mirror of
https://github.com/kubeshark/kubeshark.git
synced 2026-03-02 02:22:17 +00:00
Compare commits
20 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
bec0b25daa | ||
|
|
9248f07af0 | ||
|
|
a1e05db4b0 | ||
|
|
b3f6fdc831 | ||
|
|
e0c010eb29 | ||
|
|
d9fedc5bec | ||
|
|
d1b4f9dcb1 | ||
|
|
629fb118e8 | ||
|
|
b7ab3da6d2 | ||
|
|
3027fdab40 | ||
|
|
a7692a664d | ||
|
|
696f3fca93 | ||
|
|
36e47e3080 | ||
|
|
994307f45c | ||
|
ba9b85bb12 | ||
|
|
6a890e6653 | ||
|
|
22766c2983 | ||
|
|
da1d2c5260 | ||
|
|
7b94c9beff | ||
|
f026c3604a |
5
Makefile
5
Makefile
@@ -84,7 +84,8 @@ kubectl-view-kubeshark-resources: ## This command outputs all Kubernetes resourc
|
||||
./kubectl.sh view-kubeshark-resources
|
||||
|
||||
generate-helm-values: ## Generate the Helm values from config.yaml
|
||||
./bin/kubeshark__ config > ./helm-chart/values.yaml && sed -i 's/^license:.*/license: ""/' helm-chart/values.yaml && sed -i '1i # find a detailed description here: https://github.com/kubeshark/kubeshark/blob/master/helm-chart/README.md' helm-chart/values.yaml
|
||||
mv ~/.kubeshark/config.yaml ~/.kubeshark/config.yaml.old; bin/kubeshark__ config>helm-chart/values.yaml;mv ~/.kubeshark/config.yaml.old ~/.kubeshark/config.yaml
|
||||
sed -i 's/^license:.*/license: ""/' helm-chart/values.yaml && sed -i '1i # find a detailed description here: https://github.com/kubeshark/kubeshark/blob/master/helm-chart/README.md' helm-chart/values.yaml
|
||||
|
||||
generate-manifests: ## Generate the manifests from the Helm chart using default configuration
|
||||
helm template kubeshark -n default ./helm-chart > ./manifests/complete.yaml
|
||||
@@ -177,7 +178,7 @@ port-forward:
|
||||
kubectl port-forward $$(kubectl get pods | awk '$$1 ~ /^$(POD_PREFIX)/' | awk 'END {print $$1}') $(SRC_PORT):$(DST_PORT)
|
||||
|
||||
release:
|
||||
@cd ../worker && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) ## && git push origin --tags
|
||||
@cd ../worker && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
|
||||
@cd ../tracer && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
|
||||
@cd ../hub && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
|
||||
@cd ../front && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
|
||||
|
||||
@@ -92,13 +92,6 @@ func runProxy(block bool, noBrowser bool) {
|
||||
establishedProxy = true
|
||||
okToOpen("Kubeshark", frontUrl, noBrowser)
|
||||
}
|
||||
if config.Config.Scripting.Source != "" && config.Config.Scripting.WatchScripts {
|
||||
watchScripts(kubernetesProvider, false)
|
||||
}
|
||||
|
||||
if config.Config.Scripting.Console {
|
||||
go runConsoleWithoutProxy()
|
||||
}
|
||||
if establishedProxy && block {
|
||||
utils.WaitForTermination(ctx, cancel)
|
||||
}
|
||||
|
||||
@@ -70,6 +70,7 @@ func createScript(provider *kubernetes.Provider, script misc.ConfigMapScript) (i
|
||||
}
|
||||
scripts[index] = script
|
||||
|
||||
log.Info().Str("title", script.Title).Bool("Active", script.Active).Int64("Index", index).Msg("Creating script")
|
||||
var data []byte
|
||||
data, err = json.Marshal(scripts)
|
||||
if err != nil {
|
||||
@@ -146,7 +147,7 @@ func watchScripts(provider *kubernetes.Provider, block bool) {
|
||||
index, err := createScript(provider, script.ConfigMap())
|
||||
if err != nil {
|
||||
log.Error().Err(err).Send()
|
||||
return
|
||||
continue
|
||||
}
|
||||
|
||||
files[script.Path] = index
|
||||
|
||||
@@ -82,8 +82,8 @@ func CreateDefaultConfig() ConfigStruct {
|
||||
"redis",
|
||||
"sctp",
|
||||
"syscall",
|
||||
"tcp",
|
||||
"udp",
|
||||
// "tcp",
|
||||
// "udp",
|
||||
"ws",
|
||||
"tls",
|
||||
},
|
||||
|
||||
@@ -46,17 +46,17 @@ const (
|
||||
)
|
||||
|
||||
type ResourceLimitsHub struct {
|
||||
CPU string `yaml:"cpu" json:"cpu" default:""`
|
||||
CPU string `yaml:"cpu" json:"cpu" default:"0"`
|
||||
Memory string `yaml:"memory" json:"memory" default:"5Gi"`
|
||||
}
|
||||
|
||||
type ResourceLimitsWorker struct {
|
||||
CPU string `yaml:"cpu" json:"cpu" default:""`
|
||||
CPU string `yaml:"cpu" json:"cpu" default:"0"`
|
||||
Memory string `yaml:"memory" json:"memory" default:"3Gi"`
|
||||
}
|
||||
|
||||
type ResourceRequests struct {
|
||||
CPU string `yaml:"cpu" json:"cpu" default:""`
|
||||
CPU string `yaml:"cpu" json:"cpu" default:"50m"`
|
||||
Memory string `yaml:"memory" json:"memory" default:"50Mi"`
|
||||
}
|
||||
|
||||
@@ -89,6 +89,11 @@ type ProxyConfig struct {
|
||||
Host string `yaml:"host" json:"host" default:"127.0.0.1"`
|
||||
}
|
||||
|
||||
type OverrideImageConfig struct {
|
||||
Worker string `yaml:"worker" json:"worker"`
|
||||
Hub string `yaml:"hub" json:"hub"`
|
||||
Front string `yaml:"front" json:"front"`
|
||||
}
|
||||
type OverrideTagConfig struct {
|
||||
Worker string `yaml:"worker" json:"worker"`
|
||||
Hub string `yaml:"hub" json:"hub"`
|
||||
@@ -96,12 +101,13 @@ type OverrideTagConfig struct {
|
||||
}
|
||||
|
||||
type DockerConfig struct {
|
||||
Registry string `yaml:"registry" json:"registry" default:"docker.io/kubeshark"`
|
||||
Tag string `yaml:"tag" json:"tag" default:""`
|
||||
TagLocked bool `yaml:"tagLocked" json:"tagLocked" default:"true"`
|
||||
ImagePullPolicy string `yaml:"imagePullPolicy" json:"imagePullPolicy" default:"Always"`
|
||||
ImagePullSecrets []string `yaml:"imagePullSecrets" json:"imagePullSecrets"`
|
||||
OverrideTag OverrideTagConfig `yaml:"overrideTag" json:"overrideTag"`
|
||||
Registry string `yaml:"registry" json:"registry" default:"docker.io/kubeshark"`
|
||||
Tag string `yaml:"tag" json:"tag" default:""`
|
||||
TagLocked bool `yaml:"tagLocked" json:"tagLocked" default:"true"`
|
||||
ImagePullPolicy string `yaml:"imagePullPolicy" json:"imagePullPolicy" default:"Always"`
|
||||
ImagePullSecrets []string `yaml:"imagePullSecrets" json:"imagePullSecrets"`
|
||||
OverrideImage OverrideImageConfig `yaml:"overrideImage" json:"overrideImage"`
|
||||
OverrideTag OverrideTagConfig `yaml:"overrideTag" json:"overrideTag"`
|
||||
}
|
||||
|
||||
type ResourcesConfig struct {
|
||||
@@ -211,7 +217,7 @@ type TapConfig struct {
|
||||
Namespaces []string `yaml:"namespaces" json:"namespaces" default:"[]"`
|
||||
ExcludedNamespaces []string `yaml:"excludedNamespaces" json:"excludedNamespaces" default:"[]"`
|
||||
BpfOverride string `yaml:"bpfOverride" json:"bpfOverride" default:""`
|
||||
Stopped bool `yaml:"stopped" json:"stopped" default:"true"`
|
||||
Stopped bool `yaml:"stopped" json:"stopped" default:"false"`
|
||||
Release ReleaseConfig `yaml:"release" json:"release"`
|
||||
PersistentStorage bool `yaml:"persistentStorage" json:"persistentStorage" default:"false"`
|
||||
PersistentStorageStatic bool `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"`
|
||||
@@ -243,7 +249,7 @@ type TapConfig struct {
|
||||
RecordingDisabled bool `yaml:"recordingDisabled" json:"recordingDisabled" default:"false"`
|
||||
StopTrafficCapturingDisabled bool `yaml:"stopTrafficCapturingDisabled" json:"stopTrafficCapturingDisabled" default:"false"`
|
||||
Capabilities CapabilitiesConfig `yaml:"capabilities" json:"capabilities"`
|
||||
GlobalFilter string `yaml:"globalFilter" json:"globalFilter" default:"timestamp>now()"`
|
||||
GlobalFilter string `yaml:"globalFilter" json:"globalFilter" default:""`
|
||||
EnabledDissectors []string `yaml:"enabledDissectors" json:"enabledDissectors"`
|
||||
Metrics MetricsConfig `yaml:"metrics" json:"metrics"`
|
||||
Pprof PprofConfig `yaml:"pprof" json:"pprof"`
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: kubeshark
|
||||
version: "52.3.84"
|
||||
version: "52.3.88"
|
||||
description: The API Traffic Analyzer for Kubernetes
|
||||
home: https://kubeshark.co
|
||||
keywords:
|
||||
|
||||
@@ -104,6 +104,20 @@ helm install kubeshark kubeshark/kubeshark \
|
||||
|
||||
Please refer to [metrics](./metrics.md) documentation for details.
|
||||
|
||||
## Override Tag, Tags, Images
|
||||
|
||||
In addition to using a private registry, you can further override the images' tag, specific image tags and specific image names.
|
||||
|
||||
Example for overriding image names:
|
||||
|
||||
```yaml
|
||||
docker:
|
||||
overrideImage:
|
||||
worker: docker.io/kubeshark/worker:v52.3.87
|
||||
front: docker.io/kubeshark/front:v52.3.87
|
||||
hub: docker.io/kubeshark/hub:v52.3.87
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
| Parameter | Description | Default |
|
||||
@@ -114,7 +128,8 @@ Please refer to [metrics](./metrics.md) documentation for details.
|
||||
| `tap.docker.tagLocked` | If `false` - use latest minor tag | `true` |
|
||||
| `tap.docker.imagePullPolicy` | Kubernetes image pull policy | `Always` |
|
||||
| `tap.docker.imagePullSecrets` | Kubernetes secrets to pull the images | `[]` |
|
||||
| `tap.docker.overrideTag` | DANGER: Used to override specific images, when testing custom features from the Kubeshark team | `""` |
|
||||
| `tap.docker.overrideImage` | Can be used to directly override image names | `""` |
|
||||
| `tap.docker.overrideTag` | Can be used to override image tags | `""` |
|
||||
| `tap.proxy.hub.srvPort` | Hub server port. Change if already occupied. | `8898` |
|
||||
| `tap.proxy.worker.srvPort` | Worker server port. Change if already occupied.| `30001` |
|
||||
| `tap.proxy.front.port` | Front service port. Change if already occupied.| `8899` |
|
||||
@@ -123,7 +138,7 @@ Please refer to [metrics](./metrics.md) documentation for details.
|
||||
| `tap.namespaces` | Target pods in namespaces | `[]` |
|
||||
| `tap.excludedNamespaces` | Exclude pods in namespaces | `[]` |
|
||||
| `tap.bpfOverride` | When using AF_PACKET as a traffic capture backend, override any existing pod targeting rules and set explicit BPF expression (e.g. `net 0.0.0.0/0`). | `[]` |
|
||||
| `tap.stopped` | Set to `false` to have traffic processing start automatically. When set to `true`, traffic processing is stopped by default, resulting in almost no resource consumption (e.g. Kubeshark is dormant). This property can be dynamically control via the dashboard. | `true` |
|
||||
| `tap.stopped` | Set to `false` to have traffic processing start automatically. When set to `true`, traffic processing is stopped by default, resulting in almost no resource consumption (e.g. Kubeshark is dormant). This property can be dynamically control via the dashboard. | `false` |
|
||||
| `tap.release.repo` | URL of the Helm chart repository | `https://helm.kubeshark.co` |
|
||||
| `tap.release.name` | Helm release name | `kubeshark` |
|
||||
| `tap.release.namespace` | Helm release namespace | `default` |
|
||||
@@ -176,9 +191,9 @@ Please refer to [metrics](./metrics.md) documentation for details.
|
||||
| `tap.sentry.enabled` | Enable sending of error logs to Sentry | `false` |
|
||||
| `tap.sentry.environment` | Sentry environment to label error logs with | `production` |
|
||||
| `tap.defaultFilter` | Sets the default dashboard KFL filter (e.g. `http`). By default, this value is set to filter out noisy protocols such as DNS, UDP, ICMP and TCP. The user can easily change this in the Dashboard. You can also change this value to change this behavior. | `"!dns and !tcp and !udp and !icmp"` |
|
||||
| `tap.globalFilter` | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field. Another example `!dns` will not show any DNS traffic. | `"timestamp>now()"` |
|
||||
| `tap.globalFilter` | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field. Another example `!dns` will not show any DNS traffic. | `""` |
|
||||
| `tap.metrics.port` | Pod port used to expose Prometheus metrics | `49100` |
|
||||
| `tap.enabledDissectors` | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list includes: amqp, dns , http, icmp, kafka, redis,sctp, syscall, tcp, ws. |
|
||||
| `tap.enabledDissectors` | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `dns` and `tcp` |
|
||||
| `logs.file` | Logs dump path | `""` |
|
||||
| `pcapdump.enabled` | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools | `true` |
|
||||
| `pcapdump.maxTime` | The time window into the past that will be stored. Older traffic will be discarded. | `2h` |
|
||||
|
||||
@@ -33,6 +33,17 @@ rules:
|
||||
- get
|
||||
resourceNames:
|
||||
- kube-system
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- networkpolicies
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
|
||||
@@ -51,7 +51,9 @@ spec:
|
||||
value: 'https://api.kubeshark.co'
|
||||
- name: PROFILING_ENABLED
|
||||
value: '{{ .Values.tap.pprof.enabled }}'
|
||||
{{- if .Values.tap.docker.overrideTag.hub }}
|
||||
{{- if .Values.tap.docker.overrideImage.hub }}
|
||||
image: '{{ .Values.tap.docker.overrideImage.hub }}'
|
||||
{{- else if .Values.tap.docker.overrideTag.hub }}
|
||||
image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.overrideTag.hub }}'
|
||||
{{ else }}
|
||||
image: '{{ .Values.tap.docker.registry }}/hub:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}'
|
||||
@@ -79,11 +81,19 @@ spec:
|
||||
port: 8080
|
||||
resources:
|
||||
limits:
|
||||
{{ if ne .Values.tap.resources.hub.limits.cpu "0" }}
|
||||
cpu: {{ .Values.tap.resources.hub.limits.cpu }}
|
||||
{{ end }}
|
||||
{{ if ne .Values.tap.resources.hub.limits.memory "0" }}
|
||||
memory: {{ .Values.tap.resources.hub.limits.memory }}
|
||||
{{ end }}
|
||||
requests:
|
||||
{{ if ne .Values.tap.resources.hub.requests.cpu "0" }}
|
||||
cpu: {{ .Values.tap.resources.hub.requests.cpu }}
|
||||
{{ end }}
|
||||
{{ if ne .Values.tap.resources.hub.requests.memory "0" }}
|
||||
memory: {{ .Values.tap.resources.hub.requests.memory }}
|
||||
{{ end }}
|
||||
volumeMounts:
|
||||
- name: saml-x509-volume
|
||||
mountPath: "/etc/saml/x509"
|
||||
|
||||
@@ -66,7 +66,9 @@ spec:
|
||||
value: '{{ (include "sentry.enabled" .) }}'
|
||||
- name: REACT_APP_SENTRY_ENVIRONMENT
|
||||
value: '{{ .Values.tap.sentry.environment }}'
|
||||
{{- if .Values.tap.docker.overrideTag.front }}
|
||||
{{- if .Values.tap.docker.overrideImage.front }}
|
||||
image: '{{ .Values.tap.docker.overrideImage.front }}'
|
||||
{{- else if .Values.tap.docker.overrideTag.front }}
|
||||
image: '{{ .Values.tap.docker.registry }}/front:{{ .Values.tap.docker.overrideTag.front }}'
|
||||
{{ else }}
|
||||
image: '{{ .Values.tap.docker.registry }}/front:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}'
|
||||
@@ -106,17 +108,6 @@ spec:
|
||||
mountPath: /etc/nginx/conf.d/default.conf
|
||||
subPath: default.conf
|
||||
readOnly: true
|
||||
initContainers:
|
||||
- name: wait-for-kubeshark-hub
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
until nc -z kubeshark-hub 80; do
|
||||
echo "Waiting for kubeshark-hub to be ready..."
|
||||
sleep 5
|
||||
done
|
||||
volumes:
|
||||
- name: nginx-config
|
||||
configMap:
|
||||
|
||||
@@ -83,7 +83,9 @@ spec:
|
||||
{{- if .Values.tap.debug }}
|
||||
- -debug
|
||||
{{- end }}
|
||||
{{- if .Values.tap.docker.overrideTag.worker }}
|
||||
{{- if .Values.tap.docker.overrideImage.worker }}
|
||||
image: '{{ .Values.tap.docker.overrideImage.worker }}'
|
||||
{{- else if .Values.tap.docker.overrideTag.worker }}
|
||||
image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}{{ include "kubeshark.dockerTagDebugVersion" . }}'
|
||||
{{ else }}
|
||||
image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}{{ include "kubeshark.dockerTagDebugVersion" . }}'
|
||||
@@ -123,11 +125,19 @@ spec:
|
||||
value: '{{ .Values.tap.sentry.environment }}'
|
||||
resources:
|
||||
limits:
|
||||
{{ if ne .Values.tap.resources.sniffer.limits.cpu "0" }}
|
||||
cpu: {{ .Values.tap.resources.sniffer.limits.cpu }}
|
||||
{{ end }}
|
||||
{{ if ne .Values.tap.resources.sniffer.limits.memory "0" }}
|
||||
memory: {{ .Values.tap.resources.sniffer.limits.memory }}
|
||||
{{ end }}
|
||||
requests:
|
||||
{{ if ne .Values.tap.resources.sniffer.requests.cpu "0" }}
|
||||
cpu: {{ .Values.tap.resources.sniffer.requests.cpu }}
|
||||
{{ end }}
|
||||
{{ if ne .Values.tap.resources.sniffer.requests.memory "0" }}
|
||||
memory: {{ .Values.tap.resources.sniffer.requests.memory }}
|
||||
{{ end }}
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
@@ -226,11 +236,19 @@ spec:
|
||||
value: '{{ .Values.tap.sentry.environment }}'
|
||||
resources:
|
||||
limits:
|
||||
{{ if ne .Values.tap.resources.tracer.limits.cpu "0" }}
|
||||
cpu: {{ .Values.tap.resources.tracer.limits.cpu }}
|
||||
{{ end }}
|
||||
{{ if ne .Values.tap.resources.tracer.limits.memory "0" }}
|
||||
memory: {{ .Values.tap.resources.tracer.limits.memory }}
|
||||
{{ end }}
|
||||
requests:
|
||||
{{ if ne .Values.tap.resources.tracer.requests.cpu "0" }}
|
||||
cpu: {{ .Values.tap.resources.tracer.requests.cpu }}
|
||||
{{ end }}
|
||||
{{ if ne .Values.tap.resources.tracer.requests.memory "0" }}
|
||||
memory: {{ .Values.tap.resources.tracer.requests.memory }}
|
||||
{{ end }}
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
|
||||
@@ -6,6 +6,10 @@ tap:
|
||||
tagLocked: true
|
||||
imagePullPolicy: Always
|
||||
imagePullSecrets: []
|
||||
overrideImage:
|
||||
worker: ""
|
||||
hub: ""
|
||||
front: ""
|
||||
overrideTag:
|
||||
worker: ""
|
||||
hub: ""
|
||||
@@ -22,7 +26,7 @@ tap:
|
||||
namespaces: []
|
||||
excludedNamespaces: []
|
||||
bpfOverride: ""
|
||||
stopped: true
|
||||
stopped: false
|
||||
release:
|
||||
repo: https://helm.kubeshark.co
|
||||
name: kubeshark
|
||||
@@ -36,24 +40,24 @@ tap:
|
||||
resources:
|
||||
hub:
|
||||
limits:
|
||||
cpu: ""
|
||||
cpu: "0"
|
||||
memory: 5Gi
|
||||
requests:
|
||||
cpu: ""
|
||||
cpu: 50m
|
||||
memory: 50Mi
|
||||
sniffer:
|
||||
limits:
|
||||
cpu: ""
|
||||
cpu: "0"
|
||||
memory: 5Gi
|
||||
requests:
|
||||
cpu: ""
|
||||
cpu: 50m
|
||||
memory: 50Mi
|
||||
tracer:
|
||||
limits:
|
||||
cpu: ""
|
||||
cpu: "0"
|
||||
memory: 5Gi
|
||||
requests:
|
||||
cpu: ""
|
||||
cpu: 50m
|
||||
memory: 50Mi
|
||||
serviceMesh: true
|
||||
tls: true
|
||||
@@ -124,7 +128,7 @@ tap:
|
||||
- SYS_PTRACE
|
||||
- SYS_RESOURCE
|
||||
- IPC_LOCK
|
||||
globalFilter: timestamp>now()
|
||||
globalFilter: ""
|
||||
enabledDissectors:
|
||||
- amqp
|
||||
- dns
|
||||
@@ -134,8 +138,6 @@ tap:
|
||||
- redis
|
||||
- sctp
|
||||
- syscall
|
||||
- tcp
|
||||
- udp
|
||||
- ws
|
||||
- tls
|
||||
metrics:
|
||||
|
||||
@@ -84,7 +84,16 @@ func SetConfig(provider *Provider, key string, value string) (updated bool, err
|
||||
_, err = provider.clientSet.CoreV1().ConfigMaps(config.Config.Tap.Release.Namespace).Update(context.TODO(), configMap, metav1.UpdateOptions{})
|
||||
if err == nil {
|
||||
if updated {
|
||||
log.Info().Str("config", key).Str("value", value).Msg("Updated:")
|
||||
log.Info().
|
||||
Str("config", key).
|
||||
Str("value", func() string {
|
||||
if len(value) > 10 {
|
||||
return value[:10]
|
||||
}
|
||||
return value
|
||||
}()).
|
||||
Int("length", len(value)).
|
||||
Msg("Updated. Printing only 10 first characters of value:")
|
||||
}
|
||||
} else {
|
||||
log.Error().Str("config", key).Err(err).Send()
|
||||
|
||||
@@ -4,10 +4,10 @@ apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
name: kubeshark-hub-network-policy
|
||||
@@ -31,10 +31,10 @@ apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
name: kubeshark-front-network-policy
|
||||
@@ -58,10 +58,10 @@ apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
name: kubeshark-worker-network-policy
|
||||
@@ -87,10 +87,10 @@ apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
name: kubeshark-service-account
|
||||
@@ -104,10 +104,10 @@ metadata:
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubeshark.co/app: hub
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
stringData:
|
||||
LICENSE: ''
|
||||
@@ -121,10 +121,10 @@ metadata:
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubeshark.co/app: hub
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
stringData:
|
||||
AUTH_SAML_X509_CRT: |
|
||||
@@ -137,10 +137,10 @@ metadata:
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubeshark.co/app: hub
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
stringData:
|
||||
AUTH_SAML_X509_KEY: |
|
||||
@@ -152,10 +152,10 @@ metadata:
|
||||
name: kubeshark-nginx-config-map
|
||||
namespace: default
|
||||
labels:
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
data:
|
||||
default.conf: |
|
||||
@@ -216,17 +216,17 @@ metadata:
|
||||
namespace: default
|
||||
labels:
|
||||
app.kubeshark.co/app: hub
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
data:
|
||||
POD_REGEX: '.*'
|
||||
NAMESPACES: ''
|
||||
EXCLUDED_NAMESPACES: ''
|
||||
BPF_OVERRIDE: ''
|
||||
STOPPED: 'true'
|
||||
STOPPED: 'false'
|
||||
SCRIPTING_SCRIPTS: '{}'
|
||||
SCRIPTING_ACTIVE_SCRIPTS: ''
|
||||
INGRESS_ENABLED: 'false'
|
||||
@@ -243,7 +243,7 @@ data:
|
||||
PRESET_FILTERS_CHANGING_ENABLED: 'true'
|
||||
RECORDING_DISABLED: ''
|
||||
STOP_TRAFFIC_CAPTURING_DISABLED: 'false'
|
||||
GLOBAL_FILTER: "timestamp>now()"
|
||||
GLOBAL_FILTER: ""
|
||||
DEFAULT_FILTER: "!dns and !tcp and !udp and !icmp"
|
||||
TRAFFIC_SAMPLE_RATE: '100'
|
||||
JSON_TTL: '5m'
|
||||
@@ -252,7 +252,7 @@ data:
|
||||
TIMEZONE: ' '
|
||||
CLOUD_LICENSE_ENABLED: 'true'
|
||||
DUPLICATE_TIMEFRAME: '200ms'
|
||||
ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,sctp,syscall,tcp,udp,ws,tls'
|
||||
ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,sctp,syscall,ws,tls'
|
||||
DISSECTORS_UPDATING_ENABLED: 'true'
|
||||
DETECT_DUPLICATES: 'false'
|
||||
PCAP_DUMP_ENABLE: 'true'
|
||||
@@ -266,10 +266,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
name: kubeshark-cluster-role-default
|
||||
@@ -297,16 +297,27 @@ rules:
|
||||
- get
|
||||
resourceNames:
|
||||
- kube-system
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- networkpolicies
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- delete
|
||||
---
|
||||
# Source: kubeshark/templates/03-cluster-role-binding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
name: kubeshark-cluster-role-binding-default
|
||||
@@ -325,10 +336,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
name: kubeshark-self-config-role
|
||||
@@ -355,10 +366,10 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
name: kubeshark-self-config-role-binding
|
||||
@@ -378,10 +389,10 @@ kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app.kubeshark.co/app: hub
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
name: kubeshark-hub
|
||||
@@ -400,10 +411,10 @@ apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
name: kubeshark-front
|
||||
@@ -422,10 +433,10 @@ kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
labels:
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
prometheus.io/scrape: 'true'
|
||||
@@ -435,10 +446,10 @@ metadata:
|
||||
spec:
|
||||
selector:
|
||||
app.kubeshark.co/app: worker
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
ports:
|
||||
- name: metrics
|
||||
@@ -453,10 +464,10 @@ metadata:
|
||||
labels:
|
||||
app.kubeshark.co/app: worker
|
||||
sidecar.istio.io/inject: "false"
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
name: kubeshark-worker-daemon-set
|
||||
@@ -471,10 +482,10 @@ spec:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubeshark.co/app: worker
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
name: kubeshark-worker-daemon-set
|
||||
namespace: kubeshark
|
||||
@@ -499,7 +510,7 @@ spec:
|
||||
- 'auto'
|
||||
- -staletimeout
|
||||
- '30'
|
||||
image: 'docker.io/kubeshark/worker:v52.3.84'
|
||||
image: 'docker.io/kubeshark/worker:v52.3.88'
|
||||
imagePullPolicy: Always
|
||||
name: sniffer
|
||||
ports:
|
||||
@@ -529,11 +540,17 @@ spec:
|
||||
value: 'production'
|
||||
resources:
|
||||
limits:
|
||||
cpu:
|
||||
|
||||
|
||||
memory: 5Gi
|
||||
|
||||
requests:
|
||||
cpu:
|
||||
|
||||
cpu: 50m
|
||||
|
||||
|
||||
memory: 50Mi
|
||||
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
@@ -573,7 +590,7 @@ spec:
|
||||
- /hostproc
|
||||
- -disable-ebpf
|
||||
- -disable-tls-log
|
||||
image: 'docker.io/kubeshark/worker:v52.3.84'
|
||||
image: 'docker.io/kubeshark/worker:v52.3.88'
|
||||
imagePullPolicy: Always
|
||||
name: tracer
|
||||
env:
|
||||
@@ -593,11 +610,17 @@ spec:
|
||||
value: 'production'
|
||||
resources:
|
||||
limits:
|
||||
cpu:
|
||||
|
||||
|
||||
memory: 5Gi
|
||||
|
||||
requests:
|
||||
cpu:
|
||||
|
||||
cpu: 50m
|
||||
|
||||
|
||||
memory: 50Mi
|
||||
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
@@ -669,10 +692,10 @@ kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app.kubeshark.co/app: hub
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
name: kubeshark-hub
|
||||
@@ -688,10 +711,10 @@ spec:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubeshark.co/app: hub
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
@@ -719,7 +742,7 @@ spec:
|
||||
value: 'https://api.kubeshark.co'
|
||||
- name: PROFILING_ENABLED
|
||||
value: 'false'
|
||||
image: 'docker.io/kubeshark/hub:v52.3.84'
|
||||
image: 'docker.io/kubeshark/hub:v52.3.88'
|
||||
imagePullPolicy: Always
|
||||
readinessProbe:
|
||||
periodSeconds: 1
|
||||
@@ -737,11 +760,17 @@ spec:
|
||||
port: 8080
|
||||
resources:
|
||||
limits:
|
||||
cpu:
|
||||
|
||||
|
||||
memory: 5Gi
|
||||
|
||||
requests:
|
||||
cpu:
|
||||
|
||||
cpu: 50m
|
||||
|
||||
|
||||
memory: 50Mi
|
||||
|
||||
volumeMounts:
|
||||
- name: saml-x509-volume
|
||||
mountPath: "/etc/saml/x509"
|
||||
@@ -767,10 +796,10 @@ kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app.kubeshark.co/app: front
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
annotations:
|
||||
name: kubeshark-front
|
||||
@@ -786,10 +815,10 @@ spec:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubeshark.co/app: front
|
||||
helm.sh/chart: kubeshark-52.3.84
|
||||
helm.sh/chart: kubeshark-52.3.88
|
||||
app.kubernetes.io/name: kubeshark
|
||||
app.kubernetes.io/instance: kubeshark
|
||||
app.kubernetes.io/version: "52.3.84"
|
||||
app.kubernetes.io/version: "52.3.88"
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
spec:
|
||||
containers:
|
||||
@@ -824,7 +853,7 @@ spec:
|
||||
value: 'false'
|
||||
- name: REACT_APP_SENTRY_ENVIRONMENT
|
||||
value: 'production'
|
||||
image: 'docker.io/kubeshark/front:v52.3.84'
|
||||
image: 'docker.io/kubeshark/front:v52.3.88'
|
||||
imagePullPolicy: Always
|
||||
name: kubeshark-front
|
||||
livenessProbe:
|
||||
@@ -854,17 +883,6 @@ spec:
|
||||
mountPath: /etc/nginx/conf.d/default.conf
|
||||
subPath: default.conf
|
||||
readOnly: true
|
||||
initContainers:
|
||||
- name: wait-for-kubeshark-hub
|
||||
image: busybox
|
||||
command:
|
||||
- sh
|
||||
- -c
|
||||
- |
|
||||
until nc -z kubeshark-hub 80; do
|
||||
echo "Waiting for kubeshark-hub to be ready..."
|
||||
sleep 5
|
||||
done
|
||||
volumes:
|
||||
- name: nginx-config
|
||||
configMap:
|
||||
|
||||
Reference in New Issue
Block a user