github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-07-06 21:09:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,080 Commits 84 Branches 952 Tags 174 MiB
fix-remove-hostroot
Commit Graph

247 Commits

Author SHA1 Message Date
Alon Girmonsky
94fe36e5d6 added a helm value to control the root fs mount 
set the default to false
added documentation
 2025-02-12 12:16:21 -08:00
Ilya Gavrilov
70a9024bbe Remove hostroot hotfix 2025-02-06 17:53:56 +01:00
Volodymyr Stoiko
3d4606d439
Worker component security context refactoring (#1707) 
* Add new security context config

* Fine-grained template for securityContext

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-02-03 13:38:41 -08:00
Ilya Gavrilov
46ca7e3ad7
Remove init container; remove -disable-ebpf option (#1706) 
* Remove init container; remove -disable-ebpf option

* Remove init container; remove -disable-ebpf option
 2025-02-03 08:58:32 -08:00
Volodymyr Stoiko
ce7913ce2e
Fix pull secret aligning (#1703) 
* Fix pull secret aligning

* align
 2025-01-29 08:34:43 -08:00
M. Mert Yildiran
f2e60cdee1
Add PortMapping to TapConfig for port number based dissector prioritization (#1700) 2025-01-25 12:10:53 -08:00
Alon Girmonsky
818a9e2bec Moving to eBPF as a default packet capture method. 
Making default packet capture method eBPF, defaulting to AF_PACKET in case eBPF is not available
 2025-01-24 14:24:02 -08:00
Volodymyr Stoiko
ad10212ba5
Add dns config (#1698) 
* Add dnsconfig

* Update templates

* Add dns configuration values

* readme
 2025-01-24 09:14:08 -08:00
Volodymyr Stoiko
ef17eb9fbe
Make node selector component specific (#1694) 
* Make node selector component specific

* Update templates

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-22 12:50:17 -08:00
Alon Girmonsky
aa7c8f36f5
added -disable-tracer option (#1695) 
to the worker daemon set, when `tap.tls=false` is set.
 2025-01-22 12:32:05 -08:00
bogdanvbalan
c92f509863
#528 Remove pcap src from configMap (#1693) 
* Remove pcap src from configMap

* change folder name

keep it simple and short

---------

Co-authored-by: bogdan.balan1 <bogdanvalentin.balan@1nce.com>
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-22 10:10:44 -08:00
Serhii Ponomarenko
0d5bbd53aa
🔧 Add helm variable to disable live config-map user actions (#1689) 
* 🔧 Add helm variable to disable live config-map user actions

* 🐛 Fix ternary for `PRESET_FILTERS_CHANGING_ENABLED` config

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-18 13:15:46 +02:00
Volodymyr Stoiko
f9c66df528
Update worker liveness/readiness config (#1684) 
* Increase worker init delay to 30s

* Update values

* fix

* Make probe values configurable

* upd

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-08 13:09:51 -08:00
Alon Girmonsky
46ad335446
updated the notes (#1681) 2025-01-06 18:42:17 -08:00
M. Mert Yildiran
639f1deb51
Add CUSTOM_MACROS to ConfigMap (#1674) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-12-25 16:45:03 -08:00
Alon Girmonsky
b377bfe35f
Revert "Revert "Initialize kubeshark pinned eBPF resources inside init container (#1665)" (#1676)" (#1678) 
This reverts commit 12f8883052.
 2024-12-25 16:21:08 -08:00
M. Mert Yildiran
12f8883052
Revert "Initialize kubeshark pinned eBPF resources inside init container (#1665)" (#1676) 
This reverts commit 29de008f22.
 2024-12-25 11:21:51 -08:00
Alon Girmonsky
7eef5efcd9
Added security capabilities, especially IPC_LOCK (#1671) 
to Sniffer in case eBPF traffic capture mechanism is used.
 2024-12-23 16:49:54 -08:00
M. Mert Yildiran
af47154a8d
Revert "Add CUSTOM_MACROS to ConfigMap" 
This reverts commit 17759d296d.
 2024-12-23 21:26:42 +03:00
M. Mert Yildiran
17759d296d
Add CUSTOM_MACROS to ConfigMap 2024-12-23 21:25:11 +03:00
Ilya Gavrilov
29de008f22
Initialize kubeshark pinned eBPF resources inside init container (#1665) 
* Clean kubeshark pinned bpf resources inside init container

* Clean kubeshark pinned bpf resources inside init container

* Update 09-worker-daemon-set.yaml

* add IPC_LOCK capability to sniffer

* add init container to mount bpf filesystem

* add init container to mount bpf filesystem

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-12-19 16:20:13 -08:00
Volodymyr Stoiko
e819e9b697
Add hub metrics port (#1666) 
* Add hub metrics port

* Add policies and service

* Use static 9100 port for hub metrics

* fix

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-12-19 12:06:29 -08:00
Alon Girmonsky
a03aa56d07
removed the loglevel flag (#1669) 
following reverting tracer version: https://github.com/kubeshark/worker/pull/478
 2024-12-16 12:34:51 -08:00
Alon Girmonsky
4cabf13788
from debug to logLevel (#1668) 
* updated helm values

* removed the tap.debug field
from the tapConfig struct

* Revert "removed the tap.debug field"

This reverts commit f911c02f0d.

* support the -d --debug command
with the new logLevel flag
 2024-12-15 17:27:05 -08:00
Volodymyr Stoiko
993b8ae19e
Add permissions to watch namespaces (#1644) 
* Add permissions to watch namespaces

* Allow watching all namespaces

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-12-03 18:32:23 -08:00
Volodymyr Stoiko
8e135d570b
Remove pfring leftovers from ds (#1642) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-11-06 11:11:44 -08:00
Volodymyr Stoiko
4a6628a3e8
Fix helm resource requests/limits templates (#1639) 2024-11-05 13:03:21 -08:00
Alon Girmonsky
a1e05db4b0 Improved resource limits and requests Helm templating 2024-11-02 09:49:45 -07:00
Alon Girmonsky
b3f6fdc831
Added an ability to override image names for a case, where when using a CI, one needs to use individual image names (#1636) 2024-10-31 21:18:13 -07:00
Serhii Ponomarenko
ba9b85bb12
Revert "🐛 Prevent hub host-not-found nginx upstream error in front (#1628)" (#1633) 
This reverts commit cc3f8c86ff.
 2024-10-25 11:31:03 -07:00
Volodymyr Stoiko
f026c3604a
Add networkpolicies permissions (#1631) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-10-19 17:02:42 -07:00
Alon Girmonsky
674a554767
scripting-revamp-1 (#1630) 
* First commit in this PR
Added `scripting.active` as a helm value

* added `scripting.active` to the config struct and the helm chart
this array of strings will include the active script titles

* updated the `active` filed in the script struct

* go mod tidy

* update go ver to 1.21.1
 2024-10-15 10:35:38 -07:00
Serhii Ponomarenko
cc3f8c86ff
🐛 Prevent hub host-not-found nginx upstream error in front (#1628) 
* 🔧 Add `proxy_next_upstream` to retry finding `hub`

* 🔨 Set up `front` init-container to wait for `hub`

* Revert "🔧 Add `proxy_next_upstream` to retry finding `hub`"

This reverts commit 118b173069.

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-10-15 09:48:11 -07:00
Serhii Ponomarenko
223ada3e2b
🔨 Add tap.presetFiltersChangingEnabled helm value (#1627) 
* 🔨 Replace default-filter `front` env with config

* 🔨 Add `tap.presetFiltersChangingEnabled` helm value

* 🔨 Add preset-filters-changing-enabled `front` env

* 🔨 Add preset-filters-changing-enabled config
 2024-10-08 18:24:49 -07:00
bogdanvbalan
783aa03b6a
Feat pcapsaver (#1621) 
* Add cmd to copy pcaps from worker

* Update commands to merge pcaps

* Remove test img

* Remove usage of http endpoint in copy

* Unify commands

* Add copy flag

* Address review comments

* Update k8s config path processing

* Remove debug prints

* setting the pcapSrcDit to the name of the command

* Update values.yaml

* Remove the start,stop and copy flags

* Clean up the the code a bit
Changed the logic so it's either copy or start/stop.
Works well for a first version.

* Improved the logic

* Changed pcapdump enable flag to boolean

* Added helm value documentation

* minor default configuration changes

* Fix default val for enabled

* Final changes
Cleaned up the helm worker template
Improve the logic a bit

* Code cleanup
Changed instances of `enable` to `enabled` for purpose of consistency
Removed unused helm environment variables

* Enable merging all node files to a single file.
Before the outcome had been a merged file per node.
Now the outcome is a single merged file for all nodes.

* Committed for testing purpose

* Reduced the initial disk foot print to 10MB per node

---------

Co-authored-by: bogdan.balan1 <bogdanvalentin.balan@1nce.com>
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-10-07 08:39:52 -07:00
Volodymyr Stoiko
d8b87a90e4
Add resource guard flag (#1622) 
* Add resource-guard flags

* make generate-helm-values

* Add resource guard flag
 2024-09-30 10:39:34 -07:00
Volodymyr Stoiko
3a8817592f
Do not enable -unixsocket flag of worker if no tracer is running (#1619) 2024-09-28 00:03:05 +03:00
Volodymyr Stoiko
fc0ec5a840
Add list permissions for kubeshark service account (#1617) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-09-25 14:55:01 -07:00
Ilya Gavrilov
16d779449a
propagate host root to the tracer (#1613) 2024-09-23 08:30:19 -07:00
Serhii Ponomarenko
fdaef243e4
🐛 Fix -staletimeout worker command value (#1611) 2024-09-18 14:57:50 -07:00
M. Mert Yildiran
0a0b0cde36
Template the -staletimeout flag (#1610) 
* Template the `-staletimeout` flag

* Fix
 2024-09-18 12:02:15 -07:00
Volodymyr Stoiko
ca844394fc
Calculate sentry based on internet connectivity and telemetry (#1608) 2024-09-11 13:40:29 -07:00
zyue110026
2513c136de
fix: respect tap.docker.imagePullSecrets (#1602) 
* respect tap.docker.imagePullSecrets

Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com>

* respect tap.docker.imagePullSecrets

Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com>

* fix: respect tap.docker.imagePullSecrets

Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com>

---------

Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com>
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2024-09-09 17:35:27 -07:00
Volodymyr Stoiko
3c6307e93f
Add sentry related configurations (#1606) 
* Add sentry configuration

* get helm values

* Add sentry configuration

---------

Co-authored-by: tiptophelmet <serhii.ponomarenko.jobs@gmail.com>
 2024-09-09 16:40:08 -07:00
M. Mert Yildiran
1c883c73e4
Add hub to the list of containers in pprof command and add flags to pprof command (#1603) 
* Add hub to the list of containers in `pprof` command and add flags to `pprof` command

* Reduce duplication

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-09-09 14:41:01 -07:00
Volodymyr Stoiko
95637bfce8
Use major version as containers tag (#1594) 
* Respect tagLocked version

* generate proper values

* fix helper

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-09-09 14:38:36 -07:00
M. Mert Yildiran
f155e4f1b7
Add PROFILING_ENABLED env var to Hub (#1600) 2024-09-05 13:35:07 -07:00
Serhii Ponomarenko
32caeb37e4
🔨 Create dissectorsUiEnabled flag (#1599) 
* 🔨 Create `dissectorsUiEnabled` flag

* 🔨 Rename `dissectorsUiEnabled` flag

* 🔨 Add `DISSECTORS_UPDATING_ENABLED` config

* 🔨 Set `dissectorsUpdatingEnabled: true` by default
 2024-08-29 09:36:58 -07:00
Ilya Gavrilov
a0eb85e71d
Add disableTlsLog command line option support for tracer (#1595) 2024-08-28 08:53:44 -07:00
Alon Girmonsky
c695a3c5e5 Fixed the telemetry flag that was set to an empty string by default 
as opposed to `false`.
 2024-08-26 16:20:29 -07:00