github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-04-28 03:52:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into tetatetit/docs/14/efs-pvc

Browse Source
This commit is contained in:
Alon Girmonsky 2023-12-05 16:11:01 -08:00 committed by GitHub
commit 7757b643c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
helm-chart/README.md
View File

@ -41,7 +41,7 @@ Uninstall Kubeshark:
helm uninstall kubeshark
```
## Accesing
## Accessing
Do the port forwarding:

24
helm-chart/templates/09-worker-daemon-set.yaml
View File

@ -65,13 +65,24 @@ spec:
securityContext:
capabilities:
add:
# NET_RAW is required to listen the network traffic
- NET_RAW
# NET_ADMIN is required to listen the network traffic
- NET_ADMIN
- SYS_ADMIN
- SYS_PTRACE
- DAC_OVERRIDE
{{- if not .Values.tap.noKernelModule }}
# SYS_MODULE is required to install kernel modules
- SYS_MODULE
{{- end }}
{{- if .Values.tap.serviceMesh }}
# SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
- SYS_ADMIN
# SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
- SYS_PTRACE
# DAC_OVERRIDE is required to read /proc/PID/environ
- DAC_OVERRIDE
# CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
- CHECKPOINT_RESTORE
{{- end }}
drop:
- ALL
readinessProbe:
@ -120,12 +131,13 @@ spec:
securityContext:
capabilities:
add:
- NET_RAW
- NET_ADMIN
# SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
- SYS_ADMIN
# SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
- SYS_PTRACE
- DAC_OVERRIDE
# SYS_RESOURCE is required to change rlimits for eBPF
- SYS_RESOURCE
# CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
- CHECKPOINT_RESTORE
drop:
- ALL

20
manifests/complete.yaml
View File

@ -314,12 +314,19 @@ spec:
securityContext:
capabilities:
add:
# NET_RAW is required to listen the network traffic
- NET_RAW
# NET_ADMIN is required to listen the network traffic
- NET_ADMIN
- SYS_ADMIN
- SYS_PTRACE
- DAC_OVERRIDE
# SYS_MODULE is required to install kernel modules
- SYS_MODULE
# SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
- SYS_ADMIN
# SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
- SYS_PTRACE
# DAC_OVERRIDE is required to read /proc/PID/environ
- DAC_OVERRIDE
# CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
- CHECKPOINT_RESTORE
drop:
- ALL
@ -365,12 +372,13 @@ spec:
securityContext:
capabilities:
add:
- NET_RAW
- NET_ADMIN
# SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
- SYS_ADMIN
# SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
- SYS_PTRACE
- DAC_OVERRIDE
# SYS_RESOURCE is required to change rlimits for eBPF
- SYS_RESOURCE
# CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
- CHECKPOINT_RESTORE
drop:
- ALL