From 119040284dc04e55ba91e7fe319891fd4a1d5c08 Mon Sep 17 00:00:00 2001 From: Volodymyr Stoiko Date: Wed, 24 Sep 2025 16:53:00 +0300 Subject: [PATCH] Add raw capture config parameters --- config/configStructs/tapConfig.go | 10 ++++++++-- helm-chart/README.md | 2 ++ helm-chart/templates/12-config-map.yaml | 2 ++ helm-chart/values.yaml | 4 ++++ 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 5de658e35..bbac208ce 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -300,9 +300,15 @@ type SeLinuxOptionsConfig struct { User string `yaml:"user" json:"user"` } +type RawCaptureConfig struct { + Enabled bool `yaml:"enabled" json:"enabled" default:"false"` + StorageSize string `yaml:"storageSize" json:"storageSize" default:"1GB"` +} + type CaptureConfig struct { - Stopped bool `yaml:"stopped" json:"stopped" default:"false"` - StopAfter string `yaml:"stopAfter" json:"stopAfter" default:"5m"` + Stopped bool `yaml:"stopped" json:"stopped" default:"false"` + StopAfter string `yaml:"stopAfter" json:"stopAfter" default:"5m"` + Raw RawCaptureConfig `yaml:"raw" json:"raw"` } type TapConfig struct { diff --git a/helm-chart/README.md b/helm-chart/README.md index bf5c0f856..0b314ec79 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -140,6 +140,8 @@ Example for overriding image names: | `tap.bpfOverride` | When using AF_PACKET as a traffic capture backend, override any existing pod targeting rules and set explicit BPF expression (e.g. `net 0.0.0.0/0`). | `[]` | | `tap.capture.stopped` | Set to `false` to have traffic processing start automatically. When set to `true`, traffic processing is stopped by default, resulting in almost no resource consumption (e.g. Kubeshark is dormant). This property can be dynamically control via the dashboard. | `false` | | `tap.capture.stopAfter` | Set to a duration (e.g. `30s`) to have traffic processing stop after no websocket activity between worker and hub. | `30s` | +| `tap.capture.raw.enabled` | Enable raw capture of packets and syscalls to disk for offline analysis | `false` | +| `tap.capture.raw.storageSize` | Maximum storage size for raw capture files (supports K8s quantity format: `1Gi`, `500Mi`, etc.) | `1GB` | | `tap.release.repo` | URL of the Helm chart repository | `https://helm.kubeshark.co` | | `tap.release.name` | Helm release name | `kubeshark` | | `tap.release.namespace` | Helm release namespace | `default` | diff --git a/helm-chart/templates/12-config-map.yaml b/helm-chart/templates/12-config-map.yaml index 7a7fc8300..3eb063260 100644 --- a/helm-chart/templates/12-config-map.yaml +++ b/helm-chart/templates/12-config-map.yaml @@ -83,3 +83,5 @@ data: PCAP_MAX_TIME: '{{ .Values.pcapdump.maxTime }}' PCAP_MAX_SIZE: '{{ .Values.pcapdump.maxSize }}' PORT_MAPPING: '{{ toJson .Values.tap.portMapping }}' + RAW_CAPTURE: '{{ .Values.tap.capture.raw.enabled | ternary "true" "false" }}' + RAW_CAPTURE_STORAGE_SIZE: '{{ .Values.tap.capture.raw.storageSize }}' diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index ab584a758..3f5837c78 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -29,6 +29,9 @@ tap: capture: stopped: false stopAfter: 5m + raw: + enabled: false + storageSize: 1GB release: repo: https://helm.kubeshark.co name: kubeshark @@ -149,6 +152,7 @@ tap: ipv6: true debug: false dashboard: + streamingType: "" completeStreamingEnabled: true telemetry: enabled: true