Datree (pronounced /da-tree/
) is a cloud native solution to prevent Kuberentes misconfigurations by blocking resources that do not meet your policy.
Install Datree to get insights on the status of your cluster and enforce your desired policies on new resources.
NOTE:
By default, Datree does not block misconfigured resources, it only monitors and alerts about them.
To enable enforcement mode, see the documentation.
Run the following command in your terminal:
helm repo add datree-webhook https://datreeio.github.io/admission-webhook-datree
helm repo update
Replace <DATREE_TOKEN>
with the token from your dashboard, and run the following command in your terminal:
helm install -n datree datree-webhook datree-webhook/datree-admission-webhook --debug \
--create-namespace \
--set datree.token=<DATREE_TOKEN> \
--set datree.clusterName=$(kubectl config current-context)
This will create a new namespace (datree), where Datree’s services and application resources will reside. datree.token
is used to connect your dashboard to your cluster. Note that the installation can take up to 5 minutes.
Datree scans Kubernetes resources against a centrally managed policy, and blocks those that violate your desired policies.
Datree comes with multiple pre-built policies covering various use-cases, such as workload security, high availability, ArgoCD best practices, NSA hardening guide, and many more.
In addition to our built-in rules, you can write any custom rule you wish and then run it against your Kubernetes configurations to check for rule violations. The custom rule engine is based on JSON Schema.
Datree offers a suite of features to make adoption seamless:
- Monitoring - Datree is first installed in monitoring mode that reports on policy violations, rather than block their deployments.
- CLI - Help your developers find misconfigurations in their configs before deploying them, by integrating Datree into their CI.
- Misconfiguration prioritization - Datree makes it easy to improve the quality of your cluster by prioritizing the misconfigurations to be fixed.
- Cluster score - Rank the stability of your cluster based on the number of detected misconfigurations.
Datree can be customized via code (policy as code) or via a management dashboard. The dashboard offers the following capabilities in an intuitive visual interface:
- Customize policies
- Edit rules failure message
- Issue tokens
- View policy check history
- Configure Kubernetes schema version
Contributions are welcome!
Thank you to all the people who already contributed to Datree ❤️