Getting started
Datree secures your Kubernetes by blocking the deployment of misconfigured resources.
Quickstart
Install Datree to get insights on the status of your cluster and enforce your desired policies on new resources.
By default, Datree does not block misconfigured resources, it only monitors and alerts about them.
To enable enforcement mode, see the behavior page.
Install Datree using the tool of your choice



- Helm
- ArgoCD
- Flux
Add the Datree Helm repository
helm repo add datree-webhook https://datreeio.github.io/admission-webhook-datree
helm repo updateInstall Datree on your cluster
Replace<DATREE_TOKEN>
with the token from your dashboard, and run the following command:helm install -n datree datree-webhook datree-webhook/datree-admission-webhook --debug \
--create-namespace \
--set datree.token=<DATREE_TOKEN> \
--set datree.clusterName=$(kubectl config current-context)
If you're looking to install on Openshift, add the following to the installation command:
--set securityContext.runAsUser=null
Install Datree using one of the following methods:
Option 1 - Using the Argo CLI
Replace <DATREE_TOKEN>
with your desired values, then run the following command:
argocd app create datree --repo https://datreeio.github.io/admission-webhook-datree --helm-chart datree-admission-webhook --revision 0.3.64 --dest-namespace datree --dest-server https://kubernetes.default.svc --helm-set datree.token=<DATREE_TOKEN> --helm-set datree.clusterName=$(kubectl config current-context) --sync-option CreateNamespace=true
Option 2 - Using the Argo UI
Create a new application, edit its YAML, and copy-paste the following (replace <DATREE_TOKEN>
and <CLUSTER_NAME>
with your values):
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: datree
spec:
destination:
name: ''
namespace: datree
server: 'https://kubernetes.default.svc'
source:
path: ''
repoURL: 'https://datreeio.github.io/admission-webhook-datree'
targetRevision: 0.3.64
chart: datree-admission-webhook
helm:
parameters:
- name: datree.token
value: <DATREE_TOKEN>
- name: datree.clusterName
value: <CLUSTER_NAME>
sources: []
project: default
syncPolicy:
syncOptions:
- CreateNamespace=true
Create the
datree
namespace which will hold Datree's resourceskubectl create namespace datree
Create a
HelmRepository
resourceflux create source helm admission-webhook-datree --url https://datreeio.github.io/admission-webhook-datree --namespace datree
Create a
HelmRelease
resource
Replace<path-to-values-file.yaml>
with the path to your values file, and run the following command:flux create hr admission-webhook-datree --chart=datree-admission-webhook --source=HelmRepository/admission-webhook-datree --values=<path-to-values-file.yaml> --namespace=datree
Your values.yaml
file must contain your token and cluster name. A minimal example of a file:
#values.yaml
datree:
token: 1234-abcd-5678-efgh
clusterName: MyAwesomeCluster
- The installation will create a new namespace (datree), where Datree’s services and application resources will reside.
datree.token
is used to connect your cluster to your dashboard.- Note that the installation can take up to 5 minutes.
You're all set! 🎉
Datree will now run in the background, scanning your cluster for misconfigurations.
A detailed report will be available in your dashboard once the scan is complete.
What's next?
You can now proceed to configure Datree according to your needs.