Add optional gitops mode

2025-07-31 16:25:22 +00:00 · 2025-04-16 19:36:11 +03:00 · 2025-04-16 19:36:11 +03:00 · cd3546cb45
commit cd3546cb45
parent 4ca9bc8fc0
9 changed files with 30 additions and 5 deletions
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@ -227,6 +227,10 @@ type WatchdogConfig struct {
 	Enabled bool `yaml:"enabled" json:"enabled" default:"true"`
 }

+type GitopsConfig struct {
+	Enabled bool `yaml:"enabled" json:"enabled" default:"false"`
+}
+
 type CapabilitiesConfig struct {
 	NetworkCapture     []string `yaml:"networkCapture" json:"networkCapture"  default:"[]"`
 	ServiceMeshCapture []string `yaml:"serviceMeshCapture" json:"serviceMeshCapture"  default:"[]"`
@ -330,6 +334,7 @@ type TapConfig struct {
 	Telemetry                      TelemetryConfig         `yaml:"telemetry" json:"telemetry"`
 	ResourceGuard                  ResourceGuardConfig     `yaml:"resourceGuard" json:"resourceGuard"`
 	Watchdog                       WatchdogConfig          `yaml:"watchdog" json:"watchdog"`
+	Gitops                         GitopsConfig            `yaml:"gitops" json:"gitops"`
 	Sentry                         SentryConfig            `yaml:"sentry" json:"sentry"`
 	DefaultFilter                  string                  `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !error"`
 	LiveConfigMapChangesDisabled   bool                    `yaml:"liveConfigMapChangesDisabled" json:"liveConfigMapChangesDisabled" default:"false"`
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@ -210,6 +210,7 @@ Example for overriding image names:
 | `tap.metrics.port`                  | Pod port used to expose Prometheus metrics          | `49100`                                                  |
 | `tap.enabledDissectors`                   | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `udp` and `tcp` |
 | `tap.mountBpf`                            | BPF filesystem needs to be mounted for eBPF to work properly. This helm value determines whether Kubeshark will attempt to mount the filesystem. This option is not required if filesystem is already mounts. │ `true`|
+| `tap.gitops.enabled`                          | Enable GitOps functionality. This will allow you to use GitOps to manage your Kubeshark configuration. | `false` |
 | `logs.file`                               | Logs dump path                      | `""`                                                    |
 | `pcapdump.enabled`                        | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools                 | `true`                                                                                                  |
 | `pcapdump.maxTime`                        | The time window into the past that will be stored. Older traffic will be discarded.  | `2h`  |
--- a/helm-chart/templates/04-hub-deployment.yaml
+++ b/helm-chart/templates/04-hub-deployment.yaml
@ -33,6 +33,9 @@ spec:
            - "8080"
            - -loglevel
            - '{{ .Values.logLevel | default "warning" }}'
+            {{- if .Values.tap.gitops.enabled }}
+            - -gitops
+            {{- end }}
          env:
          - name: POD_NAME
            valueFrom:
--- a/helm-chart/templates/12-config-map.yaml
+++ b/helm-chart/templates/12-config-map.yaml
@ -1,7 +1,7 @@
 kind: ConfigMap
 apiVersion: v1
 metadata:
-  name: kubeshark-config-map-default
+  name: {{ include "kubeshark.configmapName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubeshark.co/app: hub
--- a/helm-chart/templates/13-secret.yaml
+++ b/helm-chart/templates/13-secret.yaml
@ -1,7 +1,7 @@
 kind: Secret
 apiVersion: v1
 metadata:
-  name: kubeshark-secret-default
+  name: {{ include "kubeshark.secretName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubeshark.co/app: hub
--- a/helm-chart/templates/18-cleanup-job.yaml
+++ b/helm-chart/templates/18-cleanup-job.yaml
@ -1,3 +1,4 @@
+{{ if .Values.tap.gitops.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@ -19,4 +20,5 @@ spec:
        {{ else }}
          image: '{{ .Values.tap.docker.registry }}/hub:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}'
        {{- end }}
-          command: ["/app/cleanup"]
+          command: ["/app/cleanup"]
+{{ end -}}
--- a/helm-chart/templates/_helpers.tpl
+++ b/helm-chart/templates/_helpers.tpl
@ -49,6 +49,18 @@ Create the name of the service account to use
 {{- printf "%s-service-account" .Release.Name }}
 {{- end }}

+{{/*
+Set configmap and secret names based on gitops.enabled
+*/}}
+{{- define "kubeshark.configmapName" -}}
+kubeshark-config-map{{ if .Values.tap.gitops.enabled }}-default{{ end }}
+{{- end -}}
+
+{{- define "kubeshark.secretName" -}}
+kubeshark-secret{{ if .Values.tap.gitops.enabled }}-default{{ end }}
+{{- end -}}
+
+
 {{/*
 Escape double quotes in a string
 */}}
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@ -151,6 +151,8 @@ tap:
    enabled: false
  watchdog:
    enabled: true
+  gitops:
+    enabled: false
  sentry:
    enabled: false
    environment: production
--- a/manifests/complete.yaml
+++ b/manifests/complete.yaml
@ -130,7 +130,7 @@ metadata:
 kind: Secret
 apiVersion: v1
 metadata:
-  name: kubeshark-secret-default
+  name: kubeshark-secret
  namespace: default
  labels:
    app.kubeshark.co/app: hub
@ -244,7 +244,7 @@ data:
 kind: ConfigMap
 apiVersion: v1
 metadata:
-  name: kubeshark-config-map-default
+  name: kubeshark-config-map
  namespace: default
  labels:
    app.kubeshark.co/app: hub