Merge branch 'master' into fix-remove-hostroot

2025-08-30 06:52:34 +00:00 · 2025-02-12 12:32:00 -08:00 · 2025-02-12 12:32:00 -08:00 · 90092b68b5
commit 90092b68b5
parent 94fe36e5d6 95d6655af6
5 changed files with 22 additions and 1 deletions
--- a/6
+++ b/6
@ -182,7 +182,11 @@ release:
 	@cd ../tracer && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../hub && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../front && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
-	@cd ../kubeshark && git checkout master && git pull && sed -i "s/^version:.*/version: \"$(shell echo $(VERSION) | sed -E 's/^([0-9]+\.[0-9]+)\..*/\1/')\"/" helm-chart/Chart.yaml && make && make generate-helm-values && make generate-manifests
+	@cd ../kubeshark && git checkout master && git pull && sed -i "s/^version:.*/version: \"$(shell echo $(VERSION) | sed -E 's/^([0-9]+\.[0-9]+)\..*/\1/')\"/" helm-chart/Chart.yaml && make
+	@if [ "$(shell uname)" = "Darwin" ]; then \
+		codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/kubeshark__; \
+	fi
+	@make generate-helm-values && make generate-manifests
 	@git add -A . && git commit -m ":bookmark: Bump the Helm chart version to $(VERSION)" && git push
 	@git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd helm-chart && rm -r ../../kubeshark.github.io/charts/chart/* && cp -r . ../../kubeshark.github.io/charts/chart
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@ -314,6 +314,7 @@ type TapConfig struct {
 	Misc                         MiscConfig              `yaml:"misc" json:"misc"`
 	SecurityContext              SecurityContextConfig   `yaml:"securityContext" json:"securityContext"`
 	ShortTermProcs               bool                    `yaml:"shortTermProcs" json:"shortTermProcs" default:"false"`
+	MountBpf                     bool                    `yaml:"mountBpf" json:"mountBpf" default:"true"`
 }

 func (config *TapConfig) PodRegex() *regexp.Regexp {
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@ -206,6 +206,7 @@ Example for overriding image names:
 | `tap.metrics.port`                  | Pod port used to expose Prometheus metrics          | `49100`                                                  |
 | `tap.enabledDissectors`                   | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `udp` and `tcp` |
 | `tap.shortTermProcs`                    | This flag controls whether short living processes are detected (e.g. when someone uses CURL). In some very random edge-cases, this behavior may cause non-Kubeshark pods to not terminate. Therefore by default this option is turned off. Use with caution.  | `false` |
+| `tap.mountBpf`                            | BPF filesystem needs to be mounted for eBPF to work properly. This helm value determines whether Kubeshark will attempt to mount the filesystem. This option is not required if filesystem is already mounts. │ `true`|
 | `logs.file`                               | Logs dump path                      | `""`                                                    |
 | `pcapdump.enabled`                        | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools                 | `true`                                                                                                  |
 | `pcapdump.maxTime`                        | The time window into the past that will be stored. Older traffic will be discarded.  | `2h`  |
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@ -210,6 +210,7 @@ tap:
      - SYS_RESOURCE
      - IPC_LOCK
  shortTermProcs: false
+  mountBpf: true
 logs:
  file: ""
  grep: ""
--- a/manifests/complete.yaml
+++ b/manifests/complete.yaml
@ -523,6 +523,20 @@ spec:
      name: kubeshark-worker-daemon-set
      namespace: kubeshark
    spec:
+      initContainers:
+        - command:
+          - /bin/sh
+          - -c
+          - mkdir -p /sys/fs/bpf && mount | grep -q '/sys/fs/bpf' || mount -t bpf bpf /sys/fs/bpf
+          image: 'docker.io/kubeshark/worker:v52.4'
+          imagePullPolicy: Always
+          name: mount-bpf
+          securityContext:
+            privileged: true
+          volumeMounts:
+          - mountPath: /sys
+            name: sys
+            mountPropagation: Bidirectional
      containers:
        - command:
            - ./worker