32c1150b28
This change follows up #635 and lets end-users decide to disallow exemption rules defined as part of the config file or the controller annotations (whether none, any or both). The main use case here is to be able to prevent users with edit privileges over a controller to add a new exemption rule through an annotation which may obfuscate the actual policies we want to enforce. Signed-off-by: Maxime VISONNEAU <maxime.visonneau@gmail.com> Co-authored-by: Robert Brennan <accounts@rbren.io>
Best Practices for Kubernetes Workload Configuration
Fairwinds' Polaris keeps your clusters sailing smoothly. It runs a variety of checks to ensure that Kubernetes pods and controllers are configured using best practices, helping you avoid problems in the future.
Polaris can be run in three different modes:
- As a dashboard, so you can audit what's running inside your cluster.
- As an admission controller, so you can automatically reject workloads that don't adhere to your organization's policies.
- As a command-line tool, so you can test local YAML files, e.g. as part of a CI/CD process.
Want to learn more? Reach out on the Slack channel (request invite), send an email to opensource@fairwinds.com, or join us for office hours on Zoom
Integration with Fairwinds Insights
Fairwinds Insights is a platform for auditing Kubernetes clusters and enforcing policy. If you'd like to:
- manage Polaris across a fleet of clusters
- track findings over time
- send results to services like Slack and Datadog
- add additional checks from tools like Trivy, Goldilocks, and OPA
you can sign up for a free account here.
Contributing
PRs welcome! Check out the Contributing Guidelines and Code of Conduct for more information.
Further Information
A history of changes to this project can be viewed in the Changelog
If you'd like to learn more about Polaris, or if you'd like to speak with
a Kubernetes expert, you can contact info@fairwinds.com or visit our website
