a08a	add IDs to each check (#197 )	2019-09-11 14:07:08 -04:00
Bobby Brennan	20bd32afb6	Rename ReactiveOps to Fairwinds (#180 ) * Rename ReactiveOps to Fairwinds * Rename ReactiveOps to Fairwinds	2019-07-30 15:29:09 -04:00
Nick Huanca	4c7429efbc	#146 Fixing Container Security Context Logic (#149 ) * Fixing Container Security Context Logic Kubernetes rationalizes Container Security Context in conjunction with the Pod Spec Security Context. In this scenario you can 'leave out' certain security context settings and rely on the pod spec definition to still set these settings for you. The RunAsNonRoot setting originally only checked to see if the value was set at the container level, vs also checking if it was enabled at the pod level. I have attached the container's parent pod spec to the container validate struct in case any other things like this arise in the future. I have also refactored the logic for validating bool pointers, since these can be tricky, if you want to avoid dereferences pointer issues. Changes: - Added parent pod spec of container to validate certain settings which affect container spec - Refactored the logic statements for validating bool pointers (used helpers) - Added tests for this pod.container.securityContext condition	2019-06-18 11:04:38 -06:00
Rob Scott	9a03f87c0b	adding exception for init container resource checks	2019-05-23 16:50:37 +02:00
Rob Scott	f5c7087d6d	ensuring that readiness probes in init containers are not validated to fix #112	2019-05-20 21:35:44 +02:00
Rob Scott	02d4444196	updating error message for resource presence checks, updating deployment config to pass with 100%	2019-05-13 22:33:35 -04:00
Bobby Brennan	9bcb832bbd	rename all the things	2019-05-09 15:59:23 +00:00
Rob Scott	40e1c1f827	adding image pull policy validation	2019-05-01 16:00:59 -04:00
Bobby Brennan	55363fd7a8	Add categories to dashboard add version, cluster stats to output add comment update UI changes to summary aggregation add category summaries to dash	2019-04-23 15:07:50 +00:00
Rob Scott	674696c7e1	restructuring config to match up with docs	2019-04-22 12:58:25 -04:00
Bobby Brennan	3ce7e12082	Add version, cluster stats to output and UI (#61 ) * add version, cluster stats to output * add comment * fix tests * add categories to messages * fix tests * update UI * remove empty category totals field * k8smeta -> metav1	2019-04-22 12:01:18 -04:00
Bobby Brennan	8326a49b5a	change message variable names	2019-04-12 15:13:46 +00:00
Bobby Brennan	bcff5f10bc	pull out messages into separate file, some rephrasing phrasing fix tests	2019-04-12 14:56:25 +00:00
Rob Scott	9cfd2b6417	security validation fixes and more thorough tests	2019-04-05 15:10:11 -04:00
Rob Scott	3ea06b81ee	security validations fully working	2019-04-05 15:10:11 -04:00
Rob Scott	82164105d7	initial work on security validations	2019-04-05 15:10:00 -04:00
Rob Scott	f5cde2db38	a lot of cleanup and restructuring	2019-03-27 22:57:01 -04:00
Rob Scott	f04883539a	updating resource config syntax	2019-03-27 22:55:31 -04:00
Rob Scott	6d49d0e19c	updating logic to work with new config syntax	2019-03-27 22:55:31 -04:00
jessicagreben	97844d552b	fix network mssg wording	2019-02-13 14:51:12 -08:00
jessicagreben	7195793ff5	add network test	2019-02-13 14:33:47 -08:00
jessicagreben	16409c097d	add pod host networking validations	2019-02-13 10:58:30 -08:00
jessicagreben	5f7130d1e0	add host port validation	2019-02-13 09:04:13 -08:00
jessicagreben	9286d2b960	validateCtr should return a resource result, just like vPod and vDeploy	2019-02-13 08:58:26 -08:00
jessicagreben	bfcda872a9	merge master	2019-02-07 08:57:24 -08:00
Rob Scott	535735fbde	fixes for linting, updating CI to fail when linting does	2019-02-07 11:28:30 -05:00
jessicagreben	93871e2bc4	add cv.messages func to sort failures/successes	2019-02-06 14:53:26 -08:00
jessicagreben	cb43c57d8d	data refactor init chagnes	2019-02-06 13:56:06 -08:00
Rob Scott	5625f571f5	updating tests, slight tweak to validation message	2019-02-06 12:27:32 -05:00
Rob Scott	c94dc4dbf1	lots of cleanup, simplifying results, including container names in output	2019-02-06 12:10:23 -05:00

1 2

66 Commits