github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-06-20 13:33:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,094 Commits 83 Branches 952 Tags 174 MiB
front-base-path-with-alt-nginx
Commit Graph

412 Commits

Author SHA1 Message Date
M. Mert Yildiran
1c883c73e4
Add hub to the list of containers in pprof command and add flags to pprof command (#1603) 
* Add hub to the list of containers in `pprof` command and add flags to `pprof` command

* Reduce duplication

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-09-09 14:41:01 -07:00
Volodymyr Stoiko
95637bfce8
Use major version as containers tag (#1594) 
* Respect tagLocked version

* generate proper values

* fix helper

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-09-09 14:38:36 -07:00
M. Mert Yildiran
f155e4f1b7
Add PROFILING_ENABLED env var to Hub (#1600) 2024-09-05 13:35:07 -07:00
Serhii Ponomarenko
32caeb37e4
🔨 Create dissectorsUiEnabled flag (#1599) 
* 🔨 Create `dissectorsUiEnabled` flag

* 🔨 Rename `dissectorsUiEnabled` flag

* 🔨 Add `DISSECTORS_UPDATING_ENABLED` config

* 🔨 Set `dissectorsUpdatingEnabled: true` by default
 2024-08-29 09:36:58 -07:00
Ilya Gavrilov
1dfef1be23
update helm readme (#1596) 2024-08-28 10:38:19 -07:00
Ilya Gavrilov
a0eb85e71d
Add disableTlsLog command line option support for tracer (#1595) 2024-08-28 08:53:44 -07:00
M. Mert Yildiran
ad738387b7
🔖 Bump the Helm chart version to 52.3.79 2024-08-27 03:37:04 +03:00
Alon Girmonsky
c695a3c5e5 Fixed the telemetry flag that was set to an empty string by default 
as opposed to `false`.
 2024-08-26 16:20:29 -07:00
M. Mert Yildiran
de154731e9
Add DETECT_DUPLICATES config (#1593) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-26 09:44:26 -07:00
Alon Girmonsky
84f2ec944d
tcp dissector enabled by default (#1591) 
* tcp dissector enabled by default

* changing the readme

In support of having the `tcp` dissector enabled by default.

* Update values.yaml

* Update complete.yaml

* updated the defaultFilter default value

1. Start with some level of  "noise reduction" (`tcp` and `dns`).
2. Provide a hint how to use a display filter to filter out protocol aliases.

* Update values.yaml

filter out DNS and TCP

* Update complete.yaml

Filter out DNS and TCP

* Update README.md

Filter out TCP and DNS by default
 2024-08-22 17:14:38 -07:00
Alon Girmonsky
193e2ab03e
Update values.yaml 2024-08-21 17:56:34 -07:00
Volodymyr Stoiko
a3fea3b610
Adjust resources limits (#1588) 
* Adjust resources

* updated the values

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-20 08:55:06 -07:00
M. Mert Yildiran
b34cc21bcf
🔖 Bump the Helm chart version to 52.3.78 2024-08-19 21:15:35 +03:00
M. Mert Yildiran
17ce638a78
🔖 Bump the Helm chart version to 52.3.77 2024-08-19 18:59:39 +03:00
M. Mert Yildiran
4191aa4ce5
🔖 Bump the Helm chart version to 52.3.76 2024-08-17 14:50:42 +03:00
Alon Girmonsky
9069f10d94
TCP dissector description (#1586) 
* TCP dissector description 

Added a description how to use the TCP dissector.

* removed tcp from complete.yaml
 2024-08-16 17:06:06 -07:00
M. Mert Yildiran
53697d74ee
Run make generate-helm-values && make generate-manifests 2024-08-17 00:33:25 +03:00
Alon Girmonsky
51f3e3b7ce
Disable TCP dissector by default 
TCP dissector can be added as a helm value. This dissector shouldn't be used in production clusters, as enabling this dissector will consume enormous amounts of CPU and memory.
 2024-08-16 13:08:08 -07:00
M. Mert Yildiran
2a640c8d38
Add PROFILING_ENABLED environment variable and port number to tracer container (#1580) 
* Add `PROFILING_ENABLED` environment variable and port number to `tracer` container

* Update `complete.yaml`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-16 12:59:26 -07:00
Volodymyr Stoiko
ec616cb32c
Add -debug suffix to container tag when profiling enabled (#1581) 
* Add -debug prefix to container tag when profiling enabled

* Update helm-chart/templates/_helpers.tpl

* Update helm-chart/templates/_helpers.tpl

---------

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2024-08-14 23:16:30 +03:00
M. Mert Yildiran
219fc0a126
🔖 Bump the Helm chart version to 52.3.74 2024-08-13 21:36:47 +03:00
Alon Girmonsky
e70167c694
Added supported protocol dissectors section 2024-08-12 16:42:18 -07:00
M. Mert Yildiran
377ff44d71
🔖 Bump the Helm chart version to 52.3.73 2024-08-08 17:03:01 +03:00
Volodymyr Stoiko
557506096c
Increase default requests/limits (#1577) 
* Increase default requests/limits

* adjust
 2024-08-07 21:07:27 -07:00
Alon Girmonsky
32136520d8
Slow start (#1576) 
* Start `ExcludedNamespaces` empty by default

* Started Kubeshark with tap.stopped true by default

* Revert "Start `ExcludedNamespaces` empty by default"

This reverts commit 7de515dd3a.

* Start with traffic capture paused by default
Remove any namespaces to exclude by default
 2024-08-06 15:39:42 -07:00
M. Mert Yildiran
5089e9ccb8
Add EXCLUDED_NAMESPACES to ConfigMap (#1571) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-02 08:25:32 -07:00
M. Mert Yildiran
c837874bbe
Add ENABLED_DISSECTORS to ConfigMap (#1570) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-08-02 08:17:05 -07:00
Alon Girmonsky
4ec06b7c95 When internet connectivity is off, remove the option to have a cloud license. 2024-08-01 17:54:05 -07:00
Alon Girmonsky
df0aea1462
stash (#1575) 2024-07-31 15:14:36 -07:00
Alon Girmonsky
9c9cefc406 Change supportChatEnabled to be true by default. 2024-07-29 17:16:21 -07:00
Alon Girmonsky
a699755858
Way to avoid seeing DNS traffic 2024-07-25 18:43:40 -07:00
M. Mert Yildiran
b7efd94414
Fix annotations key in kubeshark-worker-metrics (#1572) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-07-26 02:52:30 +03:00
Serhii Ponomarenko
be86ea8ecb
🔨 Support chat flag (#1573) 
* 🔨 Add `supportChatEnabled` helm value

* 🔨 Add `REACT_APP_SUPPORT_CHAT_ENABLED` env to `front`
 2024-07-25 13:09:44 -07:00
Ilya Gavrilov
6ea1073fe9
Remove obsolete dumptracer worker option (#1569) 2024-07-22 08:29:53 -07:00
Serhii Ponomarenko
28ae2a645b
🔨 Add tap.stopTrafficCapturingDisabled flag (#1568) 
* 🔨 Add `tap.stopTrafficCapturingDisabled` helm value

* 🔨 Add `STOP_TRAFFIC_CAPTURING_DISABLED` config

* 🔨 Add `REACT_APP_STOP_TRAFFIC_CAPTURING_DISABLED` `env` to `front`

* 🩹 Add ternary operator for `STOPPED` config

* 🐛 Always enable stop-capturing functionality if `tap.stopped == true`
 2024-07-18 13:37:21 -07:00
Serhii Ponomarenko
b7530a3c6b
Revert "🔨 Add REACT_APP_STOPPED env to front (#1564)" (#1567) 
This reverts commit 50d29f1e93.
 2024-07-18 13:11:52 -07:00
Serhii Ponomarenko
7168b5c515
🔨 Add canStopTrafficCapturing SAML authz action (#1565) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-07-18 08:18:03 -07:00
Serhii Ponomarenko
50d29f1e93
🔨 Add REACT_APP_STOPPED env to front (#1564) 2024-07-17 17:28:31 -07:00
M. Mert Yildiran
01656b6c78
Add DUPLICATE_TIMEFRAME field to ConfigMap (#1561) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-07-16 22:01:26 -07:00
M. Mert Yildiran
c88b3b0ba7
Remove "Replay" function functionality (#1563) 2024-07-16 13:13:08 -07:00
M. Mert Yildiran
e7778fe537
Add tap.stopped to values.yaml and STOPPED to ConfigMap (#1557) 2024-07-16 09:03:00 -07:00
M. Mert Yildiran
126f8b48d5
🔖 Bump the Helm chart version to 52.3.69 2024-07-09 16:12:06 +03:00
Alon Girmonsky
b9296d7849 switched back to api.kubeshark.co as the cloud API server 2024-07-04 15:42:36 +03:00
M. Mert Yildiran
cddccd58fa
Add the missing labels 2024-07-03 17:00:10 +03:00
Alon Girmonsky
3965916837
changed api.kubeshark.co to master.admin.kubeshark.co (#1553) 2024-06-20 16:17:26 -07:00
M. Mert Yildiran
ba1254f7e9
🔖 Bump the Helm chart version to 52.3.68 2024-06-17 04:39:02 +03:00
Alon Girmonsky
df1915cce6
Feature update bpf override (#1551) 
* 🔧 Set worker BPF override from config

* 🔧 Disable `front` BPF override if capture is not `af_packet`

* feature condition change

Extend the feature visibility condition from explicitely using af_packet to not explicitly using ebpf, and therefore supporting all methods other than ebpf

* reversing the logic

fixing the previous comment logic as it was reversed.

---------

Co-authored-by: tiptophelmet <serhii.ponomarenko.jobs@gmail.com>
 2024-06-14 17:33:10 -07:00
M. Mert Yildiran
88ea7120c4
Rename Bpf field of TapConfig struct to BpfOverride 2024-06-12 04:04:11 +03:00
M. Mert Yildiran
f43a61f891
Add Bpf field to TapConfig struct 2024-06-12 04:02:36 +03:00
Alon Girmonsky
77ed1fdefe Merge branch 'master' of github.com:kubeshark/kubeshark 2024-06-08 11:06:31 -07:00
Alon Girmonsky
40177b8fa9 Fixed a bug in the Helm chart that did not 
override the sniffer container once an override Worker config value was present
 2024-06-08 10:58:36 -07:00
Alon Girmonsky
ef84f90cd9 Returned ebpf as an explicit option and af-packet as the default option 2024-05-31 21:00:33 -07:00
Alon Girmonsky
d1cc890cad set kernelModule.enabled default value to false 
As a temporary remady:
1. ebpf and pf-ring become explicit options
2. af_packet becomes the default option
 2024-05-31 20:59:51 -07:00
Alon Girmonsky
a9a75533af set kernelModule.enabled default value to false 
in support for this PR
 2024-05-31 20:59:16 -07:00
Alon Girmonsky
1aef7be3fb
helm clone specific branch 
Added instructions on how to clone a specific branch
 2024-05-28 21:10:32 -07:00
M. Mert Yildiran
c1e812e449
🔖 Bump the Helm chart version to 52.3.59 2024-05-25 05:39:28 +03:00
M. Mert Yildiran
c2b73025f3
Add DisableCgroupIdResolution field to MiscConfig struct 2024-05-25 05:18:41 +03:00
Ilya Gavrilov
359623c538
Add /etc/os-release for tracer sysevents (#1542) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-05-17 12:46:37 +01:00
Volodymyr Stoiko
3798bf7a01
Allow watching nodes (#1543) 
* Allow watching nodes

* restore
 2024-05-17 12:37:45 +01:00
M. Mert Yildiran
487f0b9332
Add OverrideTagConfig field to DockerConfig 2024-05-15 05:39:27 +03:00
radikaled
06e0def53e
Update 14-openshift-security-context-constraints.yaml (#1539) 
Add IPC_LOCK to allowedCapabilities otherwise kubeshark-worker-daemon-set will not deploy.
 2024-05-05 10:45:25 -07:00
M. Mert Yildiran
b88f1c7014
🔖 Bump the Helm chart version to 52.3.0 2024-05-02 23:45:06 +03:00
Alon Girmonsky
f4e2d2f9ca
Use eBPF as a traffic capture source by default if cgroup V2 is enabled. (#1540) 
This behavior can be reversed by setting the `tap.packetCapture`
to a specific source or manually adding the command line property:
`-disable-ebpf` to both the `worker` and the `tracer`
 2024-05-01 16:30:03 -07:00
M. Mert Yildiran
f017020f62
🔖 Bump the Helm chart version to 52.2.39 2024-04-24 16:05:46 +03:00
Alon Girmonsky
32ffa6132d
Fix/disable ebpf by defalt again (#1538) 
* Revert "Revert "as eBPF is a significant feature that can impact many users, this PR is meant (#1532)""

This reverts commit 7ab63ec745.

* Added the missing -disable-ebpf parameters to Tracer
 2024-04-23 15:31:19 -07:00
Alon Girmonsky
0bb0c4b256 Merge branch 'master' of github.com:kubeshark/kubeshark 2024-04-22 17:08:56 -07:00
Alon Girmonsky
28696d2f5c
- Consider cloudLicenseEnabled only if license is empty. If license isn't empty disregard cloudLicenseEnabled (#1536) 2024-04-22 15:14:06 -07:00
Alon Girmonsky
7ab63ec745 Revert "as eBPF is a significant feature that can impact many users, this PR is meant (#1532)" 
This reverts commit 53c3dabcbf.
 2024-04-22 14:57:00 -07:00
Serhii Ponomarenko
5a4901f7bd
License via authentication (#1526) 
* 🔨 Add `cloudLicenseEnabled` helm value

* 🔨 Add `CLOUD_LICENSE_ENABLED` key to `ConfigMap`

* 🔨 Add `REACT_APP_CLOUD_LICENSE_ENABLED` `front` env

* 🎨 Reformat `ConfigStruct`

* 🔧 Set `cloudLicenseEnabled: true` by default

* 🔧 Override auth enabled/type if `cloudLicenseEnabled: true`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-04-21 15:04:08 -07:00
M. Mert Yildiran
5a322fc58a
🔖 Bump the Helm chart version to 52.2.30 2024-04-19 17:59:51 +03:00
Alon Girmonsky
53c3dabcbf
as eBPF is a significant feature that can impact many users, this PR is meant (#1532) 
to provide it NOT as the default option, but require an explicit indication
to use it. To use eBPF instead of AF-PACKET or PF-RING, use:
--set tap.packetCapture=ebpf
 2024-04-18 16:28:31 -07:00
Volodymyr Stoiko
6b6915c7ee
helm: Use proper labels in selectors (#1528) 
* Use proper selectorLabels in daemonset

* Update selector labels in deployments
 2024-04-16 09:02:33 -07:00
M. Mert Yildiran
e819759c2d
🎨 Remove a whitespace in 09-worker-daemon-set.yaml 2024-04-16 00:27:18 +03:00
Ilya Gavrilov
b39c5dd5d3
add net capabilities for tracer (#1525) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-04-15 14:20:44 -07:00
M. Mert Yildiran
0f402789f1
Add TcpStreamChannelTimeoutShow field to MiscConfig 2024-04-15 22:46:18 +03:00
Volodymyr Stoiko
d4fade3599
Extend cluster-role permissions (#1527) 
* Extend cluster-role permissions

* Format

* upd
 2024-04-09 14:20:52 -07:00
M. Mert Yildiran
35c1a88724
🔖 Bump the Helm chart version to 52.2.1 2024-03-28 03:55:03 +03:00
M. Mert Yildiran
fe3f93c91b
Revert srvPort to 30001 2024-03-28 03:54:06 +03:00
M. Mert Yildiran
24aa4db0bc
Bring back the packet-capture flag 2024-03-28 01:42:16 +03:00
M. Mert Yildiran
0b58558f70
🔖 Bump the Helm chart version to 52.2.0 2024-03-27 21:50:27 +03:00
M. Mert Yildiran
3cc9ff8616
🔖 Bump the Helm chart version to 52.1.77 2024-03-19 18:55:27 +03:00
Serhii Ponomarenko
247498492a
Set custom timezone (#1517) 
* 🔨 Add timezone config

* 🔨 Update `complete.yaml`

* 📝 Document `timezone` config

* 📝 Update `timezone` config docs

* 📝 Update `timezone` config docs

* 🔥 Remove unused `TIMEZONE` field from `ConfigMap`

* 🦺 Handle empty `tap.timezone` case

* 🔨 Move `timezone` from `.Values.tap` to `.Values`

* 🔨 Add `timezone` field to helm values

* 🔨 Update `complete.yaml`

* 📝 Update `timezone` config docs

* 🔨 Add `TIMEZONE` field to `ConfigMap`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-03-19 12:06:50 +01:00
M. Mert Yildiran
9162c4fb64
🔖 Bump the Helm chart version to 52.1.75 2024-03-15 20:39:39 +03:00
Serhii Ponomarenko
e7fc7b791a
🐛 Fix front nginx and network policies ports (#1518) 
* 🐛 Use `8080` listen port for front nginx config

* 🐛 Use `8080` ingress port for front/hub network policies
 2024-03-14 15:18:24 -07:00
Volodymyr Stoiko
c0751ad4cb
Switch to lower ports (#1514) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-03-08 21:02:05 -08:00
Serhii Ponomarenko
0aca81fbcb
🔨 Disable scripting, targeted pods update & recording via ConfigMap keys (#1515) 
* 🔨 Add `SCRIPTING_DISABLED` key to `ConfigMap`

* 🔨 Add `TARGETED_PODS_UPDATE_DISABLED` config

* 🔨 Add `RECORDING_DISABLED` key to `ConfigMap`

* 🎨 Reformat `TapConfig`

* 🔨 Update `complete.yaml`
 2024-03-08 20:49:07 -08:00
Volodymyr Stoiko
db607aff16
Add network policies for kubeshark components (#1513) 
* Add explicit network policies for kubeshark components

* allow exact ports

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-03-07 06:37:13 -08:00
M. Mert Yildiran
93de6e8934
🔖 Bump the Helm chart version to 52.1.66 2024-03-06 00:12:02 +03:00
M. Mert Yildiran
68aabf262f
🔖 Bump the Helm chart version to 52.1.63 2024-02-29 01:45:41 +03:00
M. Mert Yildiran
d15e1cca54
🔖 Bump the Helm chart version to 52.1.62 2024-02-29 01:33:28 +03:00
M. Mert Yildiran
a9d2cb5ac2
🔖 Bump the Helm chart version to 52.1.61 2024-02-28 23:43:04 +03:00
M. Mert Yildiran
ddcf973e35
Revert "🔖 Bump the Helm chart version to 52.1.61" 
This reverts commit b6d1804326.
 2024-02-28 23:42:08 +03:00
M. Mert Yildiran
b6d1804326
🔖 Bump the Helm chart version to 52.1.61 2024-02-28 23:39:06 +03:00
Volodymyr Stoiko
6dc12af55b
Add namespace prefix to cluster scope resources (#1506) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-02-28 12:14:03 -08:00
M. Mert Yildiran
8fe0544175
🔨 Remove CHECKPOINT_RESTORE capability from defaults 2024-02-26 21:40:14 +03:00
M. Mert Yildiran
c38bdcd977
🔖 Bump the Helm chart version to 52.1.50 2024-02-20 21:25:10 +03:00
M. Mert Yildiran
c8cd1f57c4
🔖 Bump the Helm chart version to 52.1.45 2024-02-15 19:35:01 +03:00
Alon Girmonsky
6af2d11878
removed cloud URL from config map (#1499) 
1. removed cloud URL from config map
2. added to hub's and worker's deployments
 2024-02-14 13:06:24 -08:00
M. Mert Yildiran
2f899a943c
🔖 Bump the Helm chart version to 52.1.30 2024-02-07 22:43:22 +03:00
Alon Girmonsky
f010f349a1
unixsocket for tracer (#1497) 
- Added `-unixsocket` by default
- In DEBUG mode, added `-dumptracer 100000000`
 2024-02-07 09:50:58 -08:00
iluxa
26e23dc94f
add capability for tracer (#1496) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-02-06 13:38:21 -08:00
Serhii Ponomarenko
6785f024e4
Feature-based SAML authorization (#49) (#1495) 
* 🔨 Add `showAdminConsoleLink` to helm values

* 🔨 Add `ShowAdminConsoleLink` to `TapConfig`

* 🔨 Regenerate `complete.yaml` manifest

* 📝 Update helm-chart `README.md`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-02-06 13:36:32 -08:00
M. Mert Yildiran
92dab2e2f7
🔨 Add PcapErrorTTL field to MiscConfig 2024-02-06 01:32:07 +03:00
Serhii Ponomarenko
18d051af28
🔥 Remove old Descope auth (#1490) 
* 🔥 Remove Descope-related config updates

* 🔥 Remove Descope-related helm values

* 🔥 Remove Descope-related k8s configs

* 🔥 Remove Descope-related fields from `tapConfig`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-31 14:49:55 -08:00
M. Mert Yildiran
cef012d1f3
🐛 Fix the ConfigMap keys of JsonTTL and PcapTTL fields 2024-01-31 16:57:11 +03:00
M. Mert Yildiran
4802cca646
Add MiscConfig struct with has JsonTTL and PcapTTL fields 2024-01-30 02:25:04 +03:00
Alon Girmonsky
4117d008a9
Update README.md 2024-01-28 11:06:18 -08:00
Alon Girmonsky
91e3546196
added a link to the dashboard 2024-01-26 15:38:40 -08:00
Alon Girmonsky
4db2a80675
Add API cloud endpoint env var to hub deployment (#1489) 
* Add API cloud endpoint env var to hub deployment

* Added an env var for api cloud endpoint
 2024-01-26 00:24:38 -08:00
Serhii Ponomarenko
bfa3efd23a
SAML authorization (#1487) 
* 🔨 Add `AUTH_SAML_ROLE_ATTRIBUTE` field to `ConfigMap`

* 📝 Document `tap.auth.saml.roleAttribute/roles` values

* 🔧 Re-generate `complete.yaml`

* 🔥 Remove `default` tag from `SamlConfig.RoleAttribute`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-24 16:05:37 -08:00
M. Mert Yildiran
c48187a02e
🔖 Bump the Helm chart version to 52.1.9 2024-01-24 22:29:38 +03:00
Alon Girmonsky
f6d7510a14
fix the env variable / helm issue (#1486) 
* fix the env variable / helm issue

Empty environment variables can not be read by front.

* change env variable to avoid an empty string
 2024-01-23 21:30:24 -08:00
M. Mert Yildiran
f9e0c36d5f
🔨 Add AUTH_SAML_ROLES field to ConfigMap 2024-01-23 23:22:06 +03:00
Serhii Ponomarenko
a8dd332ff8
SAML integration prototype (#1475) 
* 🔨 Add `AUTH_TYPE` field to `ConfigMap`

* 🔨 Add `AUTH_SAML_IDP_METADATA_URL` field to `ConfigMap`

* 🔨 Add `AUTH_SAML_X509_CRT` field to `Secret`

* 🔨 Add `AUTH_SAML_X509_KEY` field to `Secret`

* 🔨  Mount SAML X.509 key pair into `hub`

* 🔨 Add `REACT_APP_AUTH_TYPE` environment variable to `front`

* 🔧 Add Nginx path rewrite for `/saml`

* 🔧 Raise request size to accept big SAML responses

* 🔨 Add `REACT_APP_AUTH_TYPE` environment default value

* 📝 Update `README.md`

* 📝 Update `README.md`

* 🔨 Add `AUTH_TYPE` config map key

* 🔨 Add `AUTH_SAML_IDP_METADATA_URL` config map key

* ☸ Set `CONFIG_AUTH_TYPE` from `TapConfig`

* ☸ Set `CONFIG_AUTH_SAML_IDP_METADATA_URL` from `TapConfig`

*  Create `SamlConfig` in `TapConfig.AuthConfig`

* 🔨 Use updated `tap.auth.saml.idpMetadataUrl` tap config field

* 📝 Update `README.md`

* 🔨 Add `tap.insgress.enabled/host` to `ConfigMap`

* 🔨 Add `tap.proxy.front.port` to `ConfigMap`

* 🔨 Add `REACT_APP_AUTH_SAML_IDP_METADATA_URL` env to `front`

* 🔧 Supply `auth.saml` fields to `helm-chart/values.yaml`

* 🐛 Fix indentation for X.509 secrets

* 📝 Provide SAML setup docs

* 📝 Update SAML setup docs

* 📝 Update SAML setup docs

* Added callback URL indication

* 💥 Disable standard `Descope` auth

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-23 10:47:29 -08:00
M. Mert Yildiran
6307871584
🔨 Add patch verb to kubeshark-self-config-role 2024-01-23 20:52:04 +03:00
Alon Girmonsky
f2b7df7e02
Global Filter, escaping doublequotes in strings (#1484) 
* Global filter quote change

Global filter uses a single quote as opposed to double quote. This limits the use of `'` inside the string as it can not be escaped. When using double quote ("), single quote can be used and double quote can be escaped as part of a string. An example for a Global Filter string: "redact(\"request.headers.Authorization\", \"request.headers['X-Aws-Ec2-Metadata-Token']\")"

* support escaping double quotes in  the global filter string
 2024-01-19 16:51:33 -08:00
M. Mert Yildiran
b0af52ba9c
🔖 Bump the Helm chart version to 52.1.0 2024-01-18 02:22:20 +03:00
M. Mert Yildiran
ddc1dc3d71
🔨 Add TcpStreamChannelTimeoutMs field to TapConfig struct 2024-01-15 23:00:31 +03:00
M. Mert Yildiran
d99bfea0db
🔨 Rename worker resource requirement to sniffer 2024-01-15 21:14:06 +03:00
Volodymyr Stoiko
bed9d06c59
Pass kernel-module flag only if pf_ring enabled (#1480) 2024-01-14 14:39:32 -08:00
Volodymyr Stoiko
aaeb3ca1eb
Load pf-ring kernel module in init container (#1476) 
* Load kernel module in init container

* Update docs

* Update formatting

* Add pre-stop hook to unload pf_ring module

* Enable hook only on kernel module enabled

* fix template

* Use sidecontainer to unload pf_ring

* Add requirements for tracer into structs

* fix values

* fix typo

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-12 15:49:39 -08:00
Alon Girmonsky
7df35e04a8
Update README.md 
Changed `tap.tls` and `tap.serviceMesh` defaults to `true` following this commit: 8ba3e603a4
 2024-01-12 09:36:34 -08:00
tgaliotto
a5be1a8eaa
add request and limits for tracer container (#1459) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-12 09:30:50 -08:00
M. Mert Yildiran
8ba3e603a4
Add trafficSampleRate field to TapConfig 2024-01-10 18:51:52 +03:00
Volodymyr Stoiko
db51e6dbc2
Add kubeshark-worker-metrics service and document it (#1474) 
* Expose worker metrics

* Add metrics documentation

* upd

* Update metrics port configuration

* Update config/configStructs/tapConfig.go

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update helm-chart/README.md

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update helm-chart/templates/16-worker-service-metrics.yaml

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

---------

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2024-01-04 16:17:22 +03:00
Alon Girmonsky
77878e97f5
Tracer, ServiceMesh - Disable by default and some docs updates (#1472) 
* Disabled Tracer by default

As Tracer requires significantly more resources and elevated security capability, it is recommended to have it disabled by default and enabled on demand.

* Updated the tap.tls default value to false

* added description to the default and global KFL filters

* serviceMesh false by default

As serviceMesh requires elevated security permissions.
Furthermore this capability is required only in a fraction of the userbase. Some service mesh versions/configurations aren't supported. Therefore, it is recommended to start as disabled and enable on-demand

* Update the readme related to the service mesh default value

Set the default value of serviceMesh to false as among other things, it requires elevated security permissions and therefore should be enabled on demand.
 2023-12-30 18:47:26 -08:00
M. Mert Yildiran
36767eda27
🔨 Add KernelModuleConfig struct to TapConfig 2023-12-28 22:09:01 +03:00
Volodymyr Stoiko
6c01078f97
Add PF_RING related changes to docs and helm (#1471) 
* Install pf-ring KMM Module and wait for it

* Add mode configuration

* save

* Update doc

* upd

* toc

* adjust template

* upd

* Add module cr verification job

* upd doc

* Fix binary name

* Add disable mode

* Update PF_RING.md

Some adjustments to the instructions.

* Update 15-pf-ring-kernel-module.yaml

Small syntax err

* upd

* merge master

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2023-12-27 19:01:20 -08:00
M. Mert Yildiran
6c06307d68
🔨 Add GLOBAL_FILTER field to ConfigMap 2023-12-27 23:58:17 +03:00
M. Mert Yildiran
2223cad038
🔨 Add REACT_APP_REPLAY_DISABLED environment variable to front 2023-12-27 22:30:17 +03:00
M. Mert Yildiran
c1fc4447ef
🔨 Move the list of Linux capabilities into values.yaml 2023-12-27 13:14:53 +03:00
M. Mert Yildiran
ea3eecfa04
🔨 Move SCRIPTING_ENV from ConfigMap to Secret 2023-12-25 20:55:26 +03:00
M. Mert Yildiran
51968f2aae
🔨 Add REPLAY_DISABLED field to ConfigMap 2023-12-25 17:34:38 +03:00
M. Mert Yildiran
cc9627c884
🔖 Bump the Helm chart version to 52.0.0 2023-12-19 20:20:43 +03:00
M. Mert Yildiran
d3f2cdbf0e
Add DefaultFilter field to TapConfig 2023-12-18 16:51:55 +03:00
Serhiy Berezin
d3c21a07bb
EFS persistent volume helm deployment support (#1455) 
* EFS persistent volume

docs/14

EFS static and dynamic provision added to default

* Update helm-chart/values.yaml

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Update helm-chart/templates/08-persistent-volume-claim.yaml

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Update config/configStructs/tapConfig.go

Fix format

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Fix format config/configStructs/tapConfig.go

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Improve formatting

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
 2023-12-11 10:52:58 -08:00
M. Mert Yildiran
510d5e5ed8
🔥 Remove REACT_APP_HUB_HOST and REACT_APP_HUB_PORT environment variables 2023-12-07 22:10:11 +03:00
Alon Girmonsky
1070d17e20
Update README.md 
fixing syntax err
 2023-12-05 00:17:36 -08:00
M. Mert Yildiran
6b8beb50ad
🔨 Update the capabilities 2023-12-04 23:31:15 +03:00
M. Mert Yildiran
dd91087157
Add comments to explain the required Linux capabilities 2023-12-04 22:49:31 +03:00
M. Mert Yildiran
cf3ce0180b
🔨 Remove the unnecessary Linux capabilities 2023-12-04 22:39:21 +03:00
M. Mert Yildiran
b4dc321829
🔖 Bump the Helm chart version to 51.0.39 2023-11-22 02:03:56 +03:00
M. Mert Yildiran
7e893a5b52
🔖 Bump the Helm chart version to 51.0.38 2023-11-22 01:03:27 +03:00
M. Mert Yildiran
33dabe8bbf
🔖 Bump the Helm chart version to 51.0.37 2023-11-21 23:20:16 +03:00
M. Mert Yildiran
88f8998df3
🔨 Update the worker pod and run make generate-helm-values && make generate-manifests 2023-11-21 20:24:14 +03:00
Chin K
fc0f6a8452
🔨 Add SecurityContextConstraints for OpenShift (#1451) 
* Added OS route

* Openshift Port-changes

* custom-scc

* custom-scc name update

* Revert "custom-scc name update"

This reverts commit 7e6d96c086.

* Added pre-install hook

* default port

* worker port update

* Update helm-chart/templates/14-kubeshark-scc.yaml

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* SCC only for openshift - capability added

---------

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2023-11-21 20:01:34 +03:00
M. Mert Yildiran
cc9dbbef2e
🔥 Remove tapPcapRunner.go and --pcap flag 2023-11-21 07:17:43 +03:00
M. Mert Yildiran
c94a399bc3
🔖 Bump the Helm chart version to 2023-11-16 21:28:05 +03:00
M. Mert Yildiran
e2ef9eff05
🐛 Add CHECKPOINT_RESTORE Linux capability for kernel versions above 5.9 2023-11-04 00:06:27 +03:00
M. Mert Yildiran
bed59e12ea
🔥 Delete the non-existing field references in _helpers.tpl file 2023-11-02 18:53:17 +03:00