headlamp-polaris-plugin/artifacthub-pkg.yml

version: "1.0.0"
name: headlamp-polaris
displayName: Polaris
createdAt: "2026-02-05T19:00:00Z"
description: >-
  Surfaces Fairwinds Polaris audit results inside the Headlamp UI.
  Shows cluster score, check summary, and per-namespace drill-downs
  with per-resource pass/warning/danger breakdowns. Data is fetched
  read-only via the Kubernetes service proxy to the Polaris dashboard.
  Requires a Role granting `get` on `services/proxy` for the
  `polaris-dashboard` service in the `polaris` namespace.
license: Apache-2.0
homeURL: "https://github.com/privilegedescalation/headlamp-polaris-plugin"
appVersion: "10.1.6"
category: security
keywords:
  - polaris
  - fairwinds
  - security
  - audit
  - headlamp
  - kubernetes
links:
  - name: Source
    url: "https://github.com/privilegedescalation/headlamp-polaris-plugin"
  - name: Polaris
    url: "https://polaris.docs.fairwinds.com/"
install: |
  ## Installation

  ### Prerequisites

  1. [Headlamp](https://headlamp.dev) v0.26.0 or later
  2. [Fairwinds Polaris](https://polaris.docs.fairwinds.com/) installed and the dashboard running in your cluster

  ### Install via Headlamp Plugin Catalog

  1. Open Headlamp and navigate to **Settings → Plugin Catalog**
  2. Search for **"Polaris"**
  3. Click **Install** and restart Headlamp when prompted

  The plugin is sourced directly from [ArtifactHub](https://artifacthub.io/packages/headlamp/headlamp/headlamp-polaris).

  ## Usage

  After installation, the Polaris plugin adds:
  - A **cluster score badge** in the Headlamp app bar
  - A **Polaris** section in the sidebar with the full dashboard and namespace drill-downs
  - An **inline audit panel** on Deployment, StatefulSet, DaemonSet, Job, and CronJob detail pages

  For more information, see the [README](https://github.com/privilegedescalation/headlamp-polaris-plugin/blob/main/README.md).
changes:
  - kind: security
    description: Patched 8 npm audit vulnerabilities via pnpm.overrides
  - kind: added
    description: Dual-approval required CI check — PRs must be approved by both CTO and QA before merge
  - kind: added
    description: ExemptionManager test suite — full coverage of annotation-based exemption flows
  - kind: fixed
    description: E2E infrastructure overhauled — ConfigMap volume mount replaces Dockerfile-based approach, tests run in privilegedescalation-dev namespace
  - kind: fixed
    description: E2E workflow uses token auth and waits for HTTP reachability before running tests
  - kind: fixed
    description: Added explicit direct devDependencies (typescript, eslint, prettier, @headlamp-k8s/eslint-config) to prevent phantom dep failures
  - kind: changed
    description: pnpm version pinned via packageManager field; GitHub Actions SHA-pinned via Renovate pinDigests
  - kind: changed
    description: v1.0.0 stable release — plugin API (routes, sidebar, settings schema, app bar action) is stable and will not change without a major version bump
maintainers:
  - name: privilegedescalation
    email: "chris@farhood.org"
annotations:
  headlamp/plugin/archive-url: "https://github.com/privilegedescalation/headlamp-polaris-plugin/releases/download/v1.0.0/headlamp-polaris-1.0.0.tar.gz"
  headlamp/plugin/version-compat: ">=0.26"
  headlamp/plugin/archive-checksum: sha256:a165e871b40f11a44950aa9f10eb7f7883276f749026ae7a4f886278ecd9bd7d
  headlamp/plugin/distro-compat: "in-cluster,web,desktop"