diff --git a/Makefile b/Makefile index 832523ba4..531e2fe51 100644 --- a/Makefile +++ b/Makefile @@ -75,44 +75,75 @@ generate-helm-values: ## Generate the Helm values from config.yaml generate-manifests: ## Generate the manifests from the Helm chart using default configuration helm template kubeshark -n default ./helm-chart > ./manifests/complete.yaml -logs-worker: +logs-sniffer: export LOGS_POD_PREFIX=kubeshark-worker- - export LOGS_FOLLOW= + export LOGS_SUFFIX="-c sniffer" ${MAKE} logs -logs-worker-follow: +logs-sniffer-follow: export LOGS_POD_PREFIX=kubeshark-worker- - export LOGS_FOLLOW=--follow + export LOGS_SUFFIX="-c sniffer --follow" + ${MAKE} logs + +logs-server: + export LOGS_POD_PREFIX=kubeshark-worker- + export LOGS_SUFFIX="-c server" + ${MAKE} logs + +logs-server-follow: + export LOGS_POD_PREFIX=kubeshark-worker- + export LOGS_SUFFIX="-c server --follow" + ${MAKE} logs + +logs-tracer: + export LOGS_POD_PREFIX=kubeshark-worker- + export LOGS_SUFFIX="-c tracer" + ${MAKE} logs + +logs-tracer-follow: + export LOGS_POD_PREFIX=kubeshark-worker- + export LOGS_SUFFIX="-c tracer --follow" ${MAKE} logs logs-hub: export LOGS_POD_PREFIX=kubeshark-hub - export LOGS_FOLLOW= + export LOGS_SUFFIX= ${MAKE} logs logs-hub-follow: export LOGS_POD_PREFIX=kubeshark-hub - export LOGS_FOLLOW=--follow + export LOGS_SUFFIX=--follow ${MAKE} logs logs-front: export LOGS_POD_PREFIX=kubeshark-front - export LOGS_FOLLOW= + export LOGS_SUFFIX= ${MAKE} logs logs-front-follow: export LOGS_POD_PREFIX=kubeshark-front - export LOGS_FOLLOW=--follow + export LOGS_SUFFIX=--follow ${MAKE} logs logs: - kubectl logs $$(kubectl get pods | awk '$$1 ~ /^$(LOGS_POD_PREFIX)/' | awk 'END {print $$1}') $(LOGS_FOLLOW) + kubectl logs $$(kubectl get pods | awk '$$1 ~ /^$(LOGS_POD_PREFIX)/' | awk 'END {print $$1}') $(LOGS_SUFFIX) ssh-node: kubectl ssh node $$(kubectl get nodes | awk 'END {print $$1}') -exec-worker: +exec-sniffer: export EXEC_POD_PREFIX=kubeshark-worker- + export EXEC_SUFFIX="-c sniffer" + ${MAKE} exec + +exec-server: + export EXEC_POD_PREFIX=kubeshark-worker- + export EXEC_SUFFIX="-c server" + ${MAKE} exec + +exec-tracer: + export EXEC_POD_PREFIX=kubeshark-worker- + export EXEC_SUFFIX="-c tracer" ${MAKE} exec exec-hub: @@ -124,7 +155,7 @@ exec-front: ${MAKE} exec exec: - kubectl exec --stdin --tty $$(kubectl get pods | awk '$$1 ~ /^$(EXEC_POD_PREFIX)/' | awk 'END {print $$1}') -- /bin/sh + kubectl exec --stdin --tty $$(kubectl get pods | awk '$$1 ~ /^$(EXEC_POD_PREFIX)/' | awk 'END {print $$1}') $(EXEC_SUFFIX) -- /bin/sh helm-install: cd helm-chart && helm install kubeshark . && cd .. @@ -151,4 +182,4 @@ proxy: kubeshark proxy port-forward-worker: - kubectl port-forward $$(kubectl get pods | awk '$$1 ~ /^$(LOGS_POD_PREFIX)/' | awk 'END {print $$1}') $(LOGS_FOLLOW) 8897:8897 + kubectl port-forward $$(kubectl get pods | awk '$$1 ~ /^$(LOGS_POD_PREFIX)/' | awk 'END {print $$1}') $(LOGS_SUFFIX) 8897:8897 diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml index dc1cd2fea..36a29d496 100644 --- a/helm-chart/templates/09-worker-daemon-set.yaml +++ b/helm-chart/templates/09-worker-daemon-set.yaml @@ -30,8 +30,6 @@ spec: - ./worker - -i - any - - -port - - '{{ .Values.tap.proxy.worker.srvport }}' - -servicemesh - -procfs - /hostproc @@ -78,6 +76,56 @@ spec: - SYS_MODULE drop: - ALL + volumeMounts: + - mountPath: /hostproc + name: proc + readOnly: true + - mountPath: /sys + name: sys + readOnly: true + - mountPath: /app/data + name: data + - command: + - ./worker + - -server-mode + - -port + - '{{ .Values.tap.proxy.worker.srvport }}' + {{ .Values.tap.debug | ternary "- -debug" "" }} + image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.tag }}' + imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }} + name: server + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - secretRef: + name: kubeshark-secret + {{- if .Values.tap.debug }} + env: + - name: PROFILING_ENABLED + value: "true" + - name: PROFILING_DUMP_PATH + value: "pprof" + - name: PROFILING_INTERVAL_SECONDS + value: "60" + {{- end }} + resources: + limits: + cpu: {{ .Values.tap.resources.worker.limits.cpu }} + memory: {{ .Values.tap.resources.worker.limits.memory }} + requests: + cpu: {{ .Values.tap.resources.worker.requests.cpu }} + memory: {{ .Values.tap.resources.worker.requests.memory }} + securityContext: + capabilities: + drop: + - ALL readinessProbe: periodSeconds: 1 failureThreshold: 3 @@ -99,10 +147,8 @@ spec: - mountPath: /sys name: sys readOnly: true - {{- if .Values.tap.persistentstorage }} - mountPath: /app/data - name: kubeshark-persistent-volume - {{- end }} + name: data {{- if .Values.tap.tls }} - command: - ./tracer @@ -147,10 +193,8 @@ spec: - mountPath: /sys name: sys readOnly: true - {{- if .Values.tap.persistentstorage }} - mountPath: /app/data - name: kubeshark-persistent-volume - {{- end }} + name: data {{- end }} dnsPolicy: ClusterFirstWithHostNet hostNetwork: true @@ -177,8 +221,8 @@ spec: - hostPath: path: /sys name: sys + - name: data {{- if .Values.tap.persistentstorage }} - - name: kubeshark-persistent-volume persistentVolumeClaim: claimName: kubeshark-persistent-volume-claim {{- end }}