Skip to main content

Troubleshooting

Tokens mismatch

troubleshooting_token_mismatch

If you see this message in your dashboard, it means that we identified there are two account tokens associate with your account - one in your CLI and a different one in your dashboard. This can be an issue because it will break the connection between the policy checks that are executed (CLI) and the centralized policy (dashboard). As a result, you will not be able to control your policies or see results on your history page.

How to fix tokens mismatch?

You will need to set your CLI token to match your dashboard token:

  1. Get your dashboard account token

  2. Set your dashboard account token in your CLI

Seems like your token does not exist

If you deleted your account, then ran a policy check - you will get this output: "Seems like your token does not exist".
To fix this, delete your config file ($HOME/.datree/config.yaml), then run another policy check.

Running Datree on Alpine (Linux) image

Alpine is missing some dependencies that are required to successfully install Datree.

How to fix missing dependencies?

Adding the following command to the CI should fix this: apk add curl bash This will add curl and bash commands which our install scripts require in order to run.

Schema validation failure

TL;DR
If you get the following message in your CLI: 

❌  k8s schema validation error: could not find schema for [kindName]

It means the schema validation check failed and there are three possible root causes:

Wrong Kubernetes schema version

If Datree's schema validation version does not match your Kubernetes cluster version, it can produce this type of error.
To check your Kubernetes cluster version, you can run kubectl version --short and read your Server Version: 

➜ kubectl version --short
Server Version: v1.20.0

Your Datree schema validation version can be found on your dashboard (under SETTINGS) or in your policy check summary: 

(Summary)
- Passing YAML validation: 1/1
- Passing Kubernetes (1.20.0) schema validation: 0/1

How to solve this?

Update the default schema version in the dashboard to be the same Kubernetes version as your cluster, or pass the --schema-version flag (read more).

Deprecated API versions

New Kubernetes releases may contain deprecations of APIs for different K8s objects. For example, Ingress v1beta1 API is no longer served on Kubernetes version 1.22.0. Therefore, if the Kubernetes schema validation version is set to 1.22.0 and an Ingress config with the v1beta1 API will be passed to Datree, it will not be found, and the schema validation step will fail.

apiVersion: networking.k8s.io/v1beta1 # deprecated API version
kind: Ingress  
metadata:  
  name: example

How to solve this?

Update your manifests to match the Kubernetes schema definition, or your cluster will not accept it (read more).

Missing schema for a CRD

CustomResources (CRs) are not Kubernetes native objects, so they are not part of the official Kubernetes schema. To overcome this, we created the CRDs-catalog project, but if you're trying to validate CRs that don't exist in the CRD-catalog, the schema validation step will fail.

How to solve this?

You will need to use the CRD Extractor to validate them (read more).

Haven't found a solution to your problem?

Let us know by opening an issue in our GitHub open-source project and we will gladly help!