tcp dissector enabled by default (#1591)

* tcp dissector enabled by default

* changing the readme

In support of having the `tcp` dissector enabled by default.

* Update values.yaml

* Update complete.yaml

* updated the defaultFilter default value

1. Start with some level of  "noise reduction" (`tcp` and `dns`).
2. Provide a hint how to use a display filter to filter out protocol aliases.

* Update values.yaml

filter out DNS and TCP

* Update complete.yaml

Filter out DNS and TCP

* Update README.md

Filter out TCP and DNS by default
This commit is contained in:
Alon Girmonsky 2024-08-22 17:14:38 -07:00 committed by GitHub
parent 193e2ab03e
commit 84f2ec944d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 8 additions and 7 deletions

View File

@ -82,7 +82,7 @@ func CreateDefaultConfig() ConfigStruct {
"redis",
"sctp",
"syscall",
// "tcp",
"tcp",
"ws",
},
},

View File

@ -199,7 +199,7 @@ type TapConfig struct {
Debug bool `yaml:"debug" json:"debug" default:"false"`
KernelModule KernelModuleConfig `yaml:"kernelModule" json:"kernelModule"`
Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"`
DefaultFilter string `yaml:"defaultFilter" json:"defaultFilter"`
DefaultFilter string `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !tcp"`
ScriptingDisabled bool `yaml:"scriptingDisabled" json:"scriptingDisabled" default:"false"`
TargetedPodsUpdateDisabled bool `yaml:"targetedPodsUpdateDisabled" json:"targetedPodsUpdateDisabled" default:"false"`
RecordingDisabled bool `yaml:"recordingDisabled" json:"recordingDisabled" default:"false"`

View File

@ -170,11 +170,11 @@ Please refer to [metrics](./metrics.md) documentation for details.
| `tap.kernelModule.image` | Container image containing PF_RING kernel module with supported kernel version([details](PF_RING.md)) | "kubeshark/pf-ring-module:all" |
| `tap.kernelModule.unloadOnDestroy` | Create additional container which watches for pod termination and unloads PF_RING kernel module. | `false`|
| `tap.telemetry.enabled` | Enable anonymous usage statistics collection | `true` |
| `tap.defaultFilter` | Sets the default dashboard KFL filter (e.g. `http`) | `""` |
| `tap.defaultFilter` | Sets the default dashboard KFL filter (e.g. `http`). By default, this value is set to filter out DNS and TCP entries. The user can easily change this in the Dashboard. | `"!dns and !tcp"` |
| `tap.globalFilter` | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field. Another example `!dns` will not show any DNS traffic. | `""` |
| `tap.metrics.port` | Pod port used to expose Prometheus metrics | `49100` |
| `tap.stopped` | A flag indicating whether to start Kubeshark with traffic processing stopped resulting in almost no resource consumption (e.g. Kubeshark is dormant). This property can be dynamically control via the dashboard. | `true` |
| `tap.enabledDissectors` | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list includes: amqp, dns , http, icmp, kafka, redis,sctp, syscall, ws. By design, it does not include the very powerful TCP dissector (`tcp`). Add this dissector to view all TCP messages (requires elevated amounts of CPU, memeory and storage). |
| `tap.enabledDissectors` | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list includes: amqp, dns , http, icmp, kafka, redis,sctp, syscall, tcp, ws. |
| `logs.file` | Logs dump path | `""` |
| `kube.configPath` | Path to the `kubeconfig` file (`$HOME/.kube/config`) | `""` |
| `kube.context` | Kubernetes context to use for the deployment | `""` |

View File

@ -95,7 +95,7 @@ tap:
unloadOnDestroy: false
telemetry:
enabled: true
defaultFilter: ""
defaultFilter: "!dns and !tcp"
scriptingDisabled: false
targetedPodsUpdateDisabled: false
recordingDisabled: false
@ -125,6 +125,7 @@ tap:
- redis
- sctp
- syscall
- tcp
- ws
metrics:
port: 49100

View File

@ -249,7 +249,7 @@ data:
TIMEZONE: ' '
CLOUD_LICENSE_ENABLED: 'true'
DUPLICATE_TIMEFRAME: '200ms'
ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,sctp,syscall,ws'
ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,sctp,syscall,tcp,ws'
---
# Source: kubeshark/templates/02-cluster-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
@ -760,7 +760,7 @@ spec:
containers:
- env:
- name: REACT_APP_DEFAULT_FILTER
value: ' '
value: '!dns and !tcp'
- name: REACT_APP_AUTH_ENABLED
value: 'true'
- name: REACT_APP_AUTH_TYPE