✨ Run kubeshark helm-chart

helm-chart/templates/00-namespace.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  creationTimestamp: null
+  labels:
+    kubeshark-created-by: kubeshark
+    kubeshark-managed-by: kubeshark
+  name: kubeshark
+spec: {}
+status: {}

helm-chart/templates/01-service-account.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  creationTimestamp: null
+  labels:
+    kubeshark-cli-version: v1
+    kubeshark-created-by: kubeshark
+    kubeshark-managed-by: kubeshark
+  name: kubeshark-service-account
+  namespace: kubeshark

helm-chart/templates/02-cluster-role.yaml

@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    kubeshark-cli-version: v1
+    kubeshark-created-by: kubeshark
+    kubeshark-managed-by: kubeshark
+  name: kubeshark-cluster-role
+  namespace: kubeshark
+rules:
+  - apiGroups:
+      - ""
+      - extensions
+      - apps
+    resources:
+      - pods
+      - services
+      - endpoints
+    verbs:
+      - list
+      - get
+      - watch

helm-chart/templates/03-cluster-role-binding.yaml

@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    kubeshark-cli-version: v1
+    kubeshark-created-by: kubeshark
+    kubeshark-managed-by: kubeshark
+  name: kubeshark-service-account
+  namespace: kubeshark
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubeshark-cluster-role
+subjects:
+  - kind: ServiceAccount
+    name: kubeshark-service-account
+    namespace: kubeshark

helm-chart/templates/04-hub-pod.yaml

@@ -0,0 +1,40 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  creationTimestamp: null
+  labels:
+    app: kubeshark-hub
+    kubeshark-created-by: kubeshark
+    kubeshark-managed-by: kubeshark
+  name: kubeshark-hub
+  namespace: kubeshark
+spec:
+  containers:
+    - command:
+        - ./hub
+      env:
+        - name: POD_REGEX
+          value: .*
+        - name: NAMESPACES
+        - name: STORAGE_LIMIT
+          value: 200MB
+        - name: LICENSE
+      image: docker.io/kubeshark/hub:latest
+      imagePullPolicy: Always
+      name: kubeshark-hub
+      resources:
+        limits:
+          cpu: 750m
+          memory: 1Gi
+        requests:
+          cpu: 50m
+          memory: 50Mi
+  dnsPolicy: ClusterFirstWithHostNet
+  serviceAccountName: kubeshark-service-account
+  terminationGracePeriodSeconds: 0
+  tolerations:
+    - effect: NoExecute
+      operator: Exists
+    - effect: NoSchedule
+      operator: Exists
+status: {}

helm-chart/templates/05-hub-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    kubeshark-created-by: kubeshark
+    kubeshark-managed-by: kubeshark
+  name: kubeshark-hub
+  namespace: kubeshark
+spec:
+  ports:
+    - name: kubeshark-hub
+      port: 80
+      targetPort: 80
+  selector:
+    app: kubeshark-hub
+  type: ClusterIP
+status:
+  loadBalancer: {}

helm-chart/templates/06-front-pod.yaml

@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  creationTimestamp: null
+  labels:
+    app: kubeshark-front
+    kubeshark-created-by: kubeshark
+    kubeshark-managed-by: kubeshark
+  name: kubeshark-front
+  namespace: kubeshark
+spec:
+  containers:
+    - env:
+        - name: REACT_APP_DEFAULT_FILTER
+          value: ' '
+        - name: REACT_APP_HUB_HOST
+          value: ' '
+        - name: REACT_APP_HUB_PORT
+          value: "8898"
+      image: docker.io/kubeshark/front:latest
+      imagePullPolicy: Always
+      name: kubeshark-front
+      readinessProbe:
+        failureThreshold: 3
+        periodSeconds: 1
+        successThreshold: 1
+        tcpSocket:
+          port: 80
+        timeoutSeconds: 1
+      resources:
+        limits:
+          cpu: 750m
+          memory: 1Gi
+        requests:
+          cpu: 50m
+          memory: 50Mi
+  dnsPolicy: ClusterFirstWithHostNet
+  serviceAccountName: kubeshark-service-account
+  terminationGracePeriodSeconds: 0
+  tolerations:
+    - effect: NoExecute
+      operator: Exists
+    - effect: NoSchedule
+      operator: Exists
+status: {}

helm-chart/templates/07-front-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    kubeshark-created-by: kubeshark
+    kubeshark-managed-by: kubeshark
+  name: kubeshark-front
+  namespace: kubeshark
+spec:
+  ports:
+    - name: kubeshark-front
+      port: 80
+      targetPort: 80
+  selector:
+    app: kubeshark-front
+  type: ClusterIP
+status:
+  loadBalancer: {}

helm-chart/templates/08-worker-daemon-set.yaml

@@ -0,0 +1,81 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  creationTimestamp: null
+  labels:
+    app: kubeshark-worker-daemon-set
+    kubeshark-created-by: kubeshark
+    kubeshark-managed-by: kubeshark
+  name: kubeshark-worker-daemon-set
+  namespace: kubeshark
+spec:
+  selector:
+    matchLabels:
+      app: kubeshark-worker-daemon-set
+      kubeshark-created-by: kubeshark
+      kubeshark-managed-by: kubeshark
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: kubeshark-worker-daemon-set
+        kubeshark-created-by: kubeshark
+        kubeshark-managed-by: kubeshark
+      name: kubeshark-worker-daemon-set
+      namespace: kubeshark
+    spec:
+      containers:
+        - command:
+            - ./worker
+            - -i
+            - any
+            - -port
+            - "8897"
+            - -servicemesh
+            - -tls
+            - -procfs
+            - /hostproc
+          image: docker.io/kubeshark/worker:latest
+          imagePullPolicy: Always
+          name: kubeshark-worker-daemon-set
+          resources:
+            limits:
+              cpu: 750m
+              memory: 1Gi
+            requests:
+              cpu: 50m
+              memory: 50Mi
+          securityContext:
+            capabilities:
+              add:
+                - NET_RAW
+                - NET_ADMIN
+                - SYS_ADMIN
+                - SYS_PTRACE
+                - DAC_OVERRIDE
+                - SYS_RESOURCE
+              drop:
+                - ALL
+          volumeMounts:
+            - mountPath: /hostproc
+              name: proc
+              readOnly: true
+            - mountPath: /sys
+              name: sys
+              readOnly: true
+      dnsPolicy: ClusterFirstWithHostNet
+      hostNetwork: true
+      serviceAccountName: kubeshark-service-account
+      terminationGracePeriodSeconds: 0
+      tolerations:
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+      volumes:
+        - hostPath:
+            path: /proc
+          name: proc
+        - hostPath:
+            path: /sys
+          name: sys