From fc42e298ba85158b01947a5bab11452900b05210 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Thu, 23 Jun 2022 21:37:36 +1000 Subject: [PATCH] wip --- kubernetes/datree/README.md | 44 +++++++++++++++----- kubernetes/datree/github-actions/datree.yaml | 22 ++++++++++ 2 files changed, 55 insertions(+), 11 deletions(-) create mode 100644 kubernetes/datree/github-actions/datree.yaml diff --git a/kubernetes/datree/README.md b/kubernetes/datree/README.md index 987bd47..f2f52c7 100644 --- a/kubernetes/datree/README.md +++ b/kubernetes/datree/README.md @@ -65,33 +65,49 @@ Use "datree [command] --help" for more information about a command. We have a number of Kubernetes manifests in this repo.
Datree does a few things for us.
-* YAML validation -* Schema validation. -* Policy checks (there are 21 built-in policies at time of this demo) +* YAML validation ( Is this YAML well formatted ? ) +* Schema validation. ( Is this a Kubernetes YAML file ? For the right version ? ) +* Policy checks ( Checks YAML against best practise policies )
Let's test my example manifests under the `kubernetes` directory +### YAML validation + +If we break the YAML file format, we can detect that with the YAML validation feature + ``` datree test ./kubernetes/deployments/deployment.yaml +``` + +### Policy checks + +When we fix our YAML file, notice if we run `datree test` again, we get some policy checks failing + +``` +datree test ./kubernetes/deployments/deployment.yaml + +``` + +Let's test some other types of Kubernetes objects + +``` datree test ./kubernetes/services/service.yaml datree test ./kubernetes/configmaps/configmap.yaml datree test ./kubernetes/statefulsets/statefulset.yaml datree test ./kubernetes/ingress/ingress.yaml ``` -Notice on my `ingress.yaml` the schema validation fails.
-This is a neat feature of `datree` since it checks for a few things:
+### Schema validation -* Ensures the YAML is Kubernetes friendly. -* Ensures its compatible with a Kubernetes version - -It defaults to `1.19.0` as per time of this demo, and we can also change that on our account, or on the CLI +Datree kan also check if our YAML matches the target Kubernetes version schema. +For example, our Ingress YAML is a newer version of Kubernetes ``` -datree test --schema-version "1.19.0" ./kubernetes/ingress/ingress.yaml -datree test --schema-version "1.14.0" ./kubernetes/ingress/ingress.yaml +datree test --schema-version 1.14.0 ./kubernetes/ingress/ingress-nginx-example.yaml +datree test --schema-version 1.19.0 ./kubernetes/ingress/ingress-nginx-example.yaml + ``` We can also test a directory of YAML files.
@@ -101,3 +117,9 @@ Let's test my latest Kubernetes tutorial that contains a Wordpress + MySQL + Ing datree test kubernetes/tutorials/basics/yaml/* ``` +# CI/CD examples + +We can even run datree in GitHub Actions and various [CI/CD integrations](https://hub.datree.io/cicd-examples).
+ + + diff --git a/kubernetes/datree/github-actions/datree.yaml b/kubernetes/datree/github-actions/datree.yaml new file mode 100644 index 0000000..d6b6026 --- /dev/null +++ b/kubernetes/datree/github-actions/datree.yaml @@ -0,0 +1,22 @@ +on: + push: + branches: [ datree ] + pull_request: + branches: [ datree ] + +env: + DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} + +jobs: + k8sPolicyCheck: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Run Datree Policy Check + uses: datreeio/action-datree@main + with: + path: 'kubernetes/tutorials/basics/yaml/*' + cliArguments: '--only-k8s-files' \ No newline at end of file