Sign in
Your Saved List Partners Sell in AWS Marketplace Amazon Web Services Home Help


By: Datree Latest Version: 1.0.2-rc.1

Product Overview

Datree offers cluster integration that allows you to validate your resources against your configured policy upon pushing them into a cluster, by using an admission webhook.
The webhook will catch create, apply and edit operations and initiate a policy check against the configs associated with each operation. If any misconfigurations are found, the webhook will reject the operation, and display a detailed output with instructions on how to resolve each misconfiguration.

K8s use different abstractions to simplify and automate complex processes. For example, when explicitly applying an object type Deployment, under the hood, K8s will translate this object into implicit objects of type Pod.

When installed on your cluster, other policy enforcement tools will validate both explicit and implicit objects. This approach may create a lot of noise and false positive failures since it will cause the webhook to validate objects that the users dont manage and, in some cases, are not even accessible.

To avoid such issues, we decided to define the specific operations that the admission webhook should validate:

Kubectl - validate objects that were created or updated using kubectl create, edit, and apply commands. Objects that were implicitly created (e.g., pods created via deployment) are ignored since the webhook validates the deployment that generated them and is accessible to the user.
Gitops CD tools - validate objects that were explicitly created and distinguish them from other objects (custom resources) that were implicitly created during the installation and are required for the ongoing operation of these tools (e.g., ArgoCD, FluxCD, etc.)





Operating System


Delivery Methods

  • Helm chart

Pricing Information

Usage Information

Support Information

Customer Reviews