diff --git a/cmd/tap.go b/cmd/tap.go index 5106c6913..038bca055 100644 --- a/cmd/tap.go +++ b/cmd/tap.go @@ -2,13 +2,11 @@ package cmd import ( "errors" - "fmt" "github.com/creasty/defaults" "github.com/kubeshark/kubeshark/config" "github.com/kubeshark/kubeshark/config/configStructs" "github.com/kubeshark/kubeshark/errormessage" - "github.com/kubeshark/kubeshark/misc" "github.com/rs/zerolog/log" "github.com/spf13/cobra" ) @@ -55,7 +53,6 @@ func init() { tapCmd.Flags().String(configStructs.StorageLimitLabel, defaultTapConfig.StorageLimit, "Override the default storage limit (per node)") tapCmd.Flags().String(configStructs.StorageClassLabel, defaultTapConfig.StorageClass, "Override the default storage class of the PersistentVolumeClaim (per node)") tapCmd.Flags().Bool(configStructs.DryRunLabel, defaultTapConfig.DryRun, "Preview of all pods matching the regex, without tapping them") - tapCmd.Flags().StringP(configStructs.PcapLabel, "p", defaultTapConfig.Pcap, fmt.Sprintf("Capture from a PCAP snapshot of %s (.tar.gz) using your Docker Daemon instead of Kubernetes. TAR path from the file system, an S3 URI (s3:///) or a path in Kubeshark data volume (kube://)", misc.Software)) tapCmd.Flags().Bool(configStructs.ServiceMeshLabel, defaultTapConfig.ServiceMesh, "Capture the encrypted traffic if the cluster is configured with a service mesh and with mTLS") tapCmd.Flags().Bool(configStructs.TlsLabel, defaultTapConfig.Tls, "Capture the traffic that's encrypted with OpenSSL or Go crypto/tls libraries") tapCmd.Flags().Bool(configStructs.IgnoreTaintedLabel, defaultTapConfig.IgnoreTainted, "Ignore tainted pods while running Worker DaemonSet") diff --git a/cmd/tapPcapRunner.go b/cmd/tapPcapRunner.go deleted file mode 100644 index f37c15f0d..000000000 --- a/cmd/tapPcapRunner.go +++ /dev/null @@ -1,596 +0,0 @@ -package cmd - -import ( - "archive/tar" - "bufio" - "compress/gzip" - "context" - "encoding/json" - "fmt" - "io" - "net/url" - "os" - "path/filepath" - "strings" - "sync" - - "github.com/aws/aws-sdk-go-v2/aws" - awsConfig "github.com/aws/aws-sdk-go-v2/config" - "github.com/aws/aws-sdk-go-v2/feature/s3/manager" - "github.com/aws/aws-sdk-go-v2/service/s3" - s3Types "github.com/aws/aws-sdk-go-v2/service/s3/types" - "github.com/docker/docker/api/types" - "github.com/docker/docker/api/types/container" - "github.com/docker/docker/client" - "github.com/docker/go-connections/nat" - "github.com/kubeshark/kubeshark/config" - "github.com/kubeshark/kubeshark/config/configStructs" - "github.com/kubeshark/kubeshark/internal/connect" - "github.com/kubeshark/kubeshark/kubernetes" - "github.com/kubeshark/kubeshark/misc" - "github.com/kubeshark/kubeshark/utils" - "github.com/rs/zerolog/log" - v1 "k8s.io/api/core/v1" -) - -func logPullingImage(image string, reader io.ReadCloser) { - scanner := bufio.NewScanner(reader) - for scanner.Scan() { - text := scanner.Text() - var data map[string]interface{} - if err := json.Unmarshal([]byte(text), &data); err != nil { - log.Error().Err(err).Send() - continue - } - - var id string - if val, ok := data["id"]; ok { - id = val.(string) - } - - var status string - if val, ok := data["status"]; ok { - status = val.(string) - } - - var progress string - if val, ok := data["progress"]; ok { - progress = val.(string) - } - - e := log.Info() - if image != "" { - e = e.Str("image", image) - } - - if progress != "" { - e = e.Str("progress", progress) - } - - e.Msg(fmt.Sprintf("[%-12s] %-18s", id, status)) - } -} - -func pullImages(ctx context.Context, cli *client.Client, imageFront string, imageHub string, imageWorker string) error { - log.Info().Msg("Pulling images...") - readerFront, err := cli.ImagePull(ctx, imageFront, types.ImagePullOptions{}) - if err != nil { - return err - } - defer readerFront.Close() - logPullingImage(imageFront, readerFront) - - readerHub, err := cli.ImagePull(ctx, imageHub, types.ImagePullOptions{}) - if err != nil { - return err - } - defer readerHub.Close() - logPullingImage(imageHub, readerHub) - - readerWorker, err := cli.ImagePull(ctx, imageWorker, types.ImagePullOptions{}) - if err != nil { - return err - } - defer readerWorker.Close() - logPullingImage(imageWorker, readerWorker) - - return nil -} - -func cleanUpOldContainers( - ctx context.Context, - cli *client.Client, - nameFront string, - nameHub string, - nameWorker string, -) error { - containers, err := cli.ContainerList(ctx, types.ContainerListOptions{All: true}) - if err != nil { - return err - } - - for _, container := range containers { - f := fmt.Sprintf("/%s", nameFront) - h := fmt.Sprintf("/%s", nameHub) - w := fmt.Sprintf("/%s", nameWorker) - if utils.Contains(container.Names, f) || utils.Contains(container.Names, h) || utils.Contains(container.Names, w) { - err = cli.ContainerRemove(ctx, container.ID, types.ContainerRemoveOptions{Force: true}) - if err != nil { - return err - } - } - } - - return nil -} - -func createAndStartContainers( - ctx context.Context, - cli *client.Client, - imageFront string, - imageHub string, - imageWorker string, - tarReader io.Reader, -) ( - respFront container.ContainerCreateCreatedBody, - respHub container.ContainerCreateCreatedBody, - respWorker container.ContainerCreateCreatedBody, - workerIPAddr string, - err error, -) { - log.Info().Msg("Creating containers...") - - nameFront := fmt.Sprintf("%s-front", misc.Program) - nameHub := fmt.Sprintf("%s-hub", misc.Program) - nameWorker := fmt.Sprintf("%s-worker", misc.Program) - - err = cleanUpOldContainers(ctx, cli, nameFront, nameHub, nameWorker) - if err != nil { - return - } - - hostIP := "0.0.0.0" - - hostConfigFront := &container.HostConfig{ - PortBindings: nat.PortMap{ - nat.Port(fmt.Sprintf("%d/tcp", configStructs.ContainerPort)): []nat.PortBinding{ - { - HostIP: hostIP, - HostPort: fmt.Sprintf("%d", config.Config.Tap.Proxy.Front.Port), - }, - }, - }, - } - - respFront, err = cli.ContainerCreate(ctx, &container.Config{ - Image: imageFront, - Tty: false, - Env: []string{ - "REACT_APP_DEFAULT_FILTER= ", - "REACT_APP_HUB_HOST= ", - fmt.Sprintf("REACT_APP_HUB_PORT=:%d", config.Config.Tap.Proxy.Hub.Port), - "REACT_APP_AUTH_ENABLED=false", - }, - }, hostConfigFront, nil, nil, nameFront) - if err != nil { - return - } - - hostConfigHub := &container.HostConfig{ - PortBindings: nat.PortMap{ - nat.Port(fmt.Sprintf("%d/tcp", config.Config.Tap.Proxy.Hub.SrvPort)): []nat.PortBinding{ - { - HostIP: hostIP, - HostPort: fmt.Sprintf("%d", config.Config.Tap.Proxy.Hub.Port), - }, - }, - }, - } - - cmdHub := []string{"-port", fmt.Sprintf("%d", config.Config.Tap.Proxy.Hub.SrvPort)} - if config.DebugMode { - cmdHub = append(cmdHub, fmt.Sprintf("-%s", config.DebugFlag)) - } - - respHub, err = cli.ContainerCreate(ctx, &container.Config{ - Image: imageHub, - Cmd: cmdHub, - Tty: false, - ExposedPorts: nat.PortSet{nat.Port(fmt.Sprintf("%d/tcp", config.Config.Tap.Proxy.Hub.SrvPort)): {}}, - }, hostConfigHub, nil, nil, nameHub) - if err != nil { - return - } - - cmdWorker := []string{"-f", "./import", "-port", fmt.Sprintf("%d", config.Config.Tap.Proxy.Worker.SrvPort)} - if config.DebugMode { - cmdWorker = append(cmdWorker, fmt.Sprintf("-%s", config.DebugFlag)) - } - - respWorker, err = cli.ContainerCreate(ctx, &container.Config{ - Image: imageWorker, - Cmd: cmdWorker, - Tty: false, - }, nil, nil, nil, nameWorker) - if err != nil { - return - } - - if err = cli.CopyToContainer(ctx, respWorker.ID, "/app/import", tarReader, types.CopyToContainerOptions{}); err != nil { - return - } - - log.Info().Msg("Starting containers...") - - if err = cli.ContainerStart(ctx, respFront.ID, types.ContainerStartOptions{}); err != nil { - return - } - - if err = cli.ContainerStart(ctx, respHub.ID, types.ContainerStartOptions{}); err != nil { - return - } - - if err = cli.ContainerStart(ctx, respWorker.ID, types.ContainerStartOptions{}); err != nil { - return - } - - var containerWorker types.ContainerJSON - containerWorker, err = cli.ContainerInspect(ctx, respWorker.ID) - if err != nil { - return - } - - workerIPAddr = containerWorker.NetworkSettings.IPAddress - - return -} - -func stopAndRemoveContainers( - ctx context.Context, - cli *client.Client, - respFront container.ContainerCreateCreatedBody, - respHub container.ContainerCreateCreatedBody, - respWorker container.ContainerCreateCreatedBody, -) (err error) { - log.Warn().Msg("Stopping containers...") - err = cli.ContainerStop(ctx, respFront.ID, nil) - if err != nil { - return - } - err = cli.ContainerStop(ctx, respHub.ID, nil) - if err != nil { - return - } - err = cli.ContainerStop(ctx, respWorker.ID, nil) - if err != nil { - return - } - - log.Warn().Msg("Removing containers...") - err = cli.ContainerRemove(ctx, respFront.ID, types.ContainerRemoveOptions{}) - if err != nil { - return - } - err = cli.ContainerRemove(ctx, respHub.ID, types.ContainerRemoveOptions{}) - if err != nil { - return - } - err = cli.ContainerRemove(ctx, respWorker.ID, types.ContainerRemoveOptions{}) - if err != nil { - return - } - - return -} - -func downloadTarFromS3(s3Url string) (tarPath string, err error) { - u, err := url.Parse(s3Url) - if err != nil { - return - } - - bucket := u.Host - key := u.Path[1:] - - var cfg aws.Config - cfg, err = awsConfig.LoadDefaultConfig(context.TODO()) - if err != nil { - return - } - - client := s3.NewFromConfig(cfg) - - var listObjectsOutput *s3.ListObjectsV2Output - listObjectsOutput, err = client.ListObjectsV2(context.TODO(), &s3.ListObjectsV2Input{ - Bucket: aws.String(bucket), - Prefix: aws.String(key), - }) - if err != nil { - return - } - - var file *os.File - file, err = os.CreateTemp(os.TempDir(), fmt.Sprintf("%s_*.%s", strings.TrimSuffix(filepath.Base(key), filepath.Ext(key)), filepath.Ext(key))) - if err != nil { - return - } - defer file.Close() - - log.Info().Str("bucket", bucket).Str("key", key).Msg("Downloading from S3") - - downloader := manager.NewDownloader(client) - _, err = downloader.Download(context.TODO(), file, &s3.GetObjectInput{ - Bucket: aws.String(bucket), - Key: aws.String(key), - }) - if err != nil { - log.Info().Err(err).Msg("S3 object is not found. Assuming URL is not a single object. Listing the objects in given folder or the bucket to download...") - - var tempDirPath string - tempDirPath, err = os.MkdirTemp(os.TempDir(), "kubeshark_*") - if err != nil { - return - } - - var wg sync.WaitGroup - for _, object := range listObjectsOutput.Contents { - wg.Add(1) - go func(object s3Types.Object) { - defer wg.Done() - objectKey := *object.Key - - fullPath := filepath.Join(tempDirPath, objectKey) - err = os.MkdirAll(filepath.Dir(fullPath), os.ModePerm) - if err != nil { - return - } - - var objectFile *os.File - objectFile, err = os.Create(fullPath) - if err != nil { - return - } - defer objectFile.Close() - - log.Info().Str("bucket", bucket).Str("key", objectKey).Msg("Downloading from S3") - - downloader := manager.NewDownloader(client) - _, err = downloader.Download(context.TODO(), objectFile, &s3.GetObjectInput{ - Bucket: aws.String(bucket), - Key: aws.String(objectKey), - }) - if err != nil { - return - } - }(object) - } - wg.Wait() - - tarPath, err = tarDirectory(tempDirPath) - return - } - - tarPath = file.Name() - - return -} - -func downloadTarFromKubeVolume(kubeUrl string, volume string) (tarPath string, err error) { - var kubernetesProvider *kubernetes.Provider - kubernetesProvider, err = getKubernetesProviderForCli(false, false) - if err != nil { - return - } - - srcPath := fmt.Sprintf("/app/%s/%s", volume, strings.TrimPrefix(kubeUrl, "kube://")) - - var tempDirPath string - tempDirPath, err = os.MkdirTemp(os.TempDir(), "kubeshark_*") - if err != nil { - return - } - - ctx := context.Background() - var pods []v1.Pod - pods, err = kubernetesProvider.ListPodsByAppLabel( - ctx, - config.Config.Tap.Release.Namespace, - map[string]string{"app.kubeshark.co/app": "worker"}, - ) - if err != nil { - return - } - - for _, pod := range pods { - nodeDir := filepath.Join(tempDirPath, pod.Spec.NodeName) - if err = os.MkdirAll(nodeDir, 0755); err != nil { - return - } - - err = kubernetes.CopyFromPod(ctx, kubernetesProvider, pod, srcPath, nodeDir) - if err != nil { - return - } - } - - tarPath, err = tarDirectory(tempDirPath) - return -} - -func tarDirectory(dirPath string) (string, error) { - tarPath := fmt.Sprintf("%s.tar.gz", dirPath) - - var file *os.File - file, err := os.Create(tarPath) - if err != nil { - return "", err - } - defer file.Close() - - gzipWriter := gzip.NewWriter(file) - defer gzipWriter.Close() - - tarWriter := tar.NewWriter(gzipWriter) - defer tarWriter.Close() - - walker := func(path string, info os.FileInfo, err error) error { - if err != nil { - return err - } - if info.IsDir() { - return nil - } - file, err := os.Open(path) - if err != nil { - return err - } - defer file.Close() - - stat, err := file.Stat() - if err != nil { - return err - } - - header := &tar.Header{ - Name: path[len(dirPath)+1:], - Size: stat.Size(), - Mode: int64(stat.Mode()), - ModTime: stat.ModTime(), - } - - err = tarWriter.WriteHeader(header) - if err != nil { - return err - } - - _, err = io.Copy(tarWriter, file) - if err != nil { - return err - } - - return nil - } - - err = filepath.Walk(dirPath, walker) - if err != nil { - return "", err - } - - return tarPath, nil -} - -func pcap(tarPath string) error { - if strings.HasPrefix(tarPath, "s3://") { - var err error - tarPath, err = downloadTarFromS3(tarPath) - if err != nil { - log.Error().Err(err).Msg("Failed downloading from S3") - return err - } - } - - if strings.HasPrefix(tarPath, "kube://") { - var err error - tarPath, err = downloadTarFromKubeVolume(tarPath, "data") - if err != nil { - log.Error().Err(err).Msg("Failed downloading from Kubeshark data volume") - return err - } - } - - log.Info().Str("tar-path", tarPath).Msg("Openning") - - ctx := context.Background() - cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation()) - if err != nil { - log.Error().Err(err).Send() - return err - } - defer cli.Close() - - tag := config.Config.Tap.Docker.Tag - if tag == "" { - if misc.Ver == "0.0.0" { - tag = "latest" - } else { - tag = misc.Ver - } - } - - imageFront := fmt.Sprintf("%s/%s:%s", config.Config.Tap.Docker.Registry, "front", tag) - imageHub := fmt.Sprintf("%s/%s:%s", config.Config.Tap.Docker.Registry, "hub", tag) - imageWorker := fmt.Sprintf("%s/%s:%s", config.Config.Tap.Docker.Registry, "worker", tag) - - err = pullImages(ctx, cli, imageFront, imageHub, imageWorker) - if err != nil { - log.Error().Err(err).Send() - return err - } - - tarFile, err := os.Open(tarPath) - if err != nil { - log.Error().Err(err).Send() - return err - } - defer tarFile.Close() - tarReader := bufio.NewReader(tarFile) - - respFront, respHub, respWorker, workerIPAddr, err := createAndStartContainers( - ctx, - cli, - imageFront, - imageHub, - imageWorker, - tarReader, - ) - if err != nil { - log.Error().Err(err).Send() - return err - } - - workerPod := &v1.Pod{ - Spec: v1.PodSpec{ - NodeName: "docker", - }, - Status: v1.PodStatus{ - PodIP: workerIPAddr, - Phase: v1.PodRunning, - ContainerStatuses: []v1.ContainerStatus{ - { - Ready: true, - }, - }, - }, - } - - connector = connect.NewConnector(kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port), connect.DefaultRetries, connect.DefaultTimeout) - connector.PostWorkerPodToHub(workerPod) - - // License - if config.Config.License != "" { - connector.PostLicense(config.Config.License) - } - - log.Info(). - Str("url", kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)). - Msg(fmt.Sprintf(utils.Green, "Hub is available at:")) - - url := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Front.Port) - log.Info().Str("url", url).Msg(fmt.Sprintf(utils.Green, fmt.Sprintf("%s is available at:", misc.Software))) - - if !config.Config.HeadlessMode { - utils.OpenBrowser(url) - } - - ctxC, cancel := context.WithCancel(context.Background()) - defer cancel() - utils.WaitForTermination(ctxC, cancel) - - err = stopAndRemoveContainers(ctx, cli, respFront, respHub, respWorker) - if err != nil { - log.Error().Err(err).Send() - return err - } - - return nil -} diff --git a/cmd/tapRunner.go b/cmd/tapRunner.go index 5821acf87..7d1678603 100644 --- a/cmd/tapRunner.go +++ b/cmd/tapRunner.go @@ -47,13 +47,6 @@ func tap() { ready = &Readiness{} state.startTime = time.Now() log.Info().Str("registry", config.Config.Tap.Docker.Registry).Str("tag", config.Config.Tap.Docker.Tag).Msg("Using Docker:") - if config.Config.Tap.Pcap != "" { - err := pcap(config.Config.Tap.Pcap) - if err != nil { - os.Exit(1) - } - return - } log.Info(). Str("limit", config.Config.Tap.StorageLimit). diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 9ecab4c4c..a874d50d7 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -115,7 +115,6 @@ type TapConfig struct { StorageLimit string `yaml:"storageLimit" json:"storageLimit" default:"500Mi"` StorageClass string `yaml:"storageClass" json:"storageClass" default:"standard"` DryRun bool `yaml:"dryRun" json:"dryRun" default:"false"` - Pcap string `yaml:"pcap" json:"pcap" default:""` Resources ResourcesConfig `yaml:"resources" json:"resources"` ServiceMesh bool `yaml:"serviceMesh" json:"serviceMesh" default:"true"` Tls bool `yaml:"tls" json:"tls" default:"true"` diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 6ee1044ea..a54cf5404 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -23,7 +23,6 @@ tap: storageLimit: 500Mi storageClass: standard dryRun: false - pcap: "" resources: worker: limits: diff --git a/manifests/complete.yaml b/manifests/complete.yaml index 65fa853eb..ec16fb536 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -4,10 +4,10 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-service-account @@ -21,10 +21,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm stringData: LICENSE: '' @@ -36,10 +36,10 @@ metadata: name: kubeshark-nginx-config-map namespace: default labels: - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm data: default.conf: | @@ -85,10 +85,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm data: POD_REGEX: '.*' @@ -106,10 +106,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-cluster-role @@ -134,10 +134,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-cluster-role-binding @@ -156,10 +156,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role @@ -184,10 +184,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role-binding @@ -207,10 +207,10 @@ kind: Service metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-hub @@ -229,10 +229,10 @@ apiVersion: v1 kind: Service metadata: labels: - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front @@ -253,10 +253,10 @@ metadata: labels: app.kubeshark.co/app: worker sidecar.istio.io/inject: "false" - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-worker-daemon-set @@ -265,19 +265,19 @@ spec: selector: matchLabels: app.kubeshark.co/app: worker - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm template: metadata: labels: app.kubeshark.co/app: worker - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm name: kubeshark-worker-daemon-set namespace: kubeshark @@ -292,7 +292,7 @@ spec: - -servicemesh - -procfs - /hostproc - image: 'docker.io/kubeshark/worker:v51.0.18' + image: 'docker.io/kubeshark/worker:v51.0.27' imagePullPolicy: Always name: sniffer env: @@ -320,6 +320,7 @@ spec: - SYS_PTRACE - DAC_OVERRIDE - SYS_MODULE + - CHECKPOINT_RESTORE drop: - ALL readinessProbe: @@ -349,7 +350,7 @@ spec: - ./tracer - -procfs - /hostproc - image: 'docker.io/kubeshark/worker:v51.0.18' + image: 'docker.io/kubeshark/worker:v51.0.27' imagePullPolicy: Always name: tracer env: @@ -370,6 +371,7 @@ spec: - SYS_PTRACE - DAC_OVERRIDE - SYS_RESOURCE + - CHECKPOINT_RESTORE drop: - ALL volumeMounts: @@ -416,10 +418,10 @@ kind: Deployment metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-hub @@ -429,19 +431,19 @@ spec: selector: matchLabels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm template: metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm spec: dnsPolicy: ClusterFirstWithHostNet @@ -459,7 +461,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: 'docker.io/kubeshark/hub:v51.0.18' + image: 'docker.io/kubeshark/hub:v51.0.27' imagePullPolicy: Always readinessProbe: periodSeconds: 1 @@ -489,10 +491,10 @@ kind: Deployment metadata: labels: app.kubeshark.co/app: front - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front @@ -502,19 +504,19 @@ spec: selector: matchLabels: app.kubeshark.co/app: front - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm template: metadata: labels: app.kubeshark.co/app: front - helm.sh/chart: kubeshark-51.0.18 + helm.sh/chart: kubeshark-51.0.27 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "51.0.18" + app.kubernetes.io/version: "51.0.27" app.kubernetes.io/managed-by: Helm spec: containers: @@ -527,7 +529,7 @@ spec: value: ':8899/api' - name: REACT_APP_AUTH_ENABLED value: 'false' - image: 'docker.io/kubeshark/front:v51.0.18' + image: 'docker.io/kubeshark/front:v51.0.27' imagePullPolicy: Always name: kubeshark-front livenessProbe: