update
This commit is contained in:
101
tools/datree.md
Normal file
101
tools/datree.md
Normal file
@@ -0,0 +1,101 @@
|
||||
# Datree
|
||||
|
||||
Datree can be used on the command line to run policies against Kubernetes manifests YAML files or Helm charts. It prevents Kubernetes misconfigurations from reaching production.
|
||||
|
||||
As your organization's infrastructure owner, the product’s stability is your primary concern. Toolchain engineering and architecture gets pushed to the wayside because you must constantly put out fires configured in the development stage.
|
||||
|
||||
## Installation
|
||||
|
||||
**Windows** (PowerShell)
|
||||
```powershell
|
||||
iwr -useb https://get.datree.io/windows_install.ps1 | iex
|
||||
|
||||
setx PATH "$env:path;C:\Users\$env:UserName\AppData\Local\datree" -m
|
||||
```
|
||||
|
||||
**Linux** (Bash)
|
||||
```bash
|
||||
sudo apt -y install unzip
|
||||
|
||||
curl https://get.datree.io | /bin/bash
|
||||
```
|
||||
|
||||
**Usage**
|
||||
```bash
|
||||
datree test ~/.datree/k8s-demo.yaml
|
||||
```
|
||||
|
||||
## Policies
|
||||
"Centralized policy" is the concept of controlling distributed policy execution from a centralized location. This concept enables the policy owner to easily control the rules that are evaluated in each run of Datree without creating operation overhead. The centralized policy can be managed by logging into the dashboard.
|
||||
|
||||
To run the Datree CLI against the new policy (instead of the default one), you will need to add the `-p POLICYNAME` to your policy check execution:
|
||||
|
||||
```
|
||||
datree test ~/.datree/k8s-demo.yaml -p POLICYNAME
|
||||
```
|
||||
|
||||
|
||||
### Helm
|
||||
A Helm plugin to validate charts against the Datree policy.
|
||||
> [!attention]
|
||||
> Only works on Linux
|
||||
|
||||
|
||||
**Installation Linux** (Bash)
|
||||
```bash
|
||||
helm plugin install https://github.com/datreeio/helm-datree
|
||||
|
||||
|
||||
### Usage
|
||||
Trigger datree policy check via the helm CLI
|
||||
```bash
|
||||
helm datree test [CHART_DIRECTORY]
|
||||
```
|
||||
|
||||
|
||||
**Usage**
|
||||
|
||||
If you need to pass helm arguments to your template, you will need to add -- before them:
|
||||
|
||||
```bash
|
||||
helm datree test [CHART_DIRECTORY] -- --values values.yaml --set name=prod
|
||||
```
|
||||
|
||||
## Webhooks
|
||||
|
||||
### Installation
|
||||
|
||||
Install with providing Datree token. The Datree token is optional, and can be entered during the installation procedure as well.
|
||||
|
||||
```bash
|
||||
DATREE_TOKEN=[your-token] bash <(curl https://get.datree.io/admission-webhook)
|
||||
```
|
||||
|
||||
### Ignore a namespace
|
||||
|
||||
Add the label "admission.datree/validate=skip" to the configuration of the namespace you would like to ignore:
|
||||
|
||||
```bash
|
||||
kubectl label namespaces default "admission.datree/validate=skip"
|
||||
```
|
||||
|
||||
To delete the label and resume running the datree webhook on the namespace again:
|
||||
|
||||
```bash
|
||||
kubectl label namespaces default "admission.datree/validate-"
|
||||
```
|
||||
|
||||
### Uninstallation
|
||||
|
||||
To uninstall the webhook, copy the following command and run it in your terminal:
|
||||
|
||||
```bash
|
||||
bash <(curl https://get.datree.io/admission-webhook-uninstall)
|
||||
```
|
||||
|
||||
To uninstall the helm release, copy the following command and run it in your terminal:
|
||||
|
||||
```bash
|
||||
helm uninstall datree-webhook -n datree
|
||||
kubectl delete ns datree
|
||||
```
|
||||
Reference in New Issue
Block a user