🔖 Bump the Helm chart version to

Makefile

@@ -152,3 +152,14 @@ proxy:
 
 port-forward-worker:
 	kubectl port-forward $$(kubectl get pods | awk '$$1 ~ /^$(LOGS_POD_PREFIX)/' | awk 'END {print $$1}') $(LOGS_FOLLOW) 8897:8897
+
+release:
+	@cd ../worker && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
+	@cd ../hub && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
+	@cd ../front && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
+	@cd ../kubeshark && sed -i 's/^version:.*/version: "$(VERSION)"/' helm-chart/Chart.yaml
+	@git add -A . && git commit -m ":bookmark: Bump the Helm chart version to `$(VERSION)`" && git push
+	@git tag v$(VERSION) && git push origin --tags
+	@cd helm-chart && cp -r . ../../kubeshark.github.io/charts/chart
+	@cd ../../kubeshark.github.io/ && git add -A . && git commit -m ":sparkles: Update the Helm chart" && git push
+	@cd ../kubeshark

cmd/tapRunner.go

@@ -200,7 +200,6 @@ func watchHubPod(ctx context.Context, kubernetesProvider *kubernetes.Provider, c
 					ready.Lock()
 					ready.Hub = true
 					ready.Unlock()
-					postHubStarted(ctx, kubernetesProvider, cancel)
 				}
 
 				ready.Lock()
@@ -406,12 +405,6 @@ func watchHubEvents(ctx context.Context, kubernetesProvider *kubernetes.Provider
 	}
 }
 
-func postHubStarted(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) {
-	if config.Config.Scripting.Source != "" && config.Config.Scripting.WatchScripts {
-		watchScripts(false)
-	}
-}
-
 func postFrontStarted(ctx context.Context, kubernetesProvider *kubernetes.Provider, cancel context.CancelFunc) {
 	startProxyReportErrorIfAny(
 		kubernetesProvider,
@@ -435,6 +428,14 @@ func postFrontStarted(ctx context.Context, kubernetesProvider *kubernetes.Provid
 	if !config.Config.HeadlessMode {
 		utils.OpenBrowser(url)
 	}
+
+	for !ready.Hub {
+		time.Sleep(100 * time.Millisecond)
+	}
+
+	if config.Config.Scripting.Source != "" && config.Config.Scripting.WatchScripts {
+		watchScripts(false)
+	}
 }
 
 func updateConfig(kubernetesProvider *kubernetes.Provider) {
@@ -457,4 +458,5 @@ func updateConfig(kubernetesProvider *kubernetes.Provider) {
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_ENABLED, authEnabled)
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_EMAILS, strings.Join(config.Config.Tap.Auth.ApprovedEmails, ","))
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_DOMAINS, strings.Join(config.Config.Tap.Auth.ApprovedDomains, ","))
+	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_TENANTS, strings.Join(config.Config.Tap.Auth.ApprovedTenants, ","))
 }

config/configStruct.go

@@ -10,7 +10,7 @@ import (
 )
 
 const (
-	KubeConfigPathConfigName = "kube-configpath"
+	KubeConfigPathConfigName = "kube-configPath"
 )
 
 func CreateDefaultConfig() ConfigStruct {
@@ -32,7 +32,7 @@ func CreateDefaultConfig() ConfigStruct {
 }
 
 type KubeConfig struct {
-	ConfigPathStr string `yaml:"configpath" json:"configpath"`
+	ConfigPathStr string `yaml:"configPath" json:"configPath"`
 	Context       string `yaml:"context" json:"context"`
 }
 
@@ -45,7 +45,7 @@ type ConfigStruct struct {
 	Logs         configStructs.LogsConfig      `yaml:"logs" json:"logs"`
 	Config       configStructs.ConfigConfig    `yaml:"config,omitempty" json:"config,omitempty"`
 	Kube         KubeConfig                    `yaml:"kube" json:"kube"`
-	DumpLogs     bool                          `yaml:"dumplogs" json:"dumplogs" default:"false"`
+	DumpLogs     bool                          `yaml:"dumpLogs" json:"dumpLogs" default:"false"`
 	HeadlessMode bool                          `yaml:"headless" json:"headless" default:"false"`
 	License      string                        `yaml:"license" json:"license" default:""`
 	Scripting    configStructs.ScriptingConfig `yaml:"scripting" json:"scripting"`

config/configStructs/scriptingConfig.go

@@ -12,7 +12,7 @@ import (
 type ScriptingConfig struct {
 	Env          map[string]interface{} `yaml:"env" json:"env" default:"{}"`
 	Source       string                 `yaml:"source" json:"source" default:""`
-	WatchScripts bool                   `yaml:"watchscripts" json:"watchscripts" default:"true"`
+	WatchScripts bool                   `yaml:"watchScripts" json:"watchScripts" default:"true"`
 }
 
 func (config *ScriptingConfig) GetScripts() (scripts []*misc.Script, err error) {

config/configStructs/tapConfig.go

@@ -11,21 +11,21 @@ import (
 const (
 	DockerRegistryLabel    = "docker-registry"
 	DockerTagLabel         = "docker-tag"
-	DockerImagePullPolicy  = "docker-imagepullpolicy"
-	DockerImagePullSecrets = "docker-imagepullsecrets"
+	DockerImagePullPolicy  = "docker-imagePullPolicy"
+	DockerImagePullSecrets = "docker-imagePullSecrets"
 	ProxyFrontPortLabel    = "proxy-front-port"
 	ProxyHubPortLabel      = "proxy-hub-port"
 	ProxyHostLabel         = "proxy-host"
 	NamespacesLabel        = "namespaces"
 	ReleaseNamespaceLabel  = "release-namespace"
-	PersistentStorageLabel = "persistentstorage"
-	StorageLimitLabel      = "storagelimit"
-	StorageClassLabel      = "storageclass"
-	DryRunLabel            = "dryrun"
+	PersistentStorageLabel = "persistentStorage"
+	StorageLimitLabel      = "storageLimit"
+	StorageClassLabel      = "storageClass"
+	DryRunLabel            = "dryRun"
 	PcapLabel              = "pcap"
-	ServiceMeshLabel       = "servicemesh"
+	ServiceMeshLabel       = "serviceMesh"
 	TlsLabel               = "tls"
-	IgnoreTaintedLabel     = "ignoretainted"
+	IgnoreTaintedLabel     = "ignoreTainted"
 	IngressEnabledLabel    = "ingress-enabled"
 	TelemetryEnabledLabel  = "telemetry-enabled"
 	DebugLabel             = "debug"
@@ -49,12 +49,12 @@ type ResourceRequirements struct {
 }
 
 type WorkerConfig struct {
-	SrvPort uint16 `yaml:"srvport" json:"srvport" default:"8897"`
+	SrvPort uint16 `yaml:"srvPort" json:"srvPort" default:"8897"`
 }
 
 type HubConfig struct {
 	Port    uint16 `yaml:"port" json:"port" default:"8898"`
-	SrvPort uint16 `yaml:"srvport" json:"srvport" default:"8898"`
+	SrvPort uint16 `yaml:"srvPort" json:"srvPort" default:"8898"`
 }
 
 type FrontConfig struct {
@@ -71,8 +71,8 @@ type ProxyConfig struct {
 type DockerConfig struct {
 	Registry         string   `yaml:"registry" json:"registry" default:"docker.io/kubeshark"`
 	Tag              string   `yaml:"tag" json:"tag" default:""`
-	ImagePullPolicy  string   `yaml:"imagepullpolicy" json:"imagepullpolicy" default:"Always"`
-	ImagePullSecrets []string `yaml:"imagepullsecrets" json:"imagepullsecrets"`
+	ImagePullPolicy  string   `yaml:"imagePullPolicy" json:"imagePullPolicy" default:"Always"`
+	ImagePullSecrets []string `yaml:"imagePullSecrets" json:"imagePullSecrets"`
 }
 
 type ResourcesConfig struct {
@@ -82,13 +82,14 @@ type ResourcesConfig struct {
 
 type AuthConfig struct {
 	Enabled         bool     `yaml:"enabled" json:"enabled" default:"false"`
-	ApprovedEmails  []string `yaml:"approvedemails" json:"approvedemails"  default:"[]"`
-	ApprovedDomains []string `yaml:"approveddomains" json:"approveddomains"  default:"[]"`
+	ApprovedEmails  []string `yaml:"approvedEmails" json:"approvedEmails"  default:"[]"`
+	ApprovedDomains []string `yaml:"approvedDomains" json:"approvedDomains"  default:"[]"`
+	ApprovedTenants []string `yaml:"approvedTenants" json:"approvedTenants"  default:"[]"`
 }
 
 type IngressConfig struct {
 	Enabled     bool                    `yaml:"enabled" json:"enabled" default:"false"`
-	ClassName   string                  `yaml:"classname" json:"classname" default:""`
+	ClassName   string                  `yaml:"className" json:"className" default:""`
 	Host        string                  `yaml:"host" json:"host" default:"ks.svc.cluster.local"`
 	TLS         []networking.IngressTLS `yaml:"tls" json:"tls" default:"[]"`
 	Annotations map[string]string       `yaml:"annotations" json:"annotations" default:"{}"`
@@ -110,23 +111,23 @@ type TapConfig struct {
 	PodRegexStr       string                `yaml:"regex" json:"regex" default:".*"`
 	Namespaces        []string              `yaml:"namespaces" json:"namespaces" default:"[]"`
 	Release           ReleaseConfig         `yaml:"release" json:"release"`
-	PersistentStorage bool                  `yaml:"persistentstorage" json:"persistentstorage" default:"false"`
-	StorageLimit      string                `yaml:"storagelimit" json:"storagelimit" default:"500Mi"`
-	StorageClass      string                `yaml:"storageclass" json:"storageclass" default:"standard"`
-	DryRun            bool                  `yaml:"dryrun" json:"dryrun" default:"false"`
+	PersistentStorage bool                  `yaml:"persistentStorage" json:"persistentStorage" default:"false"`
+	StorageLimit      string                `yaml:"storageLimit" json:"storageLimit" default:"500Mi"`
+	StorageClass      string                `yaml:"storageClass" json:"storageClass" default:"standard"`
+	DryRun            bool                  `yaml:"dryRun" json:"dryRun" default:"false"`
 	Pcap              string                `yaml:"pcap" json:"pcap" default:""`
 	Resources         ResourcesConfig       `yaml:"resources" json:"resources"`
-	ServiceMesh       bool                  `yaml:"servicemesh" json:"servicemesh" default:"true"`
+	ServiceMesh       bool                  `yaml:"serviceMesh" json:"serviceMesh" default:"true"`
 	Tls               bool                  `yaml:"tls" json:"tls" default:"true"`
-	IgnoreTainted     bool                  `yaml:"ignoretainted" json:"ignoretainted" default:"false"`
+	IgnoreTainted     bool                  `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"`
 	Labels            map[string]string     `yaml:"labels" json:"labels" default:"{}"`
 	Annotations       map[string]string     `yaml:"annotations" json:"annotations" default:"{}"`
-	NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeselectorterms" json:"nodeselectorterms" default:"[]"`
+	NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"`
 	Auth              AuthConfig            `yaml:"auth" json:"auth"`
 	Ingress           IngressConfig         `yaml:"ingress" json:"ingress"`
 	IPv6              bool                  `yaml:"ipv6" json:"ipv6" default:"true"`
 	Debug             bool                  `yaml:"debug" json:"debug" default:"false"`
-	NoKernelModule    bool                  `yaml:"nokernelmodule" json:"nokernelmodule" default:"false"`
+	NoKernelModule    bool                  `yaml:"noKernelModule" json:"noKernelModule" default:"false"`
 	Telemetry         TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
 }
 

helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kubeshark
-version: "51.0.14"
+version: "51.0.27"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.co
 keywords:

helm-chart/README.md

@@ -62,12 +62,13 @@ Set this `value.yaml`:
 tap:
   auth:
     enabled: true
-    approvedemails:
+    approvedEmails:
     - john.doe@example.com
-    approveddomains: []
+    approvedDomains: []
+    approvedTenants: []
   ingress:
     enabled: true
-    classname: "alb"
+    className: "alb"
     host: ks.example.com
     tls: []
     annotations:
@@ -91,7 +92,7 @@ Get your license from Kubeshark's [Admin Console](https://console.kubeshark.co/)
 For example, change from the default 500Mi to 1Gi:
 
 ```shell
---set tap.storagelimit=1Gi
+--set tap.storageLimit=1Gi
 ```
  
 ## Disabling IPV6
@@ -111,19 +112,19 @@ helm install kubeshark kubeshark/kubeshark \
 | `tap.docker.tag`                          | Tag of the Docker images                              | `latest`                                                |
 | `tap.docker.imagePullPolicy`              | Kubernetes image pull policy                  | `Always`                                                |
 | `tap.docker.imagePullSecrets`             | Kubernetes secrets to pull the images      | `[]`                                                    |
-| `tap.proxy.worker.srvport`                | Worker server port                           | `8897`                                                  |
+| `tap.proxy.worker.srvPort`                | Worker server port                           | `8897`                                                  |
 | `tap.proxy.hub.port`                      | Hub service port                              | `8898`                                                  |
-| `tap.proxy.hub.srvport`                   | Hub server port                   | `8898`                                                  |
+| `tap.proxy.hub.srvPort`                   | Hub server port                   | `8898`                                                  |
 | `tap.proxy.front.port`                    | Front-facing service port                     | `8899`                                                  |
 | `tap.proxy.host`                          | Proxy server's IP                                   | `127.0.0.1`                                             |
 | `tap.namespaces`                          | List of namespaces for the traffic capture                 | `[]`                                                    |
 | `tap.release.repo`                        | URL of the Helm chart repository             | `https://helm.kubeshark.co`                             |
 | `tap.release.name`                        | Helm release name                          | `kubeshark`                                             |
 | `tap.release.namespace`                   | Helm release namespace                | `default`                                               |
-| `tap.persistentstorage`                   | Use `persistentVolumeClaim` instead of `emptyDir` | `false`                                                |
-| `tap.storagelimit`                        | Limit of either the `emptyDir` or `persistentVolumeClaim`                  | `500Mi`                                                 |
-| `tap.storageclass`                        | Storage class of the `PersistentVolumeClaim`          | `standard`                                              |
-| `tap.dryrun`                              | Preview of all pods matching the regex, without tapping them                    | `false`                                                 |
+| `tap.persistentStorage`                   | Use `persistentVolumeClaim` instead of `emptyDir` | `false`                                                |
+| `tap.storageLimit`                        | Limit of either the `emptyDir` or `persistentVolumeClaim`                  | `500Mi`                                                 |
+| `tap.storageClass`                        | Storage class of the `PersistentVolumeClaim`          | `standard`                                              |
+| `tap.dryRun`                              | Preview of all pods matching the regex, without tapping them                    | `false`                                                 |
 | `tap.pcap`                                |                                               | `""`                                                    |
 | `tap.resources.worker.limits.cpu`         | CPU limit for worker                          | `750m`                                                  |
 | `tap.resources.worker.limits.memory`      | Memory limit for worker                       | `1Gi`                                                   |
@@ -133,30 +134,30 @@ helm install kubeshark kubeshark/kubeshark \
 | `tap.resources.hub.limits.memory`         | Memory limit for hub                          | `1Gi`                                                   |
 | `tap.resources.hub.requests.cpu`          | CPU request for hub                           | `50m`                                                   |
 | `tap.resources.hub.requests.memory`       | Memory request for hub                        | `50Mi`                                                  |
-| `tap.servicemesh`                         | Capture traffic from service meshes like Istio, Linkerd, Consul, etc.          | `true`                                                  |
+| `tap.serviceMesh`                         | Capture traffic from service meshes like Istio, Linkerd, Consul, etc.          | `true`                                                  |
 | `tap.tls`                                 | Capture the encrypted/TLS traffic from cryptography libraries like OpenSSL                         | `true`                                                  |
-| `tap.ignoretainted`                       | Whether to ignore tainted nodes               | `false`                                                 |
+| `tap.ignoreTainted`                       | Whether to ignore tainted nodes               | `false`                                                 |
 | `tap.labels`                              | Kubernetes labels to apply to all Kubeshark resources  | `{}`                                                    |
 | `tap.annotations`                         | Kubernetes annotations to apply to all Kubeshark resources | `{}`                                                |
-| `tap.nodeselectorterms`                   | Node selector terms                           | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` |
+| `tap.nodeSelectorTerms`                   | Node selector terms                           | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` |
 | `tap.auth.enabled`                        | Enable authentication                         | `false`                                                 |
-| `tap.auth.approvedemails`                 | List of approved email addresses for authentication              | `[]`                                                    |
-| `tap.auth.approveddomains`                | List of approved email domains for authentication                | `[]`                                                    |
+| `tap.auth.approvedEmails`                 | List of approved email addresses for authentication              | `[]`                                                    |
+| `tap.auth.approvedDomains`                | List of approved email domains for authentication                | `[]`                                                    |
 | `tap.ingress.enabled`                     | Enable `Ingress`                                | `false`                                                 |
-| `tap.ingress.classname`                   | Ingress class name                            | `""`                                                    |
+| `tap.ingress.className`                   | Ingress class name                            | `""`                                                    |
 | `tap.ingress.host`                        | Host of the `Ingress`                          | `ks.svc.cluster.local`                                  |
 | `tap.ingress.tls`                         | `Ingress` TLS configuration                     | `[]`                                                    |
 | `tap.ingress.annotations`                 | `Ingress` annotations                           | `{}`                                                    |
 | `tap.ipv6`                                | Enable IPv6 support for the front-end                        | `true`                                                  |
 | `tap.debug`                               | Enable debug mode                             | `false`                                                 |
-| `tap.nokernelmodule`                      | Do not install `PF_RING` kernel module       | `false`                                                 |
+| `tap.noKernelModule`                      | Do not install `PF_RING` kernel module       | `false`                                                 |
 | `tap.telemetry.enabled`                   | Enable anonymous usage statistics collection           | `true`                                                  |
 | `logs.file`                               | Logs dump path                      | `""`                                                    |
-| `kube.configpath`                         | Path to the `kubeconfig` file (`$HOME/.kube/config`)            | `""`                                                    |
+| `kube.configPath`                         | Path to the `kubeconfig` file (`$HOME/.kube/config`)            | `""`                                                    |
 | `kube.context`                            | Kubernetes context to use for the deployment  | `""`                                                    |
-| `dumplogs`                                | Enable dumping of logs         | `false`                                                 |
+| `dumpLogs`                                | Enable dumping of logs         | `false`                                                 |
 | `headless`                                | Enable running in headless mode               | `false`                                                 |
 | `license`                                 | License key for the Pro/Enterprise edition    | `""`                                                    |
 | `scripting.env`                           | Environment variables for the scripting      | `{}`                                                    |
 | `scripting.source`                        | Source directory of the scripts                | `""`                                                    |
-| `scripting.watchscripts`                  | Enable watch mode for the scripts in source directory          | `true`                                                  |
+| `scripting.watchScripts`                  | Enable watch mode for the scripts in source directory          | `true`                                                  |

helm-chart/templates/04-hub-deployment.yaml

@@ -9,7 +9,7 @@ metadata:
   {{- if .Values.tap.annotations }}
     {{- toYaml .Values.tap.annotations | nindent 4 }}
   {{- end }}
-  name: {{ include "kubeshark.fullname" . }}-hub
+  name: {{ include "kubeshark.name" . }}-hub
   namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1  # Set the desired number of replicas
@@ -41,13 +41,8 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
-          envFrom:
-            - configMapRef:
-                name: kubeshark-config-map
-            - secretRef:
-                name: kubeshark-secret
           image: '{{ .Values.tap.docker.registry }}/hub:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
-          imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
+          imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           readinessProbe:
             periodSeconds: 1
             failureThreshold: 3

helm-chart/templates/06-front-deployment.yaml

@@ -8,7 +8,7 @@ metadata:
   {{- if .Values.tap.annotations }}
     {{- toYaml .Values.tap.annotations | nindent 4 }}
   {{- end }}
-  name: {{ include "kubeshark.fullname" . }}-front
+  name: {{ include "kubeshark.name" . }}-front
   namespace: {{ .Release.Namespace }}
 spec:
   replicas: 1  # Set the desired number of replicas
@@ -30,8 +30,10 @@ spec:
               value: ' '
             - name: REACT_APP_HUB_PORT
               value: '{{ .Values.tap.ingress.enabled | ternary "/api" (print ":" .Values.tap.proxy.front.port "/api") }}'
+            - name: REACT_APP_AUTH_ENABLED
+              value: '{{ .Values.tap.auth.enabled }}'
           image: '{{ .Values.tap.docker.registry }}/front:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
-          imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
+          imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           name: kubeshark-front
           livenessProbe:
             periodSeconds: 1

helm-chart/templates/08-persistent-volume-claim.yaml

@@ -1,5 +1,5 @@
 ---
-{{- if .Values.tap.persistentstorage }}
+{{- if .Values.tap.persistentStorage }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -16,7 +16,7 @@ spec:
     - ReadWriteMany
   resources:
     requests:
-      storage: {{ .Values.tap.storagelimit }}
-  storageClassName: {{ .Values.tap.storageclass }}
+      storage: {{ .Values.tap.storageLimit }}
+  storageClassName: {{ .Values.tap.storageClass }}
 status: {}
 {{- end }}

helm-chart/templates/09-worker-daemon-set.yaml

@@ -31,8 +31,8 @@ spec:
             - -i
             - any
             - -port
-            - '{{ .Values.tap.proxy.worker.srvport }}'
-          {{- if .Values.tap.servicemesh }}
+            - '{{ .Values.tap.proxy.worker.srvPort }}'
+          {{- if .Values.tap.serviceMesh }}
             - -servicemesh
           {{- end }}
             - -procfs
@@ -40,11 +40,11 @@ spec:
           {{- if .Values.tap.debug }}
             - -debug
           {{- end }}
-          {{- if .Values.tap.nokernelmodule }}
+          {{- if .Values.tap.noKernelModule }}
             - -no-kernel-module
           {{- end }}
           image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
-          imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
+          imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           name: sniffer
           env:
           - name: POD_NAME
@@ -55,9 +55,6 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
-          envFrom:
-            - secretRef:
-                name: kubeshark-secret
           resources:
             limits:
               cpu: {{ .Values.tap.resources.worker.limits.cpu }}
@@ -74,6 +71,7 @@ spec:
                 - SYS_PTRACE
                 - DAC_OVERRIDE
                 - SYS_MODULE
+                - CHECKPOINT_RESTORE
               drop:
                 - ALL
           readinessProbe:
@@ -82,14 +80,14 @@ spec:
             successThreshold: 1
             initialDelaySeconds: 5
             tcpSocket:
-              port: {{ .Values.tap.proxy.worker.srvport }}
+              port: {{ .Values.tap.proxy.worker.srvPort }}
           livenessProbe:
             periodSeconds: 1
             failureThreshold: 3
             successThreshold: 1
             initialDelaySeconds: 5
             tcpSocket:
-              port: {{ .Values.tap.proxy.worker.srvport }}
+              port: {{ .Values.tap.proxy.worker.srvPort }}
           volumeMounts:
             - mountPath: /hostproc
               name: proc
@@ -108,7 +106,7 @@ spec:
             - -debug
           {{- end }}
           image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
-          imagePullPolicy: {{ .Values.tap.docker.imagepullpolicy }}
+          imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           name: tracer
           env:
           - name: POD_NAME
@@ -119,9 +117,6 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
-          envFrom:
-            - secretRef:
-                name: kubeshark-secret
           securityContext:
             capabilities:
               add:
@@ -131,6 +126,7 @@ spec:
                 - SYS_PTRACE
                 - DAC_OVERRIDE
                 - SYS_RESOURCE
+                - CHECKPOINT_RESTORE
               drop:
                 - ALL
           volumeMounts:
@@ -150,16 +146,16 @@ spec:
       tolerations:
         - effect: NoExecute
           operator: Exists
-{{- if not .Values.tap.ignoretainted }}
+{{- if not .Values.tap.ignoreTainted }}
         - effect: NoSchedule
           operator: Exists
 {{- end }}
-{{- if gt (len .Values.tap.nodeselectorterms) 0}}
+{{- if gt (len .Values.tap.nodeSelectorTerms) 0}}
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
-              {{- toYaml .Values.tap.nodeselectorterms | nindent 12 }}
+              {{- toYaml .Values.tap.nodeSelectorTerms | nindent 12 }}
 {{- end }}
       volumes:
         - hostPath:
@@ -169,10 +165,10 @@ spec:
             path: /sys
           name: sys
         - name: data
-{{- if .Values.tap.persistentstorage }}
+{{- if .Values.tap.persistentStorage }}
           persistentVolumeClaim:
             claimName: kubeshark-persistent-volume-claim
 {{- else }}
           emptyDir:
-            sizeLimit: {{ .Values.tap.storagelimit }}
+            sizeLimit: {{ .Values.tap.storageLimit }}
 {{- end }}

helm-chart/templates/10-ingress.yaml

@@ -16,8 +16,8 @@ metadata:
   name: kubeshark-ingress
   namespace: {{ .Release.Namespace }}
 spec:
-  {{- if .Values.tap.ingress.classname }}
-  ingressClassName: {{ .Values.tap.ingress.classname }}
+  {{- if .Values.tap.ingress.className }}
+  ingressClassName: {{ .Values.tap.ingress.className }}
   {{- end }}
   rules:
     - host: {{ .Values.tap.ingress.host }}

helm-chart/templates/12-config-map.yaml

@@ -12,6 +12,7 @@ data:
     SCRIPTING_ENV: '{{ .Values.scripting.env | toJson }}'
     SCRIPTING_SCRIPTS: '{}'
     AUTH_ENABLED: '{{ .Values.tap.auth.enabled | ternary "true" "" }}'
-    AUTH_APPROVED_EMAILS: '{{ gt (len .Values.tap.auth.approvedemails) 0 | ternary (join "," .Values.tap.auth.approvedemails) "" }}'
-    AUTH_APPROVED_DOMAINS: '{{ gt (len .Values.tap.auth.approveddomains) 0 | ternary (join "," .Values.tap.auth.approveddomains) "" }}'
+    AUTH_APPROVED_EMAILS: '{{ gt (len .Values.tap.auth.approvedEmails) 0 | ternary (join "," .Values.tap.auth.approvedEmails) "" }}'
+    AUTH_APPROVED_DOMAINS: '{{ gt (len .Values.tap.auth.approvedDomains) 0 | ternary (join "," .Values.tap.auth.approvedDomains) "" }}'
+    AUTH_APPROVED_TENANTS: '{{ gt (len .Values.tap.auth.approvedTenants) 0 | ternary (join "," .Values.tap.auth.approvedTenants) "" }}'
     TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}'

helm-chart/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 Expand the name of the chart.
 */}}
 {{- define "kubeshark.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
@@ -11,16 +11,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "kubeshark.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
+{{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
@@ -38,9 +29,6 @@ helm.sh/chart: {{ include "kubeshark.chart" . }}
 {{ include "kubeshark.selectorLabels" . }}
 app.kubernetes.io/version: {{ .Chart.Version | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- with .Values.additionalLabels }}
-{{ toYaml . }}
-{{- end }}
 {{- if .Values.tap.labels }}
 {{ toYaml .Values.tap.labels }}
 {{- end }}
@@ -58,9 +46,5 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 Create the name of the service account to use
 */}}
 {{- define "kubeshark.serviceAccountName" -}}
-{{- if and .Values.serviceAccount .Values.serviceAccount.create }}
-{{- default (include "kubeshark.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
 {{- printf "%s-service-account" .Release.Name }}
 {{- end }}
-{{- end }}

helm-chart/values.yaml

@@ -2,14 +2,14 @@ tap:
   docker:
     registry: docker.io/kubeshark
     tag: ""
-    imagepullpolicy: Always
-    imagepullsecrets: []
+    imagePullPolicy: Always
+    imagePullSecrets: []
   proxy:
     worker:
-      srvport: 8897
+      srvPort: 8897
     hub:
       port: 8898
-      srvport: 8898
+      srvPort: 8898
     front:
       port: 8899
     host: 127.0.0.1
@@ -19,10 +19,10 @@ tap:
     repo: https://helm.kubeshark.co
     name: kubeshark
     namespace: default
-  persistentstorage: false
-  storagelimit: 500Mi
-  storageclass: standard
-  dryrun: false
+  persistentStorage: false
+  storageLimit: 500Mi
+  storageClass: standard
+  dryRun: false
   pcap: ""
   resources:
     worker:
@@ -39,12 +39,12 @@ tap:
       requests:
         cpu: 50m
         memory: 50Mi
-  servicemesh: true
+  serviceMesh: true
   tls: true
-  ignoretainted: false
+  ignoreTainted: false
   labels: {}
   annotations: {}
-  nodeselectorterms:
+  nodeSelectorTerms:
   - matchExpressions:
     - key: kubernetes.io/os
       operator: In
@@ -52,28 +52,29 @@ tap:
       - linux
   auth:
     enabled: false
-    approvedemails: []
-    approveddomains: []
+    approvedEmails: []
+    approvedDomains: []
+    approvedTenants: []
   ingress:
     enabled: false
-    classname: ""
+    className: ""
     host: ks.svc.cluster.local
     tls: []
     annotations: {}
   ipv6: true
   debug: false
-  nokernelmodule: false
+  noKernelModule: false
   telemetry:
     enabled: true
 logs:
   file: ""
 kube:
-  configpath: ""
+  configPath: ""
   context: ""
-dumplogs: false
+dumpLogs: false
 headless: false
 license: ""
 scripting:
   env: {}
   source: ""
-  watchscripts: true
+  watchScripts: true

internal/connect/hub.go

@@ -121,11 +121,21 @@ func (connector *Connector) PostLicense(license string) {
 	}
 }
 
+type postScriptRequest struct {
+	Title string `json:"title"`
+	Code  string `json:"code"`
+}
+
 func (connector *Connector) PostScript(script *misc.Script) (index int64, err error) {
 	postScriptUrl := fmt.Sprintf("%s/scripts", connector.url)
 
+	payload := postScriptRequest{
+		Title: script.Title,
+		Code:  script.Code,
+	}
+
 	var scriptMarshalled []byte
-	if scriptMarshalled, err = json.Marshal(script); err != nil {
+	if scriptMarshalled, err = json.Marshal(payload); err != nil {
 		log.Error().Err(err).Msg("Failed to marshal the script:")
 	} else {
 		ok := false

kubernetes/config.go

@@ -19,6 +19,7 @@ const (
 	CONFIG_AUTH_ENABLED          = "AUTH_ENABLED"
 	CONFIG_AUTH_APPROVED_EMAILS  = "AUTH_APPROVED_EMAILS"
 	CONFIG_AUTH_APPROVED_DOMAINS = "AUTH_APPROVED_DOMAINS"
+	CONFIG_AUTH_APPROVED_TENANTS = "AUTH_APPROVED_TENANTS"
 )
 
 func SetSecret(provider *Provider, key string, value string) (updated bool, err error) {

kubernetes/proxy.go

@@ -73,7 +73,7 @@ func GetProxyOnPort(port uint16) string {
 }
 
 func GetHubUrl() string {
-	return fmt.Sprintf("%s/api", GetProxyOnPort(config.Config.Tap.Proxy.Hub.Port))
+	return fmt.Sprintf("%s/api", GetProxyOnPort(config.Config.Tap.Proxy.Front.Port))
 }
 
 func getRerouteHttpHandlerSelfAPI(proxyHandler http.Handler, selfNamespace string, selfServiceName string) http.Handler {

manifests/complete.yaml

@@ -4,10 +4,10 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
-    helm.sh/chart: kubeshark-51.0.14
+    helm.sh/chart: kubeshark-51.0.18
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.14"
+    app.kubernetes.io/version: "51.0.18"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-service-account
@@ -21,10 +21,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-51.0.14
+    helm.sh/chart: kubeshark-51.0.18
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.14"
+    app.kubernetes.io/version: "51.0.18"
     app.kubernetes.io/managed-by: Helm
 stringData:
     LICENSE: ''
@@ -36,10 +36,10 @@ metadata:
   name: kubeshark-nginx-config-map
   namespace: default
   labels:
-    helm.sh/chart: kubeshark-51.0.14
+    helm.sh/chart: kubeshark-51.0.18
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.14"
+    app.kubernetes.io/version: "51.0.18"
     app.kubernetes.io/managed-by: Helm
 data:
   default.conf: |
@@ -85,10 +85,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-51.0.14
+    helm.sh/chart: kubeshark-51.0.18
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.14"
+    app.kubernetes.io/version: "51.0.18"
     app.kubernetes.io/managed-by: Helm
 data:
     POD_REGEX: '.*'
@@ -98,6 +98,7 @@ data:
     AUTH_ENABLED: ''
     AUTH_APPROVED_EMAILS: ''
     AUTH_APPROVED_DOMAINS: ''
+    AUTH_APPROVED_TENANTS: ''
     TELEMETRY_DISABLED: ''
 ---
 # Source: kubeshark/templates/02-cluster-role.yaml
@@ -105,10 +106,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    helm.sh/chart: kubeshark-51.0.14
+    helm.sh/chart: kubeshark-51.0.18
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.14"
+    app.kubernetes.io/version: "51.0.18"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-cluster-role
@@ -133,10 +134,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-51.0.14
+    helm.sh/chart: kubeshark-51.0.18
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.14"
+    app.kubernetes.io/version: "51.0.18"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-cluster-role-binding
@@ -155,10 +156,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   labels:
-    helm.sh/chart: kubeshark-51.0.14
+    helm.sh/chart: kubeshark-51.0.18
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.14"
+    app.kubernetes.io/version: "51.0.18"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role
@@ -183,10 +184,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-51.0.14
+    helm.sh/chart: kubeshark-51.0.18
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.14"
+    app.kubernetes.io/version: "51.0.18"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role-binding
@@ -206,10 +207,10 @@ kind: Service
 metadata:
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-51.0.14
+    helm.sh/chart: kubeshark-51.0.18
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.14"
+    app.kubernetes.io/version: "51.0.18"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub
@@ -228,10 +229,10 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    helm.sh/chart: kubeshark-51.0.14
+    helm.sh/chart: kubeshark-51.0.18
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.14"
+    app.kubernetes.io/version: "51.0.18"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front
@@ -252,10 +253,10 @@ metadata:
   labels:
     app.kubeshark.co/app: worker
     sidecar.istio.io/inject: "false"
-    helm.sh/chart: kubeshark-51.0.14
+    helm.sh/chart: kubeshark-51.0.18
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.14"
+    app.kubernetes.io/version: "51.0.18"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-worker-daemon-set
@@ -264,19 +265,19 @@ spec:
   selector:
     matchLabels:
       app.kubeshark.co/app: worker
-      helm.sh/chart: kubeshark-51.0.14
+      helm.sh/chart: kubeshark-51.0.18
       app.kubernetes.io/name: kubeshark
       app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "51.0.14"
+      app.kubernetes.io/version: "51.0.18"
       app.kubernetes.io/managed-by: Helm
   template:
     metadata:
       labels:
         app.kubeshark.co/app: worker
-        helm.sh/chart: kubeshark-51.0.14
+        helm.sh/chart: kubeshark-51.0.18
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "51.0.14"
+        app.kubernetes.io/version: "51.0.18"
         app.kubernetes.io/managed-by: Helm
       name: kubeshark-worker-daemon-set
       namespace: kubeshark
@@ -291,7 +292,7 @@ spec:
             - -servicemesh
             - -procfs
             - /hostproc
-          image: 'docker.io/kubeshark/worker:v51.0.14'
+          image: 'docker.io/kubeshark/worker:v51.0.18'
           imagePullPolicy: Always
           name: sniffer
           env:
@@ -303,9 +304,6 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
-          envFrom:
-            - secretRef:
-                name: kubeshark-secret
           resources:
             limits:
               cpu: 750m
@@ -351,7 +349,7 @@ spec:
             - ./tracer
             - -procfs
             - /hostproc
-          image: 'docker.io/kubeshark/worker:v51.0.14'
+          image: 'docker.io/kubeshark/worker:v51.0.18'
           imagePullPolicy: Always
           name: tracer
           env:
@@ -363,9 +361,6 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
-          envFrom:
-            - secretRef:
-                name: kubeshark-secret
           securityContext:
             capabilities:
               add:
@@ -421,10 +416,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-51.0.14
+    helm.sh/chart: kubeshark-51.0.18
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.14"
+    app.kubernetes.io/version: "51.0.18"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub
@@ -434,19 +429,19 @@ spec:
   selector:
     matchLabels:
       app.kubeshark.co/app: hub
-      helm.sh/chart: kubeshark-51.0.14
+      helm.sh/chart: kubeshark-51.0.18
       app.kubernetes.io/name: kubeshark
       app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "51.0.14"
+      app.kubernetes.io/version: "51.0.18"
       app.kubernetes.io/managed-by: Helm
   template:
     metadata:
       labels:
         app.kubeshark.co/app: hub
-        helm.sh/chart: kubeshark-51.0.14
+        helm.sh/chart: kubeshark-51.0.18
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "51.0.14"
+        app.kubernetes.io/version: "51.0.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       dnsPolicy: ClusterFirstWithHostNet
@@ -464,12 +459,7 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
-          envFrom:
-            - configMapRef:
-                name: kubeshark-config-map
-            - secretRef:
-                name: kubeshark-secret
-          image: 'docker.io/kubeshark/hub:v51.0.14'
+          image: 'docker.io/kubeshark/hub:v51.0.18'
           imagePullPolicy: Always
           readinessProbe:
             periodSeconds: 1
@@ -499,10 +489,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.co/app: front
-    helm.sh/chart: kubeshark-51.0.14
+    helm.sh/chart: kubeshark-51.0.18
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.14"
+    app.kubernetes.io/version: "51.0.18"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front
@@ -512,19 +502,19 @@ spec:
   selector:
     matchLabels:
       app.kubeshark.co/app: front
-      helm.sh/chart: kubeshark-51.0.14
+      helm.sh/chart: kubeshark-51.0.18
       app.kubernetes.io/name: kubeshark
       app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "51.0.14"
+      app.kubernetes.io/version: "51.0.18"
       app.kubernetes.io/managed-by: Helm
   template:
     metadata:
       labels:
         app.kubeshark.co/app: front
-        helm.sh/chart: kubeshark-51.0.14
+        helm.sh/chart: kubeshark-51.0.18
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "51.0.14"
+        app.kubernetes.io/version: "51.0.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       containers:
@@ -535,7 +525,9 @@ spec:
               value: ' '
             - name: REACT_APP_HUB_PORT
               value: ':8899/api'
-          image: 'docker.io/kubeshark/front:v51.0.14'
+            - name: REACT_APP_AUTH_ENABLED
+              value: 'false'
+          image: 'docker.io/kubeshark/front:v51.0.18'
           imagePullPolicy: Always
           name: kubeshark-front
           livenessProbe: