diff --git a/config/configStruct.go b/config/configStruct.go index 5431fee6c..9d8463be2 100644 --- a/config/configStruct.go +++ b/config/configStruct.go @@ -10,7 +10,7 @@ import ( ) const ( - KubeConfigPathConfigName = "kube-configpath" + KubeConfigPathConfigName = "kube-configPath" ) func CreateDefaultConfig() ConfigStruct { @@ -32,7 +32,7 @@ func CreateDefaultConfig() ConfigStruct { } type KubeConfig struct { - ConfigPathStr string `yaml:"configpath" json:"configpath"` + ConfigPathStr string `yaml:"configPath" json:"configPath"` Context string `yaml:"context" json:"context"` } @@ -45,7 +45,7 @@ type ConfigStruct struct { Logs configStructs.LogsConfig `yaml:"logs" json:"logs"` Config configStructs.ConfigConfig `yaml:"config,omitempty" json:"config,omitempty"` Kube KubeConfig `yaml:"kube" json:"kube"` - DumpLogs bool `yaml:"dumplogs" json:"dumplogs" default:"false"` + DumpLogs bool `yaml:"dumpLogs" json:"dumpLogs" default:"false"` HeadlessMode bool `yaml:"headless" json:"headless" default:"false"` License string `yaml:"license" json:"license" default:""` Scripting configStructs.ScriptingConfig `yaml:"scripting" json:"scripting"` diff --git a/config/configStructs/scriptingConfig.go b/config/configStructs/scriptingConfig.go index 93f0ba804..6cf58c5a2 100644 --- a/config/configStructs/scriptingConfig.go +++ b/config/configStructs/scriptingConfig.go @@ -12,7 +12,7 @@ import ( type ScriptingConfig struct { Env map[string]interface{} `yaml:"env" json:"env" default:"{}"` Source string `yaml:"source" json:"source" default:""` - WatchScripts bool `yaml:"watchscripts" json:"watchscripts" default:"true"` + WatchScripts bool `yaml:"watchScripts" json:"watchScripts" default:"true"` } func (config *ScriptingConfig) GetScripts() (scripts []*misc.Script, err error) { diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 4b970acf5..520ef32d3 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -11,21 +11,21 @@ import ( const ( DockerRegistryLabel = "docker-registry" DockerTagLabel = "docker-tag" - DockerImagePullPolicy = "docker-imagepullpolicy" - DockerImagePullSecrets = "docker-imagepullsecrets" + DockerImagePullPolicy = "docker-imagePullPolicy" + DockerImagePullSecrets = "docker-imagePullSecrets" ProxyFrontPortLabel = "proxy-front-port" ProxyHubPortLabel = "proxy-hub-port" ProxyHostLabel = "proxy-host" NamespacesLabel = "namespaces" ReleaseNamespaceLabel = "release-namespace" - PersistentStorageLabel = "persistentstorage" - StorageLimitLabel = "storagelimit" - StorageClassLabel = "storageclass" - DryRunLabel = "dryrun" + PersistentStorageLabel = "persistentStorage" + StorageLimitLabel = "storageLimit" + StorageClassLabel = "storageClass" + DryRunLabel = "dryRun" PcapLabel = "pcap" - ServiceMeshLabel = "servicemesh" + ServiceMeshLabel = "serviceMesh" TlsLabel = "tls" - IgnoreTaintedLabel = "ignoretainted" + IgnoreTaintedLabel = "ignoreTainted" IngressEnabledLabel = "ingress-enabled" TelemetryEnabledLabel = "telemetry-enabled" DebugLabel = "debug" @@ -49,12 +49,12 @@ type ResourceRequirements struct { } type WorkerConfig struct { - SrvPort uint16 `yaml:"srvport" json:"srvport" default:"8897"` + SrvPort uint16 `yaml:"srvPort" json:"srvPort" default:"8897"` } type HubConfig struct { Port uint16 `yaml:"port" json:"port" default:"8898"` - SrvPort uint16 `yaml:"srvport" json:"srvport" default:"8898"` + SrvPort uint16 `yaml:"srvPort" json:"srvPort" default:"8898"` } type FrontConfig struct { @@ -71,8 +71,8 @@ type ProxyConfig struct { type DockerConfig struct { Registry string `yaml:"registry" json:"registry" default:"docker.io/kubeshark"` Tag string `yaml:"tag" json:"tag" default:""` - ImagePullPolicy string `yaml:"imagepullpolicy" json:"imagepullpolicy" default:"Always"` - ImagePullSecrets []string `yaml:"imagepullsecrets" json:"imagepullsecrets"` + ImagePullPolicy string `yaml:"imagePullPolicy" json:"imagePullPolicy" default:"Always"` + ImagePullSecrets []string `yaml:"imagePullSecrets" json:"imagePullSecrets"` } type ResourcesConfig struct { @@ -82,13 +82,13 @@ type ResourcesConfig struct { type AuthConfig struct { Enabled bool `yaml:"enabled" json:"enabled" default:"false"` - ApprovedEmails []string `yaml:"approvedemails" json:"approvedemails" default:"[]"` - ApprovedDomains []string `yaml:"approveddomains" json:"approveddomains" default:"[]"` + ApprovedEmails []string `yaml:"approvedEmails" json:"approvedEmails" default:"[]"` + ApprovedDomains []string `yaml:"approvedDomains" json:"approvedDomains" default:"[]"` } type IngressConfig struct { Enabled bool `yaml:"enabled" json:"enabled" default:"false"` - ClassName string `yaml:"classname" json:"classname" default:""` + ClassName string `yaml:"className" json:"className" default:""` Host string `yaml:"host" json:"host" default:"ks.svc.cluster.local"` TLS []networking.IngressTLS `yaml:"tls" json:"tls" default:"[]"` Annotations map[string]string `yaml:"annotations" json:"annotations" default:"{}"` @@ -110,23 +110,23 @@ type TapConfig struct { PodRegexStr string `yaml:"regex" json:"regex" default:".*"` Namespaces []string `yaml:"namespaces" json:"namespaces" default:"[]"` Release ReleaseConfig `yaml:"release" json:"release"` - PersistentStorage bool `yaml:"persistentstorage" json:"persistentstorage" default:"false"` - StorageLimit string `yaml:"storagelimit" json:"storagelimit" default:"500Mi"` - StorageClass string `yaml:"storageclass" json:"storageclass" default:"standard"` - DryRun bool `yaml:"dryrun" json:"dryrun" default:"false"` + PersistentStorage bool `yaml:"persistentStorage" json:"persistentStorage" default:"false"` + StorageLimit string `yaml:"storageLimit" json:"storageLimit" default:"500Mi"` + StorageClass string `yaml:"storageClass" json:"storageClass" default:"standard"` + DryRun bool `yaml:"dryRun" json:"dryRun" default:"false"` Pcap string `yaml:"pcap" json:"pcap" default:""` Resources ResourcesConfig `yaml:"resources" json:"resources"` - ServiceMesh bool `yaml:"servicemesh" json:"servicemesh" default:"true"` + ServiceMesh bool `yaml:"serviceMesh" json:"serviceMesh" default:"true"` Tls bool `yaml:"tls" json:"tls" default:"true"` - IgnoreTainted bool `yaml:"ignoretainted" json:"ignoretainted" default:"false"` + IgnoreTainted bool `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"` Labels map[string]string `yaml:"labels" json:"labels" default:"{}"` Annotations map[string]string `yaml:"annotations" json:"annotations" default:"{}"` - NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeselectorterms" json:"nodeselectorterms" default:"[]"` + NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"` Auth AuthConfig `yaml:"auth" json:"auth"` Ingress IngressConfig `yaml:"ingress" json:"ingress"` IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"` Debug bool `yaml:"debug" json:"debug" default:"false"` - NoKernelModule bool `yaml:"nokernelmodule" json:"nokernelmodule" default:"false"` + NoKernelModule bool `yaml:"noKernelModule" json:"noKernelModule" default:"false"` Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"` } diff --git a/helm-chart/README.md b/helm-chart/README.md index cd12edfce..9352678e1 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -62,12 +62,12 @@ Set this `value.yaml`: tap: auth: enabled: true - approvedemails: + approvedEmails: - john.doe@example.com - approveddomains: [] + approvedDomains: [] ingress: enabled: true - classname: "alb" + className: "alb" host: ks.example.com tls: [] annotations: @@ -91,7 +91,7 @@ Get your license from Kubeshark's [Admin Console](https://console.kubeshark.co/) For example, change from the default 500Mi to 1Gi: ```shell ---set tap.storagelimit=1Gi +--set tap.storageLimit=1Gi ``` ## Disabling IPV6 @@ -111,19 +111,19 @@ helm install kubeshark kubeshark/kubeshark \ | `tap.docker.tag` | Tag of the Docker images | `latest` | | `tap.docker.imagePullPolicy` | Kubernetes image pull policy | `Always` | | `tap.docker.imagePullSecrets` | Kubernetes secrets to pull the images | `[]` | -| `tap.proxy.worker.srvport` | Worker server port | `8897` | +| `tap.proxy.worker.srvPort` | Worker server port | `8897` | | `tap.proxy.hub.port` | Hub service port | `8898` | -| `tap.proxy.hub.srvport` | Hub server port | `8898` | +| `tap.proxy.hub.srvPort` | Hub server port | `8898` | | `tap.proxy.front.port` | Front-facing service port | `8899` | | `tap.proxy.host` | Proxy server's IP | `127.0.0.1` | | `tap.namespaces` | List of namespaces for the traffic capture | `[]` | | `tap.release.repo` | URL of the Helm chart repository | `https://helm.kubeshark.co` | | `tap.release.name` | Helm release name | `kubeshark` | | `tap.release.namespace` | Helm release namespace | `default` | -| `tap.persistentstorage` | Use `persistentVolumeClaim` instead of `emptyDir` | `false` | -| `tap.storagelimit` | Limit of either the `emptyDir` or `persistentVolumeClaim` | `500Mi` | -| `tap.storageclass` | Storage class of the `PersistentVolumeClaim` | `standard` | -| `tap.dryrun` | Preview of all pods matching the regex, without tapping them | `false` | +| `tap.persistentStorage` | Use `persistentVolumeClaim` instead of `emptyDir` | `false` | +| `tap.storageLimit` | Limit of either the `emptyDir` or `persistentVolumeClaim` | `500Mi` | +| `tap.storageClass` | Storage class of the `PersistentVolumeClaim` | `standard` | +| `tap.dryRun` | Preview of all pods matching the regex, without tapping them | `false` | | `tap.pcap` | | `""` | | `tap.resources.worker.limits.cpu` | CPU limit for worker | `750m` | | `tap.resources.worker.limits.memory` | Memory limit for worker | `1Gi` | @@ -133,30 +133,30 @@ helm install kubeshark kubeshark/kubeshark \ | `tap.resources.hub.limits.memory` | Memory limit for hub | `1Gi` | | `tap.resources.hub.requests.cpu` | CPU request for hub | `50m` | | `tap.resources.hub.requests.memory` | Memory request for hub | `50Mi` | -| `tap.servicemesh` | Capture traffic from service meshes like Istio, Linkerd, Consul, etc. | `true` | +| `tap.serviceMesh` | Capture traffic from service meshes like Istio, Linkerd, Consul, etc. | `true` | | `tap.tls` | Capture the encrypted/TLS traffic from cryptography libraries like OpenSSL | `true` | -| `tap.ignoretainted` | Whether to ignore tainted nodes | `false` | +| `tap.ignoreTainted` | Whether to ignore tainted nodes | `false` | | `tap.labels` | Kubernetes labels to apply to all Kubeshark resources | `{}` | | `tap.annotations` | Kubernetes annotations to apply to all Kubeshark resources | `{}` | -| `tap.nodeselectorterms` | Node selector terms | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` | +| `tap.nodeSelectorTerms` | Node selector terms | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` | | `tap.auth.enabled` | Enable authentication | `false` | -| `tap.auth.approvedemails` | List of approved email addresses for authentication | `[]` | -| `tap.auth.approveddomains` | List of approved email domains for authentication | `[]` | +| `tap.auth.approvedEmails` | List of approved email addresses for authentication | `[]` | +| `tap.auth.approvedDomains` | List of approved email domains for authentication | `[]` | | `tap.ingress.enabled` | Enable `Ingress` | `false` | -| `tap.ingress.classname` | Ingress class name | `""` | +| `tap.ingress.className` | Ingress class name | `""` | | `tap.ingress.host` | Host of the `Ingress` | `ks.svc.cluster.local` | | `tap.ingress.tls` | `Ingress` TLS configuration | `[]` | | `tap.ingress.annotations` | `Ingress` annotations | `{}` | | `tap.ipv6` | Enable IPv6 support for the front-end | `true` | | `tap.debug` | Enable debug mode | `false` | -| `tap.nokernelmodule` | Do not install `PF_RING` kernel module | `false` | +| `tap.noKernelModule` | Do not install `PF_RING` kernel module | `false` | | `tap.telemetry.enabled` | Enable anonymous usage statistics collection | `true` | | `logs.file` | Logs dump path | `""` | -| `kube.configpath` | Path to the `kubeconfig` file (`$HOME/.kube/config`) | `""` | +| `kube.configPath` | Path to the `kubeconfig` file (`$HOME/.kube/config`) | `""` | | `kube.context` | Kubernetes context to use for the deployment | `""` | -| `dumplogs` | Enable dumping of logs | `false` | +| `dumpLogs` | Enable dumping of logs | `false` | | `headless` | Enable running in headless mode | `false` | | `license` | License key for the Pro/Enterprise edition | `""` | | `scripting.env` | Environment variables for the scripting | `{}` | | `scripting.source` | Source directory of the scripts | `""` | -| `scripting.watchscripts` | Enable watch mode for the scripts in source directory | `true` | +| `scripting.watchScripts` | Enable watch mode for the scripts in source directory | `true` | diff --git a/helm-chart/templates/04-hub-deployment.yaml b/helm-chart/templates/04-hub-deployment.yaml index f71a66bc3..d8916922d 100644 --- a/helm-chart/templates/04-hub-deployment.yaml +++ b/helm-chart/templates/04-hub-deployment.yaml @@ -47,7 +47,7 @@ spec: - secretRef: name: kubeshark-secret image: '{{ .Values.tap.docker.registry }}/hub:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}' - imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }} + imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }} readinessProbe: periodSeconds: 1 failureThreshold: 3 diff --git a/helm-chart/templates/06-front-deployment.yaml b/helm-chart/templates/06-front-deployment.yaml index 369d488de..dcf59d0f5 100644 --- a/helm-chart/templates/06-front-deployment.yaml +++ b/helm-chart/templates/06-front-deployment.yaml @@ -31,7 +31,7 @@ spec: - name: REACT_APP_HUB_PORT value: '{{ .Values.tap.ingress.enabled | ternary "/api" (print ":" .Values.tap.proxy.front.port "/api") }}' image: '{{ .Values.tap.docker.registry }}/front:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}' - imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }} + imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }} name: kubeshark-front livenessProbe: periodSeconds: 1 diff --git a/helm-chart/templates/08-persistent-volume-claim.yaml b/helm-chart/templates/08-persistent-volume-claim.yaml index 8b90edca1..ef0935ebf 100644 --- a/helm-chart/templates/08-persistent-volume-claim.yaml +++ b/helm-chart/templates/08-persistent-volume-claim.yaml @@ -1,5 +1,5 @@ --- -{{- if .Values.tap.persistentstorage }} +{{- if .Values.tap.persistentStorage }} apiVersion: v1 kind: PersistentVolumeClaim metadata: @@ -16,7 +16,7 @@ spec: - ReadWriteMany resources: requests: - storage: {{ .Values.tap.storagelimit }} - storageClassName: {{ .Values.tap.storageclass }} + storage: {{ .Values.tap.storageLimit }} + storageClassName: {{ .Values.tap.storageClass }} status: {} {{- end }} diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml index 2a0c808db..1d168dce3 100644 --- a/helm-chart/templates/09-worker-daemon-set.yaml +++ b/helm-chart/templates/09-worker-daemon-set.yaml @@ -31,8 +31,8 @@ spec: - -i - any - -port - - '{{ .Values.tap.proxy.worker.srvport }}' - {{- if .Values.tap.servicemesh }} + - '{{ .Values.tap.proxy.worker.srvPort }}' + {{- if .Values.tap.serviceMesh }} - -servicemesh {{- end }} - -procfs @@ -40,11 +40,11 @@ spec: {{- if .Values.tap.debug }} - -debug {{- end }} - {{- if .Values.tap.nokernelmodule }} + {{- if .Values.tap.noKernelModule }} - -no-kernel-module {{- end }} image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}' - imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }} + imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }} name: sniffer env: - name: POD_NAME @@ -82,14 +82,14 @@ spec: successThreshold: 1 initialDelaySeconds: 5 tcpSocket: - port: {{ .Values.tap.proxy.worker.srvport }} + port: {{ .Values.tap.proxy.worker.srvPort }} livenessProbe: periodSeconds: 1 failureThreshold: 3 successThreshold: 1 initialDelaySeconds: 5 tcpSocket: - port: {{ .Values.tap.proxy.worker.srvport }} + port: {{ .Values.tap.proxy.worker.srvPort }} volumeMounts: - mountPath: /hostproc name: proc @@ -108,7 +108,7 @@ spec: - -debug {{- end }} image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}' - imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }} + imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }} name: tracer env: - name: POD_NAME @@ -150,16 +150,16 @@ spec: tolerations: - effect: NoExecute operator: Exists -{{- if not .Values.tap.ignoretainted }} +{{- if not .Values.tap.ignoreTainted }} - effect: NoSchedule operator: Exists {{- end }} -{{- if gt (len .Values.tap.nodeselectorterms) 0}} +{{- if gt (len .Values.tap.nodeSelectorTerms) 0}} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - {{- toYaml .Values.tap.nodeselectorterms | nindent 12 }} + {{- toYaml .Values.tap.nodeSelectorTerms | nindent 12 }} {{- end }} volumes: - hostPath: @@ -169,10 +169,10 @@ spec: path: /sys name: sys - name: data -{{- if .Values.tap.persistentstorage }} +{{- if .Values.tap.persistentStorage }} persistentVolumeClaim: claimName: kubeshark-persistent-volume-claim {{- else }} emptyDir: - sizeLimit: {{ .Values.tap.storagelimit }} + sizeLimit: {{ .Values.tap.storageLimit }} {{- end }} diff --git a/helm-chart/templates/10-ingress.yaml b/helm-chart/templates/10-ingress.yaml index 4ad91c053..14cf948db 100644 --- a/helm-chart/templates/10-ingress.yaml +++ b/helm-chart/templates/10-ingress.yaml @@ -16,8 +16,8 @@ metadata: name: kubeshark-ingress namespace: {{ .Release.Namespace }} spec: - {{- if .Values.tap.ingress.classname }} - ingressClassName: {{ .Values.tap.ingress.classname }} + {{- if .Values.tap.ingress.className }} + ingressClassName: {{ .Values.tap.ingress.className }} {{- end }} rules: - host: {{ .Values.tap.ingress.host }} diff --git a/helm-chart/templates/12-config-map.yaml b/helm-chart/templates/12-config-map.yaml index ae3187447..789f12d2a 100644 --- a/helm-chart/templates/12-config-map.yaml +++ b/helm-chart/templates/12-config-map.yaml @@ -12,6 +12,6 @@ data: SCRIPTING_ENV: '{{ .Values.scripting.env | toJson }}' SCRIPTING_SCRIPTS: '{}' AUTH_ENABLED: '{{ .Values.tap.auth.enabled | ternary "true" "" }}' - AUTH_APPROVED_EMAILS: '{{ gt (len .Values.tap.auth.approvedemails) 0 | ternary (join "," .Values.tap.auth.approvedemails) "" }}' - AUTH_APPROVED_DOMAINS: '{{ gt (len .Values.tap.auth.approveddomains) 0 | ternary (join "," .Values.tap.auth.approveddomains) "" }}' + AUTH_APPROVED_EMAILS: '{{ gt (len .Values.tap.auth.approvedEmails) 0 | ternary (join "," .Values.tap.auth.approvedEmails) "" }}' + AUTH_APPROVED_DOMAINS: '{{ gt (len .Values.tap.auth.approvedDomains) 0 | ternary (join "," .Values.tap.auth.approvedDomains) "" }}' TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}' diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index aae312e31..8f06d925b 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -2,14 +2,14 @@ tap: docker: registry: docker.io/kubeshark tag: "" - imagepullpolicy: Always - imagepullsecrets: [] + imagePullPolicy: Always + imagePullSecrets: [] proxy: worker: - srvport: 8897 + srvPort: 8897 hub: port: 8898 - srvport: 8898 + srvPort: 8898 front: port: 8899 host: 127.0.0.1 @@ -19,10 +19,10 @@ tap: repo: https://helm.kubeshark.co name: kubeshark namespace: default - persistentstorage: false - storagelimit: 500Mi - storageclass: standard - dryrun: false + persistentStorage: false + storageLimit: 500Mi + storageClass: standard + dryRun: false pcap: "" resources: worker: @@ -39,12 +39,12 @@ tap: requests: cpu: 50m memory: 50Mi - servicemesh: true + serviceMesh: true tls: true - ignoretainted: false + ignoreTainted: false labels: {} annotations: {} - nodeselectorterms: + nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/os operator: In @@ -52,28 +52,28 @@ tap: - linux auth: enabled: false - approvedemails: [] - approveddomains: [] + approvedEmails: [] + approvedDomains: [] ingress: enabled: false - classname: "" + className: "" host: ks.svc.cluster.local tls: [] annotations: {} ipv6: true debug: false - nokernelmodule: false + noKernelModule: false telemetry: enabled: true logs: file: "" kube: - configpath: "" + configPath: "" context: "" -dumplogs: false +dumpLogs: false headless: false license: "" scripting: env: {} source: "" - watchscripts: true + watchScripts: true diff --git a/manifests/complete.yaml b/manifests/complete.yaml index da507644f..91842ea42 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -288,7 +288,7 @@ spec: - any - -port - '8897' - - -servicemesh + - -serviceMesh - -procfs - /hostproc image: 'docker.io/kubeshark/worker:v51.0.14'