Datree Custom Policies
One of the biggest problems for Kubernetes cluster admins is getting misconfigurations at the production level, but what if I tell you that you can solve these misconfigurations at the development level, here comes the Datree CLI tool, which allows you to prevent Kubernetes misconfigurations from reaching production It has some built-in rules to test your Manifest files and you can define your own custom policies by YAML Schema. I have made five policies in 3 kinds, i.e., for Deployment, PodDisruptionBudget, HorizontalPodAutoscaler.
Deployment Best Practices
Define Rolling Update Strategy:-Deployment is one of the key parts of running an Application. This Policy ensures whether K8's admins applied correct configuration for RollingUpdateDeployment.
Ensure revisionHistoryLimit was Set:-If deployment of new version is messed up to Roll Back to the previous version we use Kubectl commands and get the previous history of deployment we can add revisionHistoryLimit in manifest files to get earlier versions up to specific versions.
PodDisruptionBudget Best Practices
Ensure Pod Disruption Budget with minAvailable Selector is Set:-Having a PodDisruptionBudget helps K8's admins to set minimum number of pods that should be available when voluntary disruptions by K8's admins occur like
- Draining a node for repair or upgrade
- Draining a node from a cluster to scale the cluster down
- Removing a pod from a node to permit something else to fit on the node
Ensure Pod Disruption Budget with maxUnavailable Selector is Set:-Having a PodDisruptionBudget helps K8's admins to set maximum number of pods that should be unavailable when voluntary disruptions by K8's admins occur like
- Draining a node for repair or upgrade
- Draining a node from a cluster to scale the cluster down
- Removing a pod from a node to permit something else to fit on the node NOTE:-One can use only one of the above Policy
HPA_best_practices
Ensure targetCPUUtilizationPercentage is Set:-When auto-scaling resource utilization is triggered with HPA (HorizontalPodAutoscaler), a targetCPUUtilizationPercentage should be defined in manifest file to get a threshold CPU limit, and it will scale a pod and create a new replica.
Why I chose to make these policies??
I wanted to participate in Cloud Native hackathon then looked at all the organizations hosting it. I found Datree interesting and researched about Datree; then I found the interview of Shimon Tolts by Kunal Kushwaha; in that video, they discussed about Datree. From that video, I got know that you can test your manifest files without Kubectl commands and logging into cluster, so I thought of turning some Kubectl commands to Datree custom policy like revisionHistoryLimit is set which gets the history of previous versions of Application and helps in rollbacking to previous versions, and other policies have their use cases as mentioned Above.
Resources used
Also, thanks to Kunal Kushwaha and Team Datree for hosting this hackathon and clearing my queries during the hackathon.
