Merge branch 'master' into fix-remove-hostroot

This commit is contained in:
Alon Girmonsky 2025-02-12 12:32:00 -08:00 committed by GitHub
commit 90092b68b5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 22 additions and 1 deletions

View File

@ -182,7 +182,11 @@ release:
@cd ../tracer && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
@cd ../hub && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
@cd ../front && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
@cd ../kubeshark && git checkout master && git pull && sed -i "s/^version:.*/version: \"$(shell echo $(VERSION) | sed -E 's/^([0-9]+\.[0-9]+)\..*/\1/')\"/" helm-chart/Chart.yaml && make && make generate-helm-values && make generate-manifests
@cd ../kubeshark && git checkout master && git pull && sed -i "s/^version:.*/version: \"$(shell echo $(VERSION) | sed -E 's/^([0-9]+\.[0-9]+)\..*/\1/')\"/" helm-chart/Chart.yaml && make
@if [ "$(shell uname)" = "Darwin" ]; then \
codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/kubeshark__; \
fi
@make generate-helm-values && make generate-manifests
@git add -A . && git commit -m ":bookmark: Bump the Helm chart version to $(VERSION)" && git push
@git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
@cd helm-chart && rm -r ../../kubeshark.github.io/charts/chart/* && cp -r . ../../kubeshark.github.io/charts/chart

View File

@ -314,6 +314,7 @@ type TapConfig struct {
Misc MiscConfig `yaml:"misc" json:"misc"`
SecurityContext SecurityContextConfig `yaml:"securityContext" json:"securityContext"`
ShortTermProcs bool `yaml:"shortTermProcs" json:"shortTermProcs" default:"false"`
MountBpf bool `yaml:"mountBpf" json:"mountBpf" default:"true"`
}
func (config *TapConfig) PodRegex() *regexp.Regexp {

View File

@ -206,6 +206,7 @@ Example for overriding image names:
| `tap.metrics.port` | Pod port used to expose Prometheus metrics | `49100` |
| `tap.enabledDissectors` | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `udp` and `tcp` |
| `tap.shortTermProcs` | This flag controls whether short living processes are detected (e.g. when someone uses CURL). In some very random edge-cases, this behavior may cause non-Kubeshark pods to not terminate. Therefore by default this option is turned off. Use with caution. | `false` |
| `tap.mountBpf` | BPF filesystem needs to be mounted for eBPF to work properly. This helm value determines whether Kubeshark will attempt to mount the filesystem. This option is not required if filesystem is already mounts. │ `true`|
| `logs.file` | Logs dump path | `""` |
| `pcapdump.enabled` | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools | `true` |
| `pcapdump.maxTime` | The time window into the past that will be stored. Older traffic will be discarded. | `2h` |

View File

@ -210,6 +210,7 @@ tap:
- SYS_RESOURCE
- IPC_LOCK
shortTermProcs: false
mountBpf: true
logs:
file: ""
grep: ""

View File

@ -523,6 +523,20 @@ spec:
name: kubeshark-worker-daemon-set
namespace: kubeshark
spec:
initContainers:
- command:
- /bin/sh
- -c
- mkdir -p /sys/fs/bpf && mount | grep -q '/sys/fs/bpf' || mount -t bpf bpf /sys/fs/bpf
image: 'docker.io/kubeshark/worker:v52.4'
imagePullPolicy: Always
name: mount-bpf
securityContext:
privileged: true
volumeMounts:
- mountPath: /sys
name: sys
mountPropagation: Bidirectional
containers:
- command:
- ./worker