github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-10 03:07:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
283 Commits 28 Branches 117 Tags
4c7429efbc0afc43cb63889a917c84617362fc21
Commit Graph

81 Commits

Author SHA1 Message Date
Nick Huanca
4c7429efbc #146 Fixing Container Security Context Logic (#149) 
* Fixing Container Security Context Logic

Kubernetes rationalizes Container Security Context in conjunction with the
Pod Spec Security Context. In this scenario you can 'leave out' certain
security context settings and rely on the pod spec definition to still
set these settings for you. The RunAsNonRoot setting originally only checked
to see if the value was set at the container level, vs also checking if it
was enabled at the pod level.

I have attached the container's parent pod spec to the container validate
struct in case any other things like this arise in the future.

I have also refactored the logic for validating bool pointers, since these
can be tricky, if you want to avoid dereferences pointer issues.

Changes:
- Added parent pod spec of container to validate certain settings which affect container spec
- Refactored the logic statements for validating bool pointers (used helpers)
- Added tests for this pod.container.securityContext condition
 2019-06-18 11:04:38 -06:00
Bobby Brennan
ebfb4ea9a1 Add support for stateful sets (#145) 2019-06-13 07:59:01 -06:00
Bobby Brennan
ca4b45451f re-bump output version 2019-06-10 14:43:15 +00:00
Bobby Brennan
1d6248180e add display-name flag 2019-06-10 14:39:24 +00:00
Bobby Brennan
7cfa13f285 Better support for CI/CD use case (#127) 
add score to output

add output-format option

update README with more use cases

change YAML marshal strategy

fix webhook install instructions
 2019-06-10 10:13:10 -04:00
Rob Scott
9a03f87c0b adding exception for init container resource checks 2019-05-23 16:50:37 +02:00
Rob Scott
f5c7087d6d ensuring that readiness probes in init containers are not validated to fix #112 2019-05-20 21:35:44 +02:00
Rob Scott
02d4444196 updating error message for resource presence checks, updating deployment config to pass with 100% 2019-05-13 22:33:35 -04:00
Bobby Brennan
9bcb832bbd rename all the things 2019-05-09 15:59:23 +00:00
Bobby Brennan
520d6572e4 Add ability to audit a directory of files (#70) 
* refactor kubernetes API usage

* add ability to audit directory

* refactor a bit

* fix return statement

* fix main.go

* add ability to audit multiple resources in a single file
 2019-05-07 12:42:57 -04:00
Bobby Brennan
244a1dedcd DeploymentResult -> ControllerResult 2019-05-02 19:18:29 +00:00
Bobby Brennan
1282359b04 create DeploymentResult type 2019-05-02 18:07:01 +00:00
Rob Scott
40e1c1f827 adding image pull policy validation 2019-05-01 16:00:59 -04:00
Rob Scott
0db0e2947f some additional cleanup 2019-04-29 10:58:30 -04:00
Rob Scott
4fe39e7b74 improved logging, better webhook output, webhook deploy fixes 2019-04-26 17:35:14 -04:00
Bobby Brennan
55363fd7a8 Add categories to dashboard 
add version, cluster stats to output

add comment

update UI

changes to summary aggregation

add category summaries to dash
 2019-04-23 15:07:50 +00:00
Rob Scott
674696c7e1 restructuring config to match up with docs 2019-04-22 12:58:25 -04:00
Bobby Brennan
3ce7e12082 Add version, cluster stats to output and UI (#61) 
* add version, cluster stats to output

* add comment

* fix tests

* add categories to messages

* fix tests

* update UI

* remove empty category totals field

* k8smeta -> metav1
 2019-04-22 12:01:18 -04:00
Bobby Brennan
8326a49b5a change message variable names 2019-04-12 15:13:46 +00:00
Bobby Brennan
bcff5f10bc pull out messages into separate file, some rephrasing 
phrasing

fix tests
 2019-04-12 14:56:25 +00:00
Rob Scott
0a33875962 cleaning up default config, fixing a small bug 2019-04-05 15:57:51 -04:00
Rob Scott
9cfd2b6417 security validation fixes and more thorough tests 2019-04-05 15:10:11 -04:00
Rob Scott
3ea06b81ee security validations fully working 2019-04-05 15:10:11 -04:00
Rob Scott
82164105d7 initial work on security validations 2019-04-05 15:10:00 -04:00
Bobby Brennan
e4dd53d1c0 Add audit mode to CLI 
Add option to send audit results to a remote host

add audit flag to print results to stdout

add comments

make comments more consistent

move audit test

fix fullaudit_test

add test instructions to README

update audit test

simplify stdout output

update comment

fix import

run audit by default
 2019-04-03 18:58:00 +00:00
Rob Scott
d607d48d28 adding MessageType for use in place of Severity in relevant places 2019-03-28 12:16:15 -04:00
Rob Scott
5d5f8c24b2 moving webhook logic into new webhook package, attempting to detect namespace fairwinds webhook is deployed in 2019-03-28 10:17:21 -04:00
Rob Scott
f5cde2db38 a lot of cleanup and restructuring 2019-03-27 22:57:01 -04:00
Rob Scott
f04883539a updating resource config syntax 2019-03-27 22:55:31 -04:00
Rob Scott
6d49d0e19c updating logic to work with new config syntax 2019-03-27 22:55:31 -04:00
Bobby Brennan
deacad7724 move UI code into pkg/dashboard 2019-03-15 13:25:19 +00:00
jessicagreben
97844d552b fix network mssg wording 2019-02-13 14:51:12 -08:00
jessicagreben
7195793ff5 add network test 2019-02-13 14:33:47 -08:00
jessicagreben
16409c097d add pod host networking validations 2019-02-13 10:58:30 -08:00
jessicagreben
5f7130d1e0 add host port validation 2019-02-13 09:04:13 -08:00
jessicagreben
9286d2b960 validateCtr should return a resource result, just like vPod and vDeploy 2019-02-13 08:58:26 -08:00
jessicagreben
e44fa9c712 add a test for dashboard, move stuff around to test easier, add fixtures 2019-02-08 12:50:37 -08:00
jessicagreben
b8a0d97ac4 fix lint errs 2019-02-07 09:08:38 -08:00
jessicagreben
bfcda872a9 merge master 2019-02-07 08:57:24 -08:00
Rob Scott
535735fbde fixes for linting, updating CI to fail when linting does 2019-02-07 11:28:30 -05:00
jessicagreben
93871e2bc4 add cv.messages func to sort failures/successes 2019-02-06 14:53:26 -08:00
jessicagreben
26b01299cc remove handlers since they arent in use 2019-02-06 14:20:06 -08:00
jessicagreben
cb43c57d8d data refactor init chagnes 2019-02-06 13:56:06 -08:00
Rob Scott
5625f571f5 updating tests, slight tweak to validation message 2019-02-06 12:27:32 -05:00
Rob Scott
c94dc4dbf1 lots of cleanup, simplifying results, including container names in output 2019-02-06 12:10:23 -05:00
jessicagreben
af82943bee move clienset init to where it is used 2019-02-01 14:41:32 -08:00
Rob Scott
9d3f78e420 including successes in dashboard output 2019-01-28 23:23:32 -05:00
Rob Scott
da1303dd74 Dashboard now rendering all data currently available to it 2019-01-28 21:04:20 -05:00
Rob Scott
d9067428e0 initial mostly broken work on integration 2019-01-28 18:45:48 -05:00
Rob Scott
bbb936c449 merging in remote changes 2019-01-28 16:16:52 -05:00