Last active
September 14, 2022 10:18
-
-
Save vfarcic/f3514975ce7d6a1d0318ed7de2a9621d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Source: https://gist.github.com/f3514975ce7d6a1d0318ed7de2a9621d | |
| ########################################################################### | |
| # Admission Controllers Or CLI? Kubernetes Policy Validations with Datree # | |
| # https://youtu.be/WTh84BPHC4o # | |
| ########################################################################### | |
| # Additional Info: | |
| # - Datree: https://datree.io | |
| # - How To Write And Test Kubernetes Manifests With Datree: https://youtu.be/3jZTqCETW2w | |
| ######### | |
| # Setup # | |
| ######### | |
| # Install the `datree` CLI from https://hub.datree.io/#a-1-install-datrees-cli-integration | |
| # Create a Kubernetes cluster | |
| git clone https://github.com/vfarcic/datree-demo | |
| cd datree-demo | |
| kubectl create namespace production | |
| kubectl create namespace something-else | |
| kubectl label namespace something-else \ | |
| admission.datree/validate=skip | |
| # Replace `[...]` with your Datree token. | |
| # If you do not have it already, please head to https://app.datree.io/settings/token-management and generate one. | |
| export DATREE_TOKEN=[...] | |
| helm repo add argo \ | |
| https://argoproj.github.io/argo-helm | |
| helm repo add crossplane-stable \ | |
| https://charts.crossplane.io/stable | |
| helm repo update | |
| helm upgrade --install \ | |
| argocd argo/argo-cd \ | |
| --namespace argocd \ | |
| --create-namespace \ | |
| --wait | |
| helm upgrade --install \ | |
| crossplane crossplane-stable/crossplane \ | |
| --namespace crossplane-system \ | |
| --create-namespace \ | |
| --wait | |
| kubectl apply \ | |
| --filename https://raw.githubusercontent.com/vfarcic/devops-toolkit-crossplane/master/crossplane-config/provider-aws.yaml | |
| kubectl apply \ | |
| --filename https://raw.githubusercontent.com/vfarcic/devops-toolkit-crossplane/master/crossplane-config/config-sql.yaml | |
| ################################################ | |
| # Kubernetes Admission Controllers With Datree # | |
| ################################################ | |
| datree test k8s-2/*.yaml | |
| bash <(curl https://get.datree.io/admission-webhook) | |
| kubectl --namespace production apply \ | |
| --filename k8s-2 | |
| kubectl --namespace production get all | |
| kubectl --namespace datree get \ | |
| deployment webhook-server \ | |
| --output yaml | |
| kubectl --namespace something-else apply \ | |
| --filename k8s-2 | |
| kubectl get namespace something-else \ | |
| --output yaml | |
| ############################### | |
| # Kubernetes CRDs With Datree # | |
| ############################### | |
| # Open https://app.datree.io/cli/policies | |
| cat argocd/apps-2.yaml | |
| datree test argocd/apps-2.yaml | |
| kubectl apply \ | |
| --filename argocd/apps-2.yaml | |
| diff argocd/apps-2.yaml argocd/apps.yaml | |
| kubectl apply \ | |
| --filename argocd/apps.yaml | |
| datree test crossplane-2/sql.yaml | |
| # Open https://github.com/datreeio/CRDs-catalog | |
| curl -Lo crd-extractor.zip \ | |
| https://github.com/datreeio/CRDs-catalog/releases/latest/download/crd-extractor.zip | |
| unzip crd-extractor.zip | |
| # Make sure that Python 3 is installed. | |
| ./crd-extractor.sh | |
| datree test crossplane-2/sql.yaml | |
| datree test \ | |
| --schema-location ~/.datree/crdSchemas/master-standalone/sqlclaim-stable-v1alpha1.json \ | |
| crossplane-2/sql.yaml | |
| # Open https://datree.io/pricing | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment