Merge branch 'master' into disable-intercom

config/configStruct.go

@@ -135,6 +135,9 @@ func CreateDefaultConfig() ConfigStruct {
 				LDAP:     []uint16{389},
 				DIAMETER: []uint16{3868},
 			},
+			Dashboard: configStructs.DashboardConfig{
+				CompleteStreamingEnabled: true,
+			},
 		},
 	}
 }

config/configStructs/tapConfig.go

@@ -138,6 +138,7 @@ type NodeSelectorTermsConfig struct {
 	Hub     []v1.NodeSelectorTerm `yaml:"hub" json:"hub" default:"[]"`
 	Workers []v1.NodeSelectorTerm `yaml:"workers" json:"workers" default:"[]"`
 	Front   []v1.NodeSelectorTerm `yaml:"front" json:"front" default:"[]"`
+	Dex     []v1.NodeSelectorTerm `yaml:"dex" json:"dex" default:"[]"`
 }
 
 type TolerationsConfig struct {
@@ -195,6 +196,10 @@ type RoutingConfig struct {
 	Front FrontRoutingConfig `yaml:"front" json:"front"`
 }
 
+type DashboardConfig struct {
+	CompleteStreamingEnabled bool `yaml:"completeStreamingEnabled" json:"completeStreamingEnabled" default:"true"`
+}
+
 type FrontRoutingConfig struct {
 	BasePath string `yaml:"basePath" json:"basePath" default:""`
 }
@@ -320,6 +325,7 @@ type TapConfig struct {
 	Routing                      RoutingConfig           `yaml:"routing" json:"routing"`
 	IPv6                         bool                    `yaml:"ipv6" json:"ipv6" default:"true"`
 	Debug                        bool                    `yaml:"debug" json:"debug" default:"false"`
+	Dashboard                    DashboardConfig         `yaml:"dashboard" json:"dashboard"`
 	Telemetry                    TelemetryConfig         `yaml:"telemetry" json:"telemetry"`
 	ResourceGuard                ResourceGuardConfig     `yaml:"resourceGuard" json:"resourceGuard"`
 	Watchdog                     WatchdogConfig          `yaml:"watchdog" json:"watchdog"`

helm-chart/README.md

@@ -351,8 +351,20 @@ tap:
       clientSecret: create your own client password
       refreshTokenLifetime: "3960h" # 165 days
       oauth2StateParamExpiry: "10m"
+      bypassSslCaCheck: false
 ```
 
+---
+
+**Note:**<br/>
+Set `tap.auth.dexOidc.bypassSslCaCheck: true`
+to allow Kubeshark communication with Dex IdP having an unknown SSL Certificate Authority.
+
+This setting allows you to prevent such SSL CA-related errors:<br/>
+`tls: failed to verify certificate: x509: certificate signed by unknown authority`
+
+---
+
 Once you run `helm install kubeshark kubeshark/kubeshark -f ./values.yaml`, Kubeshark will be installed with (Dex) OIDC authentication enabled.
 
 ---
@@ -443,6 +455,7 @@ tap:
       
       refreshTokenLifetime: "3960h" # 165 days
       oauth2StateParamExpiry: "10m"
+      bypassSslCaCheck: false
     dexConfig:
       # This field is REQUIRED!
       # 

helm-chart/templates/02-cluster-role.yaml

@@ -72,3 +72,9 @@ rules:
       - list
       - update
       - patch
+  - apiGroups:
+    - ""
+    resources:
+    - pods/log
+    verbs:
+    - get

helm-chart/templates/06-front-deployment.yaml

@@ -36,6 +36,12 @@ spec:
                       {{- else -}}
                         {{ .Values.tap.auth.type }}
                       {{- end }}'
+            - name: REACT_APP_COMPLETE_STREAMING_ENABLED
+              value: '{{- if and (hasKey .Values.tap "dashboard") (hasKey .Values.tap.dashboard "completeStreamingEnabled") -}}
+                        {{ eq .Values.tap.dashboard.completeStreamingEnabled true | ternary "true" "false" }}
+                      {{- else -}}
+                        true
+                      {{- end }}'
             - name: REACT_APP_AUTH_SAML_IDP_METADATA_URL
               value: '{{ not (eq .Values.tap.auth.saml.idpMetadataUrl "") | ternary .Values.tap.auth.saml.idpMetadataUrl " " }}'
             - name: REACT_APP_TIMEZONE

helm-chart/templates/12-config-map.yaml

@@ -33,6 +33,15 @@ data:
     AUTH_OIDC_ISSUER: '{{ default "not set" (((.Values.tap).auth).dexOidc).issuer }}'
     AUTH_OIDC_REFRESH_TOKEN_LIFETIME: '{{ default "3960h" (((.Values.tap).auth).dexOidc).refreshTokenLifetime }}'
     AUTH_OIDC_STATE_PARAM_EXPIRY: '{{ default "10m" (((.Values.tap).auth).dexOidc).oauth2StateParamExpiry }}'
+    AUTH_OIDC_BYPASS_SSL_CA_CHECK: '{{- if and
+                                      (hasKey .Values.tap "auth")
+                                      (hasKey .Values.tap.auth "dexOidc")
+                                      (hasKey .Values.tap.auth.dexOidc "bypassSslCaCheck")
+                                    -}}
+                                      {{ eq .Values.tap.auth.dexOidc.bypassSslCaCheck true | ternary "true" "false" }}
+                                    {{- else -}}
+                                      false
+                                    {{- end }}'
     TELEMETRY_DISABLED: '{{ not .Values.internetConnectivity | ternary "true" (not .Values.tap.telemetry.enabled | ternary "true" "false") }}'
     SCRIPTING_DISABLED: '{{- if .Values.tap.liveConfigMapChangesDisabled -}}
                            {{- if .Values.demoModeEnabled -}}

helm-chart/values.yaml

@@ -99,6 +99,12 @@ tap:
         operator: In
         values:
         - linux
+    dex:
+    - matchExpressions:
+      - key: kubernetes.io/os
+        operator: In
+        values:
+        - linux
   tolerations:
     hub: []
     workers:
@@ -136,6 +142,8 @@ tap:
       basePath: ""
   ipv6: true
   debug: false
+  dashboard:
+    completeStreamingEnabled: true
   telemetry:
     enabled: true
   resourceGuard: