added a helm value to control the root fs mount

set the default to false
added documentation

config/configStructs/tapConfig.go

@@ -313,6 +313,7 @@ type TapConfig struct {
 	Pprof                        PprofConfig             `yaml:"pprof" json:"pprof"`
 	Misc                         MiscConfig              `yaml:"misc" json:"misc"`
 	SecurityContext              SecurityContextConfig   `yaml:"securityContext" json:"securityContext"`
+	ShortTermProcs               bool                    `yaml:"shortTermProcs" json:"shortTermProcs" default:"false"`
 }
 
 func (config *TapConfig) PodRegex() *regexp.Regexp {

helm-chart/README.md

@@ -205,6 +205,7 @@ Example for overriding image names:
 | `tap.globalFilter`                        | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field. Another example `!dns` will not show any DNS traffic.      | `""`                                        |
 | `tap.metrics.port`                  | Pod port used to expose Prometheus metrics          | `49100`                                                  |
 | `tap.enabledDissectors`                   | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `udp` and `tcp` |
+| `tap.shortTermProcs`                    | This flag controls whether short living processes are detected (e.g. when someone uses CURL). In some very random edge-cases, this behavior may cause non-Kubeshark pods to not terminate. Therefore by default this option is turned off. Use with caution.  | `false` |
 | `logs.file`                               | Logs dump path                      | `""`                                                    |
 | `pcapdump.enabled`                        | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools                 | `true`                                                                                                  |
 | `pcapdump.maxTime`                        | The time window into the past that will be stored. Older traffic will be discarded.  | `2h`  |

helm-chart/templates/09-worker-daemon-set.yaml

@@ -303,6 +303,12 @@ spec:
             - mountPath: /etc/os-release
               name: os-release
               readOnly: true
+            {{- if .Values.tap.shortTermProcs }}
+            - mountPath: /hostroot
+              mountPropagation: HostToContainer
+              name: root
+              readOnly: true
+            {{- end }}
       {{- end }}
       dnsPolicy: ClusterFirstWithHostNet
       hostNetwork: true
@@ -365,6 +371,11 @@ spec:
         - hostPath:
             path: /etc/os-release
           name: os-release
+        {{- if .Values.tap.shortTermProcs }}
+        - hostPath:
+            path: /
+          name: root
+        {{- end }}
         - name: data
 {{- if .Values.tap.persistentStorage }}
           persistentVolumeClaim:

helm-chart/values.yaml

@@ -209,6 +209,7 @@ tap:
       - SYS_PTRACE
       - SYS_RESOURCE
       - IPC_LOCK
+  shortTermProcs: false
 logs:
   file: ""
   grep: ""