Polaris by Fairwinds

Polaris is an open source project that identifies Kubernetes deployment configuration errors. Polaris runs over a dozen different checks to help users discover Kubernetes misconfigurations that frequently cause security vulnerabilities, outages, scaling limitations and more. Using Polaris, you can avoid problems and ensure you’re using Kubernetes best practices.

Polaris improves Kubernetes deployments

Security

Your Kubernetes security goal should be to ensure containers are running with minimal privileges - avoiding privilege escalation, not running containers with a root user, and using read only file systems wherever possible.

Where configuration is available at both a pod and container level, Polaris validates both.

Read the docs

Reliability

Readiness and liveness probes can help maintain the health of applications running inside Kubernetes. By default, Kubernetes only knows whether or not a process is running, not if it's healthy. Properly configured readiness and liveness probes ensure the health of an application.

Polaris validates the presence of readiness and liveness probes in pods.

Read the docs

Networking

Although Kubernetes allows you to deploy a pod with access to the host network namespace, it's rarely a good idea. Polaris checks hostNetwork and hostPort so you can ensure your pods aren’t asking for excessive permissions.

Read the docs

Efficiency

Configuring resource requests and limits for containers is an important Kubernetes best practice. Setting appropriate resource requests will ensure that all your applications have sufficient compute resources, and limits will keep them from consuming too many resources.

Polaris runs checks to ensure CPU and Memory requests and limits are in place.

Read the docs

Images

Docker's latest tag is applied by default to images where a tag hasn't been specified. Not specifying a specific version of an image can lead to a wide variety of problems, including breaking your application.

Polaris will identify when an image tag is either not specified or latest and when an image pull policy is not Always.

Read the docs

Operationalize Polaris with Fairwinds Insights

Fairwinds has combined Polaris with other trusted open source tools, toolchain integrations, and SRE expertise based on hundreds of successful Kubernetes deployments to deliver Fairwinds Insights, a configuration validation platform.

Fairwinds Insights operationalizes Polaris checks by providing not only the findings, but also keeping a historical record of the results across all your clusters and offering remediation guidance. Fairwinds Insights allows you to track and prioritize security, efficiency and reliability issues, collaborate across teams, and apply best practices as applications move from development to production. Fairwinds Insights will help you improve your security posture, reduce costs, save time and improve workload reliability.

Learn more about Fairwinds Insights.

Features

View on GitHub

Features

Available in Fairwinds Insights

Security, efficiency, and reliability best practices

Admission Controller

CI/CD integration

Custom checks

Multi-cluster Management UI

Deprecated API checks

GitHub Action support

Slack notifications

Open Policy Agent (OPA) support

We know the value our team provides, but we also know trust is earned. Read case studies from some of the customers that love Fairwinds.

“Fairwinds has saved us time and money by providing expert cloud services guidance, consulting, and implementation.”

Arun Jacob | Senior VP, Software

“Fairwinds Insights is within a suite of products that helps me to sleep better at night…It’s a thing I’m not having to actively monitor, because I know if something goes wrong, I’m going to get notified about it.”

Robbie Trencheny | Head of Infrastructure

“With Fairwinds, we get a team that has different Kubernetes expertise, and is able to set up infrastructure in a way that is immediately effective.”

Beau Button | CTO, President and Co-founder

Polaris FAQs