Written By: Dakoda Wogan
Fairwinds recently highlighted some of our enhancements to Insights helping to further unify DevSecOps with additional shift-left security features. We’ve also dug deep into why you need to keep third-party images up-to-date to help manage potential Kubernetes vulnerabilities. Beyond this, we’ve continued to improve our Kubernetes governance platform to ensure users are providing guardrails around security, reliability, and cost.
Our latest release notes highlight further enhancements. You can read all the release notes at the Fairwinds Insights documentation.
Auto-Scan for Infrastructure as Code
Fairwinds is upgrading the GitHub integration and making new infrastructure-as-code scanning capabilities available to all customers. Auto-Scan enables organizations using GitHub to enable infrastructure-as-code scanning across multiple repositories without having to configure individual CI pipelines. Scans can be initiated on every pull request on any GitHub repo, and will use the Fairwinds Insights SaaS infrastructure to run the checks.
- This eliminates the need to configure individual CI pipelines, allows organizations to save on compute resources, and turns on “shift left” infrastructure-as-code testing in minutes.
- Of course, any existing CI pipelines that are configured will continue to operate normally. If you decide that Auto-Scan is not for you, no problem — simply choose “Connect Manually” when prompted to add a new repository. This will provide the option of running scans in a CI pipeline on your own infrastructure and does not require GitHub permissions.
Automated discovery of infrastructure-as-code files
Now, using the new permissions, Fairwinds will automatically locate Helm and YAML files that are available for scanning within your GitHub repositories. This avoids the need to specify the exact location of Helm and YAML manifests in a fairwinds-insights.yaml file at the root of your repository.
Scan results posted GitHub Comments
Using the new permissions, Insights will also post scan results as GitHub comments, keeping developers within their workflow.
Enhanced Repositories UI
The Repositories UI has been enhanced to support Auto-Scan and our latest UX standards.
These new features are available to all customers, and accepting the permissions is optional. If you choose not to accept the permissions, Auto-Scan will not be available, but users can still adopt infrastructure-as-code scanning by integrating Insights into their existing CI/CD systems.
Version 2.0 of our Insights Agent comes with some small breaking changes to improve the usability of the Helm Chart. While your existing 1.x installation will continue working as expected, you may need to change your values.yaml when upgrading to Agent 2.0. There are also some minor changes to Admission Controller and CI behavior that will take place when updating to a new version. Here is a list of breaking and behavior changes.
Bug Fixes and Improvements
We also continue to improve the platform with bug fixes. Here is a short rundown of some of these improvements:
- Some workload metrics were showing N/A incorrectly
- Faster loading of cluster overview page
- UI improvements to the Efficiency pages
- Fixed issue where sometimes Nodes were being duplicated in the Nodes Capacity chart
- Fixed node names in the Nodes Capacity chart
- Fixed memory difference showing 0 (N/A) if the difference is too large
- Links to Action Items table are now working
- Clicking the All Clusters option from the dropdown goes to the correct page
- Fixed un-assigning and un-snoozing Action Items
- Choosing multiple filters on the Action Items table now shows correct results
- New Clusters can be created with the same name as a previously deleted Cluster (Clusters deleted prior to 8.1.0 release)