🔖 Bump the Helm chart version to 50.4

* fixes websocket for nginx-ingress

Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>

* update messagem when helm completes

Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>

* force react port to be a path

Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>

* include Authorization header to the proxy

Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>

* remove hub from proxy

Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>

* remove REACT_APP_HUB_PORT info

Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>

* include path back again to REACT_APP_HUB_PORT

Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>

---------

Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>

.dockerignore

@@ -1,16 +0,0 @@
-# Files
-.dockerignore
-.editorconfig
-.gitignore
-Dockerfile
-Makefile
-LICENSE
-**/*.md
-**/*_test.go
-*.out
-
-# Folders
-.git/
-.github/
-build/
-**/node_modules/

Makefile

@@ -68,3 +68,87 @@ kubectl-view-all-resources: ## This command outputs all Kubernetes resources usi
 
 kubectl-view-kubeshark-resources: ## This command outputs all Kubernetes resources in "kubeshark" namespace using YAML format and pipes it to VS Code
 	./kubectl.sh view-kubeshark-resources
+
+generate-helm-values: ## Generate the Helm values from config.yaml
+	./bin/kubeshark__ config > ./helm-chart/values.yaml
+
+generate-manifests: ## Generate the manifests from the Helm chart using default configuration
+	helm template kubeshark -n default ./helm-chart > ./manifests/complete.yaml
+
+logs-worker:
+	export LOGS_POD_PREFIX=kubeshark-worker-
+	export LOGS_FOLLOW=
+	${MAKE} logs
+
+logs-worker-follow:
+	export LOGS_POD_PREFIX=kubeshark-worker-
+	export LOGS_FOLLOW=--follow
+	${MAKE} logs
+
+logs-hub:
+	export LOGS_POD_PREFIX=kubeshark-hub
+	export LOGS_FOLLOW=
+	${MAKE} logs
+
+logs-hub-follow:
+	export LOGS_POD_PREFIX=kubeshark-hub
+	export LOGS_FOLLOW=--follow
+	${MAKE} logs
+
+logs-front:
+	export LOGS_POD_PREFIX=kubeshark-front
+	export LOGS_FOLLOW=
+	${MAKE} logs
+
+logs-front-follow:
+	export LOGS_POD_PREFIX=kubeshark-front
+	export LOGS_FOLLOW=--follow
+	${MAKE} logs
+
+logs:
+	kubectl logs $$(kubectl get pods | awk '$$1 ~ /^$(LOGS_POD_PREFIX)/' | awk 'END {print $$1}') $(LOGS_FOLLOW)
+
+ssh-node:
+	kubectl ssh node $$(kubectl get nodes | awk 'END {print $$1}')
+
+exec-worker:
+	export EXEC_POD_PREFIX=kubeshark-worker-
+	${MAKE} exec
+
+exec-hub:
+	export EXEC_POD_PREFIX=kubeshark-hub
+	${MAKE} exec
+
+exec-front:
+	export EXEC_POD_PREFIX=kubeshark-front
+	${MAKE} exec
+
+exec:
+	kubectl exec --stdin --tty $$(kubectl get pods | awk '$$1 ~ /^$(EXEC_POD_PREFIX)/' | awk 'END {print $$1}') -- /bin/sh
+
+helm-install:
+	cd helm-chart && helm install kubeshark . && cd ..
+
+helm-install-canary:
+	cd helm-chart && helm install kubeshark . --set tap.docker.tag=canary && cd ..
+
+helm-install-dev:
+	cd helm-chart && helm install kubeshark . --set tap.docker.tag=dev && cd ..
+
+helm-install-debug:
+	cd helm-chart && helm install kubeshark . --set tap.debug=true && cd ..
+
+helm-install-debug-canary:
+	cd helm-chart && helm install kubeshark . --set tap.debug=true --set tap.docker.tag=canary && cd ..
+
+helm-install-debug-dev:
+	cd helm-chart && helm install kubeshark . --set tap.debug=true --set tap.docker.tag=dev && cd ..
+
+helm-uninstall:
+	helm uninstall kubeshark
+
+proxy:
+	kubeshark proxy
+
+port-forward-worker:
+	kubectl port-forward $$(kubectl get pods | awk '$$1 ~ /^$(LOGS_POD_PREFIX)/' | awk 'END {print $$1}') $(LOGS_FOLLOW) 8897:8897

README.md

@@ -22,11 +22,9 @@
 
 <p align="center">
   <b>
-  <span>NEW: Introducing </span>
-  <a href="https://docs.kubeshark.co/en/self_hosted">self-hosted Kubeshark</a>, with 
-  <a href="https://docs.kubeshark.co/en/install#helm">Helm</a>,
-  <a href="https://docs.kubeshark.co/en/self_hosted">Ingress & Authentication</a>. Read more about it 
-  <a href="https://kubeshark.co/self-hosting">here</a>.	  
+  <span>NEW: </span>
+  <a href="https://kubeshark.co/traffic-recording">Traffic Recording and Offline Investigation</a>, and  
+  <a href="https://kubeshark.co/self-hosting">Self-hosting with Ingress and Authentication</a>. 
   </b>
 </p>
 

cmd/clean.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 
 	"github.com/creasty/defaults"
+	"github.com/kubeshark/kubeshark/config"
 	"github.com/kubeshark/kubeshark/config/configStructs"
 	"github.com/kubeshark/kubeshark/kubernetes/helm"
 	"github.com/kubeshark/kubeshark/misc"
@@ -15,7 +16,11 @@ var cleanCmd = &cobra.Command{
 	Use:   "clean",
 	Short: fmt.Sprintf("Removes all %s resources", misc.Software),
 	RunE: func(cmd *cobra.Command, args []string) error {
-		resp, err := helm.NewHelmDefault().Uninstall()
+		resp, err := helm.NewHelm(
+			config.Config.Tap.Release.Repo,
+			config.Config.Tap.Release.Name,
+			config.Config.Tap.Release.Namespace,
+		).Uninstall()
 		if err != nil {
 			log.Error().Err(err).Send()
 		} else {
@@ -33,5 +38,5 @@ func init() {
 		log.Debug().Err(err).Send()
 	}
 
-	cleanCmd.Flags().StringP(configStructs.SelfNamespaceLabel, "s", defaultTapConfig.SelfNamespace, "Self-namespace of Kubeshark")
+	cleanCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 }

cmd/common.go

@@ -18,7 +18,7 @@ import (
 )
 
 func startProxyReportErrorIfAny(kubernetesProvider *kubernetes.Provider, ctx context.Context, serviceName string, podName string, proxyPortLabel string, srcPort uint16, dstPort uint16, healthCheck string) {
-	httpServer, err := kubernetes.StartProxy(kubernetesProvider, config.Config.Tap.Proxy.Host, srcPort, config.Config.Tap.SelfNamespace, serviceName)
+	httpServer, err := kubernetes.StartProxy(kubernetesProvider, config.Config.Tap.Proxy.Host, srcPort, config.Config.Tap.Release.Namespace, serviceName)
 	if err != nil {
 		log.Error().
 			Err(errormessage.FormatError(err)).
@@ -38,7 +38,7 @@ func startProxyReportErrorIfAny(kubernetesProvider *kubernetes.Provider, ctx con
 		}
 
 		podRegex, _ := regexp.Compile(podName)
-		if _, err := kubernetes.NewPortForward(kubernetesProvider, config.Config.Tap.SelfNamespace, podRegex, srcPort, dstPort, ctx); err != nil {
+		if _, err := kubernetes.NewPortForward(kubernetesProvider, config.Config.Tap.Release.Namespace, podRegex, srcPort, dstPort, ctx); err != nil {
 			log.Error().
 				Str("pod-regex", podRegex.String()).
 				Err(errormessage.FormatError(err)).
@@ -99,7 +99,7 @@ func handleKubernetesProviderError(err error) {
 	}
 }
 
-func finishSelfExecution(kubernetesProvider *kubernetes.Provider, isNsRestrictedMode bool, selfNamespace string) {
+func finishSelfExecution(kubernetesProvider *kubernetes.Provider) {
 	removalCtx, cancel := context.WithTimeout(context.Background(), cleanupTimeout)
 	defer cancel()
 	dumpLogsIfNeeded(removalCtx, kubernetesProvider)

cmd/config.go

@@ -17,21 +17,20 @@ var configCmd = &cobra.Command{
 	Use:   "config",
 	Short: fmt.Sprintf("Generate %s config with default values", misc.Software),
 	RunE: func(cmd *cobra.Command, args []string) error {
-		configWithDefaults, err := config.GetConfigWithDefaults()
-		if err != nil {
-			log.Error().Err(err).Msg("Failed generating config with defaults.")
-			return nil
-		}
-
 		if config.Config.Config.Regenerate {
-			if err := config.WriteConfig(configWithDefaults); err != nil {
+			defaultConfig := config.CreateDefaultConfig()
+			if err := defaults.Set(&defaultConfig); err != nil {
+				log.Error().Err(err).Send()
+				return nil
+			}
+			if err := config.WriteConfig(&defaultConfig); err != nil {
 				log.Error().Err(err).Msg("Failed generating config with defaults.")
 				return nil
 			}
 
 			log.Info().Str("config-path", config.ConfigFilePath).Msg("Template file written to config path.")
 		} else {
-			template, err := utils.PrettyYaml(configWithDefaults)
+			template, err := utils.PrettyYaml(config.Config)
 			if err != nil {
 				log.Error().Err(err).Msg("Failed converting config with defaults to YAML.")
 				return nil

cmd/console.go

@@ -36,12 +36,13 @@ func init() {
 		log.Debug().Err(err).Send()
 	}
 
-	consoleCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.Port, "Provide a custom port for the Hub")
-	consoleCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Hub")
+	consoleCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the Kubeshark")
+	consoleCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Kubeshark")
+	consoleCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 }
 
 func runConsole() {
-	hubUrl := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)
+	hubUrl := kubernetes.GetHubUrl()
 	response, err := http.Get(fmt.Sprintf("%s/echo", hubUrl))
 	if err != nil || response.StatusCode != 200 {
 		log.Info().Msg(fmt.Sprintf(utils.Yellow, "Couldn't connect to Hub. Establishing proxy..."))
@@ -51,14 +52,16 @@ func runConsole() {
 	interrupt := make(chan os.Signal, 1)
 	signal.Notify(interrupt, os.Interrupt)
 
-	log.Info().Str("host", config.Config.Tap.Proxy.Host).Uint16("port", config.Config.Tap.Proxy.Hub.Port).Msg("Connecting to:")
+	log.Info().Str("host", config.Config.Tap.Proxy.Host).Str("url", hubUrl).Msg("Connecting to:")
 	u := url.URL{
 		Scheme: "ws",
-		Host:   fmt.Sprintf("%s:%d", config.Config.Tap.Proxy.Host, config.Config.Tap.Proxy.Hub.Port),
+		Host:   fmt.Sprintf("%s:%d/api", config.Config.Tap.Proxy.Host, config.Config.Tap.Proxy.Front.Port),
 		Path:   "/scripts/logs",
 	}
+	headers := http.Header{}
+	headers.Set("License-Key", config.Config.License)
 
-	c, _, err := websocket.DefaultDialer.Dial(u.String(), nil)
+	c, _, err := websocket.DefaultDialer.Dial(u.String(), headers)
 	if err != nil {
 		log.Error().Err(err).Send()
 		return

cmd/export.go

@@ -0,0 +1,62 @@
+package cmd
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/creasty/defaults"
+	"github.com/kubeshark/kubeshark/config/configStructs"
+	"github.com/kubeshark/kubeshark/internal/connect"
+	"github.com/kubeshark/kubeshark/kubernetes"
+	"github.com/kubeshark/kubeshark/utils"
+	"github.com/rs/zerolog/log"
+	"github.com/spf13/cobra"
+)
+
+var exportCmd = &cobra.Command{
+	Use:   "export",
+	Short: "Exports the captured traffic into a TAR file that contains PCAP files",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		runExport()
+		return nil
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(exportCmd)
+
+	defaultTapConfig := configStructs.TapConfig{}
+	if err := defaults.Set(&defaultTapConfig); err != nil {
+		log.Debug().Err(err).Send()
+	}
+
+	exportCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the Kubeshark")
+	exportCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Kubeshark")
+	exportCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
+}
+
+func runExport() {
+	hubUrl := kubernetes.GetHubUrl()
+	response, err := http.Get(fmt.Sprintf("%s/echo", hubUrl))
+	if err != nil || response.StatusCode != 200 {
+		log.Info().Msg(fmt.Sprintf(utils.Yellow, "Couldn't connect to Hub. Establishing proxy..."))
+		runProxy(false, true)
+	}
+
+	dstPath, err := filepath.Abs(fmt.Sprintf("./%d.tar.gz", time.Now().Unix()))
+	if err != nil {
+		panic(err)
+	}
+
+	out, err := os.Create(dstPath)
+	if err != nil {
+		panic(err)
+	}
+	defer out.Close()
+
+	connector := connect.NewConnector(kubernetes.GetHubUrl(), connect.DefaultRetries, connect.DefaultTimeout)
+	connector.PostPcapsMerge(out)
+}

cmd/license.go

@@ -0,0 +1,21 @@
+package cmd
+
+import (
+	"fmt"
+
+	"github.com/kubeshark/kubeshark/config"
+	"github.com/spf13/cobra"
+)
+
+var licenseCmd = &cobra.Command{
+	Use:   "license",
+	Short: "Print the license loaded string",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		fmt.Println(config.Config.License)
+		return nil
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(licenseCmd)
+}

cmd/pro.go

@@ -40,19 +40,19 @@ func init() {
 		log.Debug().Err(err).Send()
 	}
 
-	proCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.Port, "Provide a custom port for the Hub")
-	proCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Hub")
+	proCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the Kubeshark")
+	proCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Kubeshark")
 }
 
 func acquireLicense() {
-	hubUrl := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)
+	hubUrl := kubernetes.GetHubUrl()
 	response, err := http.Get(fmt.Sprintf("%s/echo", hubUrl))
 	if err != nil || response.StatusCode != 200 {
 		log.Info().Msg(fmt.Sprintf(utils.Yellow, "Couldn't connect to Hub. Establishing proxy..."))
 		runProxy(false, true)
 	}
 
-	connector = connect.NewConnector(kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port), connect.DefaultRetries, connect.DefaultTimeout)
+	connector = connect.NewConnector(kubernetes.GetHubUrl(), connect.DefaultRetries, connect.DefaultTimeout)
 
 	log.Info().Str("url", PRO_URL).Msg("Opening in the browser:")
 	utils.OpenBrowser(PRO_URL)

cmd/proxy.go

@@ -24,7 +24,7 @@ func init() {
 		log.Debug().Err(err).Send()
 	}
 
-	proxyCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the front-end proxy/port-forward")
-	proxyCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.Port, "Provide a custom port for the Hub proxy/port-forward")
+	proxyCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the proxy/port-forward")
 	proxyCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the proxy/port-forward")
+	proxyCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 }

cmd/proxyRunner.go

@@ -23,7 +23,7 @@ func runProxy(block bool, noBrowser bool) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	exists, err := kubernetesProvider.DoesServiceExist(ctx, config.Config.Tap.SelfNamespace, kubernetes.FrontServiceName)
+	exists, err := kubernetesProvider.DoesServiceExist(ctx, config.Config.Tap.Release.Namespace, kubernetes.FrontServiceName)
 	if err != nil {
 		log.Error().
 			Str("service", kubernetes.FrontServiceName).
@@ -42,7 +42,7 @@ func runProxy(block bool, noBrowser bool) {
 		return
 	}
 
-	exists, err = kubernetesProvider.DoesServiceExist(ctx, config.Config.Tap.SelfNamespace, kubernetes.HubServiceName)
+	exists, err = kubernetesProvider.DoesServiceExist(ctx, config.Config.Tap.Release.Namespace, kubernetes.HubServiceName)
 	if err != nil {
 		log.Error().
 			Str("service", kubernetes.HubServiceName).
@@ -63,38 +63,8 @@ func runProxy(block bool, noBrowser bool) {
 
 	var establishedProxy bool
 
-	hubUrl := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)
-	response, err := http.Get(fmt.Sprintf("%s/echo", hubUrl))
-	if err == nil && response.StatusCode == 200 {
-		log.Info().
-			Str("service", kubernetes.HubServiceName).
-			Int("port", int(config.Config.Tap.Proxy.Hub.Port)).
-			Msg("Found a running service.")
-
-		okToOpen("Hub", hubUrl, true)
-	} else {
-		startProxyReportErrorIfAny(
-			kubernetesProvider,
-			ctx,
-			kubernetes.HubServiceName,
-			kubernetes.HubPodName,
-			configStructs.ProxyHubPortLabel,
-			config.Config.Tap.Proxy.Hub.Port,
-			configStructs.ContainerPort,
-			"/echo",
-		)
-		connector := connect.NewConnector(hubUrl, connect.DefaultRetries, connect.DefaultTimeout)
-		if err := connector.TestConnection("/echo"); err != nil {
-			log.Error().Msg(fmt.Sprintf(utils.Red, "Couldn't connect to Hub."))
-			return
-		}
-
-		establishedProxy = true
-		okToOpen("Hub", hubUrl, true)
-	}
-
 	frontUrl := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Front.Port)
-	response, err = http.Get(fmt.Sprintf("%s/", frontUrl))
+	response, err := http.Get(fmt.Sprintf("%s/", frontUrl))
 	if err == nil && response.StatusCode == 200 {
 		log.Info().
 			Str("service", kubernetes.FrontServiceName).

cmd/scripts.go

@@ -34,8 +34,9 @@ func init() {
 		log.Debug().Err(err).Send()
 	}
 
-	scriptsCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.Port, "Provide a custom port for the Hub")
-	scriptsCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Hub")
+	scriptsCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the Kubeshark")
+	scriptsCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Kubeshark")
+	scriptsCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 }
 
 func runScripts() {
@@ -44,14 +45,14 @@ func runScripts() {
 		return
 	}
 
-	hubUrl := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)
+	hubUrl := kubernetes.GetHubUrl()
 	response, err := http.Get(fmt.Sprintf("%s/echo", hubUrl))
 	if err != nil || response.StatusCode != 200 {
 		log.Info().Msg(fmt.Sprintf(utils.Yellow, "Couldn't connect to Hub. Establishing proxy..."))
 		runProxy(false, true)
 	}
 
-	connector = connect.NewConnector(kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port), connect.DefaultRetries, connect.DefaultTimeout)
+	connector = connect.NewConnector(kubernetes.GetHubUrl(), connect.DefaultRetries, connect.DefaultTimeout)
 
 	watchScripts(true)
 }

cmd/tap.go

@@ -47,19 +47,18 @@ func init() {
 	tapCmd.Flags().StringP(configStructs.DockerTagLabel, "t", defaultTapConfig.Docker.Tag, "The tag of the Docker images that are going to be pulled")
 	tapCmd.Flags().String(configStructs.DockerImagePullPolicy, defaultTapConfig.Docker.ImagePullPolicy, "ImagePullPolicy for the Docker images")
 	tapCmd.Flags().StringSlice(configStructs.DockerImagePullSecrets, defaultTapConfig.Docker.ImagePullSecrets, "ImagePullSecrets for the Docker images")
-	tapCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the front-end proxy/port-forward")
-	tapCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.Port, "Provide a custom port for the Hub proxy/port-forward")
+	tapCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the proxy/port-forward")
 	tapCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the proxy/port-forward")
 	tapCmd.Flags().StringSliceP(configStructs.NamespacesLabel, "n", defaultTapConfig.Namespaces, "Namespaces selector")
-	tapCmd.Flags().StringP(configStructs.SelfNamespaceLabel, "s", defaultTapConfig.SelfNamespace, "Self-namespace of Kubeshark")
+	tapCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 	tapCmd.Flags().Bool(configStructs.PersistentStorageLabel, defaultTapConfig.PersistentStorage, "Enable persistent storage (PersistentVolumeClaim)")
 	tapCmd.Flags().String(configStructs.StorageLimitLabel, defaultTapConfig.StorageLimit, "Override the default storage limit (per node)")
 	tapCmd.Flags().String(configStructs.StorageClassLabel, defaultTapConfig.StorageClass, "Override the default storage class of the PersistentVolumeClaim (per node)")
 	tapCmd.Flags().Bool(configStructs.DryRunLabel, defaultTapConfig.DryRun, "Preview of all pods matching the regex, without tapping them")
-	tapCmd.Flags().StringP(configStructs.PcapLabel, "p", defaultTapConfig.Pcap, fmt.Sprintf("Capture from a PCAP snapshot of %s (.tar.gz) using your Docker Daemon instead of Kubernetes", misc.Software))
+	tapCmd.Flags().StringP(configStructs.PcapLabel, "p", defaultTapConfig.Pcap, fmt.Sprintf("Capture from a PCAP snapshot of %s (.tar.gz) using your Docker Daemon instead of Kubernetes. TAR path from the file system or an S3 URI (object, folder or the bucket)", misc.Software))
 	tapCmd.Flags().Bool(configStructs.ServiceMeshLabel, defaultTapConfig.ServiceMesh, "Capture the encrypted traffic if the cluster is configured with a service mesh and with mTLS")
 	tapCmd.Flags().Bool(configStructs.TlsLabel, defaultTapConfig.Tls, "Capture the traffic that's encrypted with OpenSSL or Go crypto/tls libraries")
 	tapCmd.Flags().Bool(configStructs.IgnoreTaintedLabel, defaultTapConfig.IgnoreTainted, "Ignore tainted pods while running Worker DaemonSet")
 	tapCmd.Flags().Bool(configStructs.IngressEnabledLabel, defaultTapConfig.Ingress.Enabled, "Enable Ingress")
-	tapCmd.Flags().Bool(configStructs.DebugLabel, defaultTapConfig.Debug, "Enable the debug mode")
+	tapCmd.Flags().Bool(configStructs.TelemetryEnabledLabel, defaultTapConfig.Telemetry.Enabled, "Enable/disable Telemetry")
 }

cmd/tapPcapRunner.go

@@ -1,13 +1,24 @@
 package cmd
 
 import (
+	"archive/tar"
 	"bufio"
+	"compress/gzip"
 	"context"
 	"encoding/json"
 	"fmt"
 	"io"
+	"net/url"
 	"os"
+	"path/filepath"
+	"strings"
+	"sync"
 
+	"github.com/aws/aws-sdk-go-v2/aws"
+	awsConfig "github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/feature/s3/manager"
+	"github.com/aws/aws-sdk-go-v2/service/s3"
+	s3Types "github.com/aws/aws-sdk-go-v2/service/s3/types"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
@@ -62,6 +73,7 @@ func logPullingImage(image string, reader io.ReadCloser) {
 }
 
 func pullImages(ctx context.Context, cli *client.Client, imageFront string, imageHub string, imageWorker string) error {
+	log.Info().Msg("Pulling images...")
 	readerFront, err := cli.ImagePull(ctx, imageFront, types.ImagePullOptions{})
 	if err != nil {
 		return err
@@ -93,7 +105,7 @@ func cleanUpOldContainers(
 	nameHub string,
 	nameWorker string,
 ) error {
-	containers, err := cli.ContainerList(ctx, types.ContainerListOptions{})
+	containers, err := cli.ContainerList(ctx, types.ContainerListOptions{All: true})
 	if err != nil {
 		return err
 	}
@@ -157,7 +169,7 @@ func createAndStartContainers(
 		Env: []string{
 			"REACT_APP_DEFAULT_FILTER= ",
 			"REACT_APP_HUB_HOST= ",
-			fmt.Sprintf("REACT_APP_HUB_PORT=%d", config.Config.Tap.Proxy.Hub.Port),
+			fmt.Sprintf("REACT_APP_HUB_PORT=:%d", config.Config.Tap.Proxy.Hub.Port),
 		},
 	}, hostConfigFront, nil, nil, nameFront)
 	if err != nil {
@@ -271,7 +283,172 @@ func stopAndRemoveContainers(
 	return
 }
 
-func pcap(tarPath string) {
+func downloadTarFromS3(s3Url string) (tarPath string, err error) {
+	u, err := url.Parse(s3Url)
+	if err != nil {
+		return
+	}
+
+	bucket := u.Host
+	key := u.Path[1:]
+
+	var cfg aws.Config
+	cfg, err = awsConfig.LoadDefaultConfig(context.TODO())
+	if err != nil {
+		return
+	}
+
+	client := s3.NewFromConfig(cfg)
+
+	var listObjectsOutput *s3.ListObjectsV2Output
+	listObjectsOutput, err = client.ListObjectsV2(context.TODO(), &s3.ListObjectsV2Input{
+		Bucket: aws.String(bucket),
+		Prefix: aws.String(key),
+	})
+	if err != nil {
+		return
+	}
+
+	var file *os.File
+	file, err = os.CreateTemp(os.TempDir(), fmt.Sprintf("%s_*.%s", strings.TrimSuffix(filepath.Base(key), filepath.Ext(key)), filepath.Ext(key)))
+	if err != nil {
+		return
+	}
+	defer file.Close()
+
+	log.Info().Str("bucket", bucket).Str("key", key).Msg("Downloading from S3")
+
+	downloader := manager.NewDownloader(client)
+	_, err = downloader.Download(context.TODO(), file, &s3.GetObjectInput{
+		Bucket: aws.String(bucket),
+		Key:    aws.String(key),
+	})
+	if err != nil {
+		log.Info().Err(err).Msg("S3 object is not found. Assuming URL is not a single object. Listing the objects in given folder or the bucket to download...")
+
+		var tempDirPath string
+		tempDirPath, err = os.MkdirTemp(os.TempDir(), "kubeshark_*")
+		if err != nil {
+			return
+		}
+
+		var wg sync.WaitGroup
+		for _, object := range listObjectsOutput.Contents {
+			wg.Add(1)
+			go func(object s3Types.Object) {
+				defer wg.Done()
+				objectKey := *object.Key
+
+				fullPath := filepath.Join(tempDirPath, objectKey)
+				err = os.MkdirAll(filepath.Dir(fullPath), os.ModePerm)
+				if err != nil {
+					return
+				}
+
+				var objectFile *os.File
+				objectFile, err = os.Create(fullPath)
+				if err != nil {
+					return
+				}
+				defer objectFile.Close()
+
+				log.Info().Str("bucket", bucket).Str("key", objectKey).Msg("Downloading from S3")
+
+				downloader := manager.NewDownloader(client)
+				_, err = downloader.Download(context.TODO(), objectFile, &s3.GetObjectInput{
+					Bucket: aws.String(bucket),
+					Key:    aws.String(objectKey),
+				})
+				if err != nil {
+					return
+				}
+			}(object)
+		}
+		wg.Wait()
+
+		tarPath, err = tarDirectory(tempDirPath)
+		return
+	}
+
+	tarPath = file.Name()
+
+	return
+}
+
+func tarDirectory(dirPath string) (string, error) {
+	tarPath := fmt.Sprintf("%s.tar.gz", dirPath)
+
+	var file *os.File
+	file, err := os.Create(tarPath)
+	if err != nil {
+		return "", err
+	}
+	defer file.Close()
+
+	gzipWriter := gzip.NewWriter(file)
+	defer gzipWriter.Close()
+
+	tarWriter := tar.NewWriter(gzipWriter)
+	defer tarWriter.Close()
+
+	walker := func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if info.IsDir() {
+			return nil
+		}
+		file, err := os.Open(path)
+		if err != nil {
+			return err
+		}
+		defer file.Close()
+
+		stat, err := file.Stat()
+		if err != nil {
+			return err
+		}
+
+		header := &tar.Header{
+			Name:    path[len(dirPath)+1:],
+			Size:    stat.Size(),
+			Mode:    int64(stat.Mode()),
+			ModTime: stat.ModTime(),
+		}
+
+		err = tarWriter.WriteHeader(header)
+		if err != nil {
+			return err
+		}
+
+		_, err = io.Copy(tarWriter, file)
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}
+
+	err = filepath.Walk(dirPath, walker)
+	if err != nil {
+		return "", err
+	}
+
+	return tarPath, nil
+}
+
+func pcap(tarPath string) error {
+	if strings.HasPrefix(tarPath, "s3://") {
+		var err error
+		tarPath, err = downloadTarFromS3(tarPath)
+		if err != nil {
+			log.Error().Err(err).Msg("Failed downloading from S3")
+			return err
+		}
+	}
+
+	log.Info().Str("tar-path", tarPath).Msg("Openning")
+
 	docker.SetRegistry(config.Config.Tap.Docker.Registry)
 	docker.SetTag(config.Config.Tap.Docker.Tag)
 
@@ -279,7 +456,7 @@ func pcap(tarPath string) {
 	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
 	if err != nil {
 		log.Error().Err(err).Send()
-		return
+		return err
 	}
 	defer cli.Close()
 
@@ -290,13 +467,13 @@ func pcap(tarPath string) {
 	err = pullImages(ctx, cli, imageFront, imageHub, imageWorker)
 	if err != nil {
 		log.Error().Err(err).Send()
-		return
+		return err
 	}
 
 	tarFile, err := os.Open(tarPath)
 	if err != nil {
 		log.Error().Err(err).Send()
-		return
+		return err
 	}
 	defer tarFile.Close()
 	tarReader := bufio.NewReader(tarFile)
@@ -311,7 +488,7 @@ func pcap(tarPath string) {
 	)
 	if err != nil {
 		log.Error().Err(err).Send()
-		return
+		return err
 	}
 
 	workerPod := &v1.Pod{
@@ -329,7 +506,7 @@ func pcap(tarPath string) {
 		},
 	}
 
-	connector = connect.NewConnector(kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port), connect.DefaultRetries, connect.DefaultTimeout)
+	connector = connect.NewConnector(kubernetes.GetHubUrl(), connect.DefaultRetries, connect.DefaultTimeout)
 	connector.PostWorkerPodToHub(workerPod)
 
 	// License
@@ -338,7 +515,7 @@ func pcap(tarPath string) {
 	}
 
 	log.Info().
-		Str("url", kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)).
+		Str("url", kubernetes.GetHubUrl()).
 		Msg(fmt.Sprintf(utils.Green, "Hub is available at:"))
 
 	url := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Front.Port)
@@ -355,5 +532,8 @@ func pcap(tarPath string) {
 	err = stopAndRemoveContainers(ctx, cli, respFront, respHub, respWorker)
 	if err != nil {
 		log.Error().Err(err).Send()
+		return err
 	}
+
+	return nil
 }

cmd/tapRunner.go

@@ -3,6 +3,7 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"os"
 	"regexp"
 	"sync"
 	"time"
@@ -48,15 +49,23 @@ func tap() {
 	docker.SetTag(config.Config.Tap.Docker.Tag)
 	log.Info().Str("registry", docker.GetRegistry()).Str("tag", docker.GetTag()).Msg("Using Docker:")
 	if config.Config.Tap.Pcap != "" {
-		pcap(config.Config.Tap.Pcap)
+		err := pcap(config.Config.Tap.Pcap)
+		if err != nil {
+			os.Exit(1)
+		}
 		return
 	}
 
+	if !config.Config.Tap.PersistentStorage {
+		config.Config.Tap.StorageLimit = "200Mi"
+		log.Warn().Msg("Storage limit cannot be modified while persistentstorage is set to false!")
+	}
+
 	log.Info().
 		Str("limit", config.Config.Tap.StorageLimit).
 		Msg(fmt.Sprintf("%s will store the traffic up to a limit (per node). Oldest TCP/UDP streams will be removed once the limit is reached.", misc.Software))
 
-	connector = connect.NewConnector(kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port), connect.DefaultRetries, connect.DefaultTimeout)
+	connector = connect.NewConnector(kubernetes.GetHubUrl(), connect.DefaultRetries, connect.DefaultTimeout)
 
 	kubernetesProvider, err := getKubernetesProviderForCli(false, false)
 	if err != nil {
@@ -68,12 +77,10 @@ func tap() {
 
 	state.targetNamespaces = kubernetesProvider.GetNamespaces()
 
-	if config.Config.IsNsRestrictedMode() {
-		if len(state.targetNamespaces) != 1 || !utils.Contains(state.targetNamespaces, config.Config.Tap.SelfNamespace) {
-			log.Error().Msg(fmt.Sprintf("%s can't resolve IPs in other namespaces when running in namespace restricted mode. You can use the same namespace for --%s and --%s", misc.Software, configStructs.NamespacesLabel, configStructs.SelfNamespaceLabel))
-			return
-		}
-	}
+	log.Info().
+		Bool("enabled", config.Config.Tap.Telemetry.Enabled).
+		Str("notice", "Telemetry can be disabled by setting the flag: --telemetry-enabled=false").
+		Msg("Telemetry")
 
 	log.Info().Strs("namespaces", state.targetNamespaces).Msg("Targeting pods in:")
 
@@ -87,9 +94,14 @@ func tap() {
 
 	log.Info().Msg(fmt.Sprintf("Waiting for the creation of %s resources...", misc.Software))
 
-	rel, err := helm.NewHelmDefault().Install()
+	rel, err := helm.NewHelm(
+		config.Config.Tap.Release.Repo,
+		config.Config.Tap.Release.Name,
+		config.Config.Tap.Release.Namespace,
+	).Install()
 	if err != nil {
 		log.Error().Err(err).Send()
+		os.Exit(1)
 	} else {
 		log.Info().Msgf("Installed the Helm release: %s", rel.Name)
 	}
@@ -115,7 +127,7 @@ func printProxyCommandSuggestion() {
 }
 
 func finishTapExecution(kubernetesProvider *kubernetes.Provider) {
-	finishSelfExecution(kubernetesProvider, config.Config.IsNsRestrictedMode(), config.Config.Tap.SelfNamespace)
+	finishSelfExecution(kubernetesProvider)
 }
 
 /*
@@ -146,9 +158,9 @@ func printNoPodsFoundSuggestion(targetNamespaces []string) {
 }
 
 func watchHubPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) {
-	podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s$", kubernetes.HubPodName))
+	podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s", kubernetes.HubPodName))
 	podWatchHelper := kubernetes.NewPodWatchHelper(kubernetesProvider, podExactRegex)
-	eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.Tap.SelfNamespace}, podWatchHelper)
+	eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.Tap.Release.Namespace}, podWatchHelper)
 	isPodReady := false
 
 	timeAfter := time.After(120 * time.Second)
@@ -215,7 +227,7 @@ func watchHubPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, c
 
 			log.Error().
 				Str("pod", kubernetes.HubPodName).
-				Str("namespace", config.Config.Tap.SelfNamespace).
+				Str("namespace", config.Config.Tap.Release.Namespace).
 				Err(err).
 				Msg("Failed creating pod.")
 			cancel()
@@ -237,9 +249,9 @@ func watchHubPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, c
 }
 
 func watchFrontPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) {
-	podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s$", kubernetes.FrontPodName))
+	podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s", kubernetes.FrontPodName))
 	podWatchHelper := kubernetes.NewPodWatchHelper(kubernetesProvider, podExactRegex)
-	eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.Tap.SelfNamespace}, podWatchHelper)
+	eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.Tap.Release.Namespace}, podWatchHelper)
 	isPodReady := false
 
 	timeAfter := time.After(120 * time.Second)
@@ -304,7 +316,7 @@ func watchFrontPod(ctx context.Context, kubernetesProvider *kubernetes.Provider,
 
 			log.Error().
 				Str("pod", kubernetes.FrontPodName).
-				Str("namespace", config.Config.Tap.SelfNamespace).
+				Str("namespace", config.Config.Tap.Release.Namespace).
 				Err(err).
 				Msg("Failed creating pod.")
 
@@ -327,7 +339,7 @@ func watchFrontPod(ctx context.Context, kubernetesProvider *kubernetes.Provider,
 func watchHubEvents(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) {
 	podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s", kubernetes.HubPodName))
 	eventWatchHelper := kubernetes.NewEventWatchHelper(kubernetesProvider, podExactRegex, "pod")
-	eventChan, errorChan := kubernetes.FilteredWatch(ctx, eventWatchHelper, []string{config.Config.Tap.SelfNamespace}, eventWatchHelper)
+	eventChan, errorChan := kubernetes.FilteredWatch(ctx, eventWatchHelper, []string{config.Config.Tap.Release.Namespace}, eventWatchHelper)
 	for {
 		select {
 		case wEvent, ok := <-eventChan:
@@ -394,16 +406,6 @@ func watchHubEvents(ctx context.Context, kubernetesProvider *kubernetes.Provider
 }
 
 func postHubStarted(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc, update bool) {
-	startProxyReportErrorIfAny(
-		kubernetesProvider,
-		ctx,
-		kubernetes.HubServiceName,
-		kubernetes.HubPodName,
-		configStructs.ProxyHubPortLabel,
-		config.Config.Tap.Proxy.Hub.Port,
-		configStructs.ContainerPort,
-		"/echo",
-	)
 
 	if update {
 		// Pod regex
@@ -432,12 +434,6 @@ func postHubStarted(ctx context.Context, kubernetesProvider *kubernetes.Provider
 		connector.PostScriptDone()
 	}
 
-	if !update && !config.Config.Tap.Ingress.Enabled {
-		// Hub proxy URL
-		url := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)
-		log.Info().Str("url", url).Msg(fmt.Sprintf(utils.Green, "Hub is available at:"))
-	}
-
 	if config.Config.Scripting.Source != "" && config.Config.Scripting.WatchScripts {
 		watchScripts(false)
 	}

config/config.go

@@ -12,6 +12,7 @@ import (
 	"strings"
 
 	"github.com/creasty/defaults"
+	"github.com/goccy/go-yaml"
 	"github.com/kubeshark/kubeshark/misc"
 	"github.com/kubeshark/kubeshark/misc/version"
 	"github.com/kubeshark/kubeshark/utils"
@@ -19,7 +20,6 @@ import (
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-	"gopkg.in/yaml.v3"
 )
 
 const (
@@ -56,11 +56,13 @@ func InitConfig(cmd *cobra.Command) error {
 		"console",
 		"pro",
 		"manifests",
+		"license",
 	}, cmd.Use) {
 		go version.CheckNewerVersion()
 	}
 
 	Config = CreateDefaultConfig()
+	Config.Tap.Debug = DebugMode
 	cmdName = cmd.Name()
 	if utils.Contains([]string{
 		"clean",
@@ -79,6 +81,7 @@ func InitConfig(cmd *cobra.Command) error {
 	ConfigFilePath = path.Join(misc.GetDotFolderPath(), "config.yaml")
 	if err := loadConfigFile(&Config, utils.Contains([]string{
 		"manifests",
+		"license",
 	}, cmd.Use)); err != nil {
 		if !os.IsNotExist(err) {
 			return fmt.Errorf("invalid config, %w\n"+

config/configStruct.go

@@ -5,7 +5,6 @@ import (
 	"path/filepath"
 
 	"github.com/kubeshark/kubeshark/config/configStructs"
-	"github.com/kubeshark/kubeshark/misc"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/util/homedir"
 )
@@ -15,7 +14,21 @@ const (
 )
 
 func CreateDefaultConfig() ConfigStruct {
-	return ConfigStruct{}
+	return ConfigStruct{
+		Tap: configStructs.TapConfig{
+			NodeSelectorTerms: []v1.NodeSelectorTerm{
+				{
+					MatchExpressions: []v1.NodeSelectorRequirement{
+						{
+							Key:      "kubernetes.io/os",
+							Operator: v1.NodeSelectorOpIn,
+							Values:   []string{"linux"},
+						},
+					},
+				},
+			},
+		},
+	}
 }
 
 type KubeConfig struct {
@@ -52,10 +65,6 @@ func (config *ConfigStruct) ImagePullSecrets() []v1.LocalObjectReference {
 	return ref
 }
 
-func (config *ConfigStruct) IsNsRestrictedMode() bool {
-	return config.Tap.SelfNamespace != misc.Program // Notice "kubeshark" string must match the default SelfNamespace
-}
-
 func (config *ConfigStruct) KubeConfigPath() string {
 	if config.Kube.ConfigPathStr != "" {
 		return config.Kube.ConfigPathStr

config/configStructs/scriptingConfig.go

@@ -12,7 +12,7 @@ import (
 type ScriptingConfig struct {
 	Env          map[string]interface{} `yaml:"env" json:"env"`
 	Source       string                 `yaml:"source" json:"source" default:""`
-	WatchScripts bool                   `yaml:"watchScripts" json:"watchScripts" default:"true"`
+	WatchScripts bool                   `yaml:"watchscripts" json:"watchscripts" default:"true"`
 }
 
 func (config *ScriptingConfig) GetScripts() (scripts []*misc.Script, err error) {

config/configStructs/tapConfig.go

@@ -17,7 +17,7 @@ const (
 	ProxyHubPortLabel      = "proxy-hub-port"
 	ProxyHostLabel         = "proxy-host"
 	NamespacesLabel        = "namespaces"
-	SelfNamespaceLabel     = "selfnamespace"
+	ReleaseNamespaceLabel  = "release-namespace"
 	PersistentStorageLabel = "persistentstorage"
 	StorageLimitLabel      = "storagelimit"
 	StorageClassLabel      = "storageclass"
@@ -25,8 +25,9 @@ const (
 	PcapLabel              = "pcap"
 	ServiceMeshLabel       = "servicemesh"
 	TlsLabel               = "tls"
-	IgnoreTaintedLabel     = "ignoreTainted"
+	IgnoreTaintedLabel     = "ignoretainted"
 	IngressEnabledLabel    = "ingress-enabled"
+	TelemetryEnabledLabel  = "telemetry-enabled"
 	DebugLabel             = "debug"
 	ContainerPort          = 80
 	ContainerPortStr       = "80"
@@ -57,8 +58,7 @@ type HubConfig struct {
 }
 
 type FrontConfig struct {
-	Port    uint16 `yaml:"port" json:"port" default:"8899"`
-	SrvPort uint16 `yaml:"srvport" json:"srvport" default:"8899"`
+	Port uint16 `yaml:"port" json:"port" default:"8899"`
 }
 
 type ProxyConfig struct {
@@ -76,28 +76,40 @@ type DockerConfig struct {
 }
 
 type ResourcesConfig struct {
-	Worker ResourceRequirements `yaml:"worker"`
-	Hub    ResourceRequirements `yaml:"hub"`
+	Worker ResourceRequirements `yaml:"worker" json:"worker"`
+	Hub    ResourceRequirements `yaml:"hub" json:"hub"`
 }
 
 type AuthConfig struct {
-	ApprovedDomains []string `yaml:"approvedDomains" json:"approvedDomains"`
+	Enabled         bool     `yaml:"enabled" json:"enabled" default:"false"`
+	ApprovedEmails  []string `yaml:"approvedemails" json:"approvedemails"  default:"[]"`
+	ApprovedDomains []string `yaml:"approveddomains" json:"approveddomains"  default:"[]"`
 }
 
 type IngressConfig struct {
 	Enabled     bool                    `yaml:"enabled" json:"enabled" default:"false"`
+	ClassName   string                  `yaml:"classname" json:"classname" default:""`
 	Host        string                  `yaml:"host" json:"host" default:"ks.svc.cluster.local"`
-	TLS         []networking.IngressTLS `yaml:"tls" json:"tls"`
-	Auth        AuthConfig              `yaml:"auth" json:"auth"`
-	CertManager string                  `yaml:"certManager" json:"certManager" default:"letsencrypt-prod"`
+	TLS         []networking.IngressTLS `yaml:"tls" json:"tls" default:"[]"`
+	Annotations map[string]string       `yaml:"annotations" json:"annotations" default:"{}"`
+}
+
+type ReleaseConfig struct {
+	Repo      string `yaml:"repo" json:"repo" default:"https://helm.kubeshark.co"`
+	Name      string `yaml:"name" json:"name" default:"kubeshark"`
+	Namespace string `yaml:"namespace" json:"namespace" default:"default"`
+}
+
+type TelemetryConfig struct {
+	Enabled bool `yaml:"enabled" json:"enabled" default:"true"`
 }
 
 type TapConfig struct {
 	Docker            DockerConfig          `yaml:"docker" json:"docker"`
 	Proxy             ProxyConfig           `yaml:"proxy" json:"proxy"`
 	PodRegexStr       string                `yaml:"regex" json:"regex" default:".*"`
-	Namespaces        []string              `yaml:"namespaces" json:"namespaces"`
-	SelfNamespace     string                `yaml:"selfnamespace" json:"selfnamespace" default:"kubeshark"`
+	Namespaces        []string              `yaml:"namespaces" json:"namespaces" default:"[]"`
+	Release           ReleaseConfig         `yaml:"release" json:"release"`
 	PersistentStorage bool                  `yaml:"persistentstorage" json:"persistentstorage" default:"false"`
 	StorageLimit      string                `yaml:"storagelimit" json:"storagelimit" default:"200Mi"`
 	StorageClass      string                `yaml:"storageclass" json:"storageclass" default:"standard"`
@@ -107,11 +119,15 @@ type TapConfig struct {
 	ServiceMesh       bool                  `yaml:"servicemesh" json:"servicemesh" default:"true"`
 	Tls               bool                  `yaml:"tls" json:"tls" default:"true"`
 	PacketCapture     string                `yaml:"packetcapture" json:"packetcapture" default:"libpcap"`
-	IgnoreTainted     bool                  `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"`
-	ResourceLabels    map[string]string     `yaml:"resourceLabels" json:"resourceLabels" default:"{}"`
-	NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"`
+	IgnoreTainted     bool                  `yaml:"ignoretainted" json:"ignoretainted" default:"false"`
+	Labels            map[string]string     `yaml:"labels" json:"labels" default:"{}"`
+	Annotations       map[string]string     `yaml:"annotations" json:"annotations" default:"{}"`
+	NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeselectorterms" json:"nodeselectorterms" default:"[]"`
+	Auth              AuthConfig            `yaml:"auth" json:"auth"`
 	Ingress           IngressConfig         `yaml:"ingress" json:"ingress"`
+	IPv6              bool                  `yaml:"ipv6" json:"ipv6" default:"true"`
 	Debug             bool                  `yaml:"debug" json:"debug" default:"false"`
+	Telemetry         TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
 }
 
 func (config *TapConfig) PodRegex() *regexp.Regexp {

errormessage/errormessage.go

@@ -22,9 +22,9 @@ func FormatError(err error) error {
 			"in the config file or setting the targeted namespace with --%s %s=<NAMEPSACE>",
 			err,
 			misc.Software,
-			configStructs.SelfNamespaceLabel,
+			configStructs.ReleaseNamespaceLabel,
 			config.SetCommandName,
-			configStructs.SelfNamespaceLabel)
+			configStructs.ReleaseNamespaceLabel)
 	} else if syntaxError, isSyntaxError := asRegexSyntaxError(err); isSyntaxError {
 		errorNew = fmt.Errorf("regex %s is invalid: %w", syntaxError.Expr, err)
 	} else {

go.mod

@@ -3,11 +3,16 @@ module github.com/kubeshark/kubeshark
 go 1.19
 
 require (
+	github.com/aws/aws-sdk-go-v2 v1.18.1
+	github.com/aws/aws-sdk-go-v2/config v1.18.27
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0
 	github.com/creasty/defaults v1.5.2
 	github.com/docker/docker v20.10.24+incompatible
 	github.com/docker/go-connections v0.4.0
 	github.com/fsnotify/fsnotify v1.6.0
-	github.com/gin-gonic/gin v1.7.7
+	github.com/gin-gonic/gin v1.9.1
+	github.com/goccy/go-yaml v1.11.2
 	github.com/google/go-github/v37 v37.0.0
 	github.com/gorilla/websocket v1.4.2
 	github.com/pkg/errors v0.9.1
@@ -15,7 +20,6 @@ require (
 	github.com/rs/zerolog v1.28.0
 	github.com/spf13/cobra v1.6.1
 	github.com/spf13/pflag v1.0.5
-	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.12.0
 	k8s.io/api v0.27.1
 	k8s.io/apimachinery v0.27.1
@@ -34,14 +38,31 @@ require (
 	github.com/Masterminds/squirrel v1.5.3 // indirect
 	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.26 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 // indirect
+	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bytedance/sonic v1.9.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
+	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
 	github.com/containerd/containerd v1.7.0 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.3 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/cli v20.10.21+incompatible // indirect
-	github.com/docker/distribution v2.8.1+incompatible // indirect
+	github.com/docker/distribution v2.8.2+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
@@ -49,6 +70,7 @@ require (
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
 	github.com/fatih/color v1.13.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-gorp/gorp/v3 v3.0.5 // indirect
@@ -57,10 +79,11 @@ require (
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.1 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
-	github.com/go-playground/locales v0.13.0 // indirect
-	github.com/go-playground/universal-translator v0.17.0 // indirect
-	github.com/go-playground/validator/v10 v10.4.1 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.14.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/btree v1.0.1 // indirect
@@ -78,18 +101,20 @@ require (
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/klauspost/compress v1.16.0 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.4 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
 	github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect
-	github.com/leodido/go-urn v1.2.0 // indirect
+	github.com/leodido/go-urn v1.2.4 // indirect
 	github.com/lib/pq v1.10.7 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
@@ -106,6 +131,7 @@ require (
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect
+	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
 	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
 	github.com/prometheus/client_golang v1.14.0 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
@@ -116,7 +142,8 @@ require (
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
-	github.com/ugorji/go/codec v1.1.7 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.11 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
@@ -124,23 +151,26 @@ require (
 	go.opentelemetry.io/otel v1.14.0 // indirect
 	go.opentelemetry.io/otel/trace v1.14.0 // indirect
 	go.starlark.net v0.0.0-20220203230714-bb14e151c28f // indirect
-	golang.org/x/crypto v0.5.0 // indirect
+	golang.org/x/arch v0.3.0 // indirect
+	golang.org/x/crypto v0.9.0 // indirect
 	golang.org/x/mod v0.9.0 // indirect
-	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/net v0.10.0 // indirect
 	golang.org/x/oauth2 v0.4.0 // indirect
 	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/sys v0.6.0 // indirect
-	golang.org/x/term v0.6.0 // indirect
+	golang.org/x/sys v0.8.0 // indirect
+	golang.org/x/term v0.8.0 // indirect
 	golang.org/x/text v0.9.0 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
 	golang.org/x/tools v0.7.0 // indirect
+	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect
 	google.golang.org/grpc v1.53.0 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.27.1 // indirect
 	k8s.io/apiserver v0.27.1 // indirect
 	k8s.io/cli-runtime v0.27.1 // indirect

go.sum

@@ -78,6 +78,44 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
+github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
+github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 h1:dK82zF6kkPeCo8J1e+tGx4JdvDIQzj7ygIoLg8WMuGs=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10/go.mod h1:VeTZetY5KRJLuD/7fkQXMU6Mw7H5m/KP2J5Iy9osMno=
+github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA=
+github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70 h1:4bh28MeeXoBFTjb0JjQ5sVatzlf5xA1DziV8mZed9v4=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70/go.mod h1:9yI5NXzqy2yOiMytv6QLZHvlyHLwYxO9iIq+bZIbrFg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 h1:wscW+pnn3J1OYnanMnza5ZVYXLX4cKk5rAvUAl4Qu+c=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26/go.mod h1:MtYiox5gvyB+OyP0Mr0Sm/yzbEAIPL9eijj/ouHAPw0=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 h1:y2+VQzC6Zh2ojtV2LoC0MNwHWc6qXv/j2vrQtlftkdA=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11/go.mod h1:iV4q2hsqtNECrfmlXyord9u4zyuFEJX9eLgLpSPzWA8=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 h1:zZSLP3v3riMOP14H7b4XP0uyfREDQOYv2cqIrvTXDNQ=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29/go.mod h1:z7EjRjVwZ6pWcWdI2H64dKttvzaP99jRIj5hphW0M5U=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 h1:dBL3StFxHtpBzJJ/mNEsjXVgfO+7jR0dAIEwLqMapEA=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3/go.mod h1:f1QyiAsvIv4B49DmCqrhlXqyaR+0IxMmyX+1P+AnzOM=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0 h1:ya7fmrN2fE7s1P2gaPbNg5MTkERVWfsH8ToP1YC4Z9o=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0/go.mod h1:aVbf0sko/TsLWHx30c/uVu7c62+0EAJ3vbxaJga0xCw=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg=
+github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
+github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -88,6 +126,9 @@ github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuP
 github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=
 github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=
 github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=
+github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
+github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s=
+github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@@ -96,6 +137,9 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
 github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
+github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
+github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams=
+github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
@@ -132,8 +176,8 @@ github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8
 github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=
 github.com/docker/cli v20.10.21+incompatible h1:qVkgyYUnOLQ98LtXBrwd/duVqPT2X4SHndOuGsfwyhU=
 github.com/docker/cli v20.10.21+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
-github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
+github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
+github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v20.10.24+incompatible h1:Ugvxm7a8+Gz6vqQYQQ2W7GYq5EUPaAiuPgIfVyI3dYE=
 github.com/docker/docker v20.10.24+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
@@ -172,11 +216,13 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
+github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.7.7 h1:3DoBmSbJbZAWqXJC3SLjAPfutPJJRN1U5pALB7EeTTs=
-github.com/gin-gonic/gin v1.7.7/go.mod h1:axIBovoeJpVj8S3BwE0uPMTeReE4+AfFtqpqaZ1qq1U=
+github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
+github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
 github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@@ -204,14 +250,13 @@ github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTr
 github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
 github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
-github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
-github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no=
-github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
-github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7aM3F26W0hOn+GE=
-github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.14.0 h1:vgvQWe3XCz3gIeFDm/HnTIbj6UGmg/+t63MyGU2n5js=
+github.com/go-playground/validator/v10 v10.14.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
@@ -224,6 +269,10 @@ github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XE
 github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-yaml v1.11.2 h1:joq77SxuyIs9zzxEjgyLBugMQ9NEgTWxXfz2wVqwAaQ=
+github.com/goccy/go-yaml v1.11.2/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHvE4m7WU=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/godror/godror v0.24.2/go.mod h1:wZv/9vPiUib6tkoDl+AZ/QLf5YZgMravZ7jxH2eQWAE=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -284,6 +333,7 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-github/v37 v37.0.0 h1:rCspN8/6kB1BAJWZfuafvHhyfIo5fkAulaP/3bOQ/tM=
@@ -371,6 +421,10 @@ github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
@@ -379,7 +433,6 @@ github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFF
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
@@ -396,6 +449,9 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4=
 github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk=
+github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kortschak/utter v1.0.1/go.mod h1:vSmSjbyrlKjjsL71193LmzBOKgwePk9DH6uFaWHIInc=
@@ -415,8 +471,8 @@ github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 h1:SOEGU9fKiNWd/HOJuq
 github.com/lann/builder v0.0.0-20180802200727-47ae307949d0/go.mod h1:dXGbAdH5GtBTC4WfIxhKZfyBF/HBFgRZSWwZ9g/He9o=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
-github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
-github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
+github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
+github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
 github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
@@ -444,8 +500,9 @@ github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOA
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
 github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-oci8 v0.1.1/go.mod h1:wjDx6Xm9q7dFtHJvIlrI99JytznLw5wQ4R+9mNXJwGI=
 github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
@@ -512,6 +569,8 @@ github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
+github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ=
+github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4=
 github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
@@ -628,13 +687,16 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY=
+github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
-github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
-github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs=
-github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
+github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU=
+github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -680,6 +742,9 @@ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k=
+golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -693,8 +758,9 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=
 golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU=
+golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
+golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -780,8 +846,8 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
-golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -875,6 +941,7 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -882,14 +949,15 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
-golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -969,6 +1037,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk=
+golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -1078,8 +1148,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
+google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1144,6 +1214,7 @@ k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt
 oras.land/oras-go v1.2.2 h1:0E9tOHUfrNH7TCDk5KU0jVBEzCqbfdyuVfGmJ7ZeRPE=
 oras.land/oras-go v1.2.2/go.mod h1:Apa81sKoZPpP7CDciE006tSZ0x3Q3+dOoBcMZ/aNxvw=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=

helm-chart/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: "41.0"
+appVersion: "50.4"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.co
 keywords:
@@ -22,4 +22,5 @@ name: kubeshark
 sources:
   - https://github.com/kubeshark/kubeshark/tree/master/helm-chart
 type: application
-version: "41.0"
+version: "50.4"
+icon: https://raw.githubusercontent.com/kubeshark/assets/master/logo/vector/logo.svg

helm-chart/README.md

@@ -58,9 +58,10 @@ Visit [localhost:8899](http://localhost:8899)
 helm install kubeshark kubeshark/kubeshark \
   --set tap.ingress.enabled=true \
   --set tap.ingress.host=ks.svc.cluster.local \
-  --set "tap.ingress.auth.approvedDomains={gmail.com}" \
+  --set "tap.ingress.approveddomains={gmail.com}" \
   --set license=LICENSE_GOES_HERE
 ```
+
 You can get your license [here](https://console.kubeshark.co/).
 
 ## Installing with Persistent Storage Enabled
@@ -70,4 +71,14 @@ helm install kubeshark kubeshark/kubeshark \
   --set tap.persistentstorage=true \
   --set license=LICENSE_GOES_HERE
 ```
+
 You can get your license [here](https://console.kubeshark.co/).
+
+## Disabling IPV6
+
+Not all have IPV6 enabled, hence this has to be disabled as follows:
+
+```shell
+helm install kubeshark kubeshark/kubeshark \
+  --set tap.ipv6=false
+```

helm-chart/templates/00-namespace.yaml

@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: '{{ .Values.tap.selfnamespace }}'
-spec: {}
-status: {}

helm-chart/templates/01-service-account.yaml

@@ -2,10 +2,11 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  creationTimestamp: null
   labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-service-account
-  namespace: '{{ .Values.tap.selfnamespace }}'
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
+  name: {{ include "kubeshark.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}

helm-chart/templates/02-cluster-role.yaml

@@ -2,26 +2,50 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  creationTimestamp: null
   labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-cluster-role
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 rules:
   - apiGroups:
       - ""
       - extensions
       - apps
-      - networking.k8s.io
     resources:
       - pods
       - services
       - endpoints
       - persistentvolumeclaims
-      - ingresses
     verbs:
       - list
       - get
       - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
+  name: kubeshark-self-secrets-role
+  namespace: {{ .Release.Namespace }}
+rules:
+  - apiGroups:
+      - "v1"
+      - ""
+    resourceNames:
+      - kubeshark-secret
+    resources:
+      - secrets
+    verbs:
+      - get
+      - watch
+      - update
+      - patch

helm-chart/templates/03-cluster-role-binding.yaml

@@ -2,18 +2,39 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  creationTimestamp: null
   labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-cluster-role-binding
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: kubeshark-cluster-role
 subjects:
   - kind: ServiceAccount
-    name: kubeshark-service-account
-    namespace: '{{ .Values.tap.selfnamespace }}'
+    name: {{ include "kubeshark.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubeshark-self-secrets-role-binding
+  labels:
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
+  namespace: {{ .Release.Namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "kubeshark.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: kubeshark-self-secrets-role
+  apiGroup: rbac.authorization.k8s.io

helm-chart/templates/04-hub-deployment.yaml

@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "kubeshark.fullname" . }}-hub
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubeshark.co/app: hub
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
+spec:
+  replicas: 1  # Set the desired number of replicas
+  selector:
+    matchLabels:
+      app.kubeshark.co/app: hub
+  template:
+    metadata:
+      labels:
+        app.kubeshark.co/app: hub
+        sidecar.istio.io/inject: "false"
+    spec:
+      dnsPolicy: ClusterFirstWithHostNet
+      serviceAccountName: {{ include "kubeshark.serviceAccountName" . }}
+      containers:
+        - name: kubeshark-hub
+          command:
+            - ./hub
+            {{ .Values.tap.debug | ternary "- -debug" "" }}
+          envFrom:
+            - configMapRef:
+                name: kubeshark-config-map
+            - secretRef:
+                name: kubeshark-secret
+          image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}'
+          imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
+          readinessProbe:
+            periodSeconds: 1
+            failureThreshold: 3
+            successThreshold: 1
+            initialDelaySeconds: 3
+            tcpSocket:
+              port: 80
+          livenessProbe:
+            periodSeconds: 1
+            failureThreshold: 3
+            successThreshold: 1
+            initialDelaySeconds: 3
+            tcpSocket:
+              port: 80
+          resources:
+            limits:
+              cpu: {{ .Values.tap.resources.hub.limits.cpu }}
+              memory: {{ .Values.tap.resources.hub.limits.memory }}
+            requests:
+              cpu: {{ .Values.tap.resources.hub.requests.cpu }}
+              memory: {{ .Values.tap.resources.hub.requests.memory }}

helm-chart/templates/04-hub-pod.yaml

@@ -1,50 +0,0 @@
----
-apiVersion: v1
-kind: Pod
-metadata:
-  creationTimestamp: null
-  labels:
-    app: kubeshark-hub
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-hub
-  namespace: '{{ .Values.tap.selfnamespace }}'
-spec:
-  containers:
-    - command:
-        - '{{ .Values.tap.debug | ternary "./hub -debug" "./hub" }}'
-      env:
-        - name: POD_REGEX
-          value: '{{ .Values.tap.regex }}'
-        - name: NAMESPACES
-          value: '{{ gt (len .Values.tap.namespaces) 0 | ternary (join "," .Values.tap.namespaces) "" }}'
-        - name: LICENSE
-          value: '{{ .Values.license }}'
-        - name: SCRIPTING_ENV
-          value: '{{ .Values.scripting.env | toJson }}'
-        - name: SCRIPTING_SCRIPTS
-          value: '[]'
-        - name: AUTH_APPROVED_DOMAINS
-          value: '{{ gt (len .Values.tap.ingress.auth.approvedDomains) 0 | ternary (join "," .Values.tap.ingress.auth.approvedDomains) "" }}'
-      image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}'
-      imagePullPolicy: '{{ .Values.tap.docker.imagepullpolicy }}'
-      name: kubeshark-hub
-      ports:
-        - containerPort: 80
-          hostPort: {{ .Values.tap.proxy.hub.srvport }}
-      resources:
-        limits:
-          cpu: '{{ .Values.tap.resources.hub.limits.cpu }}'
-          memory: '{{ .Values.tap.resources.hub.limits.memory }}'
-        requests:
-          cpu: '{{ .Values.tap.resources.hub.requests.cpu }}'
-          memory: '{{ .Values.tap.resources.hub.requests.memory }}'
-  dnsPolicy: ClusterFirstWithHostNet
-  serviceAccountName: kubeshark-service-account
-  terminationGracePeriodSeconds: 0
-  tolerations:
-    - effect: NoExecute
-      operator: Exists
-    - effect: NoSchedule
-      operator: Exists
-status: {}

helm-chart/templates/05-hub-service.yaml

@@ -2,19 +2,20 @@
 apiVersion: v1
 kind: Service
 metadata:
-  creationTimestamp: null
   labels:
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+    app.kubeshark.co/app: hub
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-hub
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 spec:
   ports:
     - name: kubeshark-hub
       port: 80
       targetPort: 80
   selector:
-    app: kubeshark-hub
-  type: NodePort
-status:
-  loadBalancer: {}
+    app.kubeshark.co/app: hub
+  type: ClusterIP

helm-chart/templates/06-front-deployment.yaml

@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "kubeshark.fullname" . }}-front
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubeshark.co/app: front
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
+spec:
+  replicas: 1  # Set the desired number of replicas
+  selector:
+    matchLabels:
+      app.kubeshark.co/app: front
+  template:
+    metadata:
+      labels:
+        app.kubeshark.co/app: front
+    spec:
+      containers:
+        - env:
+            - name: REACT_APP_DEFAULT_FILTER
+              value: ' '
+            - name: REACT_APP_HUB_HOST
+              value: ' '
+            - name: REACT_APP_HUB_PORT
+              value: '{{ .Values.tap.ingress.enabled | ternary "/api" (print ":" .Values.tap.proxy.front.port "/api") }}'
+          image: '{{ .Values.tap.docker.registry }}/front:{{ .Values.tap.docker.tag }}'
+          imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
+          name: kubeshark-front
+          livenessProbe:
+            periodSeconds: 1
+            failureThreshold: 3
+            successThreshold: 1
+            initialDelaySeconds: 3
+            tcpSocket:
+              port: 80
+          readinessProbe:
+            periodSeconds: 1
+            failureThreshold: 3
+            successThreshold: 1
+            initialDelaySeconds: 3
+            tcpSocket:
+              port: 80
+            timeoutSeconds: 1
+          resources:
+            limits:
+              cpu: 750m
+              memory: 1Gi
+            requests:
+              cpu: 50m
+              memory: 50Mi
+          volumeMounts:
+            - name: nginx-config
+              mountPath: /etc/nginx/conf.d/default.conf
+              subPath: default.conf
+              readOnly: true
+      volumes:
+        - name: nginx-config
+          configMap:
+            name: kubeshark-nginx-config-map
+      dnsPolicy: ClusterFirstWithHostNet
+      serviceAccountName: {{ include "kubeshark.serviceAccountName" . }}

helm-chart/templates/06-front-pod.yaml

@@ -1,49 +0,0 @@
----
-apiVersion: v1
-kind: Pod
-metadata:
-  creationTimestamp: null
-  labels:
-    app: kubeshark-front
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-front
-  namespace: '{{ .Values.tap.selfnamespace }}'
-spec:
-  containers:
-    - env:
-        - name: REACT_APP_DEFAULT_FILTER
-          value: ' '
-        - name: REACT_APP_HUB_HOST
-          value: ' '
-        - name: REACT_APP_HUB_PORT
-          value: '{{ .Values.tap.ingress.enabled | ternary "80/api" "8898" }}'
-      image: '{{ .Values.tap.docker.registry }}/front:{{ .Values.tap.docker.tag }}'
-      imagePullPolicy: '{{ .Values.tap.docker.imagepullpolicy }}'
-      name: kubeshark-front
-      ports:
-        - containerPort: 80
-          hostPort: {{ .Values.tap.proxy.front.srvport }}
-      readinessProbe:
-        failureThreshold: 3
-        periodSeconds: 1
-        successThreshold: 1
-        tcpSocket:
-          port: 80
-        timeoutSeconds: 1
-      resources:
-        limits:
-          cpu: 750m
-          memory: 1Gi
-        requests:
-          cpu: 50m
-          memory: 50Mi
-  dnsPolicy: ClusterFirstWithHostNet
-  serviceAccountName: kubeshark-service-account
-  terminationGracePeriodSeconds: 0
-  tolerations:
-    - effect: NoExecute
-      operator: Exists
-    - effect: NoSchedule
-      operator: Exists
-status: {}

helm-chart/templates/07-front-service.yaml

@@ -2,19 +2,19 @@
 apiVersion: v1
 kind: Service
 metadata:
-  creationTimestamp: null
   labels:
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-front
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 spec:
   ports:
     - name: kubeshark-front
       port: 80
       targetPort: 80
   selector:
-    app: kubeshark-front
-  type: NodePort
-status:
-  loadBalancer: {}
+    app.kubeshark.co/app: front
+  type: ClusterIP

helm-chart/templates/08-persistent-volume-claim.yaml

@@ -3,19 +3,20 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  creationTimestamp: null
   labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-persistent-volume-claim
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 spec:
   accessModes:
     - ReadWriteMany
   resources:
     requests:
-      storage: '{{ .Values.tap.storagelimit }}'
-  storageClassName: '{{ .Values.tap.storageclass }}'
+      storage: {{ .Values.tap.storagelimit }}
+  storageClassName: {{ .Values.tap.storageclass }}
 status: {}
 {{- end }}

helm-chart/templates/09-worker-daemon-set.yaml

@@ -2,55 +2,63 @@
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
-  creationTimestamp: null
   labels:
-    app: kubeshark-worker-daemon-set
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+    app.kubeshark.co/app: worker
+    sidecar.istio.io/inject: "false"
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-worker-daemon-set
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 spec:
   selector:
     matchLabels:
-      app: kubeshark-worker-daemon-set
-      kubeshark-created-by: kubeshark
-      kubeshark-managed-by: kubeshark
+      app.kubeshark.co/app: worker
+      {{- include "kubeshark.labels" . | nindent 6 }}
   template:
     metadata:
-      creationTimestamp: null
       labels:
-        app: kubeshark-worker-daemon-set
-        kubeshark-created-by: kubeshark
-        kubeshark-managed-by: kubeshark
+        app.kubeshark.co/app: worker
+        {{- include "kubeshark.labels" . | nindent 8 }}
       name: kubeshark-worker-daemon-set
       namespace: kubeshark
     spec:
       containers:
         - command:
-            - '{{ .Values.tap.debug | ternary "./worker -debug" "./worker" }}'
+            - ./worker
             - -i
             - any
             - -port
             - '{{ .Values.tap.proxy.worker.srvport }}'
-            - -packet-capture
-            - '{{ .Values.tap.packetcapture }}'
             - -servicemesh
-            - -tls
+            {{ .Values.tap.tls | ternary "- -tls" "" }}
             - -procfs
             - /hostproc
+            {{ .Values.tap.debug | ternary "- -debug" "" }}
           image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.tag }}'
-          imagePullPolicy: '{{ .Values.tap.docker.imagepullpolicy }}'
+          imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
           name: kubeshark-worker-daemon-set
-          ports:
-            - containerPort: {{ .Values.tap.proxy.worker.srvport }}
-              hostPort: {{ .Values.tap.proxy.worker.srvport }}
+          envFrom:
+            - secretRef:
+                name: kubeshark-secret
+        {{- if .Values.tap.debug }}
+          env:
+          - name: PROFILING_ENABLED
+            value: "true"
+          - name: PROFILING_DUMP_PATH
+            value: "pprof"
+          - name: PROFILING_INTERVAL_SECONDS
+            value: "60"
+        {{- end }}
           resources:
             limits:
-              cpu: '{{ .Values.tap.resources.worker.limits.cpu }}'
-              memory: '{{ .Values.tap.resources.worker.limits.memory }}'
+              cpu: {{ .Values.tap.resources.worker.limits.cpu }}
+              memory: {{ .Values.tap.resources.worker.limits.memory }}
             requests:
-              cpu: '{{ .Values.tap.resources.worker.requests.cpu }}'
-              memory: '{{ .Values.tap.resources.worker.requests.memory }}'
+              cpu: {{ .Values.tap.resources.worker.requests.cpu }}
+              memory: {{ .Values.tap.resources.worker.requests.memory }}
           securityContext:
             capabilities:
               add:
@@ -60,8 +68,23 @@ spec:
                 - SYS_PTRACE
                 - DAC_OVERRIDE
                 - SYS_RESOURCE
+                - SYS_MODULE
               drop:
                 - ALL
+          readinessProbe:
+            periodSeconds: 1
+            failureThreshold: 3
+            successThreshold: 1
+            initialDelaySeconds: 5
+            tcpSocket:
+              port: {{ .Values.tap.proxy.worker.srvport }}
+          livenessProbe:
+            periodSeconds: 1
+            failureThreshold: 3
+            successThreshold: 1
+            initialDelaySeconds: 5
+            tcpSocket:
+              port: {{ .Values.tap.proxy.worker.srvport }}
           volumeMounts:
             - mountPath: /hostproc
               name: proc
@@ -75,13 +98,22 @@ spec:
 {{- end }}
       dnsPolicy: ClusterFirstWithHostNet
       hostNetwork: true
-      serviceAccountName: kubeshark-service-account
+      serviceAccountName: {{ include "kubeshark.serviceAccountName" . }}
       terminationGracePeriodSeconds: 0
       tolerations:
         - effect: NoExecute
           operator: Exists
+{{- if not .Values.tap.ignoretainted }}
         - effect: NoSchedule
           operator: Exists
+{{- end }}
+{{- if gt (len .Values.tap.nodeselectorterms) 0}}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              {{- toYaml .Values.tap.nodeselectorterms | nindent 12 }}
+{{- end }}
       volumes:
         - hostPath:
             path: /proc

helm-chart/templates/10-ingress-class.yaml

@@ -1,15 +0,0 @@
----
-{{- if .Values.tap.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: IngressClass
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-ingress-class
-  namespace: '{{ .Values.tap.selfnamespace }}'
-spec:
-  controller: k8s.io/ingress-nginx
-{{- end }}

helm-chart/templates/10-ingress.yaml

@@ -0,0 +1,39 @@
+---
+{{- if .Values.tap.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.org/websocket-services: "kubeshark-front"
+{{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+{{- end }}
+  {{- if .Values.tap.ingress.annotations }}
+    {{- toYaml .Values.tap.ingress.annotations | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  name: kubeshark-ingress
+  namespace: {{ .Release.Namespace }}
+spec:
+  {{- if .Values.tap.ingress.classname }}
+  ingressClassName: {{ .Values.tap.ingress.classname }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.tap.ingress.host }}
+      http:
+        paths:
+          - backend:
+              service:
+                name: kubeshark-front
+                port:
+                  number: 80
+            path: /
+            pathType: Prefix
+  {{- if .Values.tap.ingress.tls }}
+  tls:
+    {{- toYaml .Values.tap.ingress.tls | nindent 2 }}
+  {{- end }}
+status:
+  loadBalancer: {}
+{{- end }}

helm-chart/templates/11-ingress.yaml

@@ -1,39 +0,0 @@
----
-{{- if .Values.tap.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    certmanager.k8s.io/cluster-issuer: '{{ .Values.tap.ingress.certManager }}'
-    nginx.ingress.kubernetes.io/rewrite-target: /$2
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-ingress
-  namespace: '{{ .Values.tap.selfnamespace }}'
-spec:
-  ingressClassName: kubeshark-ingress-class
-  rules:
-    - host: '{{ .Values.tap.ingress.host }}'
-      http:
-        paths:
-          - backend:
-              service:
-                name: kubeshark-hub
-                port:
-                  number: 80
-            path: /api(/|$)(.*)
-            pathType: Prefix
-          - backend:
-              service:
-                name: kubeshark-front
-                port:
-                  number: 80
-            path: /()(.*)
-            pathType: Prefix
-  tls: {{ .Values.tap.ingress.tls | toYaml }}
-status:
-  loadBalancer: {}
-{{- end }}

helm-chart/templates/11-nginx-config-map.yaml

@@ -0,0 +1,46 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kubeshark-nginx-config-map
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kubeshark.labels" . | nindent 4 }}
+data:
+  default.conf: |
+    server {
+      listen 80;
+{{- if .Values.tap.ipv6 }}
+      listen [::]:80;
+{{- end }}
+      access_log /dev/stdout;
+      error_log /dev/stdout;
+
+      location /api {
+        rewrite ^/api(.*)$ $1 break;
+        proxy_pass http://kubeshark-hub;
+        proxy_set_header   X-Forwarded-For $remote_addr;
+        proxy_set_header   Host $http_host;
+        proxy_set_header Upgrade websocket;
+        proxy_set_header Connection Upgrade;
+        proxy_set_header  Authorization $http_authorization;
+        proxy_pass_header Authorization;
+        proxy_connect_timeout 4s;
+        proxy_read_timeout 120s;
+        proxy_send_timeout 12s;
+        proxy_pass_request_headers      on;
+      }
+
+      location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+        try_files $uri $uri/ /index.html;
+        expires -1;
+        add_header Cache-Control no-cache;
+      }
+      error_page   500 502 503 504  /50x.html;
+      location = /50x.html {
+        root   /usr/share/nginx/html;
+      }
+    }
+

helm-chart/templates/12-config-map.yaml

@@ -0,0 +1,17 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: kubeshark-config-map
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubeshark.co/app: hub
+    {{- include "kubeshark.labels" . | nindent 4 }}
+data:
+    POD_REGEX: '{{ .Values.tap.regex }}'
+    NAMESPACES: '{{ gt (len .Values.tap.namespaces) 0 | ternary (join "," .Values.tap.namespaces) "" }}'
+    SCRIPTING_ENV: '{{ .Values.scripting.env | toJson }}'
+    SCRIPTING_SCRIPTS: '[]'
+    AUTH_ENABLED: '{{ .Values.tap.auth.enabled | ternary "true" "" }}'
+    AUTH_APPROVED_EMAILS: '{{ gt (len .Values.tap.auth.approvedemails) 0 | ternary (join "," .Values.tap.auth.approvedemails) "" }}'
+    AUTH_APPROVED_DOMAINS: '{{ gt (len .Values.tap.auth.approveddomains) 0 | ternary (join "," .Values.tap.auth.approveddomains) "" }}'
+    TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}'

helm-chart/templates/13-secret.yaml

@@ -0,0 +1,10 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: kubeshark-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubeshark.co/app: hub
+    {{- include "kubeshark.labels" . | nindent 4 }}
+stringData:
+    LICENSE: '{{ .Values.license }}'

helm-chart/templates/NOTES.txt

@@ -0,0 +1,25 @@
+Thank you for installing {{ title .Chart.Name }}.
+
+Your deployment has been successful. The release is named {{ .Release.Name }} and it has been deployed in the {{ .Release.Namespace }} namespace.
+
+{{- if .Values.tap.telemetry.enabled }}
+Notice: Telemetry is enabled. Kubeshark will collect anonymous usage statistics.
+{{ end }}
+
+{{- if .Values.tap.ingress.enabled }}
+
+You can now access the application through the following URL:
+http{{ if .Values.tap.ingress.tls }}s{{ end }}://{{ .Values.tap.ingress.host }}
+
+{{- else }}
+To access the application, follow these steps:
+
+1. Perform port forwarding with the following commands:
+
+    kubectl port-forward -n {{ .Release.Namespace }} service/kubeshark-hub 8898:80 & \
+    kubectl port-forward -n {{ .Release.Namespace }} service/kubeshark-front 8899:80
+
+2. Once port forwarding is done, you can access the application by visiting the following URL in your web browser:
+    http://0.0.0.0:8899
+
+{{ end }}

helm-chart/templates/_helpers.tpl

@@ -0,0 +1,68 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubeshark.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kubeshark.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubeshark.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubeshark.labels" -}}
+helm.sh/chart: {{ include "kubeshark.chart" . }}
+{{ include "kubeshark.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.additionalLabels }}
+{{ toYaml . }}
+{{- end }}
+{{- if .Values.tap.labels }}
+{{ toYaml .Values.tap.labels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kubeshark.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubeshark.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kubeshark.serviceAccountName" -}}
+{{- if and .Values.serviceAccount .Values.serviceAccount.create }}
+{{- default (include "kubeshark.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- printf "%s-service-account" .Release.Name }}
+{{- end }}
+{{- end }}

helm-chart/values.yaml

@@ -12,11 +12,13 @@ tap:
       srvport: 8898
     front:
       port: 8899
-      srvport: 8899
     host: 127.0.0.1
   regex: .*
   namespaces: []
-  selfnamespace: kubeshark
+  release:
+    repo: https://helm.kubeshark.co
+    name: kubeshark
+    namespace: default
   persistentstorage: false
   storagelimit: 200Mi
   storageclass: standard
@@ -40,17 +42,29 @@ tap:
   servicemesh: true
   tls: true
   packetcapture: libpcap
-  ignoreTainted: false
-  resourceLabels: {}
-  nodeSelectorTerms: []
+  ignoretainted: false
+  labels: {}
+  annotations: {}
+  nodeselectorterms:
+  - matchExpressions:
+    - key: kubernetes.io/os
+      operator: In
+      values:
+      - linux
+  auth:
+    enabled: false
+    approvedemails: []
+    approveddomains: []
   ingress:
     enabled: false
+    classname: ""
     host: ks.svc.cluster.local
     tls: []
-    auth:
-      approvedDomains: []
-    certManager: letsencrypt-prod
+    annotations: {}
+  ipv6: true
   debug: false
+  telemetry:
+    enabled: true
 logs:
   file: ""
 kube:
@@ -62,4 +76,4 @@ license: ""
 scripting:
   env: {}
   source: ""
-  watchScripts: true
+  watchscripts: true

internal/connect/hub.go

@@ -5,8 +5,10 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
+	"os"
 	"time"
 
 	"github.com/kubeshark/kubeshark/config"
@@ -340,3 +342,40 @@ func (connector *Connector) PostScriptDone() {
 		time.Sleep(DefaultSleep)
 	}
 }
+
+func (connector *Connector) PostPcapsMerge(out *os.File) {
+	postEnvUrl := fmt.Sprintf("%s/pcaps/merge", connector.url)
+
+	if envMarshalled, err := json.Marshal(map[string]string{"query": ""}); err != nil {
+		log.Error().Err(err).Msg("Failed to marshal the env:")
+	} else {
+		ok := false
+		for !ok {
+			var resp *http.Response
+			if resp, err = utils.Post(postEnvUrl, "application/json", bytes.NewBuffer(envMarshalled), connector.client, config.Config.License); err != nil || resp.StatusCode != http.StatusOK {
+				if _, ok := err.(*url.Error); ok {
+					break
+				}
+				log.Warn().Err(err).Msg("Failed exported PCAP download. Retrying...")
+			} else {
+				defer resp.Body.Close()
+
+				// Check server response
+				if resp.StatusCode != http.StatusOK {
+					log.Error().Str("status", resp.Status).Err(err).Msg("Failed exported PCAP download.")
+					return
+				}
+
+				// Writer the body to file
+				_, err = io.Copy(out, resp.Body)
+				if err != nil {
+					log.Error().Err(err).Msg("Failed writing PCAP export:")
+					return
+				}
+				log.Info().Str("path", out.Name()).Msg("Downloaded exported PCAP:")
+				return
+			}
+			time.Sleep(DefaultSleep)
+		}
+	}
+}

kubernetes/consts.go

@@ -6,23 +6,6 @@ const (
 	FrontServiceName           = FrontPodName
 	HubPodName                 = SelfResourcesPrefix + "hub"
 	HubServiceName             = HubPodName
-	ClusterRoleBindingName     = SelfResourcesPrefix + "cluster-role-binding"
-	ClusterRoleName            = SelfResourcesPrefix + "cluster-role"
 	K8sAllNamespaces           = ""
-	RoleBindingName            = SelfResourcesPrefix + "role-binding"
-	RoleName                   = SelfResourcesPrefix + "role"
-	ServiceAccountName         = SelfResourcesPrefix + "service-account"
-	WorkerDaemonSetName        = SelfResourcesPrefix + "worker-daemon-set"
-	WorkerPodName              = SelfResourcesPrefix + "worker"
-	PersistentVolumeName       = SelfResourcesPrefix + "persistent-volume"
-	PersistentVolumeClaimName  = SelfResourcesPrefix + "persistent-volume-claim"
-	IngressName                = SelfResourcesPrefix + "ingress"
-	IngressClassName           = SelfResourcesPrefix + "ingress-class"
-	PersistentVolumeHostPath   = "/app/data"
 	MinKubernetesServerVersion = "1.16.0"
 )
-
-const (
-	LabelManagedBy = SelfResourcesPrefix + "managed-by"
-	LabelCreatedBy = SelfResourcesPrefix + "created-by"
-)

kubernetes/helm/helm.go

@@ -2,11 +2,14 @@ package helm
 
 import (
 	"encoding/json"
+	"fmt"
 	"os"
 	"path/filepath"
 	"regexp"
+	"strings"
 
 	"github.com/kubeshark/kubeshark/config"
+	"github.com/kubeshark/kubeshark/misc"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog/log"
 	"helm.sh/helm/v3/pkg/action"
@@ -39,14 +42,6 @@ func NewHelm(repo string, releaseName string, releaseNamespace string) *Helm {
 	}
 }
 
-func NewHelmDefault() *Helm {
-	return &Helm{
-		repo:             "https://helm.kubeshark.co",
-		releaseName:      "kubeshark",
-		releaseNamespace: "default",
-	}
-}
-
 func parseOCIRef(chartRef string) (string, string, error) {
 	refTagRegexp := regexp.MustCompile(`^(oci://[^:]+(:[0-9]{1,5})?[^:]+):(.*)$`)
 	caps := refTagRegexp.FindStringSubmatch(chartRef)
@@ -72,70 +67,74 @@ func (h *Helm) Install() (rel *release.Release, err error) {
 	client.Namespace = h.releaseNamespace
 	client.ReleaseName = h.releaseName
 
-	var chartURL string
-	chartURL, err = repo.FindChartInRepoURL(h.repo, h.releaseName, "", "", "", "", getter.All(&cli.EnvSettings{}))
-	if err != nil {
-		return
-	}
-
-	var cp string
-	cp, err = client.ChartPathOptions.LocateChart(chartURL, settings)
-	if err != nil {
-		return
-	}
-
-	m := &downloader.Manager{
-		Out:              os.Stdout,
-		ChartPath:        cp,
-		Keyring:          client.ChartPathOptions.Keyring,
-		SkipUpdate:       false,
-		Getters:          getter.All(settings),
-		RepositoryConfig: settings.RepositoryConfig,
-		RepositoryCache:  settings.RepositoryCache,
-		Debug:            settings.Debug,
-	}
-
-	dl := downloader.ChartDownloader{
-		Out:              m.Out,
-		Verify:           m.Verify,
-		Keyring:          m.Keyring,
-		RepositoryConfig: m.RepositoryConfig,
-		RepositoryCache:  m.RepositoryCache,
-		RegistryClient:   m.RegistryClient,
-		Getters:          m.Getters,
-		Options: []getter.Option{
-			getter.WithInsecureSkipVerifyTLS(false),
-		},
-	}
-
-	repoPath := filepath.Dir(m.ChartPath)
-	err = os.MkdirAll(repoPath, os.ModePerm)
-	if err != nil {
-		return
-	}
-
-	version := ""
-	if registry.IsOCI(chartURL) {
-		chartURL, version, err = parseOCIRef(chartURL)
+	chartPath := os.Getenv(fmt.Sprintf("%s_HELM_CHART_PATH", strings.ToUpper(misc.Program)))
+	if chartPath == "" {
+		var chartURL string
+		chartURL, err = repo.FindChartInRepoURL(h.repo, h.releaseName, "", "", "", "", getter.All(&cli.EnvSettings{}))
 		if err != nil {
 			return
 		}
-		dl.Options = append(dl.Options,
-			getter.WithRegistryClient(m.RegistryClient),
-			getter.WithTagName(version))
+
+		var cp string
+		cp, err = client.ChartPathOptions.LocateChart(chartURL, settings)
+		if err != nil {
+			return
+		}
+
+		m := &downloader.Manager{
+			Out:              os.Stdout,
+			ChartPath:        cp,
+			Keyring:          client.ChartPathOptions.Keyring,
+			SkipUpdate:       false,
+			Getters:          getter.All(settings),
+			RepositoryConfig: settings.RepositoryConfig,
+			RepositoryCache:  settings.RepositoryCache,
+			Debug:            settings.Debug,
+		}
+
+		dl := downloader.ChartDownloader{
+			Out:              m.Out,
+			Verify:           m.Verify,
+			Keyring:          m.Keyring,
+			RepositoryConfig: m.RepositoryConfig,
+			RepositoryCache:  m.RepositoryCache,
+			RegistryClient:   m.RegistryClient,
+			Getters:          m.Getters,
+			Options: []getter.Option{
+				getter.WithInsecureSkipVerifyTLS(false),
+			},
+		}
+
+		repoPath := filepath.Dir(m.ChartPath)
+		err = os.MkdirAll(repoPath, os.ModePerm)
+		if err != nil {
+			return
+		}
+
+		version := ""
+		if registry.IsOCI(chartURL) {
+			chartURL, version, err = parseOCIRef(chartURL)
+			if err != nil {
+				return
+			}
+			dl.Options = append(dl.Options,
+				getter.WithRegistryClient(m.RegistryClient),
+				getter.WithTagName(version))
+		}
+
+		log.Info().
+			Str("url", chartURL).
+			Str("repo-path", repoPath).
+			Msg("Downloading Helm chart:")
+
+		if _, _, err = dl.DownloadTo(chartURL, version, repoPath); err != nil {
+			return
+		}
+
+		chartPath = m.ChartPath
 	}
-
-	log.Info().
-		Str("url", chartURL).
-		Str("repo-path", repoPath).
-		Msg("Downloading Helm chart:")
-
-	if _, _, err = dl.DownloadTo(chartURL, version, repoPath); err != nil {
-		return
-	}
-
 	var chart *chart.Chart
-	chart, err = loader.Load(m.ChartPath)
+	chart, err = loader.Load(chartPath)
 	if err != nil {
 		return
 	}

kubernetes/provider.go

@@ -14,7 +14,6 @@ import (
 	"github.com/kubeshark/kubeshark/semver"
 	"github.com/kubeshark/kubeshark/utils"
 	"github.com/rs/zerolog/log"
-	auth "k8s.io/api/authorization/v1"
 	core "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -71,61 +70,11 @@ func NewProvider(kubeConfigPath string, contextName string) (*Provider, error) {
 	}, nil
 }
 
-func (provider *Provider) CanI(ctx context.Context, namespace string, resource string, verb string, group string) (bool, error) {
-	selfSubjectAccessReview := &auth.SelfSubjectAccessReview{
-		Spec: auth.SelfSubjectAccessReviewSpec{
-			ResourceAttributes: &auth.ResourceAttributes{
-				Namespace: namespace,
-				Resource:  resource,
-				Verb:      verb,
-				Group:     group,
-			},
-		},
-	}
-
-	response, err := provider.clientSet.AuthorizationV1().SelfSubjectAccessReviews().Create(ctx, selfSubjectAccessReview, metav1.CreateOptions{})
-	if err != nil {
-		return false, err
-	}
-
-	return response.Status.Allowed, nil
-}
-
-func (provider *Provider) DoesNamespaceExist(ctx context.Context, name string) (bool, error) {
-	namespaceResource, err := provider.clientSet.CoreV1().Namespaces().Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(namespaceResource, err)
-}
-
-func (provider *Provider) DoesServiceAccountExist(ctx context.Context, namespace string, name string) (bool, error) {
-	serviceAccountResource, err := provider.clientSet.CoreV1().ServiceAccounts(namespace).Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(serviceAccountResource, err)
-}
-
 func (provider *Provider) DoesServiceExist(ctx context.Context, namespace string, name string) (bool, error) {
 	serviceResource, err := provider.clientSet.CoreV1().Services(namespace).Get(ctx, name, metav1.GetOptions{})
 	return provider.doesResourceExist(serviceResource, err)
 }
 
-func (provider *Provider) DoesClusterRoleExist(ctx context.Context, name string) (bool, error) {
-	clusterRoleResource, err := provider.clientSet.RbacV1().ClusterRoles().Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(clusterRoleResource, err)
-}
-
-func (provider *Provider) DoesClusterRoleBindingExist(ctx context.Context, name string) (bool, error) {
-	clusterRoleBindingResource, err := provider.clientSet.RbacV1().ClusterRoleBindings().Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(clusterRoleBindingResource, err)
-}
-
-func (provider *Provider) DoesRoleExist(ctx context.Context, namespace string, name string) (bool, error) {
-	roleResource, err := provider.clientSet.RbacV1().Roles(namespace).Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(roleResource, err)
-}
-
-func (provider *Provider) DoesRoleBindingExist(ctx context.Context, namespace string, name string) (bool, error) {
-	roleBindingResource, err := provider.clientSet.RbacV1().RoleBindings(namespace).Get(ctx, name, metav1.GetOptions{})
-	return provider.doesResourceExist(roleBindingResource, err)
-}
-
 func (provider *Provider) doesResourceExist(resource interface{}, err error) (bool, error) {
 	// Getting NotFound error is the expected behavior when a resource does not exist.
 	if k8serrors.IsNotFound(err) {
@@ -178,8 +127,14 @@ func (provider *Provider) ListAllRunningPodsMatchingRegex(ctx context.Context, r
 	return matchingPods, nil
 }
 
-func (provider *Provider) ListPodsByAppLabel(ctx context.Context, namespaces string, labelName string) ([]core.Pod, error) {
-	pods, err := provider.clientSet.CoreV1().Pods(namespaces).List(ctx, metav1.ListOptions{LabelSelector: fmt.Sprintf("app=%s", labelName)})
+func (provider *Provider) ListPodsByAppLabel(ctx context.Context, namespaces string, labels map[string]string) ([]core.Pod, error) {
+	pods, err := provider.clientSet.CoreV1().Pods(namespaces).List(ctx, metav1.ListOptions{
+		LabelSelector: metav1.FormatLabelSelector(
+			&metav1.LabelSelector{
+				MatchLabels: labels,
+			},
+		),
+	})
 	if err != nil {
 		return nil, err
 	}
@@ -187,15 +142,6 @@ func (provider *Provider) ListPodsByAppLabel(ctx context.Context, namespaces str
 	return pods.Items, err
 }
 
-func (provider *Provider) ListAllNamespaces(ctx context.Context) ([]core.Namespace, error) {
-	namespaces, err := provider.clientSet.CoreV1().Namespaces().List(ctx, metav1.ListOptions{})
-	if err != nil {
-		return nil, err
-	}
-
-	return namespaces.Items, err
-}
-
 func (provider *Provider) GetPodLogs(ctx context.Context, namespace string, podName string, containerName string) (string, error) {
 	podLogOpts := core.PodLogOptions{Container: containerName}
 	req := provider.clientSet.CoreV1().Pods(namespace).GetLogs(podName, &podLogOpts)

kubernetes/proxy.go

@@ -24,6 +24,7 @@ const selfServicePort = 80
 
 func StartProxy(kubernetesProvider *Provider, proxyHost string, srcPort uint16, selfNamespace string, selfServiceName string) (*http.Server, error) {
 	log.Info().
+		Str("proxy-host", proxyHost).
 		Str("namespace", selfNamespace).
 		Str("service", selfServiceName).
 		Int("src-port", int(srcPort)).
@@ -71,6 +72,10 @@ func GetProxyOnPort(port uint16) string {
 	return fmt.Sprintf("http://%s:%d", config.Config.Tap.Proxy.Host, port)
 }
 
+func GetHubUrl() string {
+	return fmt.Sprintf("%s/api", GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port))
+}
+
 func getRerouteHttpHandlerSelfAPI(proxyHandler http.Handler, selfNamespace string, selfServiceName string) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
@@ -101,7 +106,7 @@ func getRerouteHttpHandlerSelfStatic(proxyHandler http.Handler, selfNamespace st
 }
 
 func NewPortForward(kubernetesProvider *Provider, namespace string, podRegex *regexp.Regexp, srcPort uint16, dstPort uint16, ctx context.Context) (*portforward.PortForwarder, error) {
-	pods, err := kubernetesProvider.ListAllRunningPodsMatchingRegex(ctx, podRegex, []string{namespace})
+	pods, err := kubernetesProvider.ListPodsByAppLabel(ctx, namespace, map[string]string{"app.kubeshark.co/app": "hub"})
 	if err != nil {
 		return nil, err
 	} else if len(pods) == 0 {

manifests/00-namespace.yaml

@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark
-spec: {}
-status: {}

manifests/01-service-account.yaml

@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-service-account
-  namespace: kubeshark

manifests/02-cluster-role.yaml

@@ -1,27 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-cluster-role
-  namespace: kubeshark
-rules:
-  - apiGroups:
-      - ""
-      - extensions
-      - apps
-      - networking.k8s.io
-    resources:
-      - pods
-      - services
-      - endpoints
-      - persistentvolumeclaims
-      - ingresses
-    verbs:
-      - list
-      - get
-      - watch

manifests/03-cluster-role-binding.yaml

@@ -1,19 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-cluster-role-binding
-  namespace: kubeshark
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kubeshark-cluster-role
-subjects:
-  - kind: ServiceAccount
-    name: kubeshark-service-account
-    namespace: kubeshark

manifests/04-hub-pod.yaml

@@ -1,47 +0,0 @@
----
-apiVersion: v1
-kind: Pod
-metadata:
-  creationTimestamp: null
-  labels:
-    app: kubeshark-hub
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-hub
-  namespace: kubeshark
-spec:
-  containers:
-    - command:
-        - ./hub
-      env:
-        - name: POD_REGEX
-          value: .*
-        - name: NAMESPACES
-        - name: LICENSE
-        - name: SCRIPTING_ENV
-          value: '{}'
-        - name: SCRIPTING_SCRIPTS
-          value: '[]'
-        - name: AUTH_APPROVED_DOMAINS
-      image: docker.io/kubeshark/hub:latest
-      imagePullPolicy: Always
-      name: kubeshark-hub
-      ports:
-        - containerPort: 80
-          hostPort: 8898
-      resources:
-        limits:
-          cpu: 750m
-          memory: 1Gi
-        requests:
-          cpu: 50m
-          memory: 50Mi
-  dnsPolicy: ClusterFirstWithHostNet
-  serviceAccountName: kubeshark-service-account
-  terminationGracePeriodSeconds: 0
-  tolerations:
-    - effect: NoExecute
-      operator: Exists
-    - effect: NoSchedule
-      operator: Exists
-status: {}

manifests/05-hub-service.yaml

@@ -1,20 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-hub
-  namespace: kubeshark
-spec:
-  ports:
-    - name: kubeshark-hub
-      port: 80
-      targetPort: 80
-  selector:
-    app: kubeshark-hub
-  type: NodePort
-status:
-  loadBalancer: {}

manifests/06-front-pod.yaml

@@ -1,49 +0,0 @@
----
-apiVersion: v1
-kind: Pod
-metadata:
-  creationTimestamp: null
-  labels:
-    app: kubeshark-front
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-front
-  namespace: kubeshark
-spec:
-  containers:
-    - env:
-        - name: REACT_APP_DEFAULT_FILTER
-          value: ' '
-        - name: REACT_APP_HUB_HOST
-          value: ' '
-        - name: REACT_APP_HUB_PORT
-          value: "8898"
-      image: docker.io/kubeshark/front:latest
-      imagePullPolicy: Always
-      name: kubeshark-front
-      ports:
-        - containerPort: 80
-          hostPort: 8899
-      readinessProbe:
-        failureThreshold: 3
-        periodSeconds: 1
-        successThreshold: 1
-        tcpSocket:
-          port: 80
-        timeoutSeconds: 1
-      resources:
-        limits:
-          cpu: 750m
-          memory: 1Gi
-        requests:
-          cpu: 50m
-          memory: 50Mi
-  dnsPolicy: ClusterFirstWithHostNet
-  serviceAccountName: kubeshark-service-account
-  terminationGracePeriodSeconds: 0
-  tolerations:
-    - effect: NoExecute
-      operator: Exists
-    - effect: NoSchedule
-      operator: Exists
-status: {}

manifests/07-front-service.yaml

@@ -1,20 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-front
-  namespace: kubeshark
-spec:
-  ports:
-    - name: kubeshark-front
-      port: 80
-      targetPort: 80
-  selector:
-    app: kubeshark-front
-  type: NodePort
-status:
-  loadBalancer: {}

manifests/08-persistent-volume-claim.yaml

@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-persistent-volume-claim
-  namespace: kubeshark
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 200Mi
-  storageClassName: standard
-status: {}

manifests/09-worker-daemon-set.yaml

@@ -1,92 +0,0 @@
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  creationTimestamp: null
-  labels:
-    app: kubeshark-worker-daemon-set
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-worker-daemon-set
-  namespace: kubeshark
-spec:
-  selector:
-    matchLabels:
-      app: kubeshark-worker-daemon-set
-      kubeshark-created-by: kubeshark
-      kubeshark-managed-by: kubeshark
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        app: kubeshark-worker-daemon-set
-        kubeshark-created-by: kubeshark
-        kubeshark-managed-by: kubeshark
-      name: kubeshark-worker-daemon-set
-      namespace: kubeshark
-    spec:
-      containers:
-        - command:
-            - ./worker
-            - -i
-            - any
-            - -port
-            - "8897"
-            - -packet-capture
-            - libpcap
-            - -servicemesh
-            - -tls
-            - -procfs
-            - /hostproc
-          image: docker.io/kubeshark/worker:latest
-          imagePullPolicy: Always
-          name: kubeshark-worker-daemon-set
-          ports:
-            - containerPort: 8897
-              hostPort: 8897
-          resources:
-            limits:
-              cpu: 750m
-              memory: 1Gi
-            requests:
-              cpu: 50m
-              memory: 50Mi
-          securityContext:
-            capabilities:
-              add:
-                - NET_RAW
-                - NET_ADMIN
-                - SYS_ADMIN
-                - SYS_PTRACE
-                - DAC_OVERRIDE
-                - SYS_RESOURCE
-              drop:
-                - ALL
-          volumeMounts:
-            - mountPath: /hostproc
-              name: proc
-              readOnly: true
-            - mountPath: /sys
-              name: sys
-              readOnly: true
-            - mountPath: /app/data
-              name: kubeshark-persistent-volume
-      dnsPolicy: ClusterFirstWithHostNet
-      hostNetwork: true
-      serviceAccountName: kubeshark-service-account
-      terminationGracePeriodSeconds: 0
-      tolerations:
-        - effect: NoExecute
-          operator: Exists
-        - effect: NoSchedule
-          operator: Exists
-      volumes:
-        - hostPath:
-            path: /proc
-          name: proc
-        - hostPath:
-            path: /sys
-          name: sys
-        - name: kubeshark-persistent-volume
-          persistentVolumeClaim:
-            claimName: kubeshark-persistent-volume-claim

manifests/10-ingress-class.yaml

@@ -1,13 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: IngressClass
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-ingress-class
-  namespace: kubeshark
-spec:
-  controller: k8s.io/ingress-nginx

manifests/11-ingress.yaml

@@ -1,36 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
-    nginx.ingress.kubernetes.io/rewrite-target: /$2
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-ingress
-  namespace: kubeshark
-spec:
-  ingressClassName: kubeshark-ingress-class
-  rules:
-    - host: ks.svc.cluster.local
-      http:
-        paths:
-          - backend:
-              service:
-                name: kubeshark-hub
-                port:
-                  number: 80
-            path: /api(/|$)(.*)
-            pathType: Prefix
-          - backend:
-              service:
-                name: kubeshark-front
-                port:
-                  number: 80
-            path: /()(.*)
-            pathType: Prefix
-status:
-  loadBalancer: {}

manifests/complete.yaml

@@ -0,0 +1,495 @@
+---
+# Source: kubeshark/templates/01-service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    helm.sh/chart: kubeshark-50.4
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.4"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+  name: kubeshark-service-account
+  namespace: default
+---
+# Source: kubeshark/templates/13-secret.yaml
+kind: Secret
+apiVersion: v1
+metadata:
+  name: kubeshark-secret
+  namespace: default
+  labels:
+    app.kubeshark.co/app: hub
+    helm.sh/chart: kubeshark-50.4
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.4"
+    app.kubernetes.io/managed-by: Helm
+stringData:
+    LICENSE: ''
+---
+# Source: kubeshark/templates/11-nginx-config-map.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kubeshark-nginx-config-map
+  namespace: default
+  labels:
+    helm.sh/chart: kubeshark-50.4
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.4"
+    app.kubernetes.io/managed-by: Helm
+data:
+  default.conf: |
+    server {
+      listen 80;
+      listen [::]:80;
+      access_log /dev/stdout;
+      error_log /dev/stdout;
+
+      location /api {
+        rewrite ^/api(.*)$ $1 break;
+        proxy_pass http://kubeshark-hub;
+        proxy_set_header   X-Forwarded-For $remote_addr;
+        proxy_set_header   Host $http_host;
+        proxy_set_header Upgrade websocket;
+        proxy_set_header Connection Upgrade;
+        proxy_set_header  Authorization $http_authorization;
+        proxy_pass_header Authorization;
+        proxy_connect_timeout 4s;
+        proxy_read_timeout 120s;
+        proxy_send_timeout 12s;
+        proxy_pass_request_headers      on;
+      }
+
+      location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+        try_files $uri $uri/ /index.html;
+        expires -1;
+        add_header Cache-Control no-cache;
+      }
+      error_page   500 502 503 504  /50x.html;
+      location = /50x.html {
+        root   /usr/share/nginx/html;
+      }
+    }
+---
+# Source: kubeshark/templates/12-config-map.yaml
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: kubeshark-config-map
+  namespace: default
+  labels:
+    app.kubeshark.co/app: hub
+    helm.sh/chart: kubeshark-50.4
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.4"
+    app.kubernetes.io/managed-by: Helm
+data:
+    POD_REGEX: '.*'
+    NAMESPACES: ''
+    SCRIPTING_ENV: '{}'
+    SCRIPTING_SCRIPTS: '[]'
+    AUTH_ENABLED: ''
+    AUTH_APPROVED_EMAILS: ''
+    AUTH_APPROVED_DOMAINS: ''
+    TELEMETRY_DISABLED: ''
+---
+# Source: kubeshark/templates/02-cluster-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    helm.sh/chart: kubeshark-50.4
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.4"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+  name: kubeshark-cluster-role
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+      - extensions
+      - apps
+    resources:
+      - pods
+      - services
+      - endpoints
+      - persistentvolumeclaims
+    verbs:
+      - list
+      - get
+      - watch
+---
+# Source: kubeshark/templates/03-cluster-role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    helm.sh/chart: kubeshark-50.4
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.4"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+  name: kubeshark-cluster-role-binding
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubeshark-cluster-role
+subjects:
+  - kind: ServiceAccount
+    name: kubeshark-service-account
+    namespace: default
+---
+# Source: kubeshark/templates/02-cluster-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    helm.sh/chart: kubeshark-50.4
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.4"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+  name: kubeshark-self-secrets-role
+  namespace: default
+rules:
+  - apiGroups:
+      - "v1"
+      - ""
+    resourceNames:
+      - kubeshark-secret
+    resources:
+      - secrets
+    verbs:
+      - get
+      - watch
+      - update
+      - patch
+---
+# Source: kubeshark/templates/03-cluster-role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubeshark-self-secrets-role-binding
+  labels:
+    helm.sh/chart: kubeshark-50.4
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.4"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+  namespace: default
+subjects:
+  - kind: ServiceAccount
+    name: kubeshark-service-account
+    namespace: default
+roleRef:
+  kind: Role
+  name: kubeshark-self-secrets-role
+  apiGroup: rbac.authorization.k8s.io
+---
+# Source: kubeshark/templates/05-hub-service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubeshark.co/app: hub
+    helm.sh/chart: kubeshark-50.4
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.4"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+  name: kubeshark-hub
+  namespace: default
+spec:
+  ports:
+    - name: kubeshark-hub
+      port: 80
+      targetPort: 80
+  selector:
+    app.kubeshark.co/app: hub
+  type: ClusterIP
+---
+# Source: kubeshark/templates/07-front-service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    helm.sh/chart: kubeshark-50.4
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.4"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+  name: kubeshark-front
+  namespace: default
+spec:
+  ports:
+    - name: kubeshark-front
+      port: 80
+      targetPort: 80
+  selector:
+    app.kubeshark.co/app: front
+  type: ClusterIP
+---
+# Source: kubeshark/templates/09-worker-daemon-set.yaml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app.kubeshark.co/app: worker
+    sidecar.istio.io/inject: "false"
+    helm.sh/chart: kubeshark-50.4
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.4"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+  name: kubeshark-worker-daemon-set
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app.kubeshark.co/app: worker
+      helm.sh/chart: kubeshark-50.4
+      app.kubernetes.io/name: kubeshark
+      app.kubernetes.io/instance: kubeshark
+      app.kubernetes.io/version: "50.4"
+      app.kubernetes.io/managed-by: Helm
+  template:
+    metadata:
+      labels:
+        app.kubeshark.co/app: worker
+        helm.sh/chart: kubeshark-50.4
+        app.kubernetes.io/name: kubeshark
+        app.kubernetes.io/instance: kubeshark
+        app.kubernetes.io/version: "50.4"
+        app.kubernetes.io/managed-by: Helm
+      name: kubeshark-worker-daemon-set
+      namespace: kubeshark
+    spec:
+      containers:
+        - command:
+            - ./worker
+            - -i
+            - any
+            - -port
+            - '8897'
+            - -servicemesh
+            - -tls
+            - -procfs
+            - /hostproc
+            
+          image: 'docker.io/kubeshark/worker:latest'
+          imagePullPolicy: Always
+          name: kubeshark-worker-daemon-set
+          envFrom:
+            - secretRef:
+                name: kubeshark-secret
+          resources:
+            limits:
+              cpu: 750m
+              memory: 1Gi
+            requests:
+              cpu: 50m
+              memory: 50Mi
+          securityContext:
+            capabilities:
+              add:
+                - NET_RAW
+                - NET_ADMIN
+                - SYS_ADMIN
+                - SYS_PTRACE
+                - DAC_OVERRIDE
+                - SYS_RESOURCE
+                - SYS_MODULE
+              drop:
+                - ALL
+          readinessProbe:
+            periodSeconds: 1
+            failureThreshold: 3
+            successThreshold: 1
+            initialDelaySeconds: 5
+            tcpSocket:
+              port: 8897
+          livenessProbe:
+            periodSeconds: 1
+            failureThreshold: 3
+            successThreshold: 1
+            initialDelaySeconds: 5
+            tcpSocket:
+              port: 8897
+          volumeMounts:
+            - mountPath: /hostproc
+              name: proc
+              readOnly: true
+            - mountPath: /sys
+              name: sys
+              readOnly: true
+      dnsPolicy: ClusterFirstWithHostNet
+      hostNetwork: true
+      serviceAccountName: kubeshark-service-account
+      terminationGracePeriodSeconds: 0
+      tolerations:
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: kubernetes.io/os
+                operator: In
+                values:
+                - linux
+      volumes:
+        - hostPath:
+            path: /proc
+          name: proc
+        - hostPath:
+            path: /sys
+          name: sys
+---
+# Source: kubeshark/templates/04-hub-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kubeshark-hub
+  namespace: default
+  labels:
+    app.kubeshark.co/app: hub
+    helm.sh/chart: kubeshark-50.4
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.4"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+spec:
+  replicas: 1  # Set the desired number of replicas
+  selector:
+    matchLabels:
+      app.kubeshark.co/app: hub
+  template:
+    metadata:
+      labels:
+        app.kubeshark.co/app: hub
+        sidecar.istio.io/inject: "false"
+    spec:
+      dnsPolicy: ClusterFirstWithHostNet
+      serviceAccountName: kubeshark-service-account
+      containers:
+        - name: kubeshark-hub
+          command:
+            - ./hub
+            
+          envFrom:
+            - configMapRef:
+                name: kubeshark-config-map
+            - secretRef:
+                name: kubeshark-secret
+          image: 'docker.io/kubeshark/hub:latest'
+          imagePullPolicy: Always
+          readinessProbe:
+            periodSeconds: 1
+            failureThreshold: 3
+            successThreshold: 1
+            initialDelaySeconds: 3
+            tcpSocket:
+              port: 80
+          livenessProbe:
+            periodSeconds: 1
+            failureThreshold: 3
+            successThreshold: 1
+            initialDelaySeconds: 3
+            tcpSocket:
+              port: 80
+          resources:
+            limits:
+              cpu: 750m
+              memory: 1Gi
+            requests:
+              cpu: 50m
+              memory: 50Mi
+---
+# Source: kubeshark/templates/06-front-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kubeshark-front
+  namespace: default
+  labels:
+    app.kubeshark.co/app: front
+    helm.sh/chart: kubeshark-50.4
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.4"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+spec:
+  replicas: 1  # Set the desired number of replicas
+  selector:
+    matchLabels:
+      app.kubeshark.co/app: front
+  template:
+    metadata:
+      labels:
+        app.kubeshark.co/app: front
+    spec:
+      containers:
+        - env:
+            - name: REACT_APP_DEFAULT_FILTER
+              value: ' '
+            - name: REACT_APP_HUB_HOST
+              value: ' '
+            - name: REACT_APP_HUB_PORT
+              value: ':8899/api'
+          image: 'docker.io/kubeshark/front:latest'
+          imagePullPolicy: Always
+          name: kubeshark-front
+          livenessProbe:
+            periodSeconds: 1
+            failureThreshold: 3
+            successThreshold: 1
+            initialDelaySeconds: 3
+            tcpSocket:
+              port: 80
+          readinessProbe:
+            periodSeconds: 1
+            failureThreshold: 3
+            successThreshold: 1
+            initialDelaySeconds: 3
+            tcpSocket:
+              port: 80
+            timeoutSeconds: 1
+          resources:
+            limits:
+              cpu: 750m
+              memory: 1Gi
+            requests:
+              cpu: 50m
+              memory: 50Mi
+          volumeMounts:
+            - name: nginx-config
+              mountPath: /etc/nginx/conf.d/default.conf
+              subPath: default.conf
+              readOnly: true
+      volumes:
+        - name: nginx-config
+          configMap:
+            name: kubeshark-nginx-config-map
+      dnsPolicy: ClusterFirstWithHostNet
+      serviceAccountName: kubeshark-service-account

misc/fsUtils/kubesharkLogsUtils.go

@@ -15,13 +15,13 @@ import (
 
 func DumpLogs(ctx context.Context, provider *kubernetes.Provider, filePath string) error {
 	podExactRegex := regexp.MustCompile("^" + kubernetes.SelfResourcesPrefix)
-	pods, err := provider.ListAllPodsMatchingRegex(ctx, podExactRegex, []string{config.Config.Tap.SelfNamespace})
+	pods, err := provider.ListAllPodsMatchingRegex(ctx, podExactRegex, []string{config.Config.Tap.Release.Namespace})
 	if err != nil {
 		return err
 	}
 
 	if len(pods) == 0 {
-		return fmt.Errorf("No %s pods found in namespace %s", misc.Software, config.Config.Tap.SelfNamespace)
+		return fmt.Errorf("No %s pods found in namespace %s", misc.Software, config.Config.Tap.Release.Namespace)
 	}
 
 	newZipFile, err := os.Create(filePath)
@@ -60,17 +60,17 @@ func DumpLogs(ctx context.Context, provider *kubernetes.Provider, filePath strin
 		}
 	}
 
-	events, err := provider.GetNamespaceEvents(ctx, config.Config.Tap.SelfNamespace)
+	events, err := provider.GetNamespaceEvents(ctx, config.Config.Tap.Release.Namespace)
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to get k8b events!")
 	} else {
-		log.Debug().Str("namespace", config.Config.Tap.SelfNamespace).Msg("Successfully read events.")
+		log.Debug().Str("namespace", config.Config.Tap.Release.Namespace).Msg("Successfully read events.")
 	}
 
-	if err := AddStrToZip(zipWriter, events, fmt.Sprintf("%s_events.log", config.Config.Tap.SelfNamespace)); err != nil {
+	if err := AddStrToZip(zipWriter, events, fmt.Sprintf("%s_events.log", config.Config.Tap.Release.Namespace)); err != nil {
 		log.Error().Err(err).Msg("Failed write logs!")
 	} else {
-		log.Debug().Str("namespace", config.Config.Tap.SelfNamespace).Msg("Successfully added events.")
+		log.Debug().Str("namespace", config.Config.Tap.Release.Namespace).Msg("Successfully added events.")
 	}
 
 	if err := AddFileToZip(zipWriter, config.ConfigFilePath); err != nil {

misc/version/versionCheck.go

@@ -16,7 +16,7 @@ import (
 )
 
 func CheckNewerVersion() {
-	if os.Getenv("KUBESHARK_DISABLE_VERSION_CHECK") != "" {
+	if os.Getenv(fmt.Sprintf("%s_DISABLE_VERSION_CHECK", strings.ToUpper(misc.Program))) != "" {
 		return
 	}
 

utils/pretty.go

@@ -3,22 +3,17 @@ package utils
 import (
 	"bytes"
 
-	"gopkg.in/yaml.v3"
+	"github.com/goccy/go-yaml"
 )
 
-const (
-	empty = ""
-	tab   = "\t"
-)
-
-func PrettyYaml(data interface{}) (string, error) {
+func PrettyYaml(data interface{}) (result string, err error) {
 	buffer := new(bytes.Buffer)
-	encoder := yaml.NewEncoder(buffer)
-	encoder.SetIndent(2)
+	encoder := yaml.NewEncoder(buffer, yaml.Indent(2))
 
-	err := encoder.Encode(data)
+	err = encoder.Encode(data)
 	if err != nil {
-		return empty, err
+		return
 	}
-	return buffer.String(), nil
+	result = buffer.String()
+	return
 }