Skip to main content
Skip table of contents

Polaris

Polaris by Fairwinds is an open-source project that identifies Kubernetes deployment configuration errors. Polaris runs over a dozen different checks to help users discover Kubernetes misconfigurations that frequently cause security vulnerabilities, outages, scaling limitations, and more. Using Polaris, you can avoid problems and ensure you’re using Kubernetes best practices.

See DKP Insights Release Notes if you wish to know which Polaris version is included in this release.

Enable or Disable Polaris Insights

Edit the Service configuration with the following values:

YAML
polaris:
  enabled: true

To modify an existing installation:

  • Select Workspace, Applications, DKP-Insights, and then Edit to modify an installation.

Frequency of Polaris Audit Scans

Polaris Audits run by default every 37 minutes and uses Cron syntax. You can change the default by editing the Service configuration with the following values:

YAML
polaris:
  schedule: "@every 37m"

To modify an existing installation:

  • Select Workspace, Applications, DKP-Insights, and then Edit to modify an installation.

Modifying Severities of Polaris Insights

Polaris Audit specifies a default severity to each of these types:

You can change these defaults by modifying the Service configuration with the following values:

YAML
polaris:
  config:
    # See https://github.com/FairwindsOps/polaris/blob/master/examples/config.yaml
    checks:
      # reliability
      deploymentMissingReplicas: warning
      priorityClassNotSet: ignore
      tagNotSpecified: danger
      pullPolicyNotAlways: warning
      readinessProbeMissing: warning
      livenessProbeMissing: warning
      metadataAndNameMismatched: ignore
      pdbDisruptionsIsZero: warning
      missingPodDisruptionBudget: ignore

      # efficiency
      cpuRequestsMissing: warning
      cpuLimitsMissing: warning
      memoryRequestsMissing: warning
      memoryLimitsMissing: warning
      # security
      hostIPCSet: danger
      hostPIDSet: danger
      notReadOnlyRootFilesystem: warning
      privilegeEscalationAllowed: danger
      runAsRootAllowed: danger
      runAsPrivileged: danger
      dangerousCapabilities: danger
      insecureCapabilities: warning
      hostNetworkSet: danger
      hostPortSet: warning
      tlsSettingsMissing: warning

To modify an existing installation:

  • Select Workspace, Applications, DKP-Insights, and then Edit to modify an installation.

When you mark a Polaris Audit Insight alert as Not-Useful, newly generated alerts are set to the lowest severity of Notice.

Add Exemptions to Polaris Insights

You can exclude a particular workload from a Polaris Audit, via its Exemptions. This example shows how to exempt the workload dummy-deployment, which currently has an issue where its CPU Limits are Missing. Change the exceptions list by modifying the Service configuration with the following values:

YAML
polaris:
  config:
    exemptions:
      - controllerNames:
          - dummy-deployment
        rules:
          - cpuLimitsMissing

To modify an existing installation:

  • Select Workspace, Applications, DKP-Insights, and then Edit to modify an installation.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.