From 806aa12feb7f3e2ad836b3371126f76190971acd Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Sat, 1 Jun 2024 16:33:13 +0300 Subject: [PATCH 1/6] Run `make generate-manifests` --- manifests/complete.yaml | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/manifests/complete.yaml b/manifests/complete.yaml index 458a6ecf8..6c1132c73 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -436,19 +436,6 @@ spec: name: kubeshark-worker-daemon-set namespace: kubeshark spec: - initContainers: - - name: load-pf-ring - image: kubeshark/pf-ring-module:all - imagePullPolicy: Always - securityContext: - capabilities: - add: - - SYS_MODULE - drop: - - ALL - volumeMounts: - - name: lib-modules - mountPath: /lib/modules containers: - command: - ./worker @@ -464,7 +451,7 @@ spec: - -servicemesh - -procfs - /hostproc - - -kernel-module + - -disable-ebpf image: 'docker.io/kubeshark/worker:v52.3.59' imagePullPolicy: Always name: sniffer @@ -531,6 +518,7 @@ spec: - ./tracer - -procfs - /hostproc + - -disable-ebpf image: 'docker.io/kubeshark/worker:v52.3.59' imagePullPolicy: Always name: tracer From d22e30f86d5c148722a951118819a912e453ccb7 Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Sat, 1 Jun 2024 16:37:22 +0300 Subject: [PATCH 2/6] :bookmark: Bump the Helm chart version to 52.3.62 --- helm-chart/Chart.yaml | 2 +- manifests/complete.yaml | 84 ++++++++++++++++++++--------------------- 2 files changed, 43 insertions(+), 43 deletions(-) diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index a494479c5..f11913415 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: kubeshark -version: "52.3.59" +version: "52.3.62" description: The API Traffic Analyzer for Kubernetes home: https://kubeshark.co keywords: diff --git a/manifests/complete.yaml b/manifests/complete.yaml index 6c1132c73..64467da60 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -66,10 +66,10 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-service-account @@ -83,10 +83,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm stringData: LICENSE: '' @@ -100,10 +100,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm stringData: AUTH_SAML_X509_CRT: | @@ -116,10 +116,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm stringData: AUTH_SAML_X509_KEY: | @@ -131,10 +131,10 @@ metadata: name: kubeshark-nginx-config-map namespace: default labels: - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm data: default.conf: | @@ -195,10 +195,10 @@ metadata: namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm data: POD_REGEX: '.*' @@ -230,10 +230,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-cluster-role-default @@ -267,10 +267,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-cluster-role-binding-default @@ -289,10 +289,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role @@ -318,10 +318,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role-binding @@ -341,10 +341,10 @@ kind: Service metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-hub @@ -363,10 +363,10 @@ apiVersion: v1 kind: Service metadata: labels: - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front @@ -392,10 +392,10 @@ metadata: spec: selector: app.kubeshark.co/app: worker - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm ports: - name: metrics @@ -410,10 +410,10 @@ metadata: labels: app.kubeshark.co/app: worker sidecar.istio.io/inject: "false" - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-worker-daemon-set @@ -428,10 +428,10 @@ spec: metadata: labels: app.kubeshark.co/app: worker - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm name: kubeshark-worker-daemon-set namespace: kubeshark @@ -452,7 +452,7 @@ spec: - -procfs - /hostproc - -disable-ebpf - image: 'docker.io/kubeshark/worker:v52.3.59' + image: 'docker.io/kubeshark/worker:v52.3.62' imagePullPolicy: Always name: sniffer ports: @@ -519,7 +519,7 @@ spec: - -procfs - /hostproc - -disable-ebpf - image: 'docker.io/kubeshark/worker:v52.3.59' + image: 'docker.io/kubeshark/worker:v52.3.62' imagePullPolicy: Always name: tracer env: @@ -602,10 +602,10 @@ kind: Deployment metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-hub @@ -621,10 +621,10 @@ spec: metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm spec: dnsPolicy: ClusterFirstWithHostNet @@ -646,7 +646,7 @@ spec: fieldPath: metadata.namespace - name: KUBESHARK_CLOUD_API_URL value: 'https://api.kubeshark.co' - image: 'docker.io/kubeshark/hub:v52.3.59' + image: 'docker.io/kubeshark/hub:v52.3.62' imagePullPolicy: Always readinessProbe: periodSeconds: 1 @@ -694,10 +694,10 @@ kind: Deployment metadata: labels: app.kubeshark.co/app: front - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front @@ -713,10 +713,10 @@ spec: metadata: labels: app.kubeshark.co/app: front - helm.sh/chart: kubeshark-52.3.59 + helm.sh/chart: kubeshark-52.3.62 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.3.59" + app.kubernetes.io/version: "52.3.62" app.kubernetes.io/managed-by: Helm spec: containers: @@ -741,7 +741,7 @@ spec: value: 'false' - name: 'REACT_APP_CLOUD_LICENSE_ENABLED' value: 'true' - image: 'docker.io/kubeshark/front:v52.3.59' + image: 'docker.io/kubeshark/front:v52.3.62' imagePullPolicy: Always name: kubeshark-front livenessProbe: From a58f72ed8700a8f9e7670854aa7b5eb62c254ad3 Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Thu, 6 Jun 2024 04:01:32 +0300 Subject: [PATCH 3/6] :shirt: Fix the linter error --- cmd/pro.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cmd/pro.go b/cmd/pro.go index da985ee65..b343b2213 100644 --- a/cmd/pro.go +++ b/cmd/pro.go @@ -132,7 +132,11 @@ func runLicenseRecieverServer() { log.Info().Msg("Alternatively enter your license key:") var licenseKey string - fmt.Scanf("%s", &licenseKey) + _, err := fmt.Scanf("%s", &licenseKey) + if err != nil { + log.Error().Err(err).Send() + return + } updateLicense(licenseKey) } From d6143f5a6ad6d19d6e98ec901c194b112e1e237e Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Thu, 6 Jun 2024 04:07:24 +0300 Subject: [PATCH 4/6] Replace `DisableCgroupIdResolution` field with `ResolutionStrategy` of `MiscConfig` struct --- config/configStructs/tapConfig.go | 2 +- helm-chart/templates/09-worker-daemon-set.yaml | 5 ++--- helm-chart/values.yaml | 2 +- manifests/complete.yaml | 2 ++ 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 2f38ae63d..4b3b2e6a6 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -154,7 +154,7 @@ type MiscConfig struct { TrafficSampleRate int `yaml:"trafficSampleRate" json:"trafficSampleRate" default:"100"` TcpStreamChannelTimeoutMs int `yaml:"tcpStreamChannelTimeoutMs" json:"tcpStreamChannelTimeoutMs" default:"10000"` TcpStreamChannelTimeoutShow bool `yaml:"tcpStreamChannelTimeoutShow" json:"tcpStreamChannelTimeoutShow" default:"false"` - DisableCgroupIdResolution bool `yaml:"disableCgroupIdResolution" json:"disableCgroupIdResolution" default:"false"` + ResolutionStrategy string `yaml:"resolutionStrategy" json:"resolutionStrategy" default:"auto"` } type TapConfig struct { diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml index 716bff64a..3db7bf9a6 100644 --- a/helm-chart/templates/09-worker-daemon-set.yaml +++ b/helm-chart/templates/09-worker-daemon-set.yaml @@ -65,9 +65,8 @@ spec: {{- if ne .Values.tap.packetCapture "ebpf" }} - -disable-ebpf {{- end }} - {{- if .Values.tap.misc.disableCgroupIdResolution }} - - -disable-cgroup-id-resolution - {{- end }} + - -resolution-strategy + - '{{ .Values.tap.misc.resolutionStrategy }}' {{- if .Values.tap.debug }} - -debug - -dumptracer diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index c921976e7..a4c172cda 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -122,7 +122,7 @@ tap: trafficSampleRate: 100 tcpStreamChannelTimeoutMs: 10000 tcpStreamChannelTimeoutShow: false - disableCgroupIdResolution: false + resolutionStrategy: auto logs: file: "" grep: "" diff --git a/manifests/complete.yaml b/manifests/complete.yaml index 64467da60..b0e802813 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -452,6 +452,8 @@ spec: - -procfs - /hostproc - -disable-ebpf + - -resolution-strategy + - 'auto' image: 'docker.io/kubeshark/worker:v52.3.62' imagePullPolicy: Always name: sniffer From 75931d91233cfc330ccc0093b4717b3e8cdca60d Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Thu, 6 Jun 2024 04:17:03 +0300 Subject: [PATCH 5/6] Add `Profile` field to `MiscConfig` struct --- config/configStructs/tapConfig.go | 1 + helm-chart/templates/09-worker-daemon-set.yaml | 2 ++ helm-chart/values.yaml | 1 + manifests/complete.yaml | 2 ++ 4 files changed, 6 insertions(+) diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 4b3b2e6a6..c24beb0bc 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -155,6 +155,7 @@ type MiscConfig struct { TcpStreamChannelTimeoutMs int `yaml:"tcpStreamChannelTimeoutMs" json:"tcpStreamChannelTimeoutMs" default:"10000"` TcpStreamChannelTimeoutShow bool `yaml:"tcpStreamChannelTimeoutShow" json:"tcpStreamChannelTimeoutShow" default:"false"` ResolutionStrategy string `yaml:"resolutionStrategy" json:"resolutionStrategy" default:"auto"` + Profile bool `yaml:"profile" json:"profile" default:"false"` } type TapConfig struct { diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml index 3db7bf9a6..5502f73a2 100644 --- a/helm-chart/templates/09-worker-daemon-set.yaml +++ b/helm-chart/templates/09-worker-daemon-set.yaml @@ -94,6 +94,8 @@ spec: value: '{{ .Values.tap.misc.tcpStreamChannelTimeoutShow }}' - name: KUBESHARK_CLOUD_API_URL value: 'https://api.kubeshark.co' + - name: PROFILING_ENABLED + value: '{{ .Values.tap.misc.profile }}' resources: limits: cpu: {{ .Values.tap.resources.sniffer.limits.cpu }} diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index a4c172cda..be9144a1e 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -123,6 +123,7 @@ tap: tcpStreamChannelTimeoutMs: 10000 tcpStreamChannelTimeoutShow: false resolutionStrategy: auto + profile: false logs: file: "" grep: "" diff --git a/manifests/complete.yaml b/manifests/complete.yaml index b0e802813..63cbe0299 100644 --- a/manifests/complete.yaml +++ b/manifests/complete.yaml @@ -476,6 +476,8 @@ spec: value: 'false' - name: KUBESHARK_CLOUD_API_URL value: 'https://api.kubeshark.co' + - name: PROFILING_ENABLED + value: 'false' resources: limits: cpu: 750m From 6d0512fd57d540392e5ff29cc8454655c7d3310a Mon Sep 17 00:00:00 2001 From: "M. Mert Yildiran" Date: Thu, 6 Jun 2024 04:32:06 +0300 Subject: [PATCH 6/6] :wrench: Update the `helm-install` and `logs-` Makefile rules --- Makefile | 45 +++++++++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/Makefile b/Makefile index fc787c68a..712e2d542 100644 --- a/Makefile +++ b/Makefile @@ -89,16 +89,34 @@ generate-helm-values: ## Generate the Helm values from config.yaml generate-manifests: ## Generate the manifests from the Helm chart using default configuration helm template kubeshark -n default ./helm-chart > ./manifests/complete.yaml -logs-worker: +logs-sniffer: export LOGS_POD_PREFIX=kubeshark-worker- + export LOGS_CONTAINER='-c sniffer' export LOGS_FOLLOW= ${MAKE} logs -logs-worker-follow: +logs-sniffer-follow: export LOGS_POD_PREFIX=kubeshark-worker- + export LOGS_CONTAINER='-c sniffer' export LOGS_FOLLOW=--follow ${MAKE} logs +logs-tracer: + export LOGS_POD_PREFIX=kubeshark-worker- + export LOGS_CONTAINER='-c tracer' + export LOGS_FOLLOW= + ${MAKE} logs + +logs-tracer-follow: + export LOGS_POD_PREFIX=kubeshark-worker- + export LOGS_CONTAINER='-c tracer' + export LOGS_FOLLOW=--follow + ${MAKE} logs + +logs-worker: logs-sniffer + +logs-worker-follow: logs-sniffer-follow + logs-hub: export LOGS_POD_PREFIX=kubeshark-hub export LOGS_FOLLOW= @@ -120,7 +138,7 @@ logs-front-follow: ${MAKE} logs logs: - kubectl logs $$(kubectl get pods | awk '$$1 ~ /^$(LOGS_POD_PREFIX)/' | awk 'END {print $$1}') $(LOGS_FOLLOW) + kubectl logs $$(kubectl get pods | awk '$$1 ~ /^$(LOGS_POD_PREFIX)/' | awk 'END {print $$1}') $(LOGS_CONTAINER) $(LOGS_FOLLOW) ssh-node: kubectl ssh node $$(kubectl get nodes | awk 'END {print $$1}') @@ -141,22 +159,13 @@ exec: kubectl exec --stdin --tty $$(kubectl get pods | awk '$$1 ~ /^$(EXEC_POD_PREFIX)/' | awk 'END {print $$1}') -- /bin/sh helm-install: - cd helm-chart && helm install kubeshark . && cd .. - -helm-install-canary: - cd helm-chart && helm install kubeshark . --set tap.docker.tag=canary && cd .. - -helm-install-dev: - cd helm-chart && helm install kubeshark . --set tap.docker.tag=dev && cd .. + cd helm-chart && helm install kubeshark . --set tap.docker.tag=$(TAG) && cd .. helm-install-debug: - cd helm-chart && helm install kubeshark . --set tap.debug=true && cd .. + cd helm-chart && helm install kubeshark . --set tap.docker.tag=$(TAG) --set tap.debug=true && cd .. -helm-install-debug-canary: - cd helm-chart && helm install kubeshark . --set tap.debug=true --set tap.docker.tag=canary && cd .. - -helm-install-debug-dev: - cd helm-chart && helm install kubeshark . --set tap.debug=true --set tap.docker.tag=dev && cd .. +helm-install-profile: + cd helm-chart && helm install kubeshark . --set tap.docker.tag=$(TAG) --set tap.misc.profile=true && cd .. helm-uninstall: helm uninstall kubeshark @@ -164,8 +173,8 @@ helm-uninstall: proxy: kubeshark proxy -port-forward-worker: - kubectl port-forward $$(kubectl get pods | awk '$$1 ~ /^$(LOGS_POD_PREFIX)/' | awk 'END {print $$1}') $(LOGS_FOLLOW) 30001:30001 +port-forward: + kubectl port-forward $$(kubectl get pods | awk '$$1 ~ /^$(POD_PREFIX)/' | awk 'END {print $$1}') $(SRC_PORT):$(DST_PORT) release: @cd ../worker && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags