- How We Can Help
- About Us
Your Kubernetes security goal should be to ensure containers are running with minimal privileges - avoiding privilege escalation, not running containers with a root user, and using read only file systems wherever possible.
Where configuration is available at both a pod and container level, Polaris validates both.
Readiness and liveness probes can help maintain the health of applications running inside Kubernetes. By default, Kubernetes only knows whether or not a process is running, not if it's healthy. Properly configured readiness and liveness probes ensure the health of an application.
Polaris validates the presence of readiness and liveness probes in pods.
Although Kubernetes allows you to deploy a pod with access to the host network namespace, it's rarely a good idea. Polaris checks
hostPort so you can ensure your pods aren’t asking for excessive permissions.
Configuring resource requests and limits for containers is an important Kubernetes best practice. Setting appropriate resource requests will ensure that all your applications have sufficient compute resources, and limits will keep them from consuming too many resources.
Polaris runs checks to ensure CPU and Memory requests and limits are in place.
latest tag is applied by default to images where a tag hasn't been specified. Not specifying a specific version of an image can lead to a wide variety of problems, including breaking your application.
Polaris will identify when an image tag is either not specified or
latest and when an image pull policy is not