mirror of
https://github.com/kubeshark/kubeshark.git
synced 2025-10-20 06:51:03 +00:00
288 lines
6.2 KiB
YAML
288 lines
6.2 KiB
YAML
---
|
|
# Source: kubeshark/templates/00-namespace.yaml
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
annotations:
|
|
name: kubeshark
|
|
spec: {}
|
|
status: {}
|
|
---
|
|
# Source: kubeshark/templates/01-service-account.yaml
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
annotations:
|
|
name: kubeshark-service-account
|
|
namespace: kubeshark
|
|
---
|
|
# Source: kubeshark/templates/02-cluster-role.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
annotations:
|
|
name: kubeshark-cluster-role
|
|
namespace: kubeshark
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
- extensions
|
|
- apps
|
|
- networking.k8s.io
|
|
resources:
|
|
- pods
|
|
- services
|
|
- endpoints
|
|
- persistentvolumeclaims
|
|
- ingresses
|
|
verbs:
|
|
- list
|
|
- get
|
|
- watch
|
|
---
|
|
# Source: kubeshark/templates/03-cluster-role-binding.yaml
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
annotations:
|
|
name: kubeshark-cluster-role-binding
|
|
namespace: kubeshark
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: kubeshark-cluster-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: kubeshark-service-account
|
|
namespace: kubeshark
|
|
---
|
|
# Source: kubeshark/templates/05-hub-service.yaml
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
annotations:
|
|
name: kubeshark-hub
|
|
namespace: kubeshark
|
|
spec:
|
|
ports:
|
|
- name: kubeshark-hub
|
|
port: 80
|
|
targetPort: 80
|
|
selector:
|
|
app: kubeshark-hub
|
|
type: NodePort
|
|
status:
|
|
loadBalancer: {}
|
|
---
|
|
# Source: kubeshark/templates/07-front-service.yaml
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
annotations:
|
|
name: kubeshark-front
|
|
namespace: kubeshark
|
|
spec:
|
|
ports:
|
|
- name: kubeshark-front
|
|
port: 80
|
|
targetPort: 80
|
|
selector:
|
|
app: kubeshark-front
|
|
type: NodePort
|
|
status:
|
|
loadBalancer: {}
|
|
---
|
|
# Source: kubeshark/templates/09-worker-daemon-set.yaml
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
app: kubeshark-worker-daemon-set
|
|
annotations:
|
|
name: kubeshark-worker-daemon-set
|
|
namespace: kubeshark
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: kubeshark-worker-daemon-set
|
|
template:
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
app: kubeshark-worker-daemon-set
|
|
name: kubeshark-worker-daemon-set
|
|
namespace: kubeshark
|
|
spec:
|
|
containers:
|
|
- command:
|
|
- './worker'
|
|
- -i
|
|
- any
|
|
- -port
|
|
- '8897'
|
|
- -packet-capture
|
|
- 'libpcap'
|
|
- -servicemesh
|
|
- -tls
|
|
- -procfs
|
|
- /hostproc
|
|
image: 'docker.io/kubeshark/worker:latest'
|
|
imagePullPolicy: Always
|
|
name: kubeshark-worker-daemon-set
|
|
ports:
|
|
- containerPort: 8897
|
|
hostPort: 8897
|
|
resources:
|
|
limits:
|
|
cpu: 750m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 50m
|
|
memory: 50Mi
|
|
securityContext:
|
|
capabilities:
|
|
add:
|
|
- NET_RAW
|
|
- NET_ADMIN
|
|
- SYS_ADMIN
|
|
- SYS_PTRACE
|
|
- DAC_OVERRIDE
|
|
- SYS_RESOURCE
|
|
drop:
|
|
- ALL
|
|
volumeMounts:
|
|
- mountPath: /hostproc
|
|
name: proc
|
|
readOnly: true
|
|
- mountPath: /sys
|
|
name: sys
|
|
readOnly: true
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
hostNetwork: true
|
|
serviceAccountName: kubeshark-service-account
|
|
terminationGracePeriodSeconds: 0
|
|
tolerations:
|
|
- effect: NoExecute
|
|
operator: Exists
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
volumes:
|
|
- hostPath:
|
|
path: /proc
|
|
name: proc
|
|
- hostPath:
|
|
path: /sys
|
|
name: sys
|
|
---
|
|
# Source: kubeshark/templates/04-hub-pod.yaml
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
app: kubeshark-hub
|
|
annotations:
|
|
name: kubeshark-hub
|
|
namespace: kubeshark
|
|
spec:
|
|
containers:
|
|
- command:
|
|
- ./hub
|
|
env:
|
|
- name: POD_REGEX
|
|
value: '.*'
|
|
- name: NAMESPACES
|
|
value: ''
|
|
- name: LICENSE
|
|
value: ''
|
|
- name: SCRIPTING_ENV
|
|
value: '{}'
|
|
- name: SCRIPTING_SCRIPTS
|
|
value: '[]'
|
|
- name: AUTH_APPROVED_DOMAINS
|
|
value: ''
|
|
image: 'docker.io/kubeshark/hub:latest'
|
|
imagePullPolicy: Always
|
|
name: kubeshark-hub
|
|
ports:
|
|
- containerPort: 80
|
|
hostPort: 8898
|
|
resources:
|
|
limits:
|
|
cpu: 750m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 50m
|
|
memory: 50Mi
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
serviceAccountName: kubeshark-service-account
|
|
terminationGracePeriodSeconds: 0
|
|
tolerations:
|
|
- effect: NoExecute
|
|
operator: Exists
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
status: {}
|
|
---
|
|
# Source: kubeshark/templates/06-front-pod.yaml
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
creationTimestamp: null
|
|
labels:
|
|
app: kubeshark-front
|
|
annotations:
|
|
name: kubeshark-front
|
|
namespace: kubeshark
|
|
spec:
|
|
containers:
|
|
- env:
|
|
- name: REACT_APP_DEFAULT_FILTER
|
|
value: ' '
|
|
- name: REACT_APP_HUB_HOST
|
|
value: ' '
|
|
- name: REACT_APP_HUB_PORT
|
|
value: '8898'
|
|
image: 'docker.io/kubeshark/front:latest'
|
|
imagePullPolicy: Always
|
|
name: kubeshark-front
|
|
ports:
|
|
- containerPort: 80
|
|
hostPort: 8899
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
periodSeconds: 1
|
|
successThreshold: 1
|
|
tcpSocket:
|
|
port: 80
|
|
timeoutSeconds: 1
|
|
resources:
|
|
limits:
|
|
cpu: 750m
|
|
memory: 1Gi
|
|
requests:
|
|
cpu: 50m
|
|
memory: 50Mi
|
|
dnsPolicy: ClusterFirstWithHostNet
|
|
serviceAccountName: kubeshark-service-account
|
|
terminationGracePeriodSeconds: 0
|
|
tolerations:
|
|
- effect: NoExecute
|
|
operator: Exists
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
status: {}
|