mirror of
https://github.com/kubeshark/kubeshark.git
synced 2026-03-03 02:00:32 +00:00
Compare commits
1 Commits
cloud-stor
...
feature/he
| Author | SHA1 | Date | |
|---|---|---|---|
|
130c543f43 |
@@ -62,4 +62,5 @@ func init() {
|
|||||||
tapCmd.Flags().Bool(configStructs.TelemetryEnabledLabel, defaultTapConfig.Telemetry.Enabled, "Enable/disable Telemetry")
|
tapCmd.Flags().Bool(configStructs.TelemetryEnabledLabel, defaultTapConfig.Telemetry.Enabled, "Enable/disable Telemetry")
|
||||||
tapCmd.Flags().Bool(configStructs.ResourceGuardEnabledLabel, defaultTapConfig.ResourceGuard.Enabled, "Enable/disable resource guard")
|
tapCmd.Flags().Bool(configStructs.ResourceGuardEnabledLabel, defaultTapConfig.ResourceGuard.Enabled, "Enable/disable resource guard")
|
||||||
tapCmd.Flags().Bool(configStructs.WatchdogEnabled, defaultTapConfig.Watchdog.Enabled, "Enable/disable watchdog")
|
tapCmd.Flags().Bool(configStructs.WatchdogEnabled, defaultTapConfig.Watchdog.Enabled, "Enable/disable watchdog")
|
||||||
|
tapCmd.Flags().String(configStructs.HelmChartPathLabel, defaultTapConfig.Release.HelmChartPath, "Path to a local Helm chart folder (overrides the remote Helm repo)")
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -45,6 +45,7 @@ const (
|
|||||||
PcapDumpEnabled = "enabled"
|
PcapDumpEnabled = "enabled"
|
||||||
PcapTime = "time"
|
PcapTime = "time"
|
||||||
WatchdogEnabled = "watchdogEnabled"
|
WatchdogEnabled = "watchdogEnabled"
|
||||||
|
HelmChartPathLabel = "release-helmChartPath"
|
||||||
)
|
)
|
||||||
|
|
||||||
type ResourceLimitsHub struct {
|
type ResourceLimitsHub struct {
|
||||||
@@ -211,6 +212,7 @@ type ReleaseConfig struct {
|
|||||||
Repo string `yaml:"repo" json:"repo" default:"https://helm.kubeshark.com"`
|
Repo string `yaml:"repo" json:"repo" default:"https://helm.kubeshark.com"`
|
||||||
Name string `yaml:"name" json:"name" default:"kubeshark"`
|
Name string `yaml:"name" json:"name" default:"kubeshark"`
|
||||||
Namespace string `yaml:"namespace" json:"namespace" default:"default"`
|
Namespace string `yaml:"namespace" json:"namespace" default:"default"`
|
||||||
|
HelmChartPath string `yaml:"helmChartPath" json:"helmChartPath" default:""`
|
||||||
}
|
}
|
||||||
|
|
||||||
type TelemetryConfig struct {
|
type TelemetryConfig struct {
|
||||||
@@ -308,23 +310,13 @@ type RawCaptureConfig struct {
|
|||||||
StorageSize string `yaml:"storageSize" json:"storageSize" default:"1Gi"`
|
StorageSize string `yaml:"storageSize" json:"storageSize" default:"1Gi"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type SnapshotsLocalConfig struct {
|
type SnapshotsConfig struct {
|
||||||
StorageClass string `yaml:"storageClass" json:"storageClass" default:""`
|
StorageClass string `yaml:"storageClass" json:"storageClass" default:""`
|
||||||
StorageSize string `yaml:"storageSize" json:"storageSize" default:"20Gi"`
|
StorageSize string `yaml:"storageSize" json:"storageSize" default:"20Gi"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type SnapshotsCloudConfig struct {
|
|
||||||
Provider string `yaml:"provider" json:"provider" default:""`
|
|
||||||
ConfigMaps []string `yaml:"configMaps" json:"configMaps" default:"[]"`
|
|
||||||
Secrets []string `yaml:"secrets" json:"secrets" default:"[]"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type SnapshotsConfig struct {
|
|
||||||
Local SnapshotsLocalConfig `yaml:"local" json:"local"`
|
|
||||||
Cloud SnapshotsCloudConfig `yaml:"cloud" json:"cloud"`
|
|
||||||
}
|
|
||||||
|
|
||||||
type DelayedDissectionConfig struct {
|
type DelayedDissectionConfig struct {
|
||||||
|
Image string `yaml:"image" json:"image" default:"kubeshark/worker:master"`
|
||||||
CPU string `yaml:"cpu" json:"cpu" default:"1"`
|
CPU string `yaml:"cpu" json:"cpu" default:"1"`
|
||||||
Memory string `yaml:"memory" json:"memory" default:"4Gi"`
|
Memory string `yaml:"memory" json:"memory" default:"4Gi"`
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -143,11 +143,8 @@ Example for overriding image names:
|
|||||||
| `tap.capture.raw.enabled` | Enable raw capture of packets and syscalls to disk for offline analysis | `true` |
|
| `tap.capture.raw.enabled` | Enable raw capture of packets and syscalls to disk for offline analysis | `true` |
|
||||||
| `tap.capture.raw.storageSize` | Maximum storage size for raw capture files (supports K8s quantity format: `1Gi`, `500Mi`, etc.) | `1Gi` |
|
| `tap.capture.raw.storageSize` | Maximum storage size for raw capture files (supports K8s quantity format: `1Gi`, `500Mi`, etc.) | `1Gi` |
|
||||||
| `tap.capture.dbMaxSize` | Maximum size for capture database (e.g., `4Gi`, `2000Mi`). When empty, automatically uses 80% of allocated storage (`tap.storageLimit`). | `""` |
|
| `tap.capture.dbMaxSize` | Maximum size for capture database (e.g., `4Gi`, `2000Mi`). When empty, automatically uses 80% of allocated storage (`tap.storageLimit`). | `""` |
|
||||||
| `tap.snapshots.local.storageClass` | Storage class for local snapshots volume. When empty, uses `emptyDir`. When set, creates a PVC with this storage class | `""` |
|
| `tap.snapshots.storageClass` | Storage class for snapshots volume. When empty, uses `emptyDir`. When set, creates a PVC with this storage class | `""` |
|
||||||
| `tap.snapshots.local.storageSize` | Storage size for local snapshots volume (supports K8s quantity format: `1Gi`, `500Mi`, etc.) | `20Gi` |
|
| `tap.snapshots.storageSize` | Storage size for snapshots volume (supports K8s quantity format: `1Gi`, `500Mi`, etc.) | `10Gi` |
|
||||||
| `tap.snapshots.cloud.provider` | Cloud storage provider for snapshots (e.g. `s3`). Empty string disables cloud storage. | `""` |
|
|
||||||
| `tap.snapshots.cloud.configMaps` | Names of ConfigMaps containing cloud storage environment variables | `[]` |
|
|
||||||
| `tap.snapshots.cloud.secrets` | Names of Secrets containing cloud storage credentials | `[]` |
|
|
||||||
| `tap.release.repo` | URL of the Helm chart repository | `https://helm.kubeshark.com` |
|
| `tap.release.repo` | URL of the Helm chart repository | `https://helm.kubeshark.com` |
|
||||||
| `tap.release.name` | Helm release name | `kubeshark` |
|
| `tap.release.name` | Helm release name | `kubeshark` |
|
||||||
| `tap.release.namespace` | Helm release namespace | `default` |
|
| `tap.release.namespace` | Helm release namespace | `default` |
|
||||||
|
|||||||
@@ -40,14 +40,10 @@ spec:
|
|||||||
- "{{ if hasKey .Values.tap.capture.dissection "stopAfter" }}{{ .Values.tap.capture.dissection.stopAfter }}{{ else }}5m{{ end }}"
|
- "{{ if hasKey .Values.tap.capture.dissection "stopAfter" }}{{ .Values.tap.capture.dissection.stopAfter }}{{ else }}5m{{ end }}"
|
||||||
- -snapshot-size-limit
|
- -snapshot-size-limit
|
||||||
- '{{ .Values.tap.snapshots.storageSize }}'
|
- '{{ .Values.tap.snapshots.storageSize }}'
|
||||||
|
{{- if .Values.tap.delayedDissection.image }}
|
||||||
- -dissector-image
|
- -dissector-image
|
||||||
{{- if .Values.tap.docker.overrideImage.worker }}
|
- '{{ .Values.tap.delayedDissection.image }}'
|
||||||
- '{{ .Values.tap.docker.overrideImage.worker }}'
|
{{- end }}
|
||||||
{{- else if .Values.tap.docker.overrideTag.worker }}
|
|
||||||
- '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}'
|
|
||||||
{{- else }}
|
|
||||||
- '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}'
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.tap.delayedDissection.cpu }}
|
{{- if .Values.tap.delayedDissection.cpu }}
|
||||||
- -dissector-cpu
|
- -dissector-cpu
|
||||||
- '{{ .Values.tap.delayedDissection.cpu }}'
|
- '{{ .Values.tap.delayedDissection.cpu }}'
|
||||||
@@ -61,24 +57,12 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
- -cloud-api-url
|
- -cloud-api-url
|
||||||
- '{{ .Values.cloudApiUrl }}'
|
- '{{ .Values.cloudApiUrl }}'
|
||||||
{{- if .Values.tap.snapshots.cloud.provider }}
|
{{- if .Values.tap.secrets }}
|
||||||
- -cloud-storage-provider
|
|
||||||
- '{{ .Values.tap.snapshots.cloud.provider }}'
|
|
||||||
{{- end }}
|
|
||||||
{{- if or .Values.tap.secrets .Values.tap.snapshots.cloud.configMaps .Values.tap.snapshots.cloud.secrets }}
|
|
||||||
envFrom:
|
envFrom:
|
||||||
{{- range .Values.tap.secrets }}
|
{{- range .Values.tap.secrets }}
|
||||||
- secretRef:
|
- secretRef:
|
||||||
name: {{ . }}
|
name: {{ . }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- range .Values.tap.snapshots.cloud.configMaps }}
|
|
||||||
- configMapRef:
|
|
||||||
name: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- range .Values.tap.snapshots.cloud.secrets }}
|
|
||||||
- secretRef:
|
|
||||||
name: {{ . }}
|
|
||||||
{{- end }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
env:
|
env:
|
||||||
- name: POD_NAME
|
- name: POD_NAME
|
||||||
@@ -200,10 +184,10 @@ spec:
|
|||||||
- key: AUTH_SAML_X509_KEY
|
- key: AUTH_SAML_X509_KEY
|
||||||
path: kubeshark.key
|
path: kubeshark.key
|
||||||
- name: snapshots-volume
|
- name: snapshots-volume
|
||||||
{{- if .Values.tap.snapshots.local.storageClass }}
|
{{- if .Values.tap.snapshots.storageClass }}
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: {{ include "kubeshark.name" . }}-snapshots-pvc
|
claimName: {{ include "kubeshark.name" . }}-snapshots-pvc
|
||||||
{{- else }}
|
{{- else }}
|
||||||
emptyDir:
|
emptyDir:
|
||||||
sizeLimit: {{ .Values.tap.snapshots.local.storageSize }}
|
sizeLimit: {{ .Values.tap.snapshots.storageSize }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
{{- if .Values.tap.snapshots.local.storageClass }}
|
{{- if .Values.tap.snapshots.storageClass }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: PersistentVolumeClaim
|
kind: PersistentVolumeClaim
|
||||||
metadata:
|
metadata:
|
||||||
@@ -16,7 +16,7 @@ spec:
|
|||||||
- ReadWriteOnce
|
- ReadWriteOnce
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
storage: {{ .Values.tap.snapshots.local.storageSize }}
|
storage: {{ .Values.tap.snapshots.storageSize }}
|
||||||
storageClassName: {{ .Values.tap.snapshots.local.storageClass }}
|
storageClassName: {{ .Values.tap.snapshots.storageClass }}
|
||||||
status: {}
|
status: {}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|||||||
@@ -35,16 +35,12 @@ tap:
|
|||||||
storageSize: 1Gi
|
storageSize: 1Gi
|
||||||
dbMaxSize: 500Mi
|
dbMaxSize: 500Mi
|
||||||
delayedDissection:
|
delayedDissection:
|
||||||
|
image: kubeshark/worker:master
|
||||||
cpu: "1"
|
cpu: "1"
|
||||||
memory: 4Gi
|
memory: 4Gi
|
||||||
snapshots:
|
snapshots:
|
||||||
local:
|
storageClass: ""
|
||||||
storageClass: ""
|
storageSize: 20Gi
|
||||||
storageSize: 20Gi
|
|
||||||
cloud:
|
|
||||||
provider: "" # cloud storage provider: "s3" (empty = disabled)
|
|
||||||
configMaps: [] # names of ConfigMaps with cloud storage env vars
|
|
||||||
secrets: [] # names of Secrets with cloud storage credentials
|
|
||||||
release:
|
release:
|
||||||
repo: https://helm.kubeshark.com
|
repo: https://helm.kubeshark.com
|
||||||
name: kubeshark
|
name: kubeshark
|
||||||
|
|||||||
@@ -67,7 +67,10 @@ func (h *Helm) Install() (rel *release.Release, err error) {
|
|||||||
client.Namespace = h.releaseNamespace
|
client.Namespace = h.releaseNamespace
|
||||||
client.ReleaseName = h.releaseName
|
client.ReleaseName = h.releaseName
|
||||||
|
|
||||||
chartPath := os.Getenv(fmt.Sprintf("%s_HELM_CHART_PATH", strings.ToUpper(misc.Program)))
|
chartPath := config.Config.Tap.Release.HelmChartPath
|
||||||
|
if chartPath == "" {
|
||||||
|
chartPath = os.Getenv(fmt.Sprintf("%s_HELM_CHART_PATH", strings.ToUpper(misc.Program)))
|
||||||
|
}
|
||||||
if chartPath == "" {
|
if chartPath == "" {
|
||||||
var chartURL string
|
var chartURL string
|
||||||
chartURL, err = repo.FindChartInRepoURL(h.repo, h.releaseName, "", "", "", "", getter.All(&cli.EnvSettings{}))
|
chartURL, err = repo.FindChartInRepoURL(h.repo, h.releaseName, "", "", "", "", getter.All(&cli.EnvSettings{}))
|
||||||
|
|||||||
@@ -209,8 +209,10 @@ data:
|
|||||||
proxy_set_header Authorization $http_authorization;
|
proxy_set_header Authorization $http_authorization;
|
||||||
proxy_pass_header Authorization;
|
proxy_pass_header Authorization;
|
||||||
proxy_connect_timeout 4s;
|
proxy_connect_timeout 4s;
|
||||||
proxy_read_timeout 120s;
|
# Disable buffering for gRPC/Connect streaming
|
||||||
proxy_send_timeout 12s;
|
client_max_body_size 0;
|
||||||
|
proxy_request_buffering off;
|
||||||
|
proxy_buffering off;
|
||||||
proxy_pass_request_headers on;
|
proxy_pass_request_headers on;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user