marko/docker-development-youtube-series
1
0
Fork 0
mirror of https://github.com/marcel-dempers/docker-development-youtube-series.git synced 2025-06-06 17:01:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

datree updates

Browse Source
This commit is contained in:
marcel-dempers 2022-07-07 10:30:12 +10:00
parent 02e0f20e67
commit 9f9a467ae0
3 changed files with 83 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
.github/workflows/pipeline.yaml vendored Normal file
View File

@ -0,0 +1,36 @@
on:
push:
branches: [ datree ]
pull_request:
branches: [ datree ]
env:
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
jobs:
k8sPolicyCheck:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: run datree policy check
uses: datreeio/action-datree@main
with:
path: 'kubernetes/datree/example/deployment.yaml'
cliArguments: '--only-k8s-files'
- name: docker login
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
docker login -u $DOCKER_USER -p $DOCKER_PASSWORD
- name: build
run: |
docker build ./c# -t aimvector/csharp:1.0.0
- name: push
run: |
docker push aimvector/csharp:1.0.0
- name: deploy
run: |
echo 'deploying...'

19
kubernetes/datree/README.md
View File

@ -12,6 +12,8 @@ Let's run a small Alpine linux container
docker run -it -v ${PWD}:/work -v ${HOME}/.kube/:/root/.kube/ -w /work --net host alpine sh
```
### Install some dependancies
Let's install `curl` and `unzip` because the installation script uses those. <br/>
We will also install `sudo` since we are running in a container as root and install scripts have `sudo` commands in them.
@ -19,12 +21,15 @@ We will also install `sudo` since we are running in a container as root and inst
apk add curl unzip bash sudo
```
### Automatic Installation
We can install the latest version of Datree with the command advertised:
```
curl https://get.datree.io | /bin/bash
```
### Manual Installation
Or we can grab a specific version of `datree` on the GitHub releases page. </br>
For example: [1.5.20](https://github.com/datreeio/datree/releases/tag/1.5.20) binary
@ -63,10 +68,10 @@ Use "datree [command] --help" for more information about a command.
```
## Test Kubernetes Manifests
## Testing Kubernetes Manifests
We have a number of Kubernetes manifests in this repo. </br>
Datree does a few things for us. </br>
Datree does a few things for us: </br>
* YAML validation ( Is this YAML well formatted ? )
* Schema validation. ( Is this a Kubernetes YAML file ? For the right version ? )
* Policy checks ( Checks YAML to ensure good practises are followed )
@ -150,11 +155,9 @@ Checkout the link to access the UI which helps us manage our policies. </br>
## Policy examples
One of the key features about policies is that we can apply rule sets for specific environments. </br>
Perhaps you have a development environment where policies are a little loose and a staging server that </br>
has tighter restrictions to match production, or even a regulated environment that has very tight controls. </br>
Perhaps you have a development environment where policies are a little loose and a staging server that has tighter restrictions to match production, or even a regulated environment that has very tight controls. </br>
We can use the Datree UI to create policies with different sets of rules. </br>
We can then tell `datree` about the policy we want it to test against:
```
@ -332,7 +335,7 @@ Fetching resources, this may take some time depending on the amount of resources
| Total rules skipped | 0 |
| Total rules failed | 0 |
| Total rules passed | 21 |
| See all rules in policy | https://app.datree.io/login?t=bkVXgLsNQQ1F58hbu7tceE |
| See all rules in policy | https://app.datree.io/login?t=xxxxxxxxxxxxxxxxxxxxxx |
+-----------------------------------+------------------------------------------------------+
The following cluster resources in namespace 'examples' were checked:
@ -374,8 +377,8 @@ helm datree test example-app \
## Kustomize
What if I don't use `helm` and use `kustomize` ? <br/>
Datree has out the box built in `kustomize` support <br/>
What if I don't use `helm` and use `kustomize` instead ? <br/>
Datree has out the box built-in `kustomize` support <br/>
Let's test our `kustomize` template from a video I did on `kustomize`
```

58
kubernetes/datree/github-actions/datree.yaml
View File

@ -1,22 +1,36 @@
on:
push:
branches: [ datree ]
pull_request:
branches: [ datree ]
env:
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
jobs:
k8sPolicyCheck:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Run Datree Policy Check
uses: datreeio/action-datree@main
with:
path: 'kubernetes/tutorials/basics/yaml/*'
cliArguments: '--only-k8s-files'
on:
push:
branches: [ datree ]
pull_request:
branches: [ datree ]
env:
DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }}
jobs:
k8sPolicyCheck:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: run datree policy check
uses: datreeio/action-datree@main
with:
path: 'kubernetes/datree/example/deployment.yaml'
cliArguments: '--only-k8s-files'
- name: docker login
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
docker login -u $DOCKER_USER -p $DOCKER_PASSWORD
- name: build
run: |
docker build ./c# -t aimvector/csharp:1.0.0
- name: push
run: |
docker push aimvector/csharp:1.0.0
- name: deploy
run: |
echo 'deploying...'