Fairwinds Insights FAQs

Fairwinds Insights is a configuration validation software platform that enables engineering and DevOps teams to run Kubernetes workloads securely, efficiently, and reliably. The platform integrates trusted open source tools that proactively monitor Kubernetes and container configurations, recommending improvements that help avoid problems before they arise. Recommendations are stored in a single location which enables teams to track and prioritize issues, collaborate across teams, and apply best practices as applications move from development to production. 

With Fairwinds Insights, we help:

• VPEs and Directors of Engineering get high level visibility into the state of their Kubernetes infrastructure, including recommendations for security, efficiency, and reliability improvements.
• CISOs and Security Managers understand any configuration and security risks with their Kubernetes and container infrastructure
• DevOps Managers identify, prioritize, plan, and track potential configuration issues with Kubernetes
• DevOps Engineers implement and use great open source auditing tools without having to spend cycles learning each one and building custom automation

Fairwinds Insights offers free and commercial tiers of the product. For more information, please visit our webpage at: https://www.fairwinds.com/insights

Fairwinds Insights provides a unified, multi-cluster view into three categories of Kubernetes configuration issues: security, efficiency, and reliability. This unified, multi-cluster view is available in commercial SaaS or commercial self-hosted options.

Currently, Fairwinds Insights operates as a SaaS platform. This means the Fairwinds Insight Agent (which is deployed as a helm chart) will report findings back to the SaaS platform hosted at insights.fairwinds.com.

A future “self-hosted” option is under roadmap consideration. Email us at insights@fairwinds.com if you’d like to learn more about this roadmap.

Fairwinds Insights provides integrations for a variety of great open source tools including Polaris, Goldilocks, and Trivy Container Scanning. For the complete list, please visit the Fairwinds Insights documentation center. 

Example findings:

Security:

• Container vulnerabilities

• Security issues with Kubernetes deployments (e.g., deployments configured to run as root)

• Cluster-level weaknesses (e.g., exposed pods, information disclosures, etc.)

• Kubernetes CVEs

• Automated notification of Helm charts that are out of date
  

Efficiency and Reliability:

• Cost metrics

• Recommended CPU and memory limits (for right-sizing your workloads)

• Potential reliability issues with Kubernetes deployments (e.g., missing liveness and readiness probes)

The Fairwinds Insights Agent leverages helm to install open source plugins in a single deployment. The Fairwinds Insights Agent orchestrates the installation, configuration, update, and scan frequency of each plugin.

The Fairwinds Insights Agent is publicly available as a helm chart but requires a token to use. You can generate a token after creating an account at https://insights.fairwinds.com

You can learn more about the Fairwinds Insights Agent here: https://github.com/FairwindsOps/charts/tree/master/stable/insights-agent

Getting started with Insights is as easy as a helm install. Once you’ve added the Agent to your cluster, you’ll see the dashboard populate in about a minute.

The RBAC permissions granted to Insights depend on the set of plugins you choose to install.

Most plugins require read-only access (get , list) to common resources, like Deployments and Namespaces. The only plugin with create or delete permission is Goldilocks, which is able to create and delete verticalpodautoscaler objects.

You can review the permissions for each plugin in the chart repository. Permissions are listed under rbac.yaml in each plugin’s directory.

No. The Fairwinds Insights Agent, which runs in your cluster, only needs to be able to reach insights.fairwinds.com. Our servers never send requests to your cluster.

The Fairwinds Insights Agent runs every hour by default. However, the schedule for each report is configurable, and can be run as frequently as every minute. 

For more information on configuring the Fairwinds Insights Agent, please see our GitHub page: https://github.com/FairwindsOps/charts/tree/master/stable/insights-agent

Fairwinds Insights stores the raw output of each of the auditing tools you’ve chosen to enable. This includes some high-level information about controller configuration (such as the existence of liveness and readiness probes or image pull policy), container performance (such as memory and CPU usage), and network vulnerabilities. The only identifiable information sent back is the names of containers, controllers, and namespaces.

Fairwinds Insights does NOT gather environment variables, secrets, config maps, or other sensitive information. Email us at insights@fairwinds.com if you’d like samples of each report type.

Fairwinds Insights currently supports the following open-source reporting tools. Each tool is represented as a ‘plugin’:

• Polaris

• Kube-hunter

• Kube-bench

• Kubesec

• Trivy

• Release-watcher

• Goldilocks

Great question! All of the open source tools used in Fairwinds Insights can be setup and run on their own using instructions from their respective GitHub reps.

However, if you’re looking to operationalize these tools on a regular basis, and provide visibility across multiple clusters you may be managing, then Fairwinds Insights may help you avoid the work of scripting, aggregating, normalizing, and prioritizing findings. Fairwinds Insights also provides lifecycle management of every finding, so you can track when it was first seen, last seen, when it was last reviewed, and who is assigned to take action.