github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-08-31 10:11:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔨 Template -no-kernel-module flag

Browse Source
This commit is contained in:
M. Mert Yildiran
2023-10-09 21:17:34 +03:00
parent 22bdbda718
commit 6d79598c5d
4 changed files with 12 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/configStructs/tapConfig.go
View File

@@ -127,6 +127,7 @@ type TapConfig struct {
Ingress IngressConfig `yaml:"ingress" json:"ingress"`
IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"`
Debug bool `yaml:"debug" json:"debug" default:"false"`
NoKernelModule bool `yaml:"nokernelmodule" json:"nokernelmodule" default:"false"`
Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"`
}

1
helm-chart/templates/09-worker-daemon-set.yaml
View File

@@ -36,6 +36,7 @@ spec:
- -procfs
- /hostproc
{{ .Values.tap.debug | ternary "- -debug" "" }}
{{ .Values.tap.nokernelmodule | ternary "- -no-kernel-module" "" }}
image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.tag }}'
imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
name: sniffer

1
helm-chart/values.yaml
View File

@@ -63,6 +63,7 @@ tap:
annotations: {}
ipv6: true
debug: false
nokernelmodule: false
telemetry:
enabled: true
logs:

61
manifests/complete.yaml
View File

@@ -286,10 +286,13 @@ spec:
- ./worker
- -i
- any
- -port
- '8897'
- -servicemesh
- -procfs
- /hostproc
image: 'docker.io/kubeshark/worker:latest'
imagePullPolicy: Always
name: sniffer
@@ -307,8 +310,8 @@ spec:
name: kubeshark-secret
resources:
limits:
cpu: 250m
memory: 333Mi
cpu: 750m
memory: 1Gi
requests:
cpu: 50m
memory: 50Mi
@@ -323,47 +326,6 @@ spec:
- SYS_MODULE
drop:
- ALL
volumeMounts:
- mountPath: /hostproc
name: proc
readOnly: true
- mountPath: /sys
name: sys
readOnly: true
- mountPath: /app/data
name: data
- command:
- ./worker
- -server-mode
- -port
- '8897'
image: 'docker.io/kubeshark/worker:latest'
imagePullPolicy: Always
name: server
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- secretRef:
name: kubeshark-secret
resources:
limits:
cpu: 250m
memory: 333Mi
requests:
cpu: 50m
memory: 50Mi
securityContext:
capabilities:
drop:
- ALL
readinessProbe:
periodSeconds: 1
failureThreshold: 3
@@ -407,16 +369,11 @@ spec:
envFrom:
- secretRef:
name: kubeshark-secret
resources:
limits:
cpu: 250m
memory: 333Mi
requests:
cpu: 50m
memory: 50Mi
securityContext:
capabilities:
add:
- NET_RAW
- NET_ADMIN
- SYS_ADMIN
- SYS_PTRACE
- DAC_OVERRIDE
@@ -534,8 +491,8 @@ spec:
port: 80
resources:
limits:
cpu: 250m
memory: 333Mi
cpu: 750m
memory: 1Gi
requests:
cpu: 50m
memory: 50Mi