3.1.4 Fixes for exemption annotations for the admission controller 3.1.3 Fixes for privilegeEscalationAllowed
and insecureCapabilities
checks to take Kubernetes defaults into account 3.1.2 Start checking deployment configuration using Fairwinds Insights 3.1.1 3.1.0 Added support for Ingress objects Fixes for exemptions, including support for exempting entire namespaces 3.0.0 Breaking - fixed inconsistency in how controller-level checks are handled
Custom checks with target: Controller
should remove Object
from the top-level of the
JSON schema (see changes to ./checks/multipleReplicasForDeployment.yaml
) 2.0.1 Fixed Polaris deployment process 2.0.0 Standardize categories of checks into Security, Reliability, and Efficiency Changes to the dashboard UI Update controller-runtime 1.2.1 Update date on dashboard footer 1.2.0 Add ability to audit a single workload Enable pullPolicyAlways
by default Fix for finding parent resources 1.1.1 Show controller checks on dashboard Fix for orphaned pods w/ controller checks 1.1.0 Add namespace filter in UI Add priorityClass check Support reading from STDIN Ensure severity is set for all custom checks Support audit files which use \r or \r\n as newline character Add option to exempt an entire controller from checks via config file Fixed case where parent resources trigger error Fixed UI zero-state 1.0.3 Fixed case where parent resources trigger error Fixed dashboard link when --base-path
is set 1.0.2 Fixed case where custom CRDs are not covered by RBAC 1.0.1 Added ARM binaries to releases 1.0.0 New Features Added support for custom checks using JSON Schema Added support for arbitrary controllers, rather than a pre-configured set
removed support for controllers_to_scan
in config Added the ability to exempt a particular controller from a particular check. Docker image now includes the default config Breaking Changes Breaking changes in both input and output formats. See Examples (opens new window) for examples of the new formats.
removed config-level configuration for checks like max/min memory settings changed severity error
to danger
Breaking changes to the CLI
CLI flag --set-exit-code-on-error
is now --set-exit-code-on-danger
Flags --version
, --dashboard
, --webhook
, and --audit
are now arguments Port flags are now just --port
0.6.0 Fixed webhook support in Kubernetes 1.16
this also removes support for 1.8 Added support for exemptions via controller annotations 0.5.2 Fixed missing success messages for resource requests/limits 0.5.1 Added a few more exemptions Started checking exemptions based on controller name prefix runAsUser != 0
now passes the runAsNonRoot
check 0.5.0 Added --load-audit-file
flag to run the dashboard from an existing audit Added an ID
field to each check in the output Skip health checks for jobs, cronjobs, initcontainers Added support for exemptions Fixed dashboard base path option 0.4.0 Added additional Pod Controllers to scan PodSpec (jobs
, cronjobs
, daemonsets
, replicationcontrollers
) 0.3.1 Changed dashboard branding to refer to new org name Fairwinds 0.3.0 Added --set-exit-code-on-error
and --set-exit-code-below-score
flags to better support CI/CD 0.2.1 0.2.0 Added --output-format
flag for better CI/CD support Added --display-name
flag Added support for StatefulSets Show error message if no kubeconfig is set 0.1.5 0.1.4 0.1.3 0.1.2 Stored all third-party assets (e.g. Charts.js) to local files to support offline dashboard viewing Fix: custom configs in ConfigMap
not respected 0.1.1 Fix (opens new window) : missing config.yaml
and dashboard assets in binary releases Added some tests and better error handling 0.1.0 Dashboard fully functional Validating webhook functional, but still considered beta Checks:
Health
readiness probe missing liveness probe missing Images
tag not specified pull policy not always Networking
host network set host port set Resources
cpu/memory requests missing cpu/memory limits missing cpu/memory ranges exceeded Security
security capabilities host IPC set host PID set not read-only fs privilege escalation allowed run as root allowed run as privileged