CLI arguments
Running a policy check
The minimum input that's required to trigger a policy check is to use the command datree test and to provide a Kubernetes configuration file path or a glob pattern:
$ datree test kube-prod/deployment.yaml
$ datree test kube-*/*.yaml
Flags
| Flag | Alias | Values | Description |
|---|---|---|---|
| --help | -h | N/A | Print help. If a command is provided, help will be printed for that command |
| --output | -o | json, yaml, xml, JUnit | Output the policy check results in the requested format |
| --output | -o | simple | Output the policy check results in simple text (without emoji or colors) |
| --schema-version | -s | e.g. "1.20.0" | Set Kubernetes version to validate against. Default can also be changed from the dashboard |
| --schema-location | N/A | e.g. "http\://example.com/schema.json" | Override Kubernetes schema location. See relevant page for more information. |
| --ignore-missing-schemas | N/A | N/A | Skip files with missing schemas instead of failing the schema validation check |
| --policy | -p | e.g. staging | Specify which policy to execute (by policy name) |
| --only-k8s-files | N/A | N/A | Skip all non-K8s files. Especially useful when scanning a dir with K8s and other config files: datree test *.yaml --only-k8s-files |
| --no-record | N/A | N/A | Don’t send policy checks metadata to the backend |
| --verbose | N/A | N/A | Display 'How to Fix' link for failed rules in output |
Additional options
Built-in Kustomize support
Run datree kustomize test [path] to render resources defined in a kustomization.yaml file located in [path] and run a policy check against them.
For more information, options and examples, see the Kustomize support page.
Publish policy-as-code configuration
When using Policy as code mode, the command datree publish fileName.yaml will publish policies configuration for given fileName. Input should be the path to the Policy-as-Code yaml configuration file.
Configure the CLI
The command datree config allows you to manage the datree config file. Use datree config set to change the value of a specific key in the datree config.yaml file (defaults to $HOME/.datree/config.yaml). For example:
$ datree config set token MY_EXAMPLE_TOKEN