diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 1151f90c1..000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: kubehound-release - -on: - push: - tags: - - "v*" - -permissions: - contents: read - -jobs: - goreleaser: - runs-on: - group: Large Runner Shared Public - labels: ubuntu-8-core-latest - permissions: - contents: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 - with: - egress-policy: block - allowed-endpoints: > - api.github.com:443 - github.com:443 - goreleaser.com:443 - golang.org:443 - go.dev:443 - objects.githubusercontent.com:443 - proxy.golang.org:443 - storage.googleapis.com:443 - uploads.github.com:443 - sum.golang.org:443 - *.docker.io:443 - *.docker.com:443 - gcr.io:443 - repo.maven.apache.org:443 - - - name: Checkout - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab - with: - fetch-depth: 0 - - - name: Setup Golang - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe - with: - go-version: "1.22" - - - name: Run GoReleaser - timeout-minutes: 60 - uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 - with: - distribution: goreleaser - version: latest - args: release --clean --config .goreleaser.yaml - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.goreleaser.yaml b/.goreleaser.yaml deleted file mode 100644 index 804187f91..000000000 --- a/.goreleaser.yaml +++ /dev/null @@ -1,51 +0,0 @@ -before: - hooks: - - go mod tidy -builds: - - env: - - CGO_ENABLED=0 - goos: - - linux - - windows - - darwin - ldflags: - - -X pkg/config.BuildVersion={{.Version}} - - dir: cmd/kubehound - binary: kubehound -archives: - - name_template: >- - {{ .ProjectName }}_ - {{- title .Os }}_ - {{- if eq .Arch "amd64" }}x86_64 - {{- else if eq .Arch "386" }}i386 - {{- else }}{{ .Arch }}{{ end }} - wrap_in_directory: true - files: - - LICENSE - - LICENSE-3rdparty.csv - - NOTICE - - README.md - - deployments/kubehound/**/* - - deployments/kubehound/docker-compose.yaml - - deployments/kubehound/docker-compose.datadog.yaml - - deployments/kubehound/docker-compose.release.yaml - - deployments/kubehound/docker-compose.ui.yaml - - src: scripts/kubehound.sh - dst: kubehound.sh - - src: scripts/kubehound.bat - dst: kubehound.bat - - src: configs/etc/kubehound.yaml - dst: config.yaml - - src: configs/etc/kubehound-reference.yaml - dst: config-reference.yaml -checksum: - name_template: 'checksums.txt' -snapshot: - name_template: "{{ incpatch .Version }}-next" -changelog: - sort: asc - filters: - exclude: - - '^docs:' - - '^test:' diff --git a/Makefile b/Makefile index 8deef6c14..1197cfc0f 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ SYSTEM_TEST_CMD := system-test system-test-clean COMMIT := $(shell git rev-parse --short HEAD) DATE := $(shell git log -1 --format=%cd --date=format:"%Y%m%d") -BUILD_VERSION ?= $(shell git describe --match 'v[0-9]*' --dirty='.m' --always --tags) +BUILD_VERSION ?= $(shell git describe --match 'v[0-9]*' --dirty --always --tags) BUILD_ARCH := $(shell go env GOARCH) BUILD_OS := $(shell go env GOOS) diff --git a/cmd/kubehound/backend.go b/cmd/kubehound/backend.go index c68f4c4b8..295743b8e 100644 --- a/cmd/kubehound/backend.go +++ b/cmd/kubehound/backend.go @@ -9,9 +9,6 @@ var ( Backend *docker.Backend hard bool composePath []string - - downTesting bool - uiTesting bool ) var ( diff --git a/cmd/kubehound/dev.go b/cmd/kubehound/dev.go index f873c6b9c..4529d2258 100644 --- a/cmd/kubehound/dev.go +++ b/cmd/kubehound/dev.go @@ -12,9 +12,16 @@ var ( DefaultComposeTestingPath = []string{"./deployments/kubehound/docker-compose.yaml", "./deployments/kubehound/docker-compose.testing.yaml"} DefaultComposeDevPath = []string{"./deployments/kubehound/docker-compose.yaml", "./deployments/kubehound/docker-compose.dev.yaml"} DefaultComposeDevPathUI = "./deployments/kubehound/docker-compose.ui.yaml" + DefaultComposeDevPathGRPC = "./deployments/kubehound/docker-compose.ingestor.yaml" DefaultDatadogComposePath = "./deployments/kubehound/docker-compose.datadog.yaml" ) +var ( + uiTesting bool + grpcTesting bool + downTesting bool +) + var ( envCmd = &cobra.Command{ Use: "dev", @@ -28,6 +35,9 @@ var ( if uiTesting { DefaultComposeDevPath = append(DefaultComposeDevPath, DefaultComposeDevPathUI) } + if grpcTesting { + DefaultComposeDevPath = append(DefaultComposeDevPath, DefaultComposeDevPathGRPC) + } // Adding datadog setup _, ddAPIKeyOk := os.LookupEnv("DD_API_KEY") _, ddAPPKeyOk := os.LookupEnv("DD_API_KEY") @@ -65,6 +75,7 @@ func init() { envCmd.AddCommand(envTestingCmd) envCmd.PersistentFlags().BoolVar(&downTesting, "down", false, "Tearing down the kubehound dev stack and deleting the data associated with it") envCmd.Flags().BoolVar(&uiTesting, "ui", false, "Include the UI in the dev stack") + envCmd.Flags().BoolVar(&grpcTesting, "grpc", false, "Include Grpc Server (ingestor) in the dev stack") rootCmd.AddCommand(envCmd) } diff --git a/deployments/kubehound/docker-compose.datadog.yaml b/deployments/kubehound/docker-compose.datadog.yaml index b3e63756a..d6c49ad2e 100644 --- a/deployments/kubehound/docker-compose.datadog.yaml +++ b/deployments/kubehound/docker-compose.datadog.yaml @@ -2,8 +2,6 @@ services: datadog: image: gcr.io/datadoghq/agent:7-jmx restart: unless-stopped - profiles: ["infra"] - container_name: ${COMPOSE_PROJECT_NAME}-datadog-agent ports: - "127.0.0.1:8225:8125/UDP" - "127.0.0.1:8226:8126" diff --git a/deployments/kubehound/docker-compose.ingestor.yaml b/deployments/kubehound/docker-compose.ingestor.yaml new file mode 100644 index 000000000..7c6c28c36 --- /dev/null +++ b/deployments/kubehound/docker-compose.ingestor.yaml @@ -0,0 +1,13 @@ +services: + grpc: + build: + context: ../../ + dockerfile: deployments/kubehound/ingestor/Dockerfile + restart: unless-stopped + ports: + - "127.0.0.1:9000:9000" + networks: + - kubenet + +networks: + kubenet: \ No newline at end of file diff --git a/deployments/kubehound/docker-compose.release.yaml b/deployments/kubehound/docker-compose.release.yaml.tpl similarity index 83% rename from deployments/kubehound/docker-compose.release.yaml rename to deployments/kubehound/docker-compose.release.yaml.tpl index f5678ff7a..3d3462dca 100644 --- a/deployments/kubehound/docker-compose.release.yaml +++ b/deployments/kubehound/docker-compose.release.yaml.tpl @@ -7,7 +7,7 @@ services: - mongodb_data:/data/db kubegraph: - image: ghcr.io/datadog/kubehound-graph:latest + image: ghcr.io/datadog/kubehound-graph:{{ .VersionTag }} ports: - "127.0.0.1:8182:8182" - "127.0.0.1:8099:8099" @@ -15,7 +15,7 @@ services: - kubegraph_data:/var/lib/janusgraph ui: - image: ghcr.io/datadog/kubehound-ui:latest + image: ghcr.io/datadog/kubehound-ui:{{ .VersionTag }} restart: unless-stopped ports: - "127.0.0.1:8888:8888" diff --git a/deployments/kubehound/docker-compose.ui.yaml b/deployments/kubehound/docker-compose.ui.yaml index 399211f4d..739665ed1 100644 --- a/deployments/kubehound/docker-compose.ui.yaml +++ b/deployments/kubehound/docker-compose.ui.yaml @@ -1,9 +1,7 @@ -version: "3.8" services: notebook: build: ./notebook/ restart: unless-stopped - container_name: ${COMPOSE_PROJECT_NAME}-notebook ports: - "127.0.0.1:8888:8888" networks: diff --git a/deployments/kubehound/embed.go b/deployments/kubehound/embed.go index 1f88f88df..b04bd8903 100644 --- a/deployments/kubehound/embed.go +++ b/deployments/kubehound/embed.go @@ -5,4 +5,5 @@ import ( ) //go:embed *.yaml +//go:embed *.yaml.tpl var F embed.FS diff --git a/deployments/kubehound/ingestor/Dockerfile b/deployments/kubehound/ingestor/Dockerfile index ddf469969..8da608de2 100644 --- a/deployments/kubehound/ingestor/Dockerfile +++ b/deployments/kubehound/ingestor/Dockerfile @@ -15,7 +15,7 @@ FROM gcr.io/distroless/base-debian12 AS build-release-stage WORKDIR / -COPY --from=build-stage /go/bin/kubehound /kubehound +COPY --from=build-stage /go/bin/build/kubehound /kubehound EXPOSE 9000 diff --git a/docker-bake.hcl b/docker-bake.hcl index 7ea5cf15e..c9387026b 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -52,12 +52,8 @@ target "binary-cross" { "darwin/amd64", "darwin/arm64", "linux/amd64", - "linux/arm/v6", "linux/arm/v7", "linux/arm64", - "linux/ppc64le", - "linux/riscv64", - "linux/s390x", "windows/amd64", "windows/arm64" ] diff --git a/pkg/backend/project.go b/pkg/backend/project.go index ba941ac39..791aa2ef5 100644 --- a/pkg/backend/project.go +++ b/pkg/backend/project.go @@ -1,12 +1,15 @@ package backend import ( + "bytes" "context" "fmt" "os" "strings" + "text/template" embedconfigdocker "github.com/DataDog/KubeHound/deployments/kubehound" + "github.com/DataDog/KubeHound/pkg/config" "github.com/DataDog/KubeHound/pkg/telemetry/log" "github.com/compose-spec/compose-go/v2/cli" "github.com/compose-spec/compose-go/v2/loader" @@ -16,7 +19,7 @@ import ( ) var ( - DefaultReleaseComposePaths = []string{"docker-compose.yaml", "docker-compose.release.yaml"} + DefaultReleaseComposePaths = []string{"docker-compose.yaml", "docker-compose.release.yaml.tpl"} DefaultDatadogComposePath = "docker-compose.datadog.yaml" ) @@ -84,6 +87,7 @@ func loadEmbeddedConfig(ctx context.Context) (*types.Project, error) { // Adding datadog setup ddAPIKey, ddAPIKeyOk := os.LookupEnv("DD_API_KEY") ddAPPKey, ddAPPKeyOk := os.LookupEnv("DD_API_KEY") + if ddAPIKeyOk && ddAPPKeyOk { DefaultReleaseComposePaths = append(DefaultReleaseComposePaths, DefaultDatadogComposePath) hostname, err = os.Hostname() @@ -123,10 +127,33 @@ func loadEmbeddedConfig(ctx context.Context) (*types.Project, error) { func loadEmbeddedDockerCompose(_ context.Context, filepath string, dockerComposeFileData map[interface{}]interface{}) (map[interface{}]interface{}, error) { var localYaml map[interface{}]interface{} + var localData []byte + var err error - localData, err := embedconfigdocker.F.ReadFile(filepath) - if err != nil { - return nil, fmt.Errorf("reading embed config: %w", err) + // Setting the version tag for the release dynamically + // For local version (when the version is "dirty", using latest to have a working binary) + version := map[string]string{"VersionTag": "latest"} + if !strings.HasSuffix(config.BuildVersion, "dirty") { + version["VersionTag"] = config.BuildVersion + } + + if strings.HasSuffix(filepath, ".tpl") { + tmpl, err := template.New(filepath).ParseFS(embedconfigdocker.F, filepath) + if err != nil { + return nil, fmt.Errorf("new template: %w", err) + } + + var buf bytes.Buffer + err = tmpl.Execute(&buf, version) + if err != nil { + return nil, fmt.Errorf("executing template: %w", err) + } + localData = buf.Bytes() + } else { + localData, err = embedconfigdocker.F.ReadFile(filepath) + if err != nil { + return nil, fmt.Errorf("reading embed config: %w", err) + } } err = yaml.Unmarshal(localData, &localYaml)