diff --git a/helm-chart/templates/00-namespace.yaml b/helm-chart/templates/00-namespace.yaml new file mode 100644 index 000000000..90f85f1ab --- /dev/null +++ b/helm-chart/templates/00-namespace.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Namespace +metadata: + creationTimestamp: null + labels: + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark +spec: {} +status: {} diff --git a/helm-chart/templates/01-service-account.yaml b/helm-chart/templates/01-service-account.yaml new file mode 100644 index 000000000..6a26a0460 --- /dev/null +++ b/helm-chart/templates/01-service-account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + kubeshark-cli-version: v1 + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-service-account + namespace: kubeshark diff --git a/helm-chart/templates/02-cluster-role.yaml b/helm-chart/templates/02-cluster-role.yaml new file mode 100644 index 000000000..46584034e --- /dev/null +++ b/helm-chart/templates/02-cluster-role.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + kubeshark-cli-version: v1 + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-cluster-role + namespace: kubeshark +rules: + - apiGroups: + - "" + - extensions + - apps + resources: + - pods + - services + - endpoints + verbs: + - list + - get + - watch diff --git a/helm-chart/templates/03-cluster-role-binding.yaml b/helm-chart/templates/03-cluster-role-binding.yaml new file mode 100644 index 000000000..2ead4cc73 --- /dev/null +++ b/helm-chart/templates/03-cluster-role-binding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + kubeshark-cli-version: v1 + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-service-account + namespace: kubeshark +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeshark-cluster-role +subjects: + - kind: ServiceAccount + name: kubeshark-service-account + namespace: kubeshark diff --git a/helm-chart/templates/04-hub-pod.yaml b/helm-chart/templates/04-hub-pod.yaml new file mode 100644 index 000000000..1ad08f4ae --- /dev/null +++ b/helm-chart/templates/04-hub-pod.yaml @@ -0,0 +1,40 @@ +apiVersion: v1 +kind: Pod +metadata: + creationTimestamp: null + labels: + app: kubeshark-hub + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-hub + namespace: kubeshark +spec: + containers: + - command: + - ./hub + env: + - name: POD_REGEX + value: .* + - name: NAMESPACES + - name: STORAGE_LIMIT + value: 200MB + - name: LICENSE + image: docker.io/kubeshark/hub:latest + imagePullPolicy: Always + name: kubeshark-hub + resources: + limits: + cpu: 750m + memory: 1Gi + requests: + cpu: 50m + memory: 50Mi + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: kubeshark-service-account + terminationGracePeriodSeconds: 0 + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists +status: {} diff --git a/helm-chart/templates/05-hub-service.yaml b/helm-chart/templates/05-hub-service.yaml new file mode 100644 index 000000000..ffa72931c --- /dev/null +++ b/helm-chart/templates/05-hub-service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-hub + namespace: kubeshark +spec: + ports: + - name: kubeshark-hub + port: 80 + targetPort: 80 + selector: + app: kubeshark-hub + type: ClusterIP +status: + loadBalancer: {} diff --git a/helm-chart/templates/06-front-pod.yaml b/helm-chart/templates/06-front-pod.yaml new file mode 100644 index 000000000..8077952bf --- /dev/null +++ b/helm-chart/templates/06-front-pod.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: Pod +metadata: + creationTimestamp: null + labels: + app: kubeshark-front + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-front + namespace: kubeshark +spec: + containers: + - env: + - name: REACT_APP_DEFAULT_FILTER + value: ' ' + - name: REACT_APP_HUB_HOST + value: ' ' + - name: REACT_APP_HUB_PORT + value: "8898" + image: docker.io/kubeshark/front:latest + imagePullPolicy: Always + name: kubeshark-front + readinessProbe: + failureThreshold: 3 + periodSeconds: 1 + successThreshold: 1 + tcpSocket: + port: 80 + timeoutSeconds: 1 + resources: + limits: + cpu: 750m + memory: 1Gi + requests: + cpu: 50m + memory: 50Mi + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: kubeshark-service-account + terminationGracePeriodSeconds: 0 + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists +status: {} diff --git a/helm-chart/templates/07-front-service.yaml b/helm-chart/templates/07-front-service.yaml new file mode 100644 index 000000000..2fdc0f409 --- /dev/null +++ b/helm-chart/templates/07-front-service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-front + namespace: kubeshark +spec: + ports: + - name: kubeshark-front + port: 80 + targetPort: 80 + selector: + app: kubeshark-front + type: ClusterIP +status: + loadBalancer: {} diff --git a/helm-chart/templates/08-worker-daemon-set.yaml b/helm-chart/templates/08-worker-daemon-set.yaml new file mode 100644 index 000000000..5ee38dbab --- /dev/null +++ b/helm-chart/templates/08-worker-daemon-set.yaml @@ -0,0 +1,81 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + creationTimestamp: null + labels: + app: kubeshark-worker-daemon-set + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-worker-daemon-set + namespace: kubeshark +spec: + selector: + matchLabels: + app: kubeshark-worker-daemon-set + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + template: + metadata: + creationTimestamp: null + labels: + app: kubeshark-worker-daemon-set + kubeshark-created-by: kubeshark + kubeshark-managed-by: kubeshark + name: kubeshark-worker-daemon-set + namespace: kubeshark + spec: + containers: + - command: + - ./worker + - -i + - any + - -port + - "8897" + - -servicemesh + - -tls + - -procfs + - /hostproc + image: docker.io/kubeshark/worker:latest + imagePullPolicy: Always + name: kubeshark-worker-daemon-set + resources: + limits: + cpu: 750m + memory: 1Gi + requests: + cpu: 50m + memory: 50Mi + securityContext: + capabilities: + add: + - NET_RAW + - NET_ADMIN + - SYS_ADMIN + - SYS_PTRACE + - DAC_OVERRIDE + - SYS_RESOURCE + drop: + - ALL + volumeMounts: + - mountPath: /hostproc + name: proc + readOnly: true + - mountPath: /sys + name: sys + readOnly: true + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + serviceAccountName: kubeshark-service-account + terminationGracePeriodSeconds: 0 + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + volumes: + - hostPath: + path: /proc + name: proc + - hostPath: + path: /sys + name: sys