github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2026-05-18 23:27:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,877 Commits 13 Branches 965 Tags
40177b8fa90aaee561c4e4e0a5d677e30b044c43
Commit Graph

89 Commits

Author SHA1 Message Date
Alon Girmonsky
a9a75533af set kernelModule.enabled default value to false 
in support for this PR
 2024-05-31 20:59:16 -07:00
M. Mert Yildiran
c2b73025f3 Add DisableCgroupIdResolution field to MiscConfig struct 2024-05-25 05:18:41 +03:00
M. Mert Yildiran
487f0b9332 Add OverrideTagConfig field to DockerConfig 2024-05-15 05:39:27 +03:00
Serhii Ponomarenko
5a4901f7bd License via authentication (#1526) 
* 🔨 Add `cloudLicenseEnabled` helm value

* 🔨 Add `CLOUD_LICENSE_ENABLED` key to `ConfigMap`

* 🔨 Add `REACT_APP_CLOUD_LICENSE_ENABLED` `front` env

* 🎨 Reformat `ConfigStruct`

* 🔧 Set `cloudLicenseEnabled: true` by default

* 🔧 Override auth enabled/type if `cloudLicenseEnabled: true`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-04-21 15:04:08 -07:00
M. Mert Yildiran
0f402789f1 Add TcpStreamChannelTimeoutShow field to MiscConfig 2024-04-15 22:46:18 +03:00
M. Mert Yildiran
fe3f93c91b Revert srvPort to 30001 2024-03-28 03:54:06 +03:00
M. Mert Yildiran
24aa4db0bc Bring back the packet-capture flag 2024-03-28 01:42:16 +03:00
M. Mert Yildiran
0b58558f70 🔖 Bump the Helm chart version to 52.2.0 2024-03-27 21:50:27 +03:00
Serhii Ponomarenko
247498492a Set custom timezone (#1517) 
* 🔨 Add timezone config

* 🔨 Update `complete.yaml`

* 📝 Document `timezone` config

* 📝 Update `timezone` config docs

* 📝 Update `timezone` config docs

* 🔥 Remove unused `TIMEZONE` field from `ConfigMap`

* 🦺 Handle empty `tap.timezone` case

* 🔨 Move `timezone` from `.Values.tap` to `.Values`

* 🔨 Add `timezone` field to helm values

* 🔨 Update `complete.yaml`

* 📝 Update `timezone` config docs

* 🔨 Add `TIMEZONE` field to `ConfigMap`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-03-19 12:06:50 +01:00
Serhii Ponomarenko
0aca81fbcb 🔨 Disable scripting, targeted pods update & recording via ConfigMap keys (#1515) 
* 🔨 Add `SCRIPTING_DISABLED` key to `ConfigMap`

* 🔨 Add `TARGETED_PODS_UPDATE_DISABLED` config

* 🔨 Add `RECORDING_DISABLED` key to `ConfigMap`

* 🎨 Reformat `TapConfig`

* 🔨 Update `complete.yaml`
 2024-03-08 20:49:07 -08:00
M. Mert Yildiran
ddcf973e35 Revert "🔖 Bump the Helm chart version to 52.1.61" 
This reverts commit b6d1804326.
 2024-02-28 23:42:08 +03:00
M. Mert Yildiran
b6d1804326 🔖 Bump the Helm chart version to 52.1.61 2024-02-28 23:39:06 +03:00
M. Mert Yildiran
8fe0544175 🔨 Remove CHECKPOINT_RESTORE capability from defaults 2024-02-26 21:40:14 +03:00
iluxa
26e23dc94f add capability for tracer (#1496) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-02-06 13:38:21 -08:00
Serhii Ponomarenko
6785f024e4 Feature-based SAML authorization (#49) (#1495) 
* 🔨 Add `showAdminConsoleLink` to helm values

* 🔨 Add `ShowAdminConsoleLink` to `TapConfig`

* 🔨 Regenerate `complete.yaml` manifest

* 📝 Update helm-chart `README.md`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-02-06 13:36:32 -08:00
M. Mert Yildiran
92dab2e2f7 🔨 Add PcapErrorTTL field to MiscConfig 2024-02-06 01:32:07 +03:00
Serhii Ponomarenko
18d051af28 🔥 Remove old Descope auth (#1490) 
* 🔥 Remove Descope-related config updates

* 🔥 Remove Descope-related helm values

* 🔥 Remove Descope-related k8s configs

* 🔥 Remove Descope-related fields from `tapConfig`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-31 14:49:55 -08:00
M. Mert Yildiran
4802cca646 Add MiscConfig struct with has JsonTTL and PcapTTL fields 2024-01-30 02:25:04 +03:00
Serhii Ponomarenko
bfa3efd23a SAML authorization (#1487) 
* 🔨 Add `AUTH_SAML_ROLE_ATTRIBUTE` field to `ConfigMap`

* 📝 Document `tap.auth.saml.roleAttribute/roles` values

* 🔧 Re-generate `complete.yaml`

* 🔥 Remove `default` tag from `SamlConfig.RoleAttribute`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-24 16:05:37 -08:00
M. Mert Yildiran
f9e0c36d5f 🔨 Add AUTH_SAML_ROLES field to ConfigMap 2024-01-23 23:22:06 +03:00
Serhii Ponomarenko
a8dd332ff8 SAML integration prototype (#1475) 
* 🔨 Add `AUTH_TYPE` field to `ConfigMap`

* 🔨 Add `AUTH_SAML_IDP_METADATA_URL` field to `ConfigMap`

* 🔨 Add `AUTH_SAML_X509_CRT` field to `Secret`

* 🔨 Add `AUTH_SAML_X509_KEY` field to `Secret`

* 🔨  Mount SAML X.509 key pair into `hub`

* 🔨 Add `REACT_APP_AUTH_TYPE` environment variable to `front`

* 🔧 Add Nginx path rewrite for `/saml`

* 🔧 Raise request size to accept big SAML responses

* 🔨 Add `REACT_APP_AUTH_TYPE` environment default value

* 📝 Update `README.md`

* 📝 Update `README.md`

* 🔨 Add `AUTH_TYPE` config map key

* 🔨 Add `AUTH_SAML_IDP_METADATA_URL` config map key

* ☸ Set `CONFIG_AUTH_TYPE` from `TapConfig`

* ☸ Set `CONFIG_AUTH_SAML_IDP_METADATA_URL` from `TapConfig`

*  Create `SamlConfig` in `TapConfig.AuthConfig`

* 🔨 Use updated `tap.auth.saml.idpMetadataUrl` tap config field

* 📝 Update `README.md`

* 🔨 Add `tap.insgress.enabled/host` to `ConfigMap`

* 🔨 Add `tap.proxy.front.port` to `ConfigMap`

* 🔨 Add `REACT_APP_AUTH_SAML_IDP_METADATA_URL` env to `front`

* 🔧 Supply `auth.saml` fields to `helm-chart/values.yaml`

* 🐛 Fix indentation for X.509 secrets

* 📝 Provide SAML setup docs

* 📝 Update SAML setup docs

* 📝 Update SAML setup docs

* Added callback URL indication

* 💥 Disable standard `Descope` auth

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-23 10:47:29 -08:00
M. Mert Yildiran
ddc1dc3d71 🔨 Add TcpStreamChannelTimeoutMs field to TapConfig struct 2024-01-15 23:00:31 +03:00
M. Mert Yildiran
d99bfea0db 🔨 Rename worker resource requirement to sniffer 2024-01-15 21:14:06 +03:00
Volodymyr Stoiko
aaeb3ca1eb Load pf-ring kernel module in init container (#1476) 
* Load kernel module in init container

* Update docs

* Update formatting

* Add pre-stop hook to unload pf_ring module

* Enable hook only on kernel module enabled

* fix template

* Use sidecontainer to unload pf_ring

* Add requirements for tracer into structs

* fix values

* fix typo

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-12 15:49:39 -08:00
tgaliotto
a5be1a8eaa add request and limits for tracer container (#1459) 
Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2024-01-12 09:30:50 -08:00
M. Mert Yildiran
8ba3e603a4 Add trafficSampleRate field to TapConfig 2024-01-10 18:51:52 +03:00
Volodymyr Stoiko
db51e6dbc2 Add kubeshark-worker-metrics service and document it (#1474) 
* Expose worker metrics

* Add metrics documentation

* upd

* Update metrics port configuration

* Update config/configStructs/tapConfig.go

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update helm-chart/README.md

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

* Update helm-chart/templates/16-worker-service-metrics.yaml

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

---------

Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2024-01-04 16:17:22 +03:00
Alon Girmonsky
77878e97f5 Tracer, ServiceMesh - Disable by default and some docs updates (#1472) 
* Disabled Tracer by default

As Tracer requires significantly more resources and elevated security capability, it is recommended to have it disabled by default and enabled on demand.

* Updated the tap.tls default value to false

* added description to the default and global KFL filters

* serviceMesh false by default

As serviceMesh requires elevated security permissions.
Furthermore this capability is required only in a fraction of the userbase. Some service mesh versions/configurations aren't supported. Therefore, it is recommended to start as disabled and enable on-demand

* Update the readme related to the service mesh default value

Set the default value of serviceMesh to false as among other things, it requires elevated security permissions and therefore should be enabled on demand.
 2023-12-30 18:47:26 -08:00
M. Mert Yildiran
36767eda27 🔨 Add KernelModuleConfig struct to TapConfig 2023-12-28 22:09:01 +03:00
Volodymyr Stoiko
6c01078f97 Add PF_RING related changes to docs and helm (#1471) 
* Install pf-ring KMM Module and wait for it

* Add mode configuration

* save

* Update doc

* upd

* toc

* adjust template

* upd

* Add module cr verification job

* upd doc

* Fix binary name

* Add disable mode

* Update PF_RING.md

Some adjustments to the instructions.

* Update 15-pf-ring-kernel-module.yaml

Small syntax err

* upd

* merge master

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
 2023-12-27 19:01:20 -08:00
M. Mert Yildiran
6c06307d68 🔨 Add GLOBAL_FILTER field to ConfigMap 2023-12-27 23:58:17 +03:00
M. Mert Yildiran
c1fc4447ef 🔨 Move the list of Linux capabilities into values.yaml 2023-12-27 13:14:53 +03:00
M. Mert Yildiran
51968f2aae 🔨 Add REPLAY_DISABLED field to ConfigMap 2023-12-25 17:34:38 +03:00
M. Mert Yildiran
d3f2cdbf0e Add DefaultFilter field to TapConfig 2023-12-18 16:51:55 +03:00
Serhiy Berezin
d3c21a07bb EFS persistent volume helm deployment support (#1455) 
* EFS persistent volume

docs/14

EFS static and dynamic provision added to default

* Update helm-chart/values.yaml

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Update helm-chart/templates/08-persistent-volume-claim.yaml

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Update config/configStructs/tapConfig.go

Fix format

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Fix format config/configStructs/tapConfig.go

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* Improve formatting

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>
Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
 2023-12-11 10:52:58 -08:00
M. Mert Yildiran
510d5e5ed8 🔥 Remove REACT_APP_HUB_HOST and REACT_APP_HUB_PORT environment variables 2023-12-07 22:10:11 +03:00
Chin K
fc0f6a8452 🔨 Add SecurityContextConstraints for OpenShift (#1451) 
* Added OS route

* Openshift Port-changes

* custom-scc

* custom-scc name update

* Revert "custom-scc name update"

This reverts commit 7e6d96c086.

* Added pre-install hook

* default port

* worker port update

* Update helm-chart/templates/14-kubeshark-scc.yaml

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>

* SCC only for openshift - capability added

---------

Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>
 2023-11-21 20:01:34 +03:00
M. Mert Yildiran
cc9dbbef2e 🔥 Remove tapPcapRunner.go and --pcap flag 2023-11-21 07:17:43 +03:00
M. Mert Yildiran
9c291bbf47 🔨 Disable auth by default 2023-10-27 22:06:07 +03:00
M. Mert Yildiran
62d4c3a86e 🔨 Add ApprovedTenants field to AuthConfig and enable auth by default 2023-10-26 20:27:34 +03:00
M. Mert Yildiran
3b5cd6c77b 🔨 Make the config field tags camelCase 2023-10-25 18:00:32 +03:00
M. Mert Yildiran
0e2bca9729 Revert "🔨 Decrease the default storage limit back to 200Mi" 
This reverts commit b1a40df069.
 2023-10-24 03:10:23 +03:00
M. Mert Yildiran
b1a40df069 🔨 Decrease the default storage limit back to 200Mi 2023-10-24 03:06:02 +03:00
M. Mert Yildiran
a3383ee6cc 🔨 Template the Helm chart versions into Docker tags 2023-10-16 23:19:44 +03:00
M. Mert Yildiran
78481d4bcc 🔥 Delete unused packetcapture field 2023-10-12 18:31:59 +03:00
M. Mert Yildiran
9f1586ab50 🔨 Increase the default storage limit to 500Mi 2023-10-11 20:57:42 +03:00
M. Mert Yildiran
6d79598c5d 🔨 Template -no-kernel-module flag 2023-10-09 21:17:34 +03:00
M. Mert Yildiran
4831b44dfa Revert "🔨 Separate the resources of each container in worker DaemonSet" 
This reverts commit 6add6fb1ec.
 2023-10-04 06:02:19 +03:00
M. Mert Yildiran
6817fd70ab Revert "🔨 Lower the resource limits" 
This reverts commit d0b621070c.
 2023-10-04 06:02:12 +03:00
M. Mert Yildiran
d0b621070c 🔨 Lower the resource limits 2023-09-28 20:39:57 +03:00