Open in app

Sign in

Write

Sign in

Datree: To Prevent K8s Misconfigurations from Reaching Production.

Nilima Chavan
3 min readOct 15, 2021

--

Introduction to Datree and sample implementation

Hello everyone,
I used to write blogs on WordPress earlier and now finally shifting to medium.

Already, feels great

What is Datree?

It is an open-source CLI utility tool that prevents misconfiguration on Kubernetes workloads and a SaaS platform to manage policies. It validates your Kubernetes YAML files.

Why do we need Datree?

To prevent errors in Kubernetes configurations. It helps the owners/developers to manage the policy enforcement which, automatically checks for rules violations. When using Datree, you do not need to have a connection with the production cluster. Policy and rules can be applied from the online Datree Dashboard. Interesting isn’t it?

How do Datree works?

  1. Checks the Yaml file for the syntax is written correctly.
  2. Kubernetes schema validation checks if the version is valid or invalid.
  3. Policy check — It could be a memory limit, CPU limit, or any custom policy check.
  4. It gives the summary of the YAML file run against Datree applied policies.

Let’s have a quick and simple implementation of Datree

To install Datree follow the official doc

Sample deployment.yaml file for nginx

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80

To validate this yaml using Datree run following command

$ datree test deployment.yaml
Configuration Error

So in the above image, as we can see we got Total Rules Passed: 21 and Total Rules Failed: 9

I have made the default policy with 30 rules which are configured through Datree Dashboard. Link for the Dashboard can be obtained through CLI as shown in the below image

Dashboard Link

In Datree dashboard, we can edit rules as per our need, and those rules will be applied at the time of validating the deployment YAML file.

Dashboard to config datree rules

So, I have solved the first four errors which were shown in the above configuration error image.

updated deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        resources:
          limits:
            memory: 200Mi
            cpu: 1
          requests:
            memory: 100Mi
            cpu: 100m
        ports:
        - containerPort: 80

Now if we run the command again to check

$ datree test deployment.yaml
Solved 4 config rules

Output is Total Rules Failed: 5 which was 9 before
We did configure the memory request, CPU request, memory limit, and CPU limit in our deployment file.

So, This is how Datree can be useful for standerization and to avoid misconfiguration in K8s.

Thank you if you made it to the end.

Datree
Kubernetes
Configuration
Deployment
K8s

--

--

Nilima Chavan

Written by Nilima Chavan

11 Followers

SRE

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams