✨ Add KUBESHARK_HELM_CHART_PATH environment variable to set a local path for the Helm chart

This reverts commit d8ee89225c.

Makefile

@@ -68,3 +68,9 @@ kubectl-view-all-resources: ## This command outputs all Kubernetes resources usi
 
 kubectl-view-kubeshark-resources: ## This command outputs all Kubernetes resources in "kubeshark" namespace using YAML format and pipes it to VS Code
 	./kubectl.sh view-kubeshark-resources
+
+generate-helm-values: ## Generate the Helm values from config.yaml
+	./bin/kubeshark__ config > ./helm-chart/values.yaml
+
+generate-manifests: ## Generate the manifests from the Helm chart using default configuration
+	helm template ./helm-chart > ./manifests/complete.yaml

cmd/clean.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 
 	"github.com/creasty/defaults"
+	"github.com/kubeshark/kubeshark/config"
 	"github.com/kubeshark/kubeshark/config/configStructs"
 	"github.com/kubeshark/kubeshark/kubernetes/helm"
 	"github.com/kubeshark/kubeshark/misc"
@@ -15,7 +16,11 @@ var cleanCmd = &cobra.Command{
 	Use:   "clean",
 	Short: fmt.Sprintf("Removes all %s resources", misc.Software),
 	RunE: func(cmd *cobra.Command, args []string) error {
-		resp, err := helm.NewHelmDefault().Uninstall()
+		resp, err := helm.NewHelm(
+			config.Config.Tap.Release.Repo,
+			config.Config.Tap.Release.Name,
+			config.Config.Tap.Release.Namespace,
+		).Uninstall()
 		if err != nil {
 			log.Error().Err(err).Send()
 		} else {
@@ -33,5 +38,5 @@ func init() {
 		log.Debug().Err(err).Send()
 	}
 
-	cleanCmd.Flags().StringP(configStructs.SelfNamespaceLabel, "s", defaultTapConfig.SelfNamespace, "Self-namespace of Kubeshark")
+	cleanCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 }

cmd/common.go

@@ -18,7 +18,7 @@ import (
 )
 
 func startProxyReportErrorIfAny(kubernetesProvider *kubernetes.Provider, ctx context.Context, serviceName string, podName string, proxyPortLabel string, srcPort uint16, dstPort uint16, healthCheck string) {
-	httpServer, err := kubernetes.StartProxy(kubernetesProvider, config.Config.Tap.Proxy.Host, srcPort, config.Config.Tap.SelfNamespace, serviceName)
+	httpServer, err := kubernetes.StartProxy(kubernetesProvider, config.Config.Tap.Proxy.Host, srcPort, config.Config.Tap.Release.Namespace, serviceName)
 	if err != nil {
 		log.Error().
 			Err(errormessage.FormatError(err)).
@@ -38,7 +38,7 @@ func startProxyReportErrorIfAny(kubernetesProvider *kubernetes.Provider, ctx con
 		}
 
 		podRegex, _ := regexp.Compile(podName)
-		if _, err := kubernetes.NewPortForward(kubernetesProvider, config.Config.Tap.SelfNamespace, podRegex, srcPort, dstPort, ctx); err != nil {
+		if _, err := kubernetes.NewPortForward(kubernetesProvider, config.Config.Tap.Release.Namespace, podRegex, srcPort, dstPort, ctx); err != nil {
 			log.Error().
 				Str("pod-regex", podRegex.String()).
 				Err(errormessage.FormatError(err)).
@@ -99,7 +99,7 @@ func handleKubernetesProviderError(err error) {
 	}
 }
 
-func finishSelfExecution(kubernetesProvider *kubernetes.Provider, isNsRestrictedMode bool, selfNamespace string) {
+func finishSelfExecution(kubernetesProvider *kubernetes.Provider) {
 	removalCtx, cancel := context.WithTimeout(context.Background(), cleanupTimeout)
 	defer cancel()
 	dumpLogsIfNeeded(removalCtx, kubernetesProvider)

cmd/config.go

@@ -17,21 +17,15 @@ var configCmd = &cobra.Command{
 	Use:   "config",
 	Short: fmt.Sprintf("Generate %s config with default values", misc.Software),
 	RunE: func(cmd *cobra.Command, args []string) error {
-		configWithDefaults, err := config.GetConfigWithDefaults()
-		if err != nil {
-			log.Error().Err(err).Msg("Failed generating config with defaults.")
-			return nil
-		}
-
 		if config.Config.Config.Regenerate {
-			if err := config.WriteConfig(configWithDefaults); err != nil {
+			if err := config.WriteConfig(&config.Config); err != nil {
 				log.Error().Err(err).Msg("Failed generating config with defaults.")
 				return nil
 			}
 
 			log.Info().Str("config-path", config.ConfigFilePath).Msg("Template file written to config path.")
 		} else {
-			template, err := utils.PrettyYaml(configWithDefaults)
+			template, err := utils.PrettyYaml(config.Config)
 			if err != nil {
 				log.Error().Err(err).Msg("Failed converting config with defaults to YAML.")
 				return nil

cmd/proxyRunner.go

@@ -23,7 +23,7 @@ func runProxy(block bool, noBrowser bool) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	exists, err := kubernetesProvider.DoesServiceExist(ctx, config.Config.Tap.SelfNamespace, kubernetes.FrontServiceName)
+	exists, err := kubernetesProvider.DoesServiceExist(ctx, config.Config.Tap.Release.Namespace, kubernetes.FrontServiceName)
 	if err != nil {
 		log.Error().
 			Str("service", kubernetes.FrontServiceName).
@@ -42,7 +42,7 @@ func runProxy(block bool, noBrowser bool) {
 		return
 	}
 
-	exists, err = kubernetesProvider.DoesServiceExist(ctx, config.Config.Tap.SelfNamespace, kubernetes.HubServiceName)
+	exists, err = kubernetesProvider.DoesServiceExist(ctx, config.Config.Tap.Release.Namespace, kubernetes.HubServiceName)
 	if err != nil {
 		log.Error().
 			Str("service", kubernetes.HubServiceName).

cmd/tap.go

@@ -51,15 +51,14 @@ func init() {
 	tapCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.Port, "Provide a custom port for the Hub proxy/port-forward")
 	tapCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the proxy/port-forward")
 	tapCmd.Flags().StringSliceP(configStructs.NamespacesLabel, "n", defaultTapConfig.Namespaces, "Namespaces selector")
-	tapCmd.Flags().StringP(configStructs.SelfNamespaceLabel, "s", defaultTapConfig.SelfNamespace, "Self-namespace of Kubeshark")
+	tapCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 	tapCmd.Flags().Bool(configStructs.PersistentStorageLabel, defaultTapConfig.PersistentStorage, "Enable persistent storage (PersistentVolumeClaim)")
 	tapCmd.Flags().String(configStructs.StorageLimitLabel, defaultTapConfig.StorageLimit, "Override the default storage limit (per node)")
 	tapCmd.Flags().String(configStructs.StorageClassLabel, defaultTapConfig.StorageClass, "Override the default storage class of the PersistentVolumeClaim (per node)")
 	tapCmd.Flags().Bool(configStructs.DryRunLabel, defaultTapConfig.DryRun, "Preview of all pods matching the regex, without tapping them")
-	tapCmd.Flags().StringP(configStructs.PcapLabel, "p", defaultTapConfig.Pcap, fmt.Sprintf("Capture from a PCAP snapshot of %s (.tar.gz) using your Docker Daemon instead of Kubernetes", misc.Software))
+	tapCmd.Flags().StringP(configStructs.PcapLabel, "p", defaultTapConfig.Pcap, fmt.Sprintf("Capture from a PCAP snapshot of %s (.tar.gz) using your Docker Daemon instead of Kubernetes. TAR path from the file system or an S3 URI (object, folder or the bucket)", misc.Software))
 	tapCmd.Flags().Bool(configStructs.ServiceMeshLabel, defaultTapConfig.ServiceMesh, "Capture the encrypted traffic if the cluster is configured with a service mesh and with mTLS")
 	tapCmd.Flags().Bool(configStructs.TlsLabel, defaultTapConfig.Tls, "Capture the traffic that's encrypted with OpenSSL or Go crypto/tls libraries")
 	tapCmd.Flags().Bool(configStructs.IgnoreTaintedLabel, defaultTapConfig.IgnoreTainted, "Ignore tainted pods while running Worker DaemonSet")
 	tapCmd.Flags().Bool(configStructs.IngressEnabledLabel, defaultTapConfig.Ingress.Enabled, "Enable Ingress")
-	tapCmd.Flags().Bool(configStructs.DebugLabel, defaultTapConfig.Debug, "Enable the debug mode")
 }

cmd/tapPcapRunner.go

@@ -1,13 +1,24 @@
 package cmd
 
 import (
+	"archive/tar"
 	"bufio"
+	"compress/gzip"
 	"context"
 	"encoding/json"
 	"fmt"
 	"io"
+	"net/url"
 	"os"
+	"path/filepath"
+	"strings"
+	"sync"
 
+	"github.com/aws/aws-sdk-go-v2/aws"
+	awsConfig "github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/feature/s3/manager"
+	"github.com/aws/aws-sdk-go-v2/service/s3"
+	s3Types "github.com/aws/aws-sdk-go-v2/service/s3/types"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/client"
@@ -62,6 +73,7 @@ func logPullingImage(image string, reader io.ReadCloser) {
 }
 
 func pullImages(ctx context.Context, cli *client.Client, imageFront string, imageHub string, imageWorker string) error {
+	log.Info().Msg("Pulling images...")
 	readerFront, err := cli.ImagePull(ctx, imageFront, types.ImagePullOptions{})
 	if err != nil {
 		return err
@@ -93,7 +105,7 @@ func cleanUpOldContainers(
 	nameHub string,
 	nameWorker string,
 ) error {
-	containers, err := cli.ContainerList(ctx, types.ContainerListOptions{})
+	containers, err := cli.ContainerList(ctx, types.ContainerListOptions{All: true})
 	if err != nil {
 		return err
 	}
@@ -157,7 +169,7 @@ func createAndStartContainers(
 		Env: []string{
 			"REACT_APP_DEFAULT_FILTER= ",
 			"REACT_APP_HUB_HOST= ",
-			fmt.Sprintf("REACT_APP_HUB_PORT=%d", config.Config.Tap.Proxy.Hub.Port),
+			fmt.Sprintf("REACT_APP_HUB_PORT=:%d", config.Config.Tap.Proxy.Hub.Port),
 		},
 	}, hostConfigFront, nil, nil, nameFront)
 	if err != nil {
@@ -271,7 +283,172 @@ func stopAndRemoveContainers(
 	return
 }
 
-func pcap(tarPath string) {
+func downloadTarFromS3(s3Url string) (tarPath string, err error) {
+	u, err := url.Parse(s3Url)
+	if err != nil {
+		return
+	}
+
+	bucket := u.Host
+	key := u.Path[1:]
+
+	var cfg aws.Config
+	cfg, err = awsConfig.LoadDefaultConfig(context.TODO())
+	if err != nil {
+		return
+	}
+
+	client := s3.NewFromConfig(cfg)
+
+	var listObjectsOutput *s3.ListObjectsV2Output
+	listObjectsOutput, err = client.ListObjectsV2(context.TODO(), &s3.ListObjectsV2Input{
+		Bucket: aws.String(bucket),
+		Prefix: aws.String(key),
+	})
+	if err != nil {
+		return
+	}
+
+	var file *os.File
+	file, err = os.CreateTemp(os.TempDir(), fmt.Sprintf("%s_*.%s", strings.TrimSuffix(filepath.Base(key), filepath.Ext(key)), filepath.Ext(key)))
+	if err != nil {
+		return
+	}
+	defer file.Close()
+
+	log.Info().Str("bucket", bucket).Str("key", key).Msg("Downloading from S3")
+
+	downloader := manager.NewDownloader(client)
+	_, err = downloader.Download(context.TODO(), file, &s3.GetObjectInput{
+		Bucket: aws.String(bucket),
+		Key:    aws.String(key),
+	})
+	if err != nil {
+		log.Info().Err(err).Msg("S3 object is not found. Assuming URL is not a single object. Listing the objects in given folder or the bucket to download...")
+
+		var tempDirPath string
+		tempDirPath, err = os.MkdirTemp(os.TempDir(), "kubeshark_*")
+		if err != nil {
+			return
+		}
+
+		var wg sync.WaitGroup
+		for _, object := range listObjectsOutput.Contents {
+			wg.Add(1)
+			go func(object s3Types.Object) {
+				defer wg.Done()
+				objectKey := *object.Key
+
+				fullPath := filepath.Join(tempDirPath, objectKey)
+				err = os.MkdirAll(filepath.Dir(fullPath), os.ModePerm)
+				if err != nil {
+					return
+				}
+
+				var objectFile *os.File
+				objectFile, err = os.Create(fullPath)
+				if err != nil {
+					return
+				}
+				defer objectFile.Close()
+
+				log.Info().Str("bucket", bucket).Str("key", objectKey).Msg("Downloading from S3")
+
+				downloader := manager.NewDownloader(client)
+				_, err = downloader.Download(context.TODO(), objectFile, &s3.GetObjectInput{
+					Bucket: aws.String(bucket),
+					Key:    aws.String(objectKey),
+				})
+				if err != nil {
+					return
+				}
+			}(object)
+		}
+		wg.Wait()
+
+		tarPath, err = tarDirectory(tempDirPath)
+		return
+	}
+
+	tarPath = file.Name()
+
+	return
+}
+
+func tarDirectory(dirPath string) (string, error) {
+	tarPath := fmt.Sprintf("%s.tar.gz", dirPath)
+
+	var file *os.File
+	file, err := os.Create(tarPath)
+	if err != nil {
+		return "", err
+	}
+	defer file.Close()
+
+	gzipWriter := gzip.NewWriter(file)
+	defer gzipWriter.Close()
+
+	tarWriter := tar.NewWriter(gzipWriter)
+	defer tarWriter.Close()
+
+	walker := func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if info.IsDir() {
+			return nil
+		}
+		file, err := os.Open(path)
+		if err != nil {
+			return err
+		}
+		defer file.Close()
+
+		stat, err := file.Stat()
+		if err != nil {
+			return err
+		}
+
+		header := &tar.Header{
+			Name:    path[len(dirPath)+1:],
+			Size:    stat.Size(),
+			Mode:    int64(stat.Mode()),
+			ModTime: stat.ModTime(),
+		}
+
+		err = tarWriter.WriteHeader(header)
+		if err != nil {
+			return err
+		}
+
+		_, err = io.Copy(tarWriter, file)
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}
+
+	err = filepath.Walk(dirPath, walker)
+	if err != nil {
+		return "", err
+	}
+
+	return tarPath, nil
+}
+
+func pcap(tarPath string) error {
+	if strings.HasPrefix(tarPath, "s3://") {
+		var err error
+		tarPath, err = downloadTarFromS3(tarPath)
+		if err != nil {
+			log.Error().Err(err).Msg("Failed downloading from S3")
+			return err
+		}
+	}
+
+	log.Info().Str("tar-path", tarPath).Msg("Openning")
+
 	docker.SetRegistry(config.Config.Tap.Docker.Registry)
 	docker.SetTag(config.Config.Tap.Docker.Tag)
 
@@ -279,7 +456,7 @@ func pcap(tarPath string) {
 	cli, err := client.NewClientWithOpts(client.FromEnv, client.WithAPIVersionNegotiation())
 	if err != nil {
 		log.Error().Err(err).Send()
-		return
+		return err
 	}
 	defer cli.Close()
 
@@ -290,13 +467,13 @@ func pcap(tarPath string) {
 	err = pullImages(ctx, cli, imageFront, imageHub, imageWorker)
 	if err != nil {
 		log.Error().Err(err).Send()
-		return
+		return err
 	}
 
 	tarFile, err := os.Open(tarPath)
 	if err != nil {
 		log.Error().Err(err).Send()
-		return
+		return err
 	}
 	defer tarFile.Close()
 	tarReader := bufio.NewReader(tarFile)
@@ -311,7 +488,7 @@ func pcap(tarPath string) {
 	)
 	if err != nil {
 		log.Error().Err(err).Send()
-		return
+		return err
 	}
 
 	workerPod := &v1.Pod{
@@ -355,5 +532,8 @@ func pcap(tarPath string) {
 	err = stopAndRemoveContainers(ctx, cli, respFront, respHub, respWorker)
 	if err != nil {
 		log.Error().Err(err).Send()
+		return err
 	}
+
+	return nil
 }

cmd/tapRunner.go

@@ -3,6 +3,7 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"os"
 	"regexp"
 	"sync"
 	"time"
@@ -48,10 +49,18 @@ func tap() {
 	docker.SetTag(config.Config.Tap.Docker.Tag)
 	log.Info().Str("registry", docker.GetRegistry()).Str("tag", docker.GetTag()).Msg("Using Docker:")
 	if config.Config.Tap.Pcap != "" {
-		pcap(config.Config.Tap.Pcap)
+		err := pcap(config.Config.Tap.Pcap)
+		if err != nil {
+			os.Exit(1)
+		}
 		return
 	}
 
+	if !config.Config.Tap.PersistentStorage {
+		config.Config.Tap.StorageLimit = "200Mi"
+		log.Warn().Msg("Storage limit cannot be modified while persistentstorage is set to false!")
+	}
+
 	log.Info().
 		Str("limit", config.Config.Tap.StorageLimit).
 		Msg(fmt.Sprintf("%s will store the traffic up to a limit (per node). Oldest TCP/UDP streams will be removed once the limit is reached.", misc.Software))
@@ -68,13 +77,6 @@ func tap() {
 
 	state.targetNamespaces = kubernetesProvider.GetNamespaces()
 
-	if config.Config.IsNsRestrictedMode() {
-		if len(state.targetNamespaces) != 1 || !utils.Contains(state.targetNamespaces, config.Config.Tap.SelfNamespace) {
-			log.Error().Msg(fmt.Sprintf("%s can't resolve IPs in other namespaces when running in namespace restricted mode. You can use the same namespace for --%s and --%s", misc.Software, configStructs.NamespacesLabel, configStructs.SelfNamespaceLabel))
-			return
-		}
-	}
-
 	log.Info().Strs("namespaces", state.targetNamespaces).Msg("Targeting pods in:")
 
 	if err := printTargetedPodsPreview(ctx, kubernetesProvider, state.targetNamespaces); err != nil {
@@ -87,9 +89,14 @@ func tap() {
 
 	log.Info().Msg(fmt.Sprintf("Waiting for the creation of %s resources...", misc.Software))
 
-	rel, err := helm.NewHelmDefault().Install()
+	rel, err := helm.NewHelm(
+		config.Config.Tap.Release.Repo,
+		config.Config.Tap.Release.Name,
+		config.Config.Tap.Release.Namespace,
+	).Install()
 	if err != nil {
 		log.Error().Err(err).Send()
+		os.Exit(1)
 	} else {
 		log.Info().Msgf("Installed the Helm release: %s", rel.Name)
 	}
@@ -115,7 +122,7 @@ func printProxyCommandSuggestion() {
 }
 
 func finishTapExecution(kubernetesProvider *kubernetes.Provider) {
-	finishSelfExecution(kubernetesProvider, config.Config.IsNsRestrictedMode(), config.Config.Tap.SelfNamespace)
+	finishSelfExecution(kubernetesProvider)
 }
 
 /*
@@ -148,7 +155,7 @@ func printNoPodsFoundSuggestion(targetNamespaces []string) {
 func watchHubPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) {
 	podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s$", kubernetes.HubPodName))
 	podWatchHelper := kubernetes.NewPodWatchHelper(kubernetesProvider, podExactRegex)
-	eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.Tap.SelfNamespace}, podWatchHelper)
+	eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.Tap.Release.Namespace}, podWatchHelper)
 	isPodReady := false
 
 	timeAfter := time.After(120 * time.Second)
@@ -215,7 +222,7 @@ func watchHubPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, c
 
 			log.Error().
 				Str("pod", kubernetes.HubPodName).
-				Str("namespace", config.Config.Tap.SelfNamespace).
+				Str("namespace", config.Config.Tap.Release.Namespace).
 				Err(err).
 				Msg("Failed creating pod.")
 			cancel()
@@ -239,7 +246,7 @@ func watchHubPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, c
 func watchFrontPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) {
 	podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s$", kubernetes.FrontPodName))
 	podWatchHelper := kubernetes.NewPodWatchHelper(kubernetesProvider, podExactRegex)
-	eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.Tap.SelfNamespace}, podWatchHelper)
+	eventChan, errorChan := kubernetes.FilteredWatch(ctx, podWatchHelper, []string{config.Config.Tap.Release.Namespace}, podWatchHelper)
 	isPodReady := false
 
 	timeAfter := time.After(120 * time.Second)
@@ -304,7 +311,7 @@ func watchFrontPod(ctx context.Context, kubernetesProvider *kubernetes.Provider,
 
 			log.Error().
 				Str("pod", kubernetes.FrontPodName).
-				Str("namespace", config.Config.Tap.SelfNamespace).
+				Str("namespace", config.Config.Tap.Release.Namespace).
 				Err(err).
 				Msg("Failed creating pod.")
 
@@ -327,7 +334,7 @@ func watchFrontPod(ctx context.Context, kubernetesProvider *kubernetes.Provider,
 func watchHubEvents(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) {
 	podExactRegex := regexp.MustCompile(fmt.Sprintf("^%s", kubernetes.HubPodName))
 	eventWatchHelper := kubernetes.NewEventWatchHelper(kubernetesProvider, podExactRegex, "pod")
-	eventChan, errorChan := kubernetes.FilteredWatch(ctx, eventWatchHelper, []string{config.Config.Tap.SelfNamespace}, eventWatchHelper)
+	eventChan, errorChan := kubernetes.FilteredWatch(ctx, eventWatchHelper, []string{config.Config.Tap.Release.Namespace}, eventWatchHelper)
 	for {
 		select {
 		case wEvent, ok := <-eventChan:

config/config.go

@@ -61,6 +61,7 @@ func InitConfig(cmd *cobra.Command) error {
 	}
 
 	Config = CreateDefaultConfig()
+	Config.Tap.Debug = DebugMode
 	cmdName = cmd.Name()
 	if utils.Contains([]string{
 		"clean",

config/configStruct.go

@@ -5,7 +5,6 @@ import (
 	"path/filepath"
 
 	"github.com/kubeshark/kubeshark/config/configStructs"
-	"github.com/kubeshark/kubeshark/misc"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/util/homedir"
 )
@@ -52,10 +51,6 @@ func (config *ConfigStruct) ImagePullSecrets() []v1.LocalObjectReference {
 	return ref
 }
 
-func (config *ConfigStruct) IsNsRestrictedMode() bool {
-	return config.Tap.SelfNamespace != misc.Program // Notice "kubeshark" string must match the default SelfNamespace
-}
-
 func (config *ConfigStruct) KubeConfigPath() string {
 	if config.Kube.ConfigPathStr != "" {
 		return config.Kube.ConfigPathStr

config/configStructs/tapConfig.go

@@ -17,7 +17,7 @@ const (
 	ProxyHubPortLabel      = "proxy-hub-port"
 	ProxyHostLabel         = "proxy-host"
 	NamespacesLabel        = "namespaces"
-	SelfNamespaceLabel     = "selfnamespace"
+	ReleaseNamespaceLabel  = "release-namespace"
 	PersistentStorageLabel = "persistentstorage"
 	StorageLimitLabel      = "storagelimit"
 	StorageClassLabel      = "storageclass"
@@ -25,7 +25,7 @@ const (
 	PcapLabel              = "pcap"
 	ServiceMeshLabel       = "servicemesh"
 	TlsLabel               = "tls"
-	IgnoreTaintedLabel     = "ignoreTainted"
+	IgnoreTaintedLabel     = "ignoretainted"
 	IngressEnabledLabel    = "ingress-enabled"
 	DebugLabel             = "debug"
 	ContainerPort          = 80
@@ -81,23 +81,31 @@ type ResourcesConfig struct {
 }
 
 type AuthConfig struct {
-	ApprovedDomains []string `yaml:"approvedDomains" json:"approvedDomains"`
+	ApprovedDomains []string `yaml:"approveddomains" json:"approveddomains"  default:"[]"`
 }
 
 type IngressConfig struct {
 	Enabled     bool                    `yaml:"enabled" json:"enabled" default:"false"`
+	ClassName   string                  `yaml:"classname" json:"classname" default:"kubeshark-ingress-class"`
+	Controller  string                  `yaml:"controller" json:"controller" default:"k8s.io/ingress-nginx"`
 	Host        string                  `yaml:"host" json:"host" default:"ks.svc.cluster.local"`
 	TLS         []networking.IngressTLS `yaml:"tls" json:"tls"`
 	Auth        AuthConfig              `yaml:"auth" json:"auth"`
-	CertManager string                  `yaml:"certManager" json:"certManager" default:"letsencrypt-prod"`
+	CertManager string                  `yaml:"certmanager" json:"certmanager" default:"letsencrypt-prod"`
+}
+
+type ReleaseConfig struct {
+	Repo      string `yaml:"repo" json:"repo" default:"https://helm.kubeshark.co"`
+	Name      string `yaml:"name" json:"name" default:"kubeshark"`
+	Namespace string `yaml:"namespace" json:"namespace" default:"default"`
 }
 
 type TapConfig struct {
 	Docker            DockerConfig          `yaml:"docker" json:"docker"`
 	Proxy             ProxyConfig           `yaml:"proxy" json:"proxy"`
 	PodRegexStr       string                `yaml:"regex" json:"regex" default:".*"`
-	Namespaces        []string              `yaml:"namespaces" json:"namespaces"`
-	SelfNamespace     string                `yaml:"selfnamespace" json:"selfnamespace" default:"kubeshark"`
+	Namespaces        []string              `yaml:"namespaces" json:"namespaces" default:"[]"`
+	Release           ReleaseConfig         `yaml:"release" json:"release"`
 	PersistentStorage bool                  `yaml:"persistentstorage" json:"persistentstorage" default:"false"`
 	StorageLimit      string                `yaml:"storagelimit" json:"storagelimit" default:"200Mi"`
 	StorageClass      string                `yaml:"storageclass" json:"storageclass" default:"standard"`
@@ -107,9 +115,10 @@ type TapConfig struct {
 	ServiceMesh       bool                  `yaml:"servicemesh" json:"servicemesh" default:"true"`
 	Tls               bool                  `yaml:"tls" json:"tls" default:"true"`
 	PacketCapture     string                `yaml:"packetcapture" json:"packetcapture" default:"libpcap"`
-	IgnoreTainted     bool                  `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"`
-	ResourceLabels    map[string]string     `yaml:"resourceLabels" json:"resourceLabels" default:"{}"`
-	NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"`
+	IgnoreTainted     bool                  `yaml:"ignoretainted" json:"ignoretainted" default:"false"`
+	Labels            map[string]string     `yaml:"labels" json:"labels" default:"{}"`
+	Annotations       map[string]string     `yaml:"annotations" json:"annotations" default:"{}"`
+	NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeselectorterms" json:"nodeselectorterms" default:"[]"`
 	Ingress           IngressConfig         `yaml:"ingress" json:"ingress"`
 	Debug             bool                  `yaml:"debug" json:"debug" default:"false"`
 }

errormessage/errormessage.go

@@ -22,9 +22,9 @@ func FormatError(err error) error {
 			"in the config file or setting the targeted namespace with --%s %s=<NAMEPSACE>",
 			err,
 			misc.Software,
-			configStructs.SelfNamespaceLabel,
+			configStructs.ReleaseNamespaceLabel,
 			config.SetCommandName,
-			configStructs.SelfNamespaceLabel)
+			configStructs.ReleaseNamespaceLabel)
 	} else if syntaxError, isSyntaxError := asRegexSyntaxError(err); isSyntaxError {
 		errorNew = fmt.Errorf("regex %s is invalid: %w", syntaxError.Expr, err)
 	} else {

go.mod

@@ -3,6 +3,10 @@ module github.com/kubeshark/kubeshark
 go 1.19
 
 require (
+	github.com/aws/aws-sdk-go-v2 v1.18.1
+	github.com/aws/aws-sdk-go-v2/config v1.18.27
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0
 	github.com/creasty/defaults v1.5.2
 	github.com/docker/docker v20.10.24+incompatible
 	github.com/docker/go-connections v0.4.0
@@ -34,6 +38,21 @@ require (
 	github.com/Masterminds/squirrel v1.5.3 // indirect
 	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.13.26 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 // indirect
+	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
@@ -78,6 +97,7 @@ require (
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect

go.sum

@@ -78,6 +78,44 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
+github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
+github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 h1:dK82zF6kkPeCo8J1e+tGx4JdvDIQzj7ygIoLg8WMuGs=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10/go.mod h1:VeTZetY5KRJLuD/7fkQXMU6Mw7H5m/KP2J5Iy9osMno=
+github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA=
+github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk=
+github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70 h1:4bh28MeeXoBFTjb0JjQ5sVatzlf5xA1DziV8mZed9v4=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70/go.mod h1:9yI5NXzqy2yOiMytv6QLZHvlyHLwYxO9iIq+bZIbrFg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 h1:wscW+pnn3J1OYnanMnza5ZVYXLX4cKk5rAvUAl4Qu+c=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26/go.mod h1:MtYiox5gvyB+OyP0Mr0Sm/yzbEAIPL9eijj/ouHAPw0=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 h1:y2+VQzC6Zh2ojtV2LoC0MNwHWc6qXv/j2vrQtlftkdA=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11/go.mod h1:iV4q2hsqtNECrfmlXyord9u4zyuFEJX9eLgLpSPzWA8=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 h1:zZSLP3v3riMOP14H7b4XP0uyfREDQOYv2cqIrvTXDNQ=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29/go.mod h1:z7EjRjVwZ6pWcWdI2H64dKttvzaP99jRIj5hphW0M5U=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 h1:dBL3StFxHtpBzJJ/mNEsjXVgfO+7jR0dAIEwLqMapEA=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3/go.mod h1:f1QyiAsvIv4B49DmCqrhlXqyaR+0IxMmyX+1P+AnzOM=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0 h1:ya7fmrN2fE7s1P2gaPbNg5MTkERVWfsH8ToP1YC4Z9o=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0/go.mod h1:aVbf0sko/TsLWHx30c/uVu7c62+0EAJ3vbxaJga0xCw=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE=
+github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg=
+github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
+github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -284,6 +322,7 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-github/v37 v37.0.0 h1:rCspN8/6kB1BAJWZfuafvHhyfIo5fkAulaP/3bOQ/tM=
@@ -371,6 +410,10 @@ github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=

helm-chart/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: "41.0"
+appVersion: "41.2"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.co
 keywords:
@@ -22,4 +22,5 @@ name: kubeshark
 sources:
   - https://github.com/kubeshark/kubeshark/tree/master/helm-chart
 type: application
-version: "41.0"
+version: "41.2"
+icon: https://raw.githubusercontent.com/kubeshark/assets/master/logo/vector/logo.svg

helm-chart/README.md

@@ -58,7 +58,7 @@ Visit [localhost:8899](http://localhost:8899)
 helm install kubeshark kubeshark/kubeshark \
   --set tap.ingress.enabled=true \
   --set tap.ingress.host=ks.svc.cluster.local \
-  --set "tap.ingress.auth.approvedDomains={gmail.com}" \
+  --set "tap.ingress.auth.approveddomains={gmail.com}" \
   --set license=LICENSE_GOES_HERE
 ```
 You can get your license [here](https://console.kubeshark.co/).

helm-chart/templates/00-namespace.yaml

@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: '{{ .Values.tap.selfnamespace }}'
-spec: {}
-status: {}

helm-chart/templates/01-service-account.yaml

@@ -4,8 +4,12 @@ kind: ServiceAccount
 metadata:
   creationTimestamp: null
   labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+  {{- if .Values.tap.labels }}
+    {{- toYaml .Values.tap.labels | nindent 4 }}
+  {{- end }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-service-account
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}

helm-chart/templates/02-cluster-role.yaml

@@ -4,11 +4,15 @@ kind: ClusterRole
 metadata:
   creationTimestamp: null
   labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+  {{- if .Values.tap.labels }}
+    {{- toYaml .Values.tap.labels | nindent 4 }}
+  {{- end }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-cluster-role
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 rules:
   - apiGroups:
       - ""

helm-chart/templates/03-cluster-role-binding.yaml

@@ -4,11 +4,15 @@ kind: ClusterRoleBinding
 metadata:
   creationTimestamp: null
   labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+  {{- if .Values.tap.labels }}
+    {{- toYaml .Values.tap.labels | nindent 4 }}
+  {{- end }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-cluster-role-binding
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -16,4 +20,4 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: kubeshark-service-account
-    namespace: '{{ .Values.tap.selfnamespace }}'
+    namespace: {{ .Release.Namespace }}

helm-chart/templates/04-hub-pod.yaml

@@ -5,14 +5,20 @@ metadata:
   creationTimestamp: null
   labels:
     app: kubeshark-hub
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+  {{- if .Values.tap.labels }}
+    {{- toYaml .Values.tap.labels | nindent 4 }}
+  {{- end }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-hub
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 spec:
   containers:
     - command:
-        - '{{ .Values.tap.debug | ternary "./hub -debug" "./hub" }}'
+        - ./hub
+        {{ .Values.tap.debug | ternary "- -debug" "" }}
       env:
         - name: POD_REGEX
           value: '{{ .Values.tap.regex }}'
@@ -25,26 +31,32 @@ spec:
         - name: SCRIPTING_SCRIPTS
           value: '[]'
         - name: AUTH_APPROVED_DOMAINS
-          value: '{{ gt (len .Values.tap.ingress.auth.approvedDomains) 0 | ternary (join "," .Values.tap.ingress.auth.approvedDomains) "" }}'
+          value: '{{ gt (len .Values.tap.ingress.auth.approveddomains) 0 | ternary (join "," .Values.tap.ingress.auth.approveddomains) "" }}'
       image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.tag }}'
-      imagePullPolicy: '{{ .Values.tap.docker.imagepullpolicy }}'
+      imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
       name: kubeshark-hub
-      ports:
-        - containerPort: 80
-          hostPort: {{ .Values.tap.proxy.hub.srvport }}
       resources:
         limits:
-          cpu: '{{ .Values.tap.resources.hub.limits.cpu }}'
-          memory: '{{ .Values.tap.resources.hub.limits.memory }}'
+          cpu: {{ .Values.tap.resources.hub.limits.cpu }}
+          memory: {{ .Values.tap.resources.hub.limits.memory }}
         requests:
-          cpu: '{{ .Values.tap.resources.hub.requests.cpu }}'
-          memory: '{{ .Values.tap.resources.hub.requests.memory }}'
+          cpu: {{ .Values.tap.resources.hub.requests.cpu }}
+          memory: {{ .Values.tap.resources.hub.requests.memory }}
   dnsPolicy: ClusterFirstWithHostNet
   serviceAccountName: kubeshark-service-account
   terminationGracePeriodSeconds: 0
   tolerations:
     - effect: NoExecute
       operator: Exists
+{{- if not .Values.tap.ignoretainted }}
     - effect: NoSchedule
       operator: Exists
+{{- end }}
+{{- if gt (len .Values.tap.nodeselectorterms) 0}}
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          {{- toYaml .Values.tap.nodeselectorterms | nindent 8 }}
+{{- end }}
 status: {}

helm-chart/templates/05-hub-service.yaml

@@ -4,10 +4,15 @@ kind: Service
 metadata:
   creationTimestamp: null
   labels:
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+  {{- if .Values.tap.labels }}
+    {{- toYaml .Values.tap.labels | nindent 4 }}
+  {{- end }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-hub
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 spec:
   ports:
     - name: kubeshark-hub

helm-chart/templates/06-front-pod.yaml

@@ -5,10 +5,15 @@ metadata:
   creationTimestamp: null
   labels:
     app: kubeshark-front
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+  {{- if .Values.tap.labels }}
+    {{- toYaml .Values.tap.labels | nindent 4 }}
+  {{- end }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-front
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 spec:
   containers:
     - env:
@@ -17,13 +22,10 @@ spec:
         - name: REACT_APP_HUB_HOST
           value: ' '
         - name: REACT_APP_HUB_PORT
-          value: '{{ .Values.tap.ingress.enabled | ternary "80/api" "8898" }}'
+          value: '{{ .Values.tap.ingress.enabled | ternary "/api" ":8898" }}'
       image: '{{ .Values.tap.docker.registry }}/front:{{ .Values.tap.docker.tag }}'
-      imagePullPolicy: '{{ .Values.tap.docker.imagepullpolicy }}'
+      imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
       name: kubeshark-front
-      ports:
-        - containerPort: 80
-          hostPort: {{ .Values.tap.proxy.front.srvport }}
       readinessProbe:
         failureThreshold: 3
         periodSeconds: 1
@@ -44,6 +46,15 @@ spec:
   tolerations:
     - effect: NoExecute
       operator: Exists
+{{- if not .Values.tap.ignoretainted }}
     - effect: NoSchedule
       operator: Exists
+{{- end }}
+{{- if gt (len .Values.tap.nodeselectorterms) 0}}
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          {{- toYaml .Values.tap.nodeselectorterms | nindent 8 }}
+{{- end }}
 status: {}

helm-chart/templates/07-front-service.yaml

@@ -4,10 +4,15 @@ kind: Service
 metadata:
   creationTimestamp: null
   labels:
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+  {{- if .Values.tap.labels }}
+    {{- toYaml .Values.tap.labels | nindent 4 }}
+  {{- end }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-front
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 spec:
   ports:
     - name: kubeshark-front

helm-chart/templates/08-persistent-volume-claim.yaml

@@ -5,17 +5,21 @@ kind: PersistentVolumeClaim
 metadata:
   creationTimestamp: null
   labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+  {{- if .Values.tap.labels }}
+    {{- toYaml .Values.tap.labels | nindent 4 }}
+  {{- end }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-persistent-volume-claim
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 spec:
   accessModes:
     - ReadWriteMany
   resources:
     requests:
-      storage: '{{ .Values.tap.storagelimit }}'
-  storageClassName: '{{ .Values.tap.storageclass }}'
+      storage: {{ .Values.tap.storagelimit }}
+  storageClassName: {{ .Values.tap.storageclass }}
 status: {}
 {{- end }}

helm-chart/templates/09-worker-daemon-set.yaml

@@ -5,29 +5,37 @@ metadata:
   creationTimestamp: null
   labels:
     app: kubeshark-worker-daemon-set
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+  {{- if .Values.tap.labels }}
+    {{- toYaml .Values.tap.labels | nindent 4 }}
+  {{- end }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-worker-daemon-set
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 spec:
   selector:
     matchLabels:
       app: kubeshark-worker-daemon-set
-      kubeshark-created-by: kubeshark
-      kubeshark-managed-by: kubeshark
+    {{- if .Values.tap.labels }}
+      {{- toYaml .Values.tap.labels | nindent 6 }}
+    {{- end }}
   template:
     metadata:
       creationTimestamp: null
       labels:
         app: kubeshark-worker-daemon-set
-        kubeshark-created-by: kubeshark
-        kubeshark-managed-by: kubeshark
+      {{- if .Values.tap.labels }}
+        {{- toYaml .Values.tap.labels | nindent 8 }}
+      {{- end }}
       name: kubeshark-worker-daemon-set
       namespace: kubeshark
     spec:
       containers:
         - command:
-            - '{{ .Values.tap.debug | ternary "./worker -debug" "./worker" }}'
+            - ./worker
+            {{ .Values.tap.debug | ternary "- -debug" "" }}
             - -i
             - any
             - -port
@@ -39,18 +47,15 @@ spec:
             - -procfs
             - /hostproc
           image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.tag }}'
-          imagePullPolicy: '{{ .Values.tap.docker.imagepullpolicy }}'
+          imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
           name: kubeshark-worker-daemon-set
-          ports:
-            - containerPort: {{ .Values.tap.proxy.worker.srvport }}
-              hostPort: {{ .Values.tap.proxy.worker.srvport }}
           resources:
             limits:
-              cpu: '{{ .Values.tap.resources.worker.limits.cpu }}'
-              memory: '{{ .Values.tap.resources.worker.limits.memory }}'
+              cpu: {{ .Values.tap.resources.worker.limits.cpu }}
+              memory: {{ .Values.tap.resources.worker.limits.memory }}
             requests:
-              cpu: '{{ .Values.tap.resources.worker.requests.cpu }}'
-              memory: '{{ .Values.tap.resources.worker.requests.memory }}'
+              cpu: {{ .Values.tap.resources.worker.requests.cpu }}
+              memory: {{ .Values.tap.resources.worker.requests.memory }}
           securityContext:
             capabilities:
               add:
@@ -80,8 +85,17 @@ spec:
       tolerations:
         - effect: NoExecute
           operator: Exists
+{{- if not .Values.tap.ignoretainted }}
         - effect: NoSchedule
           operator: Exists
+{{- end }}
+{{- if gt (len .Values.tap.nodeselectorterms) 0}}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              {{- toYaml .Values.tap.nodeselectorterms | nindent 12 }}
+{{- end }}
       volumes:
         - hostPath:
             path: /proc

helm-chart/templates/10-ingress-class.yaml

@@ -5,11 +5,15 @@ kind: IngressClass
 metadata:
   creationTimestamp: null
   labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+  {{- if .Values.tap.labels }}
+    {{- toYaml .Values.tap.labels | nindent 4 }}
+  {{- end }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   name: kubeshark-ingress-class
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 spec:
-  controller: k8s.io/ingress-nginx
+  controller: {{ .Values.tap.ingress.controller }}
 {{- end }}

helm-chart/templates/11-ingress.yaml

@@ -4,19 +4,22 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   annotations:
-    certmanager.k8s.io/cluster-issuer: '{{ .Values.tap.ingress.certManager }}'
+    certmanager.k8s.io/cluster-issuer: {{ .Values.tap.ingress.certmanager }}
     nginx.ingress.kubernetes.io/rewrite-target: /$2
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
   creationTimestamp: null
   labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
+  {{- if .Values.tap.labels }}
+    {{- toYaml .Values.tap.labels | nindent 4 }}
+  {{- end }}
   name: kubeshark-ingress
-  namespace: '{{ .Values.tap.selfnamespace }}'
+  namespace: {{ .Release.Namespace }}
 spec:
-  ingressClassName: kubeshark-ingress-class
+  ingressClassName: {{ .Values.tap.ingress.classname }}
   rules:
-    - host: '{{ .Values.tap.ingress.host }}'
+    - host: {{ .Values.tap.ingress.host }}
       http:
         paths:
           - backend:
@@ -33,7 +36,10 @@ spec:
                   number: 80
             path: /()(.*)
             pathType: Prefix
-  tls: {{ .Values.tap.ingress.tls | toYaml }}
+  tls:
+  {{- if gt (len .Values.tap.ingress.tls) 0}}
+    {{- toYaml .Values.tap.ingress.tls | nindent 2 }}
+  {{- end }}
 status:
   loadBalancer: {}
 {{- end }}

helm-chart/values.yaml

@@ -16,7 +16,10 @@ tap:
     host: 127.0.0.1
   regex: .*
   namespaces: []
-  selfnamespace: kubeshark
+  release:
+    repo: https://helm.kubeshark.co
+    name: kubeshark
+    namespace: default
   persistentstorage: false
   storagelimit: 200Mi
   storageclass: standard
@@ -40,16 +43,19 @@ tap:
   servicemesh: true
   tls: true
   packetcapture: libpcap
-  ignoreTainted: false
-  resourceLabels: {}
-  nodeSelectorTerms: []
+  ignoretainted: false
+  labels: {}
+  annotations: {}
+  nodeselectorterms: []
   ingress:
     enabled: false
+    classname: kubeshark-ingress-class
+    controller: k8s.io/ingress-nginx
     host: ks.svc.cluster.local
     tls: []
     auth:
-      approvedDomains: []
-    certManager: letsencrypt-prod
+      approveddomains: []
+    certmanager: letsencrypt-prod
   debug: false
 logs:
   file: ""

kubernetes/helm/helm.go

@@ -2,11 +2,14 @@ package helm
 
 import (
 	"encoding/json"
+	"fmt"
 	"os"
 	"path/filepath"
 	"regexp"
+	"strings"
 
 	"github.com/kubeshark/kubeshark/config"
+	"github.com/kubeshark/kubeshark/misc"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog/log"
 	"helm.sh/helm/v3/pkg/action"
@@ -39,14 +42,6 @@ func NewHelm(repo string, releaseName string, releaseNamespace string) *Helm {
 	}
 }
 
-func NewHelmDefault() *Helm {
-	return &Helm{
-		repo:             "https://helm.kubeshark.co",
-		releaseName:      "kubeshark",
-		releaseNamespace: "default",
-	}
-}
-
 func parseOCIRef(chartRef string) (string, string, error) {
 	refTagRegexp := regexp.MustCompile(`^(oci://[^:]+(:[0-9]{1,5})?[^:]+):(.*)$`)
 	caps := refTagRegexp.FindStringSubmatch(chartRef)
@@ -72,70 +67,74 @@ func (h *Helm) Install() (rel *release.Release, err error) {
 	client.Namespace = h.releaseNamespace
 	client.ReleaseName = h.releaseName
 
-	var chartURL string
-	chartURL, err = repo.FindChartInRepoURL(h.repo, h.releaseName, "", "", "", "", getter.All(&cli.EnvSettings{}))
-	if err != nil {
-		return
-	}
-
-	var cp string
-	cp, err = client.ChartPathOptions.LocateChart(chartURL, settings)
-	if err != nil {
-		return
-	}
-
-	m := &downloader.Manager{
-		Out:              os.Stdout,
-		ChartPath:        cp,
-		Keyring:          client.ChartPathOptions.Keyring,
-		SkipUpdate:       false,
-		Getters:          getter.All(settings),
-		RepositoryConfig: settings.RepositoryConfig,
-		RepositoryCache:  settings.RepositoryCache,
-		Debug:            settings.Debug,
-	}
-
-	dl := downloader.ChartDownloader{
-		Out:              m.Out,
-		Verify:           m.Verify,
-		Keyring:          m.Keyring,
-		RepositoryConfig: m.RepositoryConfig,
-		RepositoryCache:  m.RepositoryCache,
-		RegistryClient:   m.RegistryClient,
-		Getters:          m.Getters,
-		Options: []getter.Option{
-			getter.WithInsecureSkipVerifyTLS(false),
-		},
-	}
-
-	repoPath := filepath.Dir(m.ChartPath)
-	err = os.MkdirAll(repoPath, os.ModePerm)
-	if err != nil {
-		return
-	}
-
-	version := ""
-	if registry.IsOCI(chartURL) {
-		chartURL, version, err = parseOCIRef(chartURL)
+	chartPath := os.Getenv(fmt.Sprintf("%s_HELM_CHART_PATH", strings.ToUpper(misc.Program)))
+	if chartPath == "" {
+		var chartURL string
+		chartURL, err = repo.FindChartInRepoURL(h.repo, h.releaseName, "", "", "", "", getter.All(&cli.EnvSettings{}))
 		if err != nil {
 			return
 		}
-		dl.Options = append(dl.Options,
-			getter.WithRegistryClient(m.RegistryClient),
-			getter.WithTagName(version))
+
+		var cp string
+		cp, err = client.ChartPathOptions.LocateChart(chartURL, settings)
+		if err != nil {
+			return
+		}
+
+		m := &downloader.Manager{
+			Out:              os.Stdout,
+			ChartPath:        cp,
+			Keyring:          client.ChartPathOptions.Keyring,
+			SkipUpdate:       false,
+			Getters:          getter.All(settings),
+			RepositoryConfig: settings.RepositoryConfig,
+			RepositoryCache:  settings.RepositoryCache,
+			Debug:            settings.Debug,
+		}
+
+		dl := downloader.ChartDownloader{
+			Out:              m.Out,
+			Verify:           m.Verify,
+			Keyring:          m.Keyring,
+			RepositoryConfig: m.RepositoryConfig,
+			RepositoryCache:  m.RepositoryCache,
+			RegistryClient:   m.RegistryClient,
+			Getters:          m.Getters,
+			Options: []getter.Option{
+				getter.WithInsecureSkipVerifyTLS(false),
+			},
+		}
+
+		repoPath := filepath.Dir(m.ChartPath)
+		err = os.MkdirAll(repoPath, os.ModePerm)
+		if err != nil {
+			return
+		}
+
+		version := ""
+		if registry.IsOCI(chartURL) {
+			chartURL, version, err = parseOCIRef(chartURL)
+			if err != nil {
+				return
+			}
+			dl.Options = append(dl.Options,
+				getter.WithRegistryClient(m.RegistryClient),
+				getter.WithTagName(version))
+		}
+
+		log.Info().
+			Str("url", chartURL).
+			Str("repo-path", repoPath).
+			Msg("Downloading Helm chart:")
+
+		if _, _, err = dl.DownloadTo(chartURL, version, repoPath); err != nil {
+			return
+		}
+
+		chartPath = m.ChartPath
 	}
-
-	log.Info().
-		Str("url", chartURL).
-		Str("repo-path", repoPath).
-		Msg("Downloading Helm chart:")
-
-	if _, _, err = dl.DownloadTo(chartURL, version, repoPath); err != nil {
-		return
-	}
-
 	var chart *chart.Chart
-	chart, err = loader.Load(m.ChartPath)
+	chart, err = loader.Load(chartPath)
 	if err != nil {
 		return
 	}

manifests/00-namespace.yaml

@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark
-spec: {}
-status: {}

manifests/01-service-account.yaml

@@ -1,11 +0,0 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-service-account
-  namespace: kubeshark

manifests/02-cluster-role.yaml

@@ -1,27 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-cluster-role
-  namespace: kubeshark
-rules:
-  - apiGroups:
-      - ""
-      - extensions
-      - apps
-      - networking.k8s.io
-    resources:
-      - pods
-      - services
-      - endpoints
-      - persistentvolumeclaims
-      - ingresses
-    verbs:
-      - list
-      - get
-      - watch

manifests/03-cluster-role-binding.yaml

@@ -1,19 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-cluster-role-binding
-  namespace: kubeshark
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kubeshark-cluster-role
-subjects:
-  - kind: ServiceAccount
-    name: kubeshark-service-account
-    namespace: kubeshark

manifests/04-hub-pod.yaml

@@ -1,47 +0,0 @@
----
-apiVersion: v1
-kind: Pod
-metadata:
-  creationTimestamp: null
-  labels:
-    app: kubeshark-hub
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-hub
-  namespace: kubeshark
-spec:
-  containers:
-    - command:
-        - ./hub
-      env:
-        - name: POD_REGEX
-          value: .*
-        - name: NAMESPACES
-        - name: LICENSE
-        - name: SCRIPTING_ENV
-          value: '{}'
-        - name: SCRIPTING_SCRIPTS
-          value: '[]'
-        - name: AUTH_APPROVED_DOMAINS
-      image: docker.io/kubeshark/hub:latest
-      imagePullPolicy: Always
-      name: kubeshark-hub
-      ports:
-        - containerPort: 80
-          hostPort: 8898
-      resources:
-        limits:
-          cpu: 750m
-          memory: 1Gi
-        requests:
-          cpu: 50m
-          memory: 50Mi
-  dnsPolicy: ClusterFirstWithHostNet
-  serviceAccountName: kubeshark-service-account
-  terminationGracePeriodSeconds: 0
-  tolerations:
-    - effect: NoExecute
-      operator: Exists
-    - effect: NoSchedule
-      operator: Exists
-status: {}

manifests/05-hub-service.yaml

@@ -1,20 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-hub
-  namespace: kubeshark
-spec:
-  ports:
-    - name: kubeshark-hub
-      port: 80
-      targetPort: 80
-  selector:
-    app: kubeshark-hub
-  type: NodePort
-status:
-  loadBalancer: {}

manifests/06-front-pod.yaml

@@ -1,49 +0,0 @@
----
-apiVersion: v1
-kind: Pod
-metadata:
-  creationTimestamp: null
-  labels:
-    app: kubeshark-front
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-front
-  namespace: kubeshark
-spec:
-  containers:
-    - env:
-        - name: REACT_APP_DEFAULT_FILTER
-          value: ' '
-        - name: REACT_APP_HUB_HOST
-          value: ' '
-        - name: REACT_APP_HUB_PORT
-          value: "8898"
-      image: docker.io/kubeshark/front:latest
-      imagePullPolicy: Always
-      name: kubeshark-front
-      ports:
-        - containerPort: 80
-          hostPort: 8899
-      readinessProbe:
-        failureThreshold: 3
-        periodSeconds: 1
-        successThreshold: 1
-        tcpSocket:
-          port: 80
-        timeoutSeconds: 1
-      resources:
-        limits:
-          cpu: 750m
-          memory: 1Gi
-        requests:
-          cpu: 50m
-          memory: 50Mi
-  dnsPolicy: ClusterFirstWithHostNet
-  serviceAccountName: kubeshark-service-account
-  terminationGracePeriodSeconds: 0
-  tolerations:
-    - effect: NoExecute
-      operator: Exists
-    - effect: NoSchedule
-      operator: Exists
-status: {}

manifests/07-front-service.yaml

@@ -1,20 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-front
-  namespace: kubeshark
-spec:
-  ports:
-    - name: kubeshark-front
-      port: 80
-      targetPort: 80
-  selector:
-    app: kubeshark-front
-  type: NodePort
-status:
-  loadBalancer: {}

manifests/08-persistent-volume-claim.yaml

@@ -1,19 +0,0 @@
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-persistent-volume-claim
-  namespace: kubeshark
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 200Mi
-  storageClassName: standard
-status: {}

manifests/09-worker-daemon-set.yaml

@@ -1,92 +0,0 @@
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  creationTimestamp: null
-  labels:
-    app: kubeshark-worker-daemon-set
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-worker-daemon-set
-  namespace: kubeshark
-spec:
-  selector:
-    matchLabels:
-      app: kubeshark-worker-daemon-set
-      kubeshark-created-by: kubeshark
-      kubeshark-managed-by: kubeshark
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        app: kubeshark-worker-daemon-set
-        kubeshark-created-by: kubeshark
-        kubeshark-managed-by: kubeshark
-      name: kubeshark-worker-daemon-set
-      namespace: kubeshark
-    spec:
-      containers:
-        - command:
-            - ./worker
-            - -i
-            - any
-            - -port
-            - "8897"
-            - -packet-capture
-            - libpcap
-            - -servicemesh
-            - -tls
-            - -procfs
-            - /hostproc
-          image: docker.io/kubeshark/worker:latest
-          imagePullPolicy: Always
-          name: kubeshark-worker-daemon-set
-          ports:
-            - containerPort: 8897
-              hostPort: 8897
-          resources:
-            limits:
-              cpu: 750m
-              memory: 1Gi
-            requests:
-              cpu: 50m
-              memory: 50Mi
-          securityContext:
-            capabilities:
-              add:
-                - NET_RAW
-                - NET_ADMIN
-                - SYS_ADMIN
-                - SYS_PTRACE
-                - DAC_OVERRIDE
-                - SYS_RESOURCE
-              drop:
-                - ALL
-          volumeMounts:
-            - mountPath: /hostproc
-              name: proc
-              readOnly: true
-            - mountPath: /sys
-              name: sys
-              readOnly: true
-            - mountPath: /app/data
-              name: kubeshark-persistent-volume
-      dnsPolicy: ClusterFirstWithHostNet
-      hostNetwork: true
-      serviceAccountName: kubeshark-service-account
-      terminationGracePeriodSeconds: 0
-      tolerations:
-        - effect: NoExecute
-          operator: Exists
-        - effect: NoSchedule
-          operator: Exists
-      volumes:
-        - hostPath:
-            path: /proc
-          name: proc
-        - hostPath:
-            path: /sys
-          name: sys
-        - name: kubeshark-persistent-volume
-          persistentVolumeClaim:
-            claimName: kubeshark-persistent-volume-claim

manifests/10-ingress-class.yaml

@@ -1,13 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: IngressClass
-metadata:
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-ingress-class
-  namespace: kubeshark
-spec:
-  controller: k8s.io/ingress-nginx

manifests/11-ingress.yaml

@@ -1,36 +0,0 @@
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
-    nginx.ingress.kubernetes.io/rewrite-target: /$2
-  creationTimestamp: null
-  labels:
-    kubeshark-cli-version: v1
-    kubeshark-created-by: kubeshark
-    kubeshark-managed-by: kubeshark
-  name: kubeshark-ingress
-  namespace: kubeshark
-spec:
-  ingressClassName: kubeshark-ingress-class
-  rules:
-    - host: ks.svc.cluster.local
-      http:
-        paths:
-          - backend:
-              service:
-                name: kubeshark-hub
-                port:
-                  number: 80
-            path: /api(/|$)(.*)
-            pathType: Prefix
-          - backend:
-              service:
-                name: kubeshark-front
-                port:
-                  number: 80
-            path: /()(.*)
-            pathType: Prefix
-status:
-  loadBalancer: {}

manifests/complete.yaml

@@ -0,0 +1,267 @@
+---
+# Source: kubeshark/templates/01-service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  creationTimestamp: null
+  labels:
+  annotations:
+  name: kubeshark-service-account
+  namespace: default
+---
+# Source: kubeshark/templates/02-cluster-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+  annotations:
+  name: kubeshark-cluster-role
+  namespace: default
+rules:
+  - apiGroups:
+      - ""
+      - extensions
+      - apps
+      - networking.k8s.io
+    resources:
+      - pods
+      - services
+      - endpoints
+      - persistentvolumeclaims
+      - ingresses
+    verbs:
+      - list
+      - get
+      - watch
+---
+# Source: kubeshark/templates/03-cluster-role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+  annotations:
+  name: kubeshark-cluster-role-binding
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubeshark-cluster-role
+subjects:
+  - kind: ServiceAccount
+    name: kubeshark-service-account
+    namespace: default
+---
+# Source: kubeshark/templates/05-hub-service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+  annotations:
+  name: kubeshark-hub
+  namespace: default
+spec:
+  ports:
+    - name: kubeshark-hub
+      port: 80
+      targetPort: 80
+  selector:
+    app: kubeshark-hub
+  type: NodePort
+status:
+  loadBalancer: {}
+---
+# Source: kubeshark/templates/07-front-service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+  annotations:
+  name: kubeshark-front
+  namespace: default
+spec:
+  ports:
+    - name: kubeshark-front
+      port: 80
+      targetPort: 80
+  selector:
+    app: kubeshark-front
+  type: NodePort
+status:
+  loadBalancer: {}
+---
+# Source: kubeshark/templates/09-worker-daemon-set.yaml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  creationTimestamp: null
+  labels:
+    app: kubeshark-worker-daemon-set
+  annotations:
+  name: kubeshark-worker-daemon-set
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: kubeshark-worker-daemon-set
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: kubeshark-worker-daemon-set
+      name: kubeshark-worker-daemon-set
+      namespace: kubeshark
+    spec:
+      containers:
+        - command:
+            - './worker'
+            - -i
+            - any
+            - -port
+            - '8897'
+            - -packet-capture
+            - 'libpcap'
+            - -servicemesh
+            - -tls
+            - -procfs
+            - /hostproc
+          image: 'docker.io/kubeshark/worker:latest'
+          imagePullPolicy: Always
+          name: kubeshark-worker-daemon-set
+          resources:
+            limits:
+              cpu: 750m
+              memory: 1Gi
+            requests:
+              cpu: 50m
+              memory: 50Mi
+          securityContext:
+            capabilities:
+              add:
+                - NET_RAW
+                - NET_ADMIN
+                - SYS_ADMIN
+                - SYS_PTRACE
+                - DAC_OVERRIDE
+                - SYS_RESOURCE
+              drop:
+                - ALL
+          volumeMounts:
+            - mountPath: /hostproc
+              name: proc
+              readOnly: true
+            - mountPath: /sys
+              name: sys
+              readOnly: true
+      dnsPolicy: ClusterFirstWithHostNet
+      hostNetwork: true
+      serviceAccountName: kubeshark-service-account
+      terminationGracePeriodSeconds: 0
+      tolerations:
+        - effect: NoExecute
+          operator: Exists
+        - effect: NoSchedule
+          operator: Exists
+      volumes:
+        - hostPath:
+            path: /proc
+          name: proc
+        - hostPath:
+            path: /sys
+          name: sys
+---
+# Source: kubeshark/templates/04-hub-pod.yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  creationTimestamp: null
+  labels:
+    app: kubeshark-hub
+  annotations:
+  name: kubeshark-hub
+  namespace: default
+spec:
+  containers:
+    - command:
+        - ./hub
+      env:
+        - name: POD_REGEX
+          value: '.*'
+        - name: NAMESPACES
+          value: ''
+        - name: LICENSE
+          value: ''
+        - name: SCRIPTING_ENV
+          value: '{}'
+        - name: SCRIPTING_SCRIPTS
+          value: '[]'
+        - name: AUTH_APPROVED_DOMAINS
+          value: ''
+      image: 'docker.io/kubeshark/hub:latest'
+      imagePullPolicy: Always
+      name: kubeshark-hub
+      resources:
+        limits:
+          cpu: 750m
+          memory: 1Gi
+        requests:
+          cpu: 50m
+          memory: 50Mi
+  dnsPolicy: ClusterFirstWithHostNet
+  serviceAccountName: kubeshark-service-account
+  terminationGracePeriodSeconds: 0
+  tolerations:
+    - effect: NoExecute
+      operator: Exists
+    - effect: NoSchedule
+      operator: Exists
+status: {}
+---
+# Source: kubeshark/templates/06-front-pod.yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  creationTimestamp: null
+  labels:
+    app: kubeshark-front
+  annotations:
+  name: kubeshark-front
+  namespace: default
+spec:
+  containers:
+    - env:
+        - name: REACT_APP_DEFAULT_FILTER
+          value: ' '
+        - name: REACT_APP_HUB_HOST
+          value: ' '
+        - name: REACT_APP_HUB_PORT
+          value: ':8898'
+      image: 'docker.io/kubeshark/front:latest'
+      imagePullPolicy: Always
+      name: kubeshark-front
+      readinessProbe:
+        failureThreshold: 3
+        periodSeconds: 1
+        successThreshold: 1
+        tcpSocket:
+          port: 80
+        timeoutSeconds: 1
+      resources:
+        limits:
+          cpu: 750m
+          memory: 1Gi
+        requests:
+          cpu: 50m
+          memory: 50Mi
+  dnsPolicy: ClusterFirstWithHostNet
+  serviceAccountName: kubeshark-service-account
+  terminationGracePeriodSeconds: 0
+  tolerations:
+    - effect: NoExecute
+      operator: Exists
+    - effect: NoSchedule
+      operator: Exists
+status: {}

misc/fsUtils/kubesharkLogsUtils.go

@@ -15,13 +15,13 @@ import (
 
 func DumpLogs(ctx context.Context, provider *kubernetes.Provider, filePath string) error {
 	podExactRegex := regexp.MustCompile("^" + kubernetes.SelfResourcesPrefix)
-	pods, err := provider.ListAllPodsMatchingRegex(ctx, podExactRegex, []string{config.Config.Tap.SelfNamespace})
+	pods, err := provider.ListAllPodsMatchingRegex(ctx, podExactRegex, []string{config.Config.Tap.Release.Namespace})
 	if err != nil {
 		return err
 	}
 
 	if len(pods) == 0 {
-		return fmt.Errorf("No %s pods found in namespace %s", misc.Software, config.Config.Tap.SelfNamespace)
+		return fmt.Errorf("No %s pods found in namespace %s", misc.Software, config.Config.Tap.Release.Namespace)
 	}
 
 	newZipFile, err := os.Create(filePath)
@@ -60,17 +60,17 @@ func DumpLogs(ctx context.Context, provider *kubernetes.Provider, filePath strin
 		}
 	}
 
-	events, err := provider.GetNamespaceEvents(ctx, config.Config.Tap.SelfNamespace)
+	events, err := provider.GetNamespaceEvents(ctx, config.Config.Tap.Release.Namespace)
 	if err != nil {
 		log.Error().Err(err).Msg("Failed to get k8b events!")
 	} else {
-		log.Debug().Str("namespace", config.Config.Tap.SelfNamespace).Msg("Successfully read events.")
+		log.Debug().Str("namespace", config.Config.Tap.Release.Namespace).Msg("Successfully read events.")
 	}
 
-	if err := AddStrToZip(zipWriter, events, fmt.Sprintf("%s_events.log", config.Config.Tap.SelfNamespace)); err != nil {
+	if err := AddStrToZip(zipWriter, events, fmt.Sprintf("%s_events.log", config.Config.Tap.Release.Namespace)); err != nil {
 		log.Error().Err(err).Msg("Failed write logs!")
 	} else {
-		log.Debug().Str("namespace", config.Config.Tap.SelfNamespace).Msg("Successfully added events.")
+		log.Debug().Str("namespace", config.Config.Tap.Release.Namespace).Msg("Successfully added events.")
 	}
 
 	if err := AddFileToZip(zipWriter, config.ConfigFilePath); err != nil {

misc/version/versionCheck.go

@@ -16,7 +16,7 @@ import (
 )
 
 func CheckNewerVersion() {
-	if os.Getenv("KUBESHARK_DISABLE_VERSION_CHECK") != "" {
+	if os.Getenv(fmt.Sprintf("%s_DISABLE_VERSION_CHECK", strings.ToUpper(misc.Program))) != "" {
 		return
 	}