Merge pull request #81 from reactiveops/rb/add-links

add roadmap, changelog, links
FairwindsOps · May 15, 2019 · 8f2eb24 · 8f2eb24
2 parents c2bffbf + 8b913b1
commit 8f2eb24
Show file tree

Hide file tree

Showing 3 changed files with 88 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,25 @@
+# 0.1.0
+* Dashboard fully functional
+* Validating webhook functional, but still considered beta
+* Checks:
+  * Health
+    * readiness probe missing
+    * liveness probe missing
+  * Images
+    * tag not specified
+    * pull policy not always
+  * Networking
+    * host network set
+    * host port set
+  * Resources
+    * cpu/memory requests missing
+    * cpu/memory limits missing
+    * cpu/memory ranges exceeded
+  * Security
+    * security capabilities
+    * host IPC set
+    * host PID set
+    * not read-only fs
+    * privilege escalation allowed
+    * run as root allowed
+    * run as privileged
diff --git a/README.md b/README.md
@@ -94,3 +94,13 @@ Polaris validation checks fall into several different categories:
 
 ## License
 Apache License 2.0
+
+## Contributing
+PRs welcome! Check out the [Contributing Guidlines](CONTRIBUTING.md),
+[Code of Conduct](CODE_OF_CONDUCT.md), and [Roadmap](ROADMAP.md) for more information.
+
+## Further Information
+A history of changes to this project can be viewed in the [Changelog](CHANGELOG.md)
+
+If you'd like to learn more about Polaris, or if you'd like to speak with
+a Kubernetes expert, you can contact `info@reactiveops.com` or [visit our website](https://reactiveops.com)
diff --git a/ROADMAP.md b/ROADMAP.md
@@ -0,0 +1,53 @@
+# Polaris Roadmap
+We plan to continue expanding the list of checks available to Polaris users,
+as well as the project's overall functionality.
+
+If you have ideas for a new check, or for new Polaris features,
+you can submit a pull request for this file, or open an issue in GitHub.
+
+## Features
+### Validating Webhook
+The validating webhook rejects incoming workloads if they cause `error`-level
+issues, as defined by the Polaris configuration.
+
+The webhook server is currently functional, but largely untested. Because
+the validating webhook has the potential to cause headaches for users,
+we have marked it as `beta` for now.
+
+We will continue to gather feedback here and will move the webhook out of `beta`
+when we feel it's ready.
+
+#### TODO
+* Pass `warning`-level messages back to `kubectl` if possible (may require changes
+to core k8s or `kubectl`)
+
+## Ability to override checks
+We plan to add the ability to override Polaris checks for particular namespaces
+and workloads. This may be something that is set in the Polaris configuration,
+or an annotation that can be added to the resource definition.
+
+This is important, as certain workloads have good reason to skip particular Polaris
+checks - for instance, the `dns-controller` deployment in `kube-system` needs to have
+the host network configured.
+
+## Checks
+These are checks that we plan to implement. If you have requests or ideas,
+let us know! You can submit a pull request for this file, or open an issue in GitHub.
+
+### Images
+* List of allowed/disallowed registries
+
+### New controller types
+Currently we only look at Deployments. We plan to also validate these types of controllers:
+* StatefulSet
+* DaemonSet
+* Job
+* CronJob
+* ReplicaSet
+
+### Check non-controllers
+We would like to implement checks for non-controller types, such as:
+* Ingress
+* Service
+* Secret
+