diff --git a/Makefile b/Makefile index c24b4ae0f..7094f7c43 100644 --- a/Makefile +++ b/Makefile @@ -177,7 +177,7 @@ port-forward: kubectl port-forward $$(kubectl get pods | awk '$$1 ~ /^$(POD_PREFIX)/' | awk 'END {print $$1}') $(SRC_PORT):$(DST_PORT) release: - @cd ../worker && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags + @cd ../worker && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) ## && git push origin --tags @cd ../tracer && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags @cd ../hub && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags @cd ../front && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index a5921e338..cf612b918 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: kubeshark -version: "52.3.83" +version: "52.3.84" description: The API Traffic Analyzer for Kubernetes home: https://kubeshark.co keywords: diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 2f7ef753c..a89e47e5f 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -1,3 +1,4 @@ +# find a detailed description here: https://github.com/kubeshark/kubeshark/blob/master/helm-chart/README.md tap: docker: registry: docker.io/kubeshark @@ -35,28 +36,28 @@ tap: resources: hub: limits: - cpu: 1000m - memory: 1500Mi + cpu: "" + memory: 5Gi requests: - cpu: 50m + cpu: "" memory: 50Mi sniffer: limits: - cpu: 1000m - memory: 1500Mi + cpu: "" + memory: 5Gi requests: - cpu: 50m + cpu: "" memory: 50Mi tracer: limits: - cpu: 1000m - memory: 1500Mi + cpu: "" + memory: 5Gi requests: - cpu: 50m + cpu: "" memory: 50Mi serviceMesh: true tls: true - disableTlsLog: false + disableTlsLog: true packetCapture: best ignoreTainted: false labels: {} @@ -105,7 +106,7 @@ tap: defaultFilter: "!dns and !tcp and !udp and !icmp" scriptingDisabled: false targetedPodsUpdateDisabled: false - presetFiltersChangingEnabled: false + presetFiltersChangingEnabled: true recordingDisabled: false stopTrafficCapturingDisabled: false capabilities: @@ -123,7 +124,7 @@ tap: - SYS_PTRACE - SYS_RESOURCE - IPC_LOCK - globalFilter: "" + globalFilter: timestamp>now() enabledDissectors: - amqp - dns diff --git a/manifests/complete.yaml b/manifests/complete.yaml index 6f2fb6040..1cbed2be0 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -4,10 +4,10 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-hub-network-policy @@ -31,10 +31,10 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front-network-policy @@ -58,10 +58,10 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-worker-network-policy @@ -87,10 +87,10 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-service-account @@ -104,10 +104,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm stringData: LICENSE: '' @@ -121,10 +121,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm stringData: AUTH_SAML_X509_CRT: | @@ -137,10 +137,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm stringData: AUTH_SAML_X509_KEY: | @@ -152,10 +152,10 @@ metadata: name: kubeshark-nginx-config-map namespace: default labels: - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm data: default.conf: | @@ -216,10 +216,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm data: POD_REGEX: '.*' @@ -228,6 +228,7 @@ data: BPF_OVERRIDE: '' STOPPED: 'true' SCRIPTING_SCRIPTS: '{}' + SCRIPTING_ACTIVE_SCRIPTS: '' INGRESS_ENABLED: 'false' INGRESS_HOST: 'ks.svc.cluster.local' PROXY_FRONT_PORT: '8899' @@ -239,10 +240,10 @@ data: TELEMETRY_DISABLED: 'false' SCRIPTING_DISABLED: '' TARGETED_PODS_UPDATE_DISABLED: '' - PRESET_FILTERS_CHANGING_ENABLED: '' + PRESET_FILTERS_CHANGING_ENABLED: 'true' RECORDING_DISABLED: '' STOP_TRAFFIC_CAPTURING_DISABLED: 'false' - GLOBAL_FILTER: "" + GLOBAL_FILTER: "timestamp>now()" DEFAULT_FILTER: "!dns and !tcp and !udp and !icmp" TRAFFIC_SAMPLE_RATE: '100' JSON_TTL: '5m' @@ -265,10 +266,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-cluster-role-default @@ -302,10 +303,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-cluster-role-binding-default @@ -324,10 +325,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role @@ -354,10 +355,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role-binding @@ -377,10 +378,10 @@ kind: Service metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-hub @@ -399,10 +400,10 @@ apiVersion: v1 kind: Service metadata: labels: - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front @@ -421,10 +422,10 @@ kind: Service apiVersion: v1 metadata: labels: - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: prometheus.io/scrape: 'true' @@ -434,10 +435,10 @@ metadata: spec: selector: app.kubeshark.co/app: worker - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm ports: - name: metrics @@ -452,10 +453,10 @@ metadata: labels: app.kubeshark.co/app: worker sidecar.istio.io/inject: "false" - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-worker-daemon-set @@ -470,10 +471,10 @@ spec: metadata: labels: app.kubeshark.co/app: worker - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm name: kubeshark-worker-daemon-set namespace: kubeshark @@ -498,7 +499,7 @@ spec: - 'auto' - -staletimeout - '30' - image: 'docker.io/kubeshark/worker:v52.3.83' + image: 'docker.io/kubeshark/worker:v52.3.84' imagePullPolicy: Always name: sniffer ports: @@ -528,10 +529,10 @@ spec: value: 'production' resources: limits: - cpu: 1000m - memory: 1500Mi + cpu: + memory: 5Gi requests: - cpu: 50m + cpu: memory: 50Mi securityContext: capabilities: @@ -571,7 +572,8 @@ spec: - -procfs - /hostproc - -disable-ebpf - image: 'docker.io/kubeshark/worker:v52.3.83' + - -disable-tls-log + image: 'docker.io/kubeshark/worker:v52.3.84' imagePullPolicy: Always name: tracer env: @@ -591,10 +593,10 @@ spec: value: 'production' resources: limits: - cpu: 1000m - memory: 1500Mi + cpu: + memory: 5Gi requests: - cpu: 50m + cpu: memory: 50Mi securityContext: capabilities: @@ -667,10 +669,10 @@ kind: Deployment metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-hub @@ -686,10 +688,10 @@ spec: metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm spec: dnsPolicy: ClusterFirstWithHostNet @@ -717,7 +719,7 @@ spec: value: 'https://api.kubeshark.co' - name: PROFILING_ENABLED value: 'false' - image: 'docker.io/kubeshark/hub:v52.3.83' + image: 'docker.io/kubeshark/hub:v52.3.84' imagePullPolicy: Always readinessProbe: periodSeconds: 1 @@ -735,10 +737,10 @@ spec: port: 8080 resources: limits: - cpu: 1000m - memory: 1500Mi + cpu: + memory: 5Gi requests: - cpu: 50m + cpu: memory: 50Mi volumeMounts: - name: saml-x509-volume @@ -765,10 +767,10 @@ kind: Deployment metadata: labels: app.kubeshark.co/app: front - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front @@ -784,10 +786,10 @@ spec: metadata: labels: app.kubeshark.co/app: front - helm.sh/chart: kubeshark-52.3.83 + helm.sh/chart: kubeshark-52.3.84 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.83" + app.kubernetes.io/version: "52.3.84" app.kubernetes.io/managed-by: Helm spec: containers: @@ -805,7 +807,7 @@ spec: - name: REACT_APP_TARGETED_PODS_UPDATE_DISABLED value: 'false' - name: REACT_APP_PRESET_FILTERS_CHANGING_ENABLED - value: 'false' + value: 'true' - name: REACT_APP_BPF_OVERRIDE_DISABLED value: 'false' - name: REACT_APP_RECORDING_DISABLED @@ -822,7 +824,7 @@ spec: value: 'false' - name: REACT_APP_SENTRY_ENVIRONMENT value: 'production' - image: 'docker.io/kubeshark/front:v52.3.83' + image: 'docker.io/kubeshark/front:v52.3.84' imagePullPolicy: Always name: kubeshark-front livenessProbe: @@ -852,6 +854,17 @@ spec: mountPath: /etc/nginx/conf.d/default.conf subPath: default.conf readOnly: true + initContainers: + - name: wait-for-kubeshark-hub + image: busybox + command: + - sh + - -c + - | + until nc -z kubeshark-hub 80; do + echo "Waiting for kubeshark-hub to be ready..." + sleep 5 + done volumes: - name: nginx-config configMap: