github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-08-18 00:18:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,049 Commits 84 Branches 954 Tags 174 MiB
ebpf-default
Commit Graph

380 Commits

Author SHA1 Message Date
Volodymyr Stoiko
afa81e7be9
Update README with resource guard configuration (#1623) 2024-09-30 13:06:21 -07:00
Volodymyr Stoiko
d8b87a90e4
Add resource guard flag (#1622) 
* Add resource-guard flags

* make generate-helm-values

* Add resource guard flag
 2024-09-30 10:39:34 -07:00
M. Mert Yildiran
0f1194bfeb
Regenerate values.yaml and complete.yaml 2024-09-28 00:04:27 +03:00
Volodymyr Stoiko
3a8817592f
Do not enable -unixsocket flag of worker if no tracer is running (#1619) 2024-09-28 00:03:05 +03:00
Volodymyr Stoiko
fc0ec5a840
Add list permissions for kubeshark service account (#1617) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-09-25 14:55:01 -07:00
M. Mert Yildiran
9144d98d04
Add udp to list of enabled dissectors (#1616) 
* Add `udp` to list of enabled dissectors

* ignore udp as part of a global filter

* have globalFilter ignore udp and icmp

* Have globalFilter ignore udp and icmp

* Update README.md

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-09-25 11:29:21 -07:00
Ilya Gavrilov
16d779449a
propagate host root to the tracer (#1613) 2024-09-23 08:30:19 -07:00
Serhii Ponomarenko
fdaef243e4
🐛 Fix -staletimeout worker command value (#1611) 2024-09-18 14:57:50 -07:00
M. Mert Yildiran
0a0b0cde36
Template the -staletimeout flag (#1610) 
* Template the `-staletimeout` flag

* Fix
 2024-09-18 12:02:15 -07:00
Alon Girmonsky
13dd178334
updated Grafana dahsboard 2024-09-17 15:23:38 -07:00
Alon Girmonsky
d61e6ab8eb
text change 2024-09-15 14:32:11 -07:00
Alon Girmonsky
b6672661ad
text changes 2024-09-15 14:29:02 -07:00
Alon Girmonsky
6374f79292 🔖 Bump the Helm chart version to 52.3.82 2024-09-14 17:18:31 -07:00
Alon Girmonsky
bdbe4888d2 monior text changes 2024-09-14 11:56:57 -07:00
Alon Girmonsky
88c72cda82 🔖 Bump the Helm chart version to 52.3.81 2024-09-14 11:53:26 -07:00
Volodymyr Stoiko
ca844394fc
Calculate sentry based on internet connectivity and telemetry (#1608) 2024-09-11 13:40:29 -07:00
zyue110026
2513c136de
fix: respect tap.docker.imagePullSecrets (#1602) 
* respect tap.docker.imagePullSecrets

Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com>

* respect tap.docker.imagePullSecrets

Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com>

* fix: respect tap.docker.imagePullSecrets

Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com>

---------

Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com>
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2024-09-09 17:35:27 -07:00
Volodymyr Stoiko
3c6307e93f
Add sentry related configurations (#1606) 
* Add sentry configuration

* get helm values

* Add sentry configuration

---------

Co-authored-by: tiptophelmet <serhii.ponomarenko.jobs@gmail.com>
 2024-09-09 16:40:08 -07:00
M. Mert Yildiran
1c883c73e4
Add hub to the list of containers in pprof command and add flags to pprof command (#1603) 
* Add hub to the list of containers in `pprof` command and add flags to `pprof` command

* Reduce duplication

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-09-09 14:41:01 -07:00
Volodymyr Stoiko
95637bfce8
Use major version as containers tag (#1594) 
* Respect tagLocked version

* generate proper values

* fix helper

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-09-09 14:38:36 -07:00
M. Mert Yildiran
f155e4f1b7
Add PROFILING_ENABLED env var to Hub (#1600) 2024-09-05 13:35:07 -07:00
Serhii Ponomarenko
32caeb37e4
🔨 Create dissectorsUiEnabled flag (#1599) 
* 🔨 Create `dissectorsUiEnabled` flag

* 🔨 Rename `dissectorsUiEnabled` flag

* 🔨 Add `DISSECTORS_UPDATING_ENABLED` config

* 🔨 Set `dissectorsUpdatingEnabled: true` by default
 2024-08-29 09:36:58 -07:00
Ilya Gavrilov
1dfef1be23
update helm readme (#1596) 2024-08-28 10:38:19 -07:00
Ilya Gavrilov
a0eb85e71d
Add disableTlsLog command line option support for tracer (#1595) 2024-08-28 08:53:44 -07:00
M. Mert Yildiran
ad738387b7
🔖 Bump the Helm chart version to 52.3.79 2024-08-27 03:37:04 +03:00
Alon Girmonsky
c695a3c5e5 Fixed the telemetry flag that was set to an empty string by default 
as opposed to `false`.
 2024-08-26 16:20:29 -07:00
M. Mert Yildiran
de154731e9
Add DETECT_DUPLICATES config (#1593) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-26 09:44:26 -07:00
Alon Girmonsky
84f2ec944d
tcp dissector enabled by default (#1591) 
* tcp dissector enabled by default

* changing the readme

In support of having the `tcp` dissector enabled by default.

* Update values.yaml

* Update complete.yaml

* updated the defaultFilter default value

1. Start with some level of  "noise reduction" (`tcp` and `dns`).
2. Provide a hint how to use a display filter to filter out protocol aliases.

* Update values.yaml

filter out DNS and TCP

* Update complete.yaml

Filter out DNS and TCP

* Update README.md

Filter out TCP and DNS by default
 2024-08-22 17:14:38 -07:00
Alon Girmonsky
193e2ab03e
Update values.yaml 2024-08-21 17:56:34 -07:00
Volodymyr Stoiko
a3fea3b610
Adjust resources limits (#1588) 
* Adjust resources

* updated the values

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-20 08:55:06 -07:00
M. Mert Yildiran
b34cc21bcf
🔖 Bump the Helm chart version to 52.3.78 2024-08-19 21:15:35 +03:00
M. Mert Yildiran
17ce638a78
🔖 Bump the Helm chart version to 52.3.77 2024-08-19 18:59:39 +03:00
M. Mert Yildiran
4191aa4ce5
🔖 Bump the Helm chart version to 52.3.76 2024-08-17 14:50:42 +03:00
Alon Girmonsky
9069f10d94
TCP dissector description (#1586) 
* TCP dissector description 

Added a description how to use the TCP dissector.

* removed tcp from complete.yaml
 2024-08-16 17:06:06 -07:00
M. Mert Yildiran
53697d74ee
Run make generate-helm-values && make generate-manifests 2024-08-17 00:33:25 +03:00
Alon Girmonsky
51f3e3b7ce
Disable TCP dissector by default 
TCP dissector can be added as a helm value. This dissector shouldn't be used in production clusters, as enabling this dissector will consume enormous amounts of CPU and memory.
 2024-08-16 13:08:08 -07:00
M. Mert Yildiran
2a640c8d38
Add PROFILING_ENABLED environment variable and port number to tracer container (#1580) 
* Add `PROFILING_ENABLED` environment variable and port number to `tracer` container

* Update `complete.yaml`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-16 12:59:26 -07:00
Volodymyr Stoiko
ec616cb32c
Add -debug suffix to container tag when profiling enabled (#1581) 
* Add -debug prefix to container tag when profiling enabled

* Update helm-chart/templates/_helpers.tpl

* Update helm-chart/templates/_helpers.tpl

---------

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2024-08-14 23:16:30 +03:00
M. Mert Yildiran
219fc0a126
🔖 Bump the Helm chart version to 52.3.74 2024-08-13 21:36:47 +03:00
Alon Girmonsky
e70167c694
Added supported protocol dissectors section 2024-08-12 16:42:18 -07:00
M. Mert Yildiran
377ff44d71
🔖 Bump the Helm chart version to 52.3.73 2024-08-08 17:03:01 +03:00
Volodymyr Stoiko
557506096c
Increase default requests/limits (#1577) 
* Increase default requests/limits

* adjust
 2024-08-07 21:07:27 -07:00
Alon Girmonsky
32136520d8
Slow start (#1576) 
* Start `ExcludedNamespaces` empty by default

* Started Kubeshark with tap.stopped true by default

* Revert "Start `ExcludedNamespaces` empty by default"

This reverts commit 7de515dd3a.

* Start with traffic capture paused by default
Remove any namespaces to exclude by default
 2024-08-06 15:39:42 -07:00
M. Mert Yildiran
5089e9ccb8
Add EXCLUDED_NAMESPACES to ConfigMap (#1571) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-02 08:25:32 -07:00
M. Mert Yildiran
c837874bbe
Add ENABLED_DISSECTORS to ConfigMap (#1570) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-02 08:17:05 -07:00
Alon Girmonsky
4ec06b7c95 When internet connectivity is off, remove the option to have a cloud license. 2024-08-01 17:54:05 -07:00
Alon Girmonsky
df0aea1462
stash (#1575) 2024-07-31 15:14:36 -07:00
Alon Girmonsky
9c9cefc406 Change supportChatEnabled to be true by default. 2024-07-29 17:16:21 -07:00
Alon Girmonsky
a699755858
Way to avoid seeing DNS traffic 2024-07-25 18:43:40 -07:00
M. Mert Yildiran
b7efd94414
Fix annotations key in kubeshark-worker-metrics (#1572) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-07-26 02:52:30 +03:00
Serhii Ponomarenko
be86ea8ecb
🔨 Support chat flag (#1573) 
* 🔨 Add `supportChatEnabled` helm value

* 🔨 Add `REACT_APP_SUPPORT_CHAT_ENABLED` env to `front`
 2024-07-25 13:09:44 -07:00
Ilya Gavrilov
6ea1073fe9
Remove obsolete dumptracer worker option (#1569) 2024-07-22 08:29:53 -07:00
Serhii Ponomarenko
28ae2a645b
🔨 Add tap.stopTrafficCapturingDisabled flag (#1568) 
* 🔨 Add `tap.stopTrafficCapturingDisabled` helm value

* 🔨 Add `STOP_TRAFFIC_CAPTURING_DISABLED` config

* 🔨 Add `REACT_APP_STOP_TRAFFIC_CAPTURING_DISABLED` `env` to `front`

* 🩹 Add ternary operator for `STOPPED` config

* 🐛 Always enable stop-capturing functionality if `tap.stopped == true`
 2024-07-18 13:37:21 -07:00
Serhii Ponomarenko
b7530a3c6b
Revert "🔨 Add REACT_APP_STOPPED env to front (#1564)" (#1567) 
This reverts commit 50d29f1e93.
 2024-07-18 13:11:52 -07:00
Serhii Ponomarenko
7168b5c515
🔨 Add canStopTrafficCapturing SAML authz action (#1565) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-07-18 08:18:03 -07:00
Serhii Ponomarenko
50d29f1e93
🔨 Add REACT_APP_STOPPED env to front (#1564) 2024-07-17 17:28:31 -07:00
M. Mert Yildiran
01656b6c78
Add DUPLICATE_TIMEFRAME field to ConfigMap (#1561) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-07-16 22:01:26 -07:00
M. Mert Yildiran
c88b3b0ba7
Remove "Replay" function functionality (#1563) 2024-07-16 13:13:08 -07:00
M. Mert Yildiran
e7778fe537
Add tap.stopped to values.yaml and STOPPED to ConfigMap (#1557) 2024-07-16 09:03:00 -07:00
M. Mert Yildiran
126f8b48d5
🔖 Bump the Helm chart version to 52.3.69 2024-07-09 16:12:06 +03:00
Alon Girmonsky
b9296d7849 switched back to api.kubeshark.co as the cloud API server 2024-07-04 15:42:36 +03:00
M. Mert Yildiran
cddccd58fa
Add the missing labels 2024-07-03 17:00:10 +03:00
Alon Girmonsky
3965916837
changed api.kubeshark.co to master.admin.kubeshark.co (#1553) 2024-06-20 16:17:26 -07:00
M. Mert Yildiran
ba1254f7e9
🔖 Bump the Helm chart version to 52.3.68 2024-06-17 04:39:02 +03:00
Alon Girmonsky
df1915cce6
Feature update bpf override (#1551) 
* 🔧 Set worker BPF override from config

* 🔧 Disable `front` BPF override if capture is not `af_packet`

* feature condition change

Extend the feature visibility condition from explicitely using af_packet to not explicitly using ebpf, and therefore supporting all methods other than ebpf

* reversing the logic

fixing the previous comment logic as it was reversed.

---------

Co-authored-by: tiptophelmet <serhii.ponomarenko.jobs@gmail.com>
 2024-06-14 17:33:10 -07:00
M. Mert Yildiran
88ea7120c4
Rename Bpf field of TapConfig struct to BpfOverride 2024-06-12 04:04:11 +03:00
M. Mert Yildiran
f43a61f891
Add Bpf field to TapConfig struct 2024-06-12 04:02:36 +03:00
Alon Girmonsky
77ed1fdefe Merge branch 'master' of github.com:kubeshark/kubeshark 2024-06-08 11:06:31 -07:00
Alon Girmonsky
40177b8fa9 Fixed a bug in the Helm chart that did not 
override the sniffer container once an override Worker config value was present
 2024-06-08 10:58:36 -07:00
Alon Girmonsky
ef84f90cd9 Returned ebpf as an explicit option and af-packet as the default option 2024-05-31 21:00:33 -07:00
Alon Girmonsky
d1cc890cad set kernelModule.enabled default value to false 
As a temporary remady:
1. ebpf and pf-ring become explicit options
2. af_packet becomes the default option
 2024-05-31 20:59:51 -07:00
Alon Girmonsky
a9a75533af set kernelModule.enabled default value to false 
in support for this PR
 2024-05-31 20:59:16 -07:00
Alon Girmonsky
1aef7be3fb
helm clone specific branch 
Added instructions on how to clone a specific branch
 2024-05-28 21:10:32 -07:00
M. Mert Yildiran
c1e812e449
🔖 Bump the Helm chart version to 52.3.59 2024-05-25 05:39:28 +03:00
M. Mert Yildiran
c2b73025f3
Add DisableCgroupIdResolution field to MiscConfig struct 2024-05-25 05:18:41 +03:00
Ilya Gavrilov
359623c538
Add /etc/os-release for tracer sysevents (#1542) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-05-17 12:46:37 +01:00
Volodymyr Stoiko
3798bf7a01
Allow watching nodes (#1543) 
* Allow watching nodes

* restore
 2024-05-17 12:37:45 +01:00
M. Mert Yildiran
487f0b9332
Add OverrideTagConfig field to DockerConfig 2024-05-15 05:39:27 +03:00
radikaled
06e0def53e
Update 14-openshift-security-context-constraints.yaml (#1539) 
Add IPC_LOCK to allowedCapabilities otherwise kubeshark-worker-daemon-set will not deploy.
 2024-05-05 10:45:25 -07:00
M. Mert Yildiran
b88f1c7014
🔖 Bump the Helm chart version to 52.3.0 2024-05-02 23:45:06 +03:00
Alon Girmonsky
f4e2d2f9ca
Use eBPF as a traffic capture source by default if cgroup V2 is enabled. (#1540) 
This behavior can be reversed by setting the `tap.packetCapture`
to a specific source or manually adding the command line property:
`-disable-ebpf` to both the `worker` and the `tracer`
 2024-05-01 16:30:03 -07:00
M. Mert Yildiran
f017020f62
🔖 Bump the Helm chart version to 52.2.39 2024-04-24 16:05:46 +03:00
Alon Girmonsky
32ffa6132d
Fix/disable ebpf by defalt again (#1538) 
* Revert "Revert "as eBPF is a significant feature that can impact many users, this PR is meant (#1532)""

This reverts commit 7ab63ec745.

* Added the missing -disable-ebpf parameters to Tracer
 2024-04-23 15:31:19 -07:00
Alon Girmonsky
0bb0c4b256 Merge branch 'master' of github.com:kubeshark/kubeshark 2024-04-22 17:08:56 -07:00
Alon Girmonsky
28696d2f5c
- Consider cloudLicenseEnabled only if license is empty. If license isn't empty disregard cloudLicenseEnabled (#1536) 2024-04-22 15:14:06 -07:00
Alon Girmonsky
7ab63ec745 Revert "as eBPF is a significant feature that can impact many users, this PR is meant (#1532)" 
This reverts commit 53c3dabcbf.
 2024-04-22 14:57:00 -07:00
Serhii Ponomarenko
5a4901f7bd
License via authentication (#1526) 
* 🔨 Add `cloudLicenseEnabled` helm value

* 🔨 Add `CLOUD_LICENSE_ENABLED` key to `ConfigMap`

* 🔨 Add `REACT_APP_CLOUD_LICENSE_ENABLED` `front` env

* 🎨 Reformat `ConfigStruct`

* 🔧 Set `cloudLicenseEnabled: true` by default

* 🔧 Override auth enabled/type if `cloudLicenseEnabled: true`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-04-21 15:04:08 -07:00
M. Mert Yildiran
5a322fc58a
🔖 Bump the Helm chart version to 52.2.30 2024-04-19 17:59:51 +03:00
Alon Girmonsky
53c3dabcbf
as eBPF is a significant feature that can impact many users, this PR is meant (#1532) 
to provide it NOT as the default option, but require an explicit indication
to use it. To use eBPF instead of AF-PACKET or PF-RING, use:
--set tap.packetCapture=ebpf
 2024-04-18 16:28:31 -07:00
Volodymyr Stoiko
6b6915c7ee
helm: Use proper labels in selectors (#1528) 
* Use proper selectorLabels in daemonset

* Update selector labels in deployments
 2024-04-16 09:02:33 -07:00
M. Mert Yildiran
e819759c2d
🎨 Remove a whitespace in 09-worker-daemon-set.yaml 2024-04-16 00:27:18 +03:00
Ilya Gavrilov
b39c5dd5d3
add net capabilities for tracer (#1525) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-04-15 14:20:44 -07:00
M. Mert Yildiran
0f402789f1
Add TcpStreamChannelTimeoutShow field to MiscConfig 2024-04-15 22:46:18 +03:00
Volodymyr Stoiko
d4fade3599
Extend cluster-role permissions (#1527) 
* Extend cluster-role permissions

* Format

* upd
 2024-04-09 14:20:52 -07:00
M. Mert Yildiran
35c1a88724
🔖 Bump the Helm chart version to 52.2.1 2024-03-28 03:55:03 +03:00
M. Mert Yildiran
fe3f93c91b
Revert srvPort to 30001 2024-03-28 03:54:06 +03:00
M. Mert Yildiran
24aa4db0bc
Bring back the packet-capture flag 2024-03-28 01:42:16 +03:00
M. Mert Yildiran
0b58558f70
🔖 Bump the Helm chart version to 52.2.0 2024-03-27 21:50:27 +03:00
M. Mert Yildiran
3cc9ff8616
🔖 Bump the Helm chart version to 52.1.77 2024-03-19 18:55:27 +03:00
Serhii Ponomarenko
247498492a
Set custom timezone (#1517) 
* 🔨 Add timezone config

* 🔨 Update `complete.yaml`

* 📝 Document `timezone` config

* 📝 Update `timezone` config docs

* 📝 Update `timezone` config docs

* 🔥 Remove unused `TIMEZONE` field from `ConfigMap`

* 🦺 Handle empty `tap.timezone` case

* 🔨 Move `timezone` from `.Values.tap` to `.Values`

* 🔨 Add `timezone` field to helm values

* 🔨 Update `complete.yaml`

* 📝 Update `timezone` config docs

* 🔨 Add `TIMEZONE` field to `ConfigMap`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-03-19 12:06:50 +01:00