From 80d23d62bdc99d8d73d3f64b7b77ed6e6768472f Mon Sep 17 00:00:00 2001 From: Volodymyr Stoiko Date: Wed, 6 Nov 2024 00:13:50 +0200 Subject: [PATCH] Remove PF_RING references (#1638) * Remove PF_RING references * Update values --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com> --- config/configStruct.go | 4 - config/configStructs/tapConfig.go | 8 -- helm-chart/PF_RING.md | 152 ------------------------------ helm-chart/README.md | 3 - helm-chart/values.yaml | 6 -- 5 files changed, 173 deletions(-) delete mode 100644 helm-chart/PF_RING.md diff --git a/config/configStruct.go b/config/configStruct.go index 759eecbb2..1d1619a25 100644 --- a/config/configStruct.go +++ b/config/configStruct.go @@ -42,10 +42,6 @@ func CreateDefaultConfig() ConfigStruct { // DAC_OVERRIDE is required to read /proc/PID/environ "DAC_OVERRIDE", }, - KernelModule: []string{ - // SYS_MODULE is required to install kernel modules - "SYS_MODULE", - }, EBPFCapture: []string{ // SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8) "SYS_ADMIN", diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 877e0f5c9..ec2403884 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -169,16 +169,9 @@ type SentryConfig struct { type CapabilitiesConfig struct { NetworkCapture []string `yaml:"networkCapture" json:"networkCapture" default:"[]"` ServiceMeshCapture []string `yaml:"serviceMeshCapture" json:"serviceMeshCapture" default:"[]"` - KernelModule []string `yaml:"kernelModule" json:"kernelModule" default:"[]"` EBPFCapture []string `yaml:"ebpfCapture" json:"ebpfCapture" default:"[]"` } -type KernelModuleConfig struct { - Enabled bool `yaml:"enabled" json:"enabled" default:"false"` - Image string `yaml:"image" json:"image" default:"kubeshark/pf-ring-module:all"` - UnloadOnDestroy bool `yaml:"unloadOnDestroy" json:"unloadOnDestroy" default:"false"` -} - type MetricsConfig struct { Port uint16 `yaml:"port" json:"port" default:"49100"` } @@ -238,7 +231,6 @@ type TapConfig struct { Ingress IngressConfig `yaml:"ingress" json:"ingress"` IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"` Debug bool `yaml:"debug" json:"debug" default:"false"` - KernelModule KernelModuleConfig `yaml:"kernelModule" json:"kernelModule"` Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"` ResourceGuard ResourceGuardConfig `yaml:"resourceGuard" json:"resourceGuard"` Sentry SentryConfig `yaml:"sentry" json:"sentry"` diff --git a/helm-chart/PF_RING.md b/helm-chart/PF_RING.md deleted file mode 100644 index 9d60db79b..000000000 --- a/helm-chart/PF_RING.md +++ /dev/null @@ -1,152 +0,0 @@ -# PF_RING - - - -- [PF\_RING](#pf_ring) - - [Overview](#overview) - - [Loading PF\_RING module on Kubernetes nodes](#loading-pf_ring-module-on-kubernetes-nodes) - - [Pre-built kernel module exists and external egress allowed](#pre-built-kernel-module-exists-and-external-egress-allowed) - - [Pre-built kernel module doesn't exist or external egress isn't allowed](#pre-built-kernel-module-doesnt-exist-or-external-egress-isnt-allowed) - - [Appendix A: PF\_RING kernel module compilation](#appendix-a-pf_ring-kernel-module-compilation) - - [Automated complilation](#automated-complilation) - - [Manual compilation](#manual-compilation) - - - -## Overview - -PF_RING™ is an advanced Linux kernel module and user-space framework designed for high-speed packet processing. It offers a uniform API for packet processing applications, enabling efficient handling of large volumes of network data. - -For comprehensive information on PF_RING™, please visit the [User's Guide]((https://www.ntop.org/guides/pf_ring) and access detailed [API Documentation](http://www.ntop.org/guides/pf_ring_api/files.html). - -## Loading PF_RING module on Kubernetes nodes - -PF_RING kernel module loading is performed via of the `worker` component pod. -The target container `tap.kernelModule.image` must contain `pf_ring.ko` file under path `/opt/lib/modules//pf_ring.ko`. -Kubeshark provides ready to use containers with kernel modules for the most popular kernel versions running in different managed clouds. - -Prior to deploying `kubeshark` with PF_RING enabled, it is essential to verify if a PF_RING kernel module is already built for your kernel version. -Kubeshark provides additional CLI tool for this purpose - [pf-ring-compiler](https://github.com/kubeshark/pf-ring-compiler). - -Compatibility verification can be done by running: - -```bash -pfring-compiler compatibility -``` - -This command checks for the availability of kernel modules for the kernel versions running across all nodes in the Kubernetes cluster. - -Example output for a compatible cluster: - -```bash -Node Kernel Version Supported -ip-192-168-77-230.us-west-2.compute.internal 5.10.199-190.747.amzn2.x86_64 true -ip-192-168-34-216.us-west-2.compute.internal 5.10.199-190.747.amzn2.x86_64 true - -Cluster is compatible -``` - -Another option to verify availability of kernel modules is just inspecting available kernel module versions via: - -```bash -curl https://api.kubeshark.co/kernel-modules/meta/versions.jso -``` - -Based on Kubernetes cluster compatibility and external connection capabilities, user has two options: - -1. Use Kubeshark provided container `kubeshark/pf-ring-module` -2. Build custom container with required kernel module version. - -### Pre-built kernel module exists and external egress allowed - -In this case no additional configuration required. -Kubeshark will load PF_RING kernel module from the default `kubeshark/pf-ring-module:all` container. - -### Pre-built kernel module doesn't exist or external egress isn't allowed - -In this case building custom Docker image is required. - -1. Compile PF_RING kernel module for target version - -Skip if you have `pf_ring.ko` for the target kernel version. -Otherwise, follow [Appendix A](#appendix-a-pf_ring-kernel-module-compilation) for details. - -2. Build container - -The same build process Kubeshark has can be reused (follow [pfring-compilier](https://github.com/kubeshark/pf-ring-compiler/tree/main/modules) for details). - -3. Configure Helm values - -```yaml -tap: - kernelModule: - image: -``` - - -## Appendix A: PF_RING kernel module compilation - -PF_RING kernel module compilation can be completed automatically or manually. - -### Automated complilation - -In case your Kubernetes workers run supported Linux distribution, `kubeshark` CLI can be used to build PF_RING module: - -```bash -pfring-compiler compile --target -``` - -This command requires: - -- kubectl to be installed and configured with a proper context -- egress connection to Internet available - -This command: - -1. Runs Kubernetes job with build container -2. Waits for job to be completed -3. Downloads `pf-ring-.ko` file into the current folder. -4. Cleans up created job. - -Currently supported distros: - -- Ubuntu -- RHEL 9 -- Amazon Linux 2 - -### Manual compilation - -The process description is based on Ubuntu 22.04 distribution. - -1. Get terminal access to the node with target kernel version -This can be done either via SSH directly to node or with debug container running on the target node: - -```bash -kubectl debug node/ -it --attach=true --image=ubuntu:22.04 -``` - -2. Install build tools and kernel headers - -```bash -apt update -apt install -y gcc build-essential make git wget tar gzip -apt install -y linux-headers-$(uname -r) -``` - -3. Download PF_RING source code - -```bash -wget https://github.com/ntop/PF_RING/archive/refs/tags/8.4.0.tar.gz -tar -xf 8.4.0.tar.gz -cd PF_RING-8.4.0/kernel -``` - -4. Compile the kernel module - -```bash -make KERNEL_SRC=/usr/src/linux-headers-$(uname -r) -``` - -5. Copy `pf_ring.ko` to the local file system. - -Use `scp` or `kubectl cp` depending on type of access(SSH or debug pod). diff --git a/helm-chart/README.md b/helm-chart/README.md index e0befa082..d667b2b01 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -183,9 +183,6 @@ Example for overriding image names: | `tap.ingress.annotations` | `Ingress` annotations | `{}` | | `tap.ipv6` | Enable IPv6 support for the front-end | `true` | | `tap.debug` | Enable debug mode | `false` | -| `tap.kernelModule.enabled` | Use PF_RING kernel module([details](PF_RING.md)) | `false` | -| `tap.kernelModule.image` | Container image containing PF_RING kernel module with supported kernel version([details](PF_RING.md)) | "kubeshark/pf-ring-module:all" | -| `tap.kernelModule.unloadOnDestroy` | Create additional container which watches for pod termination and unloads PF_RING kernel module. | `false`| | `tap.telemetry.enabled` | Enable anonymous usage statistics collection | `true` | | `tap.resourceGuard.enabled` | Enable resource guard worker process, which watches RAM/disk usage and enables/disables traffic capture based on available resources | `false` | | `tap.sentry.enabled` | Enable sending of error logs to Sentry | `false` | diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 3de0456a8..41b751a47 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -96,10 +96,6 @@ tap: annotations: {} ipv6: true debug: false - kernelModule: - enabled: false - image: kubeshark/pf-ring-module:all - unloadOnDestroy: false telemetry: enabled: true resourceGuard: @@ -121,8 +117,6 @@ tap: - SYS_ADMIN - SYS_PTRACE - DAC_OVERRIDE - kernelModule: - - SYS_MODULE ebpfCapture: - SYS_ADMIN - SYS_PTRACE