k8s配置检查工具datree使用
2022-03-11 本文已影响0人
wwq2020
用途
检查yaml中配置的不规范之处
支持kustomize,helm
使用
datree test yourmanifest.yaml
离线使用
datree会访问gateway.staging.datree.io来检查,编写main.go,内容如下
package main
import (
"fmt"
"io/ioutil"
"log"
"os"
"github.com/datreeio/datree/pkg/policy"
"github.com/datreeio/datree/pkg/yamlSchemaValidator"
"gopkg.in/yaml.v2"
)
func main() {
if len(os.Args) < 2 {
log.Println("need target")
return
}
files := os.Args[1:]
defaultRules, err := policy.GetDefaultRules()
if err != nil {
panic(err)
}
validator := yamlSchemaValidator.New()
schemas := make([]string, 0, len(defaultRules.Rules))
for _, rule := range defaultRules.Rules {
schemaBytes, err := yaml.Marshal(rule.Schema)
if err != nil {
log.Fatalf("failed to Marshal for rule id:%s,err:%#v", rule.ID, err)
}
schemas = append(schemas, string(schemaBytes))
}
for _, file := range files {
data, err := ioutil.ReadFile(file)
if err != nil {
log.Printf("failed to ReadFile for file:%s,err:%#v", file, err)
continue
}
for _, schema := range schemas {
result, err := validator.Validate(schema, string(data))
if err != nil {
log.Printf("failed to Validate for file:%s,err:%#v", file, err)
continue
}
for _, desc := range result.Errors() {
fmt.Println(desc.String())
}
}
}
}
执行go run main.go pkg/policy/tests/1-fail.yaml,得到如下结果
spec.template.spec.containers.0.image: Must not validate the schema (not)
spec.template: Must validate all the schemas (allOf)
spec.template.spec.containers.0.resources.requests: memory is required
spec.template: Must validate all the schemas (allOf)
spec.template.spec.containers.0.resources.limits: memory is required
spec.template: Must validate all the schemas (allOf)
spec.template.spec.containers.0: livenessProbe is required
spec.template: Must validate all the schemas (allOf)
metadata.labels: owner is required
metadata.labels: env is required
spec.template.spec.containers.0.image: Does not match pattern '.*\@sha256\:\S{64}$'
spec.template: Must validate all the schemas (allOf)
