datreeio/helm-datree datreeio/helm-datree

  • Stars
    star
    112
  • Rank 312,240 (Top 7 %)
  • Language
    Shell
  • License
    MIT License
  • Created over 3 years ago
  • Updated 5 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
datreeio/helm-datree
github

datreeio

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A Helm plugin to validate charts against the Datree's CLI tool

Datree Helm Plugin

A Helm plugin to validate charts against the Datree policy

Installation

helm plugin install https://github.com/datreeio/helm-datree

⚠️ Helm plugins are not supported on Windows OS ⚠️
Windows users can work around this by using Helm under WSL

Update Datree's plugin version

helm plugin update datree

Uninstall

helm plugin uninstall datree

Usage

Trigger datree policy check via the helm CLI

helm datree test [CHART_DIRECTORY]

Passing arguments

If you need to pass helm arguments to your template, you will need to add -- before them:

helm datree test [CHART_DIRECTORY] -- --values values.yaml --set name=prod

Test files

By default, test files generated by Helm will be skipped. If you wish to include test files in your policy check, add the --include-tests flag:

helm datree test --include-tests [CHART_DIRECTORY]

Check plugin version

helm datree version

See help text

helm datree help

Using other helm command

Helm might be installed through other tooling like microk8s. The DATREE_HELM_COMMAND allows specifying a command to run helm (default: helm):

DATREE_HELM_COMMAND="microk8s helm3" helm datree test [CHART_DIRECTORY]

Testing multiple charts

If you have multiple charts inside a single directory, you can test all of them sequentially using the following script:

#!/bin/bash

path="${1:-.}"
final_exit_code=0

while read -r helmchart; do
	dir="$(dirname "$helmchart")"
    echo "*** Proceeding to test Helm chart: $helmchart ***"
	set +e
	helm datree test "$dir"
	exitcode=$?
	set -e
	if [ "$exitcode" -gt "$final_exit_code" ]; then
        final_exit_code="$exitcode"
    fi
    echo ""
done < <(find "$path" -type f -name 'Chart.y*ml')

if [ "$final_exit_code" = 0 ]; then
    echo "Success"
else
    echo "Violations found, returning exit code $final_exit_code"
fi
exit "$final_exit_code"

The script will run a policy check against all charts before exiting, and return 0 only if no violations were found in any of them.
This is useful for CI, to avoid the need to call datree test multiple times.

Examples

Basic usage

helm plugin install https://github.com/datreeio/helm-datree
git clone [email protected]:datreeio/examples.git
helm datree test examples/helm-chart/nginx

image

GitHub Workflow

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
    
env:
  DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} 

jobs:
  k8sPolicyCheck:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v2
        
      - name: Run Datree Policy Check
        uses: datreeio/action-datree@main
        with:
          path: 'myChartDirectory'
          cliArguments: '--only-k8s-files'
          isHelmChart: true
          helmArguments: '--values values.yaml'

Troubleshooting

Error: plugin "datree" exited with error

This is actually expected behavior because it's raised by Helm itself every time a plugin returns a non-zero exit code.
Therefore, if you will run datree plugin on a Chart that will pass the policy check, it will return 0 as exit code, and you will not see this error.

K8s schema validation error

This error occurs when trying to scan Chart.yaml or values.yaml files instead of the chart directory.
Solution: Pass the helm chart directory path to Datree's CLI, instead of to the file itself:

  • Correct - helm datree test examples/helm-chart/nginx
  • Wrong - helm datree test examples/helm-chart/nginx/values.yaml

The policy check returns false-positive results

The best way to determine if a false-positive result is a bug or a true misconfiguration, is by rendering the Kubernetes manifest with helm and then checking it manually:

helm template [CHART_DIRECTORY]

If after eyeballing the rendered manifest you still suspect it's a bug, please open an issue.

More Repositories

1

datree

Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
Go
6,385
star
2

CRDs-catalog

Popular Kubernetes CRDs (CustomResourceDefinition) in JSON schema format.
Shell
479
star
3

kubectl-datree

A kubectl plugin that extends Datree to test resources within the cluster
Shell
51
star
4

jira-backup-py

python script to create, download and upload to s3 your Jira or Confluence cloud instance backup
Python
47
star
5

awesome-datree

⚙️ A curated list of resources for using Datree's CLI tool
40
star
6

action-datree

Github action that runs the Datree CLI
Shell
24
star
7

admission-webhook-datree

Datree offers cluster integration that allows you to validate your resources against your configured policy upon pushing them into a cluster, by using an admission webhook.
Go
24
star
8

validate-license-action

Validate a license file exists and is one of the allowed licenses
JavaScript
21
star
9

yaml-schema-validator

An open source yaml schema validator. just like json schema - only better
TypeScript
19
star
10

validating-admission-policy

Kubernetes Validation Admission Policy - local testing guide and valuable resources
12
star
11

serverless-web-template-aws

Serverless Web Template
JavaScript
11
star
12

node-datreeio

📕 datree.io Node.js Module to integrate with NPM
JavaScript
9
star
13

datree-cdk8s

A cdk8s plugin to validate synthesized k8s manifests
TypeScript
9
star
14

datree-pr-checks

datree catalog - in context of your pull requests
JavaScript
6
star
15

kubernetes-schema-validation

resources for the blog post about Kubernetes schema validation
6
star
16

drone-datree

Drone plugin that runs the Datree CLI
Shell
4
star
17

awesome-gitops

A curated list of awesome GitOps open source repos, guides, blogs, and other resources.
4
star
18

codefresh-datree

Shell
3
star
19

examples

Smarty
3
star
20

datree-orb

datree CircleCi Orb
2
star
21

production-merges

Get a list of repositories that need merging to production
JavaScript
2
star
22

datree-circleci-orb

A CircleCI orb for using the Datree CLI in your CircleCI jobs.
Smarty
2
star
23

GitHub-User-Group

Resources from GitHub User Group Meetup https://www.meetup.com/GitHub-User-Group/
2
star
24

docs

Datree documentation
JavaScript
2
star
25

homebrew-datree

Ruby
1
star
26

icecream

ice cream web service
HCL
1
star
27

cli-downloads-tracker

1
star
28

connect-to-issue-tracker-action

verify that the branch name references an issue tracker(jira ticket)
JavaScript
1
star
29

ecs-fargate-template

Shell
1
star
30

homebrew-datree-staging

Ruby
1
star