mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-05-14 13:16:54 +00:00
9ae4f774e9
* bump version\, add docs\, fix up dashboard * fix pretty output * Update config.yaml * fix extra kinds appearing
214 lines
6.3 KiB
Markdown
214 lines
6.3 KiB
Markdown
---
|
|
sidebarDepth: 0
|
|
meta:
|
|
- name: description
|
|
content: "Fairwinds Polaris | Changelog"
|
|
|
|
---
|
|
## 4.0.8
|
|
* Fix support for namespace checks
|
|
|
|
## 4.0.7
|
|
* Fix goreleaser format
|
|
|
|
## 4.0.6
|
|
* Change goreleaser format
|
|
* Fix `--helm-values` flag
|
|
|
|
## 4.0.5
|
|
* Bugfix for repeated objects on the dashboard
|
|
|
|
## 4.0.4
|
|
* Bugfix for validating webhook and non-pod checks
|
|
|
|
## 4.0.3
|
|
* Fixed bad interaction between `--set-exit-score-below` and `--only-show-failed-tests`
|
|
* Dependency updates
|
|
* Support for Helm chart scanning
|
|
|
|
## 4.0.2
|
|
* Goreleaser fix
|
|
|
|
## 4.0.1
|
|
* Goreleaser fix
|
|
|
|
## 4.0.0
|
|
* Add support for arbitrary resources, like Ingress or PodDisruptionBudget
|
|
* Add support check templating (see docs)
|
|
* Add support for multi-resource checks (see docs)
|
|
|
|
### Breaking Changes
|
|
* In custom checks, `jsonSchema` is now `schemaString`
|
|
* Check `pdbDisruptionsAllowedGreaterThanZero` is now called `pdbDisruptionsIsZero`
|
|
|
|
## 3.2.0
|
|
* Add `--format=pretty` option for CLI output
|
|
|
|
## 3.1.6
|
|
* Fix nil pointer issue with --only-output-failed-tests
|
|
|
|
## 3.1.5
|
|
* Fix UI display of Ingress checks
|
|
|
|
## 3.1.4
|
|
* Fixes for exemption annotations for the admission controller
|
|
|
|
## 3.1.3
|
|
* Fixes for `privilegeEscalationAllowed` and `insecureCapabilities` checks to take Kubernetes defaults into account
|
|
|
|
## 3.1.2
|
|
* Start checking deployment configuration using Fairwinds Insights
|
|
|
|
## 3.1.1
|
|
* Updated to alpine:3.13
|
|
|
|
## 3.1.0
|
|
* Added support for Ingress objects
|
|
* Fixes for exemptions, including support for exempting entire namespaces
|
|
|
|
## 3.0.0
|
|
* **Breaking** - fixed inconsistency in how controller-level checks are handled
|
|
Custom checks with `target: Controller` should remove `Object` from the top-level of the
|
|
JSON schema (see changes to `./checks/multipleReplicasForDeployment.yaml`)
|
|
|
|
## 2.0.1
|
|
* Fixed Polaris deployment process
|
|
|
|
## 2.0.0
|
|
* Standardize categories of checks into Security, Reliability, and Efficiency
|
|
* Changes to the dashboard UI
|
|
* Update controller-runtime
|
|
|
|
## 1.2.1
|
|
* Update date on dashboard footer
|
|
|
|
## 1.2.0
|
|
* Add ability to audit a single workload
|
|
* Enable `pullPolicyAlways` by default
|
|
* Fix for finding parent resources
|
|
|
|
## 1.1.1
|
|
* Show controller checks on dashboard
|
|
* Fix for orphaned pods w/ controller checks
|
|
|
|
## 1.1.0
|
|
* Add namespace filter in UI
|
|
* Add priorityClass check
|
|
* Support reading from STDIN
|
|
* Ensure severity is set for all custom checks
|
|
* Support audit files which use \r or \r\n as newline character
|
|
* Add option to exempt an entire controller from checks via config file
|
|
* Fixed case where parent resources trigger error
|
|
* Fixed UI zero-state
|
|
|
|
## 1.0.3
|
|
* Fixed case where parent resources trigger error
|
|
* Fixed dashboard link when `--base-path` is set
|
|
|
|
## 1.0.2
|
|
* Fixed case where custom CRDs are not covered by RBAC
|
|
|
|
## 1.0.1
|
|
* Added ARM binaries to releases
|
|
|
|
## 1.0.0
|
|
### New Features
|
|
* Added support for custom checks using JSON Schema
|
|
* Added support for arbitrary controllers, rather than a pre-configured set
|
|
* removed support for `controllers_to_scan` in config
|
|
* Added the ability to exempt a particular controller from a particular check.
|
|
* Docker image now includes the default config
|
|
|
|
### Breaking Changes
|
|
* Breaking changes in both input and output formats. See [Examples](https://github.com/FairwindsOps/polaris/tree/master/examples) for examples of the new formats.
|
|
* removed config-level configuration for checks like max/min memory settings
|
|
* changed severity `error` to `danger`
|
|
* Breaking changes to the CLI
|
|
* CLI flag `--set-exit-code-on-error` is now `--set-exit-code-on-danger`
|
|
* Flags `--version`, `--dashboard`, `--webhook`, and `--audit` are now arguments
|
|
* Port flags are now just `--port`
|
|
|
|
## 0.6.0
|
|
* Fixed webhook support in Kubernetes 1.16
|
|
* this also removes support for 1.8
|
|
* Added support for exemptions via controller annotations
|
|
|
|
## 0.5.2
|
|
* Fixed missing success messages for resource requests/limits
|
|
|
|
## 0.5.1
|
|
* Added a few more exemptions
|
|
* Started checking exemptions based on controller name prefix
|
|
* `runAsUser != 0` now passes the `runAsNonRoot` check
|
|
|
|
## 0.5.0
|
|
* Added `--load-audit-file` flag to run the dashboard from an existing audit
|
|
* Added an `ID` field to each check in the output
|
|
* Skip health checks for jobs, cronjobs, initcontainers
|
|
* Added support for exemptions
|
|
* Fixed dashboard base path option
|
|
|
|
## 0.4.0
|
|
* Added additional Pod Controllers to scan PodSpec (`jobs`, `cronjobs`, `daemonsets`, `replicationcontrollers`)
|
|
|
|
## 0.3.1
|
|
* Changed dashboard branding to refer to new org name Fairwinds
|
|
|
|
## 0.3.0
|
|
* Added `--set-exit-code-on-error` and `--set-exit-code-below-score` flags to better support CI/CD
|
|
|
|
## 0.2.1
|
|
* [Fix](https://github.com/FairwindsOps/polaris/issues/146): Fixed logic on RunAsNonRoot check to incorporate settings in podSpec
|
|
|
|
## 0.2.0
|
|
* Added `--output-format` flag for better CI/CD support
|
|
* Added `--display-name` flag
|
|
* Added support for StatefulSets
|
|
* Show error message if no kubeconfig is set
|
|
|
|
## 0.1.5
|
|
* [Fix](https://github.com/FairwindsOps/polaris/issues/125): ignore limits/requests for initContainers
|
|
* [Fix](https://github.com/FairwindsOps/polaris/issues/132): support custom base path
|
|
|
|
## 0.1.4
|
|
* [Fix](https://github.com/FairwindsOps/polaris/issues/116): details pages getting template errors
|
|
* [Fix](https://github.com/FairwindsOps/polaris/issues/114): support all auth providers
|
|
* [Fix](https://github.com/FairwindsOps/polaris/issues/112): Ignore readiness probe for initContainers
|
|
|
|
## 0.1.3
|
|
* [Fix](https://github.com/FairwindsOps/polaris/issues/109): dashboard not updating when running persistently
|
|
|
|
## 0.1.2
|
|
* Stored all third-party assets (e.g. Charts.js) to local files to support offline dashboard viewing
|
|
* Fix: custom configs in `ConfigMap` not respected
|
|
|
|
## 0.1.1
|
|
* [Fix](https://github.com/FairwindsOps/polaris/issues/93): missing `config.yaml` and dashboard assets in binary releases
|
|
* Added some tests and better error handling
|
|
|
|
## 0.1.0
|
|
* Dashboard fully functional
|
|
* Validating webhook functional, but still considered beta
|
|
* Checks:
|
|
* Health
|
|
* readiness probe missing
|
|
* liveness probe missing
|
|
* Images
|
|
* tag not specified
|
|
* pull policy not always
|
|
* Networking
|
|
* host network set
|
|
* host port set
|
|
* Resources
|
|
* cpu/memory requests missing
|
|
* cpu/memory limits missing
|
|
* cpu/memory ranges exceeded
|
|
* Security
|
|
* security capabilities
|
|
* host IPC set
|
|
* host PID set
|
|
* not read-only fs
|
|
* privilege escalation allowed
|
|
* run as root allowed
|
|
* run as privileged
|