Skip to main content
An example Helm chart is available in the OpenHound GitHub repository for deploying OpenHound in a Kubernetes cluster. The chart can be used as a reference implementation for how OpenHound can be run on Kubernetes. The repository also includes the full README with instructions for deploying OpenHound and configuring the collector parameters and secrets required to connect to BloodHound Enterprise.

Prerequisites

  • Kubernetes cluster v1.33+
  • Helm v4.0+
  • The OpenHound repository cloned locally or access to the Helm chart files in the repository
  • A namespace created for OpenHound (e.g., openhound)

ConfigMap / Secret

The chart requires a Kubernetes ConfigMap and Secret to be pre-created and referenced in config.existingConfigMap and config.existingSecret. The ConfigMap should contain the OpenHound configuration file with the non-sensitive DLT configuration parameters while the Secret should contain the secrets for authenticating with the target services and BloodHound Enterprise. The contents of the ConfigMap and Secret are mounted as /app/.dlt/config.toml and /app/.dlt/secrets.toml. Create the necessary config.toml and secrets.toml files locally and deploy these resources using kubectl.

Optional: Additional secret files

Collectors may require extra secret files such as a GitHub app PEM or an Okta JSON key file. Use collector.extraSecretMounts to mount files from pre-existing Kubernetes Secret objects.
Each item references an existing Secret, the key containing the data/file and the target mount path. Similarly to the previously created secrets.toml you can deploy any additional secrets using kubectl.

Installation

Create a values.yaml file with your collector configuration using values.example.yaml as a reference and install the chart using:

Verification

Inspect the logs of the deployment to verify that the OpenHound collector is running correctly.