Getting started

Datree secures your Kubernetes by blocking the deployment of misconfigured resources.

Quickstart

Install Datree to get insights on the status of your cluster and enforce your desired policies on new resources.

Note

By default, Datree does not block misconfigured resources, it only monitors and alerts about them.
To enable enforcement mode, see the behavior page.

Install Datree using the tool of your choice

                  

Helm

1. Add the Datree Helm repository

   helm repo add datree-webhook https://datreeio.github.io/admission-webhook-datree
   helm repo update

2. Install Datree on your cluster
   Replace <DATREE_TOKEN> with the token from your dashboard, and run the following command:

   helm install -n datree datree-webhook datree-webhook/datree-admission-webhook --debug \
   --create-namespace \
   --set datree.token=<DATREE_TOKEN> \
   --set datree.clusterName=$(kubectl config current-context)

Openshift

If you're looking to install on Openshift, add the following to the installation command:

--set securityContext.runAsUser=null

ArgoCD

Install Datree using one of the following methods:

Option 1 - Using the Argo CLI
Replace <DATREE_TOKEN> with your desired values, then run the following command:

argocd app create datree --repo https://datreeio.github.io/admission-webhook-datree --helm-chart datree-admission-webhook --revision 0.3.64 --dest-namespace datree --dest-server https://kubernetes.default.svc --helm-set datree.token=<DATREE_TOKEN> --helm-set datree.clusterName=$(kubectl config current-context) --sync-option CreateNamespace=true

Option 2 - Using the Argo UI
Create a new application, edit its YAML, and copy-paste the following (replace <DATREE_TOKEN> and <CLUSTER_NAME> with your values):

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
    name: datree
spec:
    destination:
        name: ''
        namespace: datree
        server: 'https://kubernetes.default.svc'
    source:
        path: ''
        repoURL: 'https://datreeio.github.io/admission-webhook-datree'
        targetRevision: 0.3.64
        chart: datree-admission-webhook
        helm:
            parameters:
                - name: datree.token
                  value: <DATREE_TOKEN>
                - name: datree.clusterName
                  value: <CLUSTER_NAME>
sources: []
project: default
syncPolicy:
    syncOptions:
      - CreateNamespace=true

Flux

1. Create the datree namespace which will hold Datree's resources

   kubectl create namespace datree

2. Create a HelmRepository resource

   flux create source helm admission-webhook-datree --url https://datreeio.github.io/admission-webhook-datree --namespace datree

3. Create a HelmRelease resource
   Replace <path-to-values-file.yaml> with the path to your values file, and run the following command:

   flux create hr admission-webhook-datree --chart=datree-admission-webhook --source=HelmRepository/admission-webhook-datree --values=<path-to-values-file.yaml> --namespace=datree

Your values.yaml file must contain your token and cluster name. A minimal example of a file:

#values.yaml
datree:
    token: 1234-abcd-5678-efgh
    clusterName: MyAwesomeCluster

• The installation will create a new namespace (datree), where Datree’s services and application resources will reside.
• datree.token is used to connect your cluster to your dashboard.
• Note that the installation can take up to 5 minutes.

---

You're all set! 🎉

Datree will now run in the background, scanning your cluster for misconfigurations.
A detailed report will be available in your dashboard once the scan is complete.

What's next?

You can now proceed to configure Datree according to your needs.