diff --git a/cmd/config.go b/cmd/config.go index 74292d97b..715dea371 100644 --- a/cmd/config.go +++ b/cmd/config.go @@ -2,7 +2,6 @@ package cmd import ( "fmt" - "path" "github.com/creasty/defaults" "github.com/kubeshark/kubeshark/config" @@ -52,5 +51,5 @@ func init() { log.Debug().Err(err).Send() } - configCmd.Flags().BoolP(configStructs.RegenerateConfigName, "r", defaultConfig.Config.Regenerate, fmt.Sprintf("Regenerate the config file with default values to path %s", path.Join(misc.GetDotFolderPath(), "config.yaml"))) + configCmd.Flags().BoolP(configStructs.RegenerateConfigName, "r", defaultConfig.Config.Regenerate, fmt.Sprintf("Regenerate the config file with default values to path %s", config.GetConfigFilePath(nil))) } diff --git a/cmd/root.go b/cmd/root.go index 0f9e2c646..178cad30c 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -33,6 +33,7 @@ func init() { rootCmd.PersistentFlags().StringSlice(config.SetCommandName, []string{}, fmt.Sprintf("Override values using --%s", config.SetCommandName)) rootCmd.PersistentFlags().BoolP(config.DebugFlag, "d", false, "Enable debug mode") + rootCmd.PersistentFlags().String(config.ConfigPathFlag, "", fmt.Sprintf("Set the config path, default: %s", config.GetConfigFilePath(nil))) } // Execute adds all child commands to the root command and sets flags appropriately. diff --git a/config/config.go b/config/config.go index 953b5e7a0..0d6d6f058 100644 --- a/config/config.go +++ b/config/config.go @@ -28,6 +28,7 @@ const ( FieldNameTag = "yaml" ReadonlyTag = "readonly" DebugFlag = "debug" + ConfigPathFlag = "config-path" ) var ( @@ -82,7 +83,7 @@ func InitConfig(cmd *cobra.Command) error { return err } - ConfigFilePath = path.Join(misc.GetDotFolderPath(), "config.yaml") + ConfigFilePath = GetConfigFilePath(cmd) if err := loadConfigFile(&Config, utils.Contains([]string{ "manifests", "license", @@ -134,21 +135,44 @@ func WriteConfig(config *ConfigStruct) error { return nil } -func loadConfigFile(config *ConfigStruct, silent bool) error { +func GetConfigFilePath(cmd *cobra.Command) string { + defaultConfigPath := path.Join(misc.GetDotFolderPath(), "config.yaml") + cwd, err := os.Getwd() if err != nil { - return err + return defaultConfigPath + } + + if cmd != nil { + configPathOverride, err := cmd.Flags().GetString(ConfigPathFlag) + if err == nil { + if configPathOverride != "" { + resolvedConfigPath, err := filepath.Abs(configPathOverride) + if err != nil { + log.Error().Err(err).Msg("--config-path flag path cannot be resolved") + } else { + return resolvedConfigPath + } + } + } else { + log.Error().Err(err).Msg("--config-path flag parser error") + } } cwdConfig := filepath.Join(cwd, fmt.Sprintf("%s.yaml", misc.Program)) reader, err := os.Open(cwdConfig) if err != nil { - reader, err = os.Open(ConfigFilePath) - if err != nil { - return err - } + return defaultConfigPath } else { - ConfigFilePath = cwdConfig + reader.Close() + return cwdConfig + } +} + +func loadConfigFile(config *ConfigStruct, silent bool) error { + reader, err := os.Open(ConfigFilePath) + if err != nil { + return err } defer reader.Close() @@ -176,9 +200,14 @@ func initFlag(f *pflag.Flag) { flagPath = append(flagPath, strings.Split(f.Name, "-")...) + flagPathJoined := strings.Join(flagPath, ".") + if strings.HasSuffix(flagPathJoined, ".config.path") { + return + } + sliceValue, isSliceValue := f.Value.(pflag.SliceValue) if !isSliceValue { - if err := mergeFlagValue(configElemValue, flagPath, strings.Join(flagPath, "."), f.Value.String()); err != nil { + if err := mergeFlagValue(configElemValue, flagPath, flagPathJoined, f.Value.String()); err != nil { log.Warn().Err(err).Send() } return @@ -191,7 +220,7 @@ func initFlag(f *pflag.Flag) { return } - if err := mergeFlagValues(configElemValue, flagPath, strings.Join(flagPath, "."), sliceValue.GetSlice()); err != nil { + if err := mergeFlagValues(configElemValue, flagPath, flagPathJoined, sliceValue.GetSlice()); err != nil { log.Warn().Err(err).Send() } } diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 98f622589..43c3a75a4 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -227,6 +227,10 @@ type WatchdogConfig struct { Enabled bool `yaml:"enabled" json:"enabled" default:"true"` } +type GitopsConfig struct { + Enabled bool `yaml:"enabled" json:"enabled" default:"false"` +} + type CapabilitiesConfig struct { NetworkCapture []string `yaml:"networkCapture" json:"networkCapture" default:"[]"` ServiceMeshCapture []string `yaml:"serviceMeshCapture" json:"serviceMeshCapture" default:"[]"` @@ -330,6 +334,7 @@ type TapConfig struct { Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"` ResourceGuard ResourceGuardConfig `yaml:"resourceGuard" json:"resourceGuard"` Watchdog WatchdogConfig `yaml:"watchdog" json:"watchdog"` + Gitops GitopsConfig `yaml:"gitops" json:"gitops"` Sentry SentryConfig `yaml:"sentry" json:"sentry"` DefaultFilter string `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !error"` LiveConfigMapChangesDisabled bool `yaml:"liveConfigMapChangesDisabled" json:"liveConfigMapChangesDisabled" default:"false"` diff --git a/helm-chart/README.md b/helm-chart/README.md index bfae9388a..043936d44 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -210,6 +210,7 @@ Example for overriding image names: | `tap.metrics.port` | Pod port used to expose Prometheus metrics | `49100` | | `tap.enabledDissectors` | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `udp` and `tcp` | | `tap.mountBpf` | BPF filesystem needs to be mounted for eBPF to work properly. This helm value determines whether Kubeshark will attempt to mount the filesystem. This option is not required if filesystem is already mounts. │ `true`| +| `tap.gitops.enabled` | Enable GitOps functionality. This will allow you to use GitOps to manage your Kubeshark configuration. | `false` | | `logs.file` | Logs dump path | `""` | | `pcapdump.enabled` | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools | `true` | | `pcapdump.maxTime` | The time window into the past that will be stored. Older traffic will be discarded. | `2h` | diff --git a/helm-chart/templates/04-hub-deployment.yaml b/helm-chart/templates/04-hub-deployment.yaml index f2755eb04..29f4ed0e5 100644 --- a/helm-chart/templates/04-hub-deployment.yaml +++ b/helm-chart/templates/04-hub-deployment.yaml @@ -33,6 +33,9 @@ spec: - "8080" - -loglevel - '{{ .Values.logLevel | default "warning" }}' + {{- if .Values.tap.gitops.enabled }} + - -gitops + {{- end }} env: - name: POD_NAME valueFrom: diff --git a/helm-chart/templates/12-config-map.yaml b/helm-chart/templates/12-config-map.yaml index b356be53a..90bedb07e 100644 --- a/helm-chart/templates/12-config-map.yaml +++ b/helm-chart/templates/12-config-map.yaml @@ -1,7 +1,7 @@ kind: ConfigMap apiVersion: v1 metadata: - name: kubeshark-config-map-default + name: {{ include "kubeshark.configmapName" . }} namespace: {{ .Release.Namespace }} labels: app.kubeshark.co/app: hub diff --git a/helm-chart/templates/13-secret.yaml b/helm-chart/templates/13-secret.yaml index d5093d8c8..01f995cb5 100644 --- a/helm-chart/templates/13-secret.yaml +++ b/helm-chart/templates/13-secret.yaml @@ -1,7 +1,7 @@ kind: Secret apiVersion: v1 metadata: - name: kubeshark-secret-default + name: {{ include "kubeshark.secretName" . }} namespace: {{ .Release.Namespace }} labels: app.kubeshark.co/app: hub diff --git a/helm-chart/templates/18-cleanup-job.yaml b/helm-chart/templates/18-cleanup-job.yaml index 3dee7cd0f..59a076299 100644 --- a/helm-chart/templates/18-cleanup-job.yaml +++ b/helm-chart/templates/18-cleanup-job.yaml @@ -1,3 +1,4 @@ +{{ if .Values.tap.gitops.enabled -}} apiVersion: batch/v1 kind: Job metadata: @@ -19,6 +20,5 @@ spec: {{ else }} image: '{{ .Values.tap.docker.registry }}/hub:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}' {{- end }} - command: ["/bin/sh", "-c"] - args: - - "kubectl delete cm kubeshark-config-map || true && kubectl delete secret kubeshark-secret || true" \ No newline at end of file + command: ["/app/cleanup"] +{{ end -}} \ No newline at end of file diff --git a/helm-chart/templates/_helpers.tpl b/helm-chart/templates/_helpers.tpl index 0230d06f6..6285caeab 100644 --- a/helm-chart/templates/_helpers.tpl +++ b/helm-chart/templates/_helpers.tpl @@ -49,6 +49,18 @@ Create the name of the service account to use {{- printf "%s-service-account" .Release.Name }} {{- end }} +{{/* +Set configmap and secret names based on gitops.enabled +*/}} +{{- define "kubeshark.configmapName" -}} +kubeshark-config-map{{ if .Values.tap.gitops.enabled }}-default{{ end }} +{{- end -}} + +{{- define "kubeshark.secretName" -}} +kubeshark-secret{{ if .Values.tap.gitops.enabled }}-default{{ end }} +{{- end -}} + + {{/* Escape double quotes in a string */}} diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 406cc63bc..9ce78a231 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -151,6 +151,8 @@ tap: enabled: false watchdog: enabled: true + gitops: + enabled: false sentry: enabled: false environment: production diff --git a/manifests/complete.yaml b/manifests/complete.yaml index 8adfc49ab..ccdbff2da 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -130,7 +130,7 @@ metadata: kind: Secret apiVersion: v1 metadata: - name: kubeshark-secret-default + name: kubeshark-secret namespace: default labels: app.kubeshark.co/app: hub @@ -244,7 +244,7 @@ data: kind: ConfigMap apiVersion: v1 metadata: - name: kubeshark-config-map-default + name: kubeshark-config-map namespace: default labels: app.kubeshark.co/app: hub