github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-08-22 02:15:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add --ignoreTainted flag to tap command

Browse Source
This commit is contained in:
M. Mert Yildiran 2023-03-27 16:26:09 +03:00
parent 8b5e55d53a
commit e4684a10af
No known key found for this signature in database
GPG Key ID: DA5D6DCBB758A461
3 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/tap.go
View File

@ -58,5 +58,6 @@ func init() {
tapCmd.Flags().StringP(configStructs.PcapLabel, "p", defaultTapConfig.Pcap, fmt.Sprintf("Capture from a PCAP snapshot of %s (.tar.gz) using your Docker Daemon instead of Kubernetes", misc.Software)) tapCmd.Flags().StringP(configStructs.PcapLabel, "p", defaultTapConfig.Pcap, fmt.Sprintf("Capture from a PCAP snapshot of %s (.tar.gz) using your Docker Daemon instead of Kubernetes", misc.Software))
tapCmd.Flags().Bool(configStructs.ServiceMeshLabel, defaultTapConfig.ServiceMesh, "Capture the encrypted traffic if the cluster is configured with a service mesh and with mTLS") tapCmd.Flags().Bool(configStructs.ServiceMeshLabel, defaultTapConfig.ServiceMesh, "Capture the encrypted traffic if the cluster is configured with a service mesh and with mTLS")
tapCmd.Flags().Bool(configStructs.TlsLabel, defaultTapConfig.Tls, "Capture the traffic that's encrypted with OpenSSL or Go crypto/tls libraries") tapCmd.Flags().Bool(configStructs.TlsLabel, defaultTapConfig.Tls, "Capture the traffic that's encrypted with OpenSSL or Go crypto/tls libraries")
tapCmd.Flags().Bool(configStructs.IgnoreTaintedLabel, defaultTapConfig.IgnoreTainted, "Ignore tainted pods while running Worker DaemonSet")
tapCmd.Flags().Bool(configStructs.DebugLabel, defaultTapConfig.Debug, "Enable the debug mode") tapCmd.Flags().Bool(configStructs.DebugLabel, defaultTapConfig.Debug, "Enable the debug mode")
} }

2
config/configStructs/tapConfig.go
View File

@ -24,6 +24,7 @@ const (
PcapLabel = "pcap" PcapLabel = "pcap"
ServiceMeshLabel = "servicemesh" ServiceMeshLabel = "servicemesh"
TlsLabel = "tls" TlsLabel = "tls"
IgnoreTaintedLabel = "ignoreTainted"
DebugLabel = "debug" DebugLabel = "debug"
) )
@ -82,6 +83,7 @@ type TapConfig struct {
ServiceMesh bool `yaml:"servicemesh" default:"true"` ServiceMesh bool `yaml:"servicemesh" default:"true"`
Tls bool `yaml:"tls" default:"true"` Tls bool `yaml:"tls" default:"true"`
PacketCapture string `yaml:"packetcapture" default:"libpcap"` PacketCapture string `yaml:"packetcapture" default:"libpcap"`
IgnoreTainted bool `yaml:"ignoreTainted" default:"false"`
Debug bool `yaml:"debug" default:"false"` Debug bool `yaml:"debug" default:"false"`
} }

10
kubernetes/provider.go
View File

@ -10,6 +10,7 @@ import (
"path/filepath" "path/filepath"
"regexp" "regexp"
"github.com/kubeshark/kubeshark/config"
"github.com/kubeshark/kubeshark/config/configStructs" "github.com/kubeshark/kubeshark/config/configStructs"
"github.com/kubeshark/kubeshark/docker" "github.com/kubeshark/kubeshark/docker"
"github.com/kubeshark/kubeshark/misc" "github.com/kubeshark/kubeshark/misc"
@ -735,12 +736,19 @@ func (provider *Provider) ApplyWorkerDaemonSet(
affinity := applyconfcore.Affinity() affinity := applyconfcore.Affinity()
affinity.WithNodeAffinity(nodeAffinity) affinity.WithNodeAffinity(nodeAffinity)
var tolerations []*v1.TolerationApplyConfiguration
noExecuteToleration := applyconfcore.Toleration() noExecuteToleration := applyconfcore.Toleration()
noExecuteToleration.WithOperator(core.TolerationOpExists) noExecuteToleration.WithOperator(core.TolerationOpExists)
noExecuteToleration.WithEffect(core.TaintEffectNoExecute) noExecuteToleration.WithEffect(core.TaintEffectNoExecute)
tolerations = append(tolerations, noExecuteToleration)
noScheduleToleration := applyconfcore.Toleration() noScheduleToleration := applyconfcore.Toleration()
noScheduleToleration.WithOperator(core.TolerationOpExists) noScheduleToleration.WithOperator(core.TolerationOpExists)
noScheduleToleration.WithEffect(core.TaintEffectNoSchedule) noScheduleToleration.WithEffect(core.TaintEffectNoSchedule)
if !config.Config.Tap.IgnoreTainted {
tolerations = append(tolerations, noScheduleToleration)
}
// Host procfs is needed inside the container because we need access to // Host procfs is needed inside the container because we need access to
// the network namespaces of processes on the machine. // the network namespaces of processes on the machine.
@ -766,7 +774,7 @@ func (provider *Provider) ApplyWorkerDaemonSet(
} }
podSpec.WithContainers(workerContainer) podSpec.WithContainers(workerContainer)
podSpec.WithAffinity(affinity) podSpec.WithAffinity(affinity)
podSpec.WithTolerations(noExecuteToleration, noScheduleToleration) podSpec.WithTolerations(tolerations...)
podSpec.WithVolumes(procfsVolume, sysfsVolume) podSpec.WithVolumes(procfsVolume, sysfsVolume)
if len(imagePullSecrets) > 0 { if len(imagePullSecrets) > 0 {