<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=521127644762074&amp;ev=PageView&amp;noscript=1">

Fairwinds Insights FAQs

About Fairwinds Insights

What is Fairwinds Insights?

Fairwinds Insights is a configuration validation software platform that enables engineering and DevOps teams to run Kubernetes workloads securely, efficiently, and reliably. The platform integrates trusted open source tools that proactively monitor Kubernetes and container configurations, recommending improvements that help avoid problems before they arise. Recommendations are stored in a single location which enables teams to track and prioritize issues, collaborate across teams, and apply best practices as applications move from development to production. 

With Fairwinds Insights, we help:

  • VPEs and Directors of Engineering get high level visibility into the state of their Kubernetes infrastructure, including recommendations for security, efficiency, and reliability improvements.
  • CISOs and Security Managers understand any configuration and security risks with their Kubernetes and container infrastructure
  • DevOps Managers identify, prioritize, plan, and track potential configuration issues with Kubernetes
  • DevOps Engineers implement and use great open source auditing tools without having to spend cycles learning each one and building custom automation

How much does Fairwinds Insights cost?

Fairwinds Insights offers free and commercial tiers of the product. For more information, please visit our webpage at: https://www.fairwinds.com/insights

How does Fairwinds Insights work? What’s a plugin? What’s an Agent?

Fairwinds Insights provides a unified, multi-cluster view into three categories of Kubernetes configuration issues: security, efficiency, and reliability. This unified, multi-cluster view is available in commercial SaaS or commercial self-hosted options.

Fairwinds Insights also makes it easy to deploy multiple open-source tools through a single helm installation. This one-time install helps engineers avoid custom work for installing and configuring each tool. 
 
 
Fairwinds Insights refers to the tools integrated with the software as ‘plugins’, and the helm chart as the ‘Fairwinds Insights Agent’.
 
Fairwinds Insights then aggregates findings from each plugin and publishes it into a multi-cluster view for easy consumption, prioritization, and issue tracking.
 
 

What are the different deployment models?

Currently, Fairwinds Insights operates as a SaaS platform. This means the Fairwinds Insight Agent (which is deployed as a helm chart) will report findings back to the SaaS platform hosted at insights.fairwinds.com.

A future “self-hosted” option is under roadmap consideration. Email us at insights@fairwinds.com if you’d like to learn more about this roadmap.

What plugins does Fairwinds Insights include?

Fairwinds Insights provides integrations for a variety of great open source tools including Polaris, Goldilocks, and Trivy Container Scanning. For the complete list, please visit the Fairwinds Insights documentation center. 

Example findings:

Security:

  • Container vulnerabilities

  • Security issues with Kubernetes deployments (e.g., deployments configured to run as root)

  • Cluster-level weaknesses (e.g., exposed pods, information disclosures, etc.)

  • Kubernetes CVEs

  • Automated notification of Helm charts that are out of date

Efficiency and Reliability:

  • Cost metrics

  • Recommended CPU and memory limits (for right-sizing your workloads)

  • Potential reliability issues with Kubernetes deployments (e.g., missing liveness and readiness probes)

Installation, Reporting, and Usage

How does the Fairwinds Insights Agent install itself?

The Fairwinds Insights Agent leverages helm to install open source plugins in a single deployment. The Fairwinds Insights Agent orchestrates the installation, configuration, update, and scan frequency of each plugin.

The Fairwinds Insights Agent is publicly available as a helm chart but requires a token to use. You can generate a token after creating an account at https://insights.fairwinds.com

You can learn more about the Fairwinds Insights Agent here: https://github.com/FairwindsOps/charts/tree/master/stable/insights-agent

How long does it take to set up?

Getting started with Insights is as easy as a helm install. Once you’ve added the Agent to your cluster, you’ll see the dashboard populate in about a minute.

 

What permissions does the Fairwinds Insights Agent need?

The RBAC permissions granted to Insights depend on the set of plugins you choose to install.

Most plugins require read-only access (get , list) to common resources, like Deployments and Namespaces. The only plugin with create or delete permission is Goldilocks, which is able to create and delete verticalpodautoscaler objects.

You can review the permissions for each plugin in the chart repository. Permissions are listed under rbac.yaml in each plugin’s directory.

Do I need to open a port to enable Fairwinds Insights to work?

No. The Fairwinds Insights Agent, which runs in your cluster, only needs to be able to reach insights.fairwinds.com. Our servers never send requests to your cluster.

How often does the data refresh?

The Fairwinds Insights Agent runs every hour by default. However, the schedule for each report is configurable, and can be run as frequently as every minute. 

For more information on configuring the Fairwinds Insights Agent, please see our GitHub page: https://github.com/FairwindsOps/charts/tree/master/stable/insights-agent

What kind of data is sent back to Insights?

Fairwinds Insights stores the raw output of each of the auditing tools you’ve chosen to enable. This includes some high-level information about controller configuration (such as the existence of liveness and readiness probes or image pull policy), container performance (such as memory and CPU usage), and network vulnerabilities. The only identifiable information sent back is the names of containers, controllers, and namespaces.

Fairwinds Insights does NOT gather environment variables, secrets, config maps, or other sensitive information. Email us at insights@fairwinds.com if you’d like samples of each report type.

What Kubernetes services does Fairwinds Insights support?

Fairwinds Insights currently supports the following open-source reporting tools. Each tool is represented as a ‘plugin’:

  • Polaris

  • Kube-hunter

  • Kube-bench

  • Kubesec

  • Trivy

  • Release-watcher

  • Goldilocks

Why should I use Fairwinds Insights instead of running each of these tools independently?

Great question! All of the open source tools used in Fairwinds Insights can be setup and run on their own using instructions from their respective GitHub reps.

However, if you’re looking to operationalize these tools on a regular basis, and provide visibility across multiple clusters you may be managing, then Fairwinds Insights may help you avoid the work of scripting, aggregating, normalizing, and prioritizing findings. Fairwinds Insights also provides lifecycle management of every finding, so you can track when it was first seen, last seen, when it was last reviewed, and who is assigned to take action.

Get started with Fairwinds Insights