diff --git a/config/configStruct.go b/config/configStruct.go
index 4deba5fc4..9f77a2e06 100644
--- a/config/configStruct.go
+++ b/config/configStruct.go
@@ -135,6 +135,9 @@ func CreateDefaultConfig() ConfigStruct {
LDAP: []uint16{389},
DIAMETER: []uint16{3868},
},
+ Dashboard: configStructs.DashboardConfig{
+ CompleteStreamingEnabled: true,
+ },
},
}
}
diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go
index 1be086b04..99bf42159 100644
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -138,6 +138,7 @@ type NodeSelectorTermsConfig struct {
Hub []v1.NodeSelectorTerm `yaml:"hub" json:"hub" default:"[]"`
Workers []v1.NodeSelectorTerm `yaml:"workers" json:"workers" default:"[]"`
Front []v1.NodeSelectorTerm `yaml:"front" json:"front" default:"[]"`
+ Dex []v1.NodeSelectorTerm `yaml:"dex" json:"dex" default:"[]"`
}
type TolerationsConfig struct {
@@ -195,6 +196,10 @@ type RoutingConfig struct {
Front FrontRoutingConfig `yaml:"front" json:"front"`
}
+type DashboardConfig struct {
+ CompleteStreamingEnabled bool `yaml:"completeStreamingEnabled" json:"completeStreamingEnabled" default:"true"`
+}
+
type FrontRoutingConfig struct {
BasePath string `yaml:"basePath" json:"basePath" default:""`
}
@@ -320,6 +325,7 @@ type TapConfig struct {
Routing RoutingConfig `yaml:"routing" json:"routing"`
IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"`
Debug bool `yaml:"debug" json:"debug" default:"false"`
+ Dashboard DashboardConfig `yaml:"dashboard" json:"dashboard"`
Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"`
ResourceGuard ResourceGuardConfig `yaml:"resourceGuard" json:"resourceGuard"`
Watchdog WatchdogConfig `yaml:"watchdog" json:"watchdog"`
diff --git a/helm-chart/README.md b/helm-chart/README.md
index cc99987fe..7a2ab2854 100644
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@@ -351,8 +351,20 @@ tap:
clientSecret: create your own client password
refreshTokenLifetime: "3960h" # 165 days
oauth2StateParamExpiry: "10m"
+ bypassSslCaCheck: false
```
+---
+
+**Note:**
+Set `tap.auth.dexOidc.bypassSslCaCheck: true`
+to allow Kubeshark communication with Dex IdP having an unknown SSL Certificate Authority.
+
+This setting allows you to prevent such SSL CA-related errors:
+`tls: failed to verify certificate: x509: certificate signed by unknown authority`
+
+---
+
Once you run `helm install kubeshark kubeshark/kubeshark -f ./values.yaml`, Kubeshark will be installed with (Dex) OIDC authentication enabled.
---
@@ -443,6 +455,7 @@ tap:
refreshTokenLifetime: "3960h" # 165 days
oauth2StateParamExpiry: "10m"
+ bypassSslCaCheck: false
dexConfig:
# This field is REQUIRED!
#
diff --git a/helm-chart/templates/02-cluster-role.yaml b/helm-chart/templates/02-cluster-role.yaml
index 7191853c9..5c9f56d83 100644
--- a/helm-chart/templates/02-cluster-role.yaml
+++ b/helm-chart/templates/02-cluster-role.yaml
@@ -72,3 +72,9 @@ rules:
- list
- update
- patch
+ - apiGroups:
+ - ""
+ resources:
+ - pods/log
+ verbs:
+ - get
\ No newline at end of file
diff --git a/helm-chart/templates/06-front-deployment.yaml b/helm-chart/templates/06-front-deployment.yaml
index 1644bf450..6fd699df5 100644
--- a/helm-chart/templates/06-front-deployment.yaml
+++ b/helm-chart/templates/06-front-deployment.yaml
@@ -36,6 +36,12 @@ spec:
{{- else -}}
{{ .Values.tap.auth.type }}
{{- end }}'
+ - name: REACT_APP_COMPLETE_STREAMING_ENABLED
+ value: '{{- if and (hasKey .Values.tap "dashboard") (hasKey .Values.tap.dashboard "completeStreamingEnabled") -}}
+ {{ eq .Values.tap.dashboard.completeStreamingEnabled true | ternary "true" "false" }}
+ {{- else -}}
+ true
+ {{- end }}'
- name: REACT_APP_AUTH_SAML_IDP_METADATA_URL
value: '{{ not (eq .Values.tap.auth.saml.idpMetadataUrl "") | ternary .Values.tap.auth.saml.idpMetadataUrl " " }}'
- name: REACT_APP_TIMEZONE
diff --git a/helm-chart/templates/12-config-map.yaml b/helm-chart/templates/12-config-map.yaml
index 3cf3d7144..a7e554e6c 100644
--- a/helm-chart/templates/12-config-map.yaml
+++ b/helm-chart/templates/12-config-map.yaml
@@ -33,6 +33,15 @@ data:
AUTH_OIDC_ISSUER: '{{ default "not set" (((.Values.tap).auth).dexOidc).issuer }}'
AUTH_OIDC_REFRESH_TOKEN_LIFETIME: '{{ default "3960h" (((.Values.tap).auth).dexOidc).refreshTokenLifetime }}'
AUTH_OIDC_STATE_PARAM_EXPIRY: '{{ default "10m" (((.Values.tap).auth).dexOidc).oauth2StateParamExpiry }}'
+ AUTH_OIDC_BYPASS_SSL_CA_CHECK: '{{- if and
+ (hasKey .Values.tap "auth")
+ (hasKey .Values.tap.auth "dexOidc")
+ (hasKey .Values.tap.auth.dexOidc "bypassSslCaCheck")
+ -}}
+ {{ eq .Values.tap.auth.dexOidc.bypassSslCaCheck true | ternary "true" "false" }}
+ {{- else -}}
+ false
+ {{- end }}'
TELEMETRY_DISABLED: '{{ not .Values.internetConnectivity | ternary "true" (not .Values.tap.telemetry.enabled | ternary "true" "false") }}'
SCRIPTING_DISABLED: '{{- if .Values.tap.liveConfigMapChangesDisabled -}}
{{- if .Values.demoModeEnabled -}}
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 657b71b35..75c321a90 100644
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -99,6 +99,12 @@ tap:
operator: In
values:
- linux
+ dex:
+ - matchExpressions:
+ - key: kubernetes.io/os
+ operator: In
+ values:
+ - linux
tolerations:
hub: []
workers:
@@ -136,6 +142,8 @@ tap:
basePath: ""
ipv6: true
debug: false
+ dashboard:
+ completeStreamingEnabled: true
telemetry:
enabled: true
resourceGuard: