a variety of dashboard updates and cleanup

config.yaml

@@ -1,8 +1,8 @@
 resources:
-  cpuRequestsMissing: error
-  cpuLimitsMissing: error
-  memoryRequestsMissing: error
-  memoryLimitsMissing: error
+  cpuRequestsMissing: warning
+  cpuLimitsMissing: warning
+  memoryRequestsMissing: warning
+  memoryLimitsMissing: warning
 images:
   tagNotSpecified: error
   pullPolicyNotAlways: ignore

deploy/dashboard.yaml

@@ -16,10 +16,10 @@ metadata:
 data:
   config.yaml:  |
     resources:
-      cpuRequestsMissing: error
-      cpuLimitsMissing: error
-      memoryRequestsMissing: error
-      memoryLimitsMissing: error
+      cpuRequestsMissing: warning
+      cpuLimitsMissing: warning
+      memoryRequestsMissing: warning
+      memoryLimitsMissing: warning
     images:
       tagNotSpecified: error
     healthChecks:
@@ -126,7 +126,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   annotations:
-    checksum/config: '0d7a7837e74d9179b13cade94ee8f6c11b32920f3c6223fc623da850cd399b42'
+    checksum/config: '6ec4a4dc87403cae67c01438398a5f1d4ef836ffeaf26a33b685c066b940495a'
   name: polaris-dashboard
   namespace: polaris
   labels:

deploy/helm/polaris/values.yaml

@@ -1,10 +1,10 @@
 ---
 config: |
   resources:
-    cpuRequestsMissing: error
-    cpuLimitsMissing: error
-    memoryRequestsMissing: error
-    memoryLimitsMissing: error
+    cpuRequestsMissing: warning
+    cpuLimitsMissing: warning
+    memoryRequestsMissing: warning
+    memoryLimitsMissing: warning
   images:
     tagNotSpecified: error
   healthChecks:

deploy/webhook.yaml

@@ -27,10 +27,10 @@ metadata:
 data:
   config.yaml:  |
     resources:
-      cpuRequestsMissing: error
-      cpuLimitsMissing: error
-      memoryRequestsMissing: error
-      memoryLimitsMissing: error
+      cpuRequestsMissing: warning
+      cpuLimitsMissing: warning
+      memoryRequestsMissing: warning
+      memoryLimitsMissing: warning
     images:
       tagNotSpecified: error
     healthChecks:
@@ -156,7 +156,7 @@ apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
   annotations:
-    checksum/config: '0d7a7837e74d9179b13cade94ee8f6c11b32920f3c6223fc623da850cd399b42'
+    checksum/config: '6ec4a4dc87403cae67c01438398a5f1d4ef836ffeaf26a33b685c066b940495a'
   name: polaris-webhook
   namespace: polaris
   labels:

docs/images.md

@@ -16,5 +16,4 @@ Related to that, relying on cached versions of a Docker image can become a secur
 ## Further Reading
 
 - [What's Wrong With The Docker :latest Tag?](https://vsupalov.com/docker-latest-tag/)
-
 - [Kubernetes’ AlwaysPullImages Admission Control — the Importance, Implementation, and Security Vulnerability in its Absence](https://medium.com/@trstringer/kubernetes-alwayspullimages-admission-control-the-importance-implementation-and-security-d83ff3815840)

docs/resources.md

@@ -37,7 +37,5 @@ Having these values appropriately configured ensures that:
 ## Further Reading
 
 - [Kubernetes Docs: Managing Compute Resources for Containers](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/)
-
 - [Kubernetes best practices: Resource requests and limits](https://cloud.google.com/blog/products/gcp/kubernetes-best-practices-resource-requests-and-limits)
-
 - [Vertical Pod Autoscaler (can automatically set resource requests and limits)](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler)

docs/security-capabilities.md

@@ -20,5 +20,4 @@ With Kubernetes configuration, these capabilities can be added or removed by adj
 ## Further Reading
 
 - [Kubernetes Docs: Set capabilities for a Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-capabilities-for-a-container)
-
 - [Linux Programmer's Manual: Capabilities](http://man7.org/linux/man-pages/man7/capabilities.7.html)

pkg/dashboard/assets/css/check-details.css

@@ -1,12 +1,46 @@
-th, td {
-  padding: 4px 8px;
-  vertical-align: top;
-}
-
 body {
-  font-family: "Helvetica", "Arial", sans-serif
+  font-family: "Muli", "Helvetica", "Arial", sans-serif;
+  font-size: 14px;
 }
 
 h1, h2, h3, h4, h5, h6 {
-  font-family: "Muli", "Helvetica", "Arial", sans-serif
+  font-family: "Muli", "Helvetica", "Arial", sans-serif;
+}
+
+.card.details h1 {
+  margin: 0 0 20px;
+}
+
+.card.details h2 {
+  margin: 30px 0 10px;
+}
+
+.card.details a {
+  color: #23103a;
+}
+
+.card.details a:hover {
+  color: #657;
+}
+
+.card.details ul {
+  padding: 0 15px;
+}
+
+.card.details li {
+  margin: 5px 0;
+}
+
+.card.details table {
+  border-spacing: 0;
+  width: 100%;
+}
+
+.card.details th, .card.details td {
+  padding: 4px 12px;
+  vertical-align: top;
+}
+
+.card.details td {
+  border-top: 1px dotted #ddd;
 }

pkg/dashboard/assets/css/dashboard.css

@@ -10,11 +10,11 @@
   margin: 0;
   font-weight: 300;
   font-size: 28px;
-  padding: 15px 20px 20px;
+  padding: 15px 20px 30px;
 }
 
-.card.namespace h3 {
-  padding-bottom: 30px;
+.card.cluster h3 {
+  padding-bottom: 20px;
 }
 
 .card.namespace h3 strong {
@@ -130,12 +130,12 @@
 
 .category .category-info a {
   font-weight: bold;
-  color: #777;
+  color: #23103a;
   text-decoration: none;
 }
 
 .category .category-info a:hover {
-  color: #23103A;
+  text-decoration: underline;
 }
 
 .category .status {
@@ -235,10 +235,16 @@ ul.message-list li i.message-icon {
 }
 
 a.more-info {
-  color: #6a6a6a;
+  color: #bbb;
+  font-size: 12px;
   text-decoration: none;
 }
 
+a.more-info:hover {
+  color: #555;
+}
+
+
 .card .status-bar {
   padding-top: 7px;
   float: right;

pkg/dashboard/dashboard.go

@@ -92,6 +92,7 @@ func GetBaseTemplate(name string) (*template.Template, error) {
 		"getScore":        getScore,
 		"getIcon":         getIcon,
 		"getCategoryLink": getCategoryLink,
+		"getCategoryInfo": getCategoryInfo,
 	})
 
 	templateFileNames := []string{

pkg/dashboard/helpers.go

@@ -15,6 +15,7 @@
 package dashboard
 
 import (
+	"fmt"
 	"github.com/reactiveops/polaris/pkg/validator"
 	"strings"
 )
@@ -27,10 +28,6 @@ func getSuccessWidth(counts validator.CountSummary, fullWidth int) uint {
 	return uint(float64(counts.Successes) / float64(counts.Successes+counts.Warnings+counts.Errors) * float64(fullWidth))
 }
 
-func getCategoryLink(category string) string {
-	return strings.Replace(strings.ToLower(category), " ", "-", -1)
-}
-
 func getGrade(counts validator.CountSummary) string {
 	score := getScore(counts)
 	if score >= 97 {
@@ -107,3 +104,54 @@ func getIcon(rm validator.ResultMessage) string {
 		return "fas fa-times"
 	}
 }
+
+func getCategoryLink(category string) string {
+	return strings.Replace(strings.ToLower(category), " ", "-", -1)
+}
+
+func getCategoryInfo(category string) string {
+	switch category {
+	case "Health Checks":
+		return fmt.Sprintf(`
+			Properly configured health checks can ensure the long term availability
+			and reliability of your application running in Kubernetes. Polaris
+			validates that health checks are configured for each pod running in
+			your cluster.
+		`)
+	case "Images":
+		return fmt.Sprintf(`
+			Images are the backbone of any Kubernetes cluster, containing the applications
+			that run in each container. Polaris validates that images are configured with
+			specific tags instead of just pulling the latest image on each run. This is
+			important for the stability and security of your workloads.
+		`)
+	case "Networking":
+		return fmt.Sprintf(`
+			Networking configuration in Kubernetes can be quite powerful. Polaris
+			validates that pods are not configured to have access to sensitive host
+			networking configuration. There are certain use cases such as a container
+			overlay network like Calico, where this level of access is required, but
+			the majority of workloads running on Kubernetes should not need this.
+		`)
+	case "Resources":
+		return fmt.Sprintf(`
+			Configuring resource requests and limits for workloads running in Kubernetes
+			helps ensure that every container will have access to all the resources it
+			needs. These are also a crucial part of cluster autoscaling logic, as new
+			nodes are only spun up when there is insufficient capacity on existing
+			infrastructure for new pod(s). By default, Polaris validates that resource
+			requests and limits are set, it also includes optional functionality to ensure
+			these requests and limits fall within specified ranges.
+		`)
+	case "Security":
+		return fmt.Sprintf(`
+			Kubernetes provides a great deal of configurability when it comes to the
+			security of your workloads. A key principle here involves limiting the level
+			of access any individual workload has. Polaris has validations for a number of
+			best practices, mostly focused on ensuring that unnecessary access has not
+			been granted to an application workload.
+		`)
+	default:
+		return ""
+	}
+}

pkg/dashboard/templates/check-details.gohtml

@@ -9,7 +9,7 @@
 <body>
   {{ template "navbar" . }}
   <div class="main-content">
-    <div class="card">
+    <div class="card details">
       {{ template "details" . }}
     </div>
   </div>

pkg/dashboard/templates/dashboard.gohtml

@@ -55,7 +55,7 @@
           </div>
           <div class="name"><span class="caret-expander"></span>{{ $category }}<span class="category-score">Score: <strong>{{ getScore $summary }}%</strong></span></div>
             <div class="result-messages expandable-content">
-            <p class="category-info">Properly configured health checks can ensure the long term availability and reliability of your application running in Kubernetes. Polaris validates that health checks are configured for each pod running in your cluster. Refer to the <a href="#">Polaris Docs</a> for more information.</p>
+            <p class="category-info">{{ getCategoryInfo $category }} Refer to the <a href="/details/{{ getCategoryLink $category }}">Polaris documentation about {{ $category }}</a> for more information.</p>
           </div>
         </div>
       {{ end }} {{/* end range categories */}}
@@ -85,10 +85,10 @@
                   {{ range $message := .PodResult.Messages}}
                     <li class="{{ .Type }}">
                       <i class="message-icon {{ getIcon $message }}"></i>
+                      <span class="message">{{ .Message }}</span>
                       <a class="more-info" href="/details/{{ getCategoryLink .Category }}">
                         <i class="far fa-question-circle"></i>
                       </a>
-                      <span class="message">{{ .Message }}</span>
                     </li>
                   {{ end }}
                 </ul>
@@ -100,10 +100,10 @@
                     {{ range $message := .Messages}}
                       <li class="{{ .Type }}">
                         <i class="message-icon {{ getIcon $message }}"></i>
+                        <span class="message">{{ .Message }}</span>
                         <a class="more-info" href="/details/{{ getCategoryLink .Category }}">
                           <i class="far fa-question-circle"></i>
                         </a>
-                        <span class="message">{{ .Message }}</span>
                       </li>
                     {{ end }}
                   </ul>