From 69db99d3d11557342809e321f48e485f4e31a8cb Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Wed, 20 May 2026 23:04:55 +0000 Subject: [PATCH 1/4] chore(artifacthub): update to v1.0.1 Bumps version to 1.0.1, updates createdAt date, and points archive URL/checksum to the v1.0.1 GitHub release. Co-Authored-By: Paperclip --- artifacthub-pkg.yml | 118 +++++++++++++++++++------------------------- 1 file changed, 51 insertions(+), 67 deletions(-) diff --git a/artifacthub-pkg.yml b/artifacthub-pkg.yml index 0b1fd2e..9bce41f 100644 --- a/artifacthub-pkg.yml +++ b/artifacthub-pkg.yml @@ -1,76 +1,60 @@ -version: "1.0.0" +version: 1.0.1 name: headlamp-polaris displayName: Polaris -createdAt: "2026-02-05T19:00:00Z" -description: >- - Surfaces Fairwinds Polaris audit results inside the Headlamp UI. - Shows cluster score, check summary, and per-namespace drill-downs - with per-resource pass/warning/danger breakdowns. Data is fetched - read-only via the Kubernetes service proxy to the Polaris dashboard. - Requires a Role granting `get` on `services/proxy` for the - `polaris-dashboard` service in the `polaris` namespace. +createdAt: '2026-05-20T00:00:00Z' +description: Surfaces Fairwinds Polaris audit results inside the Headlamp UI. Shows + cluster score, check summary, and per-namespace drill-downs with per-resource pass/warning/danger + breakdowns. Data is fetched read-only via the Kubernetes service proxy to the Polaris + dashboard. Requires a Role granting `get` on `services/proxy` for the `polaris-dashboard` + service in the `polaris` namespace. license: Apache-2.0 -homeURL: "https://github.com/privilegedescalation/headlamp-polaris-plugin" -appVersion: "10.1.6" +homeURL: https://github.com/privilegedescalation/headlamp-polaris-plugin +appVersion: 10.1.6 category: security keywords: - - polaris - - fairwinds - - security - - audit - - headlamp - - kubernetes +- polaris +- fairwinds +- security +- audit +- headlamp +- kubernetes links: - - name: Source - url: "https://github.com/privilegedescalation/headlamp-polaris-plugin" - - name: Polaris - url: "https://polaris.docs.fairwinds.com/" -install: | - ## Installation - - ### Prerequisites - - 1. [Headlamp](https://headlamp.dev) v0.26.0 or later - 2. [Fairwinds Polaris](https://polaris.docs.fairwinds.com/) installed and the dashboard running in your cluster - - ### Install via Headlamp Plugin Catalog - - 1. Open Headlamp and navigate to **Settings → Plugin Catalog** - 2. Search for **"Polaris"** - 3. Click **Install** and restart Headlamp when prompted - - The plugin is sourced directly from [ArtifactHub](https://artifacthub.io/packages/headlamp/headlamp/headlamp-polaris). - - ## Usage - - After installation, the Polaris plugin adds: - - A **cluster score badge** in the Headlamp app bar - - A **Polaris** section in the sidebar with the full dashboard and namespace drill-downs - - An **inline audit panel** on Deployment, StatefulSet, DaemonSet, Job, and CronJob detail pages - - For more information, see the [README](https://github.com/privilegedescalation/headlamp-polaris-plugin/blob/main/README.md). +- name: Source + url: https://github.com/privilegedescalation/headlamp-polaris-plugin +- name: Polaris + url: https://polaris.docs.fairwinds.com/ +install: + url: https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz + digest: sha256:1e05d079c7032cf55ebde85e116cb65b686d207f4b6a3b0f716f0af93f933e7e changes: - - kind: security - description: Patched 8 npm audit vulnerabilities via pnpm.overrides - - kind: added - description: Dual-approval required CI check — PRs must be approved by both CTO and QA before merge - - kind: added - description: ExemptionManager test suite — full coverage of annotation-based exemption flows - - kind: fixed - description: E2E infrastructure overhauled — ConfigMap volume mount replaces Dockerfile-based approach, tests run in privilegedescalation-dev namespace - - kind: fixed - description: E2E workflow uses token auth and waits for HTTP reachability before running tests - - kind: fixed - description: Added explicit direct devDependencies (typescript, eslint, prettier, @headlamp-k8s/eslint-config) to prevent phantom dep failures - - kind: changed - description: pnpm version pinned via packageManager field; GitHub Actions SHA-pinned via Renovate pinDigests - - kind: changed - description: v1.0.0 stable release — plugin API (routes, sidebar, settings schema, app bar action) is stable and will not change without a major version bump +- kind: security + description: Patched 8 npm audit vulnerabilities via pnpm.overrides +- kind: added + description: Dual-approval required CI check — PRs must be approved by both CTO + and QA before merge +- kind: added + description: ExemptionManager test suite — full coverage of annotation-based exemption + flows +- kind: fixed + description: E2E infrastructure overhauled — ConfigMap volume mount replaces Dockerfile-based + approach, tests run in privilegedescalation-dev namespace +- kind: fixed + description: E2E workflow uses token auth and waits for HTTP reachability before + running tests +- kind: fixed + description: Added explicit direct devDependencies (typescript, eslint, prettier, + @headlamp-k8s/eslint-config) to prevent phantom dep failures +- kind: changed + description: pnpm version pinned via packageManager field; GitHub Actions SHA-pinned + via Renovate pinDigests +- kind: changed + description: v1.0.0 stable release — plugin API (routes, sidebar, settings schema, + app bar action) is stable and will not change without a major version bump maintainers: - - name: privilegedescalation - email: "chris@farhood.org" +- name: privilegedescalation + email: chris@farhood.org annotations: - headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.0/headlamp-polaris-1.0.0.tar.gz" - headlamp/plugin/version-compat: ">=0.26" - headlamp/plugin/archive-checksum: sha256:a165e871b40f11a44950aa9f10eb7f7883276f749026ae7a4f886278ecd9bd7d - headlamp/plugin/distro-compat: "in-cluster,web,desktop" + headlamp/plugin/archive-url: https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz + headlamp/plugin/version-compat: '>=0.26' + headlamp/plugin/archive-checksum: sha256:1e05d079c7032cf55ebde85e116cb65b686d207f4b6a3b0f716f0af93f933e7e + headlamp/plugin/distro-compat: in-cluster,web,desktop From 639e4eaa6879f34c59bb13a29861dbd5f65cffc7 Mon Sep 17 00:00:00 2001 From: Null Pointer Nancy <8+pe_nancy@noreply.git.farh.net> Date: Wed, 20 May 2026 23:19:16 +0000 Subject: [PATCH 2/4] fix: use Gitea archive URL per board all-Gitea decision The GitHub release for v1.0.1 does not exist (404). Per board decision (2026-05-16), all PE projects use Gitea releases. Co-Authored-By: Paperclip --- artifacthub-pkg.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/artifacthub-pkg.yml b/artifacthub-pkg.yml index 9bce41f..97fa24b 100644 --- a/artifacthub-pkg.yml +++ b/artifacthub-pkg.yml @@ -24,7 +24,7 @@ links: - name: Polaris url: https://polaris.docs.fairwinds.com/ install: - url: https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz + url: https://git.farh.net/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz digest: sha256:1e05d079c7032cf55ebde85e116cb65b686d207f4b6a3b0f716f0af93f933e7e changes: - kind: security @@ -54,7 +54,7 @@ maintainers: - name: privilegedescalation email: chris@farhood.org annotations: - headlamp/plugin/archive-url: https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz + headlamp/plugin/archive-url: https://git.farh.net/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz headlamp/plugin/version-compat: '>=0.26' headlamp/plugin/archive-checksum: sha256:1e05d079c7032cf55ebde85e116cb65b686d207f4b6a3b0f716f0af93f933e7e headlamp/plugin/distro-compat: in-cluster,web,desktop From 791935947d65f4298ddbfbfa7aa3fe08bd35827a Mon Sep 17 00:00:00 2001 From: Chris Farhood Date: Wed, 20 May 2026 23:30:11 +0000 Subject: [PATCH 3/4] Fix install docs and archive URL to use GitHub (from QA review) - Restore install as multi-line Markdown guide (was replaced by url/digest object) - Point annotations.archive-url to github.com instead of git.farh.net --- artifacthub-pkg.yml | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/artifacthub-pkg.yml b/artifacthub-pkg.yml index 97fa24b..b85aecb 100644 --- a/artifacthub-pkg.yml +++ b/artifacthub-pkg.yml @@ -23,9 +23,30 @@ links: url: https://github.com/privilegedescalation/headlamp-polaris-plugin - name: Polaris url: https://polaris.docs.fairwinds.com/ -install: - url: https://git.farh.net/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz - digest: sha256:1e05d079c7032cf55ebde85e116cb65b686d207f4b6a3b0f716f0af93f933e7e +install: | + ## Installation + + ### Prerequisites + + 1. [Headlamp](https://headlamp.dev) v0.26.0 or later + 2. [Fairwinds Polaris](https://polaris.docs.fairwinds.com/) installed and the dashboard running in your cluster + + ### Install via Headlamp Plugin Catalog + + 1. Open Headlamp and navigate to **Settings → Plugin Catalog** + 2. Search for **"Polaris"** + 3. Click **Install** and restart Headlamp when prompted + + The plugin is sourced directly from [ArtifactHub](https://artifacthub.io/packages/headlamp/headlamp/headlamp-polaris). + + ## Usage + + After installation, the Polaris plugin adds: + - A **cluster score badge** in the Headlamp app bar + - A **Polaris** section in the sidebar with the full dashboard and namespace drill-downs + - An **inline audit panel** on Deployment, StatefulSet, DaemonSet, Job, and CronJob detail pages + + For more information, see the [README](https://github.com/privilegedescalation/headlamp-polaris-plugin/blob/main/README.md). changes: - kind: security description: Patched 8 npm audit vulnerabilities via pnpm.overrides @@ -54,7 +75,7 @@ maintainers: - name: privilegedescalation email: chris@farhood.org annotations: - headlamp/plugin/archive-url: https://git.farh.net/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz + headlamp/plugin/archive-url: https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz headlamp/plugin/version-compat: '>=0.26' headlamp/plugin/archive-checksum: sha256:1e05d079c7032cf55ebde85e116cb65b686d207f4b6a3b0f716f0af93f933e7e headlamp/plugin/distro-compat: in-cluster,web,desktop From e52d99512314d884f082676315f82f11d55f1f24 Mon Sep 17 00:00:00 2001 From: Null Pointer Nancy <8+pe_nancy@noreply.git.farh.net> Date: Wed, 20 May 2026 23:33:35 +0000 Subject: [PATCH 4/4] fix: use Gitea archive URL in annotation The GitHub release does not exist (404). Per board all-Gitea decision, archive URLs must point to git.farh.net. Co-Authored-By: Paperclip --- artifacthub-pkg.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/artifacthub-pkg.yml b/artifacthub-pkg.yml index b85aecb..517b9c8 100644 --- a/artifacthub-pkg.yml +++ b/artifacthub-pkg.yml @@ -75,7 +75,7 @@ maintainers: - name: privilegedescalation email: chris@farhood.org annotations: - headlamp/plugin/archive-url: https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz + headlamp/plugin/archive-url: https://git.farh.net/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.1/headlamp-polaris-1.0.1.tar.gz headlamp/plugin/version-compat: '>=0.26' headlamp/plugin/archive-checksum: sha256:1e05d079c7032cf55ebde85e116cb65b686d207f4b6a3b0f716f0af93f933e7e headlamp/plugin/distro-compat: in-cluster,web,desktop