eyarz
commented
3 years ago Do you mean that you need Datree to work in an air-gapped environment (i.e. no internet access at all)?
Closed ricardoalcantara closed 3 years ago
eyarz
commented
3 years ago Do you mean that you need Datree to work in an air-gapped environment (i.e. no internet access at all)?
ricardoalcantara
commented
3 years ago Yes! that's exactly what I mean. Our pipeline and deployment env (k8s) are all sealed, and most of our products uses VPN or dedicated network, but even if something needs to be exposed on internet we have DMZ and layers of firewall to make it happen.
eyarz
commented
3 years ago Got it. Unfortunately, this is not something that we are planning to support soon :/ What are the key features that Datree has and you need? Based on your answer, I will be able to recommend alternative tools that are also compatible with an air-gapped environment.
ricardoalcantara
commented
3 years ago Indeed there are other tools that validate k8s environment or k8s CRD files somewhere in the CI pipeline, but I haven't found yet a tool that has this centralized configuration server that I could manager the profile in just one place and run my CI pointing to this profile.
eyarz
commented
3 years ago You are right, the centralized configuration is a unique functionality that only we have. The good news is that this is on our roadmap, it just won't be released soon (in the next couple of weeks).
If you don't fear some engineering overhead and gluing OSS together, you should probably be able to build a centralized configuration policy with OPA.
stale[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
byteknacker
commented
2 years ago Just curious to know if by using datree, we are sending data from within our clusters to your company. For my enterprise clients, I cannot used tools that send data to the outside for storage or analysis. Is there a way to self-host the dashboard of datree? So I can run it in a Kubernetes namespace and have a private endpoint connecting to it which only certain people can access?
eyarz
commented
2 years ago It depends on how you're using datree.
Data from within your clusters will be sent only if you install the webhook. If you use the DATREE_NO_RECORD flag, no data will be sent to the dashboard from your cluster.
Using Datree's CLI or Datree in the CI will not send any data from your cluster. Here you can find more info about which type of data is sent to your SaaS dashboard: https://hub.datree.io/data-privacy
byteknacker
commented
2 years ago Ah that is great to know. In this case, I can start using Datree right away.
Is your feature request related to a problem? Please describe. We need a centralized policy configuration but we cannot go to the external environment to get those polices. It must be inside our infrastructure.
Describe the solution you'd like A docker image of app.datree