Getting Started with Datree πŸš€

Abhinandan WadhwaAbhinandan Wadhwa
4 min read

Table of contents

"K8s is awesome... until production goes down"

Datree is a great open source tool to prevent Kubernetes manifest files misconfiguration to reach and disturb production. Datree provides an amazing CLI to interact with. Today, in this blog, we will be learning about some basic Datree CLI commands and how to get started with Datree and use it to improve your efficiency and save your precious timeπŸ‘Œ.

Why to use Datree? And what is Datree? πŸ€”

Few days ago, i got stuck with this yaml file, which was throwing errors like anything when i was trying to deploy it using kubectl. Turned out, there was an indentation error in my yaml file and i wasted 30 minutes to find out about that indentation errorπŸ€¦β€β™‚οΈ

Datree solves this problem by providing some policies (set of checks), which you can either customize according to your use or use the predefined policies to prevent misconfiguration.

Getting Started! πŸ™ƒ

Step 1

Go to Datree and click on Get Your Token to signup for datree. Once you've signed up for datree, you'll get this screen shown below.

Step 2

Copy and run both commands in your terminal and click on Confirm Installation.

Confirm your email to start your Datree trial.

Step 3

Now, from the right sidebar, click on </> Code .

Follow the above 2 steps by copy pasting the commands and you'll be all set to use Datree and test your first Kubernetes manifest configuration πŸ₯³.

Step 4

Go to your terminal and run datree test ~/.datree/k8s-demo.yaml . That's the test file provided by datree to understand the tool.

You'll notice here that two checks have passed, which are:

  1. YAML validation - This check is for validating your YAML file's syntax and indentation.

  2. Kubernetes schema validation - In every Kubernetes manifest file, you have to set the kind key to some of the predefined values. In the provided k8s-demo.yaml file, the kind key is set to Deployment. You can verify that by running cat ~/.datree/k8s-demo.yaml in your terminal. So, corresponding to this kind key, you can set some spec fields in your file to define your cluster. This check helps you to verify that the spec fields matches the kind of object you've defined.

  3. Policy Checks - Apart from YAML and schema validation, if you want extra security and checks, you can edit these policy checks and reflect the same. For example, the first test failing here says, Ensure each container image has a pinned (tag) version. This error showed up because in the demo file, the image key has been set to nginx:latest, which doesn't mention the version of image explicitly. That's the reason this test is failing.

Editing Policies

Now that you have a basic understanding about policy checks, you can go to the Policies tab on the left of your Datree dashboard.

Here, you can see so many policies and checks, but the one we need for now is the Default one on the top.

This was the first test we were failing when we ran datree test on the provided test yaml file. You can turn this check off by turning that slider off.

After turning that off, run datree test ~/.datree/k8s-demo.yaml again.

You can now notice that only 3 checks are failing, as compared to the 4 failing checks before and that first failing check, which we turned off few seconds ago, is now not failing anymore. Notice that this is all realtime and you don't have to change anything locally to turn that check off , which is just amazing 🀯.

You can also edit the test fail message by clicking this edit button after expanding the element.

Creating Your own policy

To create your own policy, click on this Create Policy button on the left side.

Type your policy name and click on the tick button.

You'll notice that you get another policy and you can turn on and off checks that you want and customize it according to your choice and liking.

Now, to run the test on your own defined policy, you have to add a -p flag after your datree test command.

For example:

Run datree test ~/.datree/k8s-demo.yaml -p MyPolicy and you'll be running the checks according to the policy defined by you.

History

You can check your tests history by going to the History tab on the left.

Final Thoughts

According to me, Datree is an amazing tool, which you should definitely use if you work with a lot of Kubernetes config files and often struggle to keep them perfect. Datree is not only easy to use but also very powerful at the same time. The fact that this all happens locally and without deploying the object just blows my mind.

Thanks for reading!

Want to connect?

If you found the information in this tutorial valuable, follow me on Twitter andor LinkedIn.

3
Subscribe to my newsletter

Read articles from Abhinandan Wadhwa directly inside your inbox. Subscribe to the newsletter, and don't miss out.

DatreeKubernetesDevopsDevops articlesDevOps Journey

Written by

Abhinandan Wadhwa
Abhinandan Wadhwa