diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 897910e3d..c9e6f1a2f 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -311,6 +311,7 @@ type TapConfig struct { PersistentStorageStatic bool `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"` PersistentStoragePvcVolumeMode string `yaml:"persistentStoragePvcVolumeMode" json:"persistentStoragePvcVolumeMode" default:"FileSystem"` EfsFileSytemIdAndPath string `yaml:"efsFileSytemIdAndPath" json:"efsFileSytemIdAndPath" default:""` + Secrets []string `yaml:"secrets" json:"secrets" default:"[]"` StorageLimit string `yaml:"storageLimit" json:"storageLimit" default:"5Gi"` StorageClass string `yaml:"storageClass" json:"storageClass" default:"standard"` DryRun bool `yaml:"dryRun" json:"dryRun" default:"false"` diff --git a/helm-chart/README.md b/helm-chart/README.md index f9675e48a..1f46fef41 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -202,6 +202,7 @@ Example for overriding image names: | `tap.debug` | Enable debug mode | `false` | | `tap.telemetry.enabled` | Enable anonymous usage statistics collection | `true` | | `tap.resourceGuard.enabled` | Enable resource guard worker process, which watches RAM/disk usage and enables/disables traffic capture based on available resources | `false` | +| `tap.secrets` | List of secrets to be used as source for environment variables (e.g. `kubeshark-license`) | `[]` | | `tap.sentry.enabled` | Enable sending of error logs to Sentry | `true` (only for qualified users) | | `tap.sentry.environment` | Sentry environment to label error logs with | `production` | | `tap.defaultFilter` | Sets the default dashboard KFL filter (e.g. `http`). By default, this value is set to filter out noisy protocols such as DNS, UDP, ICMP and TCP. The user can easily change this, **temporarily**, in the Dashboard. For a permanent change, you should change this value in the `values.yaml` or `config.yaml` file. | `"!dns and !error"` | diff --git a/helm-chart/templates/04-hub-deployment.yaml b/helm-chart/templates/04-hub-deployment.yaml index 29f4ed0e5..4231092d2 100644 --- a/helm-chart/templates/04-hub-deployment.yaml +++ b/helm-chart/templates/04-hub-deployment.yaml @@ -36,6 +36,13 @@ spec: {{- if .Values.tap.gitops.enabled }} - -gitops {{- end }} + {{- if .Values.tap.secrets }} + envFrom: + {{- range .Values.tap.secrets }} + - secretRef: + name: {{ . }} + {{- end }} + {{- end }} env: - name: POD_NAME valueFrom: diff --git a/helm-chart/templates/NOTES.txt b/helm-chart/templates/NOTES.txt index 1beaa0e5d..81170986f 100644 --- a/helm-chart/templates/NOTES.txt +++ b/helm-chart/templates/NOTES.txt @@ -28,7 +28,7 @@ Notices: - Support chat using Intercom is enabled. It can be disabled using `--set supportChatEnabled=false` {{- end }} {{- if eq .Values.license ""}} -- No license key was detected. You can either log-in/sign-up through the dashboard, or download the license key from https://console.kubeshark.co/. +- No license key was detected. You can either log-in/sign-up through the dashboard, or download the license key from https://console.kubeshark.co/ and add it as `LICENSE` via mounted secret (`tap.secrets`). {{- end }} {{ if .Values.tap.ingress.enabled }} diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 72a277c0a..a7029b8fd 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -35,6 +35,7 @@ tap: persistentStorageStatic: false persistentStoragePvcVolumeMode: FileSystem efsFileSytemIdAndPath: "" + secrets: [] storageLimit: 5Gi storageClass: standard dryRun: false