Skip to content

Commit

Permalink
add docs for mutation (#792)
Browse files Browse the repository at this point in the history 
* add docs for mutation

* Update infrastructure-as-code.md
  • Loading branch information
@rbren
rbren authored Jul 11, 2022
1 parent a2ec025 commit acadebe
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 0 deletions.
14 changes: 14 additions & 0 deletions docs/admission-controller.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,3 +45,17 @@ output unless we are rejecting a workload altogether.
This means that any checks with a severity of `warning` will still pass webhook validation,
and the only evidence of that warning will either be in the Polaris dashboard or the
Polaris webhook logs. This will change in a future version of Kubernetes.

## Mutating Webhook
By default, the Admission Controller is just pass/fail, but
Polaris can also operate as a mutating webhook for many of the issues it checks for.
This means Polaris will remediate the issue it finds, rather than rejecting
the deployment.

To enable the mutating webhook, add `--set webhook.mutate=true` to your
Helm instlallation command.

By default, the only mutation enabled is `pullPolicyNotAlways`. If you'd like to
enable other mutations, you can set the `webhook.mutations` flag.


26 changes: 26 additions & 0 deletions docs/infrastructure-as-code.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,32 @@ brew install FairwindsOps/tap/polaris
polaris version
```

## Checking Infrastructure as Code files
You can audit Kubernetes YAML files by running:
```bash
polaris audit --audit-path ./deploy/ --format=pretty
```
This will print out any issues Polaris finds in your manifests.

Polaris can only check raw YAML manifests. If you'd like to check a Helm template,
you can run `helm template` to generate a manifest that Polaris can check.

## Fixing Issues
Polaris can automatically fix many of the issues it finds. For example, you can run
```bash
polaris fix --files-path ./deploy/ --checks=all
```

to fix any issues inside the `deploy` directory. Polaris may leave
comments next to some changes (e.g. liveness and readiness probes) prompting
the user to set them to something more appropriate given the context of their
application.

Note that not all issues can be automatically fixed.

Currently only raw YAML manifests can be mutated. Helm charts etc.
still need to be changed manually.

## Running in a CI pipeline

### Set minimum score for an exit code
Expand Down

0 comments on commit acadebe

Please sign in to comment.