diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 116e80c77..6087f55c7 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -127,6 +127,7 @@ type TapConfig struct { Ingress IngressConfig `yaml:"ingress" json:"ingress"` IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"` Debug bool `yaml:"debug" json:"debug" default:"false"` + NoKernelModule bool `yaml:"nokernelmodule" json:"nokernelmodule" default:"false"` Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"` } diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml index e39ceeb7c..727d0102a 100644 --- a/helm-chart/templates/09-worker-daemon-set.yaml +++ b/helm-chart/templates/09-worker-daemon-set.yaml @@ -36,6 +36,7 @@ spec: - -procfs - /hostproc {{ .Values.tap.debug | ternary "- -debug" "" }} + {{ .Values.tap.nokernelmodule | ternary "- -no-kernel-module" "" }} image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.tag }}' imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }} name: sniffer diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 2deb8ef7b..1ddd4d375 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -63,6 +63,7 @@ tap: annotations: {} ipv6: true debug: false + nokernelmodule: false telemetry: enabled: true logs: diff --git a/manifests/complete.yaml b/manifests/complete.yaml index be09e5545..c75744dc1 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -286,10 +286,13 @@ spec: - ./worker - -i - any + - -port + - '8897' - -servicemesh - -procfs - /hostproc + image: 'docker.io/kubeshark/worker:latest' imagePullPolicy: Always name: sniffer @@ -307,8 +310,8 @@ spec: name: kubeshark-secret resources: limits: - cpu: 250m - memory: 333Mi + cpu: 750m + memory: 1Gi requests: cpu: 50m memory: 50Mi @@ -323,47 +326,6 @@ spec: - SYS_MODULE drop: - ALL - volumeMounts: - - mountPath: /hostproc - name: proc - readOnly: true - - mountPath: /sys - name: sys - readOnly: true - - mountPath: /app/data - name: data - - command: - - ./worker - - -server-mode - - -port - - '8897' - - image: 'docker.io/kubeshark/worker:latest' - imagePullPolicy: Always - name: server - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - envFrom: - - secretRef: - name: kubeshark-secret - resources: - limits: - cpu: 250m - memory: 333Mi - requests: - cpu: 50m - memory: 50Mi - securityContext: - capabilities: - drop: - - ALL readinessProbe: periodSeconds: 1 failureThreshold: 3 @@ -407,16 +369,11 @@ spec: envFrom: - secretRef: name: kubeshark-secret - resources: - limits: - cpu: 250m - memory: 333Mi - requests: - cpu: 50m - memory: 50Mi securityContext: capabilities: add: + - NET_RAW + - NET_ADMIN - SYS_ADMIN - SYS_PTRACE - DAC_OVERRIDE @@ -534,8 +491,8 @@ spec: port: 80 resources: limits: - cpu: 250m - memory: 333Mi + cpu: 750m + memory: 1Gi requests: cpu: 50m memory: 50Mi