--- # Source: polaris/templates/0-namespace.yaml apiVersion: v1 kind: Namespace metadata: name: polaris --- # Source: polaris/templates/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: polaris namespace: polaris labels: app: polaris data: config.yaml: | resources: cpuRequestsMissing: warning cpuLimitsMissing: warning memoryRequestsMissing: warning memoryLimitsMissing: warning images: tagNotSpecified: error healthChecks: readinessProbeMissing: warning livenessProbeMissing: warning networking: hostNetworkSet: warning hostPortSet: warning security: hostIPCSet: error hostPIDSet: error notReadOnlyRootFileSystem: warning privilegeEscalationAllowed: error runAsRootAllowed: warning runAsPrivileged: error capabilities: error: ifAnyAdded: - SYS_ADMIN - NET_ADMIN - ALL warning: ifAnyAddedBeyond: - CHOWN - DAC_OVERRIDE - FSETID - FOWNER - MKNOD - NET_RAW - SETGID - SETUID - SETFCAP - SETPCAP - NET_BIND_SERVICE - SYS_CHROOT - KILL - AUDIT_WRITE controllers_to_scan: - Deployments - StatefulSets - DaemonSets - Jobs - CronJobs - ReplicationControllers --- # Source: polaris/templates/dashboard.rbac.yaml apiVersion: v1 kind: ServiceAccount metadata: name: polaris-dashboard namespace: polaris labels: app: polaris --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: name: polaris-dashboard labels: app: polaris rules: - apiGroups: - 'apps' - 'extensions' resources: - 'deployments' - 'statefulsets' - 'daemonsets' verbs: - 'get' - 'list' - apiGroups: - 'batch' resources: - 'jobs' - 'cronjobs' verbs: - 'get' - 'list' - apiGroups: - '' resources: - 'nodes' - 'namespaces' - 'pods' - 'replicationcontrollers' verbs: - 'get' - 'list' --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: polaris-dashboard labels: app: polaris roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: polaris-dashboard subjects: - kind: ServiceAccount name: polaris-dashboard namespace: polaris --- # Source: polaris/templates/dashboard.service.yaml apiVersion: v1 kind: Service metadata: name: polaris-dashboard namespace: polaris labels: app: polaris annotations: spec: ports: - name: dashboard port: 80 protocol: TCP targetPort: 8080 selector: app: polaris component: dashboard type: ClusterIP --- # Source: polaris/templates/dashboard.deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: polaris-dashboard namespace: polaris labels: app: polaris component: dashboard spec: replicas: 1 selector: matchLabels: app: polaris component: dashboard template: metadata: annotations: checksum/config: '8aa5a565fba7a2db98d46752087de8c1dcc83b70cd762c5829d5ba01270d54a2' labels: app: polaris component: dashboard spec: volumes: - name: config configMap: name: polaris containers: - command: - polaris - --dashboard - --config - /opt/app/config.yaml image: 'quay.io/reactiveops/polaris:0.5' imagePullPolicy: 'Always' name: dashboard ports: - containerPort: 8080 livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 5 periodSeconds: 20 readinessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 5 periodSeconds: 20 resources: limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi securityContext: allowPrivilegeEscalation: false privileged: false readOnlyRootFilesystem: true runAsNonRoot: true capabilities: drop: - ALL volumeMounts: - name: config mountPath: /opt/app/config.yaml subPath: config.yaml readOnly: true serviceAccountName: polaris-dashboard nodeSelector: tolerations: --- # Source: polaris/templates/audit.job.yaml --- # Source: polaris/templates/audit.rbac.yaml --- # Source: polaris/templates/ingress.yaml --- # Source: polaris/templates/webhook.deployment.yaml --- # Source: polaris/templates/webhook.rbac.yaml --- # Source: polaris/templates/webhook.secret.yaml --- # Source: polaris/templates/webhook.service.yaml