Original link: https://www.hwchiu.com/read-notes-51.html
Title: “Datree, Kubernetes Configuration Checker”
Category: tools
Link: https://opensource.com/article/22/4/kubernetes-policies-config-datree
Like the testing frameworks of various programming languages, the deployment file (YAML) of Kubernetes is actually a concept that can be imported into CI. So what exactly needs to be checked in the YAML file?
The most basic concepts can be roughly divided into three
- Checking YAML syntax
- Semantic checking of Kubernetes YAML
- Kubernetes YAML set specification check
In addition to the basic YAML deployment, consider how the team manages the Kubernetes App, such as native YAML, Helm, Kustomize, etc.
(1) In fact, the most basic way is to use the yq command, which itself can check the basic YAML syntax. If it is a Helm user, you can also try to render through the Helm template, and the rendering process will also help to check the YAML. legality.
(2) In fact, there are other types of tools such as kubeval to help check whether the YAML content conforms to the Kubernees Scheme. Special attention should be paid to the version problem. After all, many API Versions will be adjusted every time you upgrade.
(3) What matters is the specification, such as requiring all workloads to describe the Request/Limit of CPU/Memory, or requiring all containers to run as non-root,
This part can be detected by tools such as kube-score or REGO-based conftest.
The tool datree shared today is basically a person who arranges the above three tools. This tool basically has two modes of use.
- Using local, just like all the above tools, you can put all policies and rules in the local environment and execute them with concepts such as git hook, CI pipeline, etc.
- Datree also provides a server for central management of Policy. Each environment running datree can be linked with the server maintained by the team, allowing you to set the k8s version you want to verify and the specifications you want to detect through the web page. .
Basically, there are more and more tools of this type. Find a tool that is suitable for the team and integrate it into CI, so that the team’s Kubernetes YAML can conform to the team’s specifications, and at the same time, through the CI process, problems can be identified as early as possible.
personal information
I currently have Kubernetes-related courses on the Hiskio platform. Interested people are welcome to refer and share, which contains my various ideas about Kubernetes from the bottom to the actual combat.
For details, please refer to the online course details: https://course.hwchiu.com/
In addition, please click like to join my personal fan page, which will regularly share various articles, some are translated articles, and some are original articles, mainly focusing on the CNCF field
https://www.facebook.com/technologynoteniu
If you use Telegram, you can also subscribe to the following channels, where I will regularly push notifications of various articles
https://t.me/technologynote
Your donation will give me the motivation to grow my article
This article is reprinted from: https://www.hwchiu.com/read-notes-51.html
This site is for inclusion only, and the copyright belongs to the original author.