From 46ca7e3ad7c8712e5ee9e5e9be4ed4eef23ee336 Mon Sep 17 00:00:00 2001 From: Ilya Gavrilov Date: Mon, 3 Feb 2025 17:58:32 +0100 Subject: [PATCH] Remove init container; remove -disable-ebpf option (#1706) * Remove init container; remove -disable-ebpf option * Remove init container; remove -disable-ebpf option --- .../templates/09-worker-daemon-set.yaml | 37 +++++-------------- helm-chart/values.yaml | 1 + 2 files changed, 10 insertions(+), 28 deletions(-) diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml index c8be6e702..6fa4098a9 100644 --- a/helm-chart/templates/09-worker-daemon-set.yaml +++ b/helm-chart/templates/09-worker-daemon-set.yaml @@ -25,39 +25,26 @@ spec: name: kubeshark-worker-daemon-set namespace: kubeshark spec: + {{- if .Values.tap.mountBpf }} initContainers: - command: - /bin/sh - -c - mkdir -p /sys/fs/bpf && mount | grep -q '/sys/fs/bpf' || mount -t bpf bpf /sys/fs/bpf - {{- if .Values.tap.docker.overrideTag.worker }} + {{- if .Values.tap.docker.overrideTag.worker }} image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}{{ include "kubeshark.dockerTagDebugVersion" . }}' {{ else }} image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}{{ include "kubeshark.dockerTagDebugVersion" . }}' {{- end }} imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }} - name: check-bpf + name: mount-bpf securityContext: privileged: true volumeMounts: - mountPath: /sys name: sys mountPropagation: Bidirectional - - command: - - ./tracer - - -init-bpf - {{- if .Values.tap.docker.overrideTag.worker }} - image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}{{ include "kubeshark.dockerTagDebugVersion" . }}' - {{ else }} - image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}{{ include "kubeshark.dockerTagDebugVersion" . }}' - {{- end }} - imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }} - name: init-bpf - securityContext: - privileged: true - volumeMounts: - - mountPath: /sys - name: sys + {{- end }} containers: - command: - ./worker @@ -71,9 +58,7 @@ spec: - '{{ .Values.tap.packetCapture }}' - -loglevel - '{{ .Values.logLevel | default "warning" }}' - {{- if .Values.tap.tls }} - - -unixsocket - {{- else }} + {{- if not .Values.tap.tls }} - -disable-tracer {{- end }} {{- if .Values.tap.serviceMesh }} @@ -81,9 +66,6 @@ spec: {{- end }} - -procfs - /hostproc - {{- if eq .Values.tap.packetCapture "af_packet" }} - - -disable-ebpf - {{- end }} {{- if .Values.tap.resourceGuard.enabled }} - -enable-resource-guard {{- end }} @@ -185,6 +167,7 @@ spec: - mountPath: /sys name: sys readOnly: true + mountPropagation: HostToContainer - mountPath: /app/data name: data {{- if .Values.tap.tls }} @@ -192,9 +175,6 @@ spec: - ./tracer - -procfs - /hostproc - {{- if eq .Values.tap.packetCapture "af_packet" }} - - -disable-ebpf - {{- end }} {{- if .Values.tap.disableTlsLog }} - -disable-tls-log {{- end }} @@ -202,8 +182,8 @@ spec: - -port - '{{ add .Values.tap.proxy.worker.srvPort 1 }}' {{- end }} - # - -loglevel - # - '{{ .Values.logLevel | default "warning" }}' + - -loglevel + - '{{ .Values.logLevel | default "warning" }}' {{- if .Values.tap.docker.overrideTag.worker }} image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}{{ include "kubeshark.dockerTagDebugVersion" . }}' {{ else }} @@ -259,6 +239,7 @@ spec: - mountPath: /sys name: sys readOnly: true + mountPropagation: HostToContainer - mountPath: /app/data name: data - mountPath: /etc/os-release diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 1a0d07c64..73aa18a5c 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -76,6 +76,7 @@ tap: failureThreshold: 3 serviceMesh: true tls: true + mountBpf: true disableTlsLog: true packetCapture: best ignoreTainted: false