Skip to main content

Offline mode

Air-gapped environment support

It is possible to run Datree as a standalone in an air-gapped environment by preforming the following steps:

  1. Download Datree’s binary
  2. Manually copy the binary to your offline environment
  3. Set offline=local in your local config file:
datree config set offline local

When setting Datree to work without an internet connection, you will lose the following functionality:

  • Centralized policy registry
  • Automatic Kubernetes schema validation
  • Access to the dashboard and all of its components (e.g. activity-log page, token management, etc.)
Note

If your environment has internet access and your concern is sending policy checks metadata to your dashboard, you can use the --no-record flag instead of the offline mode.

How to customize your policy check locally

By design, Datree’s binary is compiled together with the built-in policies and their pre-configured (enabled) rules.
When running datree test, you will test your manifests against the "Default" policy.

To overwrite the "Default" policy setup, you will need to pass Datree your own policy-as-code (YAML) configuration file path with the --policy-config flag:

datree test [manifest] --policy-config [policyAsCodeFile]
E.g: datree test k8s-demo.yaml --policy-config policies.yaml

How to enable Kubernetes schema validation locally

When there is an internet connection, Datree knows how to fetch the relevant Kubernetes schema from GitHub.

Therefore, to enable this check in the offline mode, you will need to preform the following steps:

  1. Copy the relevant schema version dir (e.g. v1.21.0-standalone-strict/) to your air-gapped environment
  2. Pass the dir location to Datree CLI with the --schema-location flag:
datree test [manifest] --schema-location '[schemaVersionDir]/{{.ResourceKind}}{{.KindSuffix}}.json'
E.g: datree test k8s-demo.yaml --schema-location 'v1.21.0-standalone-strict/{{.ResourceKind}}{{.KindSuffix}}.json'
info

Note that {{.ResourceKind}}{{.KindSuffix}}.json does not need to be replaced with an actual filename, the CLI will be able to access all .json files with this name format in the specified directory.

datree test [manifest] --schema-location '[schemaVersionDir]/{{.ResourceKind}}{{.KindSuffix}}.json'