Show HN: Datree (YC W20): Prevent K8s misconfigurations from reaching production

• datree

  34 6,407 5.2 Go

  Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io

  

Developers want to ship features without waiting for infra. And infra teams don't want to “babysit” developers by reviewing config files all day long, essentially acting as human debuggers for misconfigurations.

That’s why I teamed up with Eyar Zilberman to found Datree. Our mission is to help engineering teams prevent Kubernetes misconfigurations from reaching production. We believe that providing guardrails to developers protects their infra changes and frees up DevOps teams to focus on what matters most.

Datree provides a CLI tool (https://github.com/datreeio/datree) that runs automated policy checks against your Kubernetes manifests and Helm charts, identifies any misconfigurations within, and suggests how to fix them. The tool comes with dozens of preset, best-practice rules covering the most common mistakes that could affect your production. In addition, you can write custom rules for your policy.

Our built-in rules are based on hundreds of Kubernetes post-mortems to ensure the prevention of issues such as resource limits/requests (MEM/CPU), liveness and readiness probes, labels on resources, Kubernetes schema validation, API version deprecation, and more.

Datree comes with a centralized policy dashboard enabling the infra team to dynamically configure rules that run on dev computers during the development phase, as well as within the CI/CD process. This central control point propagates policy checks automatically to all developers/machines in your company.

We initially launched Datree as a general purpose policy engine (see our YC Launch https://news.ycombinator.com/item?id=22536228) in which you could configure all sorts of rules, but the market drove our focus toward infrastructure-as-code and, more specifically, Kubernetes, one of the most painful points of friction between developers and infrastructure teams.

When we adjusted to a Kubernetes-focused product, we pivoted our top-down sales-driven model to a wholly new bottom-up adoption-driven model focused on the user.

Our new dev tool is self-served and open-source. Hundreds of companies are using it to prevent Kubernetes misconfigurations and, in turn, are helping the tool improve by opening issues and submitting pull requests on GitHub.

Today we are a “product-led growth” company, which is a relatively new business methodology centered on user adoption driving product demand toward monetization. Our product is well suited for self-evaluation and immediate value delivery. No more demo calls — just 2 quick steps to try the product yourself!

TechWorld with Nana did a deep technical review of our product, which can be viewed at https://www.youtube.com/watch?v=hgUfH9Ab258.

We look forward to hearing your feedback and answering any questions you may have.

Thank you :)

• awesome-jsonschema

  70 101 5.3 Handlebars

  A curated list of awesome JSON Schema resources, tutorials, tools, and more.

  

We just released support for custom rules :) from interviewing our users, we decided to start with [0] JSON Schema as it is very easy to write rules using it and you do not have to learn rego.

Having said that, we might add OPA .rego support in the near future :)

What is the desired way for you to write custom policy rules?

[0] - https://json-schema.org/

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

Suggest a related project