Fairwinds Insights has been enhanced over the last month to include a number of new features and bug fixes. The Kubernetes governance platform ensures users can configure settings to ensure security risks are minimized and cost optimized while providing guardrails for developers to ship applications faster.
As part of our NSA Kubernetes Hardening Guide, we’ve provided information on how using Insights can help improve pod security, network access, authentication and authorization, audit logging and threat detection and upgrade and application security practices. Now included in Fairwinds Insights is the ability to export a report for users to guide clusters towards NSA hardening. This report will show the NSA policy, the relevant Insights check and the number of Action Items that require resolving.
We’ve redesigned the Policy page to now show a list of all policies built-in to Insights as well as any OPA policies added by users. Users are now able to see the severity of every policy as well as whether they will currently block admission requests or the CI/CD pipeline. We’ve also started to use OPA v2 when creating new policies using the Insights UI.
We have redesigned the Policy page in Insights. The Policy page will now show a list of all Policies that come as part of Insights as well as any OPA policies added by users. Users are now able to see the severity of every Policy as well as whether they will currently block admission requests or the CI/CD pipeline. Furthermore, users are now able to set these values using the Insights CLI to customize policies to their needs.
A new Insights CI script is available for our users to use in their CI/CD pipelines. The new 2.0 Insights CI script will now block admission requests and CI/CD pipelines according to the values set in the Policy for Admission and CI. Users using the Auto Scan feature will automatically use this new script version. The 2.0 script also defaults to blocking only on Action Items that have High or Critical severity.
When creating new Policies using the Insights UI, we will be using OPA v2. The biggest change here is a YAML instance is no longer required. All v1 Policies will continue to work, and are still able to be edited from within the Insights web UI. OPA v2 is only available with Insights Agent 2.x. To learn more about the differences between OPA v1 and v2, check out V1 and V2 Insights OPA Policies.
Users are now able to export a report guiding their clusters towards NSA hardening. This report will show the NSA policy, the relevant Insights check and the number of Action Items that require resolving. In order to obtain the report, go to the Action Items page, select a cluster from the top left drop down and click the Export > Export NSA Report button.