github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-08-10 12:53:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into tetatetit/docs/14/efs-pvc

Browse Source
This commit is contained in:
Alon Girmonsky 2023-12-05 16:11:01 -08:00 committed by GitHub
commit 7757b643c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
helm-chart/README.md
View File

@ -41,7 +41,7 @@ Uninstall Kubeshark:
helm uninstall kubeshark helm uninstall kubeshark
``` ```
## Accesing ## Accessing
Do the port forwarding: Do the port forwarding:

24
helm-chart/templates/09-worker-daemon-set.yaml
View File

@ -65,13 +65,24 @@ spec:
securityContext: securityContext:
capabilities: capabilities:
add: add:
# NET_RAW is required to listen the network traffic
- NET_RAW - NET_RAW
# NET_ADMIN is required to listen the network traffic
- NET_ADMIN - NET_ADMIN
- SYS_ADMIN {{- if not .Values.tap.noKernelModule }}
- SYS_PTRACE # SYS_MODULE is required to install kernel modules
- DAC_OVERRIDE
- SYS_MODULE - SYS_MODULE
{{- end }}
{{- if .Values.tap.serviceMesh }}
# SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
- SYS_ADMIN
# SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
- SYS_PTRACE
# DAC_OVERRIDE is required to read /proc/PID/environ
- DAC_OVERRIDE
# CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
- CHECKPOINT_RESTORE - CHECKPOINT_RESTORE
{{- end }}
drop: drop:
- ALL - ALL
readinessProbe: readinessProbe:
@ -120,12 +131,13 @@ spec:
securityContext: securityContext:
capabilities: capabilities:
add: add:
- NET_RAW # SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
- NET_ADMIN
- SYS_ADMIN - SYS_ADMIN
# SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
- SYS_PTRACE - SYS_PTRACE
- DAC_OVERRIDE # SYS_RESOURCE is required to change rlimits for eBPF
- SYS_RESOURCE - SYS_RESOURCE
# CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
- CHECKPOINT_RESTORE - CHECKPOINT_RESTORE
drop: drop:
- ALL - ALL

20
manifests/complete.yaml
View File

@ -314,12 +314,19 @@ spec:
securityContext: securityContext:
capabilities: capabilities:
add: add:
# NET_RAW is required to listen the network traffic
- NET_RAW - NET_RAW
# NET_ADMIN is required to listen the network traffic
- NET_ADMIN - NET_ADMIN
- SYS_ADMIN # SYS_MODULE is required to install kernel modules
- SYS_PTRACE
- DAC_OVERRIDE
- SYS_MODULE - SYS_MODULE
# SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
- SYS_ADMIN
# SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
- SYS_PTRACE
# DAC_OVERRIDE is required to read /proc/PID/environ
- DAC_OVERRIDE
# CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
- CHECKPOINT_RESTORE - CHECKPOINT_RESTORE
drop: drop:
- ALL - ALL
@ -365,12 +372,13 @@ spec:
securityContext: securityContext:
capabilities: capabilities:
add: add:
- NET_RAW # SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
- NET_ADMIN
- SYS_ADMIN - SYS_ADMIN
# SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
- SYS_PTRACE - SYS_PTRACE
- DAC_OVERRIDE # SYS_RESOURCE is required to change rlimits for eBPF
- SYS_RESOURCE - SYS_RESOURCE
# CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
- CHECKPOINT_RESTORE - CHECKPOINT_RESTORE
drop: drop:
- ALL - ALL