Remove PF_RING references (#1638)

* Remove PF_RING references

* Update values

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>

config/configStruct.go

@@ -42,10 +42,6 @@ func CreateDefaultConfig() ConfigStruct {
 					// DAC_OVERRIDE is required to read /proc/PID/environ
 					"DAC_OVERRIDE",
 				},
-				KernelModule: []string{
-					// SYS_MODULE is required to install kernel modules
-					"SYS_MODULE",
-				},
 				EBPFCapture: []string{
 					// SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
 					"SYS_ADMIN",

config/configStructs/tapConfig.go

@@ -169,16 +169,9 @@ type SentryConfig struct {
 type CapabilitiesConfig struct {
 	NetworkCapture     []string `yaml:"networkCapture" json:"networkCapture"  default:"[]"`
 	ServiceMeshCapture []string `yaml:"serviceMeshCapture" json:"serviceMeshCapture"  default:"[]"`
-	KernelModule       []string `yaml:"kernelModule" json:"kernelModule"  default:"[]"`
 	EBPFCapture        []string `yaml:"ebpfCapture" json:"ebpfCapture"  default:"[]"`
 }
 
-type KernelModuleConfig struct {
-	Enabled         bool   `yaml:"enabled" json:"enabled" default:"false"`
-	Image           string `yaml:"image" json:"image" default:"kubeshark/pf-ring-module:all"`
-	UnloadOnDestroy bool   `yaml:"unloadOnDestroy" json:"unloadOnDestroy" default:"false"`
-}
-
 type MetricsConfig struct {
 	Port uint16 `yaml:"port" json:"port" default:"49100"`
 }
@@ -238,7 +231,6 @@ type TapConfig struct {
 	Ingress                      IngressConfig         `yaml:"ingress" json:"ingress"`
 	IPv6                         bool                  `yaml:"ipv6" json:"ipv6" default:"true"`
 	Debug                        bool                  `yaml:"debug" json:"debug" default:"false"`
-	KernelModule                 KernelModuleConfig    `yaml:"kernelModule" json:"kernelModule"`
 	Telemetry                    TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
 	ResourceGuard                ResourceGuardConfig   `yaml:"resourceGuard" json:"resourceGuard"`
 	Sentry                       SentryConfig          `yaml:"sentry" json:"sentry"`

helm-chart/PF_RING.md

@@ -1,152 +0,0 @@
-# PF_RING
-
-<!-- TOC -->
-
-- [PF\_RING](#pf_ring)
-  - [Overview](#overview)
-  - [Loading PF\_RING module on Kubernetes nodes](#loading-pf_ring-module-on-kubernetes-nodes)
-    - [Pre-built kernel module exists and external egress allowed](#pre-built-kernel-module-exists-and-external-egress-allowed)
-    - [Pre-built kernel module doesn't exist or external egress isn't allowed](#pre-built-kernel-module-doesnt-exist-or-external-egress-isnt-allowed)
-  - [Appendix A: PF\_RING kernel module compilation](#appendix-a-pf_ring-kernel-module-compilation)
-    - [Automated complilation](#automated-complilation)
-    - [Manual compilation](#manual-compilation)
-
-<!-- /TOC -->
-
-## Overview
-
-PF_RING™ is an advanced Linux kernel module and user-space framework designed for high-speed packet processing. It offers a uniform API for packet processing applications, enabling efficient handling of large volumes of network data.
-
-For comprehensive information on PF_RING™, please visit the [User's Guide]((https://www.ntop.org/guides/pf_ring) and access detailed [API Documentation](http://www.ntop.org/guides/pf_ring_api/files.html).
-
-## Loading PF_RING module on Kubernetes nodes
-
-PF_RING kernel module loading is performed via of the `worker` component pod.
-The target container `tap.kernelModule.image` must contain `pf_ring.ko` file under path `/opt/lib/modules/<kernel version>/pf_ring.ko`.
-Kubeshark provides ready to use containers with kernel modules for the most popular kernel versions running in different managed clouds.
-
-Prior to deploying `kubeshark` with PF_RING enabled, it is essential to verify if a PF_RING kernel module is already built for your kernel version.
-Kubeshark provides additional CLI tool for this purpose - [pf-ring-compiler](https://github.com/kubeshark/pf-ring-compiler).
-
-Compatibility verification can be done by running:
-
-```bash
-pfring-compiler compatibility
-```
-
-This command checks for the availability of kernel modules for the kernel versions running across all nodes in the Kubernetes cluster.
-
-Example output for a compatible cluster:
-
-```bash
-Node                                          Kernel Version                 Supported
-ip-192-168-77-230.us-west-2.compute.internal  5.10.199-190.747.amzn2.x86_64  true
-ip-192-168-34-216.us-west-2.compute.internal  5.10.199-190.747.amzn2.x86_64  true
-
-Cluster is compatible
-```
-
-Another option to verify availability of kernel modules is just inspecting available kernel module versions via:
-
-```bash
-curl https://api.kubeshark.co/kernel-modules/meta/versions.jso
-```
-
-Based on Kubernetes cluster compatibility and external connection capabilities, user has two options:
-
-1. Use Kubeshark provided container `kubeshark/pf-ring-module`
-2. Build custom container with required kernel module version. 
-
-### Pre-built kernel module exists and external egress allowed
-
-In this case no additional configuration required.
-Kubeshark will load PF_RING kernel module from the default `kubeshark/pf-ring-module:all` container.
-
-### Pre-built kernel module doesn't exist or external egress isn't allowed
-
-In this case building custom Docker image is required.
-
-1. Compile PF_RING kernel module for target version
-
-Skip if you have `pf_ring.ko` for the target kernel version.
-Otherwise, follow [Appendix A](#appendix-a-pf_ring-kernel-module-compilation) for details.
-
-2. Build container
-
-The same build process Kubeshark has can be reused (follow [pfring-compilier](https://github.com/kubeshark/pf-ring-compiler/tree/main/modules) for details).
-
-3. Configure Helm values
-
-```yaml
-tap:
-  kernelModule:
-    image: <container from stage 2>
-```
-
-
-## Appendix A: PF_RING kernel module compilation
-
-PF_RING kernel module compilation can be completed automatically or manually.
-
-### Automated complilation
-
-In case your Kubernetes workers run supported Linux distribution, `kubeshark` CLI can be used to build PF_RING module:
-
-```bash
-pfring-compiler compile --target <distro>
-```
-
-This command requires:
-
-- kubectl to be installed and configured with a proper context
-- egress connection to Internet available
-
-This command:
-
-1. Runs Kubernetes job with build container
-2. Waits for job to be completed
-3. Downloads `pf-ring-<kernel version>.ko` file into the current folder.
-4. Cleans up created job.
-
-Currently supported distros:
-
-- Ubuntu
-- RHEL 9
-- Amazon Linux 2
-
-### Manual compilation
-
-The process description is based on Ubuntu 22.04 distribution.
-
-1. Get terminal access to the node with target kernel version
-This can be done either via SSH directly to node or with debug container running on the target node:
-
-```bash
-kubectl debug node/<target node> -it --attach=true --image=ubuntu:22.04
-```
-
-2. Install build tools and kernel headers
-
-```bash
-apt update
-apt install -y gcc build-essential make git wget tar gzip
-apt install -y linux-headers-$(uname -r)
-```
-
-3. Download PF_RING source code
-
-```bash
-wget https://github.com/ntop/PF_RING/archive/refs/tags/8.4.0.tar.gz
-tar -xf 8.4.0.tar.gz
-cd PF_RING-8.4.0/kernel
-```
-
-4. Compile the kernel module
-
-```bash
-make KERNEL_SRC=/usr/src/linux-headers-$(uname -r)
-```
-
-5. Copy `pf_ring.ko` to the local file system.
-
-Use `scp` or `kubectl cp` depending on type of access(SSH or debug pod).

helm-chart/README.md

@@ -183,9 +183,6 @@ Example for overriding image names:
 | `tap.ingress.annotations`                 | `Ingress` annotations                           | `{}`                                                    |
 | `tap.ipv6`                                | Enable IPv6 support for the front-end                        | `true`                                                  |
 | `tap.debug`                               | Enable debug mode                             | `false`                                                 |
-| `tap.kernelModule.enabled`                | Use PF_RING kernel module([details](PF_RING.md))      | `false`                                                 |
-| `tap.kernelModule.image`                  | Container image containing PF_RING kernel module with supported kernel version([details](PF_RING.md))      | "kubeshark/pf-ring-module:all"                                                 |
-| `tap.kernelModule.unloadOnDestroy`        | Create additional container which watches for pod termination and unloads PF_RING kernel module. | `false`|
 | `tap.telemetry.enabled`                   | Enable anonymous usage statistics collection           | `true`                                                  |
 | `tap.resourceGuard.enabled`               | Enable resource guard worker process, which watches RAM/disk usage and enables/disables traffic capture based on available resources | `false` |
 | `tap.sentry.enabled`                      | Enable sending of error logs to Sentry          | `false`                                                  |

helm-chart/values.yaml

@@ -96,10 +96,6 @@ tap:
     annotations: {}
   ipv6: true
   debug: false
-  kernelModule:
-    enabled: false
-    image: kubeshark/pf-ring-module:all
-    unloadOnDestroy: false
   telemetry:
     enabled: true
   resourceGuard:
@@ -121,8 +117,6 @@ tap:
     - SYS_ADMIN
     - SYS_PTRACE
     - DAC_OVERRIDE
-    kernelModule:
-    - SYS_MODULE
     ebpfCapture:
     - SYS_ADMIN
     - SYS_PTRACE