* 🔧 Set worker BPF override from config
* 🔧 Disable `front` BPF override if capture is not `af_packet`
* feature condition change
Extend the feature visibility condition from explicitely using af_packet to not explicitly using ebpf, and therefore supporting all methods other than ebpf
* reversing the logic
fixing the previous comment logic as it was reversed.
---------
Co-authored-by: tiptophelmet <serhii.ponomarenko.jobs@gmail.com>
This behavior can be reversed by setting the `tap.packetCapture`
to a specific source or manually adding the command line property:
`-disable-ebpf` to both the `worker` and the `tracer`
* Revert "Revert "as eBPF is a significant feature that can impact many users, this PR is meant (#1532)""
This reverts commit 7ab63ec745.
* Added the missing -disable-ebpf parameters to Tracer
to provide it NOT as the default option, but require an explicit indication
to use it. To use eBPF instead of AF-PACKET or PF-RING, use:
--set tap.packetCapture=ebpf
* Global filter quote change
Global filter uses a single quote as opposed to double quote. This limits the use of `'` inside the string as it can not be escaped. When using double quote ("), single quote can be used and double quote can be escaped as part of a string. An example for a Global Filter string: "redact(\"request.headers.Authorization\", \"request.headers['X-Aws-Ec2-Metadata-Token']\")"
* support escaping double quotes in the global filter string
* Expose worker metrics
* Add metrics documentation
* upd
* Update metrics port configuration
* Update config/configStructs/tapConfig.go
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Update helm-chart/templates/16-worker-service-metrics.yaml
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
---------
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Disabled Tracer by default
As Tracer requires significantly more resources and elevated security capability, it is recommended to have it disabled by default and enabled on demand.
* Updated the tap.tls default value to false
* added description to the default and global KFL filters
* serviceMesh false by default
As serviceMesh requires elevated security permissions.
Furthermore this capability is required only in a fraction of the userbase. Some service mesh versions/configurations aren't supported. Therefore, it is recommended to start as disabled and enable on-demand
* Update the readme related to the service mesh default value
Set the default value of serviceMesh to false as among other things, it requires elevated security permissions and therefore should be enabled on demand.
* EFS persistent volume
docs/14
EFS static and dynamic provision added to default
* Update helm-chart/values.yaml
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/templates/08-persistent-volume-claim.yaml
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update config/configStructs/tapConfig.go
Fix format
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Fix format config/configStructs/tapConfig.go
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Improve formatting
---------
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Added OS route
* Openshift Port-changes
* custom-scc
* custom-scc name update
* Revert "custom-scc name update"
This reverts commit 7e6d96c086.
* Added pre-install hook
* default port
* worker port update
* Update helm-chart/templates/14-kubeshark-scc.yaml
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* SCC only for openshift - capability added
---------
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Update README.md
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Update README.md
fixed storage limit and change a title auth+eks
---------
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Add Configuration parameters section
* Change proxy definition
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* Update helm-chart/README.md
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
---------
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
* 🔨 Add `tracer` as a separate container to worker `DaemonSet`
* 🔥 Delete some of the unused connector methods
* 🔨 Set `POD_NAME` and `POD_NAMESPACE` environment variables in worker `DeamonSet`
* 🔨 Set `POD_NAME` and `POD_NAMESPACE` environment variables in hub `Deployment`
* Fix the labels
* Fix the self config role
* Restrict it to specific resource names
* Run `make generate-manifests`
* fixes websocket for nginx-ingress
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* update messagem when helm completes
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* force react port to be a path
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* include Authorization header to the proxy
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* remove hub from proxy
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* remove REACT_APP_HUB_PORT info
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* include path back again to REACT_APP_HUB_PORT
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
---------
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* include role and rolebinding to write secrets
With this, the kubeshark service-account have rights to
update the value of the secrets of the same namespace
where kubeshark was deployed. This was necessary to keep
the value of the license updated
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* Update helm-chart/templates/02-cluster-role.yaml
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Update helm-chart/templates/03-cluster-role-binding.yaml
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Update helm-chart/templates/03-cluster-role-binding.yaml
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Update helm-chart/templates/03-cluster-role-binding.yaml
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Update helm-chart/templates/02-cluster-role.yaml
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
---------
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Give the user hability to set ingress as needed
- Removed unecessary IngressClass.
- If no IngressClassName passed, use cluster's default class
- Renamed `ingressclass` with `IngressClassName`. Is the standard name
used for it.
- Included custom annotations for Ingress. This way user can set any
custom annotation for the ingress only.
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* Update helm-chart/templates/11-ingress.yaml
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Update config/configStructs/tapConfig.go
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Update helm-chart/templates/11-ingress.yaml
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* update default ingressClassName value
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
---------
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* include kubernetes default labels
Using _helpers.tpl to define those labels
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* include Notes with tips after the installs
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* create a standard service account name
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* Update helm-chart/templates/NOTES.txt
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* Update helm-chart/templates/NOTES.txt
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
* fixes ingress and nginx labels
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* fixes new label mapping from values
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
* update makefile to to use correct default namespace and release name to generate manifests
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
---------
Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
