FAQ

What is considered a policy check?

Every time a scan is executed, it's counted as one policy check. If a file pattern that represents several files is passed to the test command (i.e. $ datree test <filePattern>) this scan still counts as one policy check execution. The same goes for a Kubernetes config file that contains several configurations.

For example, if you have two Kubernetes configuration files - demo-app.yaml and prod-app.yaml

If those files are scanned with a single execution:

Text

It will be counted as one policy check execution.

If those files are scanned with two executions:

Text

It will be counted as two policy checks executions.

What is a policy?

A set of rules that is executed together on one or several Kubernetes configurations. Each policy is running as a separate entity and has its own result.

Where can I report a bug or ask for a feature request?

Bugs and features can be opened in the project GitHub repository. All tickets will be answered within three working days max.

Where can I get support?

Do not open issues for general support questions as we want to keep GitHub issues for bug reports and feature requests. Instead, we recommend using "Discussions" to ask support-related questions. 

Does the CLI integration support Helm charts?

Yes. Datree also has a Helm plugin that can be accessed through the helm CLI, to provide a seamless experience to Helm users.

Why should I enable a rule that is already validated by kubectl when deploying?

You should always inspire to "shift-left" any validation process. This way, the end-user (e.g. a developer) can receive feedback as soon as possible without the cost of context switching. With Datree, the validation process can start at the CI (and even earlier), instead of waiting for the CD.

Also, the kubectl validation process does not always have a clear-cut error message when failing. This can create confusion for the end-user about what he should fix and how. With Datree, the Kubernetes owner can control the error message and instruct the end-user the appropriate action to take

To conclude, the best practice is to run Datree's policy check before any kubectl validation check.

Do you have an Admission Controller integration?

No, but this is on our roadmap. If you want to join our preview community and be part of our Early Adopter Community, send an email to oss+preview@datree.io.

Can I customize or add my own rules to a policy?

Yes, you can write any custom rule that you desire and add it to your policies.

Can I host the Dashboard data myself?

No, although we are looking to build an on-premise version of the Dashboard for use in private clouds.

Where does the policy evaluation occur?

Datree evaluates your policy in the cloud against the data provided, in an encrypted way, similar to how your workloads operate in the cloud. The data is sent only after processing and not in its raw format. We send the properties of the manifest so we can run the policy and verify it passes. All the data is sent encrypted, it's encrypted in our database and no one has access to it.