diff --git a/cmd/mcp_test.go b/cmd/mcp_test.go index be6600e52..d7aad1367 100644 --- a/cmd/mcp_test.go +++ b/cmd/mcp_test.go @@ -218,7 +218,7 @@ func newTestMCPServerWithMockBackend(handler http.HandlerFunc) (*mcpServer, *htt } type hubToolCallRequest struct { - Tool string `json:"tool"` + Tool string `json:"name"` Arguments map[string]any `json:"arguments"` } diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 0d3f9cd27..e84e1122a 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -261,6 +261,8 @@ type MiscConfig struct { DuplicateTimeframe string `yaml:"duplicateTimeframe" json:"duplicateTimeframe" default:"200ms"` DetectDuplicates bool `yaml:"detectDuplicates" json:"detectDuplicates" default:"false"` StaleTimeoutSeconds int `yaml:"staleTimeoutSeconds" json:"staleTimeoutSeconds" default:"30"` + TcpFlowTimeout int `yaml:"tcpFlowTimeout" json:"tcpFlowTimeout" default:"1200"` + UdpFlowTimeout int `yaml:"udpFlowTimeout" json:"udpFlowTimeout" default:"1200"` } type PcapDumpConfig struct { diff --git a/helm-chart/README.md b/helm-chart/README.md index b8caaf693..390214b12 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -220,6 +220,8 @@ Example for overriding image names: | `tap.mountBpf` | BPF filesystem needs to be mounted for eBPF to work properly. This helm value determines whether Kubeshark will attempt to mount the filesystem. This option is not required if filesystem is already mounts. │ `true`| | `tap.hostNetwork` | Enable host network mode for worker DaemonSet pods. When enabled, worker pods use the host's network namespace for direct network access. | `true` | | `tap.gitops.enabled` | Enable GitOps functionality. This will allow you to use GitOps to manage your Kubeshark configuration. | `false` | +| `tap.misc.tcpFlowTimeout` | TCP flow aggregation timeout in seconds. Controls how long the worker waits before finalizing a TCP flow. | `1200` | +| `tap.misc.udpFlowTimeout` | UDP flow aggregation timeout in seconds. Controls how long the worker waits before finalizing a UDP flow. | `1200` | | `logs.file` | Logs dump path | `""` | | `pcapdump.enabled` | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools | `false` | | `pcapdump.maxTime` | The time window into the past that will be stored. Older traffic will be discarded. | `2h` | diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml index 7d99cc015..8f8225d70 100644 --- a/helm-chart/templates/09-worker-daemon-set.yaml +++ b/helm-chart/templates/09-worker-daemon-set.yaml @@ -99,6 +99,10 @@ spec: - '{{ .Values.tap.misc.resolutionStrategy }}' - -staletimeout - '{{ .Values.tap.misc.staleTimeoutSeconds }}' + - -tcp-flow-full-timeout + - '{{ .Values.tap.misc.tcpFlowTimeout }}' + - -udp-flow-full-timeout + - '{{ .Values.tap.misc.udpFlowTimeout }}' - -storage-size - '{{ .Values.tap.storageLimit }}' - -capture-db-max-size diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 5d253e610..addc792e6 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -191,8 +191,8 @@ tap: - diameter - udp-flow - tcp-flow - - tcp-conn - udp-conn + - tcp-conn portMapping: http: - 80 @@ -228,6 +228,8 @@ tap: duplicateTimeframe: 200ms detectDuplicates: false staleTimeoutSeconds: 30 + tcpFlowTimeout: 1200 + udpFlowTimeout: 1200 securityContext: privileged: true appArmorProfile: @@ -270,7 +272,7 @@ kube: dumpLogs: false headless: false license: "" -cloudApiUrl: "https://api.kubeshark.com" +cloudApiUrl: https://api.kubeshark.com cloudLicenseEnabled: true demoModeEnabled: false supportChatEnabled: false diff --git a/manifests/complete.yaml b/manifests/complete.yaml index a785646bf..b0235c21e 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -257,6 +257,7 @@ data: EXCLUDED_NAMESPACES: '' BPF_OVERRIDE: '' DISSECTION_ENABLED: 'true' + CAPTURE_SELF: 'false' SCRIPTING_SCRIPTS: '{}' SCRIPTING_ACTIVE_SCRIPTS: '' INGRESS_ENABLED: 'false' @@ -266,7 +267,7 @@ data: AUTH_TYPE: 'default' AUTH_SAML_IDP_METADATA_URL: '' AUTH_SAML_ROLE_ATTRIBUTE: 'role' - AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canStopTrafficCapturing":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","scriptingPermissions":{"canActivate":true,"canDelete":true,"canSave":true},"showAdminConsoleLink":true}}' + AUTH_SAML_ROLES: '{"admin":{"canControlDissection":true,"canDownloadPCAP":true,"canStopTrafficCapturing":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","scriptingPermissions":{"canActivate":true,"canDelete":true,"canSave":true},"showAdminConsoleLink":true}}' AUTH_OIDC_ISSUER: 'not set' AUTH_OIDC_REFRESH_TOKEN_LIFETIME: '3960h' AUTH_OIDC_STATE_PARAM_EXPIRY: '10m' @@ -285,7 +286,6 @@ data: PCAP_ERROR_TTL: '0' TIMEZONE: ' ' CLOUD_LICENSE_ENABLED: 'true' - AI_ASSISTANT_ENABLED: 'true' DUPLICATE_TIMEFRAME: '200ms' ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,ws,ldap,radius,diameter,udp-flow,tcp-flow,udp-conn,tcp-conn' CUSTOM_MACROS: '{"https":"tls and (http or http2)"}' @@ -606,10 +606,16 @@ spec: - 'auto' - -staletimeout - '30' + - -tcp-flow-full-timeout + - '1200' + - -udp-flow-full-timeout + - '1200' - -storage-size - '10Gi' - -capture-db-max-size - '500Mi' + - -cloud-api-url + - 'https://api.kubeshark.com' image: 'docker.io/kubeshark/worker:v52.12' imagePullPolicy: Always name: sniffer @@ -630,8 +636,6 @@ spec: value: '10000' - name: TCP_STREAM_CHANNEL_TIMEOUT_SHOW value: 'false' - - name: KUBESHARK_CLOUD_API_URL - value: 'https://api.kubeshark.com' - name: PROFILING_ENABLED value: 'false' - name: SENTRY_ENABLED @@ -820,6 +824,8 @@ spec: - '1' - -dissector-memory - '4Gi' + - -cloud-api-url + - 'https://api.kubeshark.com' env: - name: POD_NAME valueFrom: @@ -833,8 +839,6 @@ spec: value: 'false' - name: SENTRY_ENVIRONMENT value: 'production' - - name: KUBESHARK_CLOUD_API_URL - value: 'https://api.kubeshark.com' - name: PROFILING_ENABLED value: 'false' image: 'docker.io/kubeshark/hub:v52.12' @@ -943,6 +947,8 @@ spec: value: ' ' - name: REACT_APP_TIMEZONE value: ' ' + - name: REACT_APP_SCRIPTING_HIDDEN + value: 'true' - name: REACT_APP_SCRIPTING_DISABLED value: 'false' - name: REACT_APP_TARGETED_PODS_UPDATE_DISABLED @@ -953,12 +959,12 @@ spec: value: 'true' - name: REACT_APP_RECORDING_DISABLED value: 'false' + - name: REACT_APP_DISSECTION_ENABLED + value: 'true' - name: REACT_APP_DISSECTION_CONTROL_ENABLED value: 'true' - name: 'REACT_APP_CLOUD_LICENSE_ENABLED' value: 'true' - - name: 'REACT_APP_AI_ASSISTANT_ENABLED' - value: 'true' - name: REACT_APP_SUPPORT_CHAT_ENABLED value: 'false' - name: REACT_APP_BETA_ENABLED