Merge pull request #889 from up9inc/develop

develop -> main (Release 29.0) #major
Adding dev latest tag for each pre-release docker (#888 )
2026-02-15 02:19:54 +00:00 · 2022-03-13 10:30:12 +02:00 · 2022-03-13 09:47:49 +02:00 · 2022-03-10 17:26:56 +02:00 · 2022-03-09 17:52:55 +02:00 · 2022-03-09 11:19:11 +02:00
79 changed files with 10411 additions and 8567 deletions
--- a/.github/workflows/acceptance_tests.yml
+++ b/.github/workflows/acceptance_tests.yml
@@ -22,7 +22,7 @@ jobs:
        uses: actions/checkout@v2

      - name: Setup acceptance test
-        run: source ./acceptanceTests/setup.sh
+        run: ./acceptanceTests/setup.sh

      - name: Create k8s users and change context
        env:
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -15,15 +15,23 @@ jobs:
    name: CLI executable build
    runs-on: ubuntu-latest
    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+      
+      - name: Check modified files
+        id: modified_files
+        run: devops/check_modified_files.sh cli/
+
      - name: Set up Go 1.17
+        if: steps.modified_files.outputs.matched == 'true'
        uses: actions/setup-go@v2
        with:
          go-version: '1.17'

-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-
      - name: Build CLI
+        if: steps.modified_files.outputs.matched == 'true'
        run: make cli

  build-agent:
@@ -32,6 +40,23 @@ jobs:
    steps:
      - name: Check out code into the Go module directory
        uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+      
+      - name: Check modified files
+        id: modified_files
+        run: devops/check_modified_files.sh agent/ shared/ tap/ ui/ Dockerfile

-      - name: Build Agent
-        run: make agent-docker
+      - name: Set up Docker Buildx
+        if: steps.modified_files.outputs.matched == 'true'
+        uses: docker/setup-buildx-action@v1
+
+      - name: Build
+        uses: docker/build-push-action@v2
+        if: steps.modified_files.outputs.matched == 'true'
+        with:
+          context: .
+          push: false
+          tags: up9inc/mizu:devlatest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -59,6 +59,7 @@ jobs:
          tags: |
            type=raw,${{ steps.versioning.outputs.version }}
            type=raw,value=latest,enable=${{ steps.condval.outputs.value == 'stable' }}
+            type=raw,value=dev-latest,enable=${{ steps.condval.outputs.value == 'dev' }}
          flavor: |
            latest=auto
            prefix=
@@ -145,6 +146,7 @@ jobs:
          tags: |
            type=raw,${{ steps.versioning.outputs.version }}
            type=raw,value=latest,enable=${{ steps.condval.outputs.value == 'stable' }}
+            type=raw,value=dev-latest,enable=${{ steps.condval.outputs.value == 'dev' }}
          flavor: |
            latest=auto
            prefix=
@@ -208,7 +210,7 @@ jobs:
          tags: |
            type=raw,${{ steps.versioning.outputs.version }}
            type=raw,value=latest,enable=${{ steps.condval.outputs.value == 'stable' }}
-
+            type=raw,value=dev-latest,enable=${{ steps.condval.outputs.value == 'dev' }}
      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -19,14 +19,16 @@ jobs:
    name: Unit Tests
    runs-on: ubuntu-latest
    steps:
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 2
+
      - name: Set up Go 1.17
        uses: actions/setup-go@v2
        with:
          go-version: '^1.17'

-      - name: Check out code into the Go module directory
-        uses: actions/checkout@v2
-
      - name: Install libpcap
        shell: bash
        run: |
@@ -40,16 +42,31 @@ jobs:
      - name: 'Set up Cloud SDK'
        uses: 'google-github-actions/setup-gcloud@v0'

+      - name: Check CLI modified files
+        id: cli_modified_files
+        run: devops/check_modified_files.sh cli/
+
      - name: CLI Test
+        if: github.event_name == 'push' || steps.cli_modified_files.outputs.matched == 'true'
        run: make test-cli

+      - name: Check Agent modified files
+        id: agent_modified_files
+        run: devops/check_modified_files.sh agent/
+
      - name: Agent Test
+        if: github.event_name == 'push' || steps.agent_modified_files.outputs.matched == 'true'
        run: make test-agent

      - name: Shared Test
        run: make test-shared
+      
+      - name: Check extensions modified files
+        id: ext_modified_files
+        run: devops/check_modified_files.sh tap/extensions/

      - name: Extensions Test
+        if: github.event_name == 'push' || steps.ext_modified_files.outputs.matched == 'true'
        run: make test-extensions

      - name: Upload coverage to Codecov
--- a/4
+++ b/4
@@ -78,8 +78,8 @@ RUN go build -ldflags="-extldflags=-static -s -w \
    -X 'github.com/up9inc/mizu/agent/pkg/version.Ver=${VER}'" -o mizuagent .

 # Download Basenine executable, verify the sha1sum
-ADD https://github.com/up9inc/basenine/releases/download/v0.5.1/basenine_linux_${GOARCH} ./basenine_linux_${GOARCH}
-ADD https://github.com/up9inc/basenine/releases/download/v0.5.1/basenine_linux_${GOARCH}.sha256 ./basenine_linux_${GOARCH}.sha256
+ADD https://github.com/up9inc/basenine/releases/download/v0.5.4/basenine_linux_${GOARCH} ./basenine_linux_${GOARCH}
+ADD https://github.com/up9inc/basenine/releases/download/v0.5.4/basenine_linux_${GOARCH}.sha256 ./basenine_linux_${GOARCH}.sha256
 RUN shasum -a 256 -c basenine_linux_${GOARCH}.sha256
 RUN chmod +x ./basenine_linux_${GOARCH}
 RUN mv ./basenine_linux_${GOARCH} ./basenine
--- a/7
+++ b/7
@@ -31,9 +31,6 @@ cli: ## Build CLI.
 cli-debug: ## Build CLI.
 	@echo "building cli"; cd cli && $(MAKE) build-debug

-build-cli-ci: ## Build CLI for CI.
-	@echo "building cli for ci"; cd cli && $(MAKE) build GIT_BRANCH=ci SUFFIX=ci
-
 agent: ## Build agent.
 	@(echo "building mizu agent .." )
 	@(cd agent; go build -o build/mizuagent main.go)
@@ -57,10 +54,6 @@ push-docker: ## Build and publish agent docker image.
 	@echo "publishing Docker image .. "
 	devops/build-push-featurebranch.sh

-build-docker-ci: ## Build agent docker image for CI.
-	@echo "building docker image for ci"
-	devops/build-agent-ci.sh
-
 push-cli: ## Build and publish CLI.
 	@echo "publishing CLI .. "
 	@cd cli; $(MAKE) build-all
--- a/README.md
+++ b/README.md
@@ -26,178 +26,17 @@ Think TCPDump and Wireshark re-invented for Kubernetes.

 ![Simple UI](assets/mizu-ui.png)

-## Features
+## Quickstart and documentation

- Simple and powerful CLI
- Monitoring network traffic in real-time. Supported protocols:
-  - [HTTP/1.x](https://datatracker.ietf.org/doc/html/rfc2616) (REST, GraphQL, SOAP, etc.)
-  - [HTTP/2](https://datatracker.ietf.org/doc/html/rfc7540) (gRPC)
-  - [AMQP](https://www.rabbitmq.com/amqp-0-9-1-reference.html) (RabbitMQ, Apache Qpid, etc.)
-  - [Apache Kafka](https://kafka.apache.org/protocol)
-  - [Redis](https://redis.io/topics/protocol)
- Works with Kubernetes APIs. No installation or code instrumentation
- Rich filtering
+You can run Mizu on any Kubernetes cluster (version of 1.16.0 or higher) in a matter of seconds. See the [Mizu Getting Started Guide](https://getmizu.io/docs/) for how.

-## Requirements
+For more comprehensive documentation, start with the [docs](https://getmizu.io/docs/mizu/mizu-cli).

-A Kubernetes server version of 1.16.0 or higher is required.
+## Working in this repo

-## Download
+We ❤️ pull requests! See [CONTRIBUTING.md](docs/CONTRIBUTING.md) for info on contributing changes. <br />
+In the wiki you can find an intorduction to [mizu components](https://github.com/up9inc/mizu/wiki/Introduction-to-Mizu), and [development workflows](https://github.com/up9inc/mizu/wiki/Development-Workflows).

-Download Mizu for your platform and operating system
+## Code of Conduct

-### Latest Stable Release
-
-* for MacOS - Intel 
-```
-curl -Lo mizu \
-https://github.com/up9inc/mizu/releases/latest/download/mizu_darwin_amd64 \
-&& chmod 755 mizu
-```
- 
-* for Linux - Intel 64bit
-```
-curl -Lo mizu \
-https://github.com/up9inc/mizu/releases/latest/download/mizu_linux_amd64 \
-&& chmod 755 mizu
-``` 
-
-SHA256 checksums are available on the [Releases](https://github.com/up9inc/mizu/releases) page
-
-### Development (unstable) Build
-Pick one from the [Releases](https://github.com/up9inc/mizu/releases) page
-
-## How to Run
-
-1. Find pods you'd like to tap to in your Kubernetes cluster
-2. Run `mizu tap` or `mizu tap PODNAME`
-3. Open browser on `http://localhost:8899` **or** as instructed in the CLI
-4. Watch the API traffic flowing
-5. Type ^C to stop
-
-## Examples
-
-Run `mizu help` for usage options
-
-To tap all pods in current namespace - 
-``` 
- $ kubectl get pods 
- NAME                            READY   STATUS    RESTARTS   AGE
- carts-66c77f5fbb-fq65r          2/2     Running   0          20m
- catalogue-5f4cb7cf5-7zrmn       2/2     Running   0          20m
- front-end-649fc5fd6-kqbtn       2/2     Running   0          20m
- ..
-
- $ mizu tap
- +carts-66c77f5fbb-fq65r
- +catalogue-5f4cb7cf5-7zrmn
- +front-end-649fc5fd6-kqbtn
- Web interface is now available at http://localhost:8899
- ^C
-```
-
-
-### To tap specific pod
-```bash
- $ kubectl get pods 
- NAME                            READY   STATUS    RESTARTS   AGE
- front-end-649fc5fd6-kqbtn       2/2     Running   0          7m
- ..
-
- $ mizu tap front-end-649fc5fd6-kqbtn
- +front-end-649fc5fd6-kqbtn
- Web interface is now available at http://localhost:8899
- ^C
-```
-
-### To tap multiple pods using regex
-```bash
- $ kubectl get pods 
- NAME                            READY   STATUS    RESTARTS   AGE
- carts-66c77f5fbb-fq65r          2/2     Running   0          20m
- catalogue-5f4cb7cf5-7zrmn       2/2     Running   0          20m
- front-end-649fc5fd6-kqbtn       2/2     Running   0          20m
- ..
-
- $ mizu tap "^ca.*"
- +carts-66c77f5fbb-fq65r
- +catalogue-5f4cb7cf5-7zrmn
- Web interface is now available at http://localhost:8899
- ^C
-```
-
-## Configuration
-
-Mizu can optionally work with a config file that can be provided as a CLI argument (using `--set config-path=<PATH>`) or if not provided, will be stored at ${HOME}/.mizu/config.yaml 
-In case of partial configuration defined, all other fields will be used with defaults <br />
-You can always override the defaults or config file with CLI flags
-
-To get the default config params run `mizu config` <br />
-To generate a new config file with default values use `mizu config -r`
-
-
-## Advanced Usage
-
-### Kubeconfig
-
-It is possible to change the kubeconfig path using `KUBECONFIG` environment variable or the command like flag
-with `--set kube-config-path=<PATH>`. </br >
-If both are not set - Mizu assumes that configuration is at `${HOME}/.kube/config`
-
-### Namespace-Restricted Mode
-
-Some users have permission to only manage resources in one particular namespace assigned to them
-By default `mizu tap` creates a new namespace `mizu` for all of its Kubernetes resources. In order to instead install
-Mizu in an existing namespace, set the `mizu-resources-namespace` config option
-
-If `mizu-resources-namespace` is set to a value other than the default `mizu`, Mizu will operate in a
-Namespace-Restricted mode. It will only tap pods in `mizu-resources-namespace`. This way Mizu only requires permissions
-to the namespace set by `mizu-resources-namespace`. The user must set the tapped namespace to the same namespace by
-using the `--namespace` flag or by setting `tap.namespaces` in the config file
-
-Setting `mizu-resources-namespace=mizu` resets Mizu to its default behavior
-
-For detailed list of k8s permissions see [PERMISSIONS](docs/PERMISSIONS.md) document
-
-### User agent filtering
-
-User-agent filtering (like health checks) - can be configured using command-line options:
-
-```shell
-$ mizu tap "^ca.*" --set tap.ignored-user-agents=kube-probe --set tap.ignored-user-agents=prometheus
-+carts-66c77f5fbb-fq65r
-+catalogue-5f4cb7cf5-7zrmn
-Web interface is now available at http://localhost:8899
-^C
-
-```
-Any request that contains `User-Agent` header with one of the specified values (`kube-probe` or `prometheus`) will not be captured
-
-### Traffic validation rules
-
-This feature allows you to define set of simple rules, and test the traffic against them.
-Such validation may test response for specific JSON fields, headers, etc.
-
-Please see [TRAFFIC RULES](docs/POLICY_RULES.md) page for more details and syntax.
-
-### OpenAPI Specification (OAS) Contract Monitoring
-
-An OAS/Swagger file can contain schemas under `parameters` and `responses` fields. With `--contract catalogue.yaml`
-CLI option, you can pass your API description to Mizu and the traffic will automatically be validated
-against the contracts.
-
-Please see [CONTRACT MONITORING](docs/CONTRACT_MONITORING.md) page for more details and syntax.
-
-### Configure proxy host 
-
-By default, mizu will be accessible via local host: 'http://localhost:8899', it is possible to change the host, for
-instance, to '0.0.0.0' which can grant access via machine IP address. This setting can be changed via command line
-flag `--set tap.proxy-host=<value>` or via config file:
-tap proxy-host: 0.0.0.0 and when changed it will support accessing by IP
-
-### Install Mizu standalone
-
-Mizu can be run detached from the cli using the install command: `mizu install`. This type of mizu instance will run
-indefinitely in the cluster.
-
-For more information please refer to [INSTALL STANDALONE](docs/INSTALL_STANDALONE.md)
+This project is for everyone. We ask that our users and contributors take a few minutes to review our [Code of Conduct](docs/CODE_OF_CONDUCT.md).
--- a/acceptanceTests/cypress/integration/testHelpers/TrafficHelper.js
+++ b/acceptanceTests/cypress/integration/testHelpers/TrafficHelper.js
@@ -65,14 +65,14 @@ export function checkThatAllEntriesShown() {
 }

 export function checkFilterByMethod(funcDict) {
-    const {protocol, method, summary, hugeMizu} = funcDict;
-    const summaryDict = getSummeryDict(summary);
-    const methodDict = getMethodDict(method);
+    const {protocol, method, methodQuery, summary, summaryQuery} = funcDict;
+    const summaryDict = getSummaryDict(summary, summaryQuery);
+    const methodDict = getMethodDict(method, methodQuery);
    const protocolDict = getProtocolDict(protocol.name, protocol.text);

    it(`Testing the method: ${method}`, function () {
        // applying filter
-        cy.get('.w-tc-editor-text').clear().type(`method == "${method}"`);
+        cy.get('.w-tc-editor-text').clear().type(methodQuery);
        cy.get('[type="submit"]').click();
        cy.get('.w-tc-editor').should('have.attr', 'style').and('include', Cypress.env('greenFilterColor'));

@@ -121,7 +121,7 @@ function resizeIfNeeded(entriesLen) {
 function deepCheck(generalDict, protocolDict, methodDict, entry) {
    const entryNum = getEntryNumById(entry.id);
    const {summary, value} = generalDict;
-    const summaryDict = getSummeryDict(summary);
+    const summaryDict = getSummaryDict(summary);

    leftOnHoverCheck(entryNum, methodDict.pathLeft, methodDict.expectedOnHover);
    leftOnHoverCheck(entryNum, protocolDict.pathLeft, protocolDict.expectedOnHover);
@@ -149,13 +149,13 @@ function deepCheck(generalDict, protocolDict, methodDict, entry) {
    }
 }

-function getSummeryDict(summary) {
-    if (summary) {
+function getSummaryDict(value, query) {
+    if (value) {
        return {
            pathLeft: '> :nth-child(2) > :nth-child(1) > :nth-child(2) > :nth-child(2)',
            pathRight: '> :nth-child(2) > :nth-child(1) > :nth-child(1) > :nth-child(2) > :nth-child(2)',
-            expectedText: summary,
-            expectedOnHover: `summary == "${summary}"`
+            expectedText: value,
+            expectedOnHover: query
        };
    }
    else {
@@ -163,12 +163,12 @@ function getSummeryDict(summary) {
    }
 }

-function getMethodDict(method) {
+function getMethodDict(value, query) {
    return {
        pathLeft: '> :nth-child(2) > :nth-child(1) > :nth-child(1) > :nth-child(2)',
        pathRight: '> :nth-child(2) > :nth-child(1) > :nth-child(1) > :nth-child(1) > :nth-child(2)',
-        expectedText: method,
-        expectedOnHover: `method == "${method}"`
+        expectedText: value,
+        expectedOnHover: query
    };
 }

--- a/acceptanceTests/cypress/integration/tests/Rabbit.js
+++ b/acceptanceTests/cypress/integration/tests/Rabbit.js
@@ -9,41 +9,53 @@ const rabbitProtocolDetails = {name: 'AMQP', text: 'Advanced Message Queuing Pro
 checkFilterByMethod({
    protocol: rabbitProtocolDetails,
    method: 'exchange declare',
+    methodQuery: 'request.method == "exchange declare"',
    summary: 'exchange',
+    summaryQuery: 'request.exchange == "exchange"',
    value: null
 });

 checkFilterByMethod({
    protocol: rabbitProtocolDetails,
    method: 'queue declare',
+    methodQuery: 'request.method == "queue declare"',
    summary: 'queue',
+    summaryQuery: 'request.queue == "queue"',
    value: null
 });

 checkFilterByMethod({
    protocol: rabbitProtocolDetails,
    method:  'queue bind',
+    methodQuery: 'request.method == "queue bind"',
    summary: 'queue',
+    summaryQuery: 'request.queue == "queue"',
    value: null
 });

 checkFilterByMethod({
    protocol: rabbitProtocolDetails,
    method: 'basic publish',
+    methodQuery: 'request.method == "basic publish"',
    summary: 'exchange',
+    summaryQuery: 'request.exchange == "exchange"',
    value: {tab: valueTabs.request, regex: /^message$/mg}
 });

 checkFilterByMethod({
    protocol: rabbitProtocolDetails,
    method:  'basic consume',
+    methodQuery: 'request.method == "basic consume"',
    summary: 'queue',
+    summaryQuery: 'request.queue == "queue"',
    value: null
 });

 checkFilterByMethod({
    protocol: rabbitProtocolDetails,
    method:  'basic deliver',
+    methodQuery: 'request.method == "basic deliver"',
    summary: 'exchange',
+    summaryQuery: 'request.queue == "exchange"',
    value: {tab: valueTabs.request, regex: /^message$/mg}
 });
--- a/acceptanceTests/cypress/integration/tests/Redis.js
+++ b/acceptanceTests/cypress/integration/tests/Redis.js
@@ -9,34 +9,44 @@ const redisProtocolDetails = {name: 'redis', text: 'Redis Serialization Protocol
 checkFilterByMethod({
    protocol: redisProtocolDetails,
    method: 'PING',
+    methodQuery: 'request.command == "PING"',
    summary: null,
+    summaryQuery: '',
    value: null
 })

 checkFilterByMethod({
    protocol: redisProtocolDetails,
    method: 'SET',
+    methodQuery: 'request.command == "SET"',
    summary: 'key',
+    summaryQuery: 'request.key == "key"',
    value: {tab: valueTabs.request, regex: /^\[value, keepttl]$/mg}
 })

 checkFilterByMethod({
    protocol: redisProtocolDetails,
    method: 'EXISTS',
+    methodQuery: 'request.command == "EXISTS"',
    summary: 'key',
+    summaryQuery: 'request.key == "key"',
    value: {tab: valueTabs.response, regex: /^1$/mg}
 })

 checkFilterByMethod({
    protocol: redisProtocolDetails,
    method: 'GET',
+    methodQuery: 'request.command == "GET"',
    summary: 'key',
+    summaryQuery: 'request.key == "key"',
    value: {tab: valueTabs.response, regex: /^value$/mg}
 })

 checkFilterByMethod({
    protocol: redisProtocolDetails,
    method: 'DEL',
+    methodQuery: 'request.command == "DEL"',
    summary: 'key',
+    summaryQuery: 'request.key == "key"',
    value: {tab: valueTabs.response, regex: /^1$|^0$/mg}
 })
--- a/acceptanceTests/cypress/integration/tests/UiTest.js
+++ b/acceptanceTests/cypress/integration/tests/UiTest.js
@@ -113,7 +113,7 @@ if (Cypress.env('shouldCheckSrcAndDest')) {
 }

 checkFilter({
-    name: 'method == "GET"',
+    name: 'request.method == "GET"',
    leftSidePath: '> :nth-child(3) > :nth-child(1) > :nth-child(1) > :nth-child(2)',
    leftSideExpectedText: 'GET',
    rightSidePath: '> :nth-child(2) > :nth-child(2) > :nth-child(1) > :nth-child(1) > :nth-child(2)',
@@ -122,7 +122,7 @@ checkFilter({
 });

 checkFilter({
-    name: 'summary == "/get"',
+    name: 'request.path == "/get"',
    leftSidePath: '> :nth-child(3) > :nth-child(1) > :nth-child(2) > :nth-child(2)',
    leftSideExpectedText: '/get',
    rightSidePath: '> :nth-child(2) > :nth-child(2) > :nth-child(1) > :nth-child(2) > :nth-child(2)',
@@ -139,7 +139,7 @@ checkFilter({
    applyByEnter: false
 });

-checkFilterNoResults('method == "POST"');
+checkFilterNoResults('request.method == "POST"');

 function checkFilterNoResults(filterName) {
    it(`checking the filter: ${filterName}. Expecting no results`, function () {
--- a/acceptanceTests/setup.sh
+++ b/acceptanceTests/setup.sh
@@ -61,10 +61,10 @@ echo "Setting minikube docker env"
 eval $(minikube docker-env)

 echo "Build agent image"
-make build-docker-ci
+docker build -t mizu/ci:0.0 .

 echo "Build cli"
-make build-cli-ci
+cd cli && make build GIT_BRANCH=ci SUFFIX=ci

 echo "Starting tunnel"
 minikube tunnel &
--- a/acceptanceTests/testsUtils.go
+++ b/acceptanceTests/testsUtils.go
@@ -214,7 +214,7 @@ func DeleteKubeFile(kubeContext string, namespace string, filename string) error
 func getDefaultCommandArgs() []string {
 	setFlag := "--set"
 	telemetry := "telemetry=false"
-	agentImage := "agent-image=gcr.io/up9-docker-hub/mizu/ci:0.0"
+	agentImage := "agent-image=mizu/ci:0.0"
 	imagePullPolicy := "image-pull-policy=IfNotPresent"
 	headless := "headless=true"

@@ -265,11 +265,11 @@ func RunCypressTests(t *testing.T, cypressRunCmd string) {
 	t.Logf("%s", out)
 }

-func retriesExecute(retriesCount int, executeFunc func() error) error {
+func RetriesExecute(retriesCount int, executeFunc func() error) error {
 	var lastError interface{}

 	for i := 0; i < retriesCount; i++ {
-		if err := tryExecuteFunc(executeFunc); err != nil {
+		if err := TryExecuteFunc(executeFunc); err != nil {
 			lastError = err

 			time.Sleep(1 * time.Second)
@@ -282,7 +282,7 @@ func retriesExecute(retriesCount int, executeFunc func() error) error {
 	return fmt.Errorf("reached max retries count, retries count: %v, last err: %v", retriesCount, lastError)
 }

-func tryExecuteFunc(executeFunc func() error) (err interface{}) {
+func TryExecuteFunc(executeFunc func() error) (err interface{}) {
 	defer func() {
 		if panicErr := recover(); panicErr != nil {
 			err = panicErr
@@ -308,10 +308,10 @@ func WaitTapPodsReady(apiServerUrl string) error {
 		return nil
 	}

-	return retriesExecute(LongRetriesCount, tapPodsReadyFunc)
+	return RetriesExecute(LongRetriesCount, tapPodsReadyFunc)
 }

-func jsonBytesToInterface(jsonBytes []byte) (interface{}, error) {
+func JsonBytesToInterface(jsonBytes []byte) (interface{}, error) {
 	var result interface{}
 	if parseErr := json.Unmarshal(jsonBytes, &result); parseErr != nil {
 		return nil, parseErr
@@ -334,7 +334,7 @@ func ExecuteHttpRequest(response *http.Response, requestErr error) (interface{},
 		return nil, readErr
 	}

-	return jsonBytesToInterface(data)
+	return JsonBytesToInterface(data)
 }

 func ExecuteHttpGetRequestWithHeaders(url string, headers map[string]string) (interface{}, error) {
--- a/agent/go.mod
+++ b/agent/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/ory/kratos-client-go v0.8.2-alpha.1
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/stretchr/testify v1.7.0
-	github.com/up9inc/basenine/client/go v0.0.0-20220302073458-c32e0adf1500
+	github.com/up9inc/basenine/client/go v0.0.0-20220302182733-74dc40dc2ef0
 	github.com/up9inc/mizu/shared v0.0.0
 	github.com/up9inc/mizu/tap v0.0.0
 	github.com/up9inc/mizu/tap/api v0.0.0
--- a/agent/go.sum
+++ b/agent/go.sum
@@ -859,6 +859,8 @@ github.com/up9inc/basenine/client/go v0.0.0-20220301135911-d2111357b14e h1:nv/A/
 github.com/up9inc/basenine/client/go v0.0.0-20220301135911-d2111357b14e/go.mod h1:SvJGPoa/6erhUQV7kvHBwM/0x5LyO6XaG2lUaCaKiUI=
 github.com/up9inc/basenine/client/go v0.0.0-20220302073458-c32e0adf1500 h1:T1QHxt65NMete/GobVSvcHnwZAQibvahhrMTCgtnSS4=
 github.com/up9inc/basenine/client/go v0.0.0-20220302073458-c32e0adf1500/go.mod h1:SvJGPoa/6erhUQV7kvHBwM/0x5LyO6XaG2lUaCaKiUI=
+github.com/up9inc/basenine/client/go v0.0.0-20220302182733-74dc40dc2ef0 h1:mSqZuJJV4UZyaAoC8x7/AO7DLidlXepFyU18Vm3rFiA=
+github.com/up9inc/basenine/client/go v0.0.0-20220302182733-74dc40dc2ef0/go.mod h1:SvJGPoa/6erhUQV7kvHBwM/0x5LyO6XaG2lUaCaKiUI=
 github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw=
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74 h1:gga7acRE695APm9hlsSMoOoE65U4/TcqNj90mc69Rlg=
 github.com/vishvananda/netns v0.0.0-20211101163701-50045581ed74/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
--- a/agent/main.go
+++ b/agent/main.go
@@ -86,7 +86,7 @@ func hostApi(socketHarOutputChannel chan<- *tapApi.OutputChannelItem) *gin.Engin
 	app := gin.Default()

 	app.GET("/echo", func(c *gin.Context) {
-		c.String(http.StatusOK, "Here is Mizu agent")
+		c.JSON(http.StatusOK, "Here is Mizu agent")
 	})

 	eventHandlers := api.RoutesEventHandlers{
--- a/agent/pkg/api/socket_routes.go
+++ b/agent/pkg/api/socket_routes.go
@@ -17,6 +17,12 @@ import (
 	tapApi "github.com/up9inc/mizu/tap/api"
 )

+var extensionsMap map[string]*tapApi.Extension // global
+
+func InitExtensionsMap(ref map[string]*tapApi.Extension) {
+	extensionsMap = ref
+}
+
 type EventHandlers interface {
 	WebSocketConnect(socketId int, isTapper bool)
 	WebSocketDisconnect(socketId int, isTapper bool)
@@ -165,7 +171,8 @@ func websocketHandler(w http.ResponseWriter, r *http.Request, eventHandlers Even
 					if params.EnableFullEntries {
 						message, _ = models.CreateFullEntryWebSocketMessage(entry)
 					} else {
-						base := tapApi.Summarize(entry)
+						extension := extensionsMap[entry.Protocol.Name]
+						base := extension.Dissector.Summarize(entry)
 						message, _ = models.CreateBaseEntryWebSocketMessage(base)
 					}

--- a/agent/pkg/app/main.go
+++ b/agent/pkg/app/main.go
@@ -60,6 +60,7 @@ func LoadExtensions() {
 	})

 	controllers.InitExtensionsMap(ExtensionsMap)
+	api.InitExtensionsMap(ExtensionsMap)
 }

 func ConfigureBasenineServer(host string, port string, dbSize int64, logLevel logging.Level, insertionFilter string) {
--- a/agent/pkg/controllers/entries_controller.go
+++ b/agent/pkg/controllers/entries_controller.go
@@ -77,7 +77,8 @@ func GetEntries(c *gin.Context) {
 			return // exit
 		}

-		base := tapApi.Summarize(entry)
+		extension := extensionsMap[entry.Protocol.Name]
+		base := extension.Dissector.Summarize(entry)

 		dataSlice = append(dataSlice, base)
 	}
@@ -123,6 +124,7 @@ func GetEntry(c *gin.Context) {
 	}

 	extension := extensionsMap[entry.Protocol.Name]
+	base := extension.Dissector.Summarize(entry)
 	representation, bodySize, _ := extension.Dissector.Represent(entry.Request, entry.Response)

 	var rules []map[string]interface{}
@@ -142,6 +144,7 @@ func GetEntry(c *gin.Context) {
 		Representation: string(representation),
 		BodySize:       bodySize,
 		Data:           entry,
+		Base:           base,
 		Rules:          rules,
 		IsRulesEnabled: isRulesEnabled,
 	})
--- a/agent/pkg/elastic/esClient.go
+++ b/agent/pkg/elastic/esClient.go
@@ -80,11 +80,7 @@ type httpEntry struct {
 	CreatedAt   time.Time              `json:"createdAt"`
 	Request     map[string]interface{} `json:"request"`
 	Response    map[string]interface{} `json:"response"`
-	Summary     string                 `json:"summary"`
-	Method      string                 `json:"method"`
-	Status      int                    `json:"status"`
 	ElapsedTime int64                  `json:"elapsedTime"`
-	Path        string                 `json:"path"`
 }

 func (client *client) PushEntry(entry *api.Entry) {
@@ -103,11 +99,7 @@ func (client *client) PushEntry(entry *api.Entry) {
 		CreatedAt:   entry.StartTime,
 		Request:     entry.Request,
 		Response:    entry.Response,
-		Summary:     entry.Summary,
-		Method:      entry.Method,
-		Status:      entry.Status,
 		ElapsedTime: entry.ElapsedTime,
-		Path:        entry.Path,
 	}

 	entryJson, err := json.Marshal(entryToPush)
--- a/agent/pkg/models/models.go
+++ b/agent/pkg/models/models.go
@@ -12,10 +12,6 @@ import (
 	"github.com/up9inc/mizu/tap"
 )

-func GetEntry(r *tapApi.Entry, v tapApi.DataUnmarshaler) error {
-	return v.UnmarshalData(r)
-}
-
 type TapConfig struct {
 	TappedNamespaces map[string]bool `json:"tappedNamespaces"`
 }
--- a/cli/apiserver/provider.go
+++ b/cli/apiserver/provider.go
@@ -4,11 +4,10 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"io"
+	"github.com/up9inc/mizu/cli/utils"
 	"io/ioutil"
 	"net/http"
 	"net/url"
-	"strings"
 	"time"

 	"github.com/up9inc/mizu/shared/kubernetes"
@@ -59,7 +58,7 @@ func (provider *Provider) TestConnection() error {

 func (provider *Provider) isReachable() (bool, error) {
 	echoUrl := fmt.Sprintf("%s/echo", provider.url)
-	if _, err := provider.get(echoUrl); err != nil {
+	if _, err := utils.Get(echoUrl, provider.client); err != nil {
 		return false, err
 	} else {
 		return true, nil
@@ -72,7 +71,7 @@ func (provider *Provider) ReportTapperStatus(tapperStatus shared.TapperStatus) e
 	if jsonValue, err := json.Marshal(tapperStatus); err != nil {
 		return fmt.Errorf("failed Marshal the tapper status %w", err)
 	} else {
-		if _, err := provider.post(tapperStatusUrl, "application/json", bytes.NewBuffer(jsonValue)); err != nil {
+		if _, err := utils.Post(tapperStatusUrl, "application/json", bytes.NewBuffer(jsonValue), provider.client); err != nil {
 			return fmt.Errorf("failed sending to API server the tapped pods %w", err)
 		} else {
 			logger.Log.Debugf("Reported to server API about tapper status: %v", tapperStatus)
@@ -89,7 +88,7 @@ func (provider *Provider) ReportTappedPods(pods []core.Pod) error {
 	if jsonValue, err := json.Marshal(podInfos); err != nil {
 		return fmt.Errorf("failed Marshal the tapped pods %w", err)
 	} else {
-		if _, err := provider.post(tappedPodsUrl, "application/json", bytes.NewBuffer(jsonValue)); err != nil {
+		if _, err := utils.Post(tappedPodsUrl, "application/json", bytes.NewBuffer(jsonValue), provider.client); err != nil {
 			return fmt.Errorf("failed sending to API server the tapped pods %w", err)
 		} else {
 			logger.Log.Debugf("Reported to server API about %d taped pods successfully", len(podInfos))
@@ -101,7 +100,7 @@ func (provider *Provider) ReportTappedPods(pods []core.Pod) error {
 func (provider *Provider) GetGeneralStats() (map[string]interface{}, error) {
 	generalStatsUrl := fmt.Sprintf("%s/status/general", provider.url)

-	response, requestErr := provider.get(generalStatsUrl)
+	response, requestErr := utils.Get(generalStatsUrl, provider.client)
 	if requestErr != nil {
 		return nil, fmt.Errorf("failed to get general stats for telemetry, err: %w", requestErr)
 	}
@@ -126,7 +125,7 @@ func (provider *Provider) GetVersion() (string, error) {
 		Method: http.MethodGet,
 		URL:    versionUrl,
 	}
-	statusResp, err := provider.do(req)
+	statusResp, err := utils.Do(req, provider.client)
 	if err != nil {
 		return "", err
 	}
@@ -139,40 +138,3 @@ func (provider *Provider) GetVersion() (string, error) {

 	return versionResponse.Ver, nil
 }
-
-// When err is nil, resp always contains a non-nil resp.Body.
-// Caller should close resp.Body when done reading from it.
-func (provider *Provider) get(url string) (*http.Response, error) {
-	return provider.checkError(provider.client.Get(url))
-}
-
-// When err is nil, resp always contains a non-nil resp.Body.
-// Caller should close resp.Body when done reading from it.
-func (provider *Provider) post(url, contentType string, body io.Reader) (*http.Response, error) {
-	return provider.checkError(provider.client.Post(url, contentType, body))
-}
-
-// When err is nil, resp always contains a non-nil resp.Body.
-// Caller should close resp.Body when done reading from it.
-func (provider *Provider) do(req *http.Request) (*http.Response, error) {
-	return provider.checkError(provider.client.Do(req))
-}
-
-func (provider *Provider) checkError(response *http.Response, errInOperation error) (*http.Response, error) {
-	if (errInOperation != nil) {
-		return response, errInOperation
-	// Check only if status != 200 (and not status >= 300). Agent APIs return only 200 on success.
-	} else if response.StatusCode != http.StatusOK {
-		body, err := ioutil.ReadAll(response.Body)
-		response.Body.Close()
-		response.Body = io.NopCloser(bytes.NewBuffer(body)) // rewind
-		if err != nil {
-			return response, err
-		}
-
-		errorMsg := strings.ReplaceAll((string(body)), "\n", ";")
-		return response, fmt.Errorf("got response with status code: %d, body: %s", response.StatusCode, errorMsg)
-	}
-
-	return response, nil
-}
--- a/cli/bucket/provider.go
+++ b/cli/bucket/provider.go
@@ -0,0 +1,42 @@
+package bucket
+
+import (
+	"fmt"
+	"github.com/up9inc/mizu/cli/utils"
+	"io/ioutil"
+	"net/http"
+	"time"
+)
+
+type Provider struct {
+	url     string
+	client  *http.Client
+}
+
+const DefaultTimeout = 2 * time.Second
+
+func NewProvider(url string, timeout time.Duration) *Provider {
+	return &Provider{
+		url:     url,
+		client: &http.Client{
+			Timeout: timeout,
+		},
+	}
+}
+
+func (provider *Provider) GetInstallTemplate(templateName string) (string, error) {
+	url := fmt.Sprintf("%s/%v", provider.url, templateName)
+	response, err := utils.Get(url, provider.client)
+	if err != nil {
+		return "", err
+	}
+
+	defer response.Body.Close()
+
+	installTemplate, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return "", err
+	}
+
+	return string(installTemplate), nil
+}
--- a/cli/cmd/checkRunner.go
+++ b/cli/cmd/checkRunner.go
@@ -65,7 +65,7 @@ func runMizuCheck() {
 func checkKubernetesApi() (*kubernetes.Provider, *semver.SemVersion, bool) {
 	logger.Log.Infof("\nkubernetes-api\n--------------------")

-	kubernetesProvider, err := kubernetes.NewProvider(config.Config.KubeConfigPath())
+	kubernetesProvider, err := kubernetes.NewProvider(config.Config.KubeConfigPath(), config.Config.KubeContext)
 	if err != nil {
 		logger.Log.Errorf("%v can't initialize the client, err: %v", fmt.Sprintf(uiUtils.Red, "✗"), err)
 		return nil, nil, false
--- a/cli/cmd/common.go
+++ b/cli/cmd/common.go
@@ -36,8 +36,8 @@ func startProxyReportErrorIfAny(kubernetesProvider *kubernetes.Provider, ctx con
 		return
 	}

-	apiProvider = apiserver.NewProvider(GetApiServerUrl(port), apiserver.DefaultRetries, apiserver.DefaultTimeout)
-	if err := apiProvider.TestConnection(); err != nil {
+	provider := apiserver.NewProvider(GetApiServerUrl(port), apiserver.DefaultRetries, apiserver.DefaultTimeout)
+	if err := provider.TestConnection(); err != nil {
 		logger.Log.Debugf("Couldn't connect using proxy, stopping proxy and trying to create port-forward")
 		if err := httpServer.Shutdown(ctx); err != nil {
 			logger.Log.Debugf("Error occurred while stopping proxy %v", errormessage.FormatError(err))
@@ -51,8 +51,8 @@ func startProxyReportErrorIfAny(kubernetesProvider *kubernetes.Provider, ctx con
 			return
 		}

-		apiProvider = apiserver.NewProvider(GetApiServerUrl(port), apiserver.DefaultRetries, apiserver.DefaultTimeout)
-		if err := apiProvider.TestConnection(); err != nil {
+		provider = apiserver.NewProvider(GetApiServerUrl(port), apiserver.DefaultRetries, apiserver.DefaultTimeout)
+		if err := provider.TestConnection(); err != nil {
 			logger.Log.Errorf(uiUtils.Error, fmt.Sprintf("Couldn't connect to API server, for more info check logs at %s", fsUtils.GetLogFilePath()))
 			cancel()
 			return
@@ -61,7 +61,7 @@ func startProxyReportErrorIfAny(kubernetesProvider *kubernetes.Provider, ctx con
 }

 func getKubernetesProviderForCli() (*kubernetes.Provider, error) {
-	kubernetesProvider, err := kubernetes.NewProvider(config.Config.KubeConfigPath())
+	kubernetesProvider, err := kubernetes.NewProvider(config.Config.KubeConfigPath(), config.Config.KubeContext)
 	if err != nil {
 		handleKubernetesProviderError(err)
 		return nil, err
--- a/cli/cmd/install.go
+++ b/cli/cmd/install.go
@@ -3,7 +3,6 @@ package cmd
 import (
 	"github.com/spf13/cobra"
 	"github.com/up9inc/mizu/cli/telemetry"
-	"github.com/up9inc/mizu/shared/logger"
 )

 var installCmd = &cobra.Command{
@@ -11,14 +10,7 @@ var installCmd = &cobra.Command{
 	Short: "Installs mizu components",
 	RunE: func(cmd *cobra.Command, args []string) error {
 		go telemetry.ReportRun("install", nil)
-		logger.Log.Infof("This command has been deprecated, please use helm as described below.\n\n")
-
-		logger.Log.Infof("To install stable build of Mizu on your cluster using helm, run the following command:")
-		logger.Log.Infof("    helm install mizu up9mizu --repo https://static.up9.com/mizu/helm --namespace=mizu --create-namespace\n\n")
-
-		logger.Log.Infof("To install development build of Mizu on your cluster using helm, run the following command:")
-		logger.Log.Infof("    helm install mizu up9mizu --repo https://static.up9.com/mizu/helm-develop --namespace=mizu --create-namespace\n")
-
+		runMizuInstall()
 		return nil
 	},
 }
--- a/cli/cmd/installRunner.go
+++ b/cli/cmd/installRunner.go
@@ -0,0 +1,19 @@
+package cmd
+
+import (
+	"fmt"
+	"github.com/up9inc/mizu/cli/bucket"
+	"github.com/up9inc/mizu/cli/config"
+	"github.com/up9inc/mizu/shared/logger"
+)
+
+func runMizuInstall() {
+	bucketProvider := bucket.NewProvider(config.Config.Install.TemplateUrl, bucket.DefaultTimeout)
+	installTemplate, err := bucketProvider.GetInstallTemplate(config.Config.Install.TemplateName)
+	if err != nil {
+		logger.Log.Errorf("Failed getting install template, err: %v", err)
+		return
+	}
+
+	fmt.Print(installTemplate)
+}
--- a/cli/config/configStruct.go
+++ b/cli/config/configStruct.go
@@ -23,6 +23,7 @@ const (
 type ConfigStruct struct {
 	Tap                    configStructs.TapConfig     `yaml:"tap"`
 	Check                  configStructs.CheckConfig   `yaml:"check"`
+	Install                configStructs.InstallConfig `yaml:"install"`
 	Version                configStructs.VersionConfig `yaml:"version"`
 	View                   configStructs.ViewConfig    `yaml:"view"`
 	Logs                   configStructs.LogsConfig    `yaml:"logs"`
@@ -36,6 +37,7 @@ type ConfigStruct struct {
 	Telemetry              bool                        `yaml:"telemetry" default:"true"`
 	DumpLogs               bool                        `yaml:"dump-logs" default:"false"`
 	KubeConfigPathStr      string                      `yaml:"kube-config-path"`
+	KubeContext            string                      `yaml:"kube-context"`
 	ConfigFilePath         string                      `yaml:"config-path,omitempty" readonly:""`
 	HeadlessMode           bool                        `yaml:"headless" default:"false"`
 	LogLevelStr            string                      `yaml:"log-level,omitempty" default:"INFO" readonly:""`
--- a/cli/config/configStructs/installConfig.go
+++ b/cli/config/configStructs/installConfig.go
@@ -0,0 +1,6 @@
+package configStructs
+
+type InstallConfig struct {
+	TemplateUrl  string `yaml:"template-url" default:"https://storage.googleapis.com/static.up9.io/mizu/helm-template"`
+	TemplateName string `yaml:"template-name" default:"helm-template.yaml"`
+}
--- a/cli/go.mod
+++ b/cli/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
 	github.com/spf13/cobra v1.3.0
 	github.com/spf13/pflag v1.0.5
-	github.com/up9inc/basenine/server/lib v0.0.0-20220302073458-c32e0adf1500
+	github.com/up9inc/basenine/server/lib v0.0.0-20220302182733-74dc40dc2ef0
 	github.com/up9inc/mizu/shared v0.0.0
 	github.com/up9inc/mizu/tap/api v0.0.0
 	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8
--- a/cli/go.sum
+++ b/cli/go.sum
@@ -598,10 +598,8 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/up9inc/basenine/server/lib v0.0.0-20220301135911-d2111357b14e h1:kp+03sWT7n46jzm7g8YebjRxRrjZPXzMAeUce7vftTs=
-github.com/up9inc/basenine/server/lib v0.0.0-20220301135911-d2111357b14e/go.mod h1:R9bG4y/iq89jNC0xZ25uKDqenyKFTR3X9acGDOkKWSE=
-github.com/up9inc/basenine/server/lib v0.0.0-20220302073458-c32e0adf1500 h1:PT9v4JUsx1m4X0vj0E8bHOz6hQSzhbYtIq65eDRgHq4=
-github.com/up9inc/basenine/server/lib v0.0.0-20220302073458-c32e0adf1500/go.mod h1:R9bG4y/iq89jNC0xZ25uKDqenyKFTR3X9acGDOkKWSE=
+github.com/up9inc/basenine/server/lib v0.0.0-20220302182733-74dc40dc2ef0 h1:9PQamOq285DyVsRlS4KB/x2+xkr5QlpiT9Y/BPutS4A=
+github.com/up9inc/basenine/server/lib v0.0.0-20220302182733-74dc40dc2ef0/go.mod h1:R9bG4y/iq89jNC0xZ25uKDqenyKFTR3X9acGDOkKWSE=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg=
 github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk=
--- a/cli/utils/httpUtils.go
+++ b/cli/utils/httpUtils.go
@@ -0,0 +1,47 @@
+package utils
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+)
+
+// Get - When err is nil, resp always contains a non-nil resp.Body.
+// Caller should close resp.Body when done reading from it.
+func Get(url string, client *http.Client) (*http.Response, error) {
+	return checkError(client.Get(url))
+}
+
+// Post - When err is nil, resp always contains a non-nil resp.Body.
+// Caller should close resp.Body when done reading from it.
+func Post(url, contentType string, body io.Reader, client *http.Client) (*http.Response, error) {
+	return checkError(client.Post(url, contentType, body))
+}
+
+// Do - When err is nil, resp always contains a non-nil resp.Body.
+// Caller should close resp.Body when done reading from it.
+func Do(req *http.Request, client *http.Client) (*http.Response, error) {
+	return checkError(client.Do(req))
+}
+
+func checkError(response *http.Response, errInOperation error) (*http.Response, error) {
+	if errInOperation != nil {
+		return response, errInOperation
+		// Check only if status != 200 (and not status >= 300). Agent APIs return only 200 on success.
+	} else if response.StatusCode != http.StatusOK {
+		body, err := ioutil.ReadAll(response.Body)
+		response.Body.Close()
+		response.Body = io.NopCloser(bytes.NewBuffer(body)) // rewind
+		if err != nil {
+			return response, err
+		}
+
+		errorMsg := strings.ReplaceAll(string(body), "\n", ";")
+		return response, fmt.Errorf("got response with status code: %d, body: %s", response.StatusCode, errorMsg)
+	}
+
+	return response, nil
+}
--- a/devops/build-agent-ci.sh
+++ b/devops/build-agent-ci.sh
@@ -1,15 +0,0 @@
-#!/bin/bash
-set -e
-
-GCP_PROJECT=up9-docker-hub
-REPOSITORY=gcr.io/$GCP_PROJECT
-SERVER_NAME=mizu
-GIT_BRANCH=ci
-
-DOCKER_REPO=$REPOSITORY/$SERVER_NAME/$GIT_BRANCH
-VER=${VER=0.0}
-
-DOCKER_TAGGED_BUILD="$DOCKER_REPO:$VER"
-
-echo "building $DOCKER_TAGGED_BUILD"
-docker build -t ${DOCKER_TAGGED_BUILD} --build-arg VER=${VER} --build-arg BUILD_TIMESTAMP=${BUILD_TIMESTAMP} --build-arg GIT_BRANCH=${GIT_BRANCH} --build-arg COMMIT_HASH=${COMMIT_HASH} .
--- a/devops/check_modified_files.sh
+++ b/devops/check_modified_files.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+paths_arr=( "$@" )
+
+printf "\n========== List modified files ==========\n"
+echo "$(git diff --name-only HEAD^ HEAD)"
+
+printf "\n========== List paths to match and check existence ==========\n"
+for path in ${paths_arr[*]}
+do
+  if [ -f "$path" ] || [ -d "$path" ]; then
+      echo "$path - found"
+  else
+      echo "$path - does not found - exiting with failure"
+      exit 1
+  fi
+done
+
+printf "\n========== Check paths of modified files ==========\n"
+git diff --name-only HEAD^ HEAD > files.txt
+matched=false
+while IFS= read -r file
+do
+  for path in ${paths_arr[*]}
+  do
+      if [[ $file == $path* ]]; then
+        echo "$file - match path: $path"
+        matched=true
+        break
+      fi
+  done
+  if [[ $matched == true ]]; then
+      break
+  else
+      echo "$file - does not match any given path"
+  fi
+done < files.txt
+
+printf "\n========== Result ==========\n"
+if [[ $matched = true ]]; then
+  echo "match found"
+  echo "::set-output name=matched::true"
+else
+  echo "no match found"
+  echo "::set-output name=matched::false"
+fi
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -1,89 +0,0 @@
-![Mizu: The API Traffic Viewer for Kubernetes](../assets/mizu-logo.svg)
-# Configuration options for Mizu
-
-Mizu has many configuration options and flags that affect its behavior. Their values can be modified via command-line interface or via configuration file. 
-
-The list below covers most useful configuration options.
-
-### Config file
-Mizu behaviour can be modified via YAML configuration file located at `$HOME/.mizu/config.yaml`. 
-
-Default values for the file can be viewed via `mizu config` command.
-
-### Applying config options via command line
-To apply any configuration option via command line, use `--set` following by config option name and value, like in the following example:
-
-```
-mizu tap --set tap.dry-run=true
-```
-
-Please make sure to use full option name (`tap.dry-run` as opposed to `dry-run` only), incl. section (`tap`, in this example)
-
-## General section
-
-* `agent-image` - full path to Mizu container image, in format `full.path.to/your/image:tag`. Default value is set at compilation time to `gcr.io/up9-docker-hub/mizu/<branch>:<version>`
-
-* `dump-logs` - if set to `true`, saves log files for all Mizu components (tapper, api-server, CLI) in a zip file under `$HOME/.mizu`. Default value is `false`
-
-* `image-pull-policy` - container image pull policy for Kubernetes, default value `Always`. Other accepted values are `Never` or `IfNotPresent`. Please mind the implications when changing this.
-
-* `kube-config-path` - path to alternative kubeconfig file to use for all interactions with Kubernetes cluster. By default - `$HOME/.kubeconfig`
-
-* `mizu-resources-namespace` - Kubernetes namespace where all Mizu-related resources are created. Default value `mizu`
-
-* `telemetry` - report anonymous usage statistics. Default value `true`
-
-## section `tap`
-* `namespaces` - list of namespace names, in which pods are tapped. Default value is empty, meaning only pods in the current namespace are tapped. Typically supplied as command line options.
-
-* `all-namespaces` - special flag indicating whether Mizu should search and tap pods, matching the regex, in all namespaces. Default is `false`. Please use with caution, tapping too many pods can affect resource consumption.
-
-* `dry-run` - if true, Mizu will print list of pods matching the supplied (or default) regex and exit without actually tapping the traffic. Default value is `false`. Typically supplied as command-line option `--dry-run`
-
-* `proxy-host` - IP address on which proxy to Mizu API service is launched; should be accessible at `proxy-host:gui-port`. Default value is `127.0.0.1`
-
-* `gui-port` - port on which Mizu GUI is accessible, default value is `8899` (stands for `8899/tcp`)
-
-* `regex` - regular expression used to match pods to tap, when no regex is given in the command line; default value is `.*`, which means `mizu tap` with no additional arguments is runnining as `mizu tap .*` (i.e. tap all pods found in current workspace)
-
-* `no-redact` - instructs Mizu whether to redact certain sensitive fields in the collected traffic. Default value is `false`, i.e. Mizu will replace sentitive data values with *REDACTED* placeholder.
-
-* `ignored-user-agents` - array of strings, describing HTTP *User-Agent* header values to be ignored. Useful to ignore Kubernetes healthcheck and other similar noisy periodic probes. Default value is empty.
-
-* `max-entries-db-size` - maximal size of traffic stored locally in the `mizu-api-server` pod. When this size is reached, older traffic is overwritten with new entries. Default value is `200MB`
- 
-
-### section `tap.api-server-resources`
-Kubernetes request and limit values for the `mizu-api-server` pod.
-Parameters and their default values are same as used natively in Kubernetes pods:
-
-```
-        cpu-limit: 750m
-        memory-limit: 1Gi
-        cpu-requests: 50m
-        memory-requests: 50Mi
-```
-
-### section `tap.tapper-resources`
-Kubernetes request and limit values for the `mizu-tapper` pods (launched via daemonset).
-Parameters and their default values are same as used natively in Kubernetes pods:
-
-```
-        cpu-limit: 750m
-        memory-limit: 1Gi
-        cpu-requests: 50m
-        memory-requests: 50Mi
-```
-
-
--
-
-* `analsys` - enables advanced analysis of collected traffic in the UP9 coud platform. Default value is `false`
-
-* `upload-interval` -  in the *analysis* mode, push traffic to UP9 cloud every `upload-interval` seconds. Default value is `10` seconds
-
-* `ask-upload-confirmation` - request user confirmation when uploading tapped data to UP9 cloud
-
-
-## section `version`
-* `debug`- print additional version and build information when `mizu version` command is invoked. Default value is `false`.
--- a/docs/CONTRACT_MONITORING.md
+++ b/docs/CONTRACT_MONITORING.md
@@ -1,172 +0,0 @@
-# OpenAPI Specification (OAS) Contract Monitoring
-
-An OAS/Swagger file can contain schemas under `parameters` and `responses` fields. With `--contract catalogue.yaml`
-CLI option, you can pass your API description to Mizu and the traffic will automatically be validated
-against the contracts.
-
-Below is an example of an OAS/Swagger file from [Sock Shop](https://microservices-demo.github.io/) microservice demo
-that contains a bunch contracts:
-
-```yaml
-openapi: 3.0.1
-info:
-  title: Catalogue resources
-  version: 1.0.0
-  description: ""
-  license:
-    name: MIT
-    url: http://github.com/gruntjs/grunt/blob/master/LICENSE-MIT
-paths:
-  /catalogue:
-    get:
-      description: Catalogue API
-      operationId: List catalogue
-      responses:
-        200:
-          description: ""
-          content:
-            application/json;charset=UTF-8:
-              schema:
-                type: array
-                items:
-                  $ref: '#/components/schemas/Listresponse'
-  /catalogue/{id}:
-    get:
-      operationId: Get an item
-      parameters:
-      - name: id
-        in: path
-        required: true
-        schema:
-          type: string
-        example: a0a4f044-b040-410d-8ead-4de0446aec7e
-      responses:
-        200:
-          description: ""
-          content:
-            application/json; charset=UTF-8:
-              schema:
-                $ref: '#/components/schemas/Getanitemresponse'
-  /catalogue/size:
-    get:
-      operationId: Get size
-      responses:
-        200:
-          description: ""
-          content:
-            application/json;charset=UTF-8:
-              schema:
-                $ref: '#/components/schemas/Getsizeresponse'
-  /tags:
-    get:
-      operationId: List_
-      responses:
-        200:
-          description: ""
-          content:
-            application/json;charset=UTF-8:
-              schema:
-                $ref: '#/components/schemas/Listresponse3'
-components:
-  schemas:
-    Listresponse:
-      title: List response
-      required:
-      - count
-      - description
-      - id
-      - imageUrl
-      - name
-      - price
-      - tag
-      type: object
-      properties:
-        id:
-          type: string
-        name:
-          type: string
-        description:
-          type: string
-        imageUrl:
-          type: array
-          items:
-            type: string
-        price:
-          type: number
-          format: double
-        count:
-          type: integer
-          format: int32
-        tag:
-          type: array
-          items:
-            type: string
-    Getanitemresponse:
-      title: Get an item response
-      required:
-      - count
-      - description
-      - id
-      - imageUrl
-      - name
-      - price
-      - tag
-      type: object
-      properties:
-        id:
-          type: string
-        name:
-          type: string
-        description:
-          type: string
-        imageUrl:
-          type: array
-          items:
-            type: string
-        price:
-          type: number
-          format: double
-        count:
-          type: integer
-          format: int32
-        tag:
-          type: array
-          items:
-            type: string
-    Getsizeresponse:
-      title: Get size response
-      required:
-      - size
-      type: object
-      properties:
-        size:
-          type: integer
-          format: int32
-    Listresponse3:
-      title: List response3
-      required:
-      - tags
-      type: object
-      properties:
-        tags:
-          type: array
-          items:
-            type: string
-```
-
-Pass it to Mizu through the CLI option: `mizu tap -n sock-shop --contract catalogue.yaml`
-
-Now Mizu will monitor the traffic against these contracts.
-
-If an entry fails to comply with the contract, it's marked with `Breach` notice in the UI.
-The reason of the failure can be seen under the `CONTRACT` tab in the details layout.
-
-### Notes
-
-Make sure that you;
-
- specified the `openapi` version
- specified the `info.version` version in the YAML
- and removed `servers` field from the YAML
-
-Otherwise the OAS file cannot be recognized. (see [this issue](https://github.com/getkin/kin-openapi/issues/356))
--- a/docs/INSTALL_STANDALONE.md
+++ b/docs/INSTALL_STANDALONE.md
@@ -1,74 +0,0 @@
-# Mizu install standalone
-
-Mizu can be run detached from the cli using the install command: `mizu install`. This type of mizu instance will run
-indefinitely in the cluster.
-
-Please note that install standalone requires you to have RBAC creation permissions, see the [permissions](PERMISSIONS.md)
-doc for more details.
-
-```bash
-$ mizu install
-```
-
-## Stop mizu install
-
-To stop the detached mizu instance and clean all cluster side resources, run `mizu clean`
-
-```bash
-$ mizu clean # mizu will continue running in cluster until clean is executed
-  Removing mizu resources
-```
-
-## Expose mizu web app
-
-Mizu could be exposed at a later stage in any of the following ways:
-
-### Using mizu view command
-
-In a machine that can access both the cluster and a browser, you can run `mizu view` command which creates a proxy.
-Besides that, all the regular ways to expose k8s pods are valid.
-
-```bash
-$ mizu view
-  Establishing connection to k8s cluster...
-  Mizu is available at http://localhost:8899
-  ^C
-  ..
-```
-
-### Port Forward
-
-```bash
-$ kubectl port-forward -n mizu deployment/mizu-api-server 8899:8899
-```
-
-### NodePort
-
-```bash
-$ kubectl expose -n mizu deployment mizu-api-server --name mizu-node-port --type NodePort --port 80 --target-port 8899
-```
-
-Mizu's IP is the IP of any node (get the IP with `kubectl get nodes -o wide`) and the port is the target port of the new
-service (`kubectl get services -n mizu mizu-node-port`). Note that this method will expose Mizu to public access if your
-nodes are public.
-
-### LoadBalancer
-
-```bash
-$ kubectl expose deployment -n mizu --port 80 --target-port 8899 mizu-api-server --type=LoadBalancer --name=mizu-lb
-  service/mizu-lb exposed
-  ..
-  
-$ kubectl get services -n mizu
-  NAME              TYPE           CLUSTER-IP       EXTERNAL-IP     PORT(S)        AGE
-  mizu-api-server   ClusterIP      10.107.200.100   <none>          80/TCP         5m5s
-  mizu-lb           LoadBalancer   10.107.200.101   34.77.120.116   80:30141/TCP   76s
-```
-
-Note that `LoadBalancer` services only work on supported clusters (usually cloud providers) and might incur extra costs
-
-If you changed the `mizu-resources-namespace` value, make sure the `-n mizu` flag of the `kubectl expose` command is
-changed to the value of `mizu-resources-namespace`
-
-mizu will now be available both by running `mizu view` or by accessing the `EXTERNAL-IP` of the `mizu-lb` service
-through your browser.
--- a/docs/PERMISSIONS.md
+++ b/docs/PERMISSIONS.md
@@ -1,88 +0,0 @@
-![Mizu: The API Traffic Viewer for Kubernetes](../assets/mizu-logo.svg)
-
-# Kubernetes permissions for MIZU  
-
-This document describes in details all permissions required for full and correct operation of Mizu.
-
-## Editing permissions
-
-During installation, Mizu creates a `ServiceAccount` and the roles it requires. No further action is required.
-However, if there is a need, it is possible to make changes to Mizu permissions.
-
-### Adding permissions on top of Mizu's defaults
-
-Mizu pods use the `ServiceAccount` `mizu-service-account`. Permissions can be added to Mizu by creating `ClusterRoleBindings` and `RoleBindings` that target that `ServiceAccount`.
-
-For example, in order to add a `PodSecurityPolicy` which allows Mizu to run `hostNetwork` and `privileged` pods, create the following resources:
-
-```yaml
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: my-mizu-psp
-spec:
-  hostNetwork: true
-  privileged: true
-  allowedCapabilities:
-    - "*"
-  fsGroup:
-    rule: RunAsAny
-  runAsUser:
-    rule: RunAsAny
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  volumes:
-  - "*"
---
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: my-mizu-clusterrole
-rules:
- apiGroups:
-  - policy
-  resources:
-  - podsecuritypolicies
-  verbs:
-  - use
-  resourceNames:
-  - my-mizu-psp
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: my-mizu-clusterrolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: my-mizu-clusterrole
-subjects:
- kind: ServiceAccount
-  name: mizu-service-account # The service account used by Mizu
-  namespace: mizu
-```
-
-With this setup, when Mizu starts and creates `mizu-service-account`, this account will be subject to `my-mizu-psp` via `my-mizu-clusterrolebinding`.
-When Mizu cleans up resources, the above resources will remain available for future executions.
-
-### Replacing Mizu's default permissions with custom permissions
-
-Mizu does not create its `ServiceAccounts`, `ClusterRoles`, `ClusterRoleBindings`, `Roles` or `RoleBindings` if resources by the same name already exist. In order to replace Mizu's defaults, simply create your resources before running Mizu.
-
-For example, creating a `ClusterRole` by the name of `mizu-cluster-role` before running Mizu will cause Mizu to use that `ClusterRole` instead of the default one created by Mizu.
-
-Notes:
-
-1. The resource names must match Mizu's default names.
-2. User-managed resources must not have the label `app.kubernetes.io/managed-by=mizu`. Remove the label or set it to another value.
-
-## List of permissions
-
-The permissions that are required to run Mizu depend on the configuration.
-By default Mizu requires cluster-wide permissions.
-If these are not available to the user, it is possible to run Mizu in namespace-restricted mode which has a reduced set of requirements.
-This is done by by setting the `mizu-resources-namespace` config option. See [configuration](CONFIGURATION.md) for instructions.
-
-The different requirements are listed in [the permission templates dir](../cli/cmd/permissionFiles)
--- a/docs/POLICY_RULES.md
+++ b/docs/POLICY_RULES.md
@@ -1,75 +0,0 @@
-
-# Traffic validation rules
-
-This feature allows you to define set of simple rules, and test the traffic against them.
-Such validation may test response for specific JSON fields, headers, etc.
-
-## Examples
-
-Example 1: HTTP request (REST API call) that didn't pass validation is highlighted in red
-
-![Simple UI](../assets/validation-example1.png)
-
- - -
-
-Example 2: Details pane shows the validation rule details and whether it passed or failed
-
-![Simple UI](../assets/validation-example2.png)
-
-
-## How to use
-
-To use this feature - create simple rules file (see details below) and pass this file as parameter to `mizu tap` command. For example, if rules are stored in file named `rules.yaml` — run the following command:
-
-```shell
-mizu tap --traffic-validation-file rules.yaml
-```
-
-
-## Rules file structure
-
-The structure of the traffic-validation-file is:
-
-* `name`: string, name of the rule
-* `type`: string, type of the rule, must be `json` or `header` or `slo`
-* `key`: string, [jsonpath](https://code.google.com/archive/p/jsonpath/wikis/Javascript.wiki) used only in `json` or `header` type
-* `value`: string, [regex](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions) used only in `json` or `header` type
-* `service`: string, [regex](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions) service name to filter
-* `path`: string, [regex](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions) URL path to filter
-* `response-time`: integer, time in ms of the expected latency.
-
-
-### For example:
-
-```yaml
-rules:
- name: holy-in-name-property
-  type: json
-  key: "$.name"
-  value: "Holy"
-  service: "catalogue.*"
-  path: "catalogue.*"
- name: content-length-header
-  type: header
-  key: "Content-Le.*"
-  value: "(\\d+(?:\\.\\d+)?)"
- name: latency-test
-  type: slo
-  response-time: 1
-  service: "carts.*"
-```
-
-
-### Explanation:
-
-* First rule `holy-in-name-property`:
-
-  > This rule will be applied to all request made to `catalogue.*` services with `catalogue.*` on the URL path with a json response containing a `$.name` field. If the value of `$.name` is `Holy` than is marked as success, marked as failure otherwise.
-
-* Second rule `content-length-header`:
-
-  > This rule will be applied to all request that has `Content-Le.*` on header. If the value of `Content-Le.*` is `(\\d+(?:\\.\\d+)?)` (number), will be marked as success, marked as failure otherwise.
-
-* Third rule `latency-test`:
-
-  > This rule will be applied to all request made to `carts.*` services. If the latency of the response is greater than `1ms` will be marked as failure, marked as success otherwise.
--- a/docs/SERVICE_MESH.md
+++ b/docs/SERVICE_MESH.md
@@ -1,95 +0,0 @@
-![Mizu: The API Traffic Viewer for Kubernetes](../assets/mizu-logo.svg)
-
-# Service mesh mutual tls (mtls) with Mizu
-
-This document describe how Mizu tapper handles workloads configured with mtls, making the internal traffic between services in a cluster to be encrypted.
-
-The list of service meshes supported by Mizu include:
-
- Istio
- Linkerd (beta)
-
-## Installation
-
-### Optional: Allow source IP resolving in Istio
-
-When using Istio, in order to enable Mizu to reslove source IPs to names, turn on the [use_remote_address](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for) option in Istio sidecar Envoys.
-This setting causes the Envoys to append to `X-Forwarded-For` request header. Mizu in turn uses the `X-Forwarded-For` header to determine the true source IPs.
-One way to turn on the `use_remote_address` HTTP connection manager option is by applying an `EnvoyFilter`:
-
-```yaml
-apiVersion: networking.istio.io/v1alpha3
-kind: EnvoyFilter
-metadata:
-  name: mizu-xff
-  namespace: istio-system # as defined in meshConfig resource.
-spec:
-  configPatches:
-  - applyTo: NETWORK_FILTER
-    match:
-      context: SIDECAR_OUTBOUND # will match outbound listeners in all sidecars
-    patch:
-      operation: MERGE
-      value:
-        typed_config:
-          "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"
-          use_remote_address: true
-```
-
-Save the above text to `mizu-xff-envoyfilter.yaml` and run `kubectl apply -f mizu-xff-envoyfilter.yaml`.
-
-With Istio, mizu does not resolve source IPs for non-HTTP traffic.
-
-## Implementation
-
-### Istio support
-
-#### The connection between Istio and Envoy
-
-In order to implement its service mesh capabilities, [Istio](https://istio.io) uses an [Envoy](https://www.envoyproxy.io) sidecar in front of every pod in the cluster. The Envoy is responsible for the mtls communication, and that's why we are focusing on Envoy proxy.
-
-In the future we might see more players in that field, then we'll have to either add support for each of them or go with a unified eBPF solution.
-
-#### Network namespaces
-
-A [linux network namespace](https://man7.org/linux/man-pages/man7/network_namespaces.7.html) is an isolation that limit the process view of the network. In the container world it used to isolate one container from another. In the Kubernetes world it used to isolate a pod from another. That means that two containers running on the same pod share the same network namespace. A container can reach a container in the same pod by accessing `localhost`.
-
-An Envoy proxy configured with mtls receives the inbound traffic directed to the pod, decrypts it and sends it via `localhost` to the target container.
-
-#### Tapping mtls traffic
-
-In order for Mizu to be able to see the decrypted traffic it needs to listen on the same network namespace of the target pod. Multiple threads of the same process can have different network namespaces.
-
-[gopacket](https://github.com/google/gopacket) uses [libpacp](https://github.com/the-tcpdump-group/libpcap) by default for capturing the traffic. Libpacap doesn't support network namespaces and we can't ask it to listen to traffic on a different namespace. However, we can change the network namespace of the calling thread and then start libpcap to see the traffic on a different namespace.
-
-#### Finding the network namespace of a running process
-
-The network namespace of a running process can be found in `/proc/PID/ns/net` link. Once we have this link, we can ask Linux to change the network namespace of a thread to this one.
-
-This mean that Mizu needs to have access to the `/proc` (procfs) of the running node.
-
-#### Finding the network namespace of a running pod
-
-In order for Mizu to be able to listen to mtls traffic, it needs to get the PIDs of the the running pods, filter them according to the user filters and then start listen to their internal network namespace traffic.
-
-There is no official way in Kubernetes to get from pod to PID. The CRI implementation purposefully doesn't force a pod to be a processes on the host. It can be a Virtual Machine as well like [Kata containers](https://katacontainers.io)
-
-While we can provide a solution for various CRIs (like Docker, Containerd and CRI-O) it's better to have a unified solution. In order to achieve that, Mizu scans all the processes in the host, and finds the Envoy processes using their `/proc/PID/exe` link.
-
-Once Mizu detects an Envoy process, it need to check whether this specific Envoy process is relevant according the user filters. The user filters are a list of `CLUSTER_IPS`. The tapper gets them via the `TapOpts.FilterAuthorities` list.
-
-Istio sends an `INSTANCE_IP` environment variable to every Envoy proxy process. By examining the Envoy process's environment variables we can see whether it's relevant or not. Examining a process environment variables is done by reading the `/proc/PID/envion` file.
-
-#### Edge cases
-
-The method we use to find Envoy processes and correlate them to the cluster IPs may be inaccurate in certain situations. If, for example, a user runs an Envoy process manually, and set its `INSTANCE_IP` environment variable to one of the `CLUSTER_IPS` the tapper gets, then Mizu will capture traffic for it.
-
-## Development
-
-In order to create a service mesh setup for development, follow those steps:
-
-1. Deploy a sample application to a Kubernetes cluster, the sample application needs to make internal service to service calls
-2. SSH to one of the nodes, and run `tcpdump`
-3. Make sure you see the internal service to service calls in a plain text
-4. Deploy a service mesh (Istio, Linkerd) to the cluster - make sure it is attached to all pods of the sample application, and that it is configured with mtls (default)
-5. Run `tcpdump` again, make sure you don't see the internal service to service calls in a plain text
--- a/shared/kubernetes/mizuTapperSyncer.go
+++ b/shared/kubernetes/mizuTapperSyncer.go
@@ -325,15 +325,22 @@ func (tapperSyncer *MizuTapperSyncer) updateMizuTappers() error {
 			tapperSyncer.config.MizuApiFilteringOptions,
 			tapperSyncer.config.LogLevel,
 			tapperSyncer.config.ServiceMesh,
-			tapperSyncer.config.Tls,
-		); err != nil {
+			tapperSyncer.config.Tls); err != nil {
 			return err
 		}
+
 		logger.Log.Debugf("Successfully created %v tappers", len(tapperSyncer.nodeToTappedPodMap))
 	} else {
-		if err := tapperSyncer.kubernetesProvider.RemoveDaemonSet(tapperSyncer.context, tapperSyncer.config.MizuResourcesNamespace, TapperDaemonSetName); err != nil {
+		if err := tapperSyncer.kubernetesProvider.ResetMizuTapperDaemonSet(
+			tapperSyncer.context,
+			tapperSyncer.config.MizuResourcesNamespace,
+			TapperDaemonSetName,
+			tapperSyncer.config.AgentImage,
+			TapperPodName); err != nil {
 			return err
 		}
+
+		logger.Log.Debugf("Successfully reset tapper daemon set")
 	}

 	return nil
--- a/shared/kubernetes/provider.go
+++ b/shared/kubernetes/provider.go
@@ -56,8 +56,8 @@ const (
 	sysfsMountPath   = "/sys"
 )

-func NewProvider(kubeConfigPath string) (*Provider, error) {
-	kubernetesConfig := loadKubernetesConfiguration(kubeConfigPath)
+func NewProvider(kubeConfigPath string, contextName string) (*Provider, error) {
+	kubernetesConfig := loadKubernetesConfiguration(kubeConfigPath, contextName)
 	restClientConfig, err := kubernetesConfig.ClientConfig()
 	if err != nil {
 		if clientcmd.IsEmptyConfig(err) {
@@ -449,9 +449,9 @@ func (provider *Provider) CanI(ctx context.Context, namespace string, resource s
 		Spec: auth.SelfSubjectAccessReviewSpec{
 			ResourceAttributes: &auth.ResourceAttributes{
 				Namespace: namespace,
-				Resource: resource,
-				Verb: verb,
-				Group: group,
+				Resource:  resource,
+				Verb:      verb,
+				Group:     group,
 			},
 		},
 	}
@@ -995,6 +995,55 @@ func (provider *Provider) ApplyMizuTapperDaemonSet(ctx context.Context, namespac
 	return err
 }

+func (provider *Provider) ResetMizuTapperDaemonSet(ctx context.Context, namespace string, daemonSetName string, podImage string, tapperPodName string) error {
+	agentContainer := applyconfcore.Container()
+	agentContainer.WithName(tapperPodName)
+	agentContainer.WithImage(podImage)
+
+	nodeSelectorRequirement := applyconfcore.NodeSelectorRequirement()
+	nodeSelectorRequirement.WithKey("mizu-non-existing-label")
+	nodeSelectorRequirement.WithOperator(core.NodeSelectorOpExists)
+	nodeSelectorTerm := applyconfcore.NodeSelectorTerm()
+	nodeSelectorTerm.WithMatchExpressions(nodeSelectorRequirement)
+	nodeSelector := applyconfcore.NodeSelector()
+	nodeSelector.WithNodeSelectorTerms(nodeSelectorTerm)
+	nodeAffinity := applyconfcore.NodeAffinity()
+	nodeAffinity.WithRequiredDuringSchedulingIgnoredDuringExecution(nodeSelector)
+	affinity := applyconfcore.Affinity()
+	affinity.WithNodeAffinity(nodeAffinity)
+
+	podSpec := applyconfcore.PodSpec()
+	podSpec.WithContainers(agentContainer)
+	podSpec.WithAffinity(affinity)
+
+	podTemplate := applyconfcore.PodTemplateSpec()
+	podTemplate.WithLabels(map[string]string{
+		"app":          tapperPodName,
+		LabelManagedBy: provider.managedBy,
+		LabelCreatedBy: provider.createdBy,
+	})
+	podTemplate.WithSpec(podSpec)
+
+	labelSelector := applyconfmeta.LabelSelector()
+	labelSelector.WithMatchLabels(map[string]string{"app": tapperPodName})
+
+	applyOptions := metav1.ApplyOptions{
+		Force:        true,
+		FieldManager: fieldManagerName,
+	}
+
+	daemonSet := applyconfapp.DaemonSet(daemonSetName, namespace)
+	daemonSet.
+		WithLabels(map[string]string{
+			LabelManagedBy: provider.managedBy,
+			LabelCreatedBy: provider.createdBy,
+		}).
+		WithSpec(applyconfapp.DaemonSetSpec().WithSelector(labelSelector).WithTemplate(podTemplate))
+
+	_, err := provider.clientSet.AppsV1().DaemonSets(namespace).Apply(ctx, daemonSet, applyOptions)
+	return err
+}
+
 func (provider *Provider) listPodsImpl(ctx context.Context, regex *regexp.Regexp, namespaces []string, listOptions metav1.ListOptions) ([]core.Pod, error) {
 	var pods []core.Pod
 	for _, namespace := range namespaces {
@@ -1038,7 +1087,7 @@ func (provider *Provider) ListAllRunningPodsMatchingRegex(ctx context.Context, r
 	return matchingPods, nil
 }

-func(provider *Provider) ListPodsByAppLabel(ctx context.Context, namespaces string, labelName string) ([]core.Pod, error) {
+func (provider *Provider) ListPodsByAppLabel(ctx context.Context, namespaces string, labelName string) ([]core.Pod, error) {
 	pods, err := provider.clientSet.CoreV1().Pods(namespaces).List(ctx, metav1.ListOptions{LabelSelector: fmt.Sprintf("app=%s", labelName)})
 	if err != nil {
 		return nil, err
@@ -1212,7 +1261,7 @@ func ValidateKubernetesVersion(serverVersionSemVer *semver.SemVersion) error {
 	return nil
 }

-func loadKubernetesConfiguration(kubeConfigPath string) clientcmd.ClientConfig {
+func loadKubernetesConfiguration(kubeConfigPath string, context string) clientcmd.ClientConfig {
 	logger.Log.Debugf("Using kube config %s", kubeConfigPath)
 	configPathList := filepath.SplitList(kubeConfigPath)
 	configLoadingRules := &clientcmd.ClientConfigLoadingRules{}
@@ -1221,7 +1270,7 @@ func loadKubernetesConfiguration(kubeConfigPath string) clientcmd.ClientConfig {
 	} else {
 		configLoadingRules.Precedence = configPathList
 	}
-	contextName := ""
+	contextName := context
 	return clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
 		configLoadingRules,
 		&clientcmd.ConfigOverrides{
--- a/tap/api/api.go
+++ b/tap/api/api.go
@@ -100,6 +100,7 @@ type Dissector interface {
 	Ping()
 	Dissect(b *bufio.Reader, isClient bool, tcpID *TcpID, counterPair *CounterPair, superTimer *SuperTimer, superIdentifier *SuperIdentifier, emitter Emitter, options *TrafficFilteringOptions, reqResMatcher RequestResponseMatcher) error
 	Analyze(item *OutputChannelItem, resolvedSource string, resolvedDestination string, namespace string) *Entry
+	Summarize(entry *Entry) *BaseEntry
 	Represent(request map[string]interface{}, response map[string]interface{}) (object []byte, bodySize int64, err error)
 	Macros() map[string]string
 	NewResponseRequestMatcher() RequestResponseMatcher
@@ -135,12 +136,7 @@ type Entry struct {
 	StartTime              time.Time              `json:"startTime"`
 	Request                map[string]interface{} `json:"request"`
 	Response               map[string]interface{} `json:"response"`
-	Summary                string                 `json:"summary"`
-	Method                 string                 `json:"method"`
-	Status                 int                    `json:"status"`
 	ElapsedTime            int64                  `json:"elapsedTime"`
-	Path                   string                 `json:"path"`
-	IsOutgoing             bool                   `json:"isOutgoing,omitempty"`
 	Rules                  ApplicableRules        `json:"rules,omitempty"`
 	ContractStatus         ContractStatus         `json:"contractStatus,omitempty"`
 	ContractRequestReason  string                 `json:"contractRequestReason,omitempty"`
@@ -154,6 +150,7 @@ type EntryWrapper struct {
 	Representation string                   `json:"representation"`
 	BodySize       int64                    `json:"bodySize"`
 	Data           *Entry                   `json:"data"`
+	Base           *BaseEntry               `json:"base"`
 	Rules          []map[string]interface{} `json:"rulesMatched,omitempty"`
 	IsRulesEnabled bool                     `json:"isRulesEnabled"`
 }
@@ -161,11 +158,12 @@ type EntryWrapper struct {
 type BaseEntry struct {
 	Id             uint            `json:"id"`
 	Protocol       Protocol        `json:"proto,omitempty"`
-	Url            string          `json:"url,omitempty"`
-	Path           string          `json:"path,omitempty"`
 	Summary        string          `json:"summary,omitempty"`
-	StatusCode     int             `json:"status"`
+	SummaryQuery   string          `json:"summaryQuery,omitempty"`
+	Status         int             `json:"status"`
+	StatusQuery    string          `json:"statusQuery"`
 	Method         string          `json:"method,omitempty"`
+	MethodQuery    string          `json:"methodQuery,omitempty"`
 	Timestamp      int64           `json:"timestamp,omitempty"`
 	Source         *TCP            `json:"src"`
 	Destination    *TCP            `json:"dst"`
@@ -190,44 +188,6 @@ type Contract struct {
 	Content        string         `json:"content"`
 }

-func Summarize(entry *Entry) *BaseEntry {
-	return &BaseEntry{
-		Id:             entry.Id,
-		Protocol:       entry.Protocol,
-		Path:           entry.Path,
-		Summary:        entry.Summary,
-		StatusCode:     entry.Status,
-		Method:         entry.Method,
-		Timestamp:      entry.Timestamp,
-		Source:         entry.Source,
-		Destination:    entry.Destination,
-		IsOutgoing:     entry.IsOutgoing,
-		Latency:        entry.ElapsedTime,
-		Rules:          entry.Rules,
-		ContractStatus: entry.ContractStatus,
-	}
-}
-
-type DataUnmarshaler interface {
-	UnmarshalData(*Entry) error
-}
-
-func (bed *BaseEntry) UnmarshalData(entry *Entry) error {
-	bed.Protocol = entry.Protocol
-	bed.Id = entry.Id
-	bed.Path = entry.Path
-	bed.Summary = entry.Summary
-	bed.StatusCode = entry.Status
-	bed.Method = entry.Method
-	bed.Timestamp = entry.Timestamp
-	bed.Source = entry.Source
-	bed.Destination = entry.Destination
-	bed.IsOutgoing = entry.IsOutgoing
-	bed.Latency = entry.ElapsedTime
-	bed.ContractStatus = entry.ContractStatus
-	return nil
-}
-
 const (
 	TABLE string = "table"
 	BODY  string = "body"
--- a/tap/extensions/amqp/Makefile
+++ b/tap/extensions/amqp/Makefile
@@ -13,4 +13,4 @@ test-pull-bin:

 test-pull-expect:
 	@mkdir -p expect
-	@[ "${skipexpect}" ] && echo "Skipping downloading expected JSONs" || gsutil  -o 'GSUtil:parallel_process_count=5' -o 'GSUtil:parallel_thread_count=5'  -m cp -r gs://static.up9.io/mizu/test-pcap/expect/amqp/\* expect
+	@[ "${skipexpect}" ] && echo "Skipping downloading expected JSONs" || gsutil  -o 'GSUtil:parallel_process_count=5' -o 'GSUtil:parallel_thread_count=5'  -m cp -r gs://static.up9.io/mizu/test-pcap/expect3/amqp/\* expect
--- a/tap/extensions/amqp/main.go
+++ b/tap/extensions/amqp/main.go
@@ -219,31 +219,6 @@ func (d dissecting) Analyze(item *api.OutputChannelItem, resolvedSource string,
 	request := item.Pair.Request.Payload.(map[string]interface{})
 	reqDetails := request["details"].(map[string]interface{})

-	summary := ""
-	switch request["method"] {
-	case basicMethodMap[40]:
-		summary = reqDetails["exchange"].(string)
-	case basicMethodMap[60]:
-		summary = reqDetails["exchange"].(string)
-	case exchangeMethodMap[10]:
-		summary = reqDetails["exchange"].(string)
-	case queueMethodMap[10]:
-		summary = reqDetails["queue"].(string)
-	case connectionMethodMap[10]:
-		summary = fmt.Sprintf(
-			"%s.%s",
-			strconv.Itoa(int(reqDetails["versionMajor"].(float64))),
-			strconv.Itoa(int(reqDetails["versionMinor"].(float64))),
-		)
-	case connectionMethodMap[50]:
-		summary = reqDetails["replyText"].(string)
-	case queueMethodMap[20]:
-		summary = reqDetails["queue"].(string)
-	case basicMethodMap[20]:
-		summary = reqDetails["queue"].(string)
-	}
-
-	request["url"] = summary
 	reqDetails["method"] = request["method"]
 	return &api.Entry{
 		Protocol: protocol,
@@ -260,17 +235,70 @@ func (d dissecting) Analyze(item *api.OutputChannelItem, resolvedSource string,
 		Namespace:   namespace,
 		Outgoing:    item.ConnectionInfo.IsOutgoing,
 		Request:     reqDetails,
-		Method:      request["method"].(string),
-		Status:      0,
 		Timestamp:   item.Timestamp,
 		StartTime:   item.Pair.Request.CaptureTime,
 		ElapsedTime: 0,
-		Summary:     summary,
-		IsOutgoing:  item.ConnectionInfo.IsOutgoing,
 	}

 }

+func (d dissecting) Summarize(entry *api.Entry) *api.BaseEntry {
+	summary := ""
+	summaryQuery := ""
+	method := entry.Request["method"].(string)
+	methodQuery := fmt.Sprintf(`request.method == "%s"`, method)
+	switch method {
+	case basicMethodMap[40]:
+		summary = entry.Request["exchange"].(string)
+		summaryQuery = fmt.Sprintf(`request.exchange == "%s"`, summary)
+	case basicMethodMap[60]:
+		summary = entry.Request["exchange"].(string)
+		summaryQuery = fmt.Sprintf(`request.exchange == "%s"`, summary)
+	case exchangeMethodMap[10]:
+		summary = entry.Request["exchange"].(string)
+		summaryQuery = fmt.Sprintf(`request.exchange == "%s"`, summary)
+	case queueMethodMap[10]:
+		summary = entry.Request["queue"].(string)
+		summaryQuery = fmt.Sprintf(`request.queue == "%s"`, summary)
+	case connectionMethodMap[10]:
+		versionMajor := int(entry.Request["versionMajor"].(float64))
+		versionMinor := int(entry.Request["versionMinor"].(float64))
+		summary = fmt.Sprintf(
+			"%s.%s",
+			strconv.Itoa(versionMajor),
+			strconv.Itoa(versionMinor),
+		)
+		summaryQuery = fmt.Sprintf(`request.versionMajor == %d and request.versionMinor == %d`, versionMajor, versionMinor)
+	case connectionMethodMap[50]:
+		summary = entry.Request["replyText"].(string)
+		summaryQuery = fmt.Sprintf(`request.replyText == "%s"`, summary)
+	case queueMethodMap[20]:
+		summary = entry.Request["queue"].(string)
+		summaryQuery = fmt.Sprintf(`request.queue == "%s"`, summary)
+	case basicMethodMap[20]:
+		summary = entry.Request["queue"].(string)
+		summaryQuery = fmt.Sprintf(`request.queue == "%s"`, summary)
+	}
+
+	return &api.BaseEntry{
+		Id:             entry.Id,
+		Protocol:       entry.Protocol,
+		Summary:        summary,
+		SummaryQuery:   summaryQuery,
+		Status:         0,
+		StatusQuery:    "",
+		Method:         method,
+		MethodQuery:    methodQuery,
+		Timestamp:      entry.Timestamp,
+		Source:         entry.Source,
+		Destination:    entry.Destination,
+		IsOutgoing:     entry.Outgoing,
+		Latency:        entry.ElapsedTime,
+		Rules:          entry.Rules,
+		ContractStatus: entry.ContractStatus,
+	}
+}
+
 func (d dissecting) Represent(request map[string]interface{}, response map[string]interface{}) (object []byte, bodySize int64, err error) {
 	bodySize = 0
 	representation := make(map[string]interface{})
--- a/tap/extensions/amqp/main_test.go
+++ b/tap/extensions/amqp/main_test.go
@@ -21,14 +21,16 @@ import (
 const (
 	binDir          = "bin"
 	patternBin      = "*_req.bin"
-	patternDissect  = "*.json"
+	patternExpect   = "*.json"
 	msgDissecting   = "Dissecting:"
 	msgAnalyzing    = "Analyzing:"
+	msgSummarizing  = "Summarizing:"
 	msgRepresenting = "Representing:"
 	respSuffix      = "_res.bin"
 	expectDir       = "expect"
 	dissectDir      = "dissect"
 	analyzeDir      = "analyze"
+	summarizeDir    = "summarize"
 	representDir    = "represent"
 	testUpdate      = "TEST_UPDATE"
 )
@@ -186,7 +188,7 @@ func TestAnalyze(t *testing.T) {
 	}

 	dissector := NewDissector()
-	paths, err := filepath.Glob(path.Join(expectDirDissect, patternDissect))
+	paths, err := filepath.Glob(path.Join(expectDirDissect, patternExpect))
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -230,6 +232,63 @@ func TestAnalyze(t *testing.T) {
 	}
 }

+func TestSummarize(t *testing.T) {
+	_, testUpdateEnabled := os.LookupEnv(testUpdate)
+
+	expectDirAnalyze := path.Join(expectDir, analyzeDir)
+	expectDirSummarize := path.Join(expectDir, summarizeDir)
+
+	if testUpdateEnabled {
+		os.RemoveAll(expectDirSummarize)
+		err := os.MkdirAll(expectDirSummarize, 0775)
+		assert.Nil(t, err)
+	}
+
+	dissector := NewDissector()
+	paths, err := filepath.Glob(path.Join(expectDirAnalyze, patternExpect))
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, _path := range paths {
+		fmt.Printf("%s %s\n", msgSummarizing, _path)
+
+		bytes, err := ioutil.ReadFile(_path)
+		assert.Nil(t, err)
+
+		var entries []*api.Entry
+		err = json.Unmarshal(bytes, &entries)
+		assert.Nil(t, err)
+
+		var baseEntries []*api.BaseEntry
+		for _, entry := range entries {
+			baseEntry := dissector.Summarize(entry)
+			baseEntries = append(baseEntries, baseEntry)
+		}
+
+		pathExpect := path.Join(expectDirSummarize, filepath.Base(_path))
+
+		marshaled, err := json.Marshal(baseEntries)
+		assert.Nil(t, err)
+
+		if testUpdateEnabled {
+			if len(baseEntries) > 0 {
+				err = os.WriteFile(pathExpect, marshaled, 0644)
+				assert.Nil(t, err)
+			}
+		} else {
+			if _, err := os.Stat(pathExpect); errors.Is(err, os.ErrNotExist) {
+				assert.Len(t, entries, 0)
+			} else {
+				expectedBytes, err := ioutil.ReadFile(pathExpect)
+				assert.Nil(t, err)
+
+				assert.JSONEq(t, string(expectedBytes), string(marshaled))
+			}
+		}
+	}
+}
+
 func TestRepresent(t *testing.T) {
 	_, testUpdateEnabled := os.LookupEnv(testUpdate)

@@ -243,7 +302,7 @@ func TestRepresent(t *testing.T) {
 	}

 	dissector := NewDissector()
-	paths, err := filepath.Glob(path.Join(expectDirAnalyze, patternDissect))
+	paths, err := filepath.Glob(path.Join(expectDirAnalyze, patternExpect))
 	if err != nil {
 		log.Fatal(err)
 	}
--- a/tap/extensions/http/Makefile
+++ b/tap/extensions/http/Makefile
@@ -13,4 +13,4 @@ test-pull-bin:

 test-pull-expect:
 	@mkdir -p expect
-	@[ "${skipexpect}" ] && echo "Skipping downloading expected JSONs" || gsutil  -o 'GSUtil:parallel_process_count=5' -o 'GSUtil:parallel_thread_count=5'  -m cp -r gs://static.up9.io/mizu/test-pcap/expect2/http/\* expect
+	@[ "${skipexpect}" ] && echo "Skipping downloading expected JSONs" || gsutil  -o 'GSUtil:parallel_process_count=5' -o 'GSUtil:parallel_thread_count=5'  -m cp -r gs://static.up9.io/mizu/test-pcap/expect3/http/\* expect
--- a/tap/extensions/http/main.go
+++ b/tap/extensions/http/main.go
@@ -231,7 +231,6 @@ func (d dissecting) Analyze(item *api.OutputChannelItem, resolvedSource string,
 	reqDetails["targetUri"] = reqDetails["url"]
 	reqDetails["path"] = path
 	reqDetails["pathSegments"] = strings.Split(path, "/")[1:]
-	reqDetails["summary"] = path

 	// Rearrange the maps for the querying
 	reqDetails["_headers"] = reqDetails["headers"]
@@ -248,17 +247,11 @@ func (d dissecting) Analyze(item *api.OutputChannelItem, resolvedSource string,
 	reqDetails["_queryStringMerged"] = mapSliceMergeRepeatedKeys(reqDetails["_queryString"].([]interface{}))
 	reqDetails["queryString"] = mapSliceRebuildAsMap(reqDetails["_queryStringMerged"].([]interface{}))

-	method := reqDetails["method"].(string)
 	statusCode := int(resDetails["status"].(float64))
 	if item.Protocol.Abbreviation == "gRPC" {
 		resDetails["statusText"] = grpcStatusCodes[statusCode]
 	}

-	if item.Protocol.Version == "2.0" && !isRequestUpgradedH2C {
-		reqDetails["url"] = path
-		request["url"] = path
-	}
-
 	elapsedTime := item.Pair.Response.CaptureTime.Sub(item.Pair.Request.CaptureTime).Round(time.Millisecond).Milliseconds()
 	if elapsedTime < 0 {
 		elapsedTime = 0
@@ -280,17 +273,40 @@ func (d dissecting) Analyze(item *api.OutputChannelItem, resolvedSource string,
 		Outgoing:    item.ConnectionInfo.IsOutgoing,
 		Request:     reqDetails,
 		Response:    resDetails,
-		Method:      method,
-		Status:      statusCode,
 		Timestamp:   item.Timestamp,
 		StartTime:   item.Pair.Request.CaptureTime,
 		ElapsedTime: elapsedTime,
-		Summary:     path,
-		IsOutgoing:  item.ConnectionInfo.IsOutgoing,
 		HTTPPair:    string(httpPair),
 	}
 }

+func (d dissecting) Summarize(entry *api.Entry) *api.BaseEntry {
+	summary := entry.Request["path"].(string)
+	summaryQuery := fmt.Sprintf(`request.path == "%s"`, summary)
+	method := entry.Request["method"].(string)
+	methodQuery := fmt.Sprintf(`request.method == "%s"`, method)
+	status := int(entry.Response["status"].(float64))
+	statusQuery := fmt.Sprintf(`response.status == %d`, status)
+
+	return &api.BaseEntry{
+		Id:             entry.Id,
+		Protocol:       entry.Protocol,
+		Summary:        summary,
+		SummaryQuery:   summaryQuery,
+		Status:         status,
+		StatusQuery:    statusQuery,
+		Method:         method,
+		MethodQuery:    methodQuery,
+		Timestamp:      entry.Timestamp,
+		Source:         entry.Source,
+		Destination:    entry.Destination,
+		IsOutgoing:     entry.Outgoing,
+		Latency:        entry.ElapsedTime,
+		Rules:          entry.Rules,
+		ContractStatus: entry.ContractStatus,
+	}
+}
+
 func representRequest(request map[string]interface{}) (repRequest []interface{}) {
 	details, _ := json.Marshal([]api.TableData{
 		{
--- a/tap/extensions/http/main_test.go
+++ b/tap/extensions/http/main_test.go
@@ -21,14 +21,16 @@ import (
 const (
 	binDir          = "bin"
 	patternBin      = "*_req.bin"
-	patternDissect  = "*.json"
+	patternExpect   = "*.json"
 	msgDissecting   = "Dissecting:"
 	msgAnalyzing    = "Analyzing:"
+	msgSummarizing  = "Summarizing:"
 	msgRepresenting = "Representing:"
 	respSuffix      = "_res.bin"
 	expectDir       = "expect"
 	dissectDir      = "dissect"
 	analyzeDir      = "analyze"
+	summarizeDir    = "summarize"
 	representDir    = "represent"
 	testUpdate      = "TEST_UPDATE"
 )
@@ -188,7 +190,7 @@ func TestAnalyze(t *testing.T) {
 	}

 	dissector := NewDissector()
-	paths, err := filepath.Glob(path.Join(expectDirDissect, patternDissect))
+	paths, err := filepath.Glob(path.Join(expectDirDissect, patternExpect))
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -232,6 +234,63 @@ func TestAnalyze(t *testing.T) {
 	}
 }

+func TestSummarize(t *testing.T) {
+	_, testUpdateEnabled := os.LookupEnv(testUpdate)
+
+	expectDirAnalyze := path.Join(expectDir, analyzeDir)
+	expectDirSummarize := path.Join(expectDir, summarizeDir)
+
+	if testUpdateEnabled {
+		os.RemoveAll(expectDirSummarize)
+		err := os.MkdirAll(expectDirSummarize, 0775)
+		assert.Nil(t, err)
+	}
+
+	dissector := NewDissector()
+	paths, err := filepath.Glob(path.Join(expectDirAnalyze, patternExpect))
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, _path := range paths {
+		fmt.Printf("%s %s\n", msgSummarizing, _path)
+
+		bytes, err := ioutil.ReadFile(_path)
+		assert.Nil(t, err)
+
+		var entries []*api.Entry
+		err = json.Unmarshal(bytes, &entries)
+		assert.Nil(t, err)
+
+		var baseEntries []*api.BaseEntry
+		for _, entry := range entries {
+			baseEntry := dissector.Summarize(entry)
+			baseEntries = append(baseEntries, baseEntry)
+		}
+
+		pathExpect := path.Join(expectDirSummarize, filepath.Base(_path))
+
+		marshaled, err := json.Marshal(baseEntries)
+		assert.Nil(t, err)
+
+		if testUpdateEnabled {
+			if len(baseEntries) > 0 {
+				err = os.WriteFile(pathExpect, marshaled, 0644)
+				assert.Nil(t, err)
+			}
+		} else {
+			if _, err := os.Stat(pathExpect); errors.Is(err, os.ErrNotExist) {
+				assert.Len(t, entries, 0)
+			} else {
+				expectedBytes, err := ioutil.ReadFile(pathExpect)
+				assert.Nil(t, err)
+
+				assert.JSONEq(t, string(expectedBytes), string(marshaled))
+			}
+		}
+	}
+}
+
 func TestRepresent(t *testing.T) {
 	_, testUpdateEnabled := os.LookupEnv(testUpdate)

@@ -245,7 +304,7 @@ func TestRepresent(t *testing.T) {
 	}

 	dissector := NewDissector()
-	paths, err := filepath.Glob(path.Join(expectDirAnalyze, patternDissect))
+	paths, err := filepath.Glob(path.Join(expectDirAnalyze, patternExpect))
 	if err != nil {
 		log.Fatal(err)
 	}
--- a/tap/extensions/kafka/Makefile
+++ b/tap/extensions/kafka/Makefile
@@ -13,4 +13,4 @@ test-pull-bin:

 test-pull-expect:
 	@mkdir -p expect
-	@[ "${skipexpect}" ] && echo "Skipping downloading expected JSONs" || gsutil  -o 'GSUtil:parallel_process_count=5' -o 'GSUtil:parallel_thread_count=5'  -m cp -r gs://static.up9.io/mizu/test-pcap/expect/kafka/\* expect
+	@[ "${skipexpect}" ] && echo "Skipping downloading expected JSONs" || gsutil  -o 'GSUtil:parallel_process_count=5' -o 'GSUtil:parallel_thread_count=5'  -m cp -r gs://static.up9.io/mizu/test-pcap/expect3/kafka/\* expect
--- a/tap/extensions/kafka/main.go
+++ b/tap/extensions/kafka/main.go
@@ -61,83 +61,7 @@ func (d dissecting) Dissect(b *bufio.Reader, isClient bool, tcpID *api.TcpID, co
 func (d dissecting) Analyze(item *api.OutputChannelItem, resolvedSource string, resolvedDestination string, namespace string) *api.Entry {
 	request := item.Pair.Request.Payload.(map[string]interface{})
 	reqDetails := request["details"].(map[string]interface{})
-	apiKey := ApiKey(reqDetails["apiKey"].(float64))

-	summary := ""
-	switch apiKey {
-	case Metadata:
-		_topics := reqDetails["payload"].(map[string]interface{})["topics"]
-		if _topics == nil {
-			break
-		}
-		topics := _topics.([]interface{})
-		for _, topic := range topics {
-			summary += fmt.Sprintf("%s, ", topic.(map[string]interface{})["name"].(string))
-		}
-		if len(summary) > 0 {
-			summary = summary[:len(summary)-2]
-		}
-	case ApiVersions:
-		summary = reqDetails["clientID"].(string)
-	case Produce:
-		_topics := reqDetails["payload"].(map[string]interface{})["topicData"]
-		if _topics == nil {
-			break
-		}
-		topics := _topics.([]interface{})
-		for _, topic := range topics {
-			summary += fmt.Sprintf("%s, ", topic.(map[string]interface{})["topic"].(string))
-		}
-		if len(summary) > 0 {
-			summary = summary[:len(summary)-2]
-		}
-	case Fetch:
-		_topics := reqDetails["payload"].(map[string]interface{})["topics"]
-		if _topics == nil {
-			break
-		}
-		topics := _topics.([]interface{})
-		for _, topic := range topics {
-			summary += fmt.Sprintf("%s, ", topic.(map[string]interface{})["topic"].(string))
-		}
-		if len(summary) > 0 {
-			summary = summary[:len(summary)-2]
-		}
-	case ListOffsets:
-		_topics := reqDetails["payload"].(map[string]interface{})["topics"]
-		if _topics == nil {
-			break
-		}
-		topics := _topics.([]interface{})
-		for _, topic := range topics {
-			summary += fmt.Sprintf("%s, ", topic.(map[string]interface{})["name"].(string))
-		}
-		if len(summary) > 0 {
-			summary = summary[:len(summary)-2]
-		}
-	case CreateTopics:
-		_topics := reqDetails["payload"].(map[string]interface{})["topics"]
-		if _topics == nil {
-			break
-		}
-		topics := _topics.([]interface{})
-		for _, topic := range topics {
-			summary += fmt.Sprintf("%s, ", topic.(map[string]interface{})["name"].(string))
-		}
-		if len(summary) > 0 {
-			summary = summary[:len(summary)-2]
-		}
-	case DeleteTopics:
-		if reqDetails["topicNames"] == nil {
-			break
-		}
-		topicNames := reqDetails["topicNames"].([]string)
-		for _, name := range topicNames {
-			summary += fmt.Sprintf("%s, ", name)
-		}
-	}
-
-	request["url"] = summary
 	elapsedTime := item.Pair.Response.CaptureTime.Sub(item.Pair.Request.CaptureTime).Round(time.Millisecond).Milliseconds()
 	if elapsedTime < 0 {
 		elapsedTime = 0
@@ -158,13 +82,127 @@ func (d dissecting) Analyze(item *api.OutputChannelItem, resolvedSource string,
 		Outgoing:    item.ConnectionInfo.IsOutgoing,
 		Request:     reqDetails,
 		Response:    item.Pair.Response.Payload.(map[string]interface{})["details"].(map[string]interface{}),
-		Method:      apiNames[apiKey],
-		Status:      0,
 		Timestamp:   item.Timestamp,
 		StartTime:   item.Pair.Request.CaptureTime,
 		ElapsedTime: elapsedTime,
-		Summary:     summary,
-		IsOutgoing:  item.ConnectionInfo.IsOutgoing,
+	}
+}
+
+func (d dissecting) Summarize(entry *api.Entry) *api.BaseEntry {
+	status := 0
+	statusQuery := ""
+
+	apiKey := ApiKey(entry.Request["apiKey"].(float64))
+	method := apiNames[apiKey]
+	methodQuery := fmt.Sprintf("request.apiKey == %d", int(entry.Request["apiKey"].(float64)))
+
+	summary := ""
+	summaryQuery := ""
+	switch apiKey {
+	case Metadata:
+		_topics := entry.Request["payload"].(map[string]interface{})["topics"]
+		if _topics == nil {
+			break
+		}
+		topics := _topics.([]interface{})
+		for i, topic := range topics {
+			summary += fmt.Sprintf("%s, ", topic.(map[string]interface{})["name"].(string))
+			summaryQuery += fmt.Sprintf(`request.payload.topics[%d].name == "%s" and`, i, summary)
+		}
+		if len(summary) > 0 {
+			summary = summary[:len(summary)-2]
+			summaryQuery = summaryQuery[:len(summaryQuery)-4]
+		}
+	case ApiVersions:
+		summary = entry.Request["clientID"].(string)
+		summaryQuery = fmt.Sprintf(`request.clientID == "%s"`, summary)
+	case Produce:
+		_topics := entry.Request["payload"].(map[string]interface{})["topicData"]
+		if _topics == nil {
+			break
+		}
+		topics := _topics.([]interface{})
+		for i, topic := range topics {
+			summary += fmt.Sprintf("%s, ", topic.(map[string]interface{})["topic"].(string))
+			summaryQuery += fmt.Sprintf(`request.payload.topicData[%d].topic == "%s" and`, i, summary)
+		}
+		if len(summary) > 0 {
+			summary = summary[:len(summary)-2]
+			summaryQuery = summaryQuery[:len(summaryQuery)-4]
+		}
+	case Fetch:
+		_topics := entry.Request["payload"].(map[string]interface{})["topics"]
+		if _topics == nil {
+			break
+		}
+		topics := _topics.([]interface{})
+		for i, topic := range topics {
+			summary += fmt.Sprintf("%s, ", topic.(map[string]interface{})["topic"].(string))
+			summaryQuery += fmt.Sprintf(`request.payload.topics[%d].topic == "%s" and`, i, summary)
+		}
+		if len(summary) > 0 {
+			summary = summary[:len(summary)-2]
+			summaryQuery = summaryQuery[:len(summaryQuery)-4]
+		}
+	case ListOffsets:
+		_topics := entry.Request["payload"].(map[string]interface{})["topics"]
+		if _topics == nil {
+			break
+		}
+		topics := _topics.([]interface{})
+		for i, topic := range topics {
+			summary += fmt.Sprintf("%s, ", topic.(map[string]interface{})["name"].(string))
+			summaryQuery += fmt.Sprintf(`request.payload.topics[%d].name == "%s" and`, i, summary)
+		}
+		if len(summary) > 0 {
+			summary = summary[:len(summary)-2]
+			summaryQuery = summaryQuery[:len(summaryQuery)-4]
+		}
+	case CreateTopics:
+		_topics := entry.Request["payload"].(map[string]interface{})["topics"]
+		if _topics == nil {
+			break
+		}
+		topics := _topics.([]interface{})
+		for i, topic := range topics {
+			summary += fmt.Sprintf("%s, ", topic.(map[string]interface{})["name"].(string))
+			summaryQuery += fmt.Sprintf(`request.payload.topics[%d].name == "%s" and`, i, summary)
+		}
+		if len(summary) > 0 {
+			summary = summary[:len(summary)-2]
+			summaryQuery = summaryQuery[:len(summaryQuery)-4]
+		}
+	case DeleteTopics:
+		if entry.Request["topicNames"] == nil {
+			break
+		}
+		topicNames := entry.Request["topicNames"].([]string)
+		for i, name := range topicNames {
+			summary += fmt.Sprintf("%s, ", name)
+			summaryQuery += fmt.Sprintf(`request.topicNames[%d] == "%s" and`, i, summary)
+		}
+		if len(summary) > 0 {
+			summary = summary[:len(summary)-2]
+			summaryQuery = summaryQuery[:len(summaryQuery)-4]
+		}
+	}
+
+	return &api.BaseEntry{
+		Id:             entry.Id,
+		Protocol:       entry.Protocol,
+		Summary:        summary,
+		SummaryQuery:   summaryQuery,
+		Status:         status,
+		StatusQuery:    statusQuery,
+		Method:         method,
+		MethodQuery:    methodQuery,
+		Timestamp:      entry.Timestamp,
+		Source:         entry.Source,
+		Destination:    entry.Destination,
+		IsOutgoing:     entry.Outgoing,
+		Latency:        entry.ElapsedTime,
+		Rules:          entry.Rules,
+		ContractStatus: entry.ContractStatus,
 	}
 }

--- a/tap/extensions/kafka/main_test.go
+++ b/tap/extensions/kafka/main_test.go
@@ -21,14 +21,16 @@ import (
 const (
 	binDir          = "bin"
 	patternBin      = "*_req.bin"
-	patternDissect  = "*.json"
+	patternExpect   = "*.json"
 	msgDissecting   = "Dissecting:"
 	msgAnalyzing    = "Analyzing:"
+	msgSummarizing  = "Summarizing:"
 	msgRepresenting = "Representing:"
 	respSuffix      = "_res.bin"
 	expectDir       = "expect"
 	dissectDir      = "dissect"
 	analyzeDir      = "analyze"
+	summarizeDir    = "summarize"
 	representDir    = "represent"
 	testUpdate      = "TEST_UPDATE"
 )
@@ -187,7 +189,7 @@ func TestAnalyze(t *testing.T) {
 	}

 	dissector := NewDissector()
-	paths, err := filepath.Glob(path.Join(expectDirDissect, patternDissect))
+	paths, err := filepath.Glob(path.Join(expectDirDissect, patternExpect))
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -231,6 +233,63 @@ func TestAnalyze(t *testing.T) {
 	}
 }

+func TestSummarize(t *testing.T) {
+	_, testUpdateEnabled := os.LookupEnv(testUpdate)
+
+	expectDirAnalyze := path.Join(expectDir, analyzeDir)
+	expectDirSummarize := path.Join(expectDir, summarizeDir)
+
+	if testUpdateEnabled {
+		os.RemoveAll(expectDirSummarize)
+		err := os.MkdirAll(expectDirSummarize, 0775)
+		assert.Nil(t, err)
+	}
+
+	dissector := NewDissector()
+	paths, err := filepath.Glob(path.Join(expectDirAnalyze, patternExpect))
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, _path := range paths {
+		fmt.Printf("%s %s\n", msgSummarizing, _path)
+
+		bytes, err := ioutil.ReadFile(_path)
+		assert.Nil(t, err)
+
+		var entries []*api.Entry
+		err = json.Unmarshal(bytes, &entries)
+		assert.Nil(t, err)
+
+		var baseEntries []*api.BaseEntry
+		for _, entry := range entries {
+			baseEntry := dissector.Summarize(entry)
+			baseEntries = append(baseEntries, baseEntry)
+		}
+
+		pathExpect := path.Join(expectDirSummarize, filepath.Base(_path))
+
+		marshaled, err := json.Marshal(baseEntries)
+		assert.Nil(t, err)
+
+		if testUpdateEnabled {
+			if len(baseEntries) > 0 {
+				err = os.WriteFile(pathExpect, marshaled, 0644)
+				assert.Nil(t, err)
+			}
+		} else {
+			if _, err := os.Stat(pathExpect); errors.Is(err, os.ErrNotExist) {
+				assert.Len(t, entries, 0)
+			} else {
+				expectedBytes, err := ioutil.ReadFile(pathExpect)
+				assert.Nil(t, err)
+
+				assert.JSONEq(t, string(expectedBytes), string(marshaled))
+			}
+		}
+	}
+}
+
 func TestRepresent(t *testing.T) {
 	_, testUpdateEnabled := os.LookupEnv(testUpdate)

@@ -244,7 +303,7 @@ func TestRepresent(t *testing.T) {
 	}

 	dissector := NewDissector()
-	paths, err := filepath.Glob(path.Join(expectDirAnalyze, patternDissect))
+	paths, err := filepath.Glob(path.Join(expectDirAnalyze, patternExpect))
 	if err != nil {
 		log.Fatal(err)
 	}
--- a/tap/extensions/redis/Makefile
+++ b/tap/extensions/redis/Makefile
@@ -13,4 +13,4 @@ test-pull-bin:

 test-pull-expect:
 	@mkdir -p expect
-	@[ "${skipexpect}" ] && echo "Skipping downloading expected JSONs" || gsutil  -o 'GSUtil:parallel_process_count=5' -o 'GSUtil:parallel_thread_count=5'  -m cp -r gs://static.up9.io/mizu/test-pcap/expect/redis/\* expect
+	@[ "${skipexpect}" ] && echo "Skipping downloading expected JSONs" || gsutil  -o 'GSUtil:parallel_process_count=5' -o 'GSUtil:parallel_thread_count=5'  -m cp -r gs://static.up9.io/mizu/test-pcap/expect3/redis/\* expect
--- a/tap/extensions/redis/main.go
+++ b/tap/extensions/redis/main.go
@@ -65,17 +65,6 @@ func (d dissecting) Analyze(item *api.OutputChannelItem, resolvedSource string,
 	reqDetails := request["details"].(map[string]interface{})
 	resDetails := response["details"].(map[string]interface{})

-	method := ""
-	if reqDetails["command"] != nil {
-		method = reqDetails["command"].(string)
-	}
-
-	summary := ""
-	if reqDetails["key"] != nil {
-		summary = reqDetails["key"].(string)
-	}
-
-	request["url"] = summary
 	elapsedTime := item.Pair.Response.CaptureTime.Sub(item.Pair.Request.CaptureTime).Round(time.Millisecond).Milliseconds()
 	if elapsedTime < 0 {
 		elapsedTime = 0
@@ -96,17 +85,50 @@ func (d dissecting) Analyze(item *api.OutputChannelItem, resolvedSource string,
 		Outgoing:    item.ConnectionInfo.IsOutgoing,
 		Request:     reqDetails,
 		Response:    resDetails,
-		Method:      method,
-		Status:      0,
 		Timestamp:   item.Timestamp,
 		StartTime:   item.Pair.Request.CaptureTime,
 		ElapsedTime: elapsedTime,
-		Summary:     summary,
-		IsOutgoing:  item.ConnectionInfo.IsOutgoing,
 	}

 }

+func (d dissecting) Summarize(entry *api.Entry) *api.BaseEntry {
+	status := 0
+	statusQuery := ""
+
+	method := ""
+	methodQuery := ""
+	if entry.Request["command"] != nil {
+		method = entry.Request["command"].(string)
+		methodQuery = fmt.Sprintf(`request.command == "%s"`, method)
+	}
+
+	summary := ""
+	summaryQuery := ""
+	if entry.Request["key"] != nil {
+		summary = entry.Request["key"].(string)
+		summaryQuery = fmt.Sprintf(`request.key == "%s"`, summary)
+	}
+
+	return &api.BaseEntry{
+		Id:             entry.Id,
+		Protocol:       entry.Protocol,
+		Summary:        summary,
+		SummaryQuery:   summaryQuery,
+		Status:         status,
+		StatusQuery:    statusQuery,
+		Method:         method,
+		MethodQuery:    methodQuery,
+		Timestamp:      entry.Timestamp,
+		Source:         entry.Source,
+		Destination:    entry.Destination,
+		IsOutgoing:     entry.Outgoing,
+		Latency:        entry.ElapsedTime,
+		Rules:          entry.Rules,
+		ContractStatus: entry.ContractStatus,
+	}
+}
+
 func (d dissecting) Represent(request map[string]interface{}, response map[string]interface{}) (object []byte, bodySize int64, err error) {
 	bodySize = 0
 	representation := make(map[string]interface{})
--- a/tap/extensions/redis/main_test.go
+++ b/tap/extensions/redis/main_test.go
@@ -22,14 +22,16 @@ import (
 const (
 	binDir          = "bin"
 	patternBin      = "*_req.bin"
-	patternDissect  = "*.json"
+	patternExpect   = "*.json"
 	msgDissecting   = "Dissecting:"
 	msgAnalyzing    = "Analyzing:"
+	msgSummarizing  = "Summarizing:"
 	msgRepresenting = "Representing:"
 	respSuffix      = "_res.bin"
 	expectDir       = "expect"
 	dissectDir      = "dissect"
 	analyzeDir      = "analyze"
+	summarizeDir    = "summarize"
 	representDir    = "represent"
 	testUpdate      = "TEST_UPDATE"
 )
@@ -187,7 +189,7 @@ func TestAnalyze(t *testing.T) {
 	}

 	dissector := NewDissector()
-	paths, err := filepath.Glob(path.Join(expectDirDissect, patternDissect))
+	paths, err := filepath.Glob(path.Join(expectDirDissect, patternExpect))
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -231,6 +233,63 @@ func TestAnalyze(t *testing.T) {
 	}
 }

+func TestSummarize(t *testing.T) {
+	_, testUpdateEnabled := os.LookupEnv(testUpdate)
+
+	expectDirAnalyze := path.Join(expectDir, analyzeDir)
+	expectDirSummarize := path.Join(expectDir, summarizeDir)
+
+	if testUpdateEnabled {
+		os.RemoveAll(expectDirSummarize)
+		err := os.MkdirAll(expectDirSummarize, 0775)
+		assert.Nil(t, err)
+	}
+
+	dissector := NewDissector()
+	paths, err := filepath.Glob(path.Join(expectDirAnalyze, patternExpect))
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, _path := range paths {
+		fmt.Printf("%s %s\n", msgSummarizing, _path)
+
+		bytes, err := ioutil.ReadFile(_path)
+		assert.Nil(t, err)
+
+		var entries []*api.Entry
+		err = json.Unmarshal(bytes, &entries)
+		assert.Nil(t, err)
+
+		var baseEntries []*api.BaseEntry
+		for _, entry := range entries {
+			baseEntry := dissector.Summarize(entry)
+			baseEntries = append(baseEntries, baseEntry)
+		}
+
+		pathExpect := path.Join(expectDirSummarize, filepath.Base(_path))
+
+		marshaled, err := json.Marshal(baseEntries)
+		assert.Nil(t, err)
+
+		if testUpdateEnabled {
+			if len(baseEntries) > 0 {
+				err = os.WriteFile(pathExpect, marshaled, 0644)
+				assert.Nil(t, err)
+			}
+		} else {
+			if _, err := os.Stat(pathExpect); errors.Is(err, os.ErrNotExist) {
+				assert.Len(t, entries, 0)
+			} else {
+				expectedBytes, err := ioutil.ReadFile(pathExpect)
+				assert.Nil(t, err)
+
+				assert.JSONEq(t, string(expectedBytes), string(marshaled))
+			}
+		}
+	}
+}
+
 func TestRepresent(t *testing.T) {
 	_, testUpdateEnabled := os.LookupEnv(testUpdate)

@@ -244,7 +303,7 @@ func TestRepresent(t *testing.T) {
 	}

 	dissector := NewDissector()
-	paths, err := filepath.Glob(path.Join(expectDirAnalyze, patternDissect))
+	paths, err := filepath.Glob(path.Join(expectDirAnalyze, patternExpect))
 	if err != nil {
 		log.Fatal(err)
 	}
--- a/tap/tlstapper/bpf-builder/Dockerfile
+++ b/tap/tlstapper/bpf-builder/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3
+FROM alpine:3.14

 RUN apk --no-cache update && apk --no-cache add clang llvm libbpf-dev go linux-headers

--- a/tap/tlstapper/tls_process_discoverer.go
+++ b/tap/tlstapper/tls_process_discoverer.go
@@ -132,8 +132,22 @@ func extractCgroup(lines []string) string {
 	return ""
 }

+// cgroup in the /proc/<pid>/cgroup may look something like
+//
+//  /system.slice/docker-<ID>.scope
+//  /system.slice/containerd-<ID>.scope
+//  /kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod3beae8e0_164d_4689_a087_efd902d8c2ab.slice/docker-<ID>.scope
+//  /kubepods/besteffort/pod7709c1d5-447c-428f-bed9-8ddec35c93f4/<ID>
+//
+// This function extract the <ID> out of the cgroup path, the <ID> should match 
+//	the "Container ID:" field when running kubectl describe pod <POD>
+//
 func normalizeCgroup(cgrouppath string) string {
 	basename := strings.TrimSpace(path.Base(cgrouppath))
+	
+	if strings.Contains(basename, "-") {
+		basename = basename[strings.Index(basename, "-") + 1:]
+	}

 	if strings.Contains(basename, ".") {
 		return strings.TrimSuffix(basename, filepath.Ext(basename))
--- a/tap/tlstapper/tlstapper_bpfeb.go
+++ b/tap/tlstapper/tlstapper_bpfeb.go
@@ -1,5 +1,4 @@
 // Code generated by bpf2go; DO NOT EDIT.
-//go:build arm64be || armbe || mips || mips64 || mips64p32 || ppc64 || s390 || s390x || sparc || sparc64
 // +build arm64be armbe mips mips64 mips64p32 ppc64 s390 s390x sparc sparc64

 package tlstapper
--- a/tap/tlstapper/tlstapper_bpfeb.o
+++ b/tap/tlstapper/tlstapper_bpfeb.o
--- a/tap/tlstapper/tlstapper_bpfel.go
+++ b/tap/tlstapper/tlstapper_bpfel.go
@@ -1,5 +1,4 @@
 // Code generated by bpf2go; DO NOT EDIT.
-//go:build 386 || amd64 || amd64p32 || arm || arm64 || mips64le || mips64p32le || mipsle || ppc64le || riscv64
 // +build 386 amd64 amd64p32 arm arm64 mips64le mips64p32le mipsle ppc64le riscv64

 package tlstapper
--- a/tap/tlstapper/tlstapper_bpfel.o
+++ b/tap/tlstapper/tlstapper_bpfel.o
--- a/ui/package-lock.json
+++ b/ui/package-lock.json
--- a/ui/src/App.tsx
+++ b/ui/src/App.tsx
@@ -5,11 +5,14 @@ import {TrafficPage} from "./components/Pages/TrafficPage/TrafficPage";
 import { ServiceMapModal } from './components/ServiceMapModal/ServiceMapModal';
 import {useRecoilState} from "recoil";
 import serviceMapModalOpenAtom from "./recoil/serviceMapModalOpen";
+import OasModal from './components/OasModal/OasModal';
+import oasModalOpenAtom from './recoil/oasModalOpen/atom';

 const App = () => {

    const [analyzeStatus, setAnalyzeStatus] = useState(null);
    const [serviceMapModalOpen, setServiceMapModalOpen] = useRecoilState(serviceMapModalOpenAtom);
+    const [oasModalOpen, setOasModalOpen] = useRecoilState(oasModalOpenAtom)

    return (
        <div className="mizuApp">
@@ -20,6 +23,10 @@ const App = () => {
                onOpen={() => setServiceMapModalOpen(true)}
                onClose={() => setServiceMapModalOpen(false)}
            />}
+            {window["isOasEnabled"] && <OasModal
+                openModal={oasModalOpen}
+                handleCloseModal={() => setOasModalOpen(false)}
+            />}
        </div>
    );
 }
--- a/ui/src/components/EntryDetailed.tsx
+++ b/ui/src/components/EntryDetailed.tsx
@@ -119,7 +119,7 @@ export const EntryDetailed = () => {
            bodySize={entryData.bodySize}
            elapsedTime={entryData.data.elapsedTime}
        />}
-        {entryData && <EntrySummary entry={entryData.data}/>}
+        {entryData && <EntrySummary entry={entryData.base}/>}
        <>
            {entryData && <EntryViewer
                representation={entryData.representation}
--- a/ui/src/components/EntryListItem/EntryListItem.tsx
+++ b/ui/src/components/EntryListItem/EntryListItem.tsx
@@ -25,9 +25,12 @@ interface TCPInterface {
 interface Entry {
    proto: ProtocolInterface,
    method?: string,
+    methodQuery?: string,
    summary: string,
+    summaryQuery: string,
    id: number,
    status?: number;
+    statusQuery?: string;
    timestamp: Date;
    src: TCPInterface,
    dst: TCPInterface,
@@ -152,10 +155,10 @@ export const EntryItem: React.FC<EntryProps> = ({entry, style, headingMode}) =>
                horizontal={false}
            /> : null}
            {isStatusCodeEnabled && <div>
-                <StatusCode statusCode={entry.status}/>
+                <StatusCode statusCode={entry.status} statusQuery={entry.statusQuery}/>
            </div>}
            <div className={styles.endpointServiceContainer} style={{paddingLeft: endpointServiceContainer}}>
-                <Summary method={entry.method} summary={entry.summary}/>
+                <Summary method={entry.method} methodQuery={entry.methodQuery} summary={entry.summary} summaryQuery={entry.summaryQuery}/>
                <div className={styles.resolvedName}>
                    <Queryable
                        query={`src.name == "${entry.src.name}"`}
--- a/ui/src/components/OasModal/OasModal.module.sass
+++ b/ui/src/components/OasModal/OasModal.module.sass
@@ -0,0 +1,29 @@
+@import '../../variables.module.scss'
+
+.boxContainer 
+    display: flex
+    justifyContent: space-between
+    padding: 10px
+
+.selectHeader
+    display: flex
+    align-items: center
+    width: 100%
+    margin-top: -1%
+
+.openApilogo
+    width: 36px
+
+.title
+    color:#494677
+    font-family: Lato
+    font-size: 20px
+    font-weight: 600
+
+.selectContainer
+    margin-left: 1%
+
+.redoc
+    height: 98%
+    overflow-y: scroll
+
--- a/ui/src/components/OasModal/OasModal.sass
+++ b/ui/src/components/OasModal/OasModal.sass
@@ -1,6 +0,0 @@
-@import '../../variables.module.scss'
-
-.NotSelectedMessage
-    margin-left: 41%
-    padding-top: 3%
-    font-size: large
--- a/ui/src/components/OasModal/OasModal.tsx
+++ b/ui/src/components/OasModal/OasModal.tsx
@@ -1,44 +1,86 @@
-import { Box, Fade, FormControl, MenuItem, Modal } from "@material-ui/core";
-import { useEffect, useState } from "react";
+import { Box, Fade, FormControl, MenuItem, Modal, Backdrop, ListSubheader } from "@material-ui/core";
+import { useCallback, useEffect, useState } from "react";
 import { RedocStandalone } from "redoc";
 import Api from "../../helpers/api";
 import { Select } from "../UI/Select";
 import closeIcon from "../assets/closeIcon.svg";
 import { toast } from 'react-toastify';
-import './OasModal.sass'
+import style from './OasModal.module.sass';
+import openApiLogo from '../assets/openApiLogo.png'
+import { redocThemeOptions } from "./redocThemeOptions";
+
+const modalStyle = {
+  position: 'absolute',
+  top: '6%',
+  left: '50%',
+  transform: 'translate(-50%, 0%)',
+  width: '89vw',
+  height: '82vh',
+  bgcolor: 'background.paper',
+  borderRadius: '5px',
+  boxShadow: 24,
+  p: 4,
+  color: '#000',
+};

 const api = Api.getInstance();
-const noOasServiceSelectedMessage = "Please Select OasService";
+const ipAddressWithPortRegex = new RegExp('([0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}):([0-9]{1,5})');

 const OasModal = ({ openModal, handleCloseModal }) => { 
-  const [oasServices, setOasServices] = useState([])
+  const [oasServices, setOasServices] = useState([] as string[])
  const [selectedServiceName, setSelectedServiceName] = useState("");
  const [selectedServiceSpec, setSelectedServiceSpec] = useState(null);
+  const [resolvedServices, setResolvedServices] = useState([]);
+  const [unResolvedServices, setUnResolvedServices] = useState([]);
+
+  const onSelectedOASService = useCallback( async (selectedService) => {
+    if (!!selectedService){
+      setSelectedServiceName(selectedService);
+      if(oasServices.length === 0){
+        return
+      }
+      try {
+        const data = await api.getOasByService(selectedService);
+        setSelectedServiceSpec(data);
+      } catch (e) {
+        toast.error("Error occurred while fetching service OAS spec");
+        console.error(e);
+      }
+    }
+  },[oasServices.length])
+
+  const resolvedArrayBuilder = useCallback(async(services) => {
+    const resServices = [];
+    const unResServices = [];
+    services.forEach(s => {
+      if(ipAddressWithPortRegex.test(s)){
+        unResServices.push(s);
+      }
+      else {
+        resServices.push(s);
+      }
+    });
+
+    resServices.sort();
+    unResServices.sort();
+    onSelectedOASService(resServices[0]);
+    setResolvedServices(resServices);
+    setUnResolvedServices(unResServices);
+  },[onSelectedOASService])

  useEffect(() => {
    (async () => {
      try {
        const services = await api.getOasServices();
+        resolvedArrayBuilder(services);
        setOasServices(services);
      } catch (e) {
        console.error(e);
      }
    })();
-  }, [openModal]);
+  }, [openModal,resolvedArrayBuilder]);
+

-  const onSelectedOASService = async (selectedService) => {
-    setSelectedServiceName(selectedService);
-    if(oasServices.length === 0){
-      return
-    }
-    try {
-      const data = await api.getOasByService(selectedService);
-      setSelectedServiceSpec(data);
-    } catch (e) {
-      toast.error("Error occurred while fetching service OAS spec");
-      console.error(e);
-    }
-  };

  return (
    <Modal
@@ -47,43 +89,50 @@ const OasModal = ({ openModal, handleCloseModal }) => {
      open={openModal}
      onClose={handleCloseModal}
      closeAfterTransition
-      hideBackdrop={true}
-      style={{ overflow: "auto", backgroundColor: "#ffffff", color:"black" }}
+      BackdropComponent={Backdrop}
+      BackdropProps={{
+          timeout: 500,
+      }}
    >
      <Fade in={openModal}>
-        <Box>
-          <div
-            style={{
-              display: "flex",
-              justifyContent: "space-between",
-              padding: "1%",
-            }}
-          >
-            <div style={{ marginLeft: "40%" }}>
-              <FormControl>
-                <Select
-                  labelId="service-select-label"
-                  id="service-select"
-                  label="Show OAS"
-                  placeholder="Show OAS"
-                  value={selectedServiceName}
-                  onChange={onSelectedOASService}
-                >
-                  {oasServices.map((service) => (
-                    <MenuItem key={service} value={service}>
-                      {service}
-                    </MenuItem>
-                  ))}
-                </Select>
-              </FormControl>
+        <Box sx={modalStyle}>
+          <div className={style.boxContainer}>
+            <div className={style.selectHeader}>
+              <div><img src={openApiLogo} alt="openApi" className={style.openApilogo}/></div>
+                <div className={style.title}>OpenAPI selected service: </div>
+                <div className={style.selectContainer} >
+                  <FormControl>
+                    <Select
+                      labelId="service-select-label"
+                      id="service-select"
+                      placeholder="Show OAS"
+                      value={selectedServiceName}
+                      onChange={onSelectedOASService}
+                    >
+                      <ListSubheader disableSticky={true}>Resolved</ListSubheader>
+                      {resolvedServices.map((service) => (
+                        <MenuItem key={service} value={service}>
+                          {service}
+                        </MenuItem>
+                      ))}
+                      <ListSubheader disableSticky={true}>UnResolved</ListSubheader>
+                      {unResolvedServices.map((service) => (
+                        <MenuItem key={service} value={service}>
+                          {service}
+                        </MenuItem>
+                      ))} 
+                    </Select>
+                  </FormControl>
+                </div>
            </div>
            <div style={{ cursor: "pointer" }}>
-              <img src={closeIcon} alt="Back" onClick={handleCloseModal} />
+              <img src={closeIcon} alt="close" onClick={handleCloseModal} />
            </div>
          </div>
-          {selectedServiceSpec && <RedocStandalone spec={selectedServiceSpec} />}
-          <div className="NotSelectedMessage">
-            {!selectedServiceName && noOasServiceSelectedMessage}
+          <div className={style.redoc}>
+          {selectedServiceSpec && <RedocStandalone 
+                                    spec={selectedServiceSpec}   
+                                    options={redocThemeOptions}/>}
          </div>
        </Box>
      </Fade>
--- a/ui/src/components/OasModal/redocThemeOptions.ts
+++ b/ui/src/components/OasModal/redocThemeOptions.ts
@@ -0,0 +1,35 @@
+export const redocThemeOptions = {    
+    theme:{
+      codeBlock:{
+        backgroundColor:"#11171a",
+      },
+      colors:{
+        responses:{
+          error:{
+            tabTextColor:"#1b1b29"
+          },
+          info:{
+            tabTextColor:"#1b1b29",
+          },
+          success:{
+            tabTextColor:"#0c0b1a"
+          },
+        },
+        text:{
+          primary:"#1b1b29",
+          secondary:"#4d4d4d"
+        }
+      },
+      rightPanel:{
+        backgroundColor:"#253237",
+      },
+      sidebar:{
+        backgroundColor:"#ffffff"
+      },
+      typography:{
+        code:{
+          color:"#0c0b1a"
+        }
+      }
+    }
+  }
--- a/ui/src/components/Pages/TrafficPage/TrafficPage.tsx
+++ b/ui/src/components/Pages/TrafficPage/TrafficPage.tsx
@@ -18,12 +18,12 @@ import entriesAtom from "../../../recoil/entries";
 import focusedEntryIdAtom from "../../../recoil/focusedEntryId";
 import websocketConnectionAtom, {WsConnectionStatus} from "../../../recoil/wsConnection";
 import queryAtom from "../../../recoil/query";
-import OasModal from "../../OasModal/OasModal";
 import {useCommonStyles} from "../../../helpers/commonStyle"
 import {TLSWarning} from "../../TLSWarning/TLSWarning";
 import serviceMapModalOpenAtom from "../../../recoil/serviceMapModalOpen";
 import serviceMap from "../../assets/serviceMap.svg";
 import services from "../../assets/services.svg";
+import oasModalOpenAtom from "../../../recoil/oasModalOpen/atom";

 const useLayoutStyles = makeStyles(() => ({
  details: {
@@ -59,6 +59,7 @@ export const TrafficPage: React.FC<TrafficPageProps> = ({setAnalyzeStatus}) => {
    const [focusedEntryId, setFocusedEntryId] = useRecoilState(focusedEntryIdAtom);
    const [wsConnection, setWsConnection] = useRecoilState(websocketConnectionAtom);
    const setServiceMapModalOpen = useSetRecoilState(serviceMapModalOpenAtom);
+    const [openOasModal, setOpenOasModal] = useRecoilState(oasModalOpenAtom);
    const query = useRecoilValue(queryAtom);

    const [noMoreDataTop, setNoMoreDataTop] = useState(false);
@@ -75,10 +76,6 @@ export const TrafficPage: React.FC<TrafficPageProps> = ({setAnalyzeStatus}) => {
    const [startTime, setStartTime] = useState(0);
    const scrollableRef = useRef(null);

-    const [openOasModal, setOpenOasModal] = useState(false);
-    
-    const handleCloseModal = () => setOpenOasModal(false);
-
    const [showTLSWarning, setShowTLSWarning] = useState(false);
    const [userDismissedTLSWarning, setUserDismissedTLSWarning] = useState(false);
    const [addressesWithTLS, setAddressesWithTLS] = useState(new Set<string>());
@@ -283,7 +280,7 @@ export const TrafficPage: React.FC<TrafficPageProps> = ({setAnalyzeStatus}) => {
            </div>
          </div>
        </div>
-        <div style={{ display: 'flex' }}>
+        <div style={{ display: 'flex', height: "100%" }}>
          {window["isOasEnabled"] && <Button
            startIcon={<img className="custom" src={services} alt="services"></img>}
            size="large"
@@ -306,10 +303,6 @@ export const TrafficPage: React.FC<TrafficPageProps> = ({setAnalyzeStatus}) => {
          </Button>}
        </div>
      </div>
-      {window["isOasEnabled"] && <OasModal
-        openModal={openOasModal}
-        handleCloseModal={handleCloseModal}
-      />}
      {<div className="TrafficPage-Container">
        <div className="TrafficPage-ListContainer">
          <Filters
--- a/ui/src/components/ServiceMapModal/ServiceMapModal.tsx
+++ b/ui/src/components/ServiceMapModal/ServiceMapModal.tsx
@@ -81,11 +81,11 @@ interface ServiceMapModalProps {

 const modalStyle = {
    position: 'absolute',
-    top: '10%',
+    top: '6%',
    left: '50%',
    transform: 'translate(-50%, 0%)',
-    width: '80vw',
-    height: '80vh',
+    width: '89vw',
+    height: '82vh',
    bgcolor: 'background.paper',
    borderRadius: '5px',
    boxShadow: 24,
--- a/ui/src/components/UI/StatusCode.tsx
+++ b/ui/src/components/UI/StatusCode.tsx
@@ -10,14 +10,15 @@ export enum StatusCodeClassification {

 interface EntryProps {
    statusCode: number
+    statusQuery: string
 }

-const StatusCode: React.FC<EntryProps> = ({statusCode}) => {
+const StatusCode: React.FC<EntryProps> = ({statusCode, statusQuery}) => {

    const classification = getClassification(statusCode)

    return <Queryable
-        query={`response.status == ${statusCode}`}
+        query={statusQuery}
        displayIconOnMouseOver={true}
        flipped={true}
        iconStyle={{marginTop: "40px", paddingLeft: "10px"}}
--- a/ui/src/components/UI/Summary.tsx
+++ b/ui/src/components/UI/Summary.tsx
@@ -5,14 +5,16 @@ import Queryable from "./Queryable";

 interface SummaryProps {
    method: string
+    methodQuery: string
    summary: string
+    summaryQuery: string
 }

-export const Summary: React.FC<SummaryProps> = ({method, summary}) => {
+export const Summary: React.FC<SummaryProps> = ({method, methodQuery, summary, summaryQuery}) => {

    return <div className={styles.container}>
        {method && <Queryable
-            query={`method == "${method}"`}
+            query={methodQuery}
            className={`${miscStyles.protocol} ${miscStyles.method}`}
            displayIconOnMouseOver={true}
            style={{whiteSpace: "nowrap"}}
@@ -24,7 +26,7 @@ export const Summary: React.FC<SummaryProps> = ({method, summary}) => {
            </span>
        </Queryable>}
        {summary && <Queryable
-            query={`summary == "${summary}"`}
+            query={summaryQuery}
            displayIconOnMouseOver={true}
            flipped={true}
            iconStyle={{zIndex:"5",position:"relative",right:"14px"}}
--- a/ui/src/components/UI/Tabs.tsx
+++ b/ui/src/components/UI/Tabs.tsx
@@ -2,7 +2,6 @@ import Tooltip from "./Tooltip";
 import React from "react";
 import {makeStyles} from '@material-ui/core/styles';
 import variables from '../../variables.module.scss';
-
 interface Tab {
    tab: string,
    disabled?: boolean,
@@ -27,7 +26,7 @@ const useTabsStyles = makeStyles((theme) => ({
        height: 40,
        paddingTop: 15
    },
-
+    
    tab: {
        display: 'inline-block',
        textTransform: 'uppercase',
@@ -40,7 +39,7 @@ const useTabsStyles = makeStyles((theme) => ({
    },

    active: {
-        fontWeight: theme.typography.fontWeightBold,
+        fontWeight: 600,
        color: variables.fontColor,
        cursor: 'unset',
        borderBottom: "2px solid " + variables.fontColor,
--- a/ui/src/components/assets/openApiLogo.png
+++ b/ui/src/components/assets/openApiLogo.png
--- a/ui/src/helpers/api.js
+++ b/ui/src/helpers/api.js
@@ -84,6 +84,11 @@ export default class Api {
        return response.data;
    }

+    gelAlloasServicesInOneSpec = async () => {
+        const response = await this.client.get("/oas/all");
+        return response.data;
+    }
+
    validateQuery = async (query) => {
        if (this.source) {
            this.source.cancel();
--- a/ui/src/index.sass
+++ b/ui/src/index.sass
@@ -146,3 +146,11 @@ button

 ::-webkit-scrollbar-corner
  display: none
+
+// remove powerdby
+.sc-ilfuhL
+  display: none !important
+
+// enable view elements inside redoc  
+.sc-dwsnSq
+  height: 80vh !important
--- a/ui/src/recoil/oasModalOpen/atom.ts
+++ b/ui/src/recoil/oasModalOpen/atom.ts
@@ -0,0 +1,8 @@
+import { atom } from "recoil"
+
+const oasModalOpenAtom = atom({
+    key: "oasModalOpenAtom",
+    default: false
+})
+
+export default oasModalOpenAtom;
--- a/ui/src/recoil/oasModalOpen/index.ts
+++ b/ui/src/recoil/oasModalOpen/index.ts
@@ -0,0 +1,2 @@
+import atom from "./atom";
+export default atom;
Author	SHA1	Message	Date
gadotroee	af61c69fb6	Merge pull request #889 from up9inc/develop develop -> main (Release 29.0) #major	2022-03-13 10:30:12 +02:00
Igor Gov	1cbd9cb199	Adding dev latest tag for each pre-release docker (#888 )	2022-03-13 09:47:49 +02:00
Igor Gov	23c1b66855	Adding dev latest tag for each pre-release docker (#885 )	2022-03-10 17:26:56 +02:00
RoyUP9	f5fa9ff270	Added mizu install template (#884 )	2022-03-09 17:52:55 +02:00
David Levanon	4159938cea	add minikube over virtualbox cgroup format (#882 )	2022-03-09 11:19:11 +02:00
David Levanon	5614e153f3	compile ebpf objects with llvm version 11 (#880 )	2022-03-06 17:45:13 +02:00
Igor Gov	5e90d67b0e	Run PR validation check only when needed & use docker cache during build (#876 ) * Improve PR validation checks	2022-03-06 15:03:43 +02:00
M. Mert Yıldıran	dd430c31d5	Always derive the summary and method fields from the entry in the database on read (#877 ) * Always derive the summary and method fields from the entry in the database on read * Update the expected JSONs in the protocol unit tests * Add test cases for `Summarize` method * Remove unused `GetEntry` method, `DataUnmarshaler` struct and `UnmarshalData` method * Temporarily enable the acceptance tests * Temporarily disable Slack notification on failure * Update the Cypress tests * Fix an issue in Redis * Fix a typo and the Cypress tests * Revert "Temporarily disable Slack notification on failure" This reverts commit `cad1901ea4`. * Revert "Temporarily enable the acceptance tests" This reverts commit `bad7706c9b`.	2022-03-06 15:41:36 +03:00
AmitUp9	c1d774e53c	TRA-4256 gui oas window (#854 ) * styling oas modal window * styled oas modal * review notes fix * oas logo added * small fixes * typo	2022-03-06 12:24:49 +02:00
Igor Gov	c671bc6655	Readme changes: moving all usage documentation to getmizu.io, and have only dev documentation in Github (#879 ) * Update readme to external usage links	2022-03-06 10:44:37 +02:00
gadotroee	2c1aa9022b	Add option to specify k8s context (#878 ) Co-authored-by: M. Mert Yildiran <mehmet@up9.com>	2022-03-05 19:15:33 +02:00
RoyUP9	5af0c5a9e9	Refactor to acceptance tests setup (#875 )	2022-03-03 17:22:26 +02:00
RoyUP9	8217ac3ed0	Switched echo to return json (#874 )	2022-03-03 12:23:09 +02:00
M. Mert Yıldıran	de769131de	Upgrade Basenine version to `v0.5.4` (#873 )	2022-03-02 22:34:06 +03:00
RoyUP9	5f8a5a3a29	Exported test funcs (#872 )	2022-03-02 18:34:51 +02:00
RamiBerm	94dfa68858	Revert "Support stopping oas/servicemesh/telemetry in flight (#867 )" (#868 ) This reverts commit `50c0062db4`.	2022-03-02 09:48:42 +02:00
RamiBerm	50c0062db4	Support stopping oas/servicemesh/telemetry in flight (#867 ) * Update oas_generator.go and servicemap.go * Update oas_generator.go * Update esClient.go * Update servicemap.go	2022-03-01 14:41:23 +02:00
Igor Gov	720969bbe6	Merge pull request #861 from up9inc/develop Develop -> main (28.0) #major	2022-02-27 11:27:05 +02:00