Skip to content

Commit

Permalink
✨ Update the Helm chart
Browse files Browse the repository at this point in the history
  • Loading branch information
@mertyildiran
mertyildiran committed Aug 8, 2024
1 parent 088940f commit 147d796
Show file tree
Hide file tree
Showing 7 changed files with 48 additions and 17 deletions.
2 changes: 1 addition & 1 deletion charts/chart/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: kubeshark
version: "52.3.69"
version: "52.3.73"
description: The API Traffic Analyzer for Kubernetes
home: https://kubeshark.co
keywords:
Expand Down
10 changes: 7 additions & 3 deletions charts/chart/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,7 @@ Please refer to [metrics](./metrics.md) documentation for details.
| `tap.proxy.front.port` | Front-facing service port | `8899` |
| `tap.proxy.host` | Proxy server's IP | `127.0.0.1` |
| `tap.namespaces` | List of namespaces for the traffic capture | `[]` |
| `tap.excludedNamespaces` | List of namespaces to explicitly exclude | `[]` |
| `tap.release.repo` | URL of the Helm chart repository | `https://helm.kubeshark.co` |
| `tap.release.name` | Helm release name | `kubeshark` |
| `tap.release.namespace` | Helm release namespace | `default` |
Expand Down Expand Up @@ -157,7 +158,7 @@ Please refer to [metrics](./metrics.md) documentation for details.
| `tap.auth.saml.x509crt` | A self-signed X.509 `.cert` contents <br/>(effective, if `tap.auth.type = saml`) | `` |
| `tap.auth.saml.x509key` | A self-signed X.509 `.key` contents <br/>(effective, if `tap.auth.type = saml`) | `` |
| `tap.auth.saml.roleAttribute` | A SAML attribute name corresponding to user's authorization role <br/>(effective, if `tap.auth.type = saml`) | `role` |
| `tap.auth.saml.roles` | A list of SAML authorization roles and their permissions <br/>(effective, if `tap.auth.type = saml`) | `{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}` |
| `tap.auth.saml.roles` | A list of SAML authorization roles and their permissions <br/>(effective, if `tap.auth.type = saml`) | `{"admin":{"canDownloadPCAP":true,"canUpdateTargetedPods":true,"canUseScripting":true, "canStopTrafficCapturing":true, "filter":"","showAdminConsoleLink":true}}` |
| `tap.ingress.enabled` | Enable `Ingress` | `false` |
| `tap.ingress.className` | Ingress class name | `""` |
| `tap.ingress.host` | Host of the `Ingress` | `ks.svc.cluster.local` |
Expand All @@ -170,7 +171,9 @@ Please refer to [metrics](./metrics.md) documentation for details.
| `tap.kernelModule.unloadOnDestroy` | Create additional container which watches for pod termination and unloads PF_RING kernel module. | `false`|
| `tap.telemetry.enabled` | Enable anonymous usage statistics collection | `true` |
| `tap.defaultFilter` | Sets the default dashboard KFL filter (e.g. `http`) | `""` |
| `tap.globalFilter` | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field. | `""` |
| `tap.globalFilter` | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field. Another example `!dns` will not show any DNS traffic. | `""` |
| `tap.metrics.port` | Pod port used to expose Prometheus metrics | `49100` |
| `tap.stopped` | A flag indicating whether to start Kubeshark with traffic processing stopped resulting in almost no resource consumption (e.g. Kubeshark is dormant). This property can be dynamically control via the dashboard. | `true` |
| `logs.file` | Logs dump path | `""` |
| `kube.configPath` | Path to the `kubeconfig` file (`$HOME/.kube/config`) | `""` |
| `kube.context` | Kubernetes context to use for the deployment | `""` |
Expand All @@ -180,8 +183,9 @@ Please refer to [metrics](./metrics.md) documentation for details.
| `scripting.env` | Environment variables for the scripting | `{}` |
| `scripting.source` | Source directory of the scripts | `""` |
| `scripting.watchScripts` | Enable watch mode for the scripts in source directory | `true` |
| `tap.metrics.port` | Pod port used to expose Prometheus metrics | `49100` |
| `timezone` | IANA time zone applied to time shown in the front-end | `""` (local time zone applies) |
| `supportChatEnabled` | Enable real-time support chat channel based on Intercom | `true` |
| `internetConnectivity` | Turns off API requests that are dependant on Internet connectivity such as `telemetry` and `online-support`. | `true` |

KernelMapping pairs kernel versions with a
DriverContainer image. Kernel versions can be matched
Expand Down
14 changes: 10 additions & 4 deletions charts/chart/templates/06-front-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ spec:
- name: REACT_APP_DEFAULT_FILTER
value: '{{ not (eq .Values.tap.defaultFilter "") | ternary .Values.tap.defaultFilter " " }}'
- name: REACT_APP_AUTH_ENABLED
value: '{{- if and .Values.cloudLicenseEnabled (not (empty .Values.license)) -}}
value: '{{- if or (and .Values.cloudLicenseEnabled (not (empty .Values.license))) (not .Values.internetConnectivity) -}}
"false"
{{- else -}}
{{ .Values.cloudLicenseEnabled | ternary "true" .Values.tap.auth.enabled }}
Expand All @@ -38,8 +38,6 @@ spec:
value: '{{ not (eq .Values.tap.auth.saml.idpMetadataUrl "") | ternary .Values.tap.auth.saml.idpMetadataUrl " " }}'
- name: REACT_APP_TIMEZONE
value: '{{ not (eq .Values.timezone "") | ternary .Values.timezone " " }}'
- name: REACT_APP_REPLAY_DISABLED
value: '{{ .Values.tap.replayDisabled }}'
- name: REACT_APP_SCRIPTING_DISABLED
value: '{{ .Values.tap.scriptingDisabled }}'
- name: REACT_APP_TARGETED_PODS_UPDATE_DISABLED
Expand All @@ -48,12 +46,20 @@ spec:
value: '{{ eq .Values.tap.packetCapture "ebpf" | ternary "true" "false" }}'
- name: REACT_APP_RECORDING_DISABLED
value: '{{ .Values.tap.recordingDisabled }}'
- name: REACT_APP_STOP_TRAFFIC_CAPTURING_DISABLED
value: '{{- if and .Values.tap.stopTrafficCapturingDisabled .Values.tap.stopped -}}
false
{{- else -}}
{{ .Values.tap.stopTrafficCapturingDisabled | ternary "true" "false" }}
{{- end -}}'
- name: 'REACT_APP_CLOUD_LICENSE_ENABLED'
value: '{{- if and .Values.cloudLicenseEnabled (not (empty .Values.license)) -}}
value: '{{- if or (and .Values.cloudLicenseEnabled (not (empty .Values.license))) (not .Values.internetConnectivity) -}}
"false"
{{- else -}}
{{ .Values.cloudLicenseEnabled }}
{{- end }}'
- name: REACT_APP_SUPPORT_CHAT_ENABLED
value: '{{ and .Values.supportChatEnabled .Values.internetConnectivity | ternary "true" "false" }}'
{{- if .Values.tap.docker.overrideTag.front }}
image: '{{ .Values.tap.docker.registry }}/front:{{ .Values.tap.docker.overrideTag.front }}'
{{ else }}
Expand Down
2 changes: 0 additions & 2 deletions charts/chart/templates/09-worker-daemon-set.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,6 @@ spec:
- '{{ .Values.tap.misc.resolutionStrategy }}'
{{- if .Values.tap.debug }}
- -debug
- -dumptracer
- "100000000"
{{- end }}
{{- if .Values.tap.docker.overrideTag.worker }}
image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}'
Expand Down
12 changes: 10 additions & 2 deletions charts/chart/templates/12-config-map.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,9 @@ metadata:
data:
POD_REGEX: '{{ .Values.tap.regex }}'
NAMESPACES: '{{ gt (len .Values.tap.namespaces) 0 | ternary (join "," .Values.tap.namespaces) "" }}'
EXCLUDED_NAMESPACES: '{{ gt (len .Values.tap.excludedNamespaces) 0 | ternary (join "," .Values.tap.excludedNamespaces) "" }}'
BPF_OVERRIDE: '{{ .Values.tap.bpfOverride }}'
STOPPED: '{{ .Values.tap.stopped | ternary "true" "false" }}'
SCRIPTING_SCRIPTS: '{}'
INGRESS_ENABLED: '{{ .Values.tap.ingress.enabled }}'
INGRESS_HOST: '{{ .Values.tap.ingress.host }}'
Expand All @@ -23,11 +25,15 @@ data:
AUTH_SAML_IDP_METADATA_URL: '{{ .Values.tap.auth.saml.idpMetadataUrl }}'
AUTH_SAML_ROLE_ATTRIBUTE: '{{ .Values.tap.auth.saml.roleAttribute }}'
AUTH_SAML_ROLES: '{{ .Values.tap.auth.saml.roles | toJson }}'
TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}'
REPLAY_DISABLED: '{{ .Values.tap.replayDisabled | ternary "true" "" }}'
TELEMETRY_DISABLED: '{{ not .Values.internetConnectivity | ternary "true" (not .Values.tap.telemetry.enabled | ternary "true" "") }}'
SCRIPTING_DISABLED: '{{ .Values.tap.scriptingDisabled | ternary "true" "" }}'
TARGETED_PODS_UPDATE_DISABLED: '{{ .Values.tap.targetedPodsUpdateDisabled | ternary "true" "" }}'
RECORDING_DISABLED: '{{ .Values.tap.recordingDisabled | ternary "true" "" }}'
STOP_TRAFFIC_CAPTURING_DISABLED: '{{- if and .Values.tap.stopTrafficCapturingDisabled .Values.tap.stopped -}}
false
{{- else -}}
{{ .Values.tap.stopTrafficCapturingDisabled | ternary "true" "false" }}
{{- end }}'
GLOBAL_FILTER: {{ include "kubeshark.escapeDoubleQuotes" .Values.tap.globalFilter | quote }}
TRAFFIC_SAMPLE_RATE: '{{ .Values.tap.misc.trafficSampleRate }}'
JSON_TTL: '{{ .Values.tap.misc.jsonTTL }}'
Expand All @@ -39,4 +45,6 @@ data:
{{- else -}}
{{ .Values.cloudLicenseEnabled }}
{{- end }}'
DUPLICATE_TIMEFRAME: '{{ .Values.tap.misc.duplicateTimeframe }}'
ENABLED_DISSECTORS: '{{ gt (len .Values.tap.enabledDissectors) 0 | ternary (join "," .Values.tap.enabledDissectors) "" }}'

5 changes: 2 additions & 3 deletions charts/chart/templates/15-worker-service-metrics.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,13 @@ metadata:
labels:
{{- include "kubeshark.labels" . | nindent 4 }}
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '{{ .Values.tap.metrics.port }}'
{{- if .Values.tap.annotations }}
{{- toYaml .Values.tap.annotations | nindent 4 }}
{{- end }}
name: kubeshark-worker-metrics
namespace: {{ .Release.Namespace }}
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '{{ .Values.tap.metrics.port }}'
spec:
selector:
app.kubeshark.co/app: worker
Expand Down
20 changes: 18 additions & 2 deletions charts/chart/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@ tap:
host: 127.0.0.1
regex: .*
namespaces: []
excludedNamespaces: []
bpfOverride: ""
stopped: true
release:
repo: https://helm.kubeshark.co
name: kubeshark
Expand Down Expand Up @@ -74,10 +76,10 @@ tap:
roles:
admin:
filter: ""
canReplayTraffic: true
canDownloadPCAP: true
canUseScripting: true
canUpdateTargetedPods: true
canStopTrafficCapturing: true
showAdminConsoleLink: true
ingress:
enabled: false
Expand All @@ -94,10 +96,10 @@ tap:
telemetry:
enabled: true
defaultFilter: ""
replayDisabled: false
scriptingDisabled: false
targetedPodsUpdateDisabled: false
recordingDisabled: false
stopTrafficCapturingDisabled: false
capabilities:
networkCapture:
- NET_RAW
Expand All @@ -114,6 +116,17 @@ tap:
- SYS_RESOURCE
- IPC_LOCK
globalFilter: ""
enabledDissectors:
- amqp
- dns
- http
- icmp
- kafka
- redis
- sctp
- syscall
- tcp
- ws
metrics:
port: 49100
misc:
Expand All @@ -125,6 +138,7 @@ tap:
tcpStreamChannelTimeoutShow: false
resolutionStrategy: auto
profile: false
duplicateTimeframe: 200ms
logs:
file: ""
grep: ""
Expand All @@ -135,6 +149,8 @@ dumpLogs: false
headless: false
license: ""
cloudLicenseEnabled: true
supportChatEnabled: true
internetConnectivity: true
scripting:
env: {}
source: ""
Expand Down

0 comments on commit 147d796

Please sign in to comment.