diff --git a/config/configStruct.go b/config/configStruct.go index 1797faaa9..6051abdc7 100644 --- a/config/configStruct.go +++ b/config/configStruct.go @@ -16,13 +16,37 @@ const ( func CreateDefaultConfig() ConfigStruct { return ConfigStruct{ Tap: configStructs.TapConfig{ - NodeSelectorTerms: []v1.NodeSelectorTerm{ - { - MatchExpressions: []v1.NodeSelectorRequirement{ - { - Key: "kubernetes.io/os", - Operator: v1.NodeSelectorOpIn, - Values: []string{"linux"}, + NodeSelectorTerms: configStructs.NodeSelectorTermsConfig{ + Workers: []v1.NodeSelectorTerm{ + { + MatchExpressions: []v1.NodeSelectorRequirement{ + { + Key: "kubernetes.io/os", + Operator: v1.NodeSelectorOpIn, + Values: []string{"linux"}, + }, + }, + }, + }, + Hub: []v1.NodeSelectorTerm{ + { + MatchExpressions: []v1.NodeSelectorRequirement{ + { + Key: "kubernetes.io/os", + Operator: v1.NodeSelectorOpIn, + Values: []string{"linux"}, + }, + }, + }, + }, + Front: []v1.NodeSelectorTerm{ + { + MatchExpressions: []v1.NodeSelectorRequirement{ + { + Key: "kubernetes.io/os", + Operator: v1.NodeSelectorOpIn, + Values: []string{"linux"}, + }, }, }, }, diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index 5e03072b7..1e1b96b14 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -122,6 +122,12 @@ type ProbesConfig struct { Sniffer ProbeConfig `yaml:"sniffer" json:"sniffer"` } +type NodeSelectorTermsConfig struct { + Hub []v1.NodeSelectorTerm `yaml:"hub" json:"hub" default:"[]"` + Workers []v1.NodeSelectorTerm `yaml:"workers" json:"workers" default:"[]"` + Front []v1.NodeSelectorTerm `yaml:"front" json:"front" default:"[]"` +} + type ProbeConfig struct { InitialDelaySeconds int `yaml:"initialDelaySeconds" json:"initialDelaySeconds" default:"15"` PeriodSeconds int `yaml:"periodSeconds" json:"periodSeconds" default:"10"` @@ -224,46 +230,46 @@ type PcapDumpConfig struct { } type TapConfig struct { - Docker DockerConfig `yaml:"docker" json:"docker"` - Proxy ProxyConfig `yaml:"proxy" json:"proxy"` - PodRegexStr string `yaml:"regex" json:"regex" default:".*"` - Namespaces []string `yaml:"namespaces" json:"namespaces" default:"[]"` - ExcludedNamespaces []string `yaml:"excludedNamespaces" json:"excludedNamespaces" default:"[]"` - BpfOverride string `yaml:"bpfOverride" json:"bpfOverride" default:""` - Stopped bool `yaml:"stopped" json:"stopped" default:"false"` - Release ReleaseConfig `yaml:"release" json:"release"` - PersistentStorage bool `yaml:"persistentStorage" json:"persistentStorage" default:"false"` - PersistentStorageStatic bool `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"` - EfsFileSytemIdAndPath string `yaml:"efsFileSytemIdAndPath" json:"efsFileSytemIdAndPath" default:""` - StorageLimit string `yaml:"storageLimit" json:"storageLimit" default:"5000Mi"` - StorageClass string `yaml:"storageClass" json:"storageClass" default:"standard"` - DryRun bool `yaml:"dryRun" json:"dryRun" default:"false"` - Resources ResourcesConfig `yaml:"resources" json:"resources"` - Probes ProbesConfig `yaml:"probes" json:"probes"` - ServiceMesh bool `yaml:"serviceMesh" json:"serviceMesh" default:"true"` - Tls bool `yaml:"tls" json:"tls" default:"true"` - DisableTlsLog bool `yaml:"disableTlsLog" json:"disableTlsLog" default:"true"` - PacketCapture string `yaml:"packetCapture" json:"packetCapture" default:"best"` - IgnoreTainted bool `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"` - Labels map[string]string `yaml:"labels" json:"labels" default:"{}"` - Annotations map[string]string `yaml:"annotations" json:"annotations" default:"{}"` - NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"` - Auth AuthConfig `yaml:"auth" json:"auth"` - Ingress IngressConfig `yaml:"ingress" json:"ingress"` - IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"` - Debug bool `yaml:"debug" json:"debug" default:"false"` - Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"` - ResourceGuard ResourceGuardConfig `yaml:"resourceGuard" json:"resourceGuard"` - Sentry SentryConfig `yaml:"sentry" json:"sentry"` - DefaultFilter string `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !error"` - LiveConfigMapChangesDisabled bool `yaml:"liveConfigMapChangesDisabled" json:"liveConfigMapChangesDisabled" default:"false"` - Capabilities CapabilitiesConfig `yaml:"capabilities" json:"capabilities"` - GlobalFilter string `yaml:"globalFilter" json:"globalFilter" default:""` - EnabledDissectors []string `yaml:"enabledDissectors" json:"enabledDissectors"` - CustomMacros map[string]string `yaml:"customMacros" json:"customMacros" default:"{\"https\":\"tls and (http or http2)\"}"` - Metrics MetricsConfig `yaml:"metrics" json:"metrics"` - Pprof PprofConfig `yaml:"pprof" json:"pprof"` - Misc MiscConfig `yaml:"misc" json:"misc"` + Docker DockerConfig `yaml:"docker" json:"docker"` + Proxy ProxyConfig `yaml:"proxy" json:"proxy"` + PodRegexStr string `yaml:"regex" json:"regex" default:".*"` + Namespaces []string `yaml:"namespaces" json:"namespaces" default:"[]"` + ExcludedNamespaces []string `yaml:"excludedNamespaces" json:"excludedNamespaces" default:"[]"` + BpfOverride string `yaml:"bpfOverride" json:"bpfOverride" default:""` + Stopped bool `yaml:"stopped" json:"stopped" default:"false"` + Release ReleaseConfig `yaml:"release" json:"release"` + PersistentStorage bool `yaml:"persistentStorage" json:"persistentStorage" default:"false"` + PersistentStorageStatic bool `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"` + EfsFileSytemIdAndPath string `yaml:"efsFileSytemIdAndPath" json:"efsFileSytemIdAndPath" default:""` + StorageLimit string `yaml:"storageLimit" json:"storageLimit" default:"5000Mi"` + StorageClass string `yaml:"storageClass" json:"storageClass" default:"standard"` + DryRun bool `yaml:"dryRun" json:"dryRun" default:"false"` + Resources ResourcesConfig `yaml:"resources" json:"resources"` + Probes ProbesConfig `yaml:"probes" json:"probes"` + ServiceMesh bool `yaml:"serviceMesh" json:"serviceMesh" default:"true"` + Tls bool `yaml:"tls" json:"tls" default:"true"` + DisableTlsLog bool `yaml:"disableTlsLog" json:"disableTlsLog" default:"true"` + PacketCapture string `yaml:"packetCapture" json:"packetCapture" default:"best"` + IgnoreTainted bool `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"` + Labels map[string]string `yaml:"labels" json:"labels" default:"{}"` + Annotations map[string]string `yaml:"annotations" json:"annotations" default:"{}"` + NodeSelectorTerms NodeSelectorTermsConfig `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"{}"` + Auth AuthConfig `yaml:"auth" json:"auth"` + Ingress IngressConfig `yaml:"ingress" json:"ingress"` + IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"` + Debug bool `yaml:"debug" json:"debug" default:"false"` + Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"` + ResourceGuard ResourceGuardConfig `yaml:"resourceGuard" json:"resourceGuard"` + Sentry SentryConfig `yaml:"sentry" json:"sentry"` + DefaultFilter string `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !error"` + LiveConfigMapChangesDisabled bool `yaml:"liveConfigMapChangesDisabled" json:"liveConfigMapChangesDisabled" default:"false"` + Capabilities CapabilitiesConfig `yaml:"capabilities" json:"capabilities"` + GlobalFilter string `yaml:"globalFilter" json:"globalFilter" default:""` + EnabledDissectors []string `yaml:"enabledDissectors" json:"enabledDissectors"` + CustomMacros map[string]string `yaml:"customMacros" json:"customMacros" default:"{\"https\":\"tls and (http or http2)\"}"` + Metrics MetricsConfig `yaml:"metrics" json:"metrics"` + Pprof PprofConfig `yaml:"pprof" json:"pprof"` + Misc MiscConfig `yaml:"misc" json:"misc"` } func (config *TapConfig) PodRegex() *regexp.Regexp { diff --git a/helm-chart/README.md b/helm-chart/README.md index 717e248c4..8df616a69 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -174,7 +174,9 @@ Example for overriding image names: | `tap.ignoreTainted` | Whether to ignore tainted nodes | `false` | | `tap.labels` | Kubernetes labels to apply to all Kubeshark resources | `{}` | | `tap.annotations` | Kubernetes annotations to apply to all Kubeshark resources | `{}` | -| `tap.nodeSelectorTerms` | Node selector terms | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` | +| `tap.nodeSelectorTerms.Workers` | Node selector terms for workers components | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` | +| `tap.nodeSelectorTerms.Hub` | Node selector terms for hub component | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` | +| `tap.nodeSelectorTerms.Front` | Node selector terms for front-end component | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` | | `tap.auth.enabled` | Enable authentication | `false` | | `tap.auth.type` | Authentication type (1 option available: `saml`) | `saml` | | `tap.auth.approvedEmails` | List of approved email addresses for authentication | `[]` | diff --git a/helm-chart/templates/04-hub-deployment.yaml b/helm-chart/templates/04-hub-deployment.yaml index 7da2fe1b4..bc89dfc96 100644 --- a/helm-chart/templates/04-hub-deployment.yaml +++ b/helm-chart/templates/04-hub-deployment.yaml @@ -97,6 +97,13 @@ spec: - name: saml-x509-volume mountPath: "/etc/saml/x509" readOnly: true +{{- if gt (len .Values.tap.nodeSelectorTerms.hub) 0}} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + {{- toYaml .Values.tap.nodeSelectorTerms.hub | nindent 12 }} +{{- end }} volumes: - name: saml-x509-volume projected: diff --git a/helm-chart/templates/06-front-deployment.yaml b/helm-chart/templates/06-front-deployment.yaml index 9170adc59..b7b59757f 100644 --- a/helm-chart/templates/06-front-deployment.yaml +++ b/helm-chart/templates/06-front-deployment.yaml @@ -108,6 +108,13 @@ spec: mountPath: /etc/nginx/conf.d/default.conf subPath: default.conf readOnly: true +{{- if gt (len .Values.tap.nodeSelectorTerms.front) 0}} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + {{- toYaml .Values.tap.nodeSelectorTerms.front | nindent 12 }} +{{- end }} volumes: - name: nginx-config configMap: diff --git a/helm-chart/templates/09-worker-daemon-set.yaml b/helm-chart/templates/09-worker-daemon-set.yaml index 3e73621c7..092bc882b 100644 --- a/helm-chart/templates/09-worker-daemon-set.yaml +++ b/helm-chart/templates/09-worker-daemon-set.yaml @@ -286,12 +286,12 @@ spec: - effect: NoSchedule operator: Exists {{- end }} -{{- if gt (len .Values.tap.nodeSelectorTerms) 0}} +{{- if gt (len .Values.tap.nodeSelectorTerms.workers) 0}} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - {{- toYaml .Values.tap.nodeSelectorTerms | nindent 12 }} + {{- toYaml .Values.tap.nodeSelectorTerms.workers | nindent 12 }} {{- end }} volumes: - hostPath: diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index c7ab5665c..f109180fd 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -78,11 +78,24 @@ tap: labels: {} annotations: {} nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/os - operator: In - values: - - linux + hub: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + workers: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + front: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux auth: enabled: false type: saml