From dfbb32108421249dc5340b6bbcf56061fa814f74 Mon Sep 17 00:00:00 2001 From: Alon Girmonsky <1990761+alongir@users.noreply.github.com> Date: Sun, 8 Dec 2024 14:48:13 -0800 Subject: [PATCH] Default startup values change (#1646) * updated the defaultFilter default values and docs. * fixed a small err in the docs --- config/configStruct.go | 2 +- config/configStructs/tapConfig.go | 2 +- helm-chart/README.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/configStruct.go b/config/configStruct.go index 1d1619a25..02aeb15d0 100644 --- a/config/configStruct.go +++ b/config/configStruct.go @@ -81,7 +81,7 @@ func CreateDefaultConfig() ConfigStruct { // "tcp", // "udp", "ws", - "tls", + // "tls", }, }, } diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 475a16bdb..9100ca6a5 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -234,7 +234,7 @@ type TapConfig struct { Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"` ResourceGuard ResourceGuardConfig `yaml:"resourceGuard" json:"resourceGuard"` Sentry SentryConfig `yaml:"sentry" json:"sentry"` - DefaultFilter string `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !tcp and !udp and !icmp"` + DefaultFilter string `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !error"` ScriptingDisabled bool `yaml:"scriptingDisabled" json:"scriptingDisabled" default:"false"` TargetedPodsUpdateDisabled bool `yaml:"targetedPodsUpdateDisabled" json:"targetedPodsUpdateDisabled" default:"false"` PresetFiltersChangingEnabled bool `yaml:"presetFiltersChangingEnabled" json:"presetFiltersChangingEnabled" default:"true"` diff --git a/helm-chart/README.md b/helm-chart/README.md index d667b2b01..6af7f192f 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -187,10 +187,10 @@ Example for overriding image names: | `tap.resourceGuard.enabled` | Enable resource guard worker process, which watches RAM/disk usage and enables/disables traffic capture based on available resources | `false` | | `tap.sentry.enabled` | Enable sending of error logs to Sentry | `false` | | `tap.sentry.environment` | Sentry environment to label error logs with | `production` | -| `tap.defaultFilter` | Sets the default dashboard KFL filter (e.g. `http`). By default, this value is set to filter out noisy protocols such as DNS, UDP, ICMP and TCP. The user can easily change this in the Dashboard. You can also change this value to change this behavior. | `"!dns and !tcp and !udp and !icmp"` | +| `tap.defaultFilter` | Sets the default dashboard KFL filter (e.g. `http`). By default, this value is set to filter out noisy protocols such as DNS, UDP, ICMP and TCP. The user can easily change this, **temporarily**, in the Dashboard. For a permanent change, you should change this value in the `values.yaml` or `config.yaml` file. | `"!dns and !error"` | | `tap.globalFilter` | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field. Another example `!dns` will not show any DNS traffic. | `""` | | `tap.metrics.port` | Pod port used to expose Prometheus metrics | `49100` | -| `tap.enabledDissectors` | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `dns` and `tcp` | +| `tap.enabledDissectors` | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `udp` and `tcp` | | `logs.file` | Logs dump path | `""` | | `pcapdump.enabled` | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools | `true` | | `pcapdump.maxTime` | The time window into the past that will be stored. Older traffic will be discarded. | `2h` |