helm-datree icon indicating copy to clipboard operation
helm-datree copied to clipboard

A Helm plugin to validate charts against the Datree's CLI tool

Datree Helm Plugin

A Helm plugin to validate charts against the Datree policy


helm plugin install https://github.com/datreeio/helm-datree

⚠️ Helm plugins are not supported on Windows OS ⚠️
Windows users can work around this by using Helm under WSL

Update Datree's plugin version

helm plugin update datree


helm plugin uninstall datree


Trigger datree policy check via the helm CLI

helm datree test [CHART_DIRECTORY]

Passing arguments

If you need to pass helm arguments to your template, you will need to add -- before them:

helm datree test [CHART_DIRECTORY] -- --values values.yaml --set name=prod

Test files

By default, test files generated by Helm will be skipped. If you wish to include test files in your policy check, add the --include-tests flag:

helm datree test --include-tests [CHART_DIRECTORY]

Check plugin version

helm datree version

See help text

helm datree help

Using other helm command

Helm might be installed through other tooling like microk8s. The DATREE_HELM_COMMAND allows specifying a command to run helm (default: helm):

DATREE_HELM_COMMAND="microk8s helm3" helm datree test [CHART_DIRECTORY]

Testing multiple charts

If you have multiple charts inside a single directory, you can test all of them sequentially using the following script:



while read -r helmchart; do
	dir="$(dirname "$helmchart")"
    echo "*** Proceeding to test Helm chart: $helmchart ***"
	set +e
	helm datree test "$dir"
	set -e
	if [ "$exitcode" -gt "$final_exit_code" ]; then
    echo ""
done < <(find "$path" -type f -name 'Chart.y*ml')

if [ "$final_exit_code" = 0 ]; then
    echo "Success"
    echo "Violations found, returning exit code $final_exit_code"
exit "$final_exit_code"

The script will run a policy check against all charts before exiting, and return 0 only if no violations were found in any of them.
This is useful for CI, to avoid the need to call datree test multiple times.


Basic usage

helm plugin install https://github.com/datreeio/helm-datree
git clone [email protected]:datreeio/examples.git
helm datree test examples/helm-chart/nginx


GitHub Workflow

    branches: [ main ]
    branches: [ main ]
  DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} 

    runs-on: ubuntu-latest

      - name: Checkout
        uses: actions/checkout@v2
      - name: Run Datree Policy Check
        uses: datreeio/action-datree@main
          path: 'myChartDirectory'
          cliArguments: '--only-k8s-files'
          isHelmChart: true
          helmArguments: '--values values.yaml'


Error: plugin "datree" exited with error

This is actually expected behavior because it's raised by Helm itself every time a plugin returns a non-zero exit code.
Therefore, if you will run datree plugin on a Chart that will pass the policy check, it will return 0 as exit code, and you will not see this error.

K8s schema validation error

This error occurs when trying to scan Chart.yaml or values.yaml files instead of the chart directory.
Solution: Pass the helm chart directory path to Datree's CLI, instead of to the file itself:

  • Correct - helm datree test examples/helm-chart/nginx
  • Wrong - helm datree test examples/helm-chart/nginx/values.yaml

The policy check returns false-positive results

The best way to determine if a false-positive result is a bug or a true misconfiguration, is by rendering the Kubernetes manifest with helm and then checking it manually:

helm template [CHART_DIRECTORY]

If after eyeballing the rendered manifest you still suspect it's a bug, please open an issue.