From a7b9e09f2b607761de02eb9c0904081153c7f644 Mon Sep 17 00:00:00 2001 From: Volodymyr Stoiko Date: Mon, 17 Nov 2025 10:45:41 -0800 Subject: [PATCH] Add volume for snapshots in hub (#1801) * Add hub snapshots volume * Add snapshot limit into env * fix --- config/configStructs/tapConfig.go | 6 ++++++ helm-chart/README.md | 2 ++ helm-chart/templates/04-hub-deployment.yaml | 12 +++++++++++ helm-chart/templates/09-snapshots-pvc.yaml | 22 +++++++++++++++++++++ helm-chart/values.yaml | 3 +++ 5 files changed, 45 insertions(+) create mode 100644 helm-chart/templates/09-snapshots-pvc.yaml diff --git a/config/configStructs/tapConfig.go b/config/configStructs/tapConfig.go index cd51a866c..714496188 100644 --- a/config/configStructs/tapConfig.go +++ b/config/configStructs/tapConfig.go @@ -305,6 +305,11 @@ type RawCaptureConfig struct { StorageSize string `yaml:"storageSize" json:"storageSize" default:"1Gi"` } +type SnapshotsConfig struct { + StorageClass string `yaml:"storageClass" json:"storageClass" default:""` + StorageSize string `yaml:"storageSize" json:"storageSize" default:"1Gi"` +} + type CaptureConfig struct { Stopped bool `yaml:"stopped" json:"stopped" default:"false"` StopAfter string `yaml:"stopAfter" json:"stopAfter" default:"5m"` @@ -320,6 +325,7 @@ type TapConfig struct { ExcludedNamespaces []string `yaml:"excludedNamespaces" json:"excludedNamespaces" default:"[]"` BpfOverride string `yaml:"bpfOverride" json:"bpfOverride" default:""` Capture CaptureConfig `yaml:"capture" json:"capture"` + Snapshots SnapshotsConfig `yaml:"snapshots" json:"snapshots"` Release ReleaseConfig `yaml:"release" json:"release"` PersistentStorage bool `yaml:"persistentStorage" json:"persistentStorage" default:"false"` PersistentStorageStatic bool `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"` diff --git a/helm-chart/README.md b/helm-chart/README.md index 5d8d4a196..e34a611cc 100644 --- a/helm-chart/README.md +++ b/helm-chart/README.md @@ -143,6 +143,8 @@ Example for overriding image names: | `tap.capture.raw.enabled` | Enable raw capture of packets and syscalls to disk for offline analysis | `false` | | `tap.capture.raw.storageSize` | Maximum storage size for raw capture files (supports K8s quantity format: `1Gi`, `500Mi`, etc.) | `1Gi` | | `tap.capture.dbMaxSize` | Maximum size for capture database (e.g., `4Gi`, `2000Mi`). When empty, automatically uses 80% of allocated storage (`tap.storageLimit`). | `""` | +| `tap.snapshots.storageClass` | Storage class for snapshots volume. When empty, uses `emptyDir`. When set, creates a PVC with this storage class | `""` | +| `tap.snapshots.storageSize` | Storage size for snapshots volume (supports K8s quantity format: `1Gi`, `500Mi`, etc.) | `1Gi` | | `tap.release.repo` | URL of the Helm chart repository | `https://helm.kubeshark.co` | | `tap.release.name` | Helm release name | `kubeshark` | | `tap.release.namespace` | Helm release namespace | `default` | diff --git a/helm-chart/templates/04-hub-deployment.yaml b/helm-chart/templates/04-hub-deployment.yaml index bffc96f62..ec147641c 100644 --- a/helm-chart/templates/04-hub-deployment.yaml +++ b/helm-chart/templates/04-hub-deployment.yaml @@ -38,6 +38,8 @@ spec: - '{{ .Values.logLevel | default "warning" }}' - -capture-stop-after - "{{ if hasKey .Values.tap.capture "stopAfter" }}{{ .Values.tap.capture.stopAfter }}{{ else }}5m{{ end }}" + - -snapshot-size-limit + - '{{ .Values.tap.snapshots.storageSize }}' {{- if .Values.tap.gitops.enabled }} - -gitops {{- end }} @@ -106,6 +108,8 @@ spec: - name: saml-x509-volume mountPath: "/etc/saml/x509" readOnly: true + - name: snapshots-volume + mountPath: "/app/data/snapshots" {{- if gt (len .Values.tap.nodeSelectorTerms.hub) 0}} affinity: nodeAffinity: @@ -167,3 +171,11 @@ spec: items: - key: AUTH_SAML_X509_KEY path: kubeshark.key + - name: snapshots-volume + {{- if .Values.tap.snapshots.storageClass }} + persistentVolumeClaim: + claimName: {{ include "kubeshark.name" . }}-snapshots-pvc + {{- else }} + emptyDir: + sizeLimit: {{ .Values.tap.snapshots.storageSize }} + {{- end }} diff --git a/helm-chart/templates/09-snapshots-pvc.yaml b/helm-chart/templates/09-snapshots-pvc.yaml new file mode 100644 index 000000000..c9270d347 --- /dev/null +++ b/helm-chart/templates/09-snapshots-pvc.yaml @@ -0,0 +1,22 @@ +--- +{{- if .Values.tap.snapshots.storageClass }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + {{- include "kubeshark.labels" . | nindent 4 }} + {{- if .Values.tap.annotations }} + annotations: + {{- toYaml .Values.tap.annotations | nindent 4 }} + {{- end }} + name: {{ include "kubeshark.name" . }}-snapshots-pvc + namespace: {{ .Release.Namespace }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.tap.snapshots.storageSize }} + storageClassName: {{ .Values.tap.snapshots.storageClass }} +status: {} +{{- end }} diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index 4ebfeb0dc..44d1904f5 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -33,6 +33,9 @@ tap: enabled: false storageSize: 1Gi dbMaxSize: 500Mi + snapshots: + storageClass: "" + storageSize: 1Gi release: repo: https://helm.kubeshark.co name: kubeshark