github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-09-16 14:53:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,134 Commits 87 Branches 954 Tags
mcp-integration
Commit Graph

85 Commits

Author SHA1 Message Date
Volodymyr Stoiko
56b936b8b8 Add stopAfter option to disable capture when inactive (#1778) 
* Add stopAfter option to disable capture when inactive

* Use 5m dorman

* Add capture stop after flag in hub
 2025-08-12 11:23:16 -07:00
Volodymyr Stoiko
eee3030410 Add priority class configuration for Kubeshark components (#1775) 
* Add priority class into templates

* upd readme

* upd

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-07-28 12:18:45 -07:00
cloudclaim
efe6b0e7b7 chore: fix some minor issues in the comments (#1767) 
Signed-off-by: cloudclaim <824973921@qq.com>
 2025-07-28 12:10:50 -07:00
Volodymyr Stoiko
ed0fb34888 Add secret names to inject env variables from (#1756) 
* Add secrets for inject into hub deployment

* Update notes

* upd

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-05-29 18:24:46 -07:00
Alon Girmonsky
7dcd9eee95 Incerased storage limit from 500Mi to 5Gi (#1755) 2025-05-12 10:34:58 -07:00
Volodymyr Stoiko
7618795fdf Add optional gitops mode (#1748) 2025-04-16 10:18:53 -07:00
Alon Girmonsky
ac5bf9b276 Make changes in default values (#1735) 
* Disable Intercom support by default.
Support can be enabled using a helm flag.

* updated the license notification
as a result of a successful helm installation.

* GenAI assistant enabled by default
 2025-04-07 08:47:37 -07:00
Volodymyr Stoiko
59026d4ad4 Add pvc volumeMode (#1739) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-04-07 08:25:27 -07:00
Serhii Ponomarenko
a6eabbbdee 🔨 Add tap.auth.dexOidc.bypassSslCaCheck flag (#1737) 
* 🔨 Add `tap.auth.dexOidc.bypassSslCaCheck` flag

* 📝 Update docs for Dex SSL CA bypass

* 🔨 Bring back deleted Dex node-selector-terms
 2025-04-04 10:07:02 -07:00
Serhii Ponomarenko
453d27af43 🔨 Create tap.routing.front.basePath flag (#1726) 
* 🔨 Add `tap.routing.front.basePath` helm value

* 🔨 Use `tap.routing.front.basePath` to adjust nginx blocks

* 🔨 Set `front` base path to empty string

* 📝 Update `front` base path docs

* 📝 Add `front` base path example

* 📝 Add base-path to Kubeshark URL in instructions

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-03-24 14:23:41 -07:00
Alon Girmonsky
c95d63feb0 Sentry Enabled By Default (#1721) 
* Update values.yaml

Enable Sentry by default.

* Update README.md
 2025-03-24 14:09:58 -07:00
Serhii Ponomarenko
f85c7dfb4b OIDC support (Dex IdP) (#1722) 
* 🔧 Create dex config-map

* 🔧 Create dex deployment

* 🔧 Create dex service

* 🔧 Create dex network policy

* 🔧 Create dex network policy

* 🔧 Add dex node selector terms

* 🔧 Add a kubeshark-hub static client to dex config

* 🐛 Use correct redirect URI for `kubeshark-hub` client

* 🎨 Remove unused/commented dex config options

* 🔨 Create a helper template to pick Kubeshark client secret

* 🔧 Adjust front deployment env to allow `dex` auth type

* 🔧 Adjust configmap to allow `dex` auth type

* 🔧 Create k8s secret to store dex yaml config

* 🔧 Mount dex-yaml-conf secret into `dex-config.yaml`

* 🔥 Remove sample env var

* 🔧 Create k8s config keys for Dex expiry settings

* 🔧 Create k8s secret key for Dex client secret

* 🔧 Deploy Dex resources if Dex auth is enabled

* 🔧 Move `oauth2StateParamExpiry` under `customSettings`

* 📝 Add basic helm-values docs to set up Dex auth

*  Separate Dex OIDC app settings from configuration

* 📝 Update Dex documentation

* 📝 Update Dex IdP documentation

* 🦺 Add fallback value for OIDC issuer config

* 🦺 Add fallback values for OIDC client ID/secret

* 📝 Update Dex IdP documentation

* 📝 Update Dex IdP documentation

* 📝 Add reference to OIDC docs at `docs.kubeshark.co`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-03-24 14:05:38 -07:00
Volodymyr Stoiko
e47a665d68 Update structs and docs (#1710) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-02-21 09:07:17 -08:00
Alon Girmonsky
95d6655af6 finished templating tap.mountBpf option. (#1711) 2025-02-12 12:28:52 -08:00
Volodymyr Stoiko
ad10212ba5 Add dns config (#1698) 
* Add dnsconfig

* Update templates

* Add dns configuration values

* readme
 2025-01-24 09:14:08 -08:00
Volodymyr Stoiko
ef17eb9fbe Make node selector component specific (#1694) 
* Make node selector component specific

* Update templates

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-22 12:50:17 -08:00
Serhii Ponomarenko
0d5bbd53aa 🔧 Add helm variable to disable live config-map user actions (#1689) 
* 🔧 Add helm variable to disable live config-map user actions

* 🐛 Fix ternary for `PRESET_FILTERS_CHANGING_ENABLED` config

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-18 13:15:46 +02:00
Volodymyr Stoiko
f9c66df528 Update worker liveness/readiness config (#1684) 
* Increase worker init delay to 30s

* Update values

* fix

* Make probe values configurable

* upd

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-08 13:09:51 -08:00
Serhii Ponomarenko
5242d9af07 🛂 Add save/activate/delete role scripting permissions (#1675) 
* 🛂 Add save/activate/delete role scripting permissions

* 🔧 Add scripting permissions to tap-config

* 🔨 Re-generate helm values & `complete.yaml`

* 📝 Add scripting permissions to helm chart docs

* 🏷️ Make scripting permissions `true` by default

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-12-25 12:33:16 -08:00
Volodymyr Stoiko
261a0ca1a9 Replace sniffer 30001 port with 48999 (#1670) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-12-19 12:37:01 -08:00
Alon Girmonsky
dfbb321084 Default startup values change (#1646) 
* updated the defaultFilter default values and docs.

* fixed a small err in the docs
 2024-12-08 14:48:13 -08:00
Volodymyr Stoiko
80d23d62bd Remove PF_RING references (#1638) 
* Remove PF_RING references

* Update values

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-11-05 14:13:50 -08:00
Alon Girmonsky
b3f6fdc831 Added an ability to override image names for a case, where when using a CI, one needs to use individual image names (#1636) 2024-10-31 21:18:13 -07:00
Alon Girmonsky
629fb118e8 Revert "Set resource guard to true by default." 
This reverts commit a7692a664d.
 2024-10-29 21:49:25 -07:00
Alon Girmonsky
a7692a664d Set resource guard to true by default. 2024-10-29 15:11:07 -07:00
Alon Girmonsky
6a890e6653 Removed the timestamp>now() fro the globalFilter flag. 2024-10-25 10:41:06 -07:00
Alon Girmonsky
22766c2983 remove tcp and udp dissectors by default 2024-10-21 13:03:53 -07:00
Alon Girmonsky
da1d2c5260 changed tap.stopped to false by default 2024-10-21 12:59:25 -07:00
Alon Girmonsky
580c612982 added timestamp>now() as a global filter 2024-10-17 12:05:35 -07:00
Alon Girmonsky
7a1cd9afbc set disableTlsLog to true by default. 2024-10-17 10:48:11 -07:00
Alon Girmonsky
816f614ebb change CPU limit to no limit 
Change memory limit to 3Gi
 2024-10-16 11:01:25 -07:00
bogdanvbalan
783aa03b6a Feat pcapsaver (#1621) 
* Add cmd to copy pcaps from worker

* Update commands to merge pcaps

* Remove test img

* Remove usage of http endpoint in copy

* Unify commands

* Add copy flag

* Address review comments

* Update k8s config path processing

* Remove debug prints

* setting the pcapSrcDit to the name of the command

* Update values.yaml

* Remove the start,stop and copy flags

* Clean up the the code a bit
Changed the logic so it's either copy or start/stop.
Works well for a first version.

* Improved the logic

* Changed pcapdump enable flag to boolean

* Added helm value documentation

* minor default configuration changes

* Fix default val for enabled

* Final changes
Cleaned up the helm worker template
Improve the logic a bit

* Code cleanup
Changed instances of `enable` to `enabled` for purpose of consistency
Removed unused helm environment variables

* Enable merging all node files to a single file.
Before the outcome had been a merged file per node.
Now the outcome is a single merged file for all nodes.

* Committed for testing purpose

* Reduced the initial disk foot print to 10MB per node

---------

Co-authored-by: bogdan.balan1 <bogdanvalentin.balan@1nce.com>
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-10-07 08:39:52 -07:00
Volodymyr Stoiko
afa81e7be9 Update README with resource guard configuration (#1623) 2024-09-30 13:06:21 -07:00
M. Mert Yildiran
9144d98d04 Add udp to list of enabled dissectors (#1616) 
* Add `udp` to list of enabled dissectors

* ignore udp as part of a global filter

* have globalFilter ignore udp and icmp

* Have globalFilter ignore udp and icmp

* Update README.md

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-09-25 11:29:21 -07:00
Alon Girmonsky
d61e6ab8eb text change 2024-09-15 14:32:11 -07:00
Alon Girmonsky
b6672661ad text changes 2024-09-15 14:29:02 -07:00
Alon Girmonsky
88c72cda82 🔖 Bump the Helm chart version to 52.3.81 2024-09-14 11:53:26 -07:00
Volodymyr Stoiko
3c6307e93f Add sentry related configurations (#1606) 
* Add sentry configuration

* get helm values

* Add sentry configuration

---------

Co-authored-by: tiptophelmet <serhii.ponomarenko.jobs@gmail.com>
 2024-09-09 16:40:08 -07:00
Volodymyr Stoiko
95637bfce8 Use major version as containers tag (#1594) 
* Respect tagLocked version

* generate proper values

* fix helper

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-09-09 14:38:36 -07:00
Serhii Ponomarenko
32caeb37e4 🔨 Create dissectorsUiEnabled flag (#1599) 
* 🔨 Create `dissectorsUiEnabled` flag

* 🔨 Rename `dissectorsUiEnabled` flag

* 🔨 Add `DISSECTORS_UPDATING_ENABLED` config

* 🔨 Set `dissectorsUpdatingEnabled: true` by default
 2024-08-29 09:36:58 -07:00
Ilya Gavrilov
1dfef1be23 update helm readme (#1596) 2024-08-28 10:38:19 -07:00
Alon Girmonsky
84f2ec944d tcp dissector enabled by default (#1591) 
* tcp dissector enabled by default

* changing the readme

In support of having the `tcp` dissector enabled by default.

* Update values.yaml

* Update complete.yaml

* updated the defaultFilter default value

1. Start with some level of  "noise reduction" (`tcp` and `dns`).
2. Provide a hint how to use a display filter to filter out protocol aliases.

* Update values.yaml

filter out DNS and TCP

* Update complete.yaml

Filter out DNS and TCP

* Update README.md

Filter out TCP and DNS by default
 2024-08-22 17:14:38 -07:00
Alon Girmonsky
9069f10d94 TCP dissector description (#1586) 
* TCP dissector description 

Added a description how to use the TCP dissector.

* removed tcp from complete.yaml
 2024-08-16 17:06:06 -07:00
Alon Girmonsky
e70167c694 Added supported protocol dissectors section 2024-08-12 16:42:18 -07:00
Alon Girmonsky
32136520d8 Slow start (#1576) 
* Start `ExcludedNamespaces` empty by default

* Started Kubeshark with tap.stopped true by default

* Revert "Start `ExcludedNamespaces` empty by default"

This reverts commit 7de515dd3a.

* Start with traffic capture paused by default
Remove any namespaces to exclude by default
 2024-08-06 15:39:42 -07:00
Alon Girmonsky
df0aea1462 stash (#1575) 2024-07-31 15:14:36 -07:00
Alon Girmonsky
a699755858 Way to avoid seeing DNS traffic 2024-07-25 18:43:40 -07:00
Serhii Ponomarenko
7168b5c515 🔨 Add canStopTrafficCapturing SAML authz action (#1565) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-07-18 08:18:03 -07:00
M. Mert Yildiran
c88b3b0ba7 Remove "Replay" function functionality (#1563) 2024-07-16 13:13:08 -07:00
Alon Girmonsky
d1cc890cad set kernelModule.enabled default value to false 
As a temporary remady:
1. ebpf and pf-ring become explicit options
2. af_packet becomes the default option
 2024-05-31 20:59:51 -07:00