I wonder if they looked at Cue [1], a data language that I think hits the sweet spot between readability and power.
Cue is a spiritual successor to Google's Jsonnet, but corrects the latter's design mistakes. Cue is quite simple, but also extremely readable. It looks ideal for the sort of data-level validations that Polaris wants to do, without having to express a DSL in YAML (which should be an antipattern by now) to do it.
How does this project relate to other tools in the same space, such as kube-score [1] and popeye [2]?
From my point of view, the approach taken by for example kube-score where resources are matched with each other to give a better overview is extremely powerful, for example it will notice if a Service is misconfigured and wouldn't match any Pods.
Popeye is a very cool project with the same general aim - it checks a lot of the same things as Polaris. It's very much CLI-first (and does an amazing job at that), while Polaris is happy to run as a CLI, a web dashboard, a validating webhook, or a CI/CD check.
kube-score I hadn't heard of, but looks very cool. You're right on matching resources - one of the requests we've gotten is to be able to check that every deployment comes with a PDB, which it looks like kube-score checks. Definitely a feature we're looking into!
It's nice but, for the service, per-node pricing is frustrating. Maybe our workload is unusual, but I'm running something at a reasonably small scale, with about 30 nodes.
The cluster autoscaler has been so good that we've optimised for more, smaller nodes, on spot instance pricing. At $79/node, that's about 4x the cost of the actual instance itself...
And yet the actual cost of the services provided, don't _really_ seem to scale with number of nodes? But then, I can't think of another metric to tie it to easily
the open source tool Polaris (what's quoted this article) is completely free to use. There is a commercial product (Fairwinds Insights) that includes Polaris among many other tools that costs 79$/node...
Agreed per-node pricing is not ideal, but it appears to be an industry standard - most k8s tooling charges per node.
Since different clusters have different node profiles (in terms of size, scaling, etc), we offer discounts on per-node pricing when customers have a large number of nodes.
Just to clear up any confusion: Polaris is 100% free and open source, under the Apache 2.0 License
Some of the questions below pertain to a commercial product, Fairwinds Insights, which includes Polaris as a plug-in (as well as Goldilocks, kube-bench, kube-hunter, and others). While Insights is a separate (paid) product, it can help folks track the lifecycle of their Polaris findings, collate results across clusters, set up Slack/Datadog alerts, etc.
Sorry if that wasn't clear from the article - happy to answer questions about either!
We're looking at building OPA support into Polaris as well, given how much the community has invested in it. For all the promise of OPA, we haven't seen it gain much traction outside of large enterprises, for many of the reasons we outline in the article.
Polaris is also 100% free. My guess is you're referring to Insights[0], which is a SaaS that incorporates Polaris, as well as several other open source auditing tools. We do offer per-node discounts for customers with a large number of nodes.
Cue is a spiritual successor to Google's Jsonnet, but corrects the latter's design mistakes. Cue is quite simple, but also extremely readable. It looks ideal for the sort of data-level validations that Polaris wants to do, without having to express a DSL in YAML (which should be an antipattern by now) to do it.
[1] https://cuelang.org/docs/tutorials/tour/intro/
How does this project relate to other tools in the same space, such as kube-score [1] and popeye [2]?
From my point of view, the approach taken by for example kube-score where resources are matched with each other to give a better overview is extremely powerful, for example it will notice if a Service is misconfigured and wouldn't match any Pods.
1: https://github.com/zegl/kube-score
2: https://github.com/derailed/popeye.
kube-score I hadn't heard of, but looks very cool. You're right on matching resources - one of the requests we've gotten is to be able to check that every deployment comes with a PDB, which it looks like kube-score checks. Definitely a feature we're looking into!
The cluster autoscaler has been so good that we've optimised for more, smaller nodes, on spot instance pricing. At $79/node, that's about 4x the cost of the actual instance itself...
And yet the actual cost of the services provided, don't _really_ seem to scale with number of nodes? But then, I can't think of another metric to tie it to easily
(disclaimer, I work at fairwinds)
Since different clusters have different node profiles (in terms of size, scaling, etc), we offer discounts on per-node pricing when customers have a large number of nodes.
Just to clear up any confusion: Polaris is 100% free and open source, under the Apache 2.0 License
Some of the questions below pertain to a commercial product, Fairwinds Insights, which includes Polaris as a plug-in (as well as Goldilocks, kube-bench, kube-hunter, and others). While Insights is a separate (paid) product, it can help folks track the lifecycle of their Polaris findings, collate results across clusters, set up Slack/Datadog alerts, etc.
Sorry if that wasn't clear from the article - happy to answer questions about either!
Might be heavier (haven't seen a comparison so /shrug) but why would i set on one horse while all others are setting on the other?
As a side note: Thats a ton of money for such a tool per node base
Polaris is also 100% free. My guess is you're referring to Insights[0], which is a SaaS that incorporates Polaris, as well as several other open source auditing tools. We do offer per-node discounts for customers with a large number of nodes.
[0] https://www.fairwinds.com/insights