<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=521127644762074&amp;ev=PageView&amp;noscript=1">

Fairwinds Insights

Fairwinds Insights FAQs

About Fairwinds Insights

What is Fairwinds Insights?

Configuring Kubernetes to be secure, efficient, and reliable is a complex, time-intensive effort. Fortunately, there are many open source Kubernetes tools that audit clusters and workloads and provide recommendations; but engineers often do not have the time to learn, install, run and operationalize these tools at scale. 

Fairwinds Insights is an Open Source as a Service platform, integrating best-of-breed Kubernetes auditing tools that improve cluster security, workload reliability, and engineering productivity.

With Fairwinds Insights, we help:

  • VPEs and Directors of Engineering get high level visibility into the state of their Kubernetes infrastructure, including recommendations for security, efficiency, and reliability improvements.

  • CISOs and Security Managers understand any configuration and security risks with their Kubernetes and container infrastructure

  • DevOps Managers identify, prioritize, plan, and track potential configuration issues with Kubernetes

  • DevOps Engineers implement and use great open source auditing tools without having to spend cycles learning each one and building custom automation

How much does Fairwinds Insights cost?

Fairwinds Insights is in open beta, which is currently free and provides an extensive range of functionality. You can have up to two clusters per organization, and view historical data for up to seven days. If you’d like to add more clusters or longer data retention, contact insights@fairwinds.com to learn about our early adopter program. 

Upon general availability, Fairwinds Insights beta users will transition to a free tier. You can read more about the beta program here.

How does Fairwinds Insights work? What’s a plugin? What’s an Agent?

Fairwinds Insights provides a unified, multi-cluster view into three categories of Kubernetes configuration issues: security, efficiency, and reliability. This unified, multi-cluster view is available as SaaS during the open beta period, and as a self-hosted option upon general availability.

Fairwinds Insights also makes it easy to deploy multiple open-source tools through a single helm installation. This one-time install helps engineers avoid custom work for installing and configuring each tool. 

Fairwinds Insights refers to the tools integrated with the software as ‘plugins’, and the helm chart as the ‘Fairwinds Insights Agent’.

Fairwinds Insights then aggregates findings from each plugin and publishes it into a multi-cluster view for easy consumption, prioritization, and issue tracking.

What are the different deployment models?

Currently, Fairwinds Insights operates as a SaaS platform. This means the Fairwinds Insight Agent (which is deployed as a helm chart) will report findings back to the SaaS platform hosted at insights.fairwinds.com.

A future “self-hosted” option is under roadmap consideration. Email us at insights@fairwinds.com if you’d like to learn more about this roadmap. 

What plugins does Fairwinds Insights include during the open beta period?

Currently, the Agent installs Polaris, Goldilocks, Kube Hunter, Trivy Container Scanning, and has experimental support for Kubesec. You can enable or disable each of the tools when installing the helm chart. If there are other open source tools you’d like to see integrated into Insights as a plugin, let us know at insights@fairwinds.com! 

Example findings:

Security:

  • Container vulnerabilities

  • Security issues with Kubernetes deployments (e.g., deployments configured to run as root)

  • Cluster-level weaknesses (e.g., exposed pods, information disclosures, etc.)

  • Kubernetes CVEs

  • Automated notification of Helm charts that are out of date

Efficiency and Reliability:

  • Cost metrics

  • Recommended CPU and memory limits (for right-sizing your workloads)

  • Potential reliability issues with Kubernetes deployments (e.g., missing liveness and readiness probes)

Installation, Reporting, and Usage

How does the Fairwinds Insights Agent install itself?

The Fairwinds Insights Agent leverages helm to install open source plugins in a single deployment. The Fairwinds Insights Agent orchestrates the installation, configuration, update, and scan frequency of each plugin.

The Fairwinds Insights Agent is publicly available as a helm chart but requires a token to use. You can generate a token after creating an account at https://insights.fairwinds.com

You can learn more about the Fairwinds Insights Agent here: https://github.com/FairwindsOps/charts/tree/master/stable/insights-agent

How long does it take to set up?

Getting started with Insights is as easy as a helm install. Once you’ve added the Agent to your cluster, you’ll see the dashboard populate in about a minute.

 

What permissions does the Fairwinds Insights Agent need?

The RBAC permissions granted to Insights depend on the set of plugins you choose to install.

Most plugins require read-only access (get , list)to common resources, like Deployments and Namespaces. The only plugin with create or delete permission is Goldilocks, which is able to create and delete VerticalPodAutoscaler objects.

You can review the permissions for each plugin in the chart repository. Permissions are listed under rbac.yaml in each plugin’s directory.

Do I need to open a port to enable Fairwinds Insights to work?

No. The Fairwinds Insights Agent, which runs in your cluster, only needs to be able to reach insights.fairwinds.com. Our servers never send requests to your cluster.

How often does the data refresh?

The Fairwinds Insights Agent runs every hour by default. However, the schedule for each report is configurable, and can be run as frequently as every minute. 

For more information on configuring the Fairwinds Insights Agent, please see our GitHub page: https://github.com/FairwindsOps/charts/tree/master/stable/insights-agent

What kind of data is sent back to Insights?

Fairwinds Insights stores the raw output of each of the auditing tools you’ve chosen to enable. This includes some high-level information about controller configuration (such as the existence of liveness and readiness probes or image pull policy), container performance (such as memory and CPU usage), and network vulnerabilities. The only identifiable information sent back is the names of containers, controllers, and namespaces.

Fairwinds Insights does NOT gather environment variables, secrets, config maps, or other sensitive information. Email us at insights@fairwinds.com if you’d like samples of each report type.

What Kubernetes services does Fairwinds Insights support?

Fairwinds Insights currently supports the following open-source reporting tools. Each tool is represented as a ‘plugin’:

  • Polaris

  • Kube-hunter

  • Kubesec

  • Trivy

  • Release-watcher

  • Goldilocks

Why should I use Fairwinds Insights instead of running each of these tools independently?

Great question! All of the open source tools used in Fairwinds Insights can be setup and run on their own using instructions from their respective GitHub reps.

However, if you’re looking to operationalize these tools on a regular basis, and provide visibility across multiple clusters you may be managing, then Fairwinds Insights may help you avoid the work of scripting, aggregating, normalizing, and prioritizing findings. Fairwinds Insights also provides lifecycle management of every finding, so you can track when it was first seen, last seen, when it was last reviewed, and who is assigned to take action.

Get started with Fairwinds Insights
--