github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-09-01 10:36:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,907 Commits 85 Branches 954 Tags
fix-onitemqueired-hook
Commit Graph

282 Commits

Author SHA1 Message Date
M. Mert Yildiran
3cc9ff8616 🔖 Bump the Helm chart version to 52.1.77 2024-03-19 18:55:27 +03:00
Serhii Ponomarenko
247498492a Set custom timezone (#1517) 
* 🔨 Add timezone config

* 🔨 Update `complete.yaml`

* 📝 Document `timezone` config

* 📝 Update `timezone` config docs

* 📝 Update `timezone` config docs

* 🔥 Remove unused `TIMEZONE` field from `ConfigMap`

* 🦺 Handle empty `tap.timezone` case

* 🔨 Move `timezone` from `.Values.tap` to `.Values`

* 🔨 Add `timezone` field to helm values

* 🔨 Update `complete.yaml`

* 📝 Update `timezone` config docs

* 🔨 Add `TIMEZONE` field to `ConfigMap`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-03-19 12:06:50 +01:00
M. Mert Yildiran
9162c4fb64 🔖 Bump the Helm chart version to 52.1.75 2024-03-15 20:39:39 +03:00
Serhii Ponomarenko
e7fc7b791a 🐛 Fix front nginx and network policies ports (#1518) 
* 🐛 Use `8080` listen port for front nginx config

* 🐛 Use `8080` ingress port for front/hub network policies
 2024-03-14 15:18:24 -07:00
Volodymyr Stoiko
c0751ad4cb Switch to lower ports (#1514) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-03-08 21:02:05 -08:00
Serhii Ponomarenko
0aca81fbcb 🔨 Disable scripting, targeted pods update & recording via ConfigMap keys (#1515) 
* 🔨 Add `SCRIPTING_DISABLED` key to `ConfigMap`

* 🔨 Add `TARGETED_PODS_UPDATE_DISABLED` config

* 🔨 Add `RECORDING_DISABLED` key to `ConfigMap`

* 🎨 Reformat `TapConfig`

* 🔨 Update `complete.yaml`
 2024-03-08 20:49:07 -08:00
Volodymyr Stoiko
db607aff16 Add network policies for kubeshark components (#1513) 
* Add explicit network policies for kubeshark components

* allow exact ports

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-03-07 06:37:13 -08:00
M. Mert Yildiran
93de6e8934 🔖 Bump the Helm chart version to 52.1.66 2024-03-06 00:12:02 +03:00
M. Mert Yildiran
68aabf262f 🔖 Bump the Helm chart version to 52.1.63 2024-02-29 01:45:41 +03:00
M. Mert Yildiran
d15e1cca54 🔖 Bump the Helm chart version to 52.1.62 2024-02-29 01:33:28 +03:00
M. Mert Yildiran
a9d2cb5ac2 🔖 Bump the Helm chart version to 52.1.61 2024-02-28 23:43:04 +03:00
M. Mert Yildiran
ddcf973e35 Revert "🔖 Bump the Helm chart version to 52.1.61" 
This reverts commit b6d1804326.
 2024-02-28 23:42:08 +03:00
M. Mert Yildiran
b6d1804326 🔖 Bump the Helm chart version to 52.1.61 2024-02-28 23:39:06 +03:00
Volodymyr Stoiko
6dc12af55b Add namespace prefix to cluster scope resources (#1506) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-02-28 12:14:03 -08:00
M. Mert Yildiran
8fe0544175 🔨 Remove CHECKPOINT_RESTORE capability from defaults 2024-02-26 21:40:14 +03:00
M. Mert Yildiran
c38bdcd977 🔖 Bump the Helm chart version to 52.1.50 2024-02-20 21:25:10 +03:00
M. Mert Yildiran
c8cd1f57c4 🔖 Bump the Helm chart version to 52.1.45 2024-02-15 19:35:01 +03:00
Alon Girmonsky
6af2d11878 removed cloud URL from config map (#1499) 
1. removed cloud URL from config map
2. added to hub's and worker's deployments
 2024-02-14 13:06:24 -08:00
M. Mert Yildiran
2f899a943c 🔖 Bump the Helm chart version to 52.1.30 2024-02-07 22:43:22 +03:00
Alon Girmonsky
f010f349a1 unixsocket for tracer (#1497) 
- Added `-unixsocket` by default
- In DEBUG mode, added `-dumptracer 100000000`
 2024-02-07 09:50:58 -08:00
iluxa
26e23dc94f add capability for tracer (#1496) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-02-06 13:38:21 -08:00
Serhii Ponomarenko
6785f024e4 Feature-based SAML authorization (#49) (#1495) 
* 🔨 Add `showAdminConsoleLink` to helm values

* 🔨 Add `ShowAdminConsoleLink` to `TapConfig`

* 🔨 Regenerate `complete.yaml` manifest

* 📝 Update helm-chart `README.md`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-02-06 13:36:32 -08:00
M. Mert Yildiran
92dab2e2f7 🔨 Add PcapErrorTTL field to MiscConfig 2024-02-06 01:32:07 +03:00
Serhii Ponomarenko
18d051af28 🔥 Remove old Descope auth (#1490) 
* 🔥 Remove Descope-related config updates

* 🔥 Remove Descope-related helm values

* 🔥 Remove Descope-related k8s configs

* 🔥 Remove Descope-related fields from `tapConfig`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-31 14:49:55 -08:00
M. Mert Yildiran
cef012d1f3 🐛 Fix the ConfigMap keys of JsonTTL and PcapTTL fields 2024-01-31 16:57:11 +03:00
M. Mert Yildiran
4802cca646 Add MiscConfig struct with has JsonTTL and PcapTTL fields 2024-01-30 02:25:04 +03:00
Alon Girmonsky
4117d008a9 Update README.md 2024-01-28 11:06:18 -08:00
Alon Girmonsky
91e3546196 added a link to the dashboard 2024-01-26 15:38:40 -08:00
Alon Girmonsky
4db2a80675 Add API cloud endpoint env var to hub deployment (#1489) 
* Add API cloud endpoint env var to hub deployment

* Added an env var for api cloud endpoint
 2024-01-26 00:24:38 -08:00
Serhii Ponomarenko
bfa3efd23a SAML authorization (#1487) 
* 🔨 Add `AUTH_SAML_ROLE_ATTRIBUTE` field to `ConfigMap`

* 📝 Document `tap.auth.saml.roleAttribute/roles` values

* 🔧 Re-generate `complete.yaml`

* 🔥 Remove `default` tag from `SamlConfig.RoleAttribute`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-24 16:05:37 -08:00
M. Mert Yildiran
c48187a02e 🔖 Bump the Helm chart version to 52.1.9 2024-01-24 22:29:38 +03:00
Alon Girmonsky
f6d7510a14 fix the env variable / helm issue (#1486) 
* fix the env variable / helm issue

Empty environment variables can not be read by front.

* change env variable to avoid an empty string
 2024-01-23 21:30:24 -08:00
M. Mert Yildiran
f9e0c36d5f 🔨 Add AUTH_SAML_ROLES field to ConfigMap 2024-01-23 23:22:06 +03:00
Serhii Ponomarenko
a8dd332ff8 SAML integration prototype (#1475) 
* 🔨 Add `AUTH_TYPE` field to `ConfigMap`

* 🔨 Add `AUTH_SAML_IDP_METADATA_URL` field to `ConfigMap`

* 🔨 Add `AUTH_SAML_X509_CRT` field to `Secret`

* 🔨 Add `AUTH_SAML_X509_KEY` field to `Secret`

* 🔨  Mount SAML X.509 key pair into `hub`

* 🔨 Add `REACT_APP_AUTH_TYPE` environment variable to `front`

* 🔧 Add Nginx path rewrite for `/saml`

* 🔧 Raise request size to accept big SAML responses

* 🔨 Add `REACT_APP_AUTH_TYPE` environment default value

* 📝 Update `README.md`

* 📝 Update `README.md`

* 🔨 Add `AUTH_TYPE` config map key

* 🔨 Add `AUTH_SAML_IDP_METADATA_URL` config map key

* ☸ Set `CONFIG_AUTH_TYPE` from `TapConfig`

* ☸ Set `CONFIG_AUTH_SAML_IDP_METADATA_URL` from `TapConfig`

*  Create `SamlConfig` in `TapConfig.AuthConfig`

* 🔨 Use updated `tap.auth.saml.idpMetadataUrl` tap config field

* 📝 Update `README.md`

* 🔨 Add `tap.insgress.enabled/host` to `ConfigMap`

* 🔨 Add `tap.proxy.front.port` to `ConfigMap`

* 🔨 Add `REACT_APP_AUTH_SAML_IDP_METADATA_URL` env to `front`

* 🔧 Supply `auth.saml` fields to `helm-chart/values.yaml`

* 🐛 Fix indentation for X.509 secrets

* 📝 Provide SAML setup docs

* 📝 Update SAML setup docs

* 📝 Update SAML setup docs

* Added callback URL indication

* 💥 Disable standard `Descope` auth

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-23 10:47:29 -08:00
M. Mert Yildiran
6307871584 🔨 Add patch verb to kubeshark-self-config-role 2024-01-23 20:52:04 +03:00
Alon Girmonsky
f2b7df7e02 Global Filter, escaping doublequotes in strings (#1484) 
* Global filter quote change

Global filter uses a single quote as opposed to double quote. This limits the use of `'` inside the string as it can not be escaped. When using double quote ("), single quote can be used and double quote can be escaped as part of a string. An example for a Global Filter string: "redact(\"request.headers.Authorization\", \"request.headers['X-Aws-Ec2-Metadata-Token']\")"

* support escaping double quotes in  the global filter string
 2024-01-19 16:51:33 -08:00
M. Mert Yildiran
b0af52ba9c 🔖 Bump the Helm chart version to 52.1.0 2024-01-18 02:22:20 +03:00
M. Mert Yildiran
ddc1dc3d71 🔨 Add TcpStreamChannelTimeoutMs field to TapConfig struct 2024-01-15 23:00:31 +03:00
M. Mert Yildiran
d99bfea0db 🔨 Rename worker resource requirement to sniffer 2024-01-15 21:14:06 +03:00
Volodymyr Stoiko
bed9d06c59 Pass kernel-module flag only if pf_ring enabled (#1480) 2024-01-14 14:39:32 -08:00
Volodymyr Stoiko
aaeb3ca1eb Load pf-ring kernel module in init container (#1476) 
* Load kernel module in init container

* Update docs

* Update formatting

* Add pre-stop hook to unload pf_ring module

* Enable hook only on kernel module enabled

* fix template

* Use sidecontainer to unload pf_ring

* Add requirements for tracer into structs

* fix values

* fix typo

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-12 15:49:39 -08:00
Alon Girmonsky
7df35e04a8 Update README.md 
Changed `tap.tls` and `tap.serviceMesh` defaults to `true` following this commit: 8ba3e603a4
 2024-01-12 09:36:34 -08:00
tgaliotto
a5be1a8eaa add request and limits for tracer container (#1459) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-12 09:30:50 -08:00
M. Mert Yildiran
8ba3e603a4 Add trafficSampleRate field to TapConfig 2024-01-10 18:51:52 +03:00
Volodymyr Stoiko
db51e6dbc2 Add kubeshark-worker-metrics service and document it (#1474) 
* Expose worker metrics

* Add metrics documentation

* upd

* Update metrics port configuration

* Update config/configStructs/tapConfig.go

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update helm-chart/README.md

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update helm-chart/templates/16-worker-service-metrics.yaml

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

---------

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2024-01-04 16:17:22 +03:00
Alon Girmonsky
77878e97f5 Tracer, ServiceMesh - Disable by default and some docs updates (#1472) 
* Disabled Tracer by default

As Tracer requires significantly more resources and elevated security capability, it is recommended to have it disabled by default and enabled on demand.

* Updated the tap.tls default value to false

* added description to the default and global KFL filters

* serviceMesh false by default

As serviceMesh requires elevated security permissions.
Furthermore this capability is required only in a fraction of the userbase. Some service mesh versions/configurations aren't supported. Therefore, it is recommended to start as disabled and enable on-demand

* Update the readme related to the service mesh default value

Set the default value of serviceMesh to false as among other things, it requires elevated security permissions and therefore should be enabled on demand.
 2023-12-30 18:47:26 -08:00
M. Mert Yildiran
36767eda27 🔨 Add KernelModuleConfig struct to TapConfig 2023-12-28 22:09:01 +03:00
Volodymyr Stoiko
6c01078f97 Add PF_RING related changes to docs and helm (#1471) 
* Install pf-ring KMM Module and wait for it

* Add mode configuration

* save

* Update doc

* upd

* toc

* adjust template

* upd

* Add module cr verification job

* upd doc

* Fix binary name

* Add disable mode

* Update PF_RING.md

Some adjustments to the instructions.

* Update 15-pf-ring-kernel-module.yaml

Small syntax err

* upd

* merge master

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2023-12-27 19:01:20 -08:00
M. Mert Yildiran
6c06307d68 🔨 Add GLOBAL_FILTER field to ConfigMap 2023-12-27 23:58:17 +03:00
M. Mert Yildiran
2223cad038 🔨 Add REACT_APP_REPLAY_DISABLED environment variable to front 2023-12-27 22:30:17 +03:00