Restructure README: captures/processes/retains, cluster-wide PCAP

- Reorder hero bullets: PCAP Retention, L7 API Dissection, K8s Context
- Add "Additional benefits" section for TLS decryption and L4 TCP Insights
- Rename "Traffic Retention" to "Cluster-wide PCAP" with filtering details
- Add Wireshark/tshark/AI agent download, separate cloud retention
- Move Cluster-wide PCAP above L4/L7 Workload Map

README.md

@@ -21,13 +21,16 @@ Kubeshark captures cluster-wide network traffic at the speed and scale of Kubern
 
 Network data is available to **AI agents via [MCP](https://docs.kubeshark.com/en/mcp)** and to **human operators via a [dashboard](https://docs.kubeshark.com/en/v2)**.
 
-**What's captured, cluster-wide:**
+**Kubeshark captures, processes, and retains cluster-wide network traffic:**
 
-- **L4 Packets & TCP Metrics** — retransmissions, RTT, window saturation, connection lifecycle, packet loss across every node-to-node path ([TCP insights →](https://docs.kubeshark.com/en/mcp/tcp_insights))
-- **L7 API Calls** — real-time request/response matching with full payload parsing: HTTP, gRPC, GraphQL, Redis, Kafka, DNS ([API dissection →](https://docs.kubeshark.com/en/v2/l7_api_dissection))
-- **Decrypted TLS** — eBPF-based TLS decryption without key management
+- **PCAP Retention** — continuous raw packet capture with point-in-time snapshots, exportable for Wireshark ([Snapshots →](https://docs.kubeshark.com/en/v2/traffic_snapshots))
+- **L7 API Dissection** — real-time request/response matching with full payload parsing: HTTP, gRPC, GraphQL, Redis, Kafka, DNS ([API dissection →](https://docs.kubeshark.com/en/v2/l7_api_dissection))
 - **Kubernetes Context** — every packet and API call resolved to pod, service, namespace, and node
-- **PCAP Retention** — point-in-time raw packet snapshots, exportable for Wireshark ([Snapshots →](https://docs.kubeshark.com/en/v2/traffic_snapshots))
+
+**Additional benefits:**
+
+- **Decrypted TLS** — eBPF-based TLS decryption without key management
+- **L4 TCP Insights** — retransmissions, RTT, window saturation, connection lifecycle, packet loss across every node-to-node path ([TCP insights →](https://docs.kubeshark.com/en/mcp/tcp_insights))
 
 ![Kubeshark](https://github.com/kubeshark/assets/raw/master/png/stream.png)
 
@@ -78,6 +81,16 @@ Cluster-wide request/response matching with full payloads, parsed according to p
 
 [Learn more →](https://docs.kubeshark.com/en/v2/l7_api_dissection)
 
+### Cluster-wide PCAP
+
+Generate a cluster-wide PCAP file from any point in time. Filter by time range, specific nodes, and BPF expressions (e.g. `net`, `ip`, `port`, `host`) to capture exactly the traffic you need — across the entire cluster, in a single file. Download and analyze with Wireshark, tshark, or any PCAP-compatible tool — or let your AI agent download and analyze programmatically via MCP.
+
+Store snapshots locally or in S3/Azure Blob for long-term retention.
+
+![Traffic Retention](https://github.com/kubeshark/assets/raw/master/png/snapshots.png)
+
+[Snapshots guide →](https://docs.kubeshark.com/en/v2/traffic_snapshots)
+
 ### L4/L7 Workload Map
 
 Cluster-wide view of service communication: dependencies, traffic flow, and anomalies across all nodes and namespaces.
@@ -86,14 +99,6 @@ Cluster-wide view of service communication: dependencies, traffic flow, and anom
 
 [Learn more →](https://docs.kubeshark.com/en/v2/service_map)
 
-### Traffic Retention
-
-Continuous raw packet capture with point-in-time snapshots. Export PCAP files for offline analysis with Wireshark or other tools.
-
-![Traffic Retention](https://github.com/kubeshark/assets/raw/master/png/snapshots.png)
-
-[Snapshots guide →](https://docs.kubeshark.com/en/v2/traffic_snapshots)
-
 ---
 
 ## Features

config/configStruct.go

@@ -153,7 +153,6 @@ func CreateDefaultConfig() ConfigStruct {
 			},
 			Dashboard: configStructs.DashboardConfig{
 				CompleteStreamingEnabled: true,
-				ClusterWideMapEnabled:    false,
 			},
 			Capture: configStructs.CaptureConfig{
 				Dissection: configStructs.DissectionConfig{

config/configStructs/tapConfig.go

@@ -202,7 +202,6 @@ type RoutingConfig struct {
 type DashboardConfig struct {
 	StreamingType            string `yaml:"streamingType" json:"streamingType" default:"connect-rpc"`
 	CompleteStreamingEnabled bool   `yaml:"completeStreamingEnabled" json:"completeStreamingEnabled" default:"true"`
-	ClusterWideMapEnabled    bool   `yaml:"clusterWideMapEnabled" json:"clusterWideMapEnabled" default:"false"`
 }
 
 type FrontRoutingConfig struct {
@@ -210,9 +209,9 @@ type FrontRoutingConfig struct {
 }
 
 type ReleaseConfig struct {
-	Repo          string `yaml:"repo" json:"repo" default:"https://helm.kubeshark.com"`
-	Name          string `yaml:"name" json:"name" default:"kubeshark"`
-	Namespace     string `yaml:"namespace" json:"namespace" default:"default"`
+	Repo      string `yaml:"repo" json:"repo" default:"https://helm.kubeshark.com"`
+	Name      string `yaml:"name" json:"name" default:"kubeshark"`
+	Namespace string `yaml:"namespace" json:"namespace" default:"default"`
 	HelmChartPath string `yaml:"helmChartPath" json:"helmChartPath" default:""`
 }
 

helm-chart/docs/snapshots_cloud_storage.md

@@ -95,85 +95,7 @@ helm install kubeshark kubeshark/kubeshark \
 
 ### Example: IRSA (recommended for EKS)
 
-[IAM Roles for Service Accounts (IRSA)](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) lets EKS pods assume an IAM role without static credentials. EKS injects a short-lived token into the pod automatically.
-
-**Prerequisites:**
-
-1. Your EKS cluster must have an [OIDC provider](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) associated with it.
-2. An IAM role with a trust policy that allows the Kubeshark service account to assume it.
-
-**Step 1 — Create an IAM policy scoped to your bucket:**
-
-```json
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "s3:GetObject",
-        "s3:PutObject",
-        "s3:DeleteObject",
-        "s3:GetObjectVersion",
-        "s3:DeleteObjectVersion",
-        "s3:ListBucket",
-        "s3:ListBucketVersions",
-        "s3:GetBucketLocation",
-        "s3:GetBucketVersioning"
-      ],
-      "Resource": [
-        "arn:aws:s3:::my-kubeshark-snapshots",
-        "arn:aws:s3:::my-kubeshark-snapshots/*"
-      ]
-    }
-  ]
-}
-```
-
-> For read-only access, remove `s3:PutObject`, `s3:DeleteObject`, and `s3:DeleteObjectVersion`.
-
-**Step 2 — Create an IAM role with IRSA trust policy:**
-
-```bash
-# Get your cluster's OIDC provider URL
-OIDC_PROVIDER=$(aws eks describe-cluster --name CLUSTER_NAME \
-  --query "cluster.identity.oidc.issuer" --output text | sed 's|https://||')
-
-# Create a trust policy
-# The default K8s SA name is "<release-name>-service-account" (e.g. "kubeshark-service-account")
-cat > trust-policy.json <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Principal": {
-        "Federated": "arn:aws:iam::ACCOUNT_ID:oidc-provider/${OIDC_PROVIDER}"
-      },
-      "Action": "sts:AssumeRoleWithWebIdentity",
-      "Condition": {
-        "StringEquals": {
-          "${OIDC_PROVIDER}:sub": "system:serviceaccount:NAMESPACE:kubeshark-service-account",
-          "${OIDC_PROVIDER}:aud": "sts.amazonaws.com"
-        }
-      }
-    }
-  ]
-}
-EOF
-
-# Create the role and attach your policy
-aws iam create-role \
-  --role-name KubesharkS3Role \
-  --assume-role-policy-document file://trust-policy.json
-
-aws iam put-role-policy \
-  --role-name KubesharkS3Role \
-  --policy-name KubesharkSnapshotsBucketAccess \
-  --policy-document file://bucket-policy.json
-```
-
-**Step 3 — Create a ConfigMap with bucket configuration:**
+Create a ConfigMap with bucket configuration:
 
 ```yaml
 apiVersion: v1
@@ -185,12 +107,10 @@ data:
   SNAPSHOT_AWS_REGION: us-east-1
 ```
 
-**Step 4 — Set Helm values with `tap.annotations` to annotate the service account:**
+Set Helm values:
 
 ```yaml
 tap:
-  annotations:
-    eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT_ID:role/KubesharkS3Role
   snapshots:
     cloud:
       provider: "s3"
@@ -198,17 +118,7 @@ tap:
         - kubeshark-s3-config
 ```
 
-Or via `--set`:
-
-```bash
-helm install kubeshark kubeshark/kubeshark \
-  --set tap.snapshots.cloud.provider=s3 \
-  --set tap.snapshots.cloud.s3.bucket=my-kubeshark-snapshots \
-  --set tap.snapshots.cloud.s3.region=us-east-1 \
-  --set tap.annotations."eks\.amazonaws\.com/role-arn"=arn:aws:iam::ACCOUNT_ID:role/KubesharkS3Role
-```
-
-No `accessKey`/`secretKey` is needed — EKS injects credentials automatically via the IRSA token.
+The hub pod's service account must be annotated for IRSA with an IAM role that has S3 access to the bucket.
 
 ### Example: Static Credentials
 

helm-chart/templates/06-front-deployment.yaml

@@ -92,8 +92,6 @@ spec:
               value: '{{ default false .Values.betaEnabled | ternary "true" "false" }}'
             - name: REACT_APP_DISSECTORS_UPDATING_ENABLED
               value: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "false" "true" }}'
-            - name: REACT_APP_CLUSTER_WIDE_MAP_ENABLED
-              value: '{{ default false (((.Values).tap).dashboard).clusterWideMapEnabled }}'
             - name: REACT_APP_RAW_CAPTURE_ENABLED
               value: '{{ .Values.tap.capture.raw.enabled | ternary "true" "false" }}'
             - name: REACT_APP_SENTRY_ENABLED

helm-chart/values.yaml

@@ -185,7 +185,6 @@ tap:
   dashboard:
     streamingType: connect-rpc
     completeStreamingEnabled: true
-    clusterWideMapEnabled: false
   telemetry:
     enabled: true
   resourceGuard: