github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-08-22 10:28:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,094 Commits 85 Branches 954 Tags 174 MiB
front-base-path-with-alt-nginx
Commit Graph

75 Commits

Author SHA1 Message Date
tiptophelmet
4f6db5943b 📝 Update front base path docs 2025-03-21 21:19:15 +02:00
tiptophelmet
43d8853dd8 🔨 Add tap.routing.front.basePath helm value 2025-03-21 20:52:50 +02:00
Volodymyr Stoiko
e47a665d68
Update structs and docs (#1710) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-02-21 09:07:17 -08:00
Alon Girmonsky
95d6655af6
finished templating tap.mountBpf option. (#1711) 2025-02-12 12:28:52 -08:00
Volodymyr Stoiko
ad10212ba5
Add dns config (#1698) 
* Add dnsconfig

* Update templates

* Add dns configuration values

* readme
 2025-01-24 09:14:08 -08:00
Volodymyr Stoiko
ef17eb9fbe
Make node selector component specific (#1694) 
* Make node selector component specific

* Update templates

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-22 12:50:17 -08:00
Serhii Ponomarenko
0d5bbd53aa
🔧 Add helm variable to disable live config-map user actions (#1689) 
* 🔧 Add helm variable to disable live config-map user actions

* 🐛 Fix ternary for `PRESET_FILTERS_CHANGING_ENABLED` config

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-18 13:15:46 +02:00
Volodymyr Stoiko
f9c66df528
Update worker liveness/readiness config (#1684) 
* Increase worker init delay to 30s

* Update values

* fix

* Make probe values configurable

* upd

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-08 13:09:51 -08:00
Serhii Ponomarenko
5242d9af07
🛂 Add save/activate/delete role scripting permissions (#1675) 
* 🛂 Add save/activate/delete role scripting permissions

* 🔧 Add scripting permissions to tap-config

* 🔨 Re-generate helm values & `complete.yaml`

* 📝 Add scripting permissions to helm chart docs

* 🏷️ Make scripting permissions `true` by default

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-12-25 12:33:16 -08:00
Volodymyr Stoiko
261a0ca1a9
Replace sniffer 30001 port with 48999 (#1670) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-12-19 12:37:01 -08:00
Alon Girmonsky
dfbb321084
Default startup values change (#1646) 
* updated the defaultFilter default values and docs.

* fixed a small err in the docs
 2024-12-08 14:48:13 -08:00
Volodymyr Stoiko
80d23d62bd
Remove PF_RING references (#1638) 
* Remove PF_RING references

* Update values

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-11-05 14:13:50 -08:00
Alon Girmonsky
b3f6fdc831
Added an ability to override image names for a case, where when using a CI, one needs to use individual image names (#1636) 2024-10-31 21:18:13 -07:00
Alon Girmonsky
629fb118e8 Revert "Set resource guard to true by default." 
This reverts commit a7692a664d.
 2024-10-29 21:49:25 -07:00
Alon Girmonsky
a7692a664d Set resource guard to true by default. 2024-10-29 15:11:07 -07:00
Alon Girmonsky
6a890e6653 Removed the timestamp>now() fro the globalFilter flag. 2024-10-25 10:41:06 -07:00
Alon Girmonsky
22766c2983 remove tcp and udp dissectors by default 2024-10-21 13:03:53 -07:00
Alon Girmonsky
da1d2c5260 changed tap.stopped to false by default 2024-10-21 12:59:25 -07:00
Alon Girmonsky
580c612982 added timestamp>now() as a global filter 2024-10-17 12:05:35 -07:00
Alon Girmonsky
7a1cd9afbc set disableTlsLog to true by default. 2024-10-17 10:48:11 -07:00
Alon Girmonsky
816f614ebb change CPU limit to no limit 
Change memory limit to 3Gi
 2024-10-16 11:01:25 -07:00
bogdanvbalan
783aa03b6a
Feat pcapsaver (#1621) 
* Add cmd to copy pcaps from worker

* Update commands to merge pcaps

* Remove test img

* Remove usage of http endpoint in copy

* Unify commands

* Add copy flag

* Address review comments

* Update k8s config path processing

* Remove debug prints

* setting the pcapSrcDit to the name of the command

* Update values.yaml

* Remove the start,stop and copy flags

* Clean up the the code a bit
Changed the logic so it's either copy or start/stop.
Works well for a first version.

* Improved the logic

* Changed pcapdump enable flag to boolean

* Added helm value documentation

* minor default configuration changes

* Fix default val for enabled

* Final changes
Cleaned up the helm worker template
Improve the logic a bit

* Code cleanup
Changed instances of `enable` to `enabled` for purpose of consistency
Removed unused helm environment variables

* Enable merging all node files to a single file.
Before the outcome had been a merged file per node.
Now the outcome is a single merged file for all nodes.

* Committed for testing purpose

* Reduced the initial disk foot print to 10MB per node

---------

Co-authored-by: bogdan.balan1 <bogdanvalentin.balan@1nce.com>
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-10-07 08:39:52 -07:00
Volodymyr Stoiko
afa81e7be9
Update README with resource guard configuration (#1623) 2024-09-30 13:06:21 -07:00
M. Mert Yildiran
9144d98d04
Add udp to list of enabled dissectors (#1616) 
* Add `udp` to list of enabled dissectors

* ignore udp as part of a global filter

* have globalFilter ignore udp and icmp

* Have globalFilter ignore udp and icmp

* Update README.md

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-09-25 11:29:21 -07:00
Alon Girmonsky
d61e6ab8eb
text change 2024-09-15 14:32:11 -07:00
Alon Girmonsky
b6672661ad
text changes 2024-09-15 14:29:02 -07:00
Alon Girmonsky
88c72cda82 🔖 Bump the Helm chart version to 52.3.81 2024-09-14 11:53:26 -07:00
Volodymyr Stoiko
3c6307e93f
Add sentry related configurations (#1606) 
* Add sentry configuration

* get helm values

* Add sentry configuration

---------

Co-authored-by: tiptophelmet <serhii.ponomarenko.jobs@gmail.com>
 2024-09-09 16:40:08 -07:00
Volodymyr Stoiko
95637bfce8
Use major version as containers tag (#1594) 
* Respect tagLocked version

* generate proper values

* fix helper

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-09-09 14:38:36 -07:00
Serhii Ponomarenko
32caeb37e4
🔨 Create dissectorsUiEnabled flag (#1599) 
* 🔨 Create `dissectorsUiEnabled` flag

* 🔨 Rename `dissectorsUiEnabled` flag

* 🔨 Add `DISSECTORS_UPDATING_ENABLED` config

* 🔨 Set `dissectorsUpdatingEnabled: true` by default
 2024-08-29 09:36:58 -07:00
Ilya Gavrilov
1dfef1be23
update helm readme (#1596) 2024-08-28 10:38:19 -07:00
Alon Girmonsky
84f2ec944d
tcp dissector enabled by default (#1591) 
* tcp dissector enabled by default

* changing the readme

In support of having the `tcp` dissector enabled by default.

* Update values.yaml

* Update complete.yaml

* updated the defaultFilter default value

1. Start with some level of  "noise reduction" (`tcp` and `dns`).
2. Provide a hint how to use a display filter to filter out protocol aliases.

* Update values.yaml

filter out DNS and TCP

* Update complete.yaml

Filter out DNS and TCP

* Update README.md

Filter out TCP and DNS by default
 2024-08-22 17:14:38 -07:00
Alon Girmonsky
9069f10d94
TCP dissector description (#1586) 
* TCP dissector description 

Added a description how to use the TCP dissector.

* removed tcp from complete.yaml
 2024-08-16 17:06:06 -07:00
Alon Girmonsky
e70167c694
Added supported protocol dissectors section 2024-08-12 16:42:18 -07:00
Alon Girmonsky
32136520d8
Slow start (#1576) 
* Start `ExcludedNamespaces` empty by default

* Started Kubeshark with tap.stopped true by default

* Revert "Start `ExcludedNamespaces` empty by default"

This reverts commit 7de515dd3a.

* Start with traffic capture paused by default
Remove any namespaces to exclude by default
 2024-08-06 15:39:42 -07:00
Alon Girmonsky
df0aea1462
stash (#1575) 2024-07-31 15:14:36 -07:00
Alon Girmonsky
a699755858
Way to avoid seeing DNS traffic 2024-07-25 18:43:40 -07:00
Serhii Ponomarenko
7168b5c515
🔨 Add canStopTrafficCapturing SAML authz action (#1565) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-07-18 08:18:03 -07:00
M. Mert Yildiran
c88b3b0ba7
Remove "Replay" function functionality (#1563) 2024-07-16 13:13:08 -07:00
Alon Girmonsky
d1cc890cad set kernelModule.enabled default value to false 
As a temporary remady:
1. ebpf and pf-ring become explicit options
2. af_packet becomes the default option
 2024-05-31 20:59:51 -07:00
Alon Girmonsky
1aef7be3fb
helm clone specific branch 
Added instructions on how to clone a specific branch
 2024-05-28 21:10:32 -07:00
Serhii Ponomarenko
247498492a
Set custom timezone (#1517) 
* 🔨 Add timezone config

* 🔨 Update `complete.yaml`

* 📝 Document `timezone` config

* 📝 Update `timezone` config docs

* 📝 Update `timezone` config docs

* 🔥 Remove unused `TIMEZONE` field from `ConfigMap`

* 🦺 Handle empty `tap.timezone` case

* 🔨 Move `timezone` from `.Values.tap` to `.Values`

* 🔨 Add `timezone` field to helm values

* 🔨 Update `complete.yaml`

* 📝 Update `timezone` config docs

* 🔨 Add `TIMEZONE` field to `ConfigMap`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-03-19 12:06:50 +01:00
Serhii Ponomarenko
6785f024e4
Feature-based SAML authorization (#49) (#1495) 
* 🔨 Add `showAdminConsoleLink` to helm values

* 🔨 Add `ShowAdminConsoleLink` to `TapConfig`

* 🔨 Regenerate `complete.yaml` manifest

* 📝 Update helm-chart `README.md`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-02-06 13:36:32 -08:00
Serhii Ponomarenko
18d051af28
🔥 Remove old Descope auth (#1490) 
* 🔥 Remove Descope-related config updates

* 🔥 Remove Descope-related helm values

* 🔥 Remove Descope-related k8s configs

* 🔥 Remove Descope-related fields from `tapConfig`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-31 14:49:55 -08:00
Alon Girmonsky
4117d008a9
Update README.md 2024-01-28 11:06:18 -08:00
Serhii Ponomarenko
bfa3efd23a
SAML authorization (#1487) 
* 🔨 Add `AUTH_SAML_ROLE_ATTRIBUTE` field to `ConfigMap`

* 📝 Document `tap.auth.saml.roleAttribute/roles` values

* 🔧 Re-generate `complete.yaml`

* 🔥 Remove `default` tag from `SamlConfig.RoleAttribute`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-24 16:05:37 -08:00
Serhii Ponomarenko
a8dd332ff8
SAML integration prototype (#1475) 
* 🔨 Add `AUTH_TYPE` field to `ConfigMap`

* 🔨 Add `AUTH_SAML_IDP_METADATA_URL` field to `ConfigMap`

* 🔨 Add `AUTH_SAML_X509_CRT` field to `Secret`

* 🔨 Add `AUTH_SAML_X509_KEY` field to `Secret`

* 🔨  Mount SAML X.509 key pair into `hub`

* 🔨 Add `REACT_APP_AUTH_TYPE` environment variable to `front`

* 🔧 Add Nginx path rewrite for `/saml`

* 🔧 Raise request size to accept big SAML responses

* 🔨 Add `REACT_APP_AUTH_TYPE` environment default value

* 📝 Update `README.md`

* 📝 Update `README.md`

* 🔨 Add `AUTH_TYPE` config map key

* 🔨 Add `AUTH_SAML_IDP_METADATA_URL` config map key

* ☸ Set `CONFIG_AUTH_TYPE` from `TapConfig`

* ☸ Set `CONFIG_AUTH_SAML_IDP_METADATA_URL` from `TapConfig`

*  Create `SamlConfig` in `TapConfig.AuthConfig`

* 🔨 Use updated `tap.auth.saml.idpMetadataUrl` tap config field

* 📝 Update `README.md`

* 🔨 Add `tap.insgress.enabled/host` to `ConfigMap`

* 🔨 Add `tap.proxy.front.port` to `ConfigMap`

* 🔨 Add `REACT_APP_AUTH_SAML_IDP_METADATA_URL` env to `front`

* 🔧 Supply `auth.saml` fields to `helm-chart/values.yaml`

* 🐛 Fix indentation for X.509 secrets

* 📝 Provide SAML setup docs

* 📝 Update SAML setup docs

* 📝 Update SAML setup docs

* Added callback URL indication

* 💥 Disable standard `Descope` auth

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-23 10:47:29 -08:00
Volodymyr Stoiko
aaeb3ca1eb
Load pf-ring kernel module in init container (#1476) 
* Load kernel module in init container

* Update docs

* Update formatting

* Add pre-stop hook to unload pf_ring module

* Enable hook only on kernel module enabled

* fix template

* Use sidecontainer to unload pf_ring

* Add requirements for tracer into structs

* fix values

* fix typo

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-12 15:49:39 -08:00
Alon Girmonsky
7df35e04a8
Update README.md 
Changed `tap.tls` and `tap.serviceMesh` defaults to `true` following this commit: 8ba3e603a4
 2024-01-12 09:36:34 -08:00
Volodymyr Stoiko
db51e6dbc2
Add kubeshark-worker-metrics service and document it (#1474) 
* Expose worker metrics

* Add metrics documentation

* upd

* Update metrics port configuration

* Update config/configStructs/tapConfig.go

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update helm-chart/README.md

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update helm-chart/templates/16-worker-service-metrics.yaml

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

---------

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2024-01-04 16:17:22 +03:00