github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-09-25 04:17:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,851 Commits 89 Branches 954 Tags
feature/custom-timezone
Commit Graph

159 Commits

Author SHA1 Message Date
tiptophelmet
c21a7cfb40 Revert "🔨 Add TIMEZONE field to ConfigMap" 
This reverts commit 13bb62e7de.
 2024-03-20 16:16:11 +02:00
tiptophelmet
13bb62e7de 🔨 Add TIMEZONE field to ConfigMap 2024-03-18 18:07:09 +02:00
Alon Girmonsky
07cf904a4c Merge branch 'master' into feature/custom-timezone 2024-03-15 16:18:40 -07:00
Serhii Ponomarenko
e7fc7b791a 🐛 Fix front nginx and network policies ports (#1518) 
* 🐛 Use `8080` listen port for front nginx config

* 🐛 Use `8080` ingress port for front/hub network policies
 2024-03-14 15:18:24 -07:00
tiptophelmet
15d0e7875f 🔨 Move timezone from .Values.tap to .Values 2024-03-14 17:58:19 +02:00
tiptophelmet
585e0eb254 🦺 Handle empty tap.timezone case 2024-03-14 17:28:53 +02:00
tiptophelmet
88f37cf43f 🔥 Remove unused TIMEZONE field from ConfigMap 2024-03-14 17:23:29 +02:00
tiptophelmet
a4c22cae17 🔨 Add timezone config 2024-03-13 23:27:37 +02:00
Volodymyr Stoiko
c0751ad4cb Switch to lower ports (#1514) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-03-08 21:02:05 -08:00
Serhii Ponomarenko
0aca81fbcb 🔨 Disable scripting, targeted pods update & recording via ConfigMap keys (#1515) 
* 🔨 Add `SCRIPTING_DISABLED` key to `ConfigMap`

* 🔨 Add `TARGETED_PODS_UPDATE_DISABLED` config

* 🔨 Add `RECORDING_DISABLED` key to `ConfigMap`

* 🎨 Reformat `TapConfig`

* 🔨 Update `complete.yaml`
 2024-03-08 20:49:07 -08:00
Volodymyr Stoiko
db607aff16 Add network policies for kubeshark components (#1513) 
* Add explicit network policies for kubeshark components

* allow exact ports

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-03-07 06:37:13 -08:00
Volodymyr Stoiko
6dc12af55b Add namespace prefix to cluster scope resources (#1506) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-02-28 12:14:03 -08:00
M. Mert Yildiran
8fe0544175 🔨 Remove CHECKPOINT_RESTORE capability from defaults 2024-02-26 21:40:14 +03:00
Alon Girmonsky
6af2d11878 removed cloud URL from config map (#1499) 
1. removed cloud URL from config map
2. added to hub's and worker's deployments
 2024-02-14 13:06:24 -08:00
Alon Girmonsky
f010f349a1 unixsocket for tracer (#1497) 
- Added `-unixsocket` by default
- In DEBUG mode, added `-dumptracer 100000000`
 2024-02-07 09:50:58 -08:00
M. Mert Yildiran
92dab2e2f7 🔨 Add PcapErrorTTL field to MiscConfig 2024-02-06 01:32:07 +03:00
Serhii Ponomarenko
18d051af28 🔥 Remove old Descope auth (#1490) 
* 🔥 Remove Descope-related config updates

* 🔥 Remove Descope-related helm values

* 🔥 Remove Descope-related k8s configs

* 🔥 Remove Descope-related fields from `tapConfig`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-31 14:49:55 -08:00
M. Mert Yildiran
cef012d1f3 🐛 Fix the ConfigMap keys of JsonTTL and PcapTTL fields 2024-01-31 16:57:11 +03:00
M. Mert Yildiran
4802cca646 Add MiscConfig struct with has JsonTTL and PcapTTL fields 2024-01-30 02:25:04 +03:00
Alon Girmonsky
4db2a80675 Add API cloud endpoint env var to hub deployment (#1489) 
* Add API cloud endpoint env var to hub deployment

* Added an env var for api cloud endpoint
 2024-01-26 00:24:38 -08:00
Serhii Ponomarenko
bfa3efd23a SAML authorization (#1487) 
* 🔨 Add `AUTH_SAML_ROLE_ATTRIBUTE` field to `ConfigMap`

* 📝 Document `tap.auth.saml.roleAttribute/roles` values

* 🔧 Re-generate `complete.yaml`

* 🔥 Remove `default` tag from `SamlConfig.RoleAttribute`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-24 16:05:37 -08:00
Alon Girmonsky
f6d7510a14 fix the env variable / helm issue (#1486) 
* fix the env variable / helm issue

Empty environment variables can not be read by front.

* change env variable to avoid an empty string
 2024-01-23 21:30:24 -08:00
M. Mert Yildiran
f9e0c36d5f 🔨 Add AUTH_SAML_ROLES field to ConfigMap 2024-01-23 23:22:06 +03:00
Serhii Ponomarenko
a8dd332ff8 SAML integration prototype (#1475) 
* 🔨 Add `AUTH_TYPE` field to `ConfigMap`

* 🔨 Add `AUTH_SAML_IDP_METADATA_URL` field to `ConfigMap`

* 🔨 Add `AUTH_SAML_X509_CRT` field to `Secret`

* 🔨 Add `AUTH_SAML_X509_KEY` field to `Secret`

* 🔨  Mount SAML X.509 key pair into `hub`

* 🔨 Add `REACT_APP_AUTH_TYPE` environment variable to `front`

* 🔧 Add Nginx path rewrite for `/saml`

* 🔧 Raise request size to accept big SAML responses

* 🔨 Add `REACT_APP_AUTH_TYPE` environment default value

* 📝 Update `README.md`

* 📝 Update `README.md`

* 🔨 Add `AUTH_TYPE` config map key

* 🔨 Add `AUTH_SAML_IDP_METADATA_URL` config map key

* ☸ Set `CONFIG_AUTH_TYPE` from `TapConfig`

* ☸ Set `CONFIG_AUTH_SAML_IDP_METADATA_URL` from `TapConfig`

*  Create `SamlConfig` in `TapConfig.AuthConfig`

* 🔨 Use updated `tap.auth.saml.idpMetadataUrl` tap config field

* 📝 Update `README.md`

* 🔨 Add `tap.insgress.enabled/host` to `ConfigMap`

* 🔨 Add `tap.proxy.front.port` to `ConfigMap`

* 🔨 Add `REACT_APP_AUTH_SAML_IDP_METADATA_URL` env to `front`

* 🔧 Supply `auth.saml` fields to `helm-chart/values.yaml`

* 🐛 Fix indentation for X.509 secrets

* 📝 Provide SAML setup docs

* 📝 Update SAML setup docs

* 📝 Update SAML setup docs

* Added callback URL indication

* 💥 Disable standard `Descope` auth

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-23 10:47:29 -08:00
M. Mert Yildiran
6307871584 🔨 Add patch verb to kubeshark-self-config-role 2024-01-23 20:52:04 +03:00
Alon Girmonsky
f2b7df7e02 Global Filter, escaping doublequotes in strings (#1484) 
* Global filter quote change

Global filter uses a single quote as opposed to double quote. This limits the use of `'` inside the string as it can not be escaped. When using double quote ("), single quote can be used and double quote can be escaped as part of a string. An example for a Global Filter string: "redact(\"request.headers.Authorization\", \"request.headers['X-Aws-Ec2-Metadata-Token']\")"

* support escaping double quotes in  the global filter string
 2024-01-19 16:51:33 -08:00
M. Mert Yildiran
ddc1dc3d71 🔨 Add TcpStreamChannelTimeoutMs field to TapConfig struct 2024-01-15 23:00:31 +03:00
M. Mert Yildiran
d99bfea0db 🔨 Rename worker resource requirement to sniffer 2024-01-15 21:14:06 +03:00
Volodymyr Stoiko
bed9d06c59 Pass kernel-module flag only if pf_ring enabled (#1480) 2024-01-14 14:39:32 -08:00
Volodymyr Stoiko
aaeb3ca1eb Load pf-ring kernel module in init container (#1476) 
* Load kernel module in init container

* Update docs

* Update formatting

* Add pre-stop hook to unload pf_ring module

* Enable hook only on kernel module enabled

* fix template

* Use sidecontainer to unload pf_ring

* Add requirements for tracer into structs

* fix values

* fix typo

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-12 15:49:39 -08:00
tgaliotto
a5be1a8eaa add request and limits for tracer container (#1459) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-12 09:30:50 -08:00
M. Mert Yildiran
8ba3e603a4 Add trafficSampleRate field to TapConfig 2024-01-10 18:51:52 +03:00
Volodymyr Stoiko
db51e6dbc2 Add kubeshark-worker-metrics service and document it (#1474) 
* Expose worker metrics

* Add metrics documentation

* upd

* Update metrics port configuration

* Update config/configStructs/tapConfig.go

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update helm-chart/README.md

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update helm-chart/templates/16-worker-service-metrics.yaml

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

---------

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2024-01-04 16:17:22 +03:00
M. Mert Yildiran
36767eda27 🔨 Add KernelModuleConfig struct to TapConfig 2023-12-28 22:09:01 +03:00
Volodymyr Stoiko
6c01078f97 Add PF_RING related changes to docs and helm (#1471) 
* Install pf-ring KMM Module and wait for it

* Add mode configuration

* save

* Update doc

* upd

* toc

* adjust template

* upd

* Add module cr verification job

* upd doc

* Fix binary name

* Add disable mode

* Update PF_RING.md

Some adjustments to the instructions.

* Update 15-pf-ring-kernel-module.yaml

Small syntax err

* upd

* merge master

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2023-12-27 19:01:20 -08:00
M. Mert Yildiran
6c06307d68 🔨 Add GLOBAL_FILTER field to ConfigMap 2023-12-27 23:58:17 +03:00
M. Mert Yildiran
2223cad038 🔨 Add REACT_APP_REPLAY_DISABLED environment variable to front 2023-12-27 22:30:17 +03:00
M. Mert Yildiran
c1fc4447ef 🔨 Move the list of Linux capabilities into values.yaml 2023-12-27 13:14:53 +03:00
M. Mert Yildiran
ea3eecfa04 🔨 Move SCRIPTING_ENV from ConfigMap to Secret 2023-12-25 20:55:26 +03:00
M. Mert Yildiran
51968f2aae 🔨 Add REPLAY_DISABLED field to ConfigMap 2023-12-25 17:34:38 +03:00
M. Mert Yildiran
d3f2cdbf0e Add DefaultFilter field to TapConfig 2023-12-18 16:51:55 +03:00
Serhiy Berezin
d3c21a07bb EFS persistent volume helm deployment support (#1455) 
* EFS persistent volume

docs/14

EFS static and dynamic provision added to default

* Update helm-chart/values.yaml

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Update helm-chart/templates/08-persistent-volume-claim.yaml

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Update config/configStructs/tapConfig.go

Fix format

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Fix format config/configStructs/tapConfig.go

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Improve formatting

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
 2023-12-11 10:52:58 -08:00
M. Mert Yildiran
510d5e5ed8 🔥 Remove REACT_APP_HUB_HOST and REACT_APP_HUB_PORT environment variables 2023-12-07 22:10:11 +03:00
M. Mert Yildiran
6b8beb50ad 🔨 Update the capabilities 2023-12-04 23:31:15 +03:00
M. Mert Yildiran
dd91087157 Add comments to explain the required Linux capabilities 2023-12-04 22:49:31 +03:00
M. Mert Yildiran
cf3ce0180b 🔨 Remove the unnecessary Linux capabilities 2023-12-04 22:39:21 +03:00
Chin K
fc0f6a8452 🔨 Add SecurityContextConstraints for OpenShift (#1451) 
* Added OS route

* Openshift Port-changes

* custom-scc

* custom-scc name update

* Revert "custom-scc name update"

This reverts commit 7e6d96c086.

* Added pre-install hook

* default port

* worker port update

* Update helm-chart/templates/14-kubeshark-scc.yaml

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* SCC only for openshift - capability added

---------

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2023-11-21 20:01:34 +03:00
M. Mert Yildiran
e2ef9eff05 🐛 Add CHECKPOINT_RESTORE Linux capability for kernel versions above 5.9 2023-11-04 00:06:27 +03:00
M. Mert Yildiran
bed59e12ea 🔥 Delete the non-existing field references in _helpers.tpl file 2023-11-02 18:53:17 +03:00
M. Mert Yildiran
d295cecfc2 🔨 Add REACT_APP_AUTH_ENABLED environment variable to kubeshark-front 2023-10-28 00:15:00 +03:00