Skip to main content

Centralized policy

"Centralized policy" is the concept of controlling distributed policy execution from a centralized location. This concept enables the policy owner to easily control the rules that are evaluated in each run of Datree without creating operation overhead. The centralized policy can be managed by logging into the dashboard.

Enable and disable rules in a policy

In the dashboard, each of the 53 built-in rules can be switched "ON" or "OFF" according to your needs. Once a rule is disabled or enabled, it will automatically propagate to all policy checks that are executed against that policy (via account token). This way, the policy owner doesn't need to manually update all the devices connected to this policy.

centralized_policy_dashboard

Edit rule fail suggestion text

The output text that is shown in the CLI when a rule fails is editable. This can be used by the policy owner to educate policy consumers (e.g. developers, teammates, etc.), and instruct them regarding how they should fix their misconfigurations.

Dashboard viewCLI output
Before edit
After edit

Policy management

Add policies with different rules configured, giving each of your use cases its own custom policy.

Add a new policy

Create a new policy and give it a descriptive name.

create_policy

By default, each new policy is created without any rules enabled, giving you the freedom to configure it according to your needs.

configure_policy

Running checks against the new policy

To run the Datree CLI against the new policy (instead of the default one), you will need to add the `-p [policy-name]` to your policy check execution (e.g. $ datree test ~/.datree/k8s-demo.yaml -p A_team)

$ datree test [K8s-manifest] -p [policy-name]

check_with_new_policy