README with instructions for deploying OpenHound and configuring the collector parameters and secrets required to connect to BloodHound Enterprise.
Prerequisites
- Kubernetes cluster v1.33+
- Helm v4.0+
- The OpenHound repository cloned locally or access to the Helm chart files in the repository
- A namespace created for OpenHound (e.g.,
openhound)
ConfigMap / Secret
The chart requires a KubernetesConfigMap and Secret to be pre-created and referenced in config.existingConfigMap
and config.existingSecret. The ConfigMap should contain the OpenHound configuration file with the non-sensitive DLT configuration parameters while the Secret should contain the secrets for authenticating with the target services and BloodHound Enterprise.
The contents of the ConfigMap and Secret are mounted as /app/.dlt/config.toml and /app/.dlt/secrets.toml. Create the necessary config.toml and secrets.toml files locally and deploy these resources using kubectl.
Optional: Additional secret files
Collectors may require extra secret files such as a GitHub app PEM or an Okta JSON key file. Usecollector.extraSecretMounts to mount files from pre-existing Kubernetes Secret objects.
Secret, the key containing the data/file and the target mount path. Similarly to the previously created secrets.toml you can deploy any additional secrets using kubectl.
Installation
Create avalues.yaml file with your collector configuration using values.example.yaml as a reference and install the chart using: