<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=521127644762074&amp;ev=PageView&amp;noscript=1">
Support Log in
Get Started
Get Started
Polaris

Polaris Frequently Asked Questions

Call us at +1 617-249-3250

What is Polaris?
Polaris is an open source project for auditing and enforcing best practices in Kubernetes. Polaris comes with over a dozen checks that address configuration issues related to stability, reliability, scalability, and security. It can be run as a read-only dashboard, allowing you to view which of your deployments are problematic, or as an active Validating Webhook  preventing the admission of new problems.

What checks are available?
Polaris can check for any of the following problems:

  • Health
    • readiness probe is missing
    • liveness probe is missing
  • Images
    • tag not specified, or is “latest”
    • pull policy is not “Always”
  • Networking
    • host network is set
    • host port is set
  • Resources
    • cpu/memory requests are missing
    • cpu/memory limits are missing
    • cpu/memory ranges exceeded
  • Security
    • has disallowed security capabilities
    • host IPC is set
    • host PID is set
    • filesystem is not read-only
    • privilege escalation allowed
    • run as root allowed
    • run as privileged

How do I install Polaris?
The easiest way to install Polaris is using kubectl:

kubectl apply -f
https://raw.githubusercontent.com/fairwindsops/polaris/master/deploy/dashboard.yaml
kubectl port-forward --namespace polaris svc/polaris-dashboard 8080:80
# View the dashboard at http://localhost:8080


We also provide a Helm chart for easy, repeatable deployments. You can learn more here.

Do I have to run Polaris in my cluster?
You can also run the Polaris dashboard locally - it will use your Kubeconfig file to gather the info it needs about your cluster. You can download the Polaris binary from the releases page on GitHub, then run polaris--dashboard to start the server.

How do I configure the Polaris checks?
If you’re deploying Polaris via Helm, you can provide your own values.yaml to override the default configuration. You can see an example here. The same thing can be done using a ConfigMap passed to kubectl, as seen here.

If you’re running Polaris locally, you can specify the --config input to direct Polaris to a local configuration file.

What kinds of Kubernetes objects are checked?
Currently, Polaris only checks Deployments, as well as the Pods and Containers that run inside those Deployments. We will soon add checks for StatefulSets, DaemonSets, Jobs, CronJobs, ReplicaSets, and ReplicationControllers.

What RBAC permissions does Polaris require?
Polaris will need read and list permissions for all Kubernetes resources. 

What is the Validating Webhook?
The Validating Webhook is a persistent process running inside your Kubernetes cluster. Whenever a new configuration reaches the Kubernetes API (usually via kubectl apply ), the Validating Webhook will check that configuration for any problems that would cause an error-level message in the Polaris Dashboard. If error-level problems are present, the configuration will be rejected with a warning message to the user. Warning-level problems are ignored.