Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
小 白蛋
Polaris
Commits
85e27b1b
Unverified
Commit
85e27b1b
authored
6 years ago
by
Bobby Brennan
Committed by
GitHub
6 years ago
Browse files
Options
Download
Plain Diff
Merge branch 'master' into rb/polaris-rename
parents
09f05143
fb3935a3
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
Dockerfile
+2
-2
Dockerfile
deploy/dashboard.yaml
+7
-0
deploy/dashboard.yaml
deploy/helm/polaris/templates/dashboard.deployment.yaml
+7
-0
deploy/helm/polaris/templates/dashboard.deployment.yaml
deploy/helm/polaris/templates/webhook.deployment.yaml
+7
-0
deploy/helm/polaris/templates/webhook.deployment.yaml
deploy/webhook.yaml
+7
-0
deploy/webhook.yaml
docs/resources.md
+4
-4
docs/resources.md
pkg/dashboard/dashboard.go
+1
-1
pkg/dashboard/dashboard.go
pkg/validator/container.go
+5
-1
pkg/validator/container.go
pkg/validator/container_test.go
+5
-5
pkg/validator/container_test.go
pkg/validator/messages/messages.go
+4
-2
pkg/validator/messages/messages.go
with
49 additions
and
15 deletions
+49
-15
Dockerfile
+
2
-
2
View file @
85e27b1b
...
...
@@ -9,8 +9,8 @@ FROM alpine:3.9
WORKDIR
/usr/local/bin
RUN
apk
--no-cache
add ca-certificates
RUN
addgroup
-S
polaris
&&
adduser
-
S
-
G
polaris polaris
USER
polaris
RUN
addgroup
-S
polaris
&&
adduser
-
u
1200
-
S
polaris
-G
polaris
USER
1200
COPY
--from=build-env /go/src/github.com/reactiveops/polaris/polaris .
WORKDIR
/opt/app
...
...
This diff is collapsed.
Click to expand it.
deploy/dashboard.yaml
+
7
-
0
View file @
85e27b1b
...
...
@@ -176,6 +176,13 @@ spec:
requests
:
cpu
:
100m
memory
:
128Mi
securityContext
:
privileged
:
false
readOnlyRootFilesystem
:
true
runAsNonRoot
:
true
capabilities
:
drop
:
-
ALL
volumeMounts
:
-
name
:
config
mountPath
:
/opt/app/config.yaml
...
...
This diff is collapsed.
Click to expand it.
deploy/helm/polaris/templates/dashboard.deployment.yaml
+
7
-
0
View file @
85e27b1b
...
...
@@ -53,6 +53,13 @@ spec:
requests
:
cpu
:
100m
memory
:
128Mi
securityContext
:
privileged
:
false
readOnlyRootFilesystem
:
true
runAsNonRoot
:
true
capabilities
:
drop
:
-
ALL
volumeMounts
:
-
name
:
config
mountPath
:
/opt/app/config.yaml
...
...
This diff is collapsed.
Click to expand it.
deploy/helm/polaris/templates/webhook.deployment.yaml
+
7
-
0
View file @
85e27b1b
...
...
@@ -63,6 +63,13 @@ spec:
requests
:
cpu
:
100m
memory
:
128Mi
securityContext
:
privileged
:
false
readOnlyRootFilesystem
:
true
runAsNonRoot
:
true
capabilities
:
drop
:
-
ALL
volumeMounts
:
-
name
:
config
mountPath
:
/opt/app/config.yaml
...
...
This diff is collapsed.
Click to expand it.
deploy/webhook.yaml
+
7
-
0
View file @
85e27b1b
...
...
@@ -216,6 +216,13 @@ spec:
requests
:
cpu
:
100m
memory
:
128Mi
securityContext
:
privileged
:
false
readOnlyRootFilesystem
:
true
runAsNonRoot
:
true
capabilities
:
drop
:
-
ALL
volumeMounts
:
-
name
:
config
mountPath
:
/opt/app/config.yaml
...
...
This diff is collapsed.
Click to expand it.
docs/resources.md
+
4
-
4
View file @
85e27b1b
...
...
@@ -8,10 +8,10 @@ To simplify ensure that these values have been set, the following attributes are
key | default | description
----|---------|------------
`resources.cpuRequestsMissing`
|
`
warning
`
| Fails when
`resources.requests.cpu`
attribute is not configured.
`resources.memoryRequestsMissing`
|
`
warning
`
| Fails when
`resources.requests.memory`
attribute is not configured.
`resources.cpuLimitsMissing`
|
`
warning
`
| Fails when
`resources.limits.cpu`
attribute is not configured.
`resources.memoryLimitsMissing`
|
`
warning
`
| Fails when
`resources.limits.memory`
attribute is not configured.
`resources.cpuRequestsMissing`
|
`
error
`
| Fails when
`resources.requests.cpu`
attribute is not configured.
`resources.memoryRequestsMissing`
|
`
error
`
| Fails when
`resources.requests.memory`
attribute is not configured.
`resources.cpuLimitsMissing`
|
`
error
`
| Fails when
`resources.limits.cpu`
attribute is not configured.
`resources.memoryLimitsMissing`
|
`
error
`
| Fails when
`resources.limits.memory`
attribute is not configured.
## Range Checks
...
...
This diff is collapsed.
Click to expand it.
pkg/dashboard/dashboard.go
+
1
-
1
View file @
85e27b1b
...
...
@@ -161,8 +161,8 @@ func EndpointHandler(w http.ResponseWriter, r *http.Request, c conf.Configuratio
return
}
w
.
WriteHeader
(
http
.
StatusOK
)
w
.
Header
()
.
Set
(
"Content-Type"
,
"application/json"
)
w
.
WriteHeader
(
http
.
StatusOK
)
json
.
NewEncoder
(
w
)
.
Encode
(
templateData
)
}
...
...
This diff is collapsed.
Click to expand it.
pkg/validator/container.go
+
5
-
1
View file @
85e27b1b
...
...
@@ -97,7 +97,11 @@ func (cv *ContainerValidation) validateResourceRange(resourceName string, rangeC
}
else
if
warnBelow
!=
nil
&&
warnBelow
.
MilliValue
()
>
res
.
MilliValue
()
{
cv
.
addWarning
(
fmt
.
Sprintf
(
messages
.
ResourceAmountTooLowFailure
,
resourceName
,
warnBelow
.
String
()),
category
)
}
else
{
cv
.
addSuccess
(
fmt
.
Sprintf
(
messages
.
ResourceAmountSuccess
,
resourceName
),
category
)
if
warnAbove
!=
nil
||
warnBelow
!=
nil
||
errorAbove
!=
nil
||
errorBelow
!=
nil
{
cv
.
addSuccess
(
fmt
.
Sprintf
(
messages
.
ResourceAmountSuccess
,
resourceName
),
category
)
}
else
{
cv
.
addSuccess
(
fmt
.
Sprintf
(
messages
.
ResourcePresentSuccess
,
resourceName
),
category
)
}
}
}
...
...
This diff is collapsed.
Click to expand it.
pkg/validator/container_test.go
+
5
-
5
View file @
85e27b1b
...
...
@@ -583,7 +583,7 @@ func TestValidateSecurity(t *testing.T) {
securityConf
:
standardConf
,
cv
:
emptyCV
,
expectedMessages
:
[]
*
ResultMessage
{{
Message
:
"Should not be
running
as root"
,
Message
:
"Should not be
allowed to run
as root"
,
Type
:
"warning"
,
Category
:
"Security"
,
},
{
...
...
@@ -625,7 +625,7 @@ func TestValidateSecurity(t *testing.T) {
Type
:
"warning"
,
Category
:
"Security"
,
},
{
Message
:
"Should not be
running
as root"
,
Message
:
"Should not be
allowed to run
as root"
,
Type
:
"warning"
,
Category
:
"Security"
,
},
{
...
...
@@ -639,7 +639,7 @@ func TestValidateSecurity(t *testing.T) {
securityConf
:
standardConf
,
cv
:
goodCV
,
expectedMessages
:
[]
*
ResultMessage
{{
Message
:
"
Not running
as root"
,
Message
:
"
Is not allowed to run
as root"
,
Type
:
"success"
,
Category
:
"Security"
,
},
{
...
...
@@ -669,7 +669,7 @@ func TestValidateSecurity(t *testing.T) {
Type
:
"error"
,
Category
:
"Security"
,
},
{
Message
:
"
Not running
as root"
,
Message
:
"
Is not allowed to run
as root"
,
Type
:
"success"
,
Category
:
"Security"
,
},
{
...
...
@@ -691,7 +691,7 @@ func TestValidateSecurity(t *testing.T) {
securityConf
:
strongConf
,
cv
:
strongCV
,
expectedMessages
:
[]
*
ResultMessage
{{
Message
:
"
Not running
as root"
,
Message
:
"
Is not allowed to run
as root"
,
Type
:
"success"
,
Category
:
"Security"
,
},
{
...
...
This diff is collapsed.
Click to expand it.
pkg/validator/messages/messages.go
+
4
-
2
View file @
85e27b1b
...
...
@@ -35,6 +35,8 @@ const (
ResourceAmountTooLowFailure
=
"%s should be higher than %s"
// ResourceAmountSuccess message
ResourceAmountSuccess
=
"%s are within the expected range"
// ResourcePresentSuccess message
ResourcePresentSuccess
=
"%s are set"
// ReadinessProbeFailure message
ReadinessProbeFailure
=
"Readiness probe should be configured"
// ReadinessProbeSuccess message
...
...
@@ -56,9 +58,9 @@ const (
// HostPortSuccess message
HostPortSuccess
=
"Host port is not configured"
// RunAsRootFailure message
RunAsRootFailure
=
"Should not be
running
as root"
RunAsRootFailure
=
"Should not be
allowed to run
as root"
// RunAsRootSuccess message
RunAsRootSuccess
=
"
Not running
as root"
RunAsRootSuccess
=
"
Is not allowed to run
as root"
// RunAsPrivilegedFailure message
RunAsPrivilegedFailure
=
"Should not be running as privileged"
// RunAsPrivilegedSuccess message
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment