Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
Home Page: https://datree.io
License: Apache License 2.0
Is your feature request related to a problem? Please describe.
when running Datree's pre-commit, there is no ("native") way to pass the account token to the docker image
Describe the solution you'd like
A way to inject the account token from the pre-commit config
Describe alternatives you've considered
pass the account token as env variable to the docker image
Report type
What can be improved?
Best practices for managing policy as code in production.
Suggested text
Discussed in this issue.
Describe the bug
When 'owner' label check enabled helm datree test does not fail on chart that does not have this label
To Reproduce
Steps to reproduce the behaviour:
Expected behavior
i was expecting it to fail since my chart does not have that label
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $chartname }}-{{ $branchName }}
labels:
app: {{ $chartname }}
branch: {{ $branchName }}
spec:
[hawtio]$ grep -ir owner *
[hawtio]$
Desktop (please complete the following information):
Datree version (run datree verion):
Additional context
(Summary)WWWW
WWWWWWWWWWWWW
Users should be able to set Datree’s policies via code (YAML file)
$ datree publish [PaC file]Describe the bug
In the CONTRIBUTING.MD file under the Submitting a Pull Request(PR) section step 11 is written to raise PR against the staging branch. Recently I raised a PR where I was told that staging branch is going to be deprecated so I should merge my PR to the main branch. Documentation must be updated in order to avoid such confusions to anyone.
I think the policy "Ensure Deployment has more than one replica configured" - DEPLOYMENT_INCORRECT_REPLICAS_VALUE shouldn't fail when replicas is completely omitted. According to https://hub.datree.io/ensure-minimum-two-replicas this should only occur when replicas is set to 1. An example situation where you'd want to omit "replicas" is when using a Horizontal Pod Autoscaler to control the replicas instead.
Is your feature request related to a problem? Please describe.
Update the demo scenario to also include the policy and rules dashboard (UI)
Describe the solution you'd like
Maybe use a split layout: https://katacoda.com/scenario-examples/courses/uilayouts/uilayout-terminal-iframe-split
Additional context
https://github.com/datreeio/katacoda-scenarios
Is your feature request related to a problem? Please describe.
In order to have autocomplete for the CLI the user need to run the completion command
Describe the solution you'd like
Print a message to the user that he should run the completion command if he wants autocompletion enabled after the installation is finished
Additional context
I suggest adding a short description about the completion command here
Describe the bug
"Policy check didn't run for this file" shown for a helm test.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Set Policy should be executed
Screenshots
Desktop (please complete the following information):
Datree version (run datree version):
Describe the bug
The workflow for checking commit messages should not be executed after a pr is approved and pushed to main branch
We are getting a lot of requests for different plugins to support.
This issue is a place for our community to understand which plugins Datree should support and prioritization.
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: Test2
spec: {}
status: {}
Trying to validate a namespace YAML file that has an invalid name.
If I apply the above file with the dry-run=server flag it throws an error "The Namespace "Test2" is invalid: metadata.name: Invalid value: "Test2": a lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc', regex used for validation is 'a-z0-9?')"
but datree test doesn't detect this as an error.
Is your feature request related to a problem? Please describe.
Right now Datree requires that we sign up in order to be able to change policies or default configs.
Describe the solution you'd like
It would be great to be able to edit that info having a datree config file that could be comited to repos
Additional context
It would be equivalent to files like .eslintrc.yaml or analysis_options.yaml
Describe the bug
In Releases page: https://github.com/datreeio/datree/releases you don't see the full changelog between the current and previous release
To Reproduce
Go to releases page: https://github.com/datreeio/datree/releases
Expected behavior
in a release, see the full changelog
Screenshots
Desktop (please complete the following information):
Datree version (run datree version):
Is your feature request related to a problem? Please describe.
Today, we are using the outdated stale app to close stale issues
Describe the solution you'd like
use the stale Action that has more capabilities
Additional context
we should also configure the stale app to close stale PR
Is your feature request related to a problem? Please describe.
We need a centralized policy configuration but we cannot go to the external environment to get those polices. It must be inside our infrastructure.
Describe the solution you'd like
A docker image of app.datree
Is your feature request related to a problem? Please describe.
First-time contributers can face difficulties setting up the development environment
Describe the solution you'd like
A small and concise guide to how to set up environment for development
Additional context
A good example can be found here - https://helm.sh/docs/community/developers/
Describe the bug
Release flow of a new version is defined as a github workflow that sends a request to travis using http request. The workflow is not taking into account the time it takes for travis to finish the deployment step and instead shows releases as finished after a few seconds
To Reproduce
As maintainer, execute a release workflow. Notice that the release finishes a lot faster than the corresponding travis build that is still in progress
Expected behavior
Workflow should wait until travis build is finished
Additional context
We probably need to add a step that waits for the specific travis build to finish and check its status
Originally posted by virajp July 8, 2021
It will be great if datree is available via homebrew
Is your feature request related to a problem? Please describe.
When we receive code contributions from the community, before reviewing the code logic we have to do a manual set of checks that can be automated
Describe the solution you'd like
Add a bot to check for incompatibility with our contribution guidelines before getting a real person to review the code
Additional context
Adding automated labels can also be a nice addition - ltgm, cla-yes/no, fix-commit-message, etc.
Describe the bug
From Datree following the step 2
Docker image already pull from step 1
Using the Docker command:
While running the docker command it shows an error Unable to find image 'datree:latest' locally docker: Error response from daemon: pull access denied for datree, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
To Reproduce
Steps to reproduce the behavior:
Unable to find image 'datree:latest' locally docker: Error response from daemon: pull access denied for datree, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.Expected behavior
It should run the pulled docker image i.e datree/datree
The below command works fine:
cat ~/.datree/k8s-demo.yaml | docker run -i datree/datree test -
Screenshots
Not working:
Working:
Desktop (please complete the following information):
Datree version (run datree verion):
Additional context
Add any other context about the problem here.
If possible, include a YAML file to reproduce the bug.
Is your feature request related to a problem? Please describe.
We support JSON and YAML output but the structure of the output is not "developers/machine/pipe-line friendly" enough
Describe the solution you'd like
The output structure should be documented, clear, and consistent.
Additional context
YAML output: datree test manifest.yaml -o yaml
JSON output: datree test manifest.yaml -o json
Related to datreeio/helm-datree#5 (comment)
description
installation with "curl" doesn't work with mac m1 chip
Steps to reproduce the behavior:
Expected behavior
Expecting the datree cli to be installed
Describe the bug
Simple output prints color (tags)
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The simple output flag should print output without any colors or emoji
Screenshots
| [91mTotal rules failed[0m | [91m0[0m |
| [32mTotal rules passed[0m | [32m0[0m |
Desktop (please complete the following information):
Datree version (run datree verion):
Is your feature request related to a problem? Please describe.
currently, we install date binary on Unix and if we want to change policy then we need to login to datree site and do changes and also we are not allowed to use the internet in that case how we can do.
how we can do all setup on-prem hardware.
Is your feature request related to a problem? Please describe.
Sometimes, users prefer not to install tools on their CI machines.
Describe the solution you'd like
To make it easier to use Datree in the CI, it will be nice to have a ready docker image.
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Datree version (run datree verion):
Additional context
Add any other context about the problem here.
If possible, include a YAML file to reproduce the bug.
Describe the bug
Running datree test on empty files shows invalid memory address or nil pointer dereference exception.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Empty files should not pass the Kubernetes validation step.
Screenshots
Desktop (please complete the following information):
Datree version (run datree verion):
Is your feature request related to a problem? Please describe.
As a user, I want to be able to have a clearer indication for the mistakes in my yaml manifests.
Describe the solution you'd like
Showing manifest's metadata.name and kind upon failure.
Describe alternatives you've considered
Manually iterating through all my manifest to find where exactly my config failed.
Is your feature request related to a problem? Please describe.
We used to use svu in our project. Because of some technical difficulties we removed this dependency and the versioning is now hard-coded.
We'd like to reintroduce svu to our project (or any other recommended version management solution)
Describe the solution you'd like
Clean unused files from the ./scripts folder (deploy.sh for example is not used anymore)
Both deploy_release_candidate.sh and release.sh are using the same logic to determine the version. Use define_semver_number.sh script instead to avoid code duplication
Remove hard-coded MAJOR_VERSION and MINOR_VERSION variables and use svu logic to determine next release version
Versioning should work as follows:
for x.x.x -> major.minor.patch
feat! should bump major versionfeat should bump minor versionfeat commits should bump one minor versionfeat and fix commits should bump one minor versionDescribe alternatives you've considered
svu is not mandatory for this solution. This is a suggested package to use but we're not set on it and are open to alternatives
Is your feature request related to a problem? Please describe.
As our comminity grows, we need to setup development standards. Adding a linter is a good start
Describe the solution you'd like
A go linter (should be widely used in several big open-source projects) that corresponds with golang development best practices. Preferably not too aggressive
Additional context
Add linter to the build flow in travis as part of the deployment process
Is your feature request related to a problem? Please describe.
Datree test isn't working on my Ingress, with the following error: k8s schema validation error: could not find schema for Ingress It has an apiVersion of "networking.k8s.io/v1". Is this not supported? According to https://hub.datree.io/prevent-ingress-forwarding-traffic-to-single-container it looks like ingresses are supported in some form.
Describe the solution you'd like
Support for "networking.k8s.io/v1" ingresses.
Hi,
I just come across Datree by TechWorld with Nana (https://www.youtube.com/watch?v=hgUfH9Ab258).
When i try to install Datree with the command (curl https://get.datree.io | /bin/bash) it fails, because the commands run without sudo privilege (because the platform is Darwin and not Linux):
Line 26 in 06e01f8
When I run the whole script with sudo in line 27 and 28 everything works just fine.
I'm running macOS Big Sur 11.4 on a MacBook Air M1.
Wolfgang
Is your feature request related to a problem? Please describe.
I'm running datree in Azure Pipelines, and my logs are being filled up with lots of loading messages, such as:
| Loading... WWWWWWWWWWWWWW
/ Loading... WWWWWWWWWWWWWW
- Loading... WWWWWWWWWWWWWW
\ Loading... WWWWWWWWWWWWWW
| Loading... WWWWWWWWWWWWWW
/ Loading... WWWWWWWWWWWWWW
- Loading... WWWWWWWWWWWWWW
\ Loading... WWWWWWWWWWWWWW
| Loading... WWWWWWWWWWWWWW
/ Loading... WWWWWWWWWWWWWW
- Loading... WWWWWWWWWWWWWW
\ Loading... WWWWWWWWWWWWWW
| Loading... WWWWWWWWWWWWWW
/ Loading... WWWWWWWWWWWWWW
- Loading... WWWWWWWWWWWWWW
\ Loading... WWWWWWWWWWWWWW
Describe the solution you'd like
It would be good to be able to disable this with an optional argument.
Describe the bug
error when running Datree helm plugin on a Windows machine
To Reproduce
Steps to reproduce the behavior:
helm datree test [chart]%1 is not a valid Win32 application.Expected behavior
The plugin should work fine (like on a Linux machine)
Screenshots
Desktop (please complete the following information):
Datree version (run datree verion):
Describe the bug
Let's say I have a deployment file and it has replicas field set to blank for whatever reason. Now when 'datree test' is run on this file, it shows a failed policy but final summary shows 'Total rules failed' as 0.
To Reproduce
Steps to reproduce the behaviour:
Expected behavior
'Total rules failed' should include the count for this failed check.
Screenshots
Desktop (please complete the following information):
Additional context
None
Is your feature request related to a problem? Please describe.
Datree's docker image doesn't include old versions, only the latest
Describe the solution you'd like
A dedicated image tag version for each CLI release
Additional context
Related to #225
Describe the bug
The "Close stale issues" workflow throw an error when running
Expected behavior
The workflow should work as expected
Screenshots
Additional context
From reading the docs, we are not using the exempt-issue-labels property correctly
Is your feature request related to a problem? Please describe.
Installation script supports only x86_64 architecture. 386 and arm64 are not supported.
Describe the solution you'd like
Detect the machine's architecture and download the relevant release in the install script
Additional context
the relevant file that should be changed should be install.sh and windows_install.ps1
Is your feature request related to a problem? Please describe.
when a user has several files (e.g. "user_configs.yaml") in a dir that not all of them are K8s files and he runs datree on the entire dir content, he will get errors (not valid yaml/k8s file check will fail) on those files.
Describe the solution you'd like
add a flag that will ignore files that are not K8s files.
we can do that by checking for mandatory properties such as "apiVersion" or "kind".
Is your feature request related to a problem? Please describe.
We use Windows laptops and desktops to manage our Kubernetes infrastructure. Not having a windows compatible CLI prohibits distribution to our team.
Describe the solution you'd like
Elevate Windows to a supported platform
Describe alternatives you've considered
We are using home-grown validation scripts.
Additional context
Maybe it is already on the roadmap, given that the public facing documentation makes a reference to the Windows environment.
Describe the bug
The install script continues execution even if there are errors in the download process and the download fails
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Error message and non-zero exit code
Screenshots
Desktop (please complete the following information):
Datree version (run datree verion):
Describe the bug
Any datree command fails
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0xb01dfacedebac1e pc=0x7fff20458cbe]
runtime stack:
runtime: unexpected return pc for runtime.sigpanic called from 0x7fff20458cbe
stack: frame={sp:0x7ffeefbff528, fp:0x7ffeefbff578} stack=[0x7ffeefb805c8,0x7ffeefbff630)
0x00007ffeefbff428: 0x01007ffeefbff448 0x0000000000000004
0x00007ffeefbff438: 0x000000000000001f 0x00007fff20458cbe
...
To Reproduce
Steps to reproduce the behavior:
brew install datreedatreeExpected behavior
Expecting datree to work
Desktop (please complete the following information):
Datree version (run datree verion):
Additional context
I suspect this is because of go versioning issues during go build flow in homebrew-core. datree is not building well with version 1.17 and it looks like the default build is using 1.17 version
https://github.com/Homebrew/homebrew-core/blob/master/Formula/datree.rb
Is there any provided examples of how datree could be implemented as a pre-commit hook?
Is your feature request related to a problem? Please describe.
Sharing Datree's pre-commit hooks across projects can be painful because it requires copying and pasting unwieldy bash scripts.
Describe the solution you'd like
The pre-commit framework was created to solve those hook issues.
Additional context
Creating new hooks.
Related to #125
Is your feature request related to a problem? Please describe.
There are limited output options for Datree. When used with Azure DevOps, it would be nice to able to pulish the results of these checks
Describe the solution you'd like
A JUnit output format would be extremely welcome to make it easier to export the results. This can then be viewed in the Azure DevOps pipeline.
Is your feature request related to a problem? Please describe.
When using datree cli, there's no support for auto complete for next possible command
Describe the solution you'd like
Add auto-completion support for terminal (zsh, bashrc, etc..)
Can be part of the installation flow for datree
Describe the bug
When running datree test --foobar with an unrecognized flag --foobar, the cli doesn't show Usage message (whereas datree version --foobar does return Usage mesage
To Reproduce
Steps to reproduce the behavior:
datree test ~/.datree/k8s-demo.yaml --foobardatree version --foobarExpected behavior
should show Usage message
Screenshots
Desktop (please complete the following information):
Datree version (run datree verion):
Is your feature request related to a problem? Please describe.
Handling policy as code in datree's current state requires datree to be ran anytime a change to a policy is added or implemented.
Describe the solution you'd like
Instead of running datree as a process, it would be nice if datree could be configured to just read policies.yaml from a repo.
Describe alternatives you've considered
The alternative would be manually defining our own CI pipeline to run datree publish on main whenever changes are pulled in. The thing I don't like about this solution is that a pipeline needs to be defined and then maintained. Reading from source would be a much more elegant and preferred solution.
Hi there I'm having problem in installing datree on win11(x64) when I ran the command
curl https://get.datree.io | /bin/bash
Result :
[V] Downloaded Datree
unzip: cannot find or open datree-latest.zip, datree-latest.zip.zip or datree-latest.zip.ZIP.
cp: cannot stat 'datree-latest/datree': No such file or directory
/bin/bash: line 29: sudo: command not found
rm: cannot remove 'datree-latest.zip': No such file or directory
[V] Finished Installation
Usage: $ datree test ~/.datree/k8s-demo.yaml
Using Helm? => https://hub.datree.io/helm-plugin
then I tried datree verison but It says bash: datree: command not found
then i tried $ iwr -useb https://get.datree.io/windows_install.ps1 | iex
Output
bash: iwr: command not found
bash: iex: command not found
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.