Deployment
Kubernetes manifest

1min
Deploying to Kubernetes via manifest
The following instructions will help you setup a basic deployment of the TruffleHog scanner in Kubernetes via manifest.
For Kubernetes we recommend using the Helm Chart﻿ instead if possible. The helm chart makes it easier to customize the deployment and also includes options like a VerticalPodAutoscaler to right-size the resource requests for the deployment.

Kubernetes will ensure that TruffleHog stays running, manage your configuration secrets, and collect the logs.
1
Create the namespace
Shell
$ kubectl create namespace trufflehog
namespace/trufflehog created
$ kubectl create namespace trufflehog
namespace/trufflehog created
﻿
2
Create the configuration secret
Important: The config file must be named config.yaml for the field name in the secret to be correctly named and match what the Deployment is looking for.
﻿
Shell
$ kubectl create secret --namespace trufflehog generic --from-file config.yaml config
secret/config created
$ kubectl create secret --namespace trufflehog generic --from-file config.yaml config
secret/config created
﻿
3
Create the deployment.yaml file
YAML
apiVersion: apps/v1
kind: Deployment
metadata:
  name: trufflehog
  labels:
    app: trufflehog
spec:
  replicas: 1
  selector:
    matchLabels:
      app: trufflehog
  template:
    metadata:
      labels:
        app: trufflehog
    spec:
      volumes:
      - name: config-secret-volume
        secret:
          secretName: config
      containers:
      - name: trufflehog
        image: us-docker.pkg.dev/thog-artifacts/public/scanner:latest
        terminationMessagePolicy: FallbackToLogsOnError
        command: ["/usr/local/bin/scanner", "scan", "--config=/secret/config.yaml", "--port=8080"]
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
          initialDelaySeconds: 3
          periodSeconds: 3
        volumeMounts:
        - name: config-secret-volume
          mountPath: /secret/
apiVersion: apps/v1
kind: Deployment
metadata:
  name: trufflehog
  labels:
    app: trufflehog
spec:
  replicas: 1
  selector:
    matchLabels:
      app: trufflehog
  template:
    metadata:
      labels:
        app: trufflehog
    spec:
      volumes:
      - name: config-secret-volume
        secret:
          secretName: config
      containers:
      - name: trufflehog
        image: us-docker.pkg.dev/thog-artifacts/public/scanner:latest
        terminationMessagePolicy: FallbackToLogsOnError
        command: ["/usr/local/bin/scanner", "scan", "--config=/secret/config.yaml", "--port=8080"]
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
          initialDelaySeconds: 3
          periodSeconds: 3
        volumeMounts:
        - name: config-secret-volume
          mountPath: /secret/
﻿
4
Apply the manifest
Shell
$ kubectl apply -f /tmp/thog.yaml --namespace trufflehog
deployment.apps/trufflehog configured
$ kubectl apply -f /tmp/thog.yaml --namespace trufflehog
deployment.apps/trufflehog configured
﻿
5
Wait for TruffleHog to be running
Shell
$ kubectl get pods --namespace trufflehog --watch
NAME                          READY   STATUS    RESTARTS   AGE
trufflehog-7f76dc4c49-szxwv   1/1     Running   0          0m22s
$ kubectl get pods --namespace trufflehog --watch
NAME                          READY   STATUS    RESTARTS   AGE
trufflehog-7f76dc4c49-szxwv   1/1     Running   0          0m22s
﻿
6
Follow the logs
Shell
$ kubectl logs --namespace trufflehog -f -l app=trufflehog 
🐷🔑🐷 TruffleHog. Unearth your secrets. 🐷🔑🐷
version:  v1.50.22

INFO[0000] starting scanner service client               scanner_group=On-prem
$ kubectl logs --namespace trufflehog -f -l app=trufflehog 
🐷🔑🐷 TruffleHog. Unearth your secrets. 🐷🔑🐷
version:  v1.50.22

INFO[0000] starting scanner service client               scanner_group=On-prem
﻿
﻿
Helm Chart
Customizing TruffleHog