🔨 Template -no-kernel-module flag

config/configStructs/tapConfig.go

@@ -127,6 +127,7 @@ type TapConfig struct {
 	Ingress           IngressConfig         `yaml:"ingress" json:"ingress"`
 	IPv6              bool                  `yaml:"ipv6" json:"ipv6" default:"true"`
 	Debug             bool                  `yaml:"debug" json:"debug" default:"false"`
+	NoKernelModule    bool                  `yaml:"nokernelmodule" json:"nokernelmodule" default:"false"`
 	Telemetry         TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
 }
 

helm-chart/templates/09-worker-daemon-set.yaml

@@ -36,6 +36,7 @@ spec:
             - -procfs
             - /hostproc
             {{ .Values.tap.debug | ternary "- -debug" "" }}
+            {{ .Values.tap.nokernelmodule | ternary "- -no-kernel-module" "" }}
           image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.tag }}'
           imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
           name: sniffer

helm-chart/values.yaml

@@ -63,6 +63,7 @@ tap:
     annotations: {}
   ipv6: true
   debug: false
+  nokernelmodule: false
   telemetry:
     enabled: true
 logs:

manifests/complete.yaml

@@ -286,10 +286,13 @@ spec:
             - ./worker
             - -i
             - any
+            - -port
+            - '8897'
             - -servicemesh
             - -procfs
             - /hostproc
             
+            
           image: 'docker.io/kubeshark/worker:latest'
           imagePullPolicy: Always
           name: sniffer
@@ -307,8 +310,8 @@ spec:
                 name: kubeshark-secret
           resources:
             limits:
-              cpu: 250m
+              cpu: 750m
-              memory: 333Mi
+              memory: 1Gi
             requests:
               cpu: 50m
               memory: 50Mi
@@ -323,47 +326,6 @@ spec:
                 - SYS_MODULE
               drop:
                 - ALL
-          volumeMounts:
-            - mountPath: /hostproc
-              name: proc
-              readOnly: true
-            - mountPath: /sys
-              name: sys
-              readOnly: true
-            - mountPath: /app/data
-              name: data
-        - command:
-            - ./worker
-            - -server-mode
-            - -port
-            - '8897'
-            
-          image: 'docker.io/kubeshark/worker:latest'
-          imagePullPolicy: Always
-          name: server
-          env:
-          - name: POD_NAME
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.name
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          envFrom:
-            - secretRef:
-                name: kubeshark-secret
-          resources:
-            limits:
-              cpu: 250m
-              memory: 333Mi
-            requests:
-              cpu: 50m
-              memory: 50Mi
-          securityContext:
-            capabilities:
-              drop:
-                - ALL
           readinessProbe:
             periodSeconds: 1
             failureThreshold: 3
@@ -407,16 +369,11 @@ spec:
           envFrom:
             - secretRef:
                 name: kubeshark-secret
-          resources:
-            limits:
-              cpu: 250m
-              memory: 333Mi
-            requests:
-              cpu: 50m
-              memory: 50Mi
           securityContext:
             capabilities:
               add:
+                - NET_RAW
+                - NET_ADMIN
                 - SYS_ADMIN
                 - SYS_PTRACE
                 - DAC_OVERRIDE
@@ -534,8 +491,8 @@ spec:
               port: 80
           resources:
             limits:
-              cpu: 250m
+              cpu: 750m
-              memory: 333Mi
+              memory: 1Gi
             requests:
               cpu: 50m
               memory: 50Mi