diff --git a/config/configStruct.go b/config/configStruct.go index 6112a52b3..1797faaa9 100644 --- a/config/configStruct.go +++ b/config/configStruct.go @@ -104,22 +104,21 @@ type ManifestsConfig struct { } type ConfigStruct struct { - Tap configStructs.TapConfig `yaml:"tap" json:"tap"` - Logs configStructs.LogsConfig `yaml:"logs" json:"logs"` - Config configStructs.ConfigConfig `yaml:"config,omitempty" json:"config,omitempty"` - PcapDump configStructs.PcapDumpConfig `yaml:"pcapdump" json:"pcapdump"` - Kube KubeConfig `yaml:"kube" json:"kube"` - DumpLogs bool `yaml:"dumpLogs" json:"dumpLogs" default:"false"` - HeadlessMode bool `yaml:"headless" json:"headless" default:"false"` - License string `yaml:"license" json:"license" default:""` - CloudLicenseEnabled bool `yaml:"cloudLicenseEnabled" json:"cloudLicenseEnabled" default:"true"` - SupportChatEnabled bool `yaml:"supportChatEnabled" json:"supportChatEnabled" default:"true"` - InternetConnectivity bool `yaml:"internetConnectivity" json:"internetConnectivity" default:"true"` - DissectorsUpdatingEnabled bool `yaml:"dissectorsUpdatingEnabled" json:"dissectorsUpdatingEnabled" default:"true"` - Scripting configStructs.ScriptingConfig `yaml:"scripting" json:"scripting"` - Manifests ManifestsConfig `yaml:"manifests,omitempty" json:"manifests,omitempty"` - Timezone string `yaml:"timezone" json:"timezone"` - LogLevel string `yaml:"logLevel" json:"logLevel" default:"warning"` + Tap configStructs.TapConfig `yaml:"tap" json:"tap"` + Logs configStructs.LogsConfig `yaml:"logs" json:"logs"` + Config configStructs.ConfigConfig `yaml:"config,omitempty" json:"config,omitempty"` + PcapDump configStructs.PcapDumpConfig `yaml:"pcapdump" json:"pcapdump"` + Kube KubeConfig `yaml:"kube" json:"kube"` + DumpLogs bool `yaml:"dumpLogs" json:"dumpLogs" default:"false"` + HeadlessMode bool `yaml:"headless" json:"headless" default:"false"` + License string `yaml:"license" json:"license" default:""` + CloudLicenseEnabled bool `yaml:"cloudLicenseEnabled" json:"cloudLicenseEnabled" default:"true"` + SupportChatEnabled bool `yaml:"supportChatEnabled" json:"supportChatEnabled" default:"true"` + InternetConnectivity bool `yaml:"internetConnectivity" json:"internetConnectivity" default:"true"` + Scripting configStructs.ScriptingConfig `yaml:"scripting" json:"scripting"` + Manifests ManifestsConfig `yaml:"manifests,omitempty" json:"manifests,omitempty"` + Timezone string `yaml:"timezone" json:"timezone"` + LogLevel string `yaml:"logLevel" json:"logLevel" default:"warning"` } func (config *ConfigStruct) ImagePullPolicy() v1.PullPolicy { diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index ea8f9936f..9edb77339 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -222,7 +222,6 @@ type PcapDumpConfig struct { PcapMaxSize string `yaml:"maxSize" json:"maxSize" default:"500MB"` PcapSrcDir string `yaml:"pcapSrcDir" json:"pcapSrcDir" default:"pcapdump"` PcapTime string `yaml:"time" json:"time" default:"time"` - PcapDest string `yaml:"dest" json:"dest" default:""` } type TapConfig struct { @@ -258,11 +257,7 @@ type TapConfig struct { ResourceGuard ResourceGuardConfig `yaml:"resourceGuard" json:"resourceGuard"` Sentry SentryConfig `yaml:"sentry" json:"sentry"` DefaultFilter string `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !error"` - ScriptingDisabled bool `yaml:"scriptingDisabled" json:"scriptingDisabled" default:"false"` - TargetedPodsUpdateDisabled bool `yaml:"targetedPodsUpdateDisabled" json:"targetedPodsUpdateDisabled" default:"false"` - PresetFiltersChangingEnabled bool `yaml:"presetFiltersChangingEnabled" json:"presetFiltersChangingEnabled" default:"true"` - RecordingDisabled bool `yaml:"recordingDisabled" json:"recordingDisabled" default:"false"` - StopTrafficCapturingDisabled bool `yaml:"stopTrafficCapturingDisabled" json:"stopTrafficCapturingDisabled" default:"false"` + LiveConfigMapChangesDisabled bool `yaml:"liveConfigMapChangesDisabled" json:"liveConfigMapChangesDisabled" default:"false"` Capabilities CapabilitiesConfig `yaml:"capabilities" json:"capabilities"` GlobalFilter string `yaml:"globalFilter" json:"globalFilter" default:""` EnabledDissectors []string `yaml:"enabledDissectors" json:"enabledDissectors"` diff --git a/helm-chart/README.md b/helm-chart/README.md index 3a9e8f23c..717e248c4 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -196,6 +196,7 @@ Example for overriding image names: | `tap.sentry.enabled` | Enable sending of error logs to Sentry | `false` | | `tap.sentry.environment` | Sentry environment to label error logs with | `production` | | `tap.defaultFilter` | Sets the default dashboard KFL filter (e.g. `http`). By default, this value is set to filter out noisy protocols such as DNS, UDP, ICMP and TCP. The user can easily change this, **temporarily**, in the Dashboard. For a permanent change, you should change this value in the `values.yaml` or `config.yaml` file. | `"!dns and !error"` | +| `tap.liveConfigMapChangesDisabled` | If set to `true`, all user functionality (scripting, targeting settings, global & default KFL modification, traffic recording, traffic capturing on/off, protocol dissectors) involving dynamic ConfigMap changes from UI will be disabled | `false` | | `tap.globalFilter` | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field. Another example `!dns` will not show any DNS traffic. | `""` | | `tap.metrics.port` | Pod port used to expose Prometheus metrics | `49100` | | `tap.enabledDissectors` | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `udp` and `tcp` | @@ -214,7 +215,6 @@ Example for overriding image names: | `timezone` | IANA time zone applied to time shown in the front-end | `""` (local time zone applies) | | `supportChatEnabled` | Enable real-time support chat channel based on Intercom | `true` | | `internetConnectivity` | Turns off API requests that are dependant on Internet connectivity such as `telemetry` and `online-support`. | `true` | -| `dissectorsUpdatingEnabled` | Turns off UI for enabling/disabling dissectors | `true` | KernelMapping pairs kernel versions with a DriverContainer image. Kernel versions can be matched diff --git a/helm-chart/templates/06-front-deployment.yaml b/helm-chart/templates/06-front-deployment.yaml index 59fde16d1..9170adc59 100644 --- a/helm-chart/templates/06-front-deployment.yaml +++ b/helm-chart/templates/06-front-deployment.yaml @@ -37,20 +37,20 @@ spec: - name: REACT_APP_TIMEZONE value: '{{ not (eq .Values.timezone "") | ternary .Values.timezone " " }}' - name: REACT_APP_SCRIPTING_DISABLED - value: '{{ .Values.tap.scriptingDisabled }}' + value: '{{ .Values.tap.liveConfigMapChangesDisabled }}' - name: REACT_APP_TARGETED_PODS_UPDATE_DISABLED - value: '{{ .Values.tap.targetedPodsUpdateDisabled }}' + value: '{{ .Values.tap.liveConfigMapChangesDisabled }}' - name: REACT_APP_PRESET_FILTERS_CHANGING_ENABLED - value: '{{ .Values.tap.presetFiltersChangingEnabled }}' + value: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "false" "true" }}' - name: REACT_APP_BPF_OVERRIDE_DISABLED value: '{{ eq .Values.tap.packetCapture "ebpf" | ternary "true" "false" }}' - name: REACT_APP_RECORDING_DISABLED - value: '{{ .Values.tap.recordingDisabled }}' + value: '{{ .Values.tap.liveConfigMapChangesDisabled }}' - name: REACT_APP_STOP_TRAFFIC_CAPTURING_DISABLED - value: '{{- if and .Values.tap.stopTrafficCapturingDisabled .Values.tap.stopped -}} + value: '{{- if and .Values.tap.liveConfigMapChangesDisabled .Values.tap.stopped -}} false {{- else -}} - {{ .Values.tap.stopTrafficCapturingDisabled | ternary "true" "false" }} + {{ .Values.tap.liveConfigMapChangesDisabled | ternary "true" "false" }} {{- end -}}' - name: 'REACT_APP_CLOUD_LICENSE_ENABLED' value: '{{- if or (and .Values.cloudLicenseEnabled (not (empty .Values.license))) (not .Values.internetConnectivity) -}} @@ -61,7 +61,7 @@ spec: - name: REACT_APP_SUPPORT_CHAT_ENABLED value: '{{ and .Values.supportChatEnabled .Values.internetConnectivity | ternary "true" "false" }}' - name: REACT_APP_DISSECTORS_UPDATING_ENABLED - value: '{{ .Values.dissectorsUpdatingEnabled | ternary "true" "false" }}' + value: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "false" "true" }}' - name: REACT_APP_SENTRY_ENABLED value: '{{ (include "sentry.enabled" .) }}' - name: REACT_APP_SENTRY_ENVIRONMENT diff --git a/helm-chart/templates/12-config-map.yaml b/helm-chart/templates/12-config-map.yaml index 1ad5490cf..48364b404 100644 --- a/helm-chart/templates/12-config-map.yaml +++ b/helm-chart/templates/12-config-map.yaml @@ -27,14 +27,14 @@ data: AUTH_SAML_ROLE_ATTRIBUTE: '{{ .Values.tap.auth.saml.roleAttribute }}' AUTH_SAML_ROLES: '{{ .Values.tap.auth.saml.roles | toJson }}' TELEMETRY_DISABLED: '{{ not .Values.internetConnectivity | ternary "true" (not .Values.tap.telemetry.enabled | ternary "true" "false") }}' - SCRIPTING_DISABLED: '{{ .Values.tap.scriptingDisabled | ternary "true" "" }}' - TARGETED_PODS_UPDATE_DISABLED: '{{ .Values.tap.targetedPodsUpdateDisabled | ternary "true" "" }}' - PRESET_FILTERS_CHANGING_ENABLED: '{{ .Values.tap.presetFiltersChangingEnabled | ternary "true" "" }}' - RECORDING_DISABLED: '{{ .Values.tap.recordingDisabled | ternary "true" "" }}' - STOP_TRAFFIC_CAPTURING_DISABLED: '{{- if and .Values.tap.stopTrafficCapturingDisabled .Values.tap.stopped -}} + SCRIPTING_DISABLED: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "true" "" }}' + TARGETED_PODS_UPDATE_DISABLED: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "true" "" }}' + PRESET_FILTERS_CHANGING_ENABLED: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "false" "true" }}' + RECORDING_DISABLED: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "true" "" }}' + STOP_TRAFFIC_CAPTURING_DISABLED: '{{- if and .Values.tap.liveConfigMapChangesDisabled .Values.tap.stopped -}} false {{- else -}} - {{ .Values.tap.stopTrafficCapturingDisabled | ternary "true" "false" }} + {{ .Values.tap.liveConfigMapChangesDisabled | ternary "true" "false" }} {{- end }}' GLOBAL_FILTER: {{ include "kubeshark.escapeDoubleQuotes" .Values.tap.globalFilter | quote }} DEFAULT_FILTER: {{ include "kubeshark.escapeDoubleQuotes" .Values.tap.defaultFilter | quote }} @@ -51,7 +51,7 @@ data: DUPLICATE_TIMEFRAME: '{{ .Values.tap.misc.duplicateTimeframe }}' ENABLED_DISSECTORS: '{{ gt (len .Values.tap.enabledDissectors) 0 | ternary (join "," .Values.tap.enabledDissectors) "" }}' CUSTOM_MACROS: '{{ toJson .Values.tap.customMacros }}' - DISSECTORS_UPDATING_ENABLED: '{{ .Values.dissectorsUpdatingEnabled | ternary "true" "false" }}' + DISSECTORS_UPDATING_ENABLED: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "false" "true" }}' DETECT_DUPLICATES: '{{ .Values.tap.misc.detectDuplicates | ternary "true" "false" }}' PCAP_DUMP_ENABLE: '{{ .Values.pcapdump.enabled }}' PCAP_TIME_INTERVAL: '{{ .Values.pcapdump.timeInterval }}' diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 5ba256ec2..737daf9ee 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -119,11 +119,7 @@ tap: enabled: false environment: production defaultFilter: "!dns and !error" - scriptingDisabled: false - targetedPodsUpdateDisabled: false - presetFiltersChangingEnabled: true - recordingDisabled: false - stopTrafficCapturingDisabled: false + liveConfigMapChangesDisabled: false capabilities: networkCapture: - NET_RAW @@ -188,7 +184,6 @@ license: "" cloudLicenseEnabled: true supportChatEnabled: true internetConnectivity: true -dissectorsUpdatingEnabled: true scripting: env: {} source: ""