Load pf-ring kernel module in init container (#1476)

* Load kernel module in init container * Update docs * Update formatting * Add pre-stop hook to unload pf_ring module * Enable hook only on kernel module enabled * fix template * Use sidecontainer to unload pf_ring * Add requirements for tracer into structs * fix values * fix typo --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
2025-09-18 07:42:20 +00:00 · 2024-01-13 01:49:39 +02:00
parent 7df35e04a8
commit aaeb3ca1eb
8 changed files with 89 additions and 216 deletions
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@@ -156,10 +156,9 @@ Please refer to [metrics](./metrics.md) documentation for details.
 | `tap.ingress.annotations`                 | `Ingress` annotations                           | `{}`                                                    |
 | `tap.ipv6`                                | Enable IPv6 support for the front-end                        | `true`                                                  |
 | `tap.debug`                               | Enable debug mode                             | `false`                                                 |
-| `tap.kernelModule.enabled`                    | Use PF_RING kernel module([details](PF_RING.md))      | `true`                                                 |
-| `tap.kernelModule.mode`                    | PF_RING kernel module loading approach([details](PF_RING.md))      | `auto`                                                 |
-| `tap.kernelModule.imageRepoSecret`                    | ImageRepoSecret is an optional secret that is used to pull both the module loader container([details](PF_RING.md))      | ""                                                 |
-| `tap.kernelModule.kernelMappings`                    |List of mappings between kernel version and container loader([details](PF_RING.md))      | `[{'regexp': '.+$', 'containerImage': 'kubehq/pf-ring-module:${KERNEL_FULL_VERSION}'}]`                                                 |
+| `tap.kernelModule.enabled`                | Use PF_RING kernel module([details](PF_RING.md))      | `true`                                                 |
+| `tap.kernelModule.image`                  | Container image containing PF_RING kernel module with supported kernel version([details](PF_RING.md))      | "kubeshark/pf-ring-module:all"                                                 |
+| `tap.kernelModule.unloadOnDestroy`        | Create additional container which watches for pod termination and unloads PF_RING kernel module. | `false`|
 | `tap.telemetry.enabled`                   | Enable anonymous usage statistics collection           | `true`                                                  |
 | `tap.defaultFilter`                       | Sets the default dashboard KFL filter (e.g. `http`)        | `""`                                                  |
 | `tap.globalFilter`                        | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field.       | `""`                                        |