github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-10 11:16:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2.0.1
polaris/docs-md/admission-controller.md
Robert Brennan 1a8fb44b78 Migrate docs to Vuepress (#442) 
* first pass

* fix up homepage

* more work

* housekeeping

* add script to modify home link

* add check docs

* build docs site

* Create CNAME

* fix path to check-docs

* update from template

* fix logo in readme

* fix link

* remove logspam

* remove old folders

* fix all links

* fix up readme

* change up Insights description

* add customization docs

* phrasing

* title

* titles

* titles

* change webhook docs

* refresh template

* rebuild site

* refresh from template repo

* phrasing

* add tagline

* update readme\, add readme sync script

* fix logo

* rebuild

* fix readme script

* rebuild
2020-11-30 14:15:29 -05:00

1.6 KiB
Raw Permalink Blame History

Admission Controller

Polaris can be run as an admission controller that acts as a validating webhook. This accepts the same configuration as the dashboard, and can run the same validations.

The webhook will reject any workloads that trigger a danger-level check. This is indicative of the greater goal of Polaris, not just to encourage better configuration through dashboard visibility, but to actually enforce it with this webhook.

Note that Polaris will not alter your workloads, only block workloads that don't conform to the configured policies.

Installation

kubectl

kubectl apply -f https://github.com/fairwindsops/polaris/releases/latest/download/webhook.yaml

Helm

helm repo add fairwindsops-stable https://charts.fairwindsops.com/stable
helm upgrade --install polaris fairwindsops-stable/polaris --namespace polaris \
  --set webhook.enable=true --set dashboard.enable=false

Workload Types

The webhook comes with built-in support for a handful of known controller types, such as Deployments, Jobs, and DaemonSets. To add new controller types, you can set webhook.rules in the Helm chart

Warnings

Unfortunately we have not found a way to display warnings as part of kubectl output unless we are rejecting a workload altogether.

This means that any checks with a severity of warning will still pass webhook validation, and the only evidence of that warning will either be in the Polaris dashboard or the Polaris webhook logs. This will change in a future version of Kubernetes.

Reference in New Issue View Git Blame Copy Permalink