Getting started
To list all the available developpers commands from the makefile, run:
Requirements build
- go (v1.22): https://go.dev/doc/install
- Docker >= 19.03 (
docker version
) - Docker Compose >= v2.0 (
docker compose version
)
Backend
The backend images are built with the Dockerfiles docker-compose.dev.[graph|ingestor|mongo|ui].yaml
. There are listed in deployment directory. To avoid running docker-compose it manually, there is an hidden command kubehound dev --help
. The backend stack will be flagged as kubehound-dev-
in the name of each component.
Building the minimum dev stack
The minimum stack (mongo
& graph
) can be spawned with
kubehound dev
which is an equivalent ofdocker compose -f docker-compose.yaml -f docker-compose.dev.graph.yaml -f docker-compose.dev.mongo.yaml
. By default it will always rebuild everything (no cache is being used).
Building dev options
You can add components to the mininum stack (ui
and grpc endpoint
) by adding the following flag.
--ui
to add the Jupyter UI to the build.--grpc
to add the ingestor endpoint (exposing the grpc server for KHaaS).
For instance, building locally the minimum stack with the ui
component:
Tearing down the dev stack
To tear down the KubeHound dev stack, just use --down
flag:
Note
It will stop all the component from the dev stack (including the ui
and grpc endpoint
if started)
Build the binary
Build from source
To build KubeHound locally from the sources, use the Makefile:
KubeHound binary will be output to ./bin/build/kubehound
.
Releases
We use buildx
to release new versions of KubeHound, for cross platform compatibility and because we are embedding the docker compose library (to enable KubeHound to spin up the KubeHound stack directly from the binary). This saves the user from having to take care of this part. The build relies on 2 files docker-bake.hcl and Dockerfile. The following bake targets are available:
validate
orlint
: run the release CI linterbinary
(default option): build kubehound just for the local architecturebinary-cross
orrelease
: run the cross platform compilation
Note
Those targets are made only for the CI and are not intented to be run run locally (except to test the CI locally).
Cross platform compilation
To test the cross platform compilation locally, use the buildx bake target release
. This target is being run by the CI (buildx.
Warning
The cross-binary compilation with buildx
is not working in mac: ERROR: Multi-platform build is not supported for the docker driver.
Push a new release
The CI releases a set of new images and binaries when a tag is created. To set a new tag on the main branch:
New tags will trigger the 2 following jobs:
- docker: pushing new images for
kubehound-graph
,kubehound-binary
andkubehound-ui
on ghcr.io. The images can be listed here. - buildx: compiling the binary for all platform. The platform supported can be listed using this
docker buildx bake binary-cross --print | jq -cr '.target."binary-cross".platforms'
.
deprecated
The kubehound-ingestor
image has been deprecated since v1.5.0 and renamed to kubehound-binary
.
The CI will draft a new release that will need manual validation. In order to get published, an admin has to to validate the new draft from the UI.
Tip
To resync all the tags from the main repo you can use git tag -l | xargs git tag -d;git fetch --tags
.