Use dissection image tag from worker (#1850)

* adjust-nginx

* cleanup

* improve

* streaming

.gitignore

@@ -63,4 +63,7 @@ bin
 scripts/
 
 # CWD config YAML
-kubeshark.yaml
+kubeshark.yaml
+
+# Claude Code
+CLAUDE.md

cmd/mcp_test.go

@@ -218,7 +218,7 @@ func newTestMCPServerWithMockBackend(handler http.HandlerFunc) (*mcpServer, *htt
 }
 
 type hubToolCallRequest struct {
-	Tool      string         `json:"tool"`
+	Tool      string         `json:"name"`
 	Arguments map[string]any `json:"arguments"`
 }
 

config/configStructs/tapConfig.go

@@ -261,6 +261,8 @@ type MiscConfig struct {
 	DuplicateTimeframe          string `yaml:"duplicateTimeframe" json:"duplicateTimeframe" default:"200ms"`
 	DetectDuplicates            bool   `yaml:"detectDuplicates" json:"detectDuplicates" default:"false"`
 	StaleTimeoutSeconds         int    `yaml:"staleTimeoutSeconds" json:"staleTimeoutSeconds" default:"30"`
+	TcpFlowTimeout              int    `yaml:"tcpFlowTimeout" json:"tcpFlowTimeout" default:"1200"`
+	UdpFlowTimeout              int    `yaml:"udpFlowTimeout" json:"udpFlowTimeout" default:"1200"`
 }
 
 type PcapDumpConfig struct {
@@ -312,7 +314,6 @@ type SnapshotsConfig struct {
 }
 
 type DelayedDissectionConfig struct {
-	Image  string `yaml:"image" json:"image" default:"kubeshark/worker:master"`
 	CPU    string `yaml:"cpu" json:"cpu" default:"1"`
 	Memory string `yaml:"memory" json:"memory" default:"4Gi"`
 }

helm-chart/README.md

@@ -220,6 +220,8 @@ Example for overriding image names:
 | `tap.mountBpf`                            | BPF filesystem needs to be mounted for eBPF to work properly. This helm value determines whether Kubeshark will attempt to mount the filesystem. This option is not required if filesystem is already mounts. │ `true`|
 | `tap.hostNetwork`                         | Enable host network mode for worker DaemonSet pods. When enabled, worker pods use the host's network namespace for direct network access. | `true`                                                                                                                                                                                                                                           |
 | `tap.gitops.enabled`                          | Enable GitOps functionality. This will allow you to use GitOps to manage your Kubeshark configuration. | `false`                                                                                                                                                                                                                                          |
+| `tap.misc.tcpFlowTimeout`                 | TCP flow aggregation timeout in seconds. Controls how long the worker waits before finalizing a TCP flow. | `1200`                                                                                                                                                                                                                                           |
+| `tap.misc.udpFlowTimeout`                 | UDP flow aggregation timeout in seconds. Controls how long the worker waits before finalizing a UDP flow. | `1200`                                                                                                                                                                                                                                           |
 | `logs.file`                               | Logs dump path                      | `""`                                                                                                                                                                                                                                             |
 | `pcapdump.enabled`                        | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools                 | `false`                                                                                                                                                                                                                                           |
 | `pcapdump.maxTime`                        | The time window into the past that will be stored. Older traffic will be discarded.  | `2h`                                                                                                                                                                                                                                             |

helm-chart/templates/04-hub-deployment.yaml

@@ -40,10 +40,14 @@ spec:
             - "{{ if hasKey .Values.tap.capture.dissection "stopAfter" }}{{ .Values.tap.capture.dissection.stopAfter }}{{ else }}5m{{ end }}"
             - -snapshot-size-limit
             - '{{ .Values.tap.snapshots.storageSize }}'
-            {{- if .Values.tap.delayedDissection.image }}
             - -dissector-image
-            - '{{ .Values.tap.delayedDissection.image }}'
+          {{- if .Values.tap.docker.overrideImage.worker }}
-            {{- end }}
+            - '{{ .Values.tap.docker.overrideImage.worker }}'
+          {{- else if .Values.tap.docker.overrideTag.worker }}
+            - '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}'
+          {{- else }}
+            - '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}'
+          {{- end }}
             {{- if .Values.tap.delayedDissection.cpu }}
             - -dissector-cpu
             - '{{ .Values.tap.delayedDissection.cpu }}'

helm-chart/templates/09-worker-daemon-set.yaml

@@ -99,6 +99,10 @@ spec:
             - '{{ .Values.tap.misc.resolutionStrategy }}'
             - -staletimeout
             - '{{ .Values.tap.misc.staleTimeoutSeconds }}'
+            - -tcp-flow-full-timeout
+            - '{{ .Values.tap.misc.tcpFlowTimeout }}'
+            - -udp-flow-full-timeout
+            - '{{ .Values.tap.misc.udpFlowTimeout }}'
             - -storage-size
             - '{{ .Values.tap.storageLimit }}'
             - -capture-db-max-size

helm-chart/templates/11-nginx-config-map.yaml

@@ -30,8 +30,10 @@ data:
         proxy_set_header  Authorization $http_authorization;
         proxy_pass_header Authorization;
         proxy_connect_timeout 4s;
-        proxy_read_timeout 120s;
+        # Disable buffering for gRPC/Connect streaming
-        proxy_send_timeout 12s;
+        client_max_body_size 0;
+        proxy_request_buffering off;
+        proxy_buffering off;
         proxy_pass_request_headers      on;
       }
 
@@ -86,4 +88,3 @@ data:
         root   /usr/share/nginx/html;
       }
     }
-

helm-chart/values.yaml

@@ -35,7 +35,6 @@ tap:
       storageSize: 1Gi
     dbMaxSize: 500Mi
   delayedDissection:
-    image: kubeshark/worker:master
     cpu: "1"
     memory: 4Gi
   snapshots:
@@ -191,8 +190,8 @@ tap:
   - diameter
   - udp-flow
   - tcp-flow
-  - tcp-conn
   - udp-conn
+  - tcp-conn
   portMapping:
     http:
     - 80
@@ -228,6 +227,8 @@ tap:
     duplicateTimeframe: 200ms
     detectDuplicates: false
     staleTimeoutSeconds: 30
+    tcpFlowTimeout: 1200
+    udpFlowTimeout: 1200
   securityContext:
     privileged: true
     appArmorProfile:
@@ -270,7 +271,7 @@ kube:
 dumpLogs: false
 headless: false
 license: ""
-cloudApiUrl: "https://api.kubeshark.com"
+cloudApiUrl: https://api.kubeshark.com
 cloudLicenseEnabled: true
 demoModeEnabled: false
 supportChatEnabled: false

manifests/complete.yaml

@@ -257,6 +257,7 @@ data:
     EXCLUDED_NAMESPACES: ''
     BPF_OVERRIDE: ''
     DISSECTION_ENABLED: 'true'
+    CAPTURE_SELF: 'false'
     SCRIPTING_SCRIPTS: '{}'
     SCRIPTING_ACTIVE_SCRIPTS: ''
     INGRESS_ENABLED: 'false'
@@ -266,7 +267,7 @@ data:
     AUTH_TYPE: 'default'
     AUTH_SAML_IDP_METADATA_URL: ''
     AUTH_SAML_ROLE_ATTRIBUTE: 'role'
-    AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canStopTrafficCapturing":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","scriptingPermissions":{"canActivate":true,"canDelete":true,"canSave":true},"showAdminConsoleLink":true}}'
+    AUTH_SAML_ROLES: '{"admin":{"canControlDissection":true,"canDownloadPCAP":true,"canStopTrafficCapturing":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","scriptingPermissions":{"canActivate":true,"canDelete":true,"canSave":true},"showAdminConsoleLink":true}}'
     AUTH_OIDC_ISSUER: 'not set'
     AUTH_OIDC_REFRESH_TOKEN_LIFETIME: '3960h'
     AUTH_OIDC_STATE_PARAM_EXPIRY: '10m'
@@ -285,7 +286,6 @@ data:
     PCAP_ERROR_TTL: '0'
     TIMEZONE: ' '
     CLOUD_LICENSE_ENABLED: 'true'
-    AI_ASSISTANT_ENABLED: 'true'
     DUPLICATE_TIMEFRAME: '200ms'
     ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,ws,ldap,radius,diameter,udp-flow,tcp-flow,udp-conn,tcp-conn'
     CUSTOM_MACROS: '{"https":"tls and (http or http2)"}'
@@ -606,10 +606,16 @@ spec:
             - 'auto'
             - -staletimeout
             - '30'
+            - -tcp-flow-full-timeout
+            - '1200'
+            - -udp-flow-full-timeout
+            - '1200'
             - -storage-size
             - '10Gi'
             - -capture-db-max-size
             - '500Mi'
+            - -cloud-api-url
+            - 'https://api.kubeshark.com'
           image: 'docker.io/kubeshark/worker:v52.12'
           imagePullPolicy: Always
           name: sniffer
@@ -630,8 +636,6 @@ spec:
             value: '10000'
           - name: TCP_STREAM_CHANNEL_TIMEOUT_SHOW
             value: 'false'
-          - name: KUBESHARK_CLOUD_API_URL
-            value: 'https://api.kubeshark.com'
           - name: PROFILING_ENABLED
             value: 'false'
           - name: SENTRY_ENABLED
@@ -820,6 +824,8 @@ spec:
             - '1'
             - -dissector-memory
             - '4Gi'
+            - -cloud-api-url
+            - 'https://api.kubeshark.com'
           env:
           - name: POD_NAME
             valueFrom:
@@ -833,8 +839,6 @@ spec:
             value: 'false'
           - name: SENTRY_ENVIRONMENT
             value: 'production'
-          - name: KUBESHARK_CLOUD_API_URL
-            value: 'https://api.kubeshark.com'
           - name: PROFILING_ENABLED
             value: 'false'
           image: 'docker.io/kubeshark/hub:v52.12'
@@ -943,6 +947,8 @@ spec:
               value: ' '
             - name: REACT_APP_TIMEZONE
               value: ' '
+            - name: REACT_APP_SCRIPTING_HIDDEN
+              value: 'true'
             - name: REACT_APP_SCRIPTING_DISABLED
               value: 'false'
             - name: REACT_APP_TARGETED_PODS_UPDATE_DISABLED
@@ -953,12 +959,12 @@ spec:
               value: 'true'
             - name: REACT_APP_RECORDING_DISABLED
               value: 'false'
+            - name: REACT_APP_DISSECTION_ENABLED
+              value: 'true'
             - name: REACT_APP_DISSECTION_CONTROL_ENABLED
               value: 'true'
             - name: 'REACT_APP_CLOUD_LICENSE_ENABLED'
               value: 'true'
-            - name: 'REACT_APP_AI_ASSISTANT_ENABLED'
-              value: 'true'
             - name: REACT_APP_SUPPORT_CHAT_ENABLED
               value: 'false'
             - name: REACT_APP_BETA_ENABLED