github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-06-29 01:30:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔨 Disable scripting, targeted pods update & recording via ConfigMap keys (#1515)

Browse Source 
* 🔨 Add `SCRIPTING_DISABLED` key to `ConfigMap`

* 🔨 Add `TARGETED_PODS_UPDATE_DISABLED` config

* 🔨 Add `RECORDING_DISABLED` key to `ConfigMap`

* 🎨 Reformat `TapConfig`

* 🔨 Update `complete.yaml`
This commit is contained in:
Serhii Ponomarenko 2024-03-09 06:49:07 +02:00 committed by GitHub
parent 24dccab3e4
commit 0aca81fbcb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 56 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config/configStructs/tapConfig.go
View File

@ -173,6 +173,9 @@ type TapConfig struct {
Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"` Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"`
DefaultFilter string `yaml:"defaultFilter" json:"defaultFilter"` DefaultFilter string `yaml:"defaultFilter" json:"defaultFilter"`
ReplayDisabled bool `yaml:"replayDisabled" json:"replayDisabled" default:"false"` ReplayDisabled bool `yaml:"replayDisabled" json:"replayDisabled" default:"false"`
ScriptingDisabled bool `yaml:"scriptingDisabled" json:"scriptingDisabled" default:"false"`
TargetedPodsUpdateDisabled bool `yaml:"targetedPodsUpdateDisabled" json:"targetedPodsUpdateDisabled" default:"false"`
RecordingDisabled bool `yaml:"recordingDisabled" json:"recordingDisabled" default:"false"`
Capabilities CapabilitiesConfig `yaml:"capabilities" json:"capabilities"` Capabilities CapabilitiesConfig `yaml:"capabilities" json:"capabilities"`
GlobalFilter string `yaml:"globalFilter" json:"globalFilter"` GlobalFilter string `yaml:"globalFilter" json:"globalFilter"`
Metrics MetricsConfig `yaml:"metrics" json:"metrics"` Metrics MetricsConfig `yaml:"metrics" json:"metrics"`

6
helm-chart/templates/06-front-deployment.yaml
View File

@ -34,6 +34,12 @@ spec:
value: '{{ not (eq .Values.tap.auth.saml.idpMetadataUrl "") | ternary .Values.tap.auth.saml.idpMetadataUrl " " }}' value: '{{ not (eq .Values.tap.auth.saml.idpMetadataUrl "") | ternary .Values.tap.auth.saml.idpMetadataUrl " " }}'
- name: REACT_APP_REPLAY_DISABLED - name: REACT_APP_REPLAY_DISABLED
value: '{{ .Values.tap.replayDisabled }}' value: '{{ .Values.tap.replayDisabled }}'
- name: REACT_APP_SCRIPTING_DISABLED
value: '{{ .Values.tap.scriptingDisabled }}'
- name: REACT_APP_TARGETED_PODS_UPDATE_DISABLED
value: '{{ .Values.tap.targetedPodsUpdateDisabled }}'
- name: REACT_APP_RECORDING_DISABLED
value: '{{ .Values.tap.recordingDisabled }}'
image: '{{ .Values.tap.docker.registry }}/front:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}' image: '{{ .Values.tap.docker.registry }}/front:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }} imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
name: kubeshark-front name: kubeshark-front

3
helm-chart/templates/12-config-map.yaml
View File

@ -20,6 +20,9 @@ data:
AUTH_SAML_ROLES: '{{ .Values.tap.auth.saml.roles | toJson }}' AUTH_SAML_ROLES: '{{ .Values.tap.auth.saml.roles | toJson }}'
TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}' TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}'
REPLAY_DISABLED: '{{ .Values.tap.replayDisabled | ternary "true" "" }}' REPLAY_DISABLED: '{{ .Values.tap.replayDisabled | ternary "true" "" }}'
SCRIPTING_DISABLED: '{{ .Values.tap.scriptingDisabled | ternary "true" "" }}'
TARGETED_PODS_UPDATE_DISABLED: '{{ .Values.tap.targetedPodsUpdateDisabled | ternary "true" "" }}'
RECORDING_DISABLED: '{{ .Values.tap.recordingDisabled | ternary "true" "" }}'
GLOBAL_FILTER: {{ include "kubeshark.escapeDoubleQuotes" .Values.tap.globalFilter | quote }} GLOBAL_FILTER: {{ include "kubeshark.escapeDoubleQuotes" .Values.tap.globalFilter | quote }}
TRAFFIC_SAMPLE_RATE: '{{ .Values.tap.trafficSampleRate }}' TRAFFIC_SAMPLE_RATE: '{{ .Values.tap.trafficSampleRate }}'
JSON_TTL: '{{ .Values.tap.misc.jsonTTL }}' JSON_TTL: '{{ .Values.tap.misc.jsonTTL }}'

3
helm-chart/values.yaml
View File

@ -89,6 +89,9 @@ tap:
enabled: true enabled: true
defaultFilter: "" defaultFilter: ""
replayDisabled: false replayDisabled: false
scriptingDisabled: false
targetedPodsUpdateDisabled: false
recordingDisabled: false
capabilities: capabilities:
networkCapture: networkCapture:
- NET_RAW - NET_RAW

9
manifests/complete.yaml
View File

@ -152,6 +152,9 @@ data:
AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}' AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}'
TELEMETRY_DISABLED: '' TELEMETRY_DISABLED: ''
REPLAY_DISABLED: '' REPLAY_DISABLED: ''
SCRIPTING_DISABLED: ''
TARGETED_PODS_UPDATE_DISABLED: ''
RECORDING_DISABLED: ''
GLOBAL_FILTER: "" GLOBAL_FILTER: ""
TRAFFIC_SAMPLE_RATE: '100' TRAFFIC_SAMPLE_RATE: '100'
JSON_TTL: '5m' JSON_TTL: '5m'
@ -662,6 +665,12 @@ spec:
value: ' ' value: ' '
- name: REACT_APP_REPLAY_DISABLED - name: REACT_APP_REPLAY_DISABLED
value: 'false' value: 'false'
- name: REACT_APP_SCRIPTING_DISABLED
value: 'false'
- name: REACT_APP_TARGETED_PODS_UPDATE_DISABLED
value: 'false'
- name: REACT_APP_RECORDING_DISABLED
value: 'false'
image: 'docker.io/kubeshark/front:v52.1.66' image: 'docker.io/kubeshark/front:v52.1.66'
imagePullPolicy: Always imagePullPolicy: Always
name: kubeshark-front name: kubeshark-front