Add raw capture config parameters

2025-09-26 04:54:36 +00:00 · 2025-09-24 16:53:00 +03:00
parent 349d8b07df
commit 119040284d
4 changed files with 16 additions and 2 deletions
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -300,9 +300,15 @@ type SeLinuxOptionsConfig struct {
 	User  string `yaml:"user" json:"user"`
 }

+type RawCaptureConfig struct {
+	Enabled     bool   `yaml:"enabled" json:"enabled" default:"false"`
+	StorageSize string `yaml:"storageSize" json:"storageSize" default:"1GB"`
+}
+
 type CaptureConfig struct {
-	Stopped   bool   `yaml:"stopped" json:"stopped" default:"false"`
-	StopAfter string `yaml:"stopAfter" json:"stopAfter" default:"5m"`
+	Stopped   bool             `yaml:"stopped" json:"stopped" default:"false"`
+	StopAfter string           `yaml:"stopAfter" json:"stopAfter" default:"5m"`
+	Raw       RawCaptureConfig `yaml:"raw" json:"raw"`
 }

 type TapConfig struct {
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@@ -140,6 +140,8 @@ Example for overriding image names:
 | `tap.bpfOverride`                         | When using AF_PACKET as a traffic capture backend, override any existing pod targeting rules and set explicit BPF expression (e.g. `net 0.0.0.0/0`).                                                          | `[]`                                                    |
 | `tap.capture.stopped`                             | Set to `false` to have traffic processing start automatically. When set to `true`, traffic processing is stopped by default, resulting in almost no resource consumption (e.g. Kubeshark is dormant). This property can be dynamically control via the dashboard.      | `false`                                                                                                                                                |
 | `tap.capture.stopAfter`                             | Set to a duration (e.g. `30s`) to have traffic processing stop after no websocket activity between worker and hub.     | `30s`                                                                                                                                                |
+| `tap.capture.raw.enabled`                           | Enable raw capture of packets and syscalls to disk for offline analysis      | `false`                                                                                                                                                |
+| `tap.capture.raw.storageSize`                       | Maximum storage size for raw capture files (supports K8s quantity format: `1Gi`, `500Mi`, etc.)     | `1GB`                                                                                                                                                |
 | `tap.release.repo`                        | URL of the Helm chart repository              | `https://helm.kubeshark.co`                             |
 | `tap.release.name`                        | Helm release name                             | `kubeshark`                                             |
 | `tap.release.namespace`                   | Helm release namespace                        | `default`                                               |
--- a/helm-chart/templates/12-config-map.yaml
+++ b/helm-chart/templates/12-config-map.yaml
@@ -83,3 +83,5 @@ data:
    PCAP_MAX_TIME: '{{ .Values.pcapdump.maxTime }}'
    PCAP_MAX_SIZE: '{{ .Values.pcapdump.maxSize }}'
    PORT_MAPPING: '{{ toJson .Values.tap.portMapping }}'
+    RAW_CAPTURE: '{{ .Values.tap.capture.raw.enabled | ternary "true" "false" }}'
+    RAW_CAPTURE_STORAGE_SIZE: '{{ .Values.tap.capture.raw.storageSize }}'
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -29,6 +29,9 @@ tap:
  capture:
    stopped: false
    stopAfter: 5m
+    raw:
+      enabled: false
+      storageSize: 1GB
  release:
    repo: https://helm.kubeshark.co
    name: kubeshark
@@ -149,6 +152,7 @@ tap:
  ipv6: true
  debug: false
  dashboard:
+    streamingType: ""
    completeStreamingEnabled: true
  telemetry:
    enabled: true