Skip to content

Latest commit

 

History

History
99 lines (76 loc) · 3.29 KB

README.md

File metadata and controls

99 lines (76 loc) · 3.29 KB

kubectl-datree

Overview

This kubectl plugin extends the Datree CLI's capabilities to allow scanning resources within your cluster for misconfigurations.

Datree-kubectl


Use cases

  • Reveal unknown configuration issues
  • Get ready for future k8s version upgrade
  • Enforce standards and best practices

Supported Platforms

This plugin supports MacOS and Linux.


Installation

Via Krew

  1. Install krew
  2. Install the datree plugin:
kubectl krew install datree

Manual installation

  1. Download the installation script from this repository.
  2. Open a terminal at the location of the script.
  3. Run /bin/sh manual_install.sh (an administrator password will be required to complete the installation).

Usage

kubectl datree test [datree CLI args] -- [options]

Arguments:

datree CLI args:
  This plugin supports all of the Datree CLI arguments: https://hub.datree.io/cli-arguments

options:
  [-n <namespace>] Test all resources in the cluster belonging to the specified namespace
  [--all] Test all resources in the cluster
      When using '--all', you can specify namespaces to exclude using '--exclude <namespace> --exclude <namespace2>'
  [<resource type> <resource name> <namespace>] Test a single resource in the cluster

  Running 'kubectl datree test' with no arguments is equivalent to 'kubectl datree test -- -n default'

Specification

The plugin supports the following resource types:

  • Pod
  • Service
  • Ingress
  • Daemonset
  • Deployment
  • Replicaset
  • Statefulset
  • Job
  • CronJob
  • CRD (not the custom resource itself, but its definition)

⚠️ When running against a given namespace, only resources of these types will be checked.


Examples

The following command will fetch all resources within the namespace exmpl, and execute a policy check against them:

kubectl datree test -- -n exmpl

The following command will fetch the resource of kind Service named myAwesomeService in namespace mySweetNamespace, and execute a policy check against it using k8s schema version 1.22.0:

kubectl datree test -s "1.22.0" -- service myAwesomeService mySweetNamespace

The following command will fetch all resources from all namespaces in the cluster except for 'default':

kubectl datree test -- --all --exclude default

Example test with no misconfigurations: