Make host-network in worker daemonset configurable (#1803)

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
2026-02-14 10:00:08 +00:00 · 2025-11-25 02:43:48 +02:00
parent 38a13d19e1
commit 25832ce596
4 changed files with 4 additions and 1 deletions
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -369,6 +369,7 @@ type TapConfig struct {
 	Misc                           MiscConfig              `yaml:"misc" json:"misc"`
 	SecurityContext                SecurityContextConfig   `yaml:"securityContext" json:"securityContext"`
 	MountBpf                       bool                    `yaml:"mountBpf" json:"mountBpf" default:"true"`
+	HostNetwork                    bool                    `yaml:"hostNetwork" json:"hostNetwork" default:"true"`
 }

 func (config *TapConfig) PodRegex() *regexp.Regexp {
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@@ -218,6 +218,7 @@ Example for overriding image names:
 | `tap.metrics.port`                  | Pod port used to expose Prometheus metrics          | `49100`                                                  |
 | `tap.enabledDissectors`                   | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `udp` and `tcp` |
 | `tap.mountBpf`                            | BPF filesystem needs to be mounted for eBPF to work properly. This helm value determines whether Kubeshark will attempt to mount the filesystem. This option is not required if filesystem is already mounts. │ `true`|
+| `tap.hostNetwork`                         | Enable host network mode for worker DaemonSet pods. When enabled, worker pods use the host's network namespace for direct network access. | `true` |
 | `tap.gitops.enabled`                          | Enable GitOps functionality. This will allow you to use GitOps to manage your Kubeshark configuration. | `false` |
 | `logs.file`                               | Logs dump path                      | `""`                                                    |
 | `pcapdump.enabled`                        | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools                 | `true`                                                                                                  |
--- a/helm-chart/templates/09-worker-daemon-set.yaml
+++ b/helm-chart/templates/09-worker-daemon-set.yaml
@@ -333,7 +333,7 @@ spec:
              readOnly: true
      {{- end }}
      dnsPolicy: ClusterFirstWithHostNet
-      hostNetwork: true
+      hostNetwork: {{ .Values.tap.hostNetwork }}
      serviceAccountName: {{ include "kubeshark.serviceAccountName" . }}
      {{- if .Values.tap.priorityClass }}
      priorityClassName: {{ .Values.tap.priorityClass | quote }}
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -242,6 +242,7 @@ tap:
      - SYS_RESOURCE
      - IPC_LOCK
  mountBpf: true
+  hostNetwork: true
 logs:
  file: ""
  grep: ""