What is Fairwinds’ Polaris? Kubernetes Open Source Configuration Validation

An Example

YAML
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80

CPU and Memory Settings

YAML
containers:
- name: nginx
image: nginx:1.14.2
resources:
requests:
memory: 512MB
cpu: 500m
limits:
memory: 1GB
cpu: 1000m

Health Probes

YAML
containers:
livenessProbe:
exec:
command:
- cat
- /tmp/healthy
readinessProbe:
httpGet:
path: /healthz
port: 8080

Security Tightening

YAML
containers:
- name: nginx
image: nginx:1.14.2
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- ALL

How Polaris Can Help

YAML
successMessage: Host network is not configured
failureMessage: Host network should not be configured
category: Security
target: Pod
schema:
'$schema': http://json-schema.org/draft-07/schema
type: object
properties:
hostNetwork:
not:
const: true

Deploying with Confidence

Fairwinds — The Kubernetes Enablement Company | Editor of uptime 99

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store