datree VS minikube

Compare datree vs minikube and see what are their differences.

datree

Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io (by datreeio)
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
datree minikube
34 76
6,401 28,207
0.1% 1.1%
7.2 9.9
5 months ago 5 days ago
Go Go
Apache License 2.0 Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

datree

Posts with mentions or reviews of datree. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-04-04.
  • Show HN: Datree (YC W20) – End-to-End Policy Management for Kubernetes
    2 projects | news.ycombinator.com | 4 Apr 2023
    Hi HN, I’m Shimon, the co-founder of Datree: A policy management solution for Kubernetes. We help DevOps engineers prevent misconfigurations in their Kubernetes by enforcing an organizational policy on their clusters. Engineers can define a custom policy or use one of Datree’s built-in policies, such as NIST/NSA Hardening Guide, EKS Security Best Practices, CIS Benchmark, and more.

    Our website is at https://datree.io and our GitHub is here: https://github.com/datreeio/datree

    This is not the first time I have shown Datree to the HN community: A little over a year ago, I posted here an earlier version of Datree (https://news.ycombinator.com/item?id=28918850). At that time, Datree consisted of a CLI tool to detect Kubernetes misconfigurations during the development process (locally or in the CI/CD), unlike the version I present today in which the enforcement happens in production.

    We built the CLI tool because we detected a big problem among Kubernetes operators: Misconfigurations. Kubernetes is extremely complex and flexible, which makes it very easy to poorly configure it in ways that are not secure. And indeed, we talked to dozens of Kubernetes operators who suffered from various problems, starting with failed audits, all the way to downtime in production, all because of misconfigurations.

    Our solution was simple: Give the developers the means to shift-left security testing during the development process with a CLI tool that can be integrated into the CI/CD. We thought this was the best way to approach the problem: It is easiest to fix misconfigurations in the development process before they are deployed to production, it prevents context-switching and relieves resources from the DevOps team.

    While the CLI tool was very popular among the open-source community (it got over 6000 stars on GitHub), we soon realized that CI/CD enforcement is not enough. As we talked with Datree’s users, we realized we had made a fundamental mistake: We thought of misconfiguration prevention in technical terms rather than organizational terms.

    Indeed, from a technical point of view, it makes sense to shift-left Kubernetes security. But when considering the organizational structure in which it takes place, it simply isn’t enough. DevOps engineers told us that they love the shift-left concept, but they simply cannot rely on the goodwill of the engineers to run a CLI tool locally or to monitor all the pipelines leading to production. They need governance, something to help them stay in control of the state of their clusters.

    Moreover, we realized that many companies who use Kubernetes are heavily regulated, and cannot take any chances with their security. Sure, these companies want the engineers to fix misconfigurations during development, but they also want something to make sure that no matter what, their clusters remain misconfiguration-free.

    Based on this understanding, we developed a new version of Datree that sits on the cluster itself (rather than in the CI/CD) and protects the production environment by blocking misconfigured resources with an admission webhook. It has a centralized policy management solution to enable governance, and native monitoring to get real-time insights into the state of your Kubernetes.

    I look forward to hearing your feedback and answering any questions you may have.

  • Is OPA Gatekeeper the best solution for writing policies for k8s clusters?
    14 projects | /r/kubernetes | 10 Nov 2022
  • Question for the Argo-Verse
    3 projects | /r/argoproj | 12 May 2022
  • How to create a react app with Go support using WebAssembly in under 60 seconds
    4 projects | dev.to | 26 Apr 2022
    Go is a statically typed, compiled programming language designed at Google, it is syntactically similar to C, but with memory safety, garbage collection, structural typing, and CSP-style concurrency. In my case, I needed to run Go for JSON schema validations, in other cases, you might want to perform a CPU-intensive task or use a CLI tool written in Go.
  • Gatekeeper vs Kyverno
    3 projects | /r/kubernetes | 18 Apr 2022
    I worked with both of them and from my experience Gatekeeper is more solid and accountable, I even wrote an article about Gatekeeper. Both Gatekeeper and Kyverno require a lot of heavy lifting work. On the one hand, Gatekeeper will probably require more configuration work however the community and the tool itself are more stable than Kyverno. On the other hand, Kyverno policy-as-code capabilities are much easier to use/understand. This way or another, for me using Kyverno’s policy language or Rego for my policies, wasn’t such a pleasant experience. I personally believe in GitOps and shifting left so if you’re looking for tools I would highly recommend you to review Datree, which is an open-source CLI (Disclaimer: I’m one of the developers at Datree). Datree is a more centralized policy management solution rather than a policy engine. Unlike Kyverno/Gatekeeper Datree was built to help DevOps teams to shift left and practice GitOps by delegating more responsibilities to the developers more efficiently. In practice, Datree already comes with built-in rules and policies along with YAML and schema validation for K8s resources and CRDs such as Argo CRDs. Datree’s policies are written in JSONScheme which is a common solid policy language supported by the community for many years. Additionally, Datree’s CLI also comes with a dashboard app where you can monitor the policies in your organization. You can modify and update your policies, review which policies are being used in practice, and control who can create/delete/update your policies. The major difference is that at the moment, unlike Kyverno/Gatekeeper Datree doesn’t provide native policy enforcement in the Kubernetes cluster at the moment but we expect to release this support very soon. At the moment, we provide a way to scan the cluster using a kubectl plugin. Feel free to check it out :)
  • Working with Datree’s Helm Plugin
    2 projects | dev.to | 27 Mar 2022
    $ helm plugin install https://github.com/datreeio/helm-datree Installing helm-datree... https://github.com/datreeio/datree/releases/download/1.0.6/datree-cli_1.0.6_Darwin_x86_64.zip % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 673 100 673 0 0 1439 0 --:--:-- --:--:-- --:--:-- 1469 100 6901k 100 6901k 0 0 1852k 0 0:00:03 0:00:03 --:--:-- 2865k helm-datree is installed. See https://hub.datree.io for help getting started. Installed plugin: datree
  • Top 200 Kubernetes Tools for DevOps Engineer Like You
    84 projects | dev.to | 15 Jan 2022
    TerraScan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. klum - Kubernetes Lazy User Manager Kyverno - Kubernetes Native Policy Management https://kyverno.io kiosk - kiosk office Multi-Tenancy Extension For Kubernetes - Secure Cluster Sharing & Self-Service Namespace Provisioning kube-bench - CIS Kubernetes Benchmark tool kube-hunter - Pentesting tool - Hunts for security weaknesses in Kubernetes clusters kube-who-can - Show who has RBAC permissions to perform actions on different resources in Kubernetes starboard - Kubernetes-native security toolkit Simulator - Kubernetes Security Training Platform - Focussing on security mitigation RBAC Lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://fairwinds.com Kubeaudit - kubeaudit helps you audit your Kubernetes clusters against common security controls Gangway - An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster Audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs Chartsec - Helm Chart security scanner kubestriker - Security Auditing tool Datree - CLI tool to prevent K8s misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies Krane - Kubernetes RBAC static Analysis & visualisation tool Flaco - The Falco Project - Cloud-Native runtime security Clair - Vulnerability Static Analysis for Containers Anchore Cli - Coomand Line Interface built on top of anchore engine to manage and inspect images, policies, subscriptions and registries Project Quay - Container image registry designed to boost the security of your repositories via vulnerability scanning and tight access control Kubescape - Tool to test if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®
  • Validating Kubernetes Configurations with Datree
    8 projects | dev.to | 8 Nov 2021
    Datree is a really good framework for a DevOps person who wants to build a stable Kubernetes manifest (YAML) which is very well tested and secured with custom policies.
  • Show HN: Datree (YC W20): Prevent K8s misconfigurations from reaching production
    2 projects | news.ycombinator.com | 19 Oct 2021
    Developers want to ship features without waiting for infra. And infra teams don't want to “babysit” developers by reviewing config files all day long, essentially acting as human debuggers for misconfigurations.

    That’s why I teamed up with Eyar Zilberman to found Datree. Our mission is to help engineering teams prevent Kubernetes misconfigurations from reaching production. We believe that providing guardrails to developers protects their infra changes and frees up DevOps teams to focus on what matters most.

    Datree provides a CLI tool (https://github.com/datreeio/datree) that runs automated policy checks against your Kubernetes manifests and Helm charts, identifies any misconfigurations within, and suggests how to fix them. The tool comes with dozens of preset, best-practice rules covering the most common mistakes that could affect your production. In addition, you can write custom rules for your policy.

    Our built-in rules are based on hundreds of Kubernetes post-mortems to ensure the prevention of issues such as resource limits/requests (MEM/CPU), liveness and readiness probes, labels on resources, Kubernetes schema validation, API version deprecation, and more.

    Datree comes with a centralized policy dashboard enabling the infra team to dynamically configure rules that run on dev computers during the development phase, as well as within the CI/CD process. This central control point propagates policy checks automatically to all developers/machines in your company.

    We initially launched Datree as a general purpose policy engine (see our YC Launch https://news.ycombinator.com/item?id=22536228) in which you could configure all sorts of rules, but the market drove our focus toward infrastructure-as-code and, more specifically, Kubernetes, one of the most painful points of friction between developers and infrastructure teams.

    When we adjusted to a Kubernetes-focused product, we pivoted our top-down sales-driven model to a wholly new bottom-up adoption-driven model focused on the user.

    Our new dev tool is self-served and open-source. Hundreds of companies are using it to prevent Kubernetes misconfigurations and, in turn, are helping the tool improve by opening issues and submitting pull requests on GitHub.

    Today we are a “product-led growth” company, which is a relatively new business methodology centered on user adoption driving product demand toward monetization. Our product is well suited for self-evaluation and immediate value delivery. No more demo calls — just 2 quick steps to try the product yourself!

    TechWorld with Nana did a deep technical review of our product, which can be viewed at https://www.youtube.com/watch?v=hgUfH9Ab258.

    We look forward to hearing your feedback and answering any questions you may have.

    Thank you :)

minikube

Posts with mentions or reviews of minikube. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-10-11.
  • K3s – Lightweight Kubernetes
    17 projects | news.ycombinator.com | 11 Oct 2023
    If you're just messing around, just use kind (https://kind.sigs.k8s.io) or minikube if you want VMs (https://minikube.sigs.k8s.io). Both work on ARM-based platforms.

    You can also use k3s; it's hella easy to get started with and it works great.

  • Developer’s Guide to Building Kubernetes Cloud Apps ☁️🚀
    2 projects | dev.to | 10 Oct 2023
    $ minikube addons enable dashboard 💡 dashboard is an addon maintained by Kubernetes. For any concerns contact minikube on GitHub. You can view the list of minikube maintainers at: https://github.com/kubernetes/minikube/blob/master/OWNERS ▪ Using image docker.io/kubernetesui/dashboard:v2.7.0 ▪ Using image docker.io/kubernetesui/metrics-scraper:v1.0.8 🌟 The 'dashboard' addon is enabled $ minikube addons enable metrics-server 💡 metrics-server is an addon maintained by Kubernetes. For any concerns contact minikube on GitHub. You can view the list of minikube maintainers at: https://github.com/kubernetes/minikube/blob/master/OWNERS ▪ Using image registry.k8s.io/metrics-server/metrics-server:v0.6.4 🌟 The 'metrics-server' addon is enabled $ minikube addons enable ingress 💡 ingress is an addon maintained by Kubernetes. For any concerns contact minikube on GitHub. You can view the list of minikube maintainers at: https://github.com/kubernetes/minikube/blob/master/OWNERS 💡 After the addon is enabled, please run "minikube tunnel" and your ingress resources would be available at "127.0.0.1" ▪ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407 ▪ Using image registry.k8s.io/ingress-nginx/controller:v1.8.1 ▪ Using image registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20230407 🔎 Verifying ingress addon... 🌟 The 'ingress' addon is enabled
  • Implementing TLS in Kubernetes
    13 projects | dev.to | 1 Aug 2023
    A Kubernetes distribution: You need to install a Kubernetes distribution to create the Kubernetes cluster and other necessary resources, such as deployments and services. This tutorial uses kind (v0.18.0), but you can use any other Kubernetes distribution, including minikube or K3s.
  • Kube-bench and Popeye: A Power Duo for AKS Security Compliance
    3 projects | dev.to | 23 Jan 2023
    > minikube start 😄 minikube v1.22.0 on Darwin 12.6.2 ✨ Using the hyperkit driver based on existing profile 👍 Starting control plane node minikube in cluster minikube 🏃 Updating the running hyperkit "minikube" VM ... 🎉 minikube 1.28.0 is available! Download it: https://github.com/kubernetes/minikube/releases/tag/v1.28.0 💡 To disable this notice, run: 'minikube config set WantUpdateNotification false' 🐳 Preparing Kubernetes v1.21.2 on Docker 20.10.6 ... 🔎 Verifying Kubernetes components... ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5 🌟 Enabled addons: storage-provisioner, default-storageclass ❗ /usr/local/bin/kubectl is version 1.25.2, which may have incompatibilites with Kubernetes 1.21.2. ▪ Want kubectl v1.21.2? Try 'minikube kubectl -- get pods -A' 🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default # Download the job.yaml file > curl https://raw.githubusercontent.com/aquasecurity/kube-bench/main/job.yaml > job.yaml > kubectl apply -f job.yaml job.batch/kube-bench created > kubectl get pods -A  ✔  at minikube ⎈ NAMESPACE NAME READY STATUS RESTARTS AGE default kube-bench-t2fgh 0/1 ContainerCreating 0 5s > kubectl get pods -A  ✔  at minikube ⎈ NAMESPACE NAME READY STATUS RESTARTS AGE default kube-bench-t2fgh 0/1 Completed 0 32s
  • Best way to install and use kubernetes for learning
    19 projects | /r/kubernetes | 12 Nov 2022
    minikube (https://github.com/kubernetes/minikube) - based off of docker machine, uses driver for backend, so can use KVM, Vagrant, or Docker itself to bootstrap K8S cluster.
  • Running Kubernetes locally on M1 Mac
    2 projects | /r/codehunter | 23 Sep 2022
    When I run minikube start --driver=docker (having installed the tech preview of Docker Desktop for M1), an initialization error occurs. It seems to me that this is being tracked here https://github.com/kubernetes/minikube/issues/9224.
  • Kubernetes' minikube uses my Go Lang Project!
    2 projects | dev.to | 6 Aug 2022
    I am very honored to announce that my Go Language Project Box CLI Maker which makes Highly Customized Boxes for CLI is being used in Kubernetes's minikube which implements a local Kubernetes cluster for Mac OS, Linux and Windows, according to the description.
  • kubelet does not have ClusterDNS IP configured in Microk8s
    2 projects | /r/codehunter | 28 Jul 2022
    apiVersion: v1kind: Servicemetadata: name: kube-dns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "KubeDNS"spec: selector: k8s-app: kube-dns clusterIP: 10.152.183.10 ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP---apiVersion: v1kind: ServiceAccountmetadata: name: kube-dns namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile---apiVersion: v1kind: ConfigMapmetadata: name: kube-dns namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExistsdata: upstreamNameservers: |- ["8.8.8.8", "8.8.4.4"]# Why set upstream ns: https://github.com/kubernetes/minikube/issues/2027---apiVersion: apps/v1kind: Deploymentmetadata: name: kube-dns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcilespec: # replicas: not specified here: # 1. In order to make Addon Manager do not reconcile this replicas parameter. # 2. Default is 1. # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. strategy: rollingUpdate: maxSurge: 10% maxUnavailable: 0 selector: matchLabels: k8s-app: kube-dns template: metadata: labels: k8s-app: kube-dns annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: tolerations: - key: "CriticalAddonsOnly" operator: "Exists" volumes: - name: kube-dns-config configMap: name: kube-dns optional: true containers: - name: kubedns image: gcr.io/google-containers/k8s-dns-kube-dns:1.15.8 resources: # TODO: Set memory limits when we've profiled the container for large # clusters, then set request = limit to keep this container in # guaranteed class. Currently, this container falls into the # "burstable" category so the kubelet doesn't backoff from restarting it. limits: memory: 170Mi requests: cpu: 100m memory: 70Mi livenessProbe: httpGet: path: /healthcheck/kubedns port: 10054 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 readinessProbe: httpGet: path: /readiness port: 8081 scheme: HTTP # we poll on pod startup for the Kubernetes master service and # only setup the /readiness HTTP server once that's available. initialDelaySeconds: 3 timeoutSeconds: 5 args: - --domain=cluster.local. - --dns-port=10053 - --config-dir=/kube-dns-config - --v=2 env: - name: PROMETHEUS\_PORT value: "10055" ports: - containerPort: 10053 name: dns-local protocol: UDP - containerPort: 10053 name: dns-tcp-local protocol: TCP - containerPort: 10055 name: metrics protocol: TCP volumeMounts: - name: kube-dns-config mountPath: /kube-dns-config - name: dnsmasq image: gcr.io/google-containers/k8s-dns-dnsmasq-nanny:1.15.8 livenessProbe: httpGet: path: /healthcheck/dnsmasq port: 10054 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 args: - -v=2 - -logtostderr - -configDir=/etc/k8s/dns/dnsmasq-nanny - -restartDnsmasq=true - -- - -k - --cache-size=1000 - --no-negcache - --log-facility=- - --server=/cluster.local/127.0.0.1#10053 - --server=/in-addr.arpa/127.0.0.1#10053 - --server=/ip6.arpa/127.0.0.1#10053 ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP # see: https://github.com/kubernetes/kubernetes/issues/29055 for details resources: requests: cpu: 150m memory: 20Mi volumeMounts: - name: kube-dns-config mountPath: /etc/k8s/dns/dnsmasq-nanny - name: sidecar image: gcr.io/google-containers/k8s-dns-sidecar:1.15.8 livenessProbe: httpGet: path: /metrics port: 10054 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 args: - --v=2 - --logtostderr - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,SRV - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,SRV ports: - containerPort: 10054 name: metrics protocol: TCP resources: requests: memory: 20Mi cpu: 10m dnsPolicy: Default # Don't use cluster DNS. serviceAccountName: kube-dns Please let me know what I'm missing.
  • Kubernetes Series (Part 1) : Basics of Kubernetes & its architecture
    2 projects | dev.to | 12 Jul 2022
    If you are a Docker toolbox user on Windows, install minikube & then install kubectl
  • Deploy Kubernetes Resources in Minikube cluster using Terraform
    2 projects | dev.to | 25 Jun 2022
    $ minikube start 😄 minikube v1.24.0 on Ubuntu 21.04 ▪ KUBECONFIG=$USERHOME/.kube/config 🎉 minikube 1.26.0 is available! Download it: https://github.com/kubernetes/minikube/releases/tag/v1.26.0 💡 To disable this notice, run: 'minikube config set WantUpdateNotification false' ✨ Using the docker driver based on existing profile 👍 Starting control plane node minikube in cluster minikube 🚜 Pulling base image ... 🔄 Restarting existing docker container for "minikube" ... 🐳 Preparing Kubernetes v1.22.3 on Docker 20.10.8 ... 🔎 Verifying Kubernetes components... ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5 🌟 Enabled addons: default-storageclass, storage-provisioner ❗ /snap/bin/kubectl is version 1.24.2, which may have incompatibilites with Kubernetes 1.22.3. ▪ Want kubectl v1.22.3? Try 'minikube kubectl -- get pods -A' 🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

What are some alternatives?

When comparing datree and minikube you can also consider the following projects:

colima - Container runtimes on macOS (and Linux) with minimal setup

lima - Linux virtual machines, with a focus on running containers

kind - Kubernetes IN Docker - local clusters for testing Kubernetes

kubespray - Deploy a Production Ready Kubernetes Cluster

k9s - 🐶 Kubernetes CLI To Manage Your Clusters In Style!

helm - The Kubernetes Package Manager

k3s - Lightweight Kubernetes

cri-o - Open Container Initiative-based implementation of Kubernetes Container Runtime Interface

containerd - An open and reliable container runtime

KubeArmor - Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).

skaffold - Easy and Repeatable Kubernetes Development

polaris - Validation of best practices in your Kubernetes clusters