WIP

.github/workflows/docker.yml

@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
   # push:
   #   tags:
-  #     - "*"
+  #     - "v*"
 
 env:
   REGISTRY: ghcr.io
@@ -20,10 +20,8 @@ jobs:
         # https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs
         matrix:
           include:
-            - dockerfile: ./Dockerfile
-              component: core
             - dockerfile: deployments/kubehound/janusgraph/Dockerfile
-              image: janusgraph
+              image: kubegraph
     permissions:
       contents: read
       packages: write

.github/workflows/release.yml

@@ -3,7 +3,7 @@ name: KubeHound Release
 on:
   push:
     tags:
-      - "*"
+      - "v*"
 
 permissions:
   contents: read

.gitignore

@@ -9,6 +9,8 @@ bin/
 *.so
 *.dylib
 *.jar
+*.class
+*.lst
 
 # Test binary, built with `go test -c`
 *.test

deployments/kubehound/docker-compose.yaml

@@ -27,29 +27,6 @@ services:
     container_name: ${COMPOSE_PROJECT_NAME}-graphdb
     networks:
       - kubenet
-    environment:
-      #  Optimize for writes https://docs.janusgraph.org/operations/bulk-loading/
-      - janusgraph.ids.block-size=3000000
-      # Enforce strict schema constrains as per https://docs.janusgraph.org/configs/configuration-reference/#schema
-      - janusgraph.schema.constraints=true
-      - janusgraph.schema.default=none
-      # Bump content length of web-socket buffer to enable bulk insert queries
-      - gremlinserver.maxContentLength=2097152
-      # Bump evaluation timeout to support our large datasets
-      - gremlinserver.evaluationTimeout=240000
-      # enabling metrics only for jmxReporter
-      - gremlinserver.metrics.jmxReporter.enabled=true
-      - gremlinserver.metrics.consoleReporter.enabled=false
-      - gremlinserver.metrics.slf4jReporter.enabled=false
-      - gremlinserver.metrics.graphiteReporter.enabled=false
-      - gremlinserver.metrics.csvReporter.enabled=false
-      # Performance tweaks based on: https://www.sailpoint.com/blog/souping-up-the-gremlin/
-      - gremlinserver.gremlinPool=0 # will default to Runtime.availableProcessors()
-      - gremlinserver.threadPoolWorker=8 # should be 2x VCPU (TODO: can we set dynamically?)
-      # Custom SCRIPT plugin for DSL support
-      - gremlinserver.scriptEngines.gremlin-groovy.plugins[org.apache.tinkerpop.gremlin.jsr223.ImportGremlinPlugin].classImports[+]=com.datadog.ase.kubehound.KubeHoundTraversalSource
-      - gremlinserver.scriptEngines.gremlin-groovy.plugins[org.apache.tinkerpop.gremlin.jsr223.ImportGremlinPlugin].classImports[+]=com.datadog.ase.kubehound.EndpointExposure
-      - gremlinserver.scriptEngines.gremlin-groovy.plugins[org.apache.tinkerpop.gremlin.jsr223.ScriptFileGremlinPlugin].files[+]=scripts/kubehound-dsl-init.groovy
     healthcheck:
       test: ["CMD", "bin/gremlin.sh", "-e", "scripts/remote-connect.groovy"]
       interval: 60s 

deployments/kubehound/janusgraph/Dockerfile

@@ -1,7 +1,8 @@
-FROM janusgraph/janusgraph:1.0.0-rc2
+FROM janusgraph/janusgraph:1.0.0-20230627-064806.4d9975e
 LABEL org.opencontainers.image.source="https://github.com/DataDog/kubehound/"
 
-ENV JAVA_OPTIONS_FILE ${JANUS_HOME}/conf/jvm.options
+# TODO TODO build DSL JAR FILE
+
 # Add our initialization script for the database schema to the startup directory
 # See https://github.com/JanusGraph/janusgraph-docker#initialization
 COPY --chown=janusgraph:janusgraph kubehound-db-init.groovy /docker-entrypoint-initdb.d/
@@ -17,3 +18,37 @@ COPY --chown=janusgraph:janusgraph scripts/health-check.groovy ${JANUS_HOME}/scr
 
 # DSL support
 COPY --chown=janusgraph:janusgraph kubehound-dsl-init.groovy ${JANUS_HOME}/scripts/
+
+# Set JVM configuration
+ENV JAVA_OPTIONS_FILE ${JANUS_HOME}/conf/jvm.options
+
+# Optimize for writes
+ENV janusgraph.ids.block-size=3000000
+
+# Enforce strict schema constraints as per https://docs.janusgraph.org/configs/configuration-reference/#schema
+ENV janusgraph.schema.constraints=true
+ENV janusgraph.schema.default=none
+
+# Bump content length of web-socket buffer to enable bulk insert queries
+ENV gremlinserver.maxContentLength=2097152
+
+# Bump evaluation timeout
+ENV gremlinserver.evaluationTimeout=240000
+
+# Enable metrics only for jmxReporter
+ENV gremlinserver.metrics.jmxReporter.enabled=true
+ENV gremlinserver.metrics.consoleReporter.enabled=false
+ENV gremlinserver.metrics.slf4jReporter.enabled=false
+ENV gremlinserver.metrics.graphiteReporter.enabled=false
+ENV gremlinserver.metrics.csvReporter.enabled=false
+
+# Performance tweaks based on: https://www.sailpoint.com/blog/souping-up-the-gremlin/
+# gremlinPool will default to Runtime.availableProcessors()
+ENV gremlinserver.gremlinPool=0 
+# threadPoolWorker should be 2x VCPU (TODO: can we set dynamically?)
+ENV gremlinserver.threadPoolWorker=8
+
+# Custom SCRIPT plugin for DSL support
+ENV gremlinserver.scriptEngines.gremlin-groovy.plugins[org.apache.tinkerpop.gremlin.jsr223.ImportGremlinPlugin].classImports[+]=com.datadog.ase.kubehound.KubeHoundTraversalSource
+ENV gremlinserver.scriptEngines.gremlin-groovy.plugins[org.apache.tinkerpop.gremlin.jsr223.ImportGremlinPlugin].classImports[+]=com.datadog.ase.kubehound.EndpointExposure
+ENV gremlinserver.scriptEngines.gremlin-groovy.plugins[org.apache.tinkerpop.gremlin.jsr223.ScriptFileGremlinPlugin].files[+]=scripts/kubehound-dsl-init.groovy