Skip to main content

Kubernetes Compliance

Securing and ensuring compliance for deployments across various business processes can present challenges, particularly when organizations doesn't use a centralized approach for self-service, CI/CD, and other deployment methods. Implementing a Torque blueprint that includes deployment validations offers a recommended approach to orchestrate, track changes, and maintain consistency, thus establishing a best practice for secure deployments.

The following environment was orchestrated form a blueprint with multiple grains. The initial deployment process downloads the latest deployment files and validate them through a set of open-source tools - and Kubescape. Once only the validation is done and the score meets the criteria, the application deployment will take place.

Environment Validations

Note that in some cases, it might take time for Kubernetes deployment in the cloud to be fully exposed to external communication. In this case, we've added a "health-check" grain that will wait for the externally ingress to be fully reachable and additional validation to make sure the application is up and running.

Here is an example of how we execute in the above environment using the Shell grain:

kind: shell
- source: microservices-boutique-demo
path: release/kubernetes-manifests.yaml
name: '{{ }}'
- "apt-get -y install git unzip curl"
- "curl | /bin/bash"
- "datree config set token <personal token>"
- "datree test ./kubernetes-manifests.yaml -o simple --ignore-missing-schemas"