github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-10 19:26:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3.0.0
polaris/docs/admission-controller/index.html
Robert Brennan 1a8fb44b78 Migrate docs to Vuepress (#442) 
* first pass

* fix up homepage

* more work

* housekeeping

* add script to modify home link

* add check docs

* build docs site

* Create CNAME

* fix path to check-docs

* update from template

* fix logo in readme

* fix link

* remove logspam

* remove old folders

* fix all links

* fix up readme

* change up Insights description

* add customization docs

* phrasing

* title

* titles

* titles

* change webhook docs

* refresh template

* rebuild site

* refresh from template repo

* phrasing

* add tagline

* update readme\, add readme sync script

* fix logo

* rebuild

* fix readme script

* rebuild
2020-11-30 14:15:29 -05:00

46 lines
11 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Admission Controller | Fairwinds Polaris Documentation</title>
<meta name="generator" content="VuePress 1.7.1">
<link rel="icon" href="/favicon.png">
<script src="/scripts/modify.js"></script>
<script src="/scripts/leadlander.js"></script>
<meta name="description" content="Documentation for Fairwinds Polaris - audit and enforce Kubernetes best practices for your workloads">
<link rel="preload" href="/assets/css/0.styles.db69974e.css" as="style"><link rel="preload" href="/assets/js/app.65b94829.js" as="script"><link rel="preload" href="/assets/js/3.0cb25b42.js" as="script"><link rel="preload" href="/assets/js/2.28adca5d.js" as="script"><link rel="preload" href="/assets/js/9.4f55b6b3.js" as="script"><link rel="prefetch" href="/assets/js/10.9d1a1701.js"><link rel="prefetch" href="/assets/js/11.d7eadcf0.js"><link rel="prefetch" href="/assets/js/12.85c0eab0.js"><link rel="prefetch" href="/assets/js/13.0487faf0.js"><link rel="prefetch" href="/assets/js/14.60ea393e.js"><link rel="prefetch" href="/assets/js/15.00f25aaa.js"><link rel="prefetch" href="/assets/js/16.cb0515ce.js"><link rel="prefetch" href="/assets/js/17.013e9969.js"><link rel="prefetch" href="/assets/js/18.a0fcb2d2.js"><link rel="prefetch" href="/assets/js/19.9fe045af.js"><link rel="prefetch" href="/assets/js/20.5bcacf34.js"><link rel="prefetch" href="/assets/js/21.2f58615f.js"><link rel="prefetch" href="/assets/js/22.90ebc6b9.js"><link rel="prefetch" href="/assets/js/4.be9896b6.js"><link rel="prefetch" href="/assets/js/5.665b3e6a.js"><link rel="prefetch" href="/assets/js/6.a5e340ed.js"><link rel="prefetch" href="/assets/js/7.dbd47d64.js"><link rel="prefetch" href="/assets/js/8.5a82b7c2.js">
<link rel="stylesheet" href="/assets/css/0.styles.db69974e.css">
</head>
<body>
<div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar"><div class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/" class="home-link router-link-active"><img src="/img/fairwinds-logo.svg" alt="Fairwinds Polaris Documentation" class="logo"> <span class="site-name can-hide">Fairwinds Polaris Documentation</span></a> <div class="links"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="https://github.com/FairwindsOps/polaris" target="_blank" rel="noopener noreferrer" class="nav-link external">
View on GitHub
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <!----></nav></div></header> <div class="sidebar-mask"></div> <aside class="sidebar"><nav class="nav-links"><div class="nav-item"><a href="https://github.com/FairwindsOps/polaris" target="_blank" rel="noopener noreferrer" class="nav-link external">
View on GitHub
<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></div> <!----></nav> <ul class="sidebar-links"><li><section class="sidebar-group depth-0"><a href="/" class="sidebar-heading clickable router-link-active"><span>Polaris</span> <!----></a> <ul class="sidebar-links sidebar-group-items"><li><a href="/changelog/" class="sidebar-link">Changelog</a></li><li><a href="/code-of-conduct/" class="sidebar-link">Code of Conduct</a></li><li><a href="/contributing/" class="sidebar-link">Contributing</a></li></ul></section></li><li><section class="sidebar-group depth-0"><p class="sidebar-heading open"><span>Ways to Run Polaris</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/dashboard/" class="sidebar-link">Dashboard</a></li><li><a href="/admission-controller/" aria-current="page" class="active sidebar-link">Admission Controller</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header"><a href="/admission-controller/#installation" class="sidebar-link">Installation</a></li><li class="sidebar-sub-header"><a href="/admission-controller/#workload-types" class="sidebar-link">Workload Types</a></li><li class="sidebar-sub-header"><a href="/admission-controller/#warnings" class="sidebar-link">Warnings</a></li></ul></li><li><a href="/infrastructure-as-code/" class="sidebar-link">Infrastructure as Code</a></li></ul></section></li><li><section class="sidebar-group depth-0"><p class="sidebar-heading"><span>Customization</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/customization/configuration/" class="sidebar-link">Configuration</a></li><li><a href="/customization/checks/" class="sidebar-link">Check Settings</a></li><li><a href="/customization/custom-checks/" class="sidebar-link">Custom Checks</a></li><li><a href="/customization/exemptions/" class="sidebar-link">Exemptions</a></li></ul></section></li><li><section class="sidebar-group depth-0"><p class="sidebar-heading"><span>Checks</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/checks/security/" class="sidebar-link">Security</a></li><li><a href="/checks/efficiency/" class="sidebar-link">Efficiency</a></li><li><a href="/checks/reliability/" class="sidebar-link">Reliability</a></li></ul></section></li></ul> </aside> <main class="page"> <div class="theme-default-content content__default"><h1 id="admission-controller"><a href="#admission-controller" class="header-anchor">#</a> Admission Controller</h1> <p>Polaris can be run as an admission controller that acts as a validating webhook.
This accepts the same configuration as the dashboard, and can run the same validations.</p> <p>The webhook will reject any workloads that trigger a danger-level check.
This is indicative of the greater goal of Polaris, not just to encourage better
configuration through dashboard visibility, but to actually enforce it with this webhook.</p> <p>Note that Polaris will not alter your workloads, only block workloads that don't conform to the configured policies.</p> <h2 id="installation"><a href="#installation" class="header-anchor">#</a> Installation</h2> <h3 id="kubectl"><a href="#kubectl" class="header-anchor">#</a> kubectl</h3> <div class="language-bash extra-class"><pre class="language-bash"><code>kubectl apply -f https://github.com/fairwindsops/polaris/releases/latest/download/webhook.yaml
</code></pre></div><h3 id="helm"><a href="#helm" class="header-anchor">#</a> Helm</h3> <div class="language-bash extra-class"><pre class="language-bash"><code>helm repo <span class="token function">add</span> fairwindsops-stable https://charts.fairwindsops.com/stable
helm upgrade --install polaris fairwindsops-stable/polaris --namespace polaris <span class="token punctuation">\</span>
--set webhook.enable<span class="token operator">=</span>true --set dashboard.enable<span class="token operator">=</span>false
</code></pre></div><h2 id="workload-types"><a href="#workload-types" class="header-anchor">#</a> Workload Types</h2> <p>The webhook comes with built-in support for a handful of known controller types,
such as Deployments, Jobs, and DaemonSets. To add new controller types,
you can set <code>webhook.rules</code> in the
<a href="https://github.com/FairwindsOps/charts/tree/master/stable/polaris" target="_blank" rel="noopener noreferrer">Helm chart<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></p> <h2 id="warnings"><a href="#warnings" class="header-anchor">#</a> Warnings</h2> <p>Unfortunately we have not found a way to display warnings as part of <code>kubectl</code>
output unless we are rejecting a workload altogether.</p> <p>This means that any checks with a severity of <code>warning</code> will still pass webhook validation,
and the only evidence of that warning will either be in the Polaris dashboard or the
Polaris webhook logs. This will change in a future version of Kubernetes.</p></div> <footer class="page-edit"><div class="edit-link"><a href="https://github.com/FairwindsOps/polaris/edit/master/docs-md/admission-controller.md" target="_blank" rel="noopener noreferrer">Help us improve this page</a> <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></div> <!----></footer> <div class="page-nav"><p class="inner"><span class="prev">
<a href="/dashboard/" class="prev">
Dashboard
</a></span> <span class="next"><a href="/infrastructure-as-code/">
Infrastructure as Code
</a>
</span></p></div> <div class="custom-footer"><div class="left-footer"><a href="https://fairwinds.com" target="_blank">Learn more about Fairwinds</a> <a href="https://fairwinds.com/insights" target="_blank">Try Fairwinds Insights</a></div> <div class="right-footer"><a href="https://www.fairwinds.com/privacy-policy" target="_blank">Privacy Policy</a></div></div></main></div><div class="global-ui"></div></div>
<script src="/assets/js/app.65b94829.js" defer></script><script src="/assets/js/3.0cb25b42.js" defer></script><script src="/assets/js/2.28adca5d.js" defer></script><script src="/assets/js/9.4f55b6b3.js" defer></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink