github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-06-21 13:58:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,080 Commits 83 Branches 952 Tags 174 MiB
fix-remove-hostroot
Commit Graph

186 Commits

Author SHA1 Message Date
M. Mert Yildiran
de154731e9
Add DETECT_DUPLICATES config (#1593) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-26 09:44:26 -07:00
Alon Girmonsky
84f2ec944d
tcp dissector enabled by default (#1591) 
* tcp dissector enabled by default

* changing the readme

In support of having the `tcp` dissector enabled by default.

* Update values.yaml

* Update complete.yaml

* updated the defaultFilter default value

1. Start with some level of  "noise reduction" (`tcp` and `dns`).
2. Provide a hint how to use a display filter to filter out protocol aliases.

* Update values.yaml

filter out DNS and TCP

* Update complete.yaml

Filter out DNS and TCP

* Update README.md

Filter out TCP and DNS by default
 2024-08-22 17:14:38 -07:00
Volodymyr Stoiko
a3fea3b610
Adjust resources limits (#1588) 
* Adjust resources

* updated the values

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-20 08:55:06 -07:00
Alon Girmonsky
32136520d8
Slow start (#1576) 
* Start `ExcludedNamespaces` empty by default

* Started Kubeshark with tap.stopped true by default

* Revert "Start `ExcludedNamespaces` empty by default"

This reverts commit 7de515dd3a.

* Start with traffic capture paused by default
Remove any namespaces to exclude by default
 2024-08-06 15:39:42 -07:00
M. Mert Yildiran
5089e9ccb8
Add EXCLUDED_NAMESPACES to ConfigMap (#1571) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-02 08:25:32 -07:00
M. Mert Yildiran
c837874bbe
Add ENABLED_DISSECTORS to ConfigMap (#1570) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-02 08:17:05 -07:00
Serhii Ponomarenko
28ae2a645b
🔨 Add tap.stopTrafficCapturingDisabled flag (#1568) 
* 🔨 Add `tap.stopTrafficCapturingDisabled` helm value

* 🔨 Add `STOP_TRAFFIC_CAPTURING_DISABLED` config

* 🔨 Add `REACT_APP_STOP_TRAFFIC_CAPTURING_DISABLED` `env` to `front`

* 🩹 Add ternary operator for `STOPPED` config

* 🐛 Always enable stop-capturing functionality if `tap.stopped == true`
 2024-07-18 13:37:21 -07:00
Serhii Ponomarenko
7168b5c515
🔨 Add canStopTrafficCapturing SAML authz action (#1565) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-07-18 08:18:03 -07:00
M. Mert Yildiran
01656b6c78
Add DUPLICATE_TIMEFRAME field to ConfigMap (#1561) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-07-16 22:01:26 -07:00
M. Mert Yildiran
c88b3b0ba7
Remove "Replay" function functionality (#1563) 2024-07-16 13:13:08 -07:00
M. Mert Yildiran
e7778fe537
Add tap.stopped to values.yaml and STOPPED to ConfigMap (#1557) 2024-07-16 09:03:00 -07:00
M. Mert Yildiran
88ea7120c4
Rename Bpf field of TapConfig struct to BpfOverride 2024-06-12 04:04:11 +03:00
M. Mert Yildiran
f43a61f891
Add Bpf field to TapConfig struct 2024-06-12 04:02:36 +03:00
Alon Girmonsky
77ed1fdefe Merge branch 'master' of github.com:kubeshark/kubeshark 2024-06-08 11:06:31 -07:00
Alon Girmonsky
b49ca767c9 change kernelModule.enabled to false 
Promote AF_PACKET as the default option and make kernelModule as an explicit option.
This is a temporary change, until we bring back ebpf as the default option.
 2024-05-31 21:00:21 -07:00
M. Mert Yildiran
c2b73025f3
Add DisableCgroupIdResolution field to MiscConfig struct 2024-05-25 05:18:41 +03:00
M. Mert Yildiran
af2086a54d
Add --grep flag to logs command 2024-05-23 01:20:55 +03:00
M. Mert Yildiran
487f0b9332
Add OverrideTagConfig field to DockerConfig 2024-05-15 05:39:27 +03:00
M. Mert Yildiran
0f402789f1
Add TcpStreamChannelTimeoutShow field to MiscConfig 2024-04-15 22:46:18 +03:00
M. Mert Yildiran
24aa4db0bc
Bring back the packet-capture flag 2024-03-28 01:42:16 +03:00
Serhii Ponomarenko
0aca81fbcb
🔨 Disable scripting, targeted pods update & recording via ConfigMap keys (#1515) 
* 🔨 Add `SCRIPTING_DISABLED` key to `ConfigMap`

* 🔨 Add `TARGETED_PODS_UPDATE_DISABLED` config

* 🔨 Add `RECORDING_DISABLED` key to `ConfigMap`

* 🎨 Reformat `TapConfig`

* 🔨 Update `complete.yaml`
 2024-03-08 20:49:07 -08:00
Serhii Ponomarenko
6785f024e4
Feature-based SAML authorization (#49) (#1495) 
* 🔨 Add `showAdminConsoleLink` to helm values

* 🔨 Add `ShowAdminConsoleLink` to `TapConfig`

* 🔨 Regenerate `complete.yaml` manifest

* 📝 Update helm-chart `README.md`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-02-06 13:36:32 -08:00
M. Mert Yildiran
92dab2e2f7
🔨 Add PcapErrorTTL field to MiscConfig 2024-02-06 01:32:07 +03:00
Serhii Ponomarenko
18d051af28
🔥 Remove old Descope auth (#1490) 
* 🔥 Remove Descope-related config updates

* 🔥 Remove Descope-related helm values

* 🔥 Remove Descope-related k8s configs

* 🔥 Remove Descope-related fields from `tapConfig`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-31 14:49:55 -08:00
M. Mert Yildiran
4802cca646
Add MiscConfig struct with has JsonTTL and PcapTTL fields 2024-01-30 02:25:04 +03:00
Serhii Ponomarenko
bfa3efd23a
SAML authorization (#1487) 
* 🔨 Add `AUTH_SAML_ROLE_ATTRIBUTE` field to `ConfigMap`

* 📝 Document `tap.auth.saml.roleAttribute/roles` values

* 🔧 Re-generate `complete.yaml`

* 🔥 Remove `default` tag from `SamlConfig.RoleAttribute`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-24 16:05:37 -08:00
M. Mert Yildiran
f9e0c36d5f
🔨 Add AUTH_SAML_ROLES field to ConfigMap 2024-01-23 23:22:06 +03:00
Serhii Ponomarenko
a8dd332ff8
SAML integration prototype (#1475) 
* 🔨 Add `AUTH_TYPE` field to `ConfigMap`

* 🔨 Add `AUTH_SAML_IDP_METADATA_URL` field to `ConfigMap`

* 🔨 Add `AUTH_SAML_X509_CRT` field to `Secret`

* 🔨 Add `AUTH_SAML_X509_KEY` field to `Secret`

* 🔨  Mount SAML X.509 key pair into `hub`

* 🔨 Add `REACT_APP_AUTH_TYPE` environment variable to `front`

* 🔧 Add Nginx path rewrite for `/saml`

* 🔧 Raise request size to accept big SAML responses

* 🔨 Add `REACT_APP_AUTH_TYPE` environment default value

* 📝 Update `README.md`

* 📝 Update `README.md`

* 🔨 Add `AUTH_TYPE` config map key

* 🔨 Add `AUTH_SAML_IDP_METADATA_URL` config map key

* ☸ Set `CONFIG_AUTH_TYPE` from `TapConfig`

* ☸ Set `CONFIG_AUTH_SAML_IDP_METADATA_URL` from `TapConfig`

*  Create `SamlConfig` in `TapConfig.AuthConfig`

* 🔨 Use updated `tap.auth.saml.idpMetadataUrl` tap config field

* 📝 Update `README.md`

* 🔨 Add `tap.insgress.enabled/host` to `ConfigMap`

* 🔨 Add `tap.proxy.front.port` to `ConfigMap`

* 🔨 Add `REACT_APP_AUTH_SAML_IDP_METADATA_URL` env to `front`

* 🔧 Supply `auth.saml` fields to `helm-chart/values.yaml`

* 🐛 Fix indentation for X.509 secrets

* 📝 Provide SAML setup docs

* 📝 Update SAML setup docs

* 📝 Update SAML setup docs

* Added callback URL indication

* 💥 Disable standard `Descope` auth

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-23 10:47:29 -08:00
M. Mert Yildiran
ddc1dc3d71
🔨 Add TcpStreamChannelTimeoutMs field to TapConfig struct 2024-01-15 23:00:31 +03:00
M. Mert Yildiran
d99bfea0db
🔨 Rename worker resource requirement to sniffer 2024-01-15 21:14:06 +03:00
Volodymyr Stoiko
aaeb3ca1eb
Load pf-ring kernel module in init container (#1476) 
* Load kernel module in init container

* Update docs

* Update formatting

* Add pre-stop hook to unload pf_ring module

* Enable hook only on kernel module enabled

* fix template

* Use sidecontainer to unload pf_ring

* Add requirements for tracer into structs

* fix values

* fix typo

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-12 15:49:39 -08:00
M. Mert Yildiran
8ba3e603a4
Add trafficSampleRate field to TapConfig 2024-01-10 18:51:52 +03:00
Volodymyr Stoiko
db51e6dbc2
Add kubeshark-worker-metrics service and document it (#1474) 
* Expose worker metrics

* Add metrics documentation

* upd

* Update metrics port configuration

* Update config/configStructs/tapConfig.go

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update helm-chart/README.md

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update helm-chart/templates/16-worker-service-metrics.yaml

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

---------

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2024-01-04 16:17:22 +03:00
M. Mert Yildiran
36767eda27
🔨 Add KernelModuleConfig struct to TapConfig 2023-12-28 22:09:01 +03:00
M. Mert Yildiran
6c06307d68
🔨 Add GLOBAL_FILTER field to ConfigMap 2023-12-27 23:58:17 +03:00
M. Mert Yildiran
c1fc4447ef
🔨 Move the list of Linux capabilities into values.yaml 2023-12-27 13:14:53 +03:00
M. Mert Yildiran
51968f2aae
🔨 Add REPLAY_DISABLED field to ConfigMap 2023-12-25 17:34:38 +03:00
M. Mert Yildiran
d3f2cdbf0e
Add DefaultFilter field to TapConfig 2023-12-18 16:51:55 +03:00
M. Mert Yildiran
28bfbf4186
🐛 Fix the type of EfsFileSytemIdAndPath field 2023-12-18 16:51:21 +03:00
Serhiy Berezin
d3c21a07bb
EFS persistent volume helm deployment support (#1455) 
* EFS persistent volume

docs/14

EFS static and dynamic provision added to default

* Update helm-chart/values.yaml

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Update helm-chart/templates/08-persistent-volume-claim.yaml

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Update config/configStructs/tapConfig.go

Fix format

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Fix format config/configStructs/tapConfig.go

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Improve formatting

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
 2023-12-11 10:52:58 -08:00
M. Mert Yildiran
510d5e5ed8
🔥 Remove REACT_APP_HUB_HOST and REACT_APP_HUB_PORT environment variables 2023-12-07 22:10:11 +03:00
M. Mert Yildiran
88f8998df3
🔨 Update the worker pod and run make generate-helm-values && make generate-manifests 2023-11-21 20:24:14 +03:00
M. Mert Yildiran
cc9dbbef2e
🔥 Remove tapPcapRunner.go and --pcap flag 2023-11-21 07:17:43 +03:00
M. Mert Yildiran
9c291bbf47
🔨 Disable auth by default 2023-10-27 22:06:07 +03:00
M. Mert Yildiran
62d4c3a86e
🔨 Add ApprovedTenants field to AuthConfig and enable auth by default 2023-10-26 20:27:34 +03:00
M. Mert Yildiran
3b5cd6c77b
🔨 Make the config field tags camelCase 2023-10-25 18:00:32 +03:00
M. Mert Yildiran
0e2bca9729
Revert "🔨 Decrease the default storage limit back to 200Mi" 
This reverts commit b1a40df069.
 2023-10-24 03:10:23 +03:00
M. Mert Yildiran
b1a40df069
🔨 Decrease the default storage limit back to 200Mi 2023-10-24 03:06:02 +03:00
M. Mert Yildiran
a3383ee6cc
🔨 Template the Helm chart versions into Docker tags 2023-10-16 23:19:44 +03:00
M. Mert Yildiran
78481d4bcc
🔥 Delete unused packetcapture field 2023-10-12 18:31:59 +03:00
M. Mert Yildiran
9f1586ab50
🔨 Increase the default storage limit to 500Mi 2023-10-11 20:57:42 +03:00
M. Mert Yildiran
6d79598c5d
🔨 Template -no-kernel-module flag 2023-10-09 21:17:34 +03:00
M. Mert Yildiran
4831b44dfa
Revert "🔨 Separate the resources of each container in worker DaemonSet" 
This reverts commit 6add6fb1ec.
 2023-10-04 06:02:19 +03:00
M. Mert Yildiran
6817fd70ab
Revert "🔨 Lower the resource limits" 
This reverts commit d0b621070c.
 2023-10-04 06:02:12 +03:00
M. Mert Yildiran
d0b621070c
🔨 Lower the resource limits 2023-09-28 20:39:57 +03:00
M. Mert Yildiran
6add6fb1ec
🔨 Separate the resources of each container in worker DaemonSet 2023-09-28 01:36:56 +03:00
M. Mert Yildiran
5bd44b57f4
In case of tap re-run, update the config and start a proxy 2023-09-25 23:21:38 +03:00
Luiz Oliveira
1ccaa03fb2
🏗️ Give the user ability to set ingress as needed (#1417) 
* Give the user hability to set ingress as needed

- Removed unecessary IngressClass.
- If no IngressClassName passed, use cluster's default class
- Renamed `ingressclass` with `IngressClassName`. Is the standard name
    used for it.
- Included custom annotations for Ingress. This way user can set any
    custom annotation for the ingress only.

Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>

* Update helm-chart/templates/11-ingress.yaml

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update config/configStructs/tapConfig.go

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update helm-chart/templates/11-ingress.yaml

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* update default ingressClassName value

Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>

---------

Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2023-09-04 02:18:43 +03:00
M. Mert Yildiran
fa1e7bcf01
🔧 Add TelemetryConfig struct and --telemetry-enabled flag to tap command 2023-08-31 03:50:14 +03:00
M. Mert Yildiran
78c1c02fe6
🔥 Delete the recently added KMM related resources 2023-08-14 17:43:44 +03:00
M. Mert Yildiran
f4ff4d4dd6
Add KMMConfig struct to TapConfig 2023-08-12 02:41:29 +03:00
M. Mert Yildiran
5ca90d70ff
Have consistent case style in values.yaml 2023-08-09 20:16:49 +03:00
M. Mert Yildiran
65bda4e844
Add the IPv6 field to TapConfig struct 2023-08-09 01:24:08 +03:00
M. Mert Yildiran
c533bcd38c
Add AUTH_ENABLED and AUTH_APPROVED_EMAILS environment variables to Hub's template 2023-08-09 01:22:10 +03:00
M. Mert Yildiran
988bb16260
Use the tap.proxy.hub.port and tap.proxy.hub.srvport in the Helm templates 2023-07-09 22:58:02 +03:00
M. Mert Yildiran
0f1f832ddd
🐛 Add the missing json struct tags to ResourcesConfig 2023-07-03 23:26:18 +03:00
M. Mert Yildiran
0ef3e2d018
Fix the issues related to release namespace 2023-07-03 16:33:50 +03:00
M. Mert Yildiran
77a14410f4
Revert " Rename releasenamespace field to selfnamespace" 
This reverts commit d8ee89225c.
 2023-07-03 15:11:21 +03:00
M. Mert Yildiran
d8ee89225c
Rename releasenamespace field to selfnamespace 2023-07-03 11:54:06 +03:00
M. Mert Yildiran
b9f9e860b6
Change the default namespace from kubeshark to default and use .Release.Namespace in Helm templates 2023-06-27 21:06:44 +03:00
M. Mert Yildiran
16f1e116c0
Template the annotations in all resources 2023-06-27 03:45:47 +03:00
M. Mert Yildiran
2d625eccaa
Rename resourcelabels to labels 2023-06-27 03:33:46 +03:00
M. Mert Yildiran
19443501da
Have consistent key style in values.yaml 2023-06-27 03:32:03 +03:00
M. Mert Yildiran
4ef91a2701
Template the controller field in IngressClass resource 2023-06-27 03:27:40 +03:00
M. Mert Yildiran
f32a7d97ec
Template the ingressClassName field in Ingress resource 2023-06-27 03:25:58 +03:00
M. Mert Yildiran
a8df589076
Bring back the functionality of nodeselectorterms field into the Helm chart 2023-06-27 01:32:16 +03:00
M. Mert Yildiran
5c4c913a27
Bring back the functionality of resourcelabels field into the Helm chart 2023-06-27 01:12:04 +03:00
M. Mert Yildiran
5efb48f0c5
Bring back the functionality of ignoretainted field into the Helm chart 2023-06-27 00:15:04 +03:00
M. Mert Yildiran
bada6dae68
🐛 Fix <len .Values.tap.namespaces>: error calling len: len of nil pointer Helm install error 2023-06-20 22:14:06 +03:00
M. Mert Yildiran
7a5bf83336
Use the Helm chart in tap command to install Kubeshark (#1362) 
*  Use the Helm chart in `tap` command to install Kubeshark

* ⬆️ Set Go version to `1.19` in `go.mod` file

*  Add `Helm` struct`, `NewHelm` and `NewHelmDefault` methods

*  Better logging and error return

*  Pass the config as `values.yaml` to Helm install

* 🔥 Remove `helm-chart`, `manifests` and `check` commands

*  Run `go mod tidy`

* 🎨 Move `helm` package into `kubernetes` package

* 🔥 Remove `# THIS FILE IS AUTOMATICALLY GENERATED BY KUBESHARK CLI. DO NOT EDIT!` notice from the manifests and Helm templates

* 🔥 Remove the unused `GenerateApplyConfiguration` and `buildWithDefaultLabels` methods
 2023-06-06 12:16:03 +03:00
M. Mert Yildiran
c19cd00c77
Add CertManager field to IngressConfig and add an Ingress TLS example 2023-05-24 04:01:45 +03:00
M. Mert Yildiran
4bb68afaaf
Add AuthConfig struct and pass domains in AUTH_APPROVED_DOMAINS environment variable 2023-05-24 01:50:59 +03:00
M. Mert Yildiran
ad9dfbce40
Add Ingress (#1357) 
*  Add `Ingress`

*  Rewrite the target in `Ingress`

*  Fix the path of front pod in `Ingress`

*  Add `IngressConfig` struct

*  Generate the correct Helm chart based on `tap.ingress` field of `values.yaml`
 2023-05-16 19:46:47 +03:00
M. Mert Yildiran
f68fed0de8
🐛 Fix the effect of proxy config port changes 2023-05-10 01:28:43 +03:00
M. Mert Yildiran
aa904e23c7
Add --persistentstorage option to tap command 2023-05-08 23:57:22 +03:00
M. Mert Yildiran
a33a3467fc
Add persistentstorage option 2023-05-08 00:50:56 +03:00
M. Mert Yildiran
38d121556c
Add storageclass option to config.yaml 2023-04-20 20:20:24 +03:00
M. Mert Yildiran
c342885cae
Set the default storage limit to 200Mi 2023-04-20 02:48:18 +03:00
M. Mert Yildiran
657ea8570c
Add PersistentVolumeClaim and mount it to worker DaemonSet 2023-04-20 00:09:22 +03:00
M. Mert Yildiran
686dd5fba1
🔥 Remove the -A flag and allnamespaces field from config.yaml 2023-04-19 20:52:28 +03:00
M. Mert Yildiran
18addbb980
Fix the issues in Helm chart such that helm template succeeds 2023-04-12 02:12:12 +03:00
M. Mert Yildiran
02990912b7
Move ResourceLabels and NodeSelectorTerms fields into TapConfig 2023-04-11 22:37:29 +03:00
M. Mert Yildiran
c42481deb8
Add POD_REGEX, NAMESPACES, STORAGE_LIMIT and LICENSE environment variables to Hub 2023-04-11 18:40:34 +03:00
M. Mert Yildiran
e4684a10af
Add --ignoreTainted flag to tap command 2023-03-27 16:26:09 +03:00
M. Mert Yildiran
7f6f710b3f
🐛 Fix selfnamespace issue by changing its location in the config and adding --selfnamespace flag to tap and clean commands 2023-03-26 23:26:35 +03:00
M. Mert Yildiran
d9ec538aff
Add customLabels field to config.yaml 2023-03-14 23:45:41 +03:00
M. Mert Yildiran
a4d35599df
Change some logs 2023-03-13 22:45:57 +03:00
M. Mert Yildiran
cedb7bc8bc
Watch scripts inside tap command 2023-03-07 20:21:28 +03:00
M. Mert Yildiran
9a95fa364c
Change consts config field to env 2023-03-03 17:32:19 +03:00
M. Mert Yildiran
41ba509428
Add scripts command 2023-02-14 20:23:25 +03:00