github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-07-05 12:28:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make node selector component specific (#1694)

Browse Source 
* Make node selector component specific

* Update templates

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
This commit is contained in:
Volodymyr Stoiko 2025-01-22 22:50:17 +02:00 committed by GitHub
parent aa7c8f36f5
commit ef17eb9fbe
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 114 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
config/configStruct.go
View File

@ -16,7 +16,8 @@ const (
func CreateDefaultConfig() ConfigStruct { func CreateDefaultConfig() ConfigStruct {
return ConfigStruct{ return ConfigStruct{
Tap: configStructs.TapConfig{ Tap: configStructs.TapConfig{
NodeSelectorTerms: []v1.NodeSelectorTerm{ NodeSelectorTerms: configStructs.NodeSelectorTermsConfig{
Workers: []v1.NodeSelectorTerm{
{ {
MatchExpressions: []v1.NodeSelectorRequirement{ MatchExpressions: []v1.NodeSelectorRequirement{
{ {
@ -27,6 +28,29 @@ func CreateDefaultConfig() ConfigStruct {
}, },
}, },
}, },
Hub: []v1.NodeSelectorTerm{
{
MatchExpressions: []v1.NodeSelectorRequirement{
{
Key: "kubernetes.io/os",
Operator: v1.NodeSelectorOpIn,
Values: []string{"linux"},
},
},
},
},
Front: []v1.NodeSelectorTerm{
{
MatchExpressions: []v1.NodeSelectorRequirement{
{
Key: "kubernetes.io/os",
Operator: v1.NodeSelectorOpIn,
Values: []string{"linux"},
},
},
},
},
},
Capabilities: configStructs.CapabilitiesConfig{ Capabilities: configStructs.CapabilitiesConfig{
NetworkCapture: []string{ NetworkCapture: []string{
// NET_RAW is required to listen the network traffic // NET_RAW is required to listen the network traffic

8
config/configStructs/tapConfig.go
View File

@ -122,6 +122,12 @@ type ProbesConfig struct {
Sniffer ProbeConfig `yaml:"sniffer" json:"sniffer"` Sniffer ProbeConfig `yaml:"sniffer" json:"sniffer"`
} }
type NodeSelectorTermsConfig struct {
Hub []v1.NodeSelectorTerm `yaml:"hub" json:"hub" default:"[]"`
Workers []v1.NodeSelectorTerm `yaml:"workers" json:"workers" default:"[]"`
Front []v1.NodeSelectorTerm `yaml:"front" json:"front" default:"[]"`
}
type ProbeConfig struct { type ProbeConfig struct {
InitialDelaySeconds int `yaml:"initialDelaySeconds" json:"initialDelaySeconds" default:"15"` InitialDelaySeconds int `yaml:"initialDelaySeconds" json:"initialDelaySeconds" default:"15"`
PeriodSeconds int `yaml:"periodSeconds" json:"periodSeconds" default:"10"` PeriodSeconds int `yaml:"periodSeconds" json:"periodSeconds" default:"10"`
@ -247,7 +253,7 @@ type TapConfig struct {
IgnoreTainted bool `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"` IgnoreTainted bool `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"`
Labels map[string]string `yaml:"labels" json:"labels" default:"{}"` Labels map[string]string `yaml:"labels" json:"labels" default:"{}"`
Annotations map[string]string `yaml:"annotations" json:"annotations" default:"{}"` Annotations map[string]string `yaml:"annotations" json:"annotations" default:"{}"`
NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"` NodeSelectorTerms NodeSelectorTermsConfig `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"{}"`
Auth AuthConfig `yaml:"auth" json:"auth"` Auth AuthConfig `yaml:"auth" json:"auth"`
Ingress IngressConfig `yaml:"ingress" json:"ingress"` Ingress IngressConfig `yaml:"ingress" json:"ingress"`
IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"` IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"`

4
helm-chart/README.md
View File

@ -174,7 +174,9 @@ Example for overriding image names:
| `tap.ignoreTainted` | Whether to ignore tainted nodes | `false` | | `tap.ignoreTainted` | Whether to ignore tainted nodes | `false` |
| `tap.labels` | Kubernetes labels to apply to all Kubeshark resources | `{}` | | `tap.labels` | Kubernetes labels to apply to all Kubeshark resources | `{}` |
| `tap.annotations` | Kubernetes annotations to apply to all Kubeshark resources | `{}` | | `tap.annotations` | Kubernetes annotations to apply to all Kubeshark resources | `{}` |
| `tap.nodeSelectorTerms` | Node selector terms | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` | | `tap.nodeSelectorTerms.Workers` | Node selector terms for workers components | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` |
| `tap.nodeSelectorTerms.Hub` | Node selector terms for hub component | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` |
| `tap.nodeSelectorTerms.Front` | Node selector terms for front-end component | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` |
| `tap.auth.enabled` | Enable authentication | `false` | | `tap.auth.enabled` | Enable authentication | `false` |
| `tap.auth.type` | Authentication type (1 option available: `saml`) | `saml` | | `tap.auth.type` | Authentication type (1 option available: `saml`) | `saml` |
| `tap.auth.approvedEmails` | List of approved email addresses for authentication | `[]` | | `tap.auth.approvedEmails` | List of approved email addresses for authentication | `[]` |

7
helm-chart/templates/04-hub-deployment.yaml
View File

@ -97,6 +97,13 @@ spec:
- name: saml-x509-volume - name: saml-x509-volume
mountPath: "/etc/saml/x509" mountPath: "/etc/saml/x509"
readOnly: true readOnly: true
{{- if gt (len .Values.tap.nodeSelectorTerms.hub) 0}}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
{{- toYaml .Values.tap.nodeSelectorTerms.hub | nindent 12 }}
{{- end }}
volumes: volumes:
- name: saml-x509-volume - name: saml-x509-volume
projected: projected:

7
helm-chart/templates/06-front-deployment.yaml
View File

@ -108,6 +108,13 @@ spec:
mountPath: /etc/nginx/conf.d/default.conf mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf subPath: default.conf
readOnly: true readOnly: true
{{- if gt (len .Values.tap.nodeSelectorTerms.front) 0}}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
{{- toYaml .Values.tap.nodeSelectorTerms.front | nindent 12 }}
{{- end }}
volumes: volumes:
- name: nginx-config - name: nginx-config
configMap: configMap:

4
helm-chart/templates/09-worker-daemon-set.yaml
View File

@ -286,12 +286,12 @@ spec:
- effect: NoSchedule - effect: NoSchedule
operator: Exists operator: Exists
{{- end }} {{- end }}
{{- if gt (len .Values.tap.nodeSelectorTerms) 0}} {{- if gt (len .Values.tap.nodeSelectorTerms.workers) 0}}
affinity: affinity:
nodeAffinity: nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
{{- toYaml .Values.tap.nodeSelectorTerms | nindent 12 }} {{- toYaml .Values.tap.nodeSelectorTerms.workers | nindent 12 }}
{{- end }} {{- end }}
volumes: volumes:
- hostPath: - hostPath:

13
helm-chart/values.yaml
View File

@ -78,6 +78,19 @@ tap:
labels: {} labels: {}
annotations: {} annotations: {}
nodeSelectorTerms: nodeSelectorTerms:
hub:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
workers:
- matchExpressions:
- key: kubernetes.io/os
operator: In
values:
- linux
front:
- matchExpressions: - matchExpressions:
- key: kubernetes.io/os - key: kubernetes.io/os
operator: In operator: In