🔖 Bump the Helm chart version to 50.3

🔧 Run make generate-manifests
♻️ Turn the Ingress path rewrite for Hub into an Nginx location directive (#1426 )
2026-02-16 11:00:10 +00:00 · 2023-09-17 00:09:37 +03:00 · 2023-09-16 23:52:53 +03:00 · 2023-09-15 21:43:34 +03:00 · 2023-09-04 02:25:33 +03:00 · 2023-09-04 02:20:26 +03:00
26 changed files with 235 additions and 185 deletions
--- a/cmd/console.go
+++ b/cmd/console.go
@@ -36,13 +36,13 @@ func init() {
 		log.Debug().Err(err).Send()
 	}

-	consoleCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.Port, "Provide a custom port for the Hub")
-	consoleCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Hub")
+	consoleCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the Kubeshark")
+	consoleCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Kubeshark")
 	consoleCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 }

 func runConsole() {
-	hubUrl := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)
+	hubUrl := kubernetes.GetHubUrl()
 	response, err := http.Get(fmt.Sprintf("%s/echo", hubUrl))
 	if err != nil || response.StatusCode != 200 {
 		log.Info().Msg(fmt.Sprintf(utils.Yellow, "Couldn't connect to Hub. Establishing proxy..."))
@@ -52,10 +52,10 @@ func runConsole() {
 	interrupt := make(chan os.Signal, 1)
 	signal.Notify(interrupt, os.Interrupt)

-	log.Info().Str("host", config.Config.Tap.Proxy.Host).Uint16("port", config.Config.Tap.Proxy.Hub.Port).Msg("Connecting to:")
+	log.Info().Str("host", config.Config.Tap.Proxy.Host).Str("url", hubUrl).Msg("Connecting to:")
 	u := url.URL{
 		Scheme: "ws",
-		Host:   fmt.Sprintf("%s:%d", config.Config.Tap.Proxy.Host, config.Config.Tap.Proxy.Hub.Port),
+		Host:   fmt.Sprintf("%s:%d/api", config.Config.Tap.Proxy.Host, config.Config.Tap.Proxy.Front.Port),
 		Path:   "/scripts/logs",
 	}
 	headers := http.Header{}
--- a/cmd/export.go
+++ b/cmd/export.go
@@ -8,7 +8,6 @@ import (
 	"time"

 	"github.com/creasty/defaults"
-	"github.com/kubeshark/kubeshark/config"
 	"github.com/kubeshark/kubeshark/config/configStructs"
 	"github.com/kubeshark/kubeshark/internal/connect"
 	"github.com/kubeshark/kubeshark/kubernetes"
@@ -34,13 +33,13 @@ func init() {
 		log.Debug().Err(err).Send()
 	}

-	exportCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.Port, "Provide a custom port for the Hub")
-	exportCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Hub")
+	exportCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the Kubeshark")
+	exportCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Kubeshark")
 	exportCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 }

 func runExport() {
-	hubUrl := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)
+	hubUrl := kubernetes.GetHubUrl()
 	response, err := http.Get(fmt.Sprintf("%s/echo", hubUrl))
 	if err != nil || response.StatusCode != 200 {
 		log.Info().Msg(fmt.Sprintf(utils.Yellow, "Couldn't connect to Hub. Establishing proxy..."))
@@ -58,6 +57,6 @@ func runExport() {
 	}
 	defer out.Close()

-	connector := connect.NewConnector(kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port), connect.DefaultRetries, connect.DefaultTimeout)
+	connector := connect.NewConnector(kubernetes.GetHubUrl(), connect.DefaultRetries, connect.DefaultTimeout)
 	connector.PostPcapsMerge(out)
 }
--- a/cmd/pro.go
+++ b/cmd/pro.go
@@ -40,19 +40,19 @@ func init() {
 		log.Debug().Err(err).Send()
 	}

-	proCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.Port, "Provide a custom port for the Hub")
-	proCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Hub")
+	proCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the Kubeshark")
+	proCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Kubeshark")
 }

 func acquireLicense() {
-	hubUrl := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)
+	hubUrl := kubernetes.GetHubUrl()
 	response, err := http.Get(fmt.Sprintf("%s/echo", hubUrl))
 	if err != nil || response.StatusCode != 200 {
 		log.Info().Msg(fmt.Sprintf(utils.Yellow, "Couldn't connect to Hub. Establishing proxy..."))
 		runProxy(false, true)
 	}

-	connector = connect.NewConnector(kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port), connect.DefaultRetries, connect.DefaultTimeout)
+	connector = connect.NewConnector(kubernetes.GetHubUrl(), connect.DefaultRetries, connect.DefaultTimeout)

 	log.Info().Str("url", PRO_URL).Msg("Opening in the browser:")
 	utils.OpenBrowser(PRO_URL)
--- a/cmd/proxy.go
+++ b/cmd/proxy.go
@@ -24,8 +24,7 @@ func init() {
 		log.Debug().Err(err).Send()
 	}

-	proxyCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the front-end proxy/port-forward")
-	proxyCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.Port, "Provide a custom port for the Hub proxy/port-forward")
+	proxyCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the proxy/port-forward")
 	proxyCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the proxy/port-forward")
 	proxyCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 }
--- a/cmd/proxyRunner.go
+++ b/cmd/proxyRunner.go
@@ -63,38 +63,8 @@ func runProxy(block bool, noBrowser bool) {

 	var establishedProxy bool

-	hubUrl := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)
-	response, err := http.Get(fmt.Sprintf("%s/echo", hubUrl))
-	if err == nil && response.StatusCode == 200 {
-		log.Info().
-			Str("service", kubernetes.HubServiceName).
-			Int("port", int(config.Config.Tap.Proxy.Hub.Port)).
-			Msg("Found a running service.")
-
-		okToOpen("Hub", hubUrl, true)
-	} else {
-		startProxyReportErrorIfAny(
-			kubernetesProvider,
-			ctx,
-			kubernetes.HubServiceName,
-			kubernetes.HubPodName,
-			configStructs.ProxyHubPortLabel,
-			config.Config.Tap.Proxy.Hub.Port,
-			configStructs.ContainerPort,
-			"/echo",
-		)
-		connector := connect.NewConnector(hubUrl, connect.DefaultRetries, connect.DefaultTimeout)
-		if err := connector.TestConnection("/echo"); err != nil {
-			log.Error().Msg(fmt.Sprintf(utils.Red, "Couldn't connect to Hub."))
-			return
-		}
-
-		establishedProxy = true
-		okToOpen("Hub", hubUrl, true)
-	}
-
 	frontUrl := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Front.Port)
-	response, err = http.Get(fmt.Sprintf("%s/", frontUrl))
+	response, err := http.Get(fmt.Sprintf("%s/", frontUrl))
 	if err == nil && response.StatusCode == 200 {
 		log.Info().
 			Str("service", kubernetes.FrontServiceName).
--- a/cmd/scripts.go
+++ b/cmd/scripts.go
@@ -34,8 +34,8 @@ func init() {
 		log.Debug().Err(err).Send()
 	}

-	scriptsCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.Port, "Provide a custom port for the Hub")
-	scriptsCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Hub")
+	scriptsCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the Kubeshark")
+	scriptsCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Kubeshark")
 	scriptsCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 }

@@ -45,14 +45,14 @@ func runScripts() {
 		return
 	}

-	hubUrl := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)
+	hubUrl := kubernetes.GetHubUrl()
 	response, err := http.Get(fmt.Sprintf("%s/echo", hubUrl))
 	if err != nil || response.StatusCode != 200 {
 		log.Info().Msg(fmt.Sprintf(utils.Yellow, "Couldn't connect to Hub. Establishing proxy..."))
 		runProxy(false, true)
 	}

-	connector = connect.NewConnector(kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port), connect.DefaultRetries, connect.DefaultTimeout)
+	connector = connect.NewConnector(kubernetes.GetHubUrl(), connect.DefaultRetries, connect.DefaultTimeout)

 	watchScripts(true)
 }
--- a/cmd/tap.go
+++ b/cmd/tap.go
@@ -47,8 +47,7 @@ func init() {
 	tapCmd.Flags().StringP(configStructs.DockerTagLabel, "t", defaultTapConfig.Docker.Tag, "The tag of the Docker images that are going to be pulled")
 	tapCmd.Flags().String(configStructs.DockerImagePullPolicy, defaultTapConfig.Docker.ImagePullPolicy, "ImagePullPolicy for the Docker images")
 	tapCmd.Flags().StringSlice(configStructs.DockerImagePullSecrets, defaultTapConfig.Docker.ImagePullSecrets, "ImagePullSecrets for the Docker images")
-	tapCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the front-end proxy/port-forward")
-	tapCmd.Flags().Uint16(configStructs.ProxyHubPortLabel, defaultTapConfig.Proxy.Hub.Port, "Provide a custom port for the Hub proxy/port-forward")
+	tapCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the proxy/port-forward")
 	tapCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the proxy/port-forward")
 	tapCmd.Flags().StringSliceP(configStructs.NamespacesLabel, "n", defaultTapConfig.Namespaces, "Namespaces selector")
 	tapCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
--- a/cmd/tapPcapRunner.go
+++ b/cmd/tapPcapRunner.go
@@ -506,7 +506,7 @@ func pcap(tarPath string) error {
 		},
 	}

-	connector = connect.NewConnector(kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port), connect.DefaultRetries, connect.DefaultTimeout)
+	connector = connect.NewConnector(kubernetes.GetHubUrl(), connect.DefaultRetries, connect.DefaultTimeout)
 	connector.PostWorkerPodToHub(workerPod)

 	// License
@@ -515,7 +515,7 @@ func pcap(tarPath string) error {
 	}

 	log.Info().
-		Str("url", kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)).
+		Str("url", kubernetes.GetHubUrl()).
 		Msg(fmt.Sprintf(utils.Green, "Hub is available at:"))

 	url := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Front.Port)
--- a/cmd/tapRunner.go
+++ b/cmd/tapRunner.go
@@ -65,7 +65,7 @@ func tap() {
 		Str("limit", config.Config.Tap.StorageLimit).
 		Msg(fmt.Sprintf("%s will store the traffic up to a limit (per node). Oldest TCP/UDP streams will be removed once the limit is reached.", misc.Software))

-	connector = connect.NewConnector(kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port), connect.DefaultRetries, connect.DefaultTimeout)
+	connector = connect.NewConnector(kubernetes.GetHubUrl(), connect.DefaultRetries, connect.DefaultTimeout)

 	kubernetesProvider, err := getKubernetesProviderForCli(false, false)
 	if err != nil {
@@ -406,16 +406,6 @@ func watchHubEvents(ctx context.Context, kubernetesProvider *kubernetes.Provider
 }

 func postHubStarted(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc, update bool) {
-	startProxyReportErrorIfAny(
-		kubernetesProvider,
-		ctx,
-		kubernetes.HubServiceName,
-		kubernetes.HubPodName,
-		configStructs.ProxyHubPortLabel,
-		config.Config.Tap.Proxy.Hub.Port,
-		configStructs.ContainerPort,
-		"/echo",
-	)

 	if update {
 		// Pod regex
@@ -444,12 +434,6 @@ func postHubStarted(ctx context.Context, kubernetesProvider *kubernetes.Provider
 		connector.PostScriptDone()
 	}

-	if !update && !config.Config.Tap.Ingress.Enabled {
-		// Hub proxy URL
-		url := kubernetes.GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port)
-		log.Info().Str("url", url).Msg(fmt.Sprintf(utils.Green, "Hub is available at:"))
-	}
-
 	if config.Config.Scripting.Source != "" && config.Config.Scripting.WatchScripts {
 		watchScripts(false)
 	}
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -88,11 +88,10 @@ type AuthConfig struct {

 type IngressConfig struct {
 	Enabled     bool                    `yaml:"enabled" json:"enabled" default:"false"`
-	ClassName   string                  `yaml:"classname" json:"classname" default:"kubeshark-ingress-class"`
-	Controller  string                  `yaml:"controller" json:"controller" default:"k8s.io/ingress-nginx"`
+	ClassName   string                  `yaml:"classname" json:"classname" default:""`
 	Host        string                  `yaml:"host" json:"host" default:"ks.svc.cluster.local"`
-	TLS         []networking.IngressTLS `yaml:"tls" json:"tls"`
-	CertManager string                  `yaml:"certmanager" json:"certmanager" default:"letsencrypt-prod"`
+	TLS         []networking.IngressTLS `yaml:"tls" json:"tls" default:"[]"`
+	Annotations map[string]string       `yaml:"annotations" json:"annotations" default:"{}"`
 }

 type ReleaseConfig struct {
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: "50.2"
+appVersion: "50.3"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.co
 keywords:
@@ -22,5 +22,5 @@ name: kubeshark
 sources:
  - https://github.com/kubeshark/kubeshark/tree/master/helm-chart
 type: application
-version: "50.2"
+version: "50.3"
 icon: https://raw.githubusercontent.com/kubeshark/assets/master/logo/vector/logo.svg
--- a/helm-chart/templates/02-cluster-role.yaml
+++ b/helm-chart/templates/02-cluster-role.yaml
@@ -24,3 +24,28 @@ rules:
      - list
      - get
      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
+  name: kubeshark-self-secrets-role
+  namespace: {{ .Release.Namespace }}
+rules:
+  - apiGroups:
+      - "v1"
+      - ""
+    resourceNames:
+      - kubeshark-secret
+    resources:
+      - secrets
+    verbs:
+      - get
+      - watch
+      - update
+      - patch
--- a/helm-chart/templates/03-cluster-role-binding.yaml
+++ b/helm-chart/templates/03-cluster-role-binding.yaml
@@ -18,3 +18,23 @@ subjects:
  - kind: ServiceAccount
    name: {{ include "kubeshark.serviceAccountName" . }}
    namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubeshark-self-secrets-role-binding
+  labels:
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  annotations:
+  {{- if .Values.tap.annotations }}
+    {{- toYaml .Values.tap.annotations | nindent 4 }}
+  {{- end }}
+  namespace: {{ .Release.Namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "kubeshark.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: kubeshark-self-secrets-role
+  apiGroup: rbac.authorization.k8s.io
--- a/helm-chart/templates/05-hub-service.yaml
+++ b/helm-chart/templates/05-hub-service.yaml
@@ -19,5 +19,3 @@ spec:
  selector:
    app.kubeshark.co/app: hub
  type: ClusterIP
-status:
-  loadBalancer: {}
--- a/helm-chart/templates/06-front-deployment.yaml
+++ b/helm-chart/templates/06-front-deployment.yaml
@@ -27,7 +27,7 @@ spec:
            - name: REACT_APP_HUB_HOST
              value: ' '
            - name: REACT_APP_HUB_PORT
-              value: '{{ .Values.tap.ingress.enabled | ternary "/api" (print ":" .Values.tap.proxy.hub.port) }}'
+              value: '{{ .Values.tap.ingress.enabled | ternary "/api" (print ":" .Values.tap.proxy.front.port "/api") }}'
          image: '{{ .Values.tap.docker.registry }}/front:{{ .Values.tap.docker.tag }}'
          imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
          name: kubeshark-front
--- a/helm-chart/templates/07-front-service.yaml
+++ b/helm-chart/templates/07-front-service.yaml
@@ -18,5 +18,3 @@ spec:
  selector:
    app.kubeshark.co/app: front
  type: ClusterIP
-status:
-  loadBalancer: {}
--- a/helm-chart/templates/10-ingress-class.yaml
+++ b/helm-chart/templates/10-ingress-class.yaml
@@ -1,16 +0,0 @@
---
-{{- if .Values.tap.ingress.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: IngressClass
-metadata:
-  labels:
-    {{- include "kubeshark.labels" . | nindent 4 }}
-  annotations:
-  {{- if .Values.tap.annotations }}
-    {{- toYaml .Values.tap.annotations | nindent 4 }}
-  {{- end }}
-  name: kubeshark-ingress-class
-  namespace: {{ .Release.Namespace }}
-spec:
-  controller: {{ .Values.tap.ingress.controller }}
-{{- end }}
--- a/helm-chart/templates/10-ingress.yaml
+++ b/helm-chart/templates/10-ingress.yaml
@@ -4,37 +4,34 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
-    certmanager.k8s.io/cluster-issuer: {{ .Values.tap.ingress.certmanager }}
-    nginx.ingress.kubernetes.io/rewrite-target: /$2
-  {{- if .Values.tap.annotations }}
+    nginx.org/websocket-services: "kubeshark-front"
+{{- if .Values.tap.annotations }}
    {{- toYaml .Values.tap.annotations | nindent 4 }}
+{{- end }}
+  {{- if .Values.tap.ingress.annotations }}
+    {{- toYaml .Values.tap.ingress.annotations | nindent 4 }}
  {{- end }}
  labels:
    {{- include "kubeshark.labels" . | nindent 4 }}
  name: kubeshark-ingress
  namespace: {{ .Release.Namespace }}
 spec:
+  {{- if .Values.tap.ingress.classname }}
  ingressClassName: {{ .Values.tap.ingress.classname }}
+  {{- end }}
  rules:
    - host: {{ .Values.tap.ingress.host }}
      http:
        paths:
-          - backend:
-              service:
-                name: kubeshark-hub
-                port:
-                  number: 80
-            path: /api(/|$)(.*)
-            pathType: Prefix
          - backend:
              service:
                name: kubeshark-front
                port:
                  number: 80
-            path: /()(.*)
+            path: /
            pathType: Prefix
+  {{- if .Values.tap.ingress.tls }}
  tls:
-  {{- if gt (len .Values.tap.ingress.tls) 0}}
    {{- toYaml .Values.tap.ingress.tls | nindent 2 }}
  {{- end }}
 status:
--- a/helm-chart/templates/11-nginx-config-map.yaml
+++ b/helm-chart/templates/11-nginx-config-map.yaml
@@ -0,0 +1,46 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kubeshark-nginx-config-map
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "kubeshark.labels" . | nindent 4 }}
+data:
+  default.conf: |
+    server {
+      listen 80;
+{{- if .Values.tap.ipv6 }}
+      listen [::]:80;
+{{- end }}
+      access_log /dev/stdout;
+      error_log /dev/stdout;
+
+      location /api {
+        rewrite ^/api(.*)$ $1 break;
+        proxy_pass http://kubeshark-hub;
+        proxy_set_header   X-Forwarded-For $remote_addr;
+        proxy_set_header   Host $http_host;
+        proxy_set_header Upgrade websocket;
+        proxy_set_header Connection Upgrade;
+        proxy_set_header  Authorization $http_authorization;
+        proxy_pass_header Authorization;
+        proxy_connect_timeout 4s;
+        proxy_read_timeout 120s;
+        proxy_send_timeout 12s;
+        proxy_pass_request_headers      on;
+      }
+
+      location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+        try_files $uri $uri/ /index.html;
+        expires -1;
+        add_header Cache-Control no-cache;
+      }
+      error_page   500 502 503 504  /50x.html;
+      location = /50x.html {
+        root   /usr/share/nginx/html;
+      }
+    }
+
--- a/helm-chart/templates/12-config-map.yaml
+++ b/helm-chart/templates/12-config-map.yaml
--- a/helm-chart/templates/12-nginx-config-map.yaml
+++ b/helm-chart/templates/12-nginx-config-map.yaml
@@ -1,28 +0,0 @@
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: kubeshark-nginx-config-map
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "kubeshark.labels" . | nindent 4 }}
-data:
-  default.conf: |
-    server {
-      listen 80;
-{{- if .Values.tap.ipv6 }}
-      listen [::]:80;
-{{- end }}
-      add_header Cache-Control no-cache;
-      location / {
-        root   /usr/share/nginx/html;
-        index  index.html index.htm;
-        try_files $uri $uri/ /index.html;
-        expires -1;
-      }
-      error_page   500 502 503 504  /50x.html;
-      location = /50x.html {
-        root   /usr/share/nginx/html;
-      }
-    }
-
--- a/helm-chart/templates/13-secret.yaml
+++ b/helm-chart/templates/13-secret.yaml
--- a/helm-chart/templates/NOTES.txt
+++ b/helm-chart/templates/NOTES.txt
@@ -3,19 +3,13 @@ Thank you for installing {{ title .Chart.Name }}.
 Your deployment has been successful. The release is named {{ .Release.Name }} and it has been deployed in the {{ .Release.Namespace }} namespace.

 {{- if .Values.tap.telemetry.enabled }}
-Notice: Telemetry is enabled. Kubeshark will collect usage statistics.
+Notice: Telemetry is enabled. Kubeshark will collect anonymous usage statistics.
 {{ end }}

 {{- if .Values.tap.ingress.enabled }}

-{{ if not .Values.license -}}
-warning:
-> Ingress option enabled but license not set. The application should not work as expected.
-> Get a license at https://console.kubeshark.co/
-{{- else }}
 You can now access the application through the following URL:
 http{{ if .Values.tap.ingress.tls }}s{{ end }}://{{ .Values.tap.ingress.host }}
-{{- end -}}

 {{- else }}
 To access the application, follow these steps:
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -28,12 +28,11 @@ tap:
  dryrun: false
  ignoretainted: false
  ingress:
-    certmanager: letsencrypt-prod
-    classname: kubeshark-ingress-class
-    controller: k8s.io/ingress-nginx
+    annotations: {}
+    classname: ""
    enabled: false
    host: ks.svc.cluster.local
-    tls: null
+    tls: []
  ipv6: true
  labels: {}
  namespaces: []
--- a/kubernetes/proxy.go
+++ b/kubernetes/proxy.go
@@ -72,6 +72,10 @@ func GetProxyOnPort(port uint16) string {
 	return fmt.Sprintf("http://%s:%d", config.Config.Tap.Proxy.Host, port)
 }

+func GetHubUrl() string {
+	return fmt.Sprintf("%s/api", GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port))
+}
+
 func getRerouteHttpHandlerSelfAPI(proxyHandler http.Handler, selfNamespace string, selfServiceName string) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
--- a/manifests/complete.yaml
+++ b/manifests/complete.yaml
@@ -4,16 +4,16 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
-    helm.sh/chart: kubeshark-50.1
+    helm.sh/chart: kubeshark-50.3
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "50.1"
+    app.kubernetes.io/version: "50.3"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-service-account
  namespace: default
 ---
-# Source: kubeshark/templates/14-secret.yaml
+# Source: kubeshark/templates/13-secret.yaml
 kind: Secret
 apiVersion: v1
 metadata:
@@ -21,37 +21,55 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-50.1
+    helm.sh/chart: kubeshark-50.3
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "50.1"
+    app.kubernetes.io/version: "50.3"
    app.kubernetes.io/managed-by: Helm
 stringData:
    LICENSE: ''
 ---
-# Source: kubeshark/templates/12-nginx-config-map.yaml
+# Source: kubeshark/templates/11-nginx-config-map.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: kubeshark-nginx-config-map
  namespace: default
  labels:
-    helm.sh/chart: kubeshark-50.1
+    helm.sh/chart: kubeshark-50.3
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "50.1"
+    app.kubernetes.io/version: "50.3"
    app.kubernetes.io/managed-by: Helm
 data:
  default.conf: |
    server {
      listen 80;
      listen [::]:80;
-      add_header Cache-Control no-cache;
+      access_log /dev/stdout;
+      error_log /dev/stdout;
+
+      location /api {
+        rewrite ^/api(.*)$ $1 break;
+        proxy_pass http://kubeshark-hub;
+        proxy_set_header   X-Forwarded-For $remote_addr;
+        proxy_set_header   Host $http_host;
+        proxy_set_header Upgrade websocket;
+        proxy_set_header Connection Upgrade;
+        proxy_set_header  Authorization $http_authorization;
+        proxy_pass_header Authorization;
+        proxy_connect_timeout 4s;
+        proxy_read_timeout 120s;
+        proxy_send_timeout 12s;
+        proxy_pass_request_headers      on;
+      }
+
      location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
        try_files $uri $uri/ /index.html;
        expires -1;
+        add_header Cache-Control no-cache;
      }
      error_page   500 502 503 504  /50x.html;
      location = /50x.html {
@@ -59,7 +77,7 @@ data:
      }
    }
 ---
-# Source: kubeshark/templates/13-config-map.yaml
+# Source: kubeshark/templates/12-config-map.yaml
 kind: ConfigMap
 apiVersion: v1
 metadata:
@@ -67,10 +85,10 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-50.1
+    helm.sh/chart: kubeshark-50.3
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "50.1"
+    app.kubernetes.io/version: "50.3"
    app.kubernetes.io/managed-by: Helm
 data:
    POD_REGEX: '.*'
@@ -87,10 +105,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
-    helm.sh/chart: kubeshark-50.1
+    helm.sh/chart: kubeshark-50.3
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "50.1"
+    app.kubernetes.io/version: "50.3"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-cluster-role
@@ -115,10 +133,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels:
-    helm.sh/chart: kubeshark-50.1
+    helm.sh/chart: kubeshark-50.3
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "50.1"
+    app.kubernetes.io/version: "50.3"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-cluster-role-binding
@@ -132,16 +150,65 @@ subjects:
    name: kubeshark-service-account
    namespace: default
 ---
+# Source: kubeshark/templates/02-cluster-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    helm.sh/chart: kubeshark-50.3
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.3"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+  name: kubeshark-self-secrets-role
+  namespace: default
+rules:
+  - apiGroups:
+      - "v1"
+      - ""
+    resourceNames:
+      - kubeshark-secret
+    resources:
+      - secrets
+    verbs:
+      - get
+      - watch
+      - update
+      - patch
+---
+# Source: kubeshark/templates/03-cluster-role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubeshark-self-secrets-role-binding
+  labels:
+    helm.sh/chart: kubeshark-50.3
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "50.3"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+  namespace: default
+subjects:
+  - kind: ServiceAccount
+    name: kubeshark-service-account
+    namespace: default
+roleRef:
+  kind: Role
+  name: kubeshark-self-secrets-role
+  apiGroup: rbac.authorization.k8s.io
+---
 # Source: kubeshark/templates/05-hub-service.yaml
 apiVersion: v1
 kind: Service
 metadata:
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-50.1
+    helm.sh/chart: kubeshark-50.3
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "50.1"
+    app.kubernetes.io/version: "50.3"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-hub
@@ -154,18 +221,16 @@ spec:
  selector:
    app.kubeshark.co/app: hub
  type: ClusterIP
-status:
-  loadBalancer: {}
 ---
 # Source: kubeshark/templates/07-front-service.yaml
 apiVersion: v1
 kind: Service
 metadata:
  labels:
-    helm.sh/chart: kubeshark-50.1
+    helm.sh/chart: kubeshark-50.3
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "50.1"
+    app.kubernetes.io/version: "50.3"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-front
@@ -178,8 +243,6 @@ spec:
  selector:
    app.kubeshark.co/app: front
  type: ClusterIP
-status:
-  loadBalancer: {}
 ---
 # Source: kubeshark/templates/09-worker-daemon-set.yaml
 apiVersion: apps/v1
@@ -188,10 +251,10 @@ metadata:
  labels:
    app.kubeshark.co/app: worker
    sidecar.istio.io/inject: "false"
-    helm.sh/chart: kubeshark-50.1
+    helm.sh/chart: kubeshark-50.3
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "50.1"
+    app.kubernetes.io/version: "50.3"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-worker-daemon-set
@@ -200,19 +263,19 @@ spec:
  selector:
    matchLabels:
      app.kubeshark.co/app: worker
-      helm.sh/chart: kubeshark-50.1
+      helm.sh/chart: kubeshark-50.3
      app.kubernetes.io/name: kubeshark
      app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "50.1"
+      app.kubernetes.io/version: "50.3"
      app.kubernetes.io/managed-by: Helm
  template:
    metadata:
      labels:
        app.kubeshark.co/app: worker
-        helm.sh/chart: kubeshark-50.1
+        helm.sh/chart: kubeshark-50.3
        app.kubernetes.io/name: kubeshark
        app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "50.1"
+        app.kubernetes.io/version: "50.3"
        app.kubernetes.io/managed-by: Helm
      name: kubeshark-worker-daemon-set
      namespace: kubeshark
@@ -309,10 +372,10 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-50.1
+    helm.sh/chart: kubeshark-50.3
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "50.1"
+    app.kubernetes.io/version: "50.3"
    app.kubernetes.io/managed-by: Helm
  annotations:
 spec:
@@ -370,10 +433,10 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: front
-    helm.sh/chart: kubeshark-50.1
+    helm.sh/chart: kubeshark-50.3
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "50.1"
+    app.kubernetes.io/version: "50.3"
    app.kubernetes.io/managed-by: Helm
  annotations:
 spec:
@@ -393,7 +456,7 @@ spec:
            - name: REACT_APP_HUB_HOST
              value: ' '
            - name: REACT_APP_HUB_PORT
-              value: ':8898'
+              value: ':8899/api'
          image: 'docker.io/kubeshark/front:latest'
          imagePullPolicy: Always
          name: kubeshark-front
Author	SHA1	Message	Date
M. Mert Yildiran	78c89cc5b4	🔖 Bump the Helm chart version to `50.3`	2023-09-17 00:09:37 +03:00
M. Mert Yildiran	b5c9a31380	🔧 Run `make generate-manifests`	2023-09-16 23:52:53 +03:00
Luiz Oliveira	3dfff2b7a5	♻️ Turn the Ingress path rewrite for Hub into an Nginx location directive (#1426 ) * fixes websocket for nginx-ingress Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> * update messagem when helm completes Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> * force react port to be a path Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> * include Authorization header to the proxy Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> * remove hub from proxy Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> * remove REACT_APP_HUB_PORT info Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> * include path back again to REACT_APP_HUB_PORT Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> --------- Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com>	2023-09-15 21:43:34 +03:00
M. Mert Yildiran	583a5b97ee	🔧 Re-order the template filenames and re-generate `values.yaml` and `complete.yaml`	2023-09-04 02:25:33 +03:00
Luiz Oliveira	64aae06fe5	🛂 Add a new `Role` and `RoleBinding` resources to have write access for our own `Secret` resource (#1416 ) * include role and rolebinding to write secrets With this, the kubeshark service-account have rights to update the value of the secrets of the same namespace where kubeshark was deployed. This was necessary to keep the value of the license updated Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> * Update helm-chart/templates/02-cluster-role.yaml Co-authored-by: M. Mert Yildiran <me@mertyildiran.com> * Update helm-chart/templates/03-cluster-role-binding.yaml Co-authored-by: M. Mert Yildiran <me@mertyildiran.com> * Update helm-chart/templates/03-cluster-role-binding.yaml Co-authored-by: M. Mert Yildiran <me@mertyildiran.com> * Update helm-chart/templates/03-cluster-role-binding.yaml Co-authored-by: M. Mert Yildiran <me@mertyildiran.com> * Update helm-chart/templates/02-cluster-role.yaml Co-authored-by: M. Mert Yildiran <me@mertyildiran.com> --------- Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>	2023-09-04 02:20:26 +03:00
Luiz Oliveira	1ccaa03fb2	🏗️ Give the user ability to set ingress as needed (#1417 ) * Give the user hability to set ingress as needed - Removed unecessary IngressClass. - If no IngressClassName passed, use cluster's default class - Renamed `ingressclass` with `IngressClassName`. Is the standard name used for it. - Included custom annotations for Ingress. This way user can set any custom annotation for the ingress only. Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> * Update helm-chart/templates/11-ingress.yaml Co-authored-by: M. Mert Yildiran <me@mertyildiran.com> * Update config/configStructs/tapConfig.go Co-authored-by: M. Mert Yildiran <me@mertyildiran.com> * Update helm-chart/templates/11-ingress.yaml Co-authored-by: M. Mert Yildiran <me@mertyildiran.com> * update default ingressClassName value Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> --------- Signed-off-by: Luiz Oliveira <ziuloliveira@gmail.com> Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>	2023-09-04 02:18:43 +03:00
M. Mert Yildiran	3222212367	🔧 Update `complete.yaml`	2023-09-01 04:09:57 +03:00