github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-06-24 15:24:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove init container; remove -disable-ebpf option (#1706)

Browse Source 
* Remove init container; remove -disable-ebpf option

* Remove init container; remove -disable-ebpf option
This commit is contained in:
Ilya Gavrilov 2025-02-03 17:58:32 +01:00 committed by GitHub
parent e9796bfb24
commit 46ca7e3ad7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
helm-chart/templates/09-worker-daemon-set.yaml
View File

@ -25,39 +25,26 @@ spec:
name: kubeshark-worker-daemon-set name: kubeshark-worker-daemon-set
namespace: kubeshark namespace: kubeshark
spec: spec:
{{- if .Values.tap.mountBpf }}
initContainers: initContainers:
- command: - command:
- /bin/sh - /bin/sh
- -c - -c
- mkdir -p /sys/fs/bpf && mount | grep -q '/sys/fs/bpf' || mount -t bpf bpf /sys/fs/bpf - mkdir -p /sys/fs/bpf && mount | grep -q '/sys/fs/bpf' || mount -t bpf bpf /sys/fs/bpf
{{- if .Values.tap.docker.overrideTag.worker }} {{- if .Values.tap.docker.overrideTag.worker }}
image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}{{ include "kubeshark.dockerTagDebugVersion" . }}' image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}{{ include "kubeshark.dockerTagDebugVersion" . }}'
{{ else }} {{ else }}
image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}{{ include "kubeshark.dockerTagDebugVersion" . }}' image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}{{ include "kubeshark.dockerTagDebugVersion" . }}'
{{- end }} {{- end }}
imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }} imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
name: check-bpf name: mount-bpf
securityContext: securityContext:
privileged: true privileged: true
volumeMounts: volumeMounts:
- mountPath: /sys - mountPath: /sys
name: sys name: sys
mountPropagation: Bidirectional mountPropagation: Bidirectional
- command: {{- end }}
- ./tracer
- -init-bpf
{{- if .Values.tap.docker.overrideTag.worker }}
image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}{{ include "kubeshark.dockerTagDebugVersion" . }}'
{{ else }}
image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}{{ include "kubeshark.dockerTagDebugVersion" . }}'
{{- end }}
imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
name: init-bpf
securityContext:
privileged: true
volumeMounts:
- mountPath: /sys
name: sys
containers: containers:
- command: - command:
- ./worker - ./worker
@ -71,9 +58,7 @@ spec:
- '{{ .Values.tap.packetCapture }}' - '{{ .Values.tap.packetCapture }}'
- -loglevel - -loglevel
- '{{ .Values.logLevel | default "warning" }}' - '{{ .Values.logLevel | default "warning" }}'
{{- if .Values.tap.tls }} {{- if not .Values.tap.tls }}
- -unixsocket
{{- else }}
- -disable-tracer - -disable-tracer
{{- end }} {{- end }}
{{- if .Values.tap.serviceMesh }} {{- if .Values.tap.serviceMesh }}
@ -81,9 +66,6 @@ spec:
{{- end }} {{- end }}
- -procfs - -procfs
- /hostproc - /hostproc
{{- if eq .Values.tap.packetCapture "af_packet" }}
- -disable-ebpf
{{- end }}
{{- if .Values.tap.resourceGuard.enabled }} {{- if .Values.tap.resourceGuard.enabled }}
- -enable-resource-guard - -enable-resource-guard
{{- end }} {{- end }}
@ -185,6 +167,7 @@ spec:
- mountPath: /sys - mountPath: /sys
name: sys name: sys
readOnly: true readOnly: true
mountPropagation: HostToContainer
- mountPath: /app/data - mountPath: /app/data
name: data name: data
{{- if .Values.tap.tls }} {{- if .Values.tap.tls }}
@ -192,9 +175,6 @@ spec:
- ./tracer - ./tracer
- -procfs - -procfs
- /hostproc - /hostproc
{{- if eq .Values.tap.packetCapture "af_packet" }}
- -disable-ebpf
{{- end }}
{{- if .Values.tap.disableTlsLog }} {{- if .Values.tap.disableTlsLog }}
- -disable-tls-log - -disable-tls-log
{{- end }} {{- end }}
@ -202,8 +182,8 @@ spec:
- -port - -port
- '{{ add .Values.tap.proxy.worker.srvPort 1 }}' - '{{ add .Values.tap.proxy.worker.srvPort 1 }}'
{{- end }} {{- end }}
# - -loglevel - -loglevel
# - '{{ .Values.logLevel | default "warning" }}' - '{{ .Values.logLevel | default "warning" }}'
{{- if .Values.tap.docker.overrideTag.worker }} {{- if .Values.tap.docker.overrideTag.worker }}
image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}{{ include "kubeshark.dockerTagDebugVersion" . }}' image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}{{ include "kubeshark.dockerTagDebugVersion" . }}'
{{ else }} {{ else }}
@ -259,6 +239,7 @@ spec:
- mountPath: /sys - mountPath: /sys
name: sys name: sys
readOnly: true readOnly: true
mountPropagation: HostToContainer
- mountPath: /app/data - mountPath: /app/data
name: data name: data
- mountPath: /etc/os-release - mountPath: /etc/os-release

1
helm-chart/values.yaml
View File

@ -76,6 +76,7 @@ tap:
failureThreshold: 3 failureThreshold: 3
serviceMesh: true serviceMesh: true
tls: true tls: true
mountBpf: true
disableTlsLog: true disableTlsLog: true
packetCapture: best packetCapture: best
ignoreTainted: false ignoreTainted: false