Sayyam Gatagat's Blog

Creating custom policies in Datree

Sayyam Gatagat's photo
Sayyam Gatagat
·

3 min read

For a developer who works with Kubernetes workloads, the job of ensuring the proper use of configurations and maintaining standards in development for multiple repositories can be quite challenging. I found a tool that makes this much easier for me, so I’m sharing it with you.

What is Datree?

Datree is basically a tool to avoid misconfigurations in Kubernetes workloads. To know more about Datree and its Installation check out this article or the official documentation.

Creating a custom policy

Datree comes with a default policy that has rules which we can enable or disable. It always helps to have multiple policies as we might have different projects that have different needs.

And Datree allows us to create custom policies in 2 different ways

  1. Using the GUI
  2. Using Policy as Code

Creating Custom policy using GUI

Click on Create Policy on the dashboard

Type in the name for policy and hit enter and then enable the rules that you want from the dashboard.

Once done it should look something like this depending upon the number of rules you’ve set active.

We will now test our new policy with the demo file provided by Datree using

datree test PATH\_TO\_FILE -p POLICY\_NAME

In this case

datree test $home/.datree/k8s-demo.yaml -p gui\_sample

And then we get a summary consisting of the tests and rules passed/failed.

Creating Custom policy through code

Datree provides a feature called policy as code which allows the user to use declarative code in order to create or manage policies replacing the GUI.

To use policy as code first enable policy as code through the settings and download the policies.yaml file

This is feature that I personally love to use, being a developer I hate switching to browser or any other window for something, This feature allows me to create or manage the policies right through my text editor and terminal, and makes the process easier.

When you open the policies.yaml file you’ll see that all your policies are listed in it and the disabled rules are commented out.

The structure of the file with multiple policies is

Here the policies are defined under the indented block of policies, and name denotes the policy name. The indented block under rules denotes the rules of policy where identifier is name of rule and messageOnFailure is the error it will show if the rule fails.

The rules that are commented are disabled, to enable those simply uncomment the rule.

Lets create a simple policy using this structure to test it out

To publish the Policy use

datree publish policies.yaml

If the yaml file doesn’t contain any error it will be published successfully

Otherwise, It will show the error in the file

Now if we check on the dashboard we can see our new policy added

As we have enabled policy as code we are not able enable/disable the rules through the GUI now, We will have to use policy as code.

We will again test out the new policy using the demo file

To learn more about Datree and to get started, visit their GitHub project.

KubernetesYAMLDevops