diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 70e6e7347..565d25c54 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -147,38 +147,41 @@ type MiscConfig struct { } type TapConfig struct { - Docker DockerConfig `yaml:"docker" json:"docker"` - Proxy ProxyConfig `yaml:"proxy" json:"proxy"` - PodRegexStr string `yaml:"regex" json:"regex" default:".*"` - Namespaces []string `yaml:"namespaces" json:"namespaces" default:"[]"` - Release ReleaseConfig `yaml:"release" json:"release"` - PersistentStorage bool `yaml:"persistentStorage" json:"persistentStorage" default:"false"` - PersistentStorageStatic bool `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"` - EfsFileSytemIdAndPath string `yaml:"efsFileSytemIdAndPath" json:"efsFileSytemIdAndPath" default:""` - StorageLimit string `yaml:"storageLimit" json:"storageLimit" default:"500Mi"` - StorageClass string `yaml:"storageClass" json:"storageClass" default:"standard"` - DryRun bool `yaml:"dryRun" json:"dryRun" default:"false"` - Resources ResourcesConfig `yaml:"resources" json:"resources"` - ServiceMesh bool `yaml:"serviceMesh" json:"serviceMesh" default:"true"` - Tls bool `yaml:"tls" json:"tls" default:"true"` - IgnoreTainted bool `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"` - Labels map[string]string `yaml:"labels" json:"labels" default:"{}"` - Annotations map[string]string `yaml:"annotations" json:"annotations" default:"{}"` - NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"` - Auth AuthConfig `yaml:"auth" json:"auth"` - Ingress IngressConfig `yaml:"ingress" json:"ingress"` - IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"` - Debug bool `yaml:"debug" json:"debug" default:"false"` - KernelModule KernelModuleConfig `yaml:"kernelModule" json:"kernelModule"` - Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"` - DefaultFilter string `yaml:"defaultFilter" json:"defaultFilter"` - ReplayDisabled bool `yaml:"replayDisabled" json:"replayDisabled" default:"false"` - Capabilities CapabilitiesConfig `yaml:"capabilities" json:"capabilities"` - GlobalFilter string `yaml:"globalFilter" json:"globalFilter"` - Metrics MetricsConfig `yaml:"metrics" json:"metrics"` - TrafficSampleRate int `yaml:"trafficSampleRate" json:"trafficSampleRate" default:"100"` - TcpStreamChannelTimeoutMs int `yaml:"tcpStreamChannelTimeoutMs" json:"tcpStreamChannelTimeoutMs" default:"10000"` - Misc MiscConfig `yaml:"misc" json:"misc"` + Docker DockerConfig `yaml:"docker" json:"docker"` + Proxy ProxyConfig `yaml:"proxy" json:"proxy"` + PodRegexStr string `yaml:"regex" json:"regex" default:".*"` + Namespaces []string `yaml:"namespaces" json:"namespaces" default:"[]"` + Release ReleaseConfig `yaml:"release" json:"release"` + PersistentStorage bool `yaml:"persistentStorage" json:"persistentStorage" default:"false"` + PersistentStorageStatic bool `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"` + EfsFileSytemIdAndPath string `yaml:"efsFileSytemIdAndPath" json:"efsFileSytemIdAndPath" default:""` + StorageLimit string `yaml:"storageLimit" json:"storageLimit" default:"500Mi"` + StorageClass string `yaml:"storageClass" json:"storageClass" default:"standard"` + DryRun bool `yaml:"dryRun" json:"dryRun" default:"false"` + Resources ResourcesConfig `yaml:"resources" json:"resources"` + ServiceMesh bool `yaml:"serviceMesh" json:"serviceMesh" default:"true"` + Tls bool `yaml:"tls" json:"tls" default:"true"` + IgnoreTainted bool `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"` + Labels map[string]string `yaml:"labels" json:"labels" default:"{}"` + Annotations map[string]string `yaml:"annotations" json:"annotations" default:"{}"` + NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"` + Auth AuthConfig `yaml:"auth" json:"auth"` + Ingress IngressConfig `yaml:"ingress" json:"ingress"` + IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"` + Debug bool `yaml:"debug" json:"debug" default:"false"` + KernelModule KernelModuleConfig `yaml:"kernelModule" json:"kernelModule"` + Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"` + DefaultFilter string `yaml:"defaultFilter" json:"defaultFilter"` + ReplayDisabled bool `yaml:"replayDisabled" json:"replayDisabled" default:"false"` + ScriptingDisabled bool `yaml:"scriptingDisabled" json:"scriptingDisabled" default:"false"` + TargetedPodsUpdateDisabled bool `yaml:"targetedPodsUpdateDisabled" json:"targetedPodsUpdateDisabled" default:"false"` + RecordingDisabled bool `yaml:"recordingDisabled" json:"recordingDisabled" default:"false"` + Capabilities CapabilitiesConfig `yaml:"capabilities" json:"capabilities"` + GlobalFilter string `yaml:"globalFilter" json:"globalFilter"` + Metrics MetricsConfig `yaml:"metrics" json:"metrics"` + TrafficSampleRate int `yaml:"trafficSampleRate" json:"trafficSampleRate" default:"100"` + TcpStreamChannelTimeoutMs int `yaml:"tcpStreamChannelTimeoutMs" json:"tcpStreamChannelTimeoutMs" default:"10000"` + Misc MiscConfig `yaml:"misc" json:"misc"` } func (config *TapConfig) PodRegex() *regexp.Regexp { diff --git a/helm-chart/templates/06-front-deployment.yaml b/helm-chart/templates/06-front-deployment.yaml index 721a09afc..7afe269fa 100644 --- a/helm-chart/templates/06-front-deployment.yaml +++ b/helm-chart/templates/06-front-deployment.yaml @@ -34,6 +34,12 @@ spec: value: '{{ not (eq .Values.tap.auth.saml.idpMetadataUrl "") | ternary .Values.tap.auth.saml.idpMetadataUrl " " }}' - name: REACT_APP_REPLAY_DISABLED value: '{{ .Values.tap.replayDisabled }}' + - name: REACT_APP_SCRIPTING_DISABLED + value: '{{ .Values.tap.scriptingDisabled }}' + - name: REACT_APP_TARGETED_PODS_UPDATE_DISABLED + value: '{{ .Values.tap.targetedPodsUpdateDisabled }}' + - name: REACT_APP_RECORDING_DISABLED + value: '{{ .Values.tap.recordingDisabled }}' image: '{{ .Values.tap.docker.registry }}/front:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}' imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }} name: kubeshark-front diff --git a/helm-chart/templates/12-config-map.yaml b/helm-chart/templates/12-config-map.yaml index 3bf1b085f..4f9feb6a9 100644 --- a/helm-chart/templates/12-config-map.yaml +++ b/helm-chart/templates/12-config-map.yaml @@ -20,6 +20,9 @@ data: AUTH_SAML_ROLES: '{{ .Values.tap.auth.saml.roles | toJson }}' TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}' REPLAY_DISABLED: '{{ .Values.tap.replayDisabled | ternary "true" "" }}' + SCRIPTING_DISABLED: '{{ .Values.tap.scriptingDisabled | ternary "true" "" }}' + TARGETED_PODS_UPDATE_DISABLED: '{{ .Values.tap.targetedPodsUpdateDisabled | ternary "true" "" }}' + RECORDING_DISABLED: '{{ .Values.tap.recordingDisabled | ternary "true" "" }}' GLOBAL_FILTER: {{ include "kubeshark.escapeDoubleQuotes" .Values.tap.globalFilter | quote }} TRAFFIC_SAMPLE_RATE: '{{ .Values.tap.trafficSampleRate }}' JSON_TTL: '{{ .Values.tap.misc.jsonTTL }}' diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 522d9bf37..65c5ee738 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -89,6 +89,9 @@ tap: enabled: true defaultFilter: "" replayDisabled: false + scriptingDisabled: false + targetedPodsUpdateDisabled: false + recordingDisabled: false capabilities: networkCapture: - NET_RAW diff --git a/manifests/complete.yaml b/manifests/complete.yaml index a7d8c1665..3058b1664 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -152,6 +152,9 @@ data: AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}' TELEMETRY_DISABLED: '' REPLAY_DISABLED: '' + SCRIPTING_DISABLED: '' + TARGETED_PODS_UPDATE_DISABLED: '' + RECORDING_DISABLED: '' GLOBAL_FILTER: "" TRAFFIC_SAMPLE_RATE: '100' JSON_TTL: '5m' @@ -662,6 +665,12 @@ spec: value: ' ' - name: REACT_APP_REPLAY_DISABLED value: 'false' + - name: REACT_APP_SCRIPTING_DISABLED + value: 'false' + - name: REACT_APP_TARGETED_PODS_UPDATE_DISABLED + value: 'false' + - name: REACT_APP_RECORDING_DISABLED + value: 'false' image: 'docker.io/kubeshark/front:v52.1.66' imagePullPolicy: Always name: kubeshark-front