What is Datree & Why as DevOps engineer you have to use it ?
#WeMakeDevs
Hello 👋 DevOps Learners, In this blog you'll get a clear aspect of what is datree and how one can get started with it as a beginner.
I'm very much excited 😃 to share my knowledge and research done to write📝this blog just for you folk.
Kubernetes ☸️
The world is still new to Kubernetes Patterns. Developers are still struggling their way through it & so are the admins. And too much configuration goes into the system, making it easy for such errors to creep in.
Worse still, most of these errors show their impact after a few days or even months. The system works perfectly until it just collapses without any warning. This makes the task even more difficult 🤕 for everyone.
What is Datree?
Datree is an (open-source) scanner that inspects 🐞 Kubernetes configuration for misconfigurations.
Datree is a CLI (Command Line Interface) tool that supports the Kubernetes owners by preventing developers to make mistakes in the Kubernetes configurations which can cause clusters to fail in production.
Why Datree required 🤷?
As we know there is a Kubernetes(K8S) configuration file that is used to create a cluster. However, before creating the cluster (or updating it), Datree can step in and let the developers know about the misconfigurations in the configurations. This prevents cluster failure in production.
In any tech organization production stability has a higher priority. So everyone must be aware that no changes are directly deployed to production. There needs to be tested and configurations must be managed. If production comes down, then there is simply no product and no product means no business.
In simple words, Datree provides developers a simplified Kubernetes deployment experience so they don't need to remember so many rules governing development.
Challenges Kubernetes admins face :
Default Namespace
Deprecated API's
Namespace Sharing
Not Respecting the Abstraction
Incorrect Image tags & Believing in Defaults
Tests with Policy checks 👩⚖️
CLI perform 3 types of tests, YAML validation, Kubernetes validation and the policy checks which you've provided.
YAML validation
The YAML file is being checked for syntax errors and compliance with the Kubernetes API specification. This is important because YAML files are used to define Kubernetes objects such as Deployments, Services, and ConfigMaps, and any syntax errors or deviations from the API specification can prevent those objects from being created or functioning correctly.
To learn more click here
Kubernetes schema validation
The second test which Datree performs is the Kubernetes schema validation. It performs the checks on the YAML files and ensures that it is a valid Kubernetes manifest file.
The schema validation helps ensure that the manifests used to create Kubernetes objects are syntactically and semantically correct. The validation process includes checking the resource type, resource fields, values of fields, and relationships between the objects defined in the manifest file. If the schema validation fails, it provides a detailed error message which can help identify and troubleshoot the problem.
Policy checks
The third check which Datree performs are the policy check which are defined by default in Datree, you can check them out in the Datree dashboard.
Datree comes with a built-in rules, so you don’t have to worry about codifying your policies by yourself. Dozens of rules are ready in various areas: Container, Workload, CronJob, Network, Security, Deprecation, Argo, NSA-hardening-guidelines, and more.
Datree is used on the command line, admission webhook, or even as a kubectl plugin to run policies against Kubernetes objects.
Datree integrates in all development stages:
Before committing code via Pre-commit hook
While developing using the CLI
CI/CD tools like GitHub Actions
Kubectl plugin that allows scanning of existing assets running on the cluster for misconfigurations.
That's all about datree and the use case of it. From now on you know what is datree and why to use it.
So let's jump in, Install it and play with this cool tool.
Installation of Datree
I have spent more time installing it as a beginner and doing lots of debugging. because as a windows user you have not used many Linux commands.
If you’ve spent hours in the trenches debugging code or installation, you don’t want to miss this!
Install the Datree CLI
Run a policy check against a Kubernetes manifest
👨💻 Results of all checks :
Connect your CLI to your dashboard 🖥️
To connect with dashboard you need to Install Datree With Helm v3
Befor that you need to install kubectl or complete the setup of kubenetes
Install minikube on linux and windows
Installation kubectl :
curl.exe -LO "https://dl.k8s.io/release/v1.26.0/bin/windows/amd64/kubectl.exe"
curl.exe -LO "https://dl.k8s.io/v1.26.0/bin/windows/amd64/kubectl.exe.sha256"
CertUtil -hashfile kubectl.exe SHA256
type kubectl.exe.sha256
// TO check ther version
kubectl version --client
Install Minikube :
minikube is local Kubernetes, focusing on making it easy to learn and develop for Kubernetes. All you need is Docker (or similarly compatible) container or a Virtual Machine environment, and Kubernetes is a single command away: minikube start
What you’ll need :
2 CPUs or more
2GB of free memory
20GB of free disk space
Internet connection
Container or virtual machine manager, such as: Docker, QEMU, Hyperkit, Hyper-V, KVM, Parallels, Podman, VirtualBox, or VMware Fusion/Workstation
Download and run the installer for the latest release.
Or if usingPowerShell
, use this command :New-Item -Path 'c:' -Name 'minikube' -ItemType Directory -Force Invoke-WebRequest -OutFile 'c:\minikube\minikube.exe' -Uri 'https://github.com/kubernetes/minikube/releases/latest/download/minikube-windows-amd64.exe' -UseBasicParsing
Add the
minikube.exe
binary to yourPATH
.
Make sure to run PowerShell as Administrator.$oldPath = [Environment]::GetEnvironmentVariable('Path', [EnvironmentVariableTarget]::Machine) if ($oldPath.Split(';') -inotcontains 'C:\minikube'){ [Environment]::SetEnvironmentVariable('Path', $('{0};C:\minikube' -f $oldPath), [EnvironmentVariableTarget]::Machine) }
Start your cluster & Interact with your cluster :
minikube start kubectl get po -A minikube kubectl -- get po -A alias kubectl="minikube kubectl --"
📍Now you are good to go.. you are connected to your datree dashboard
Conclusion
In this post we discussed the intro of datree and the danger of Kubernetes misconfigurations. Ultimately the continued expansion of Kubernetes relies on finding a approach that gives the infrastructure teams the confidence to avoid misconfigurations that reach production, while giving the engineers the means to deploy workloads independently.
This is what Datree offers. On the one hand, with the CLI tool, it gives engineers the means to validate their workloads before deploying them to production., On the other hand, with the Kubernetes Admission Webhook, it gives the infrastructure teams the guardrails that ensure no misconfigurations enter their cluster. It empowers engineers, but does so responsibly, without giving up on the governance of the infra teams.
As a next step, users can explore how Datree is incorporated into a CI pipeline. Setting up custom rules is also an exciting area of study. Finally, we must remember that Datree is Open Source and we can always head on to their repository to support this awesome software. Here are some important references and resources :
Thank you for your attention! ❤️
I hope you now understood what is Datree and how it is used, If you have any further doubts related to it make sure to reach out on Twitter and Linkedin 😊
Subscribe to my newsletter
Read articles from Rahul Prasad directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Rahul Prasad
Rahul Prasad
I am a DevOps + Blockchain Learner 👨💻 Student at IIIT Bangalore in Software Development with specialization in Blockchain Technology. I am sharing my experience and learning on twitter & LinkedIn with community to help them grow together.