DataDog · jt-dd · Sep 14, 2024 · Minosity-VR · Sep 16, 2024
@@ -0,0 +1,29 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubehound-collector
+  namespace: default
+rules:
+  - apiGroups: ["rbac.authorization.k8s.io"]
+    resources:
+      - roles
+      - rolebindings
+      - clusterroles
+      - clusterrolebindings
+    verbs:
+      - get
+      - list
+  - apiGroups: [""]
+    resources:
+      - pods
+      - nodes
+    verbs:
+      - get
+      - list
+  - apiGroups: ["discovery.k8s.io"]
+    resources:
+      - endpointslices
+    verbs:
+      - get
+      - list
@@ -0,0 +1,13 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubehound-collector
+  namespace: default
+subjects:
+  - kind: ServiceAccount
+    name: kubehound-collector
+    namespace: default
+roleRef:
+  kind: ClusterRole
+  name: kubehound-collector
+  apiGroup: rbac.authorization.k8s.io
@@ -36,4 +36,4 @@ spec:
             memory: {{ $.Values.services.db.resources.limits.memory }}
         ports:
           - name: db
-            containerPort: {{ $.Values.services.db.port }}
+            containerPort: {{ $.Values.services.db.port }}
@@ -0,0 +1,44 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: "{{ $.Chart.Name }}-collector"
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    app: "{{ $.Chart.Name }}-collector"
+    service: {{ $.Chart.Name }}
+    chart_version: {{ $.Chart.Version }}
+    chart_name: {{ $.Chart.Name }}
+    team: {{ $.Values.team }}
+spec:
+  schedule: "0,30 * * * *"
+  failedJobsHistoryLimit: 5
+  successfulJobsHistoryLimit: 5
+  concurrencyPolicy: Replace
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            app: "{{ $.Chart.Name }}-collector"
+            service: {{ $.Chart.Name }}
+            team: {{ $.Values.team }}
+            chart_name: {{ $.Chart.Name }}
+          restartPolicy: Never
+          serviceAccountName: "{{ $.Chart.Name }}-collector"
+          containers:
+          - name: {{ $.Chart.Name }}-collector
+            image: "{{ $.Values.services.collector.image }}:{{ $.Values.services.collector.version}}"
+            imagePullPolicy: Always
+            resources:
+              requests:
+                cpu: {{ $.Values.services.collector.resources.requests.cpu }}
+                memory: {{ $.Values.services.collector.resources.requests.memory }}
+              limits:
+                cpu: {{ $.Values.services.collector.resources.limits.cpu }}
+                memory: {{ $.Values.services.collector.resources.limits.memory }}
+            command: ["/kubehound","dump","remote","--khaas-server","{{ $.Values.services.collector.khaas_server }}","--bucket","{{ $.Values.services.ingestor.bucket_url }}","--region","us-east-1"]
+            env:
+              - name: KH_LOG_FORMAT
+                value: json
+              - name: KH_K8S_CLUSTER_NAME_ENV_PTR
+                value: K8S_CLUSTER_NAME
@@ -9,3 +9,15 @@ metadata:
     team: {{ $.Values.team }}
     chart_name: {{ $.Chart.Name }}
     chart_version: {{ $.Chart.Version }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ $.Chart.Name }}-collector
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    app: {{ $.Chart.Name }}-collector
+    service: {{ $.Chart.Name }}
+    team: {{ $.Values.team }}
+    chart_name: {{ $.Chart.Name }}
+    chart_version: {{ $.Chart.Version }}
@@ -1,6 +1,20 @@
 team: <your_team>
 services:
+  collector:
+    image: ghcr.io/datadog/kubehound-binary
+    version: latest
+    resources:
+      requests:
+        cpu: "4"
+        memory: "8Gi"
+      limits:
+        cpu: "4"
+        memory: "8Gi"
+    khaas_server: kubehound-ingestor.kubehound.cluster-local.local
+
   ingestor:
+    host: 0.0.0.0
+    port: 9000
     image: ghcr.io/datadog/kubehound-binary
     version: latest
     bucket_url: s3://<your_bucket>
@@ -12,10 +26,10 @@ services:
       limits:
         cpu: "4"
         memory: "8Gi"
-    port: 9000
-    host: 0.0.0.0
+
   graph:
-    host: kubehound-graph
+    host: kubehound-graph.kubehound.cluster-local.local
+    port: 8182
     db_name: kubehound
     image: ghcr.io/datadog/kubehound-graph
     version: latest
@@ -26,7 +40,7 @@ services:
       limits:
         cpu: "4"
         memory: "16Gi"
-    port: 8182
+
   ui:
     image: ghcr.io/datadog/kubehound-ui
     version: latest
@@ -37,19 +51,19 @@ services:
       limits:
         cpu: "2"
         memory: "4Gi"
-    ports: 
+    ports:
       lab: 8888
       tree: 8889
+
   db:
-    host: kubehound-db
+    host: kubehound-db.kubehound.cluster-local.local
+    port: 27017
     image: mongo
     version: 6.0.6
-    port: 27017
     resources:
       requests:
         cpu: "4"
         memory: "16Gi"
       limits:
         cpu: "4"
         memory: "16Gi"
-    port: 27017