https://github.com/datreeio/kubectl-datree

A kubectl plugin that extends Datree to test resources within the cluster
https://github.com/datreeio/kubectl-datree

Last synced: 1 day ago
JSON representation

A kubectl plugin that extends Datree to test resources within the cluster

• Host: GitHub
• URL: https://github.com/datreeio/kubectl-datree
• Owner: datreeio
• License: mit
• Created: 2022-01-27T12:02:00.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2022-10-25T11:31:51.000Z (about 2 years ago)
• Last Synced: 2024-05-22T12:32:54.331Z (6 months ago)
• Language: Shell
• Homepage:
• Size: 4.42 MB
• Stars: 49
• Watchers: 6
• Forks: 1
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-kubectl-plugins - kubectl-datree
• awesome-datree - Datree kubectl plugin - A kubectl plugin that extends the Datree CLI's capabilities to allow scanning kubernetes manifest files within the cluster for misconfigurations **by datreeio** (💻 Projects)

README

        
# kubectl-datree



   



## Overview 

This **kubectl plugin** extends the [Datree CLI's](https://github.com/datreeio/datree) capabilities to allow scanning resources **within your cluster** for misconfigurations.  



   






## Use cases

- Reveal unknown configuration issues  

- Get ready for future k8s version upgrade  

- Enforce standards and best practices    




## Supported Platforms

This plugin supports **MacOS** and **Linux**.




## Installation

### Via Krew

1. Install [krew](https://krew.sigs.k8s.io/docs/user-guide/setup/install/)

2. Install the datree plugin:

```

kubectl krew install datree

```

### Manual installation

1. [Download the installation script](https://github.com/datreeio/kubectl-datree/releases/latest/download/manual_install.sh) from this repository.

2. Open a terminal at the location of the script. 

3. Run ```/bin/sh manual_install.sh``` (an administrator password will be required to complete the installation).  




## Usage

```

kubectl datree test [datree CLI args] -- [options]

```

**Arguments:**

```

datree CLI args:

  This plugin supports all of the Datree CLI arguments: https://hub.datree.io/cli-arguments

options:

  [-n ] Test all resources in the cluster belonging to the specified namespace

  [--all] Test all resources in the cluster

      When using '--all', you can specify namespaces to exclude using '--exclude  --exclude '

  [  ] Test a single resource in the cluster

  Running 'kubectl datree test' with no arguments is equivalent to 'kubectl datree test -- -n default'

```




## Specification

The plugin supports the following resource types:

* Pod

* Service

* Ingress

* Daemonset

* Deployment

* Replicaset

* Statefulset

* Job

* CronJob 

* CRD (not the custom resource itself, but its definition)

:warning: When running against a given namespace, only resources of these types will be checked.  




## Examples

The following command will fetch all resources within the namespace `exmpl`, and execute a policy check against them:

```

kubectl datree test -- -n exmpl

```

The following command will fetch the resource of kind **Service** named `myAwesomeService` in namespace `mySweetNamespace`, and execute a policy check against it using k8s schema version 1.22.0:

```

kubectl datree test -s "1.22.0" -- service myAwesomeService mySweetNamespace

```  

The following command will fetch all resources from all namespaces in the cluster except for 'default':

```

kubectl datree test -- --all --exclude default

```




**Example test with no misconfigurations:**  

![](Resources/test_single_example.gif)