Try Devtron Enterprise!
Start Free Trial
LogoLogo
WebsiteDevtron demoGithub RepoJoin Discord
v0.7
v0.7
  • Introduction
  • Getting Started
  • Install Devtron
    • Install Devtron with CI/CD
    • Install Devtron with CI/CD and GitOps (Argo CD)
    • Install Devtron without Integrations
    • Install Devtron on Minikube, Microk8s, K3s, Kind, Cloud VMs
    • Install Devtron on Airgapped Environment
    • Demo on Popular Cloud Providers
    • Backup for Disaster Recovery
    • Uninstall Devtron
    • FAQs
  • Install Devtron Enterprise Trial
  • Devtron Kubernetes Client
  • Configurations
    • Installation Configurations
    • Override Configurations
    • Ingress Setup
  • Global Configurations
    • Host URL
    • GitOps
    • Projects
    • Clusters & Environments
    • Git Accounts
    • Container/OCI Registry
    • Chart Repositories
    • Deployment Charts
    • Authorization
      • SSO Login Services
        • Google
        • GitHub
        • GitLab
        • Microsoft
        • LDAP
        • OIDC
          • Keycloak
          • Okta
        • OpenShift
      • User Permissions
      • Permission Groups
      • API Tokens
    • Notifications
    • Deployment Window
    • Approval Policy
    • External Links
    • Catalog Framework
    • Scoped Variables
    • Plugin Policy
    • Pull Image Digest
    • Tags Policy
    • Filter Condition
    • Lock Deployment Configuration
    • Image Promotion Policy
    • Build Infra
  • Devtron Upgrade
    • Update Devtron from Devtron UI
    • Upgrade to 1.5.0
    • 0.6.x-0.7.x
    • 0.5.x-0.6.x
    • 0.4.x-0.5.x
    • 0.4.x-0.4.x
    • 0.3.x-0.4.x
    • 0.3.x-0.3.x
    • 0.2.x-0.3.x
  • Usage
    • Applications
      • Create a New Application
      • Clone an Existing Application
      • Deploy a Sample Application
      • App Configuration
        • Git Repository
        • Build Configuration
        • Base Deployment Template
          • Deployment
          • Rollout Deployment
          • Job and Cronjob
          • StatefulSets
        • GitOps Configuration
        • Workflow Editor
          • CI Pipeline
            • Pre-Build/Post-Build Stages
            • Override Build Configuration
          • CD Pipeline
        • ConfigMaps
        • Secrets
          • External Secret Operator (ESO)
            • AWS Secrets Manager
            • Google Secrets Manager
            • HashiCorp Vault
        • Environment Overrides
        • Deleting Application
      • Build and Deploy
        • Triggering CI
        • Triggering CD
        • Rollback Deployment
        • Applying Labels to Images
      • App Details
        • Debugging Deployment And Monitoring
        • Using Ephemeral Containers
        • Application Metrics
      • Application Overview
    • Jobs
      • Create a new job
      • Configurations
      • Workflow Editor
      • Trigger Job
      • Overview
    • Application Groups
    • Software Distribution Hub
      • Tenants
      • Release Hub
    • Resource Browser
    • Resource Watcher
    • Charts
      • Charts Overview
      • Deploy & Observe
      • Examples
        • Deploying Mysql Helm Chart
        • Deploying MongoDB Helm Chart
      • Chart Group
    • Security
      • Security Scans
      • Security Policies
    • Bulk Edit
    • Integrations
      • Build and Deploy (CI/CD)
      • GitOps (Argo CD)
      • Vulnerability Scanning (Clair)
      • Notifications
      • Monitoring (Grafana)
    • Pipeline Plugins
      • Create Your Plugin
      • Our Plugins
        • Ansible Runner
        • Bitbucket Runner Trigger
        • Codacy
        • Code-Scan
        • Copacetic
        • Container Image Exporter
        • Copy Container Image
        • Cosign
        • CraneCopy
        • Dependency track - Maven & Gradle
        • Dependency track - NodeJS
        • Dependency track - Python
        • Devtron CD Trigger
        • Devtron CI Trigger
        • Devtron Job Trigger
        • DockerSlim
        • EKS Create Cluster
        • GCS Create Bucket
        • GitHub Pull Request Updater
        • GKE Provisioner
        • GoLang-migrate
        • Jenkins
        • Jira Issue Validator
        • Jira Issue Updater
        • K6 Load Testing
        • Pull images from container repository
        • Semgrep
        • SonarQube
        • SonarQube v1.1.0
        • Terraform CLI
        • Vulnerability Scanning
  • Resources
    • Glossary
    • Troubleshooting
    • Use Cases
      • Devtron Generic Helm Chart To Run CronJob Or One Time Job
      • Connect SpringBoot with Mysql Database
      • Connect Expressjs With Mongodb Database
      • Connect Django With Mysql Database
      • Pull Helm Charts from OCI Registry
    • Telemetry Overview
    • Devtron on Graviton
    • Release Notes
Powered by GitBook
On this page
  • Introduction
  • Tutorial
  • Creating a Plugin Policy
  • Applying a Plugin Policy
  • Results

Was this helpful?

Export as PDF
  1. Global Configurations

Plugin Policy

PreviousScoped VariablesNextPull Image Digest

Last updated 4 months ago

Was this helpful?

Introduction

Your should follow certain standards and precautions to ensure reliability and a smooth release. For example, mandating load testing for production deployments might help you identify performance bottlenecks early rather than face possible outages, unhappy users, or revenue loss.

The Plugin Policy feature in Devtron lets you enforce the presence of specific at various stages in your application's build and deployment pipelines, such as , , , or . Therefore, if the required plugins do not exist in the specified stage(s), you can decide the action (whether to allow or block the pipeline trigger).

Figure 1: How Plugin Policy Works

Tutorial


Creating a Plugin Policy

Who Can Perform This Action?

Users need to have super-admin permission to create a plugin policy.

  1. Go to Global Configurations → Plugin Policy.

  2. Click + Create Profile.

  3. Give a name to the profile, e.g., check-jira, and add a description (optional) preferably explaining what it does.

  4. Choose whether the profile should apply to the Build pipeline or the Deployment pipeline.

Note

A single policy cannot apply to both build and deployment pipelines simultaneously. You can create separate policies instead.

  1. Under Mandatory Plugin(s), click Add Plugin.

  2. A list of plugins will appear for you to choose from. Select one or more plugins to make them mandatory for the pipeline you selected in step 4.

Tip

There is a search box for you to quickly find the plugins. Moreover, since plugins are classified by tags, you can use the tag filter to find your intended plugins.

  1. Click Done.

  2. Use the dropdown menu to choose the stage (pre or post) at which you wish to enforce your chosen plugin(s). You can select mixed stages too.

    Here, Pre means before and Post means after.

  3. Decide the action that the system should take in case your policy is not followed by the intended pipelines in your application workflow.

    • Allow respective triggers with warning - This will allow the non-compliant pipeline to run. However, it will display an 'Action required' warning at the intended stage (pre/post) of the pipeline in the application's workflow.

    • Block respective triggers immediately - This will not allow the non-compliant pipeline to run (whether manual execution or automated) effective immediately, unless the user configures the mandatory plugins.

    • Block respective triggers from date/time - This will allow the non-compliant pipeline to run only till a given date and time. After that, it will block the non-compliant pipeline unless the user configures the mandatory plugins.

  4. Click Save Changes.


Applying a Plugin Policy

Who Can Perform This Action?

Users need to have super-admin permission to apply a plugin policy.

  1. After you create a policy, you can apply it. Click Apply Profile on the same screen.

  2. From the Select profiles to apply dropdown, choose the policy you wish to apply. You also have the option to select more than one policy (if they exist) using the checkbox.

  3. Under Apply selected policies to all pipelines:

    • Global - Select this option to apply your chosen policies to all application workflows across all clusters.

    • By Match Criteria - Select this option to use a combination of filters to decide the target pipelines fulfilling your criteria. Your policy will only apply to such target pipelines.

  4. (Skip this if you chose Global in the previous step) Upon choosing the By Match Criteria option, the following match criteria are available for you:

    • Project

    • Application

    • Cluster

    • Environment

    • Branch fixed

    • Branch regex

    Once you select the criteria, choose the value displayed to you in the dropdown list as shown below.

  5. (Optional) You may also write a note for your other team members to understand the intent and context of your policy.

  6. Click Save Changes.

Once you apply the plugin policy, you can view the pipelines that are not adhering to your policy as shown below. Clicking on the non-compliant pipeline will take you directly to the application workflow prompting you to take action.


Results

Since we created a policy that blocks the trigger of non-compliant deployment pipelines, no user can trigger the deployment unless the mandatory plugins are configured as shown below.

Figure 2: Plugin Policy
Figure 3: Create Profile Button
Figure 4: Choosing a Pipeline Type
Figure 5: 'Add Plugin' Option
Figure 6: Finding and Choosing Plugins
Figure 7: Finding and Choosing Plugins
Figure 8: Taking Action
Figure 9: Apply Profile Button
Figure 10: Selecting Profiles
Figure 11: Choosing Scope
Figure 12: Deciding Matching Criteria for Pipelines
Figure 13: Deciding Matching Criteria for Pipelines
Figure 14: Non-compliant Pipelines
Figure 15: Blocked Non-compliant CD Pipeline

On the other hand, if you selected Build pipeline in step 4 of , the build trigger would get blocked as shown below.

Figure 16: Blocked Non-compliant CI Pipeline
Creating Plugin Policy
application workflow
plugins
pre-build
post-build
pre-deployment
post-deployment