curl https://get.datree.io | /bin/bash
我们来使用datree来测试下面的yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
lifecycle:
postStart:
exec:
command:
- sh
- -c
- date "+%Y-%m-%d %H:%M:%S" > /datetmp.txt && sleep 30
ports:
- containerPort: 80
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 30
readinessProbe:
httpGet:
path: /
port: 80
scheme: HTTP
initialDelaySeconds: 30datree test demo.yaml
❌ Ensure Deployment has more than one replica configured [1 occurrences]
💡 Incorrect value for key `replicas` - running 2 or more replicas will increase the availability of the service
我们的应用没有使用 HA
❌ Ensure each container image has a pinned (tag) version [1 occurrences]
💡 Incorrect value for key `image` - specify an image version to avoid unpleasant "version surprises" in the future
我们使用了 latest 作为 tag
❌ Ensure each container has a configured CPU limit [1 occurrences]
💡 Missing property object `limits.cpu` - value should be within the accepted boundaries recommended by the organization
我们没有设定 cpu limit
❌ Ensure each container has a configured CPU request [1 occurrences]
💡 Missing property object `requests.cpu` - value should be within the accepted boundaries recommended by the organization
没有设定 cpu request
❌ Ensure each container has a configured memory request [1 occurrences]
💡 Missing property object `requests.memory` - value should be within the accepted boundaries recommended by the organization
没有设定 内存 request
❌ Ensure each container has a configured memory limit [1 occurrences]
💡 Missing property object `limits.memory` - value should be within the accepted boundaries recommended by the organization
没有设定内存 limit如果需要一次性检查多个文件,可以直接使用文件夹
默认情况下,它只有21条(?) rule
Each CLI invocation is running a default policy that includes 21 built-in rules.
可以通过 cliId 登录来重新配置
