github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-08-19 08:59:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,105 Commits 85 Branches 954 Tags 174 MiB
script-activate-on-creation-flag
Commit Graph

261 Commits

Author SHA1 Message Date
tiptophelmet
9bdc77c754 🔨 Add SCRIPTING_ACTIVATE_ON_CREATION config 2025-04-23 20:39:43 +03:00
Volodymyr Stoiko
7618795fdf
Add optional gitops mode (#1748) 2025-04-16 10:18:53 -07:00
Volodymyr Stoiko
4ca9bc8fc0
Run cleanup program instead of kubectl (#1745) 2025-04-16 09:07:31 -07:00
Volodymyr Stoiko
2bee926b4b
Add kubeshark cm and secret -default suffix (#1704) 
* Add kubeshark cm and secret -default suffix

* Add cleanup job

* Add cleanup job

* update cleanup

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-04-08 13:24:34 -07:00
Alon Girmonsky
ac5bf9b276
Make changes in default values (#1735) 
* Disable Intercom support by default.
Support can be enabled using a helm flag.

* updated the license notification
as a result of a successful helm installation.

* GenAI assistant enabled by default
 2025-04-07 08:47:37 -07:00
Volodymyr Stoiko
59026d4ad4
Add pvc volumeMode (#1739) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-04-07 08:25:27 -07:00
Serhii Ponomarenko
a6eabbbdee
🔨 Add tap.auth.dexOidc.bypassSslCaCheck flag (#1737) 
* 🔨 Add `tap.auth.dexOidc.bypassSslCaCheck` flag

* 📝 Update docs for Dex SSL CA bypass

* 🔨 Bring back deleted Dex node-selector-terms
 2025-04-04 10:07:02 -07:00
Volodymyr Stoiko
a914733078
Allow reading logs (#1734) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-04-01 13:29:04 -07:00
Serhii Ponomarenko
59ef0f8f80
🔨 Add tap.dashboard.completeStreamingEnabled flag (#1733) 2025-04-01 13:08:46 -07:00
Serhii Ponomarenko
453d27af43
🔨 Create tap.routing.front.basePath flag (#1726) 
* 🔨 Add `tap.routing.front.basePath` helm value

* 🔨 Use `tap.routing.front.basePath` to adjust nginx blocks

* 🔨 Set `front` base path to empty string

* 📝 Update `front` base path docs

* 📝 Add `front` base path example

* 📝 Add base-path to Kubeshark URL in instructions

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-03-24 14:23:41 -07:00
Serhii Ponomarenko
f85c7dfb4b
OIDC support (Dex IdP) (#1722) 
* 🔧 Create dex config-map

* 🔧 Create dex deployment

* 🔧 Create dex service

* 🔧 Create dex network policy

* 🔧 Create dex network policy

* 🔧 Add dex node selector terms

* 🔧 Add a kubeshark-hub static client to dex config

* 🐛 Use correct redirect URI for `kubeshark-hub` client

* 🎨 Remove unused/commented dex config options

* 🔨 Create a helper template to pick Kubeshark client secret

* 🔧 Adjust front deployment env to allow `dex` auth type

* 🔧 Adjust configmap to allow `dex` auth type

* 🔧 Create k8s secret to store dex yaml config

* 🔧 Mount dex-yaml-conf secret into `dex-config.yaml`

* 🔥 Remove sample env var

* 🔧 Create k8s config keys for Dex expiry settings

* 🔧 Create k8s secret key for Dex client secret

* 🔧 Deploy Dex resources if Dex auth is enabled

* 🔧 Move `oauth2StateParamExpiry` under `customSettings`

* 📝 Add basic helm-values docs to set up Dex auth

*  Separate Dex OIDC app settings from configuration

* 📝 Update Dex documentation

* 📝 Update Dex IdP documentation

* 🦺 Add fallback value for OIDC issuer config

* 🦺 Add fallback values for OIDC client ID/secret

* 📝 Update Dex IdP documentation

* 📝 Update Dex IdP documentation

* 📝 Add reference to OIDC docs at `docs.kubeshark.co`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-03-24 14:05:38 -07:00
Volodymyr Stoiko
0386e57906
Add watchdog option (#1723) 
* add watchdog

* Enable watchdog on sniffer
 2025-03-24 11:02:57 -07:00
Volodymyr Stoiko
e47a665d68
Update structs and docs (#1710) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-02-21 09:07:17 -08:00
Serhii Ponomarenko
f656acea64
🔧 Add aiAssistantEnabled helm value (#1717) 
* 🔧 Add `aiAssistantEnabled` helm value

* 🐛 Add quotes to `AI_ASSISTANT_ENABLED` config val

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-02-21 08:53:27 -08:00
Serhii Ponomarenko
000fb91461
🔧 Enable BPF-override on tap.packetCapture: af_packet (#1712) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-02-20 17:34:54 -08:00
Serhii Ponomarenko
631e5f2d24
🔨 Add demoModeEnabled helm value (#1714) 
* 🔨 Add `demoModeEnabled` helm value

* 🐛 Fix `demoModeEnabled` ternary expressions

* 🦺 Check `demoModeEnabled` existence
 2025-02-20 17:25:58 -08:00
Volodymyr Stoiko
3d4606d439
Worker component security context refactoring (#1707) 
* Add new security context config

* Fine-grained template for securityContext

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-02-03 13:38:41 -08:00
Ilya Gavrilov
46ca7e3ad7
Remove init container; remove -disable-ebpf option (#1706) 
* Remove init container; remove -disable-ebpf option

* Remove init container; remove -disable-ebpf option
 2025-02-03 08:58:32 -08:00
Volodymyr Stoiko
ce7913ce2e
Fix pull secret aligning (#1703) 
* Fix pull secret aligning

* align
 2025-01-29 08:34:43 -08:00
M. Mert Yildiran
f2e60cdee1
Add PortMapping to TapConfig for port number based dissector prioritization (#1700) 2025-01-25 12:10:53 -08:00
Alon Girmonsky
818a9e2bec Moving to eBPF as a default packet capture method. 
Making default packet capture method eBPF, defaulting to AF_PACKET in case eBPF is not available
 2025-01-24 14:24:02 -08:00
Volodymyr Stoiko
ad10212ba5
Add dns config (#1698) 
* Add dnsconfig

* Update templates

* Add dns configuration values

* readme
 2025-01-24 09:14:08 -08:00
Volodymyr Stoiko
ef17eb9fbe
Make node selector component specific (#1694) 
* Make node selector component specific

* Update templates

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-22 12:50:17 -08:00
Alon Girmonsky
aa7c8f36f5
added -disable-tracer option (#1695) 
to the worker daemon set, when `tap.tls=false` is set.
 2025-01-22 12:32:05 -08:00
bogdanvbalan
c92f509863
#528 Remove pcap src from configMap (#1693) 
* Remove pcap src from configMap

* change folder name

keep it simple and short

---------

Co-authored-by: bogdan.balan1 <bogdanvalentin.balan@1nce.com>
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-22 10:10:44 -08:00
Serhii Ponomarenko
0d5bbd53aa
🔧 Add helm variable to disable live config-map user actions (#1689) 
* 🔧 Add helm variable to disable live config-map user actions

* 🐛 Fix ternary for `PRESET_FILTERS_CHANGING_ENABLED` config

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-18 13:15:46 +02:00
Volodymyr Stoiko
f9c66df528
Update worker liveness/readiness config (#1684) 
* Increase worker init delay to 30s

* Update values

* fix

* Make probe values configurable

* upd

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2025-01-08 13:09:51 -08:00
Alon Girmonsky
46ad335446
updated the notes (#1681) 2025-01-06 18:42:17 -08:00
M. Mert Yildiran
639f1deb51
Add CUSTOM_MACROS to ConfigMap (#1674) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-12-25 16:45:03 -08:00
Alon Girmonsky
b377bfe35f
Revert "Revert "Initialize kubeshark pinned eBPF resources inside init container (#1665)" (#1676)" (#1678) 
This reverts commit 12f8883052.
 2024-12-25 16:21:08 -08:00
M. Mert Yildiran
12f8883052
Revert "Initialize kubeshark pinned eBPF resources inside init container (#1665)" (#1676) 
This reverts commit 29de008f22.
 2024-12-25 11:21:51 -08:00
Alon Girmonsky
7eef5efcd9
Added security capabilities, especially IPC_LOCK (#1671) 
to Sniffer in case eBPF traffic capture mechanism is used.
 2024-12-23 16:49:54 -08:00
M. Mert Yildiran
af47154a8d
Revert "Add CUSTOM_MACROS to ConfigMap" 
This reverts commit 17759d296d.
 2024-12-23 21:26:42 +03:00
M. Mert Yildiran
17759d296d
Add CUSTOM_MACROS to ConfigMap 2024-12-23 21:25:11 +03:00
Ilya Gavrilov
29de008f22
Initialize kubeshark pinned eBPF resources inside init container (#1665) 
* Clean kubeshark pinned bpf resources inside init container

* Clean kubeshark pinned bpf resources inside init container

* Update 09-worker-daemon-set.yaml

* add IPC_LOCK capability to sniffer

* add init container to mount bpf filesystem

* add init container to mount bpf filesystem

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-12-19 16:20:13 -08:00
Volodymyr Stoiko
e819e9b697
Add hub metrics port (#1666) 
* Add hub metrics port

* Add policies and service

* Use static 9100 port for hub metrics

* fix

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-12-19 12:06:29 -08:00
Alon Girmonsky
a03aa56d07
removed the loglevel flag (#1669) 
following reverting tracer version: https://github.com/kubeshark/worker/pull/478
 2024-12-16 12:34:51 -08:00
Alon Girmonsky
4cabf13788
from debug to logLevel (#1668) 
* updated helm values

* removed the tap.debug field
from the tapConfig struct

* Revert "removed the tap.debug field"

This reverts commit f911c02f0d.

* support the -d --debug command
with the new logLevel flag
 2024-12-15 17:27:05 -08:00
Volodymyr Stoiko
993b8ae19e
Add permissions to watch namespaces (#1644) 
* Add permissions to watch namespaces

* Allow watching all namespaces

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-12-03 18:32:23 -08:00
Volodymyr Stoiko
8e135d570b
Remove pfring leftovers from ds (#1642) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-11-06 11:11:44 -08:00
Volodymyr Stoiko
4a6628a3e8
Fix helm resource requests/limits templates (#1639) 2024-11-05 13:03:21 -08:00
Alon Girmonsky
a1e05db4b0 Improved resource limits and requests Helm templating 2024-11-02 09:49:45 -07:00
Alon Girmonsky
b3f6fdc831
Added an ability to override image names for a case, where when using a CI, one needs to use individual image names (#1636) 2024-10-31 21:18:13 -07:00
Serhii Ponomarenko
ba9b85bb12
Revert "🐛 Prevent hub host-not-found nginx upstream error in front (#1628)" (#1633) 
This reverts commit cc3f8c86ff.
 2024-10-25 11:31:03 -07:00
Volodymyr Stoiko
f026c3604a
Add networkpolicies permissions (#1631) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-10-19 17:02:42 -07:00
Alon Girmonsky
674a554767
scripting-revamp-1 (#1630) 
* First commit in this PR
Added `scripting.active` as a helm value

* added `scripting.active` to the config struct and the helm chart
this array of strings will include the active script titles

* updated the `active` filed in the script struct

* go mod tidy

* update go ver to 1.21.1
 2024-10-15 10:35:38 -07:00
Serhii Ponomarenko
cc3f8c86ff
🐛 Prevent hub host-not-found nginx upstream error in front (#1628) 
* 🔧 Add `proxy_next_upstream` to retry finding `hub`

* 🔨 Set up `front` init-container to wait for `hub`

* Revert "🔧 Add `proxy_next_upstream` to retry finding `hub`"

This reverts commit 118b173069.

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-10-15 09:48:11 -07:00
Serhii Ponomarenko
223ada3e2b
🔨 Add tap.presetFiltersChangingEnabled helm value (#1627) 
* 🔨 Replace default-filter `front` env with config

* 🔨 Add `tap.presetFiltersChangingEnabled` helm value

* 🔨 Add preset-filters-changing-enabled `front` env

* 🔨 Add preset-filters-changing-enabled config
 2024-10-08 18:24:49 -07:00
bogdanvbalan
783aa03b6a
Feat pcapsaver (#1621) 
* Add cmd to copy pcaps from worker

* Update commands to merge pcaps

* Remove test img

* Remove usage of http endpoint in copy

* Unify commands

* Add copy flag

* Address review comments

* Update k8s config path processing

* Remove debug prints

* setting the pcapSrcDit to the name of the command

* Update values.yaml

* Remove the start,stop and copy flags

* Clean up the the code a bit
Changed the logic so it's either copy or start/stop.
Works well for a first version.

* Improved the logic

* Changed pcapdump enable flag to boolean

* Added helm value documentation

* minor default configuration changes

* Fix default val for enabled

* Final changes
Cleaned up the helm worker template
Improve the logic a bit

* Code cleanup
Changed instances of `enable` to `enabled` for purpose of consistency
Removed unused helm environment variables

* Enable merging all node files to a single file.
Before the outcome had been a merged file per node.
Now the outcome is a single merged file for all nodes.

* Committed for testing purpose

* Reduced the initial disk foot print to 10MB per node

---------

Co-authored-by: bogdan.balan1 <bogdanvalentin.balan@1nce.com>
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-10-07 08:39:52 -07:00
Volodymyr Stoiko
d8b87a90e4
Add resource guard flag (#1622) 
* Add resource-guard flags

* make generate-helm-values

* Add resource guard flag
 2024-09-30 10:39:34 -07:00