Skip to main content

Getting started

Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to production, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. Datree can be used on the command line, admission webhook, or even as a kubectl plugin to run policies against Kubernetes objects.

tip

No prerequisites to get started!

Quickstart

1. Install the Datree CLI

Binary releases can be downloaded from the releases page or can be installed directly

curl https://get.datree.io | /bin/bash

helm

Using Helm?

Take a look at our Helm plugin

kustomize

Using Kustomize?

Check out our built-in Kustomize support



2. Run a policy check against a Kubernetes manifest

Run the CLI against any Kubernetes YAML file.
You can use our demo file if you wish:

datree test ~/.datree/k8s-demo.yaml

You will get the following output in your CLI:

gettingstarted_cli_output

3. Customize your policy

Connect your CLI to your dashboard

Follow the link in the output summary:

gettingstarted_summary

To start using your dashboard, easily sign-up using your private GitHub or Google account, no need to enter any personal information.

gettingstarted_signup

Enable/disable built-in rules

After signing up, you'll be automatically redirected to your Centralized policy where you can configure it according to your needs:

gettingstarted_enable_disable

[OPTIONAL] Add your custom rules

In addition to the tool's built-in rules, you can also write any rule that you wish and run it against your Kubernetes configurations to check for violations. Read how to set up custom rules at Understanding custom rules.

4. Integrate into your workflow

From develop to runtime, you can use Datree in every step of your Kuberenetes pipeline to help you prevent misconfigurations:
 Develop (code) - run the CLI locally (or as a pre-commit hook) to get instant validation
 Distribute (CI) - integrate with your CI platform to shift-left policy checks
 Deploy (CD) - gate your cluster with the admission webhook
 Runtime (production) - query deployed resources with the kubectl plugin to your know your status

lifecycle