polaris

mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-06 01:06:43 +00:00

Files

ivanfetch-fw 467d06f4db FWI-2719: Enable new RBAC / sensitive content / Pod exec checks, add hasPrefix and hasSuffix functions to the GO template, exempt system: name prefixes for RBAC checks, sensitive content checks ignore valueFrom, (#832 )

* Enable these checks in the default configuration file, which may produce many new results:
  * automountServiceAccountToken
  * linuxHardening
  * sensitiveConfigmapContent and sensitiveContainerEnvVar
  * clusterrolebindingClusterAdmin, rolebindingClusterAdminClusterRole, and rolebindingClusterAdminRole
  * clusterrolePodExecAttach, rolePodExecAttach, clusterrolebindingPodExecAttach, rolebindingClusterRolePodExecAttach, and  rolebindingRolePodExecAttach
* Ignore the `missingNetworkPolicy` and `automountServiceAccountToken` checks by default
* `hasPrefix` and `hasSuffix` functions are now available in the go template
* Fix the `sensitiveContainerEnvVar` check to ignore sensitive environment
variable names when those variables use `valueFrom` to reference an
external resource.
* Add the `*ClusterAdmin` checks to `examples/config-full.yaml`.
* Exempt the prefix `system:` instead of individual entries for RBAC checks (#871)

2022-11-14 15:05:02 -07:00

.vuepress

update docs (#846 )

2022-09-22 11:18:44 -04:00

checks

Update serverity for polaris check (#690 )

2022-01-20 17:08:39 +03:00

customization

FWI-2719: Enable new RBAC / sensitive content / Pod exec checks, add hasPrefix and hasSuffix functions to the GO template, exempt system: name prefixes for RBAC checks, sensitive content checks ignore valueFrom, (#832 )

2022-11-14 15:05:02 -07:00

admission-controller.md

add docs for mutation (#792 )

2022-07-11 13:25:15 -04:00

changelog.md

Update changelog.md (#825 )

2022-08-24 12:38:15 -04:00

cli.md

Add a --namespace flag to the in-cluster audit (#742 )

2022-04-08 07:54:03 -06:00

code-of-conduct.md

Update documentation from template (#609 )

2021-08-17 11:26:25 -04:00

contributing.md

update release process (#744 )

2022-04-28 17:16:17 -04:00

dashboard.md

update release process (#744 )

2022-04-28 17:16:17 -04:00

infrastructure-as-code.md

add docs for mutation (#792 )

2022-07-11 13:25:15 -04:00

main-metadata.md

Update documentation from template (#609 )

2021-08-17 11:26:25 -04:00

package-lock.json

update docs (#846 )

2022-09-22 11:18:44 -04:00

package.json

update docs (#846 )

2022-09-22 11:18:44 -04:00

README.md

Pretty printer for audit (#512 )

2021-03-12 12:20:00 -05:00

README.md

Best Practices for Kubernetes Workload Configuration

Fairwinds' Polaris keeps your clusters sailing smoothly. It runs a variety of checks to ensure that Kubernetes pods and controllers are configured using best practices, helping you avoid problems in the future.

Polaris can be run in three different modes:

As a dashboard, so you can audit what's running inside your cluster.
As an admission controller, so you can automatically reject workloads that don't adhere to your organization's policies.
As a command-line tool, so you can test local YAML files, e.g. as part of a CI/CD process.

Want to learn more? Reach out on the Slack channel (request invite), send an email to opensource@fairwinds.com, or join us for office hours on Zoom

Integration with Fairwinds Insights

Fairwinds Insights is a platform for auditing Kubernetes clusters and enforcing policy. If you'd like to:

manage Polaris across a fleet of clusters
track findings over time
send results to services like Slack and Datadog
add additional checks from tools like Trivy, Goldilocks, and OPA

you can sign up for a free account here.

Contributing

PRs welcome! Check out the Contributing Guidelines and Code of Conduct for more information.

Further Information

A history of changes to this project can be viewed in the Changelog

If you'd like to learn more about Polaris, or if you'd like to speak with a Kubernetes expert, you can contact info@fairwinds.com or visit our website