-
Notifications
You must be signed in to change notification settings - Fork 213
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #81 from reactiveops/rb/add-links
add roadmap, changelog, links
- Loading branch information
Showing
3 changed files
with
88 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# 0.1.0 | ||
* Dashboard fully functional | ||
* Validating webhook functional, but still considered beta | ||
* Checks: | ||
* Health | ||
* readiness probe missing | ||
* liveness probe missing | ||
* Images | ||
* tag not specified | ||
* pull policy not always | ||
* Networking | ||
* host network set | ||
* host port set | ||
* Resources | ||
* cpu/memory requests missing | ||
* cpu/memory limits missing | ||
* cpu/memory ranges exceeded | ||
* Security | ||
* security capabilities | ||
* host IPC set | ||
* host PID set | ||
* not read-only fs | ||
* privilege escalation allowed | ||
* run as root allowed | ||
* run as privileged |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
# Polaris Roadmap | ||
We plan to continue expanding the list of checks available to Polaris users, | ||
as well as the project's overall functionality. | ||
|
||
If you have ideas for a new check, or for new Polaris features, | ||
you can submit a pull request for this file, or open an issue in GitHub. | ||
|
||
## Features | ||
### Validating Webhook | ||
The validating webhook rejects incoming workloads if they cause `error`-level | ||
issues, as defined by the Polaris configuration. | ||
|
||
The webhook server is currently functional, but largely untested. Because | ||
the validating webhook has the potential to cause headaches for users, | ||
we have marked it as `beta` for now. | ||
|
||
We will continue to gather feedback here and will move the webhook out of `beta` | ||
when we feel it's ready. | ||
|
||
#### TODO | ||
* Pass `warning`-level messages back to `kubectl` if possible (may require changes | ||
to core k8s or `kubectl`) | ||
|
||
## Ability to override checks | ||
We plan to add the ability to override Polaris checks for particular namespaces | ||
and workloads. This may be something that is set in the Polaris configuration, | ||
or an annotation that can be added to the resource definition. | ||
|
||
This is important, as certain workloads have good reason to skip particular Polaris | ||
checks - for instance, the `dns-controller` deployment in `kube-system` needs to have | ||
the host network configured. | ||
|
||
## Checks | ||
These are checks that we plan to implement. If you have requests or ideas, | ||
let us know! You can submit a pull request for this file, or open an issue in GitHub. | ||
|
||
### Images | ||
* List of allowed/disallowed registries | ||
|
||
### New controller types | ||
Currently we only look at Deployments. We plan to also validate these types of controllers: | ||
* StatefulSet | ||
* DaemonSet | ||
* Job | ||
* CronJob | ||
* ReplicaSet | ||
|
||
### Check non-controllers | ||
We would like to implement checks for non-controller types, such as: | ||
* Ingress | ||
* Service | ||
* Secret | ||
|