1.8 KiB
Polaris Roadmap
We plan to continue expanding the list of checks available to Polaris users, as well as the project's overall functionality.
If you have ideas for a new check, or for new Polaris features, you can submit a pull request for this file, or open an issue in GitHub.
Features
Validating Webhook
The validating webhook rejects incoming workloads if they cause error-level
issues, as defined by the Polaris configuration.
The webhook server is currently functional, but largely untested. Because
the validating webhook has the potential to cause headaches for users,
we have marked it as beta for now.
We will continue to gather feedback here and will move the webhook out of beta
when we feel it's ready.
TODO
- Pass
warning-level messages back tokubectlif possible (may require changes to core k8s orkubectl)
Ability to override checks
We plan to add the ability to override Polaris checks for particular namespaces and workloads. This may be something that is set in the Polaris configuration, or an annotation that can be added to the resource definition.
This is important, as certain workloads have good reason to skip particular Polaris
checks - for instance, the dns-controller deployment in kube-system needs to have
the host network configured.
Checks
These are checks that we plan to implement. If you have requests or ideas, let us know! You can submit a pull request for this file, or open an issue in GitHub.
Images
- List of allowed/disallowed registries
New controller types
Currently we only look at Deployments. We plan to also validate these types of controllers:
- StatefulSet
- DaemonSet
- Job
- CronJob
- ReplicaSet
Check non-controllers
We would like to implement checks for non-controller types, such as:
- Ingress
- Service
- Secret