🔖 Bump the Helm chart version to 53.2.5 (#1920)

Co-authored-by: Alon Girmonsky <alongir@Alons-Mac-Studio.local>

Makefile

@@ -253,52 +253,111 @@ port-forward:
 	kubectl port-forward $$(kubectl get pods | awk '$$1 ~ /^$(POD_PREFIX)/' | awk 'END {print $$1}') $(SRC_PORT):$(DST_PORT)
 
 release: ## Print release workflow instructions.
-	@echo "Release workflow (2 steps):"
+	@echo "Release workflow — each step is idempotent and can be rerun on its own:"
 	@echo ""
-	@echo "  1. make release-pr VERSION=x.y.z"
-	@echo "     Tags sibling repos, bumps version, creates PRs"
-	@echo "     (kubeshark + kubeshark.github.io helm chart)."
-	@echo "     Review and merge both PRs manually."
+	@echo "  1. make release-siblings VERSION=x.y.z"
+	@echo "     Tag worker, hub, front with vx.y.z. Also run standalone when"
+	@echo "     rebuilding docker images without cutting a full release."
 	@echo ""
-	@echo "  2. (automatic) Tag is created when release PR merges."
-	@echo "     Fallback: make release-tag VERSION=x.y.z"
+	@echo "  2. make release-pr-kubeshark VERSION=x.y.z"
+	@echo "     Bump Helm Chart.yaml, build, open release PR on kubeshark."
+	@echo ""
+	@echo "  3. make release-pr-helm VERSION=x.y.z"
+	@echo "     Sync helm-chart/ into kubeshark.github.io, open helm PR."
+	@echo "     Requires release/vx.y.z branch (created by step 2)."
+	@echo ""
+	@echo "  Shortcut: make release-pr VERSION=x.y.z runs 1 → 2 → 3."
+	@echo ""
+	@echo "  After both PRs merge: tag is created automatically,"
+	@echo "  or run: make release-tag VERSION=x.y.z"
 
-release-pr: ## Step 1: Tag sibling repos, bump version, create release PR.
-	@cd ../worker && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
-	@cd ../hub && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
-	@cd ../front && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
+# Internal: validate VERSION before any release-* target runs.
+_release-check-version:
+	@if [ -z "$(VERSION)" ]; then echo "ERROR: VERSION is required. Usage: make <target> VERSION=x.y.z"; exit 1; fi
+	@echo "$(VERSION)" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+' || { echo "ERROR: VERSION must be semver (e.g. 53.2.4)"; exit 1; }
+
+release-siblings: _release-check-version ## Tag worker, hub, front with v$(VERSION). Idempotent; standalone for docker-image-only updates.
+	@for repo in worker hub front; do \
+		echo "==> $$repo: ensuring v$(VERSION) tag"; \
+		(cd ../$$repo && git checkout master && git pull) || exit 1; \
+		if (cd ../$$repo && git ls-remote --tags origin "refs/tags/v$(VERSION)" | grep -q .); then \
+			echo "    v$(VERSION) already on origin — skipping"; \
+		else \
+			(cd ../$$repo && git tag -d v$(VERSION) 2>/dev/null; git tag v$(VERSION) && git push origin "refs/tags/v$(VERSION)") || exit 1; \
+		fi; \
+	done
+
+release-pr-kubeshark: _release-check-version ## Bump Chart.yaml, build, open release PR on kubeshark.
 	@cd ../kubeshark && git checkout master && git pull
-	@sed -i '' "s/^version:.*/version: \"$(shell echo $(VERSION) | sed -E 's/^([0-9]+\.[0-9]+\.[0-9]+)\..*/\1/')\"/" helm-chart/Chart.yaml
+	@NEW=$$(echo $(VERSION) | sed -E 's/^([0-9]+\.[0-9]+\.[0-9]+).*/\1/'); \
+	CUR=$$(awk '/^version:/ {gsub(/"/,"",$$2); print $$2; exit}' helm-chart/Chart.yaml); \
+	if [ "$$CUR" != "$$NEW" ]; then \
+		sed -i '' "s/^version:.*/version: \"$$NEW\"/" helm-chart/Chart.yaml; \
+	else \
+		echo "Chart.yaml already at $$NEW"; \
+	fi
 	@$(MAKE) build VER=$(VERSION)
 	@if [ "$(shell uname)" = "Darwin" ]; then \
 		codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/kubeshark__; \
 	fi
 	@$(MAKE) generate-helm-values && $(MAKE) generate-manifests
+	@if git show-ref --verify --quiet refs/heads/release/v$(VERSION); then \
+		git branch -D release/v$(VERSION); \
+	fi
 	@git checkout -b release/v$(VERSION)
 	@git add -A .
-	@git commit -m ":bookmark: Bump the Helm chart version to $(VERSION)"
-	@git push -u origin release/v$(VERSION)
-	@gh pr create --title ":bookmark: Release v$(VERSION)" \
-		--body "Automated release PR for v$(VERSION)." \
-		--base master \
-		--reviewer corest
-	@git checkout master && git pull
-	@cd ../kubeshark.github.io \
-		&& git checkout master && git pull \
-		&& rm -rf charts/chart \
-		&& mkdir charts/chart \
-		&& cp -r ../kubeshark/helm-chart/ charts/chart/ \
-		&& git checkout -b helm-v$(VERSION) \
-		&& git add -A . \
-		&& git commit -m ":sparkles: Update the Helm chart to v$(VERSION)" \
-		&& git push -u origin helm-v$(VERSION) \
-		&& gh pr create --title ":sparkles: Helm chart v$(VERSION)" \
+	@if ! git diff --cached --quiet; then \
+		git commit -m ":bookmark: Bump the Helm chart version to $(VERSION)"; \
+	else \
+		echo "nothing to commit"; \
+	fi
+	@git push --force-with-lease -u origin release/v$(VERSION)
+	@if gh pr view release/v$(VERSION) --json number >/dev/null 2>&1; then \
+		echo "PR already exists for release/v$(VERSION)"; \
+	else \
+		gh pr create --title ":bookmark: Release v$(VERSION)" \
+			--body "Automated release PR for v$(VERSION)." \
+			--base master \
+			--reviewer corest; \
+	fi
+
+release-pr-helm: _release-check-version ## Sync helm-chart/ to kubeshark.github.io and open the helm PR. Requires release/v$(VERSION) branch (step 2).
+	@git fetch origin "refs/heads/release/v$(VERSION):refs/heads/release/v$(VERSION)" 2>/dev/null || true
+	@if ! git show-ref --verify --quiet refs/heads/release/v$(VERSION); then \
+		echo "ERROR: release/v$(VERSION) branch not found locally or on origin."; \
+		echo "Run 'make release-pr-kubeshark VERSION=$(VERSION)' first."; \
+		exit 1; \
+	fi
+	@git checkout release/v$(VERSION)
+	@cd ../kubeshark.github.io && git checkout master && git pull \
+		&& rm -rf charts/chart && mkdir -p charts/chart \
+		&& cp -r ../kubeshark/helm-chart/ charts/chart/
+	@cd ../kubeshark.github.io && \
+	if git show-ref --verify --quiet refs/heads/helm-v$(VERSION); then \
+		git branch -D helm-v$(VERSION); \
+	fi && \
+	git checkout -b helm-v$(VERSION) && \
+	git add -A . && \
+	if ! git diff --cached --quiet; then \
+		git commit -m ":sparkles: Update the Helm chart to v$(VERSION)"; \
+	else \
+		echo "nothing to commit"; \
+	fi && \
+	git push --force-with-lease -u origin helm-v$(VERSION) && \
+	if ! gh pr view helm-v$(VERSION) --json number >/dev/null 2>&1; then \
+		gh pr create --title ":sparkles: Helm chart v$(VERSION)" \
 			--body "Update Helm chart for release v$(VERSION)." \
 			--base master \
-			--reviewer corest \
-		&& git checkout master
+			--reviewer corest; \
+	else \
+		echo "PR already exists for helm-v$(VERSION)"; \
+	fi && \
+	git checkout master
+	@cd ../kubeshark && git checkout master && git pull
+
+release-pr: release-siblings release-pr-kubeshark release-pr-helm ## Run release-siblings, release-pr-kubeshark, and release-pr-helm in sequence.
 	@echo ""
-	@echo "Release PRs created:"
+	@echo "Release PRs created (or already present):"
 	@echo "  - kubeshark: Review and merge the release PR."
 	@echo "  - kubeshark.github.io: Review and merge the helm chart PR."
 	@echo "Tag will be created automatically, or run: make release-tag VERSION=$(VERSION)"

config/configStruct.go

@@ -129,6 +129,8 @@ func CreateDefaultConfig() ConfigStruct {
 				"icmp",
 				"kafka",
 				"mongodb",
+				"mysql",
+				"postgresql",
 				"redis",
 				// "sctp",
 				// "syscall",
@@ -149,18 +151,12 @@ func CreateDefaultConfig() ConfigStruct {
 				AMQP:     []uint16{5671, 5672},
 				KAFKA:    []uint16{9092},
 				MONGODB:  []uint16{27017},
-				REDIS:    []uint16{6379},
+				MYSQL:      []uint16{3306},
+				POSTGRESQL: []uint16{5432},
+				REDIS:      []uint16{6379},
 				LDAP:     []uint16{389},
 				DIAMETER: []uint16{3868},
 			},
-			Nginx: configStructs.NginxConfig{
-				Proxy: configStructs.ProxyNginxConfig{
-					BufferSize:      "64k",
-					BuffersCount:    "4",
-					BuffersSize:     "128k",
-					BusyBuffersSize: "128k",
-				},
-			},
 			Dashboard: configStructs.DashboardConfig{
 				CompleteStreamingEnabled: true,
 				ClusterWideMapEnabled:    false,

config/configStructs/tapConfig.go

@@ -203,23 +203,13 @@ type DashboardConfig struct {
 	StreamingType            string `yaml:"streamingType" json:"streamingType" default:"connect-rpc"`
 	CompleteStreamingEnabled bool   `yaml:"completeStreamingEnabled" json:"completeStreamingEnabled" default:"true"`
 	ClusterWideMapEnabled    bool   `yaml:"clusterWideMapEnabled" json:"clusterWideMapEnabled" default:"false"`
+	EntriesLimit             string `yaml:"entriesLimit" json:"entriesLimit" default:"300000"`
 }
 
 type FrontRoutingConfig struct {
 	BasePath string `yaml:"basePath" json:"basePath" default:""`
 }
 
-type NginxConfig struct {
-	Proxy ProxyNginxConfig `yaml:"proxy" json:"proxy"`
-}
-
-type ProxyNginxConfig struct {
-	BufferSize      string `yaml:"bufferSize" json:"bufferSize" default:"64k"`
-	BuffersCount    string `yaml:"buffersCount" json:"buffersCount" default:"4"`
-	BuffersSize     string `yaml:"buffersSize" json:"buffersSize" default:"128k"`
-	BusyBuffersSize string `yaml:"busyBuffersSize" json:"busyBuffersSize" default:"128k"`
-}
-
 type ReleaseConfig struct {
 	Repo          string `yaml:"repo" json:"repo" default:"https://helm.kubeshark.com"`
 	Name          string `yaml:"name" json:"name" default:"kubeshark"`
@@ -294,7 +284,9 @@ type PortMapping struct {
 	AMQP     []uint16 `yaml:"amqp" json:"amqp"`
 	KAFKA    []uint16 `yaml:"kafka" json:"kafka"`
 	MONGODB  []uint16 `yaml:"mongodb" json:"mongodb"`
-	REDIS    []uint16 `yaml:"redis" json:"redis"`
+	MYSQL      []uint16 `yaml:"mysql" json:"mysql"`
+	POSTGRESQL []uint16 `yaml:"postgresql" json:"postgresql"`
+	REDIS      []uint16 `yaml:"redis" json:"redis"`
 	LDAP     []uint16 `yaml:"ldap" json:"ldap"`
 	DIAMETER []uint16 `yaml:"diameter" json:"diameter"`
 }
@@ -419,7 +411,6 @@ type TapConfig struct {
 	Routing                        RoutingConfig           `yaml:"routing" json:"routing"`
 	IPv6                           bool                    `yaml:"ipv6" json:"ipv6" default:"true"`
 	Debug                          bool                    `yaml:"debug" json:"debug" default:"false"`
-	Nginx                          NginxConfig             `yaml:"nginx" json:"nginx"`
 	Dashboard                      DashboardConfig         `yaml:"dashboard" json:"dashboard"`
 	Telemetry                      TelemetryConfig         `yaml:"telemetry" json:"telemetry"`
 	ResourceGuard                  ResourceGuardConfig     `yaml:"resourceGuard" json:"resourceGuard"`

helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kubeshark
-version: "53.2.2"
+version: "53.2.5"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.com
 keywords:

helm-chart/templates/06-front-deployment.yaml

@@ -92,6 +92,8 @@ spec:
               value: '{{ default false (((.Values).tap).dashboard).clusterWideMapEnabled }}'
             - name: REACT_APP_RAW_CAPTURE_ENABLED
               value: '{{ .Values.tap.capture.raw.enabled | ternary "true" "false" }}'
+            - name: REACT_APP_ENTRIES_LIMIT
+              value: '{{ default 300000 (((.Values).tap).dashboard).entriesLimit }}'
             - name: REACT_APP_SENTRY_ENABLED
               value: '{{ (include "sentry.enabled" .) }}'
             - name: REACT_APP_SENTRY_ENVIRONMENT

helm-chart/templates/11-nginx-config-map.yaml

@@ -20,9 +20,9 @@ data:
       client_header_buffer_size   32k;
       large_client_header_buffers 8 64k;
 
-      proxy_buffer_size {{ default "64k" ((((.Values).tap).nginx).proxy).bufferSize }};
-      proxy_buffers {{ default "4" ((((.Values).tap).nginx).proxy).buffersCount }} {{ default "128k" ((((.Values).tap).nginx).proxy).buffersSize }};
-      proxy_busy_buffers_size {{ default "128k" ((((.Values).tap).nginx).proxy).busyBuffersSize }};
+      proxy_buffer_size 64k;
+      proxy_buffers 4 128k;
+      proxy_busy_buffers_size 128k;
 
       location {{ default "" (((.Values.tap).routing).front).basePath }}/api {
         rewrite ^{{ default "" (((.Values.tap).routing).front).basePath }}/api(.*)$ $1 break;

helm-chart/values.yaml

@@ -182,18 +182,13 @@ tap:
   routing:
     front:
       basePath: ""
-  nginx:
-    proxy:
-      bufferSize: 64k
-      buffersCount: 4
-      buffersSize: 128k
-      busyBuffersSize: 128k
   ipv6: true
   debug: false
   dashboard:
     streamingType: connect-rpc
     completeStreamingEnabled: true
     clusterWideMapEnabled: false
+    entriesLimit: "300000"
   telemetry:
     enabled: true
   resourceGuard:
@@ -214,6 +209,8 @@ tap:
   - icmp
   - kafka
   - mongodb
+  - mysql
+  - postgresql
   - redis
   - ws
   - ldap
@@ -235,6 +232,10 @@ tap:
     - 9092
     mongodb:
     - 27017
+    mysql:
+    - 3306
+    postgresql:
+    - 5432
     redis:
     - 6379
     ldap:

manifests/complete.yaml

@@ -4,10 +4,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   name: kubeshark-hub-network-policy
   namespace: default
@@ -33,10 +33,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front-network-policy
@@ -60,10 +60,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-dex-network-policy
@@ -87,10 +87,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-worker-network-policy
@@ -116,10 +116,10 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   name: kubeshark-service-account
   namespace: default
@@ -132,10 +132,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.com/app: hub
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
 stringData:
     LICENSE: ''
@@ -151,10 +151,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.com/app: hub
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
 stringData:
   AUTH_SAML_X509_CRT: |
@@ -167,10 +167,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.com/app: hub
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
 stringData:
   AUTH_SAML_X509_KEY: |
@@ -182,10 +182,10 @@ metadata:
   name: kubeshark-nginx-config-map
   namespace: default
   labels:
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
 data:
   default.conf: |
@@ -199,6 +199,10 @@ data:
       client_header_buffer_size   32k;
       large_client_header_buffers 8 64k;
 
+      proxy_buffer_size 64k;
+      proxy_buffers 4 128k;
+      proxy_busy_buffers_size 128k;
+
       location /api {
         rewrite ^/api(.*)$ $1 break;
         proxy_pass http://kubeshark-hub;
@@ -248,10 +252,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.com/app: hub
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
 data:
     POD_REGEX: '.*'
@@ -289,7 +293,7 @@ data:
     TIMEZONE: ' '
     CLOUD_LICENSE_ENABLED: 'true'
     DUPLICATE_TIMEFRAME: '200ms'
-    ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,mongodb,redis,ws,ldap,radius,diameter,udp-flow,tcp-flow,udp-conn,tcp-conn'
+    ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,mongodb,mysql,postgresql,redis,ws,ldap,radius,diameter,udp-flow,tcp-flow,udp-conn,tcp-conn'
     CUSTOM_MACROS: '{"https":"tls and (http or http2)"}'
     DISSECTORS_UPDATING_ENABLED: 'true'
     SNAPSHOTS_UPDATING_ENABLED: 'true'
@@ -299,7 +303,7 @@ data:
     PCAP_TIME_INTERVAL: '1m'
     PCAP_MAX_TIME: '1h'
     PCAP_MAX_SIZE: '500MB'
-    PORT_MAPPING: '{"amqp":[5671,5672],"diameter":[3868],"http":[80,443,8080],"kafka":[9092],"ldap":[389],"mongodb":[27017],"redis":[6379]}'
+    PORT_MAPPING: '{"amqp":[5671,5672],"diameter":[3868],"http":[80,443,8080],"kafka":[9092],"ldap":[389],"mongodb":[27017],"mysql":[3306],"postgresql":[5432],"redis":[6379]}'
     RAW_CAPTURE_ENABLED: 'true'
     RAW_CAPTURE_STORAGE_SIZE: '1Gi'
 ---
@@ -308,10 +312,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   name: kubeshark-cluster-role-default
   namespace: default
@@ -355,10 +359,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   name: kubeshark-cluster-role-binding-default
   namespace: default
@@ -376,10 +380,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   labels:
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role
@@ -435,10 +439,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role-binding
@@ -458,10 +462,10 @@ kind: Service
 metadata:
   labels:
     app.kubeshark.com/app: hub
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   name: kubeshark-hub
   namespace: default
@@ -479,10 +483,10 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   name: kubeshark-front
   namespace: default
@@ -500,10 +504,10 @@ kind: Service
 apiVersion: v1
 metadata:
   labels:
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
     prometheus.io/scrape: 'true'
@@ -513,10 +517,10 @@ metadata:
 spec:
   selector:
     app.kubeshark.com/app: worker
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   ports:
   - name: metrics
@@ -529,10 +533,10 @@ kind: Service
 apiVersion: v1
 metadata:
   labels:
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
     prometheus.io/scrape: 'true'
@@ -542,10 +546,10 @@ metadata:
 spec:
   selector:
     app.kubeshark.com/app: hub
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   ports:
   - name: metrics
@@ -560,10 +564,10 @@ metadata:
   labels:
     app.kubeshark.com/app: worker
     sidecar.istio.io/inject: "false"
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   name: kubeshark-worker-daemon-set
   namespace: default
@@ -577,10 +581,10 @@ spec:
     metadata:
       labels:
         app.kubeshark.com/app: worker
-        helm.sh/chart: kubeshark-53.2.2
+        helm.sh/chart: kubeshark-53.2.5
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "53.2.2"
+        app.kubernetes.io/version: "53.2.5"
         app.kubernetes.io/managed-by: Helm
       name: kubeshark-worker-daemon-set
       namespace: kubeshark
@@ -801,10 +805,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.com/app: hub
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   name: kubeshark-hub
   namespace: default
@@ -819,10 +823,10 @@ spec:
     metadata:
       labels:
         app.kubeshark.com/app: hub
-        helm.sh/chart: kubeshark-53.2.2
+        helm.sh/chart: kubeshark-53.2.5
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "53.2.2"
+        app.kubernetes.io/version: "53.2.5"
         app.kubernetes.io/managed-by: Helm
     spec:
       dnsPolicy: ClusterFirstWithHostNet
@@ -932,10 +936,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.com/app: front
-    helm.sh/chart: kubeshark-53.2.2
+    helm.sh/chart: kubeshark-53.2.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "53.2.2"
+    app.kubernetes.io/version: "53.2.5"
     app.kubernetes.io/managed-by: Helm
   name: kubeshark-front
   namespace: default
@@ -950,10 +954,10 @@ spec:
     metadata:
       labels:
         app.kubeshark.com/app: front
-        helm.sh/chart: kubeshark-53.2.2
+        helm.sh/chart: kubeshark-53.2.5
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "53.2.2"
+        app.kubernetes.io/version: "53.2.5"
         app.kubernetes.io/managed-by: Helm
     spec:
       containers:
@@ -1002,6 +1006,8 @@ spec:
               value: 'false'
             - name: REACT_APP_RAW_CAPTURE_ENABLED
               value: 'true'
+            - name: REACT_APP_ENTRIES_LIMIT
+              value: '300000'
             - name: REACT_APP_SENTRY_ENABLED
               value: 'false'
             - name: REACT_APP_SENTRY_ENVIRONMENT

skills/kfl/SKILL.md

@@ -88,13 +88,15 @@ filter term — they're fast and narrow the search space immediately.
 |------|----------|------|----------|
 | `http` | HTTP/1.1, HTTP/2 | `redis` | Redis |
 | `dns` | DNS | `kafka` | Kafka |
-| `tls` | TLS/SSL | `amqp` | AMQP |
+| `tls` | eBPF TLS interception | `amqp` | AMQP |
 | `tcp` | TCP | `ldap` | LDAP |
 | `udp` | UDP | `ws` | WebSocket |
 | `sctp` | SCTP | `gql` | GraphQL (v1+v2) |
 | `icmp` | ICMP | `gqlv1` / `gqlv2` | GraphQL version-specific |
-| `radius` | RADIUS | `conn` / `flow` | L4 connection/flow tracking |
-| `diameter` | Diameter | `tcp_conn` / `udp_conn` | Transport-specific connections |
+| `grpc` | gRPC (HTTP/2 sub-protocol) | `mongodb` | MongoDB |
+| `mysql` | MySQL | `radius` | RADIUS |
+| `diameter` | Diameter | `conn` / `flow` | L4 connection/flow tracking |
+| | | `tcp_conn` / `udp_conn` | Transport-specific connections |
 
 ## Kubernetes Context
 
@@ -112,6 +114,17 @@ dst.service.namespace == "payments"
 Pod fields fall back to service data when pod info is unavailable, so
 `dst.pod.namespace` works even for service-level entries.
 
+### Summary Name and Namespace
+
+Convenience variables that pick the best available identity for a peer:
+
+```
+src.name == "api-gateway"                    // pod > service > dns > process
+dst.name.contains("payment")                 // works across identity types
+src.namespace == "production"                 // pod namespace, falls back to service
+dst.namespace != "kube-system"               // exclude system namespace
+```
+
 ### Aggregate Collections
 
 Match against any direction (src or dst):
@@ -192,8 +205,14 @@ http && request.headers["content-type"] == "application/json"
 
 // GraphQL (subset of HTTP)
 gql && method == "POST" && status_code >= 400
+
+// Only eBPF-intercepted TLS traffic (decrypted HTTPS)
+tls && http && status_code >= 500
 ```
 
+> **Note on `tls`**: The `tls` flag is an alias for `capture_source == "ebpf_tls"`.
+> It indicates traffic captured via eBPF TLS interception, not TLS protocol dissection.
+
 ## DNS Filtering
 
 DNS issues are often the hidden root cause of outages.
@@ -235,6 +254,40 @@ kafka && kafka_request_summary.contains("orders")    // Topic filtering
 kafka && kafka_size > 10000                          // Large messages
 ```
 
+### MongoDB
+
+```
+mongodb && mongodb_command == "find"                  // Find operations
+mongodb && mongodb_collection == "users"              // Collection filtering
+mongodb && mongodb_database == "mydb"                 // Database filtering
+mongodb && !mongodb_success                           // Failed operations
+mongodb && mongodb_error_code != 0                    // Error code filtering
+mongodb && mongodb_total_size > 10000                 // Large operations
+```
+
+### MySQL
+
+```
+mysql && mysql_command == "COM_QUERY"                 // SQL queries
+mysql && mysql_query.contains("SELECT")               // SELECT statements
+mysql && mysql_database == "orders_db"                // Database filtering
+mysql && !mysql_success                               // Failed queries
+mysql && mysql_error_code != 0                        // Error code filtering
+mysql && mysql_total_size > 10000                     // Large queries
+```
+
+### gRPC
+
+gRPC is a sub-protocol of HTTP/2. All HTTP variables are also available on gRPC entries.
+
+```
+grpc && grpc_method == "SayHello"                     // Method filtering
+grpc && grpc_status != 0                              // Non-OK status codes
+grpc && grpc_status == 14                             // UNAVAILABLE
+grpc && grpc_method.contains("Create")                // Method pattern
+grpc && elapsed_time > 1000000                        // Slow gRPC calls (>1s)
+```
+
 ### AMQP, LDAP, RADIUS, Diameter
 
 ```
@@ -288,7 +341,7 @@ dst.port >= 8000 && dst.port <= 9000
 timestamp > timestamp("2026-03-14T22:00:00Z")
 timestamp >= timestamp("2026-03-14T22:00:00Z") && timestamp <= timestamp("2026-03-14T23:00:00Z")
 timestamp > now() - duration("5m")                   // Last 5 minutes
-elapsed_time > 2000000                               // Older than 2 seconds
+elapsed_time > 2000000                               // Latency > 2 seconds
 ```
 
 ## Building Filters: Progressive Narrowing

skills/kfl/references/kfl2-reference.md

@@ -39,7 +39,7 @@ These are the variables you'll reach for in 90% of investigations:
 | `index` | int | Entry index for stream uniqueness |
 | `stream` | string | Stream identifier (hex string) |
 | `timestamp` | timestamp | Event time (UTC), use with `timestamp()` function |
-| `elapsed_time` | int | Age since timestamp in microseconds |
+| `elapsed_time` | int | Response-request latency in microseconds |
 | `worker` | string | Worker identifier |
 
 ## Cross-Reference Variables
@@ -67,13 +67,15 @@ Boolean variables indicating detected protocol. Use as first filter term for per
 |----------|----------|----------|----------|
 | `http` | HTTP/1.1, HTTP/2 | `redis` | Redis |
 | `dns` | DNS | `kafka` | Kafka |
-| `tls` | TLS/SSL handshake | `amqp` | AMQP messaging |
+| `tls` | eBPF TLS interception | `amqp` | AMQP messaging |
 | `tcp` | TCP transport | `ldap` | LDAP directory |
 | `udp` | UDP transport | `ws` | WebSocket |
 | `sctp` | SCTP streaming | `gql` | GraphQL (v1 or v2) |
 | `icmp` | ICMP | `gqlv1` | GraphQL v1 only |
-| `radius` | RADIUS auth | `gqlv2` | GraphQL v2 only |
-| `diameter` | Diameter | `conn` | L4 connection tracking |
+| `grpc` | gRPC (HTTP/2 sub-protocol) | `gqlv2` | GraphQL v2 only |
+| `mongodb` | MongoDB | `mysql` | MySQL |
+| `radius` | RADIUS auth | `diameter` | Diameter |
+| | | `conn` | L4 connection tracking |
 | `flow` | L4 flow tracking | `tcp_conn` | TCP connection tracking |
 | `tcp_flow` | TCP flow tracking | `udp_conn` | UDP connection tracking |
 | `udp_flow` | UDP flow tracking | | |
@@ -123,7 +125,7 @@ Supported question types: A, AAAA, NS, CNAME, SOA, MX, TXT, SRV, PTR, ANY.
 
 | Variable | Type | Description | Example |
 |----------|------|-------------|---------|
-| `tls` | bool | TLS payload detected | |
+| `tls` | bool | eBPF TLS interception (alias for `capture_source == "ebpf_tls"`) | |
 | `tls_summary` | string | TLS handshake summary | `"ClientHello"`, `"ServerHello"` |
 | `tls_info` | string | TLS connection details | `"TLS 1.3, AES-256-GCM"` |
 | `tls_request_size` | int | TLS request size in bytes | |
@@ -263,6 +265,55 @@ Supported question types: A, AAAA, NS, CNAME, SOA, MX, TXT, SRV, PTR, ANY.
 | `diameter_response_length` | int | Response size (0 if absent) |
 | `diameter_total_size` | int | Sum of request + response |
 
+## MongoDB Variables
+
+| Variable | Type | Description | Example |
+|----------|------|-------------|---------|
+| `mongodb` | bool | MongoDB payload detected | |
+| `mongodb_command` | string | Operation type | `"find"`, `"insert"`, `"update"`, `"delete"` |
+| `mongodb_database` | string | Database name | `"mydb"` |
+| `mongodb_collection` | string | Collection name | `"users"` |
+| `mongodb_opcode` | string | Operation opcode name | |
+| `mongodb_request_size` | int | Request size in bytes | |
+| `mongodb_response_size` | int | Response size in bytes | |
+| `mongodb_total_size` | int | Combined request + response size | |
+| `mongodb_success` | bool | Operation success status | |
+| `mongodb_error_code` | int | Error code | |
+| `mongodb_error_message` | string | Error description | |
+| `mongodb_error_code_name` | string | Named error code | |
+
+**Example**: `mongodb && mongodb_command == "find" && mongodb_collection == "users"`
+
+## MySQL Variables
+
+| Variable | Type | Description | Example |
+|----------|------|-------------|---------|
+| `mysql` | bool | MySQL payload detected | |
+| `mysql_command` | string | SQL command name | `"COM_QUERY"`, `"COM_STMT_PREPARE"` |
+| `mysql_query` | string | Full SQL query text | `"SELECT * FROM users"` |
+| `mysql_database` | string | Active database name | `"orders_db"` |
+| `mysql_statement_id` | int | Prepared statement identifier | |
+| `mysql_request_size` | int | Request payload size in bytes | |
+| `mysql_response_size` | int | Response payload size in bytes | |
+| `mysql_total_size` | int | Combined request + response size | |
+| `mysql_success` | bool | Response OK status | |
+| `mysql_error_code` | int | MySQL error code | |
+| `mysql_error_message` | string | Error description | |
+
+**Example**: `mysql && mysql_query.contains("SELECT") && !mysql_success`
+
+## gRPC Variables
+
+gRPC is a sub-protocol of HTTP/2. When `grpc` is true, all HTTP variables are also available.
+
+| Variable | Type | Description | Example |
+|----------|------|-------------|---------|
+| `grpc` | bool | gRPC payload detected | |
+| `grpc_method` | string | Trailing method name from gRPC :path | `"SayHello"` (from `/helloworld.Greeter/SayHello`) |
+| `grpc_status` | int | gRPC status code from Grpc-Status trailer | `0`=OK, `5`=NOT_FOUND, `14`=UNAVAILABLE; `-1` on non-gRPC |
+
+**Example**: `grpc && grpc_status != 0 && grpc_method.contains("Create")`
+
 ## L4 Connection Tracking Variables
 
 | Variable | Type | Description | Example |
@@ -320,6 +371,15 @@ even when only service-level resolution exists.
 
 **Example**: `src.service.name == "api-gateway" && dst.pod.namespace == "production"`
 
+### Summary Name and Namespace
+
+| Variable | Type | Description |
+|----------|------|-------------|
+| `src.name` | string | Worker-enriched summary name of source (pod > service > dns > process) |
+| `dst.name` | string | Worker-enriched summary name of destination |
+| `src.namespace` | string | Source namespace with service fallback |
+| `dst.namespace` | string | Destination namespace with service fallback |
+
 ### Aggregate Collections (Non-Directional)
 
 | Variable | Type | Description |