github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2026-05-06 17:27:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

🔖 Bump the Helm chart version to 53.2.5 (#1920)

Browse Source 
Co-authored-by: Alon Girmonsky <alongir@Alons-Mac-Studio.local>
This commit is contained in:
Alon Girmonsky
2026-05-01 13:36:38 -07:00
committed by GitHub
parent 9f5a1a41c0
commit ab81b0c3a7
5 changed files with 180 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
helm-chart/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
name: kubeshark
version: "53.2.3"
version: "53.2.5"
description: The API Traffic Analyzer for Kubernetes
home: https://kubeshark.com
keywords:

2
helm-chart/values.yaml
View File

@@ -188,7 +188,7 @@ tap:
streamingType: connect-rpc
completeStreamingEnabled: true
clusterWideMapEnabled: false
entriesLimit: 300000
entriesLimit: "300000"
telemetry:
enabled: true
resourceGuard:

110
manifests/complete.yaml
View File

@@ -4,10 +4,10 @@ apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
name: kubeshark-hub-network-policy
namespace: default
@@ -33,10 +33,10 @@ apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-front-network-policy
@@ -60,10 +60,10 @@ apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-dex-network-policy
@@ -87,10 +87,10 @@ apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-worker-network-policy
@@ -116,10 +116,10 @@ apiVersion: v1
kind: ServiceAccount
metadata:
labels:
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
name: kubeshark-service-account
namespace: default
@@ -132,10 +132,10 @@ metadata:
namespace: default
labels:
app.kubeshark.com/app: hub
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
stringData:
LICENSE: ''
@@ -151,10 +151,10 @@ metadata:
namespace: default
labels:
app.kubeshark.com/app: hub
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
stringData:
AUTH_SAML_X509_CRT: |
@@ -167,10 +167,10 @@ metadata:
namespace: default
labels:
app.kubeshark.com/app: hub
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
stringData:
AUTH_SAML_X509_KEY: |
@@ -182,10 +182,10 @@ metadata:
name: kubeshark-nginx-config-map
namespace: default
labels:
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
data:
default.conf: |
@@ -252,10 +252,10 @@ metadata:
namespace: default
labels:
app.kubeshark.com/app: hub
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
data:
POD_REGEX: '.*'
@@ -293,7 +293,7 @@ data:
TIMEZONE: ' '
CLOUD_LICENSE_ENABLED: 'true'
DUPLICATE_TIMEFRAME: '200ms'
ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,mongodb,redis,ws,ldap,radius,diameter,udp-flow,tcp-flow,udp-conn,tcp-conn'
ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,mongodb,mysql,postgresql,redis,ws,ldap,radius,diameter,udp-flow,tcp-flow,udp-conn,tcp-conn'
CUSTOM_MACROS: '{"https":"tls and (http or http2)"}'
DISSECTORS_UPDATING_ENABLED: 'true'
SNAPSHOTS_UPDATING_ENABLED: 'true'
@@ -303,7 +303,7 @@ data:
PCAP_TIME_INTERVAL: '1m'
PCAP_MAX_TIME: '1h'
PCAP_MAX_SIZE: '500MB'
PORT_MAPPING: '{"amqp":[5671,5672],"diameter":[3868],"http":[80,443,8080],"kafka":[9092],"ldap":[389],"mongodb":[27017],"redis":[6379]}'
PORT_MAPPING: '{"amqp":[5671,5672],"diameter":[3868],"http":[80,443,8080],"kafka":[9092],"ldap":[389],"mongodb":[27017],"mysql":[3306],"postgresql":[5432],"redis":[6379]}'
RAW_CAPTURE_ENABLED: 'true'
RAW_CAPTURE_STORAGE_SIZE: '1Gi'
---
@@ -312,10 +312,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
name: kubeshark-cluster-role-default
namespace: default
@@ -359,10 +359,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
name: kubeshark-cluster-role-binding-default
namespace: default
@@ -380,10 +380,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-self-config-role
@@ -439,10 +439,10 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-self-config-role-binding
@@ -462,10 +462,10 @@ kind: Service
metadata:
labels:
app.kubeshark.com/app: hub
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
name: kubeshark-hub
namespace: default
@@ -483,10 +483,10 @@ apiVersion: v1
kind: Service
metadata:
labels:
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
name: kubeshark-front
namespace: default
@@ -504,10 +504,10 @@ kind: Service
apiVersion: v1
metadata:
labels:
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
annotations:
prometheus.io/scrape: 'true'
@@ -517,10 +517,10 @@ metadata:
spec:
selector:
app.kubeshark.com/app: worker
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
ports:
- name: metrics
@@ -533,10 +533,10 @@ kind: Service
apiVersion: v1
metadata:
labels:
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
annotations:
prometheus.io/scrape: 'true'
@@ -546,10 +546,10 @@ metadata:
spec:
selector:
app.kubeshark.com/app: hub
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
ports:
- name: metrics
@@ -564,10 +564,10 @@ metadata:
labels:
app.kubeshark.com/app: worker
sidecar.istio.io/inject: "false"
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
name: kubeshark-worker-daemon-set
namespace: default
@@ -581,10 +581,10 @@ spec:
metadata:
labels:
app.kubeshark.com/app: worker
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
name: kubeshark-worker-daemon-set
namespace: kubeshark
@@ -805,10 +805,10 @@ kind: Deployment
metadata:
labels:
app.kubeshark.com/app: hub
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
name: kubeshark-hub
namespace: default
@@ -823,10 +823,10 @@ spec:
metadata:
labels:
app.kubeshark.com/app: hub
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
spec:
dnsPolicy: ClusterFirstWithHostNet
@@ -936,10 +936,10 @@ kind: Deployment
metadata:
labels:
app.kubeshark.com/app: front
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
name: kubeshark-front
namespace: default
@@ -954,10 +954,10 @@ spec:
metadata:
labels:
app.kubeshark.com/app: front
helm.sh/chart: kubeshark-53.2.3
helm.sh/chart: kubeshark-53.2.5
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
app.kubernetes.io/version: "53.2.3"
app.kubernetes.io/version: "53.2.5"
app.kubernetes.io/managed-by: Helm
spec:
containers:
@@ -1006,6 +1006,8 @@ spec:
value: 'false'
- name: REACT_APP_RAW_CAPTURE_ENABLED
value: 'true'
- name: REACT_APP_ENTRIES_LIMIT
value: '300000'
- name: REACT_APP_SENTRY_ENABLED
value: 'false'
- name: REACT_APP_SENTRY_ENVIRONMENT

61
skills/kfl/SKILL.md
View File

@@ -88,13 +88,15 @@ filter term — they're fast and narrow the search space immediately.
|------|----------|------|----------|
| `http` | HTTP/1.1, HTTP/2 | `redis` | Redis |
| `dns` | DNS | `kafka` | Kafka |
| `tls` | TLS/SSL | `amqp` | AMQP |
| `tls` | eBPF TLS interception | `amqp` | AMQP |
| `tcp` | TCP | `ldap` | LDAP |
| `udp` | UDP | `ws` | WebSocket |
| `sctp` | SCTP | `gql` | GraphQL (v1+v2) |
| `icmp` | ICMP | `gqlv1` / `gqlv2` | GraphQL version-specific |
| `radius` | RADIUS | `conn` / `flow` | L4 connection/flow tracking |
| `diameter` | Diameter | `tcp_conn` / `udp_conn` | Transport-specific connections |
| `grpc` | gRPC (HTTP/2 sub-protocol) | `mongodb` | MongoDB |
| `mysql` | MySQL | `radius` | RADIUS |
| `diameter` | Diameter | `conn` / `flow` | L4 connection/flow tracking |
| | | `tcp_conn` / `udp_conn` | Transport-specific connections |
## Kubernetes Context
@@ -112,6 +114,17 @@ dst.service.namespace == "payments"
Pod fields fall back to service data when pod info is unavailable, so
`dst.pod.namespace` works even for service-level entries.
### Summary Name and Namespace
Convenience variables that pick the best available identity for a peer:
```
src.name == "api-gateway" // pod > service > dns > process
dst.name.contains("payment") // works across identity types
src.namespace == "production" // pod namespace, falls back to service
dst.namespace != "kube-system" // exclude system namespace
```
### Aggregate Collections
Match against any direction (src or dst):
@@ -192,8 +205,14 @@ http && request.headers["content-type"] == "application/json"
// GraphQL (subset of HTTP)
gql && method == "POST" && status_code >= 400
// Only eBPF-intercepted TLS traffic (decrypted HTTPS)
tls && http && status_code >= 500
```
> **Note on `tls`**: The `tls` flag is an alias for `capture_source == "ebpf_tls"`.
> It indicates traffic captured via eBPF TLS interception, not TLS protocol dissection.
## DNS Filtering
DNS issues are often the hidden root cause of outages.
@@ -235,6 +254,40 @@ kafka && kafka_request_summary.contains("orders") // Topic filtering
kafka && kafka_size > 10000 // Large messages
```
### MongoDB
```
mongodb && mongodb_command == "find" // Find operations
mongodb && mongodb_collection == "users" // Collection filtering
mongodb && mongodb_database == "mydb" // Database filtering
mongodb && !mongodb_success // Failed operations
mongodb && mongodb_error_code != 0 // Error code filtering
mongodb && mongodb_total_size > 10000 // Large operations
```
### MySQL
```
mysql && mysql_command == "COM_QUERY" // SQL queries
mysql && mysql_query.contains("SELECT") // SELECT statements
mysql && mysql_database == "orders_db" // Database filtering
mysql && !mysql_success // Failed queries
mysql && mysql_error_code != 0 // Error code filtering
mysql && mysql_total_size > 10000 // Large queries
```
### gRPC
gRPC is a sub-protocol of HTTP/2. All HTTP variables are also available on gRPC entries.
```
grpc && grpc_method == "SayHello" // Method filtering
grpc && grpc_status != 0 // Non-OK status codes
grpc && grpc_status == 14 // UNAVAILABLE
grpc && grpc_method.contains("Create") // Method pattern
grpc && elapsed_time > 1000000 // Slow gRPC calls (>1s)
```
### AMQP, LDAP, RADIUS, Diameter
```
@@ -288,7 +341,7 @@ dst.port >= 8000 && dst.port <= 9000
timestamp > timestamp("2026-03-14T22:00:00Z")
timestamp >= timestamp("2026-03-14T22:00:00Z") && timestamp <= timestamp("2026-03-14T23:00:00Z")
timestamp > now() - duration("5m") // Last 5 minutes
elapsed_time > 2000000 // Older than 2 seconds
elapsed_time > 2000000 // Latency > 2 seconds
```
## Building Filters: Progressive Narrowing

70
skills/kfl/references/kfl2-reference.md
View File

@@ -39,7 +39,7 @@ These are the variables you'll reach for in 90% of investigations:
| `index` | int | Entry index for stream uniqueness |
| `stream` | string | Stream identifier (hex string) |
| `timestamp` | timestamp | Event time (UTC), use with `timestamp()` function |
| `elapsed_time` | int | Age since timestamp in microseconds |
| `elapsed_time` | int | Response-request latency in microseconds |
| `worker` | string | Worker identifier |
## Cross-Reference Variables
@@ -67,13 +67,15 @@ Boolean variables indicating detected protocol. Use as first filter term for per
|----------|----------|----------|----------|
| `http` | HTTP/1.1, HTTP/2 | `redis` | Redis |
| `dns` | DNS | `kafka` | Kafka |
| `tls` | TLS/SSL handshake | `amqp` | AMQP messaging |
| `tls` | eBPF TLS interception | `amqp` | AMQP messaging |
| `tcp` | TCP transport | `ldap` | LDAP directory |
| `udp` | UDP transport | `ws` | WebSocket |
| `sctp` | SCTP streaming | `gql` | GraphQL (v1 or v2) |
| `icmp` | ICMP | `gqlv1` | GraphQL v1 only |
| `radius` | RADIUS auth | `gqlv2` | GraphQL v2 only |
| `diameter` | Diameter | `conn` | L4 connection tracking |
| `grpc` | gRPC (HTTP/2 sub-protocol) | `gqlv2` | GraphQL v2 only |
| `mongodb` | MongoDB | `mysql` | MySQL |
| `radius` | RADIUS auth | `diameter` | Diameter |
| | | `conn` | L4 connection tracking |
| `flow` | L4 flow tracking | `tcp_conn` | TCP connection tracking |
| `tcp_flow` | TCP flow tracking | `udp_conn` | UDP connection tracking |
| `udp_flow` | UDP flow tracking | | |
@@ -123,7 +125,7 @@ Supported question types: A, AAAA, NS, CNAME, SOA, MX, TXT, SRV, PTR, ANY.
| Variable | Type | Description | Example |
|----------|------|-------------|---------|
| `tls` | bool | TLS payload detected | |
| `tls` | bool | eBPF TLS interception (alias for `capture_source == "ebpf_tls"`) | |
| `tls_summary` | string | TLS handshake summary | `"ClientHello"`, `"ServerHello"` |
| `tls_info` | string | TLS connection details | `"TLS 1.3, AES-256-GCM"` |
| `tls_request_size` | int | TLS request size in bytes | |
@@ -263,6 +265,55 @@ Supported question types: A, AAAA, NS, CNAME, SOA, MX, TXT, SRV, PTR, ANY.
| `diameter_response_length` | int | Response size (0 if absent) |
| `diameter_total_size` | int | Sum of request + response |
## MongoDB Variables
| Variable | Type | Description | Example |
|----------|------|-------------|---------|
| `mongodb` | bool | MongoDB payload detected | |
| `mongodb_command` | string | Operation type | `"find"`, `"insert"`, `"update"`, `"delete"` |
| `mongodb_database` | string | Database name | `"mydb"` |
| `mongodb_collection` | string | Collection name | `"users"` |
| `mongodb_opcode` | string | Operation opcode name | |
| `mongodb_request_size` | int | Request size in bytes | |
| `mongodb_response_size` | int | Response size in bytes | |
| `mongodb_total_size` | int | Combined request + response size | |
| `mongodb_success` | bool | Operation success status | |
| `mongodb_error_code` | int | Error code | |
| `mongodb_error_message` | string | Error description | |
| `mongodb_error_code_name` | string | Named error code | |
**Example**: `mongodb && mongodb_command == "find" && mongodb_collection == "users"`
## MySQL Variables
| Variable | Type | Description | Example |
|----------|------|-------------|---------|
| `mysql` | bool | MySQL payload detected | |
| `mysql_command` | string | SQL command name | `"COM_QUERY"`, `"COM_STMT_PREPARE"` |
| `mysql_query` | string | Full SQL query text | `"SELECT * FROM users"` |
| `mysql_database` | string | Active database name | `"orders_db"` |
| `mysql_statement_id` | int | Prepared statement identifier | |
| `mysql_request_size` | int | Request payload size in bytes | |
| `mysql_response_size` | int | Response payload size in bytes | |
| `mysql_total_size` | int | Combined request + response size | |
| `mysql_success` | bool | Response OK status | |
| `mysql_error_code` | int | MySQL error code | |
| `mysql_error_message` | string | Error description | |
**Example**: `mysql && mysql_query.contains("SELECT") && !mysql_success`
## gRPC Variables
gRPC is a sub-protocol of HTTP/2. When `grpc` is true, all HTTP variables are also available.
| Variable | Type | Description | Example |
|----------|------|-------------|---------|
| `grpc` | bool | gRPC payload detected | |
| `grpc_method` | string | Trailing method name from gRPC :path | `"SayHello"` (from `/helloworld.Greeter/SayHello`) |
| `grpc_status` | int | gRPC status code from Grpc-Status trailer | `0`=OK, `5`=NOT_FOUND, `14`=UNAVAILABLE; `-1` on non-gRPC |
**Example**: `grpc && grpc_status != 0 && grpc_method.contains("Create")`
## L4 Connection Tracking Variables
| Variable | Type | Description | Example |
@@ -320,6 +371,15 @@ even when only service-level resolution exists.
**Example**: `src.service.name == "api-gateway" && dst.pod.namespace == "production"`
### Summary Name and Namespace
| Variable | Type | Description |
|----------|------|-------------|
| `src.name` | string | Worker-enriched summary name of source (pod > service > dns > process) |
| `dst.name` | string | Worker-enriched summary name of destination |
| `src.namespace` | string | Source namespace with service fallback |
| `dst.namespace` | string | Destination namespace with service fallback |
### Aggregate Collections (Non-Directional)
| Variable | Type | Description |