🔖 Bump the Helm chart version to 52.1.66

Update README.md
Add homebrew core version update release step (#1511 )
2026-02-19 20:40:17 +00:00 · 2024-03-06 00:12:02 +03:00 · 2024-03-03 20:45:44 +02:00 · 2024-02-29 23:32:52 +02:00 · 2024-02-29 01:53:32 +03:00 · 2024-02-29 01:45:41 +03:00
32 changed files with 1165 additions and 300 deletions
--- a/.github/static/kubeshark.rb.tmpl
+++ b/.github/static/kubeshark.rb.tmpl
@@ -0,0 +1,46 @@
+# typed: false
+# frozen_string_literal: true
+
+class Kubeshark < Formula
+  desc ""
+  homepage "https://github.com/kubeshark/kubeshark"
+  version "${CLEAN_VERSION}"
+
+  on_macos do
+    if Hardware::CPU.arm?
+      url "https://github.com/kubeshark/kubeshark/releases/download/${FULL_VERSION}/kubeshark_darwin_arm64"
+      sha256 "${DARWIN_ARM64_SHA256}"
+
+      def install
+        bin.install "kubeshark_darwin_arm64" => "kubeshark"
+      end
+    end
+    if Hardware::CPU.intel?
+      url "https://github.com/kubeshark/kubeshark/releases/download/${FULL_VERSION}/kubeshark_darwin_amd64"
+      sha256 "${DARWIN_AMD64_SHA256}"
+
+      def install
+        bin.install "kubeshark_darwin_amd64" => "kubeshark"
+      end
+    end
+  end
+
+  on_linux do
+    if Hardware::CPU.intel?
+      url "https://github.com/kubeshark/kubeshark/releases/download/${FULL_VERSION}/kubeshark_linux_amd64"
+      sha256 "${LINUX_AMD64_SHA256}"
+
+      def install
+        bin.install "kubeshark_linux_amd64" => "kubeshark"
+      end
+    end
+    if Hardware::CPU.arm? && Hardware::CPU.is_64_bit?
+      url "https://github.com/kubeshark/kubeshark/releases/download/${FULL_VERSION}/kubeshark_linux_arm64"
+      sha256 "${LINUX_ARM64_SHA256}"
+
+      def install
+        bin.install "kubeshark_linux_arm64" => "kubeshark"
+      end
+    end
+  end
+end
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -47,44 +47,43 @@ jobs:
          token: ${{ secrets.GITHUB_TOKEN }}
          artifacts: "bin/*"
          tag: ${{ steps.version.outputs.tag }}
-          prerelease: true
+          prerelease: false
          bodyFile: 'bin/README.md'

-  brew-tap:
-    name: Create Homebrew formulae
-    runs-on: ubuntu-latest
-    needs: [release]
-    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
+          repository: kubeshark/homebrew-kubeshark
+          token: ${{ secrets.HOMEBREW_TOKEN }}
+          path: homebrew-kubeshark

-      - name: Version
-        id: version
+      - name: Bump core homebrew formula
+        uses: mislav/bump-homebrew-formula-action@v3
+        with:
+          # A PR will be sent to github.com/Homebrew/homebrew-core to update this formula:
+          formula-name: kubeshark
+        env:
+          COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }}
+
+      - name: Generate Homebrew formulae
        shell: bash
        run: |
-          {
-            echo "tag=${GITHUB_REF#refs/*/}"
-            echo "build_timestamp=$(date +%s)"
-            echo "branch=${GITHUB_REF#refs/heads/}"
-          } >> "$GITHUB_OUTPUT"
+          export FULL_VERSION=${{ steps.version.outputs.tag }}
+          export CLEAN_VERSION=$(echo $FULL_VERSION | sed 's/^v//')
+          export DARWIN_AMD64_SHA256=$(shasum -a 256 bin/kubeshark_darwin_amd64 | awk '{print $1}')
+          export DARWIN_ARM64_SHA256=$(shasum -a 256 bin/kubeshark_darwin_arm64 | awk '{print $1}')
+          export LINUX_AMD64_SHA256=$(shasum -a 256 bin/kubeshark_linux_amd64 | awk '{print $1}')
+          export LINUX_ARM64_SHA256=$(shasum -a 256 bin/kubeshark_linux_arm64 | awk '{print $1}')
+          envsubst < .github/static/kubeshark.rb.tmpl > homebrew-kubeshark/kubeshark.rb

-      - name: Fetch all tags
-        run: git fetch --force --tags
+          cat homebrew-kubeshark/kubeshark.rb

-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version-file: 'go.mod'
-
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
-        with:
-          distribution: goreleaser
-          version: ${{ env.GITHUB_REF_NAME }}
-          args: release --clean
-        env:
-          GITHUB_TOKEN: ${{ secrets.HOMEBREW_TOKEN }}
-          VER: ${{ steps.version.outputs.tag }}
-          BUILD_TIMESTAMP: ${{ steps.version.outputs.build_timestamp }}
+      - name: Commit and push Homebrew formulae
+        working-directory: homebrew-kubeshark
+        run: |
+          git config --global user.email "bot@kubeshark.io"
+          git config --global user.name "Kubeshark Bot"
+          git add kubeshark.rb
+          git commit -m "Release ${{ steps.version.outputs.tag }}"
+          git push
--- a/13
+++ b/13
@@ -40,6 +40,15 @@ build-base: ## Build binary (select the platform via GOOS / GOARCH env variables
 					-o bin/kubeshark_$(SUFFIX) kubeshark.go && \
 	cd bin && shasum -a 256 kubeshark_${SUFFIX} > kubeshark_${SUFFIX}.sha256

+build-brew: ## Build binary for brew/core CI
+	go build ${GCLFAGS} -ldflags="${LDFLAGS_EXT} \
+					-X 'github.com/kubeshark/kubeshark/misc.GitCommitHash=$(COMMIT_HASH)' \
+					-X 'github.com/kubeshark/kubeshark/misc.Branch=$(GIT_BRANCH)' \
+					-X 'github.com/kubeshark/kubeshark/misc.BuildTimestamp=$(BUILD_TIMESTAMP)' \
+					-X 'github.com/kubeshark/kubeshark/misc.Platform=$(SUFFIX)' \
+					-X 'github.com/kubeshark/kubeshark/misc.Ver=$(VER)'" \
+					-o kubeshark kubeshark.go
+
 build-all: ## Build for all supported platforms.
 	export CGO_ENABLED=0
 	echo "Compiling for every OS and Platform" && \
@@ -70,7 +79,7 @@ kubectl-view-kubeshark-resources: ## This command outputs all Kubernetes resourc
 	./kubectl.sh view-kubeshark-resources

 generate-helm-values: ## Generate the Helm values from config.yaml
-	./bin/kubeshark__ config > ./helm-chart/values.yaml
+	./bin/kubeshark__ config > ./helm-chart/values.yaml && sed -i 's/^license:.*/license: ""/' helm-chart/values.yaml

 generate-manifests: ## Generate the manifests from the Helm chart using default configuration
 	helm template kubeshark -n default ./helm-chart > ./manifests/complete.yaml
@@ -157,7 +166,7 @@ release:
 	@cd ../worker && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../hub && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../front && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
-	@cd ../kubeshark && sed -i 's/^version:.*/version: "$(VERSION)"/' helm-chart/Chart.yaml
+	@cd ../kubeshark && sed -i 's/^version:.*/version: "$(VERSION)"/' helm-chart/Chart.yaml && make && make generate-helm-values && make generate-manifests
 	@git add -A . && git commit -m ":bookmark: Bump the Helm chart version to $(VERSION)" && git push
 	@git tag v$(VERSION) && git push origin --tags
 	@cd helm-chart && cp -r . ../../kubeshark.github.io/charts/chart
--- a/README.md
+++ b/README.md
@@ -22,8 +22,10 @@

 <p align="center">
  <b>
-  <span>NEW: </span>
-  <a href="https://github.com/kubeshark/kubeshark/releases/latest">v51.0.0</a> is out, with significantly improved performance and optimized resource utilization.
+	  NEW: 
+	  <a href="https://github.com/kubeshark/kubeshark/releases/latest">Version 52.1.63</a> 
+	  now available, featuring enhanced 
+	  <a href="https://docs.kubeshark.co/en/half_connections">Network Error Detection & Analysis</a>.
  </b>
 </p>

--- a/cmd/pro.go
+++ b/cmd/pro.go
@@ -42,6 +42,7 @@ func init() {

 	proCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the Kubeshark")
 	proCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the Kubeshark")
+	proCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 }

 func acquireLicense() {
--- a/cmd/tap.go
+++ b/cmd/tap.go
@@ -50,6 +50,8 @@ func init() {
 	tapCmd.Flags().StringSliceP(configStructs.NamespacesLabel, "n", defaultTapConfig.Namespaces, "Namespaces selector")
 	tapCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
 	tapCmd.Flags().Bool(configStructs.PersistentStorageLabel, defaultTapConfig.PersistentStorage, "Enable persistent storage (PersistentVolumeClaim)")
+	tapCmd.Flags().Bool(configStructs.PersistentStorageStaticLabel, defaultTapConfig.PersistentStorageStatic, "Persistent storage static provision")
+	tapCmd.Flags().String(configStructs.EfsFileSytemIdAndPathLabel, defaultTapConfig.EfsFileSytemIdAndPath, "EFS file system ID")
 	tapCmd.Flags().String(configStructs.StorageLimitLabel, defaultTapConfig.StorageLimit, "Override the default storage limit (per node)")
 	tapCmd.Flags().String(configStructs.StorageClassLabel, defaultTapConfig.StorageClass, "Override the default storage class of the PersistentVolumeClaim (per node)")
 	tapCmd.Flags().Bool(configStructs.DryRunLabel, defaultTapConfig.DryRun, "Preview of all pods matching the regex, without tapping them")
--- a/cmd/tapRunner.go
+++ b/cmd/tapRunner.go
@@ -444,12 +444,22 @@ func updateConfig(kubernetesProvider *kubernetes.Provider) {
 		_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_SCRIPTING_ENV, string(data))
 	}

+	ingressEnabled := ""
+	if config.Config.Tap.Ingress.Enabled {
+		ingressEnabled = "true"
+	}
+
 	authEnabled := ""
 	if config.Config.Tap.Auth.Enabled {
 		authEnabled = "true"
 	}
+
+	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_INGRESS_ENABLED, ingressEnabled)
+	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_INGRESS_HOST, config.Config.Tap.Ingress.Host)
+
+	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_PROXY_FRONT_PORT, fmt.Sprint(config.Config.Tap.Proxy.Front.Port))
+
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_ENABLED, authEnabled)
-	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_EMAILS, strings.Join(config.Config.Tap.Auth.ApprovedEmails, ","))
-	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_DOMAINS, strings.Join(config.Config.Tap.Auth.ApprovedDomains, ","))
-	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_TENANTS, strings.Join(config.Config.Tap.Auth.ApprovedTenants, ","))
+	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_TYPE, config.Config.Tap.Auth.Type)
+	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_SAML_IDP_METADATA_URL, config.Config.Tap.Auth.Saml.IdpMetadataUrl)
 }
--- a/config/configStruct.go
+++ b/config/configStruct.go
@@ -27,6 +27,52 @@ func CreateDefaultConfig() ConfigStruct {
 					},
 				},
 			},
+			Capabilities: configStructs.CapabilitiesConfig{
+				NetworkCapture: []string{
+					// NET_RAW is required to listen the network traffic
+					"NET_RAW",
+					// NET_ADMIN is required to listen the network traffic
+					"NET_ADMIN",
+				},
+				ServiceMeshCapture: []string{
+					// SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
+					"SYS_ADMIN",
+					// SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
+					"SYS_PTRACE",
+					// DAC_OVERRIDE is required to read /proc/PID/environ
+					"DAC_OVERRIDE",
+				},
+				KernelModule: []string{
+					// SYS_MODULE is required to install kernel modules
+					"SYS_MODULE",
+				},
+				EBPFCapture: []string{
+					// SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
+					"SYS_ADMIN",
+					// SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
+					"SYS_PTRACE",
+					// SYS_RESOURCE is required to change rlimits for eBPF
+					"SYS_RESOURCE",
+					// IPC_LOCK is required for ebpf perf buffers allocations after some amount of size buffer size:
+					// https://github.com/kubeshark/tracer/blob/13e24725ba8b98216dd0e553262e6d9c56dce5fa/main.go#L82)
+					"IPC_LOCK",
+				},
+			},
+			Auth: configStructs.AuthConfig{
+				Saml: configStructs.SamlConfig{
+					RoleAttribute: "role",
+					Roles: map[string]configStructs.Role{
+						"admin": {
+							Filter:                "",
+							CanReplayTraffic:      true,
+							CanDownloadPCAP:       true,
+							CanUseScripting:       true,
+							CanUpdateTargetedPods: true,
+							ShowAdminConsoleLink:  true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -9,28 +9,30 @@ import (
 )

 const (
-	DockerRegistryLabel    = "docker-registry"
-	DockerTagLabel         = "docker-tag"
-	DockerImagePullPolicy  = "docker-imagePullPolicy"
-	DockerImagePullSecrets = "docker-imagePullSecrets"
-	ProxyFrontPortLabel    = "proxy-front-port"
-	ProxyHubPortLabel      = "proxy-hub-port"
-	ProxyHostLabel         = "proxy-host"
-	NamespacesLabel        = "namespaces"
-	ReleaseNamespaceLabel  = "release-namespace"
-	PersistentStorageLabel = "persistentStorage"
-	StorageLimitLabel      = "storageLimit"
-	StorageClassLabel      = "storageClass"
-	DryRunLabel            = "dryRun"
-	PcapLabel              = "pcap"
-	ServiceMeshLabel       = "serviceMesh"
-	TlsLabel               = "tls"
-	IgnoreTaintedLabel     = "ignoreTainted"
-	IngressEnabledLabel    = "ingress-enabled"
-	TelemetryEnabledLabel  = "telemetry-enabled"
-	DebugLabel             = "debug"
-	ContainerPort          = 80
-	ContainerPortStr       = "80"
+	DockerRegistryLabel          = "docker-registry"
+	DockerTagLabel               = "docker-tag"
+	DockerImagePullPolicy        = "docker-imagePullPolicy"
+	DockerImagePullSecrets       = "docker-imagePullSecrets"
+	ProxyFrontPortLabel          = "proxy-front-port"
+	ProxyHubPortLabel            = "proxy-hub-port"
+	ProxyHostLabel               = "proxy-host"
+	NamespacesLabel              = "namespaces"
+	ReleaseNamespaceLabel        = "release-namespace"
+	PersistentStorageLabel       = "persistentStorage"
+	PersistentStorageStaticLabel = "persistentStorageStatic"
+	EfsFileSytemIdAndPathLabel   = "efsFileSytemIdAndPath"
+	StorageLimitLabel            = "storageLimit"
+	StorageClassLabel            = "storageClass"
+	DryRunLabel                  = "dryRun"
+	PcapLabel                    = "pcap"
+	ServiceMeshLabel             = "serviceMesh"
+	TlsLabel                     = "tls"
+	IgnoreTaintedLabel           = "ignoreTainted"
+	IngressEnabledLabel          = "ingress-enabled"
+	TelemetryEnabledLabel        = "telemetry-enabled"
+	DebugLabel                   = "debug"
+	ContainerPort                = 80
+	ContainerPortStr             = "80"
 )

 type ResourceLimits struct {
@@ -53,7 +55,6 @@ type WorkerConfig struct {
 }

 type HubConfig struct {
-	Port    uint16 `yaml:"port" json:"port" default:"8898"`
 	SrvPort uint16 `yaml:"srvPort" json:"srvPort" default:"8898"`
 }

@@ -76,15 +77,32 @@ type DockerConfig struct {
 }

 type ResourcesConfig struct {
-	Worker ResourceRequirements `yaml:"worker" json:"worker"`
-	Hub    ResourceRequirements `yaml:"hub" json:"hub"`
+	Hub     ResourceRequirements `yaml:"hub" json:"hub"`
+	Sniffer ResourceRequirements `yaml:"sniffer" json:"sniffer"`
+	Tracer  ResourceRequirements `yaml:"tracer" json:"tracer"`
+}
+
+type Role struct {
+	Filter                string `yaml:"filter" json:"filter" default:""`
+	CanReplayTraffic      bool   `yaml:"canReplayTraffic" json:"canReplayTraffic" default:"false"`
+	CanDownloadPCAP       bool   `yaml:"canDownloadPCAP" json:"canDownloadPCAP" default:"false"`
+	CanUseScripting       bool   `yaml:"canUseScripting" json:"canUseScripting" default:"false"`
+	CanUpdateTargetedPods bool   `yaml:"canUpdateTargetedPods" json:"canUpdateTargetedPods" default:"false"`
+	ShowAdminConsoleLink  bool   `yaml:"showAdminConsoleLink" json:"showAdminConsoleLink" default:"false"`
+}
+
+type SamlConfig struct {
+	IdpMetadataUrl string          `yaml:"idpMetadataUrl" json:"idpMetadataUrl"`
+	X509crt        string          `yaml:"x509crt" json:"x509crt"`
+	X509key        string          `yaml:"x509key" json:"x509key"`
+	RoleAttribute  string          `yaml:"roleAttribute" json:"roleAttribute"`
+	Roles          map[string]Role `yaml:"roles" json:"roles"`
 }

 type AuthConfig struct {
-	Enabled         bool     `yaml:"enabled" json:"enabled" default:"false"`
-	ApprovedEmails  []string `yaml:"approvedEmails" json:"approvedEmails"  default:"[]"`
-	ApprovedDomains []string `yaml:"approvedDomains" json:"approvedDomains"  default:"[]"`
-	ApprovedTenants []string `yaml:"approvedTenants" json:"approvedTenants"  default:"[]"`
+	Enabled bool       `yaml:"enabled" json:"enabled" default:"false"`
+	Type    string     `yaml:"type" json:"type" default:"saml"`
+	Saml    SamlConfig `yaml:"saml" json:"saml"`
 }

 type IngressConfig struct {
@@ -105,29 +123,62 @@ type TelemetryConfig struct {
 	Enabled bool `yaml:"enabled" json:"enabled" default:"true"`
 }

+type CapabilitiesConfig struct {
+	NetworkCapture     []string `yaml:"networkCapture" json:"networkCapture"  default:"[]"`
+	ServiceMeshCapture []string `yaml:"serviceMeshCapture" json:"serviceMeshCapture"  default:"[]"`
+	KernelModule       []string `yaml:"kernelModule" json:"kernelModule"  default:"[]"`
+	EBPFCapture        []string `yaml:"ebpfCapture" json:"ebpfCapture"  default:"[]"`
+}
+
+type KernelModuleConfig struct {
+	Enabled         bool   `yaml:"enabled" json:"enabled" default:"true"`
+	Image           string `yaml:"image" json:"image" default:"kubeshark/pf-ring-module:all"`
+	UnloadOnDestroy bool   `yaml:"unloadOnDestroy" json:"unloadOnDestroy" default:"false"`
+}
+
+type MetricsConfig struct {
+	Port uint16 `yaml:"port" json:"port" default:"49100"`
+}
+
+type MiscConfig struct {
+	JsonTTL      string `yaml:"jsonTTL" json:"jsonTTL" default:"5m"`
+	PcapTTL      string `yaml:"pcapTTL" json:"pcapTTL" default:"10s"`
+	PcapErrorTTL string `yaml:"pcapErrorTTL" json:"pcapErrorTTL" default:"60s"`
+}
+
 type TapConfig struct {
-	Docker            DockerConfig          `yaml:"docker" json:"docker"`
-	Proxy             ProxyConfig           `yaml:"proxy" json:"proxy"`
-	PodRegexStr       string                `yaml:"regex" json:"regex" default:".*"`
-	Namespaces        []string              `yaml:"namespaces" json:"namespaces" default:"[]"`
-	Release           ReleaseConfig         `yaml:"release" json:"release"`
-	PersistentStorage bool                  `yaml:"persistentStorage" json:"persistentStorage" default:"false"`
-	StorageLimit      string                `yaml:"storageLimit" json:"storageLimit" default:"500Mi"`
-	StorageClass      string                `yaml:"storageClass" json:"storageClass" default:"standard"`
-	DryRun            bool                  `yaml:"dryRun" json:"dryRun" default:"false"`
-	Resources         ResourcesConfig       `yaml:"resources" json:"resources"`
-	ServiceMesh       bool                  `yaml:"serviceMesh" json:"serviceMesh" default:"true"`
-	Tls               bool                  `yaml:"tls" json:"tls" default:"true"`
-	IgnoreTainted     bool                  `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"`
-	Labels            map[string]string     `yaml:"labels" json:"labels" default:"{}"`
-	Annotations       map[string]string     `yaml:"annotations" json:"annotations" default:"{}"`
-	NodeSelectorTerms []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"`
-	Auth              AuthConfig            `yaml:"auth" json:"auth"`
-	Ingress           IngressConfig         `yaml:"ingress" json:"ingress"`
-	IPv6              bool                  `yaml:"ipv6" json:"ipv6" default:"true"`
-	Debug             bool                  `yaml:"debug" json:"debug" default:"false"`
-	NoKernelModule    bool                  `yaml:"noKernelModule" json:"noKernelModule" default:"false"`
-	Telemetry         TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
+	Docker                    DockerConfig          `yaml:"docker" json:"docker"`
+	Proxy                     ProxyConfig           `yaml:"proxy" json:"proxy"`
+	PodRegexStr               string                `yaml:"regex" json:"regex" default:".*"`
+	Namespaces                []string              `yaml:"namespaces" json:"namespaces" default:"[]"`
+	Release                   ReleaseConfig         `yaml:"release" json:"release"`
+	PersistentStorage         bool                  `yaml:"persistentStorage" json:"persistentStorage" default:"false"`
+	PersistentStorageStatic   bool                  `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"`
+	EfsFileSytemIdAndPath     string                `yaml:"efsFileSytemIdAndPath" json:"efsFileSytemIdAndPath" default:""`
+	StorageLimit              string                `yaml:"storageLimit" json:"storageLimit" default:"500Mi"`
+	StorageClass              string                `yaml:"storageClass" json:"storageClass" default:"standard"`
+	DryRun                    bool                  `yaml:"dryRun" json:"dryRun" default:"false"`
+	Resources                 ResourcesConfig       `yaml:"resources" json:"resources"`
+	ServiceMesh               bool                  `yaml:"serviceMesh" json:"serviceMesh" default:"true"`
+	Tls                       bool                  `yaml:"tls" json:"tls" default:"true"`
+	IgnoreTainted             bool                  `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"`
+	Labels                    map[string]string     `yaml:"labels" json:"labels" default:"{}"`
+	Annotations               map[string]string     `yaml:"annotations" json:"annotations" default:"{}"`
+	NodeSelectorTerms         []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"`
+	Auth                      AuthConfig            `yaml:"auth" json:"auth"`
+	Ingress                   IngressConfig         `yaml:"ingress" json:"ingress"`
+	IPv6                      bool                  `yaml:"ipv6" json:"ipv6" default:"true"`
+	Debug                     bool                  `yaml:"debug" json:"debug" default:"false"`
+	KernelModule              KernelModuleConfig    `yaml:"kernelModule" json:"kernelModule"`
+	Telemetry                 TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
+	DefaultFilter             string                `yaml:"defaultFilter" json:"defaultFilter"`
+	ReplayDisabled            bool                  `yaml:"replayDisabled" json:"replayDisabled" default:"false"`
+	Capabilities              CapabilitiesConfig    `yaml:"capabilities" json:"capabilities"`
+	GlobalFilter              string                `yaml:"globalFilter" json:"globalFilter"`
+	Metrics                   MetricsConfig         `yaml:"metrics" json:"metrics"`
+	TrafficSampleRate         int                   `yaml:"trafficSampleRate" json:"trafficSampleRate" default:"100"`
+	TcpStreamChannelTimeoutMs int                   `yaml:"tcpStreamChannelTimeoutMs" json:"tcpStreamChannelTimeoutMs" default:"10000"`
+	Misc                      MiscConfig            `yaml:"misc" json:"misc"`
 }

 func (config *TapConfig) PodRegex() *regexp.Regexp {
--- a/go.mod
+++ b/go.mod
@@ -3,13 +3,7 @@ module github.com/kubeshark/kubeshark
 go 1.20

 require (
-	github.com/aws/aws-sdk-go-v2 v1.18.1
-	github.com/aws/aws-sdk-go-v2/config v1.18.27
-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0
 	github.com/creasty/defaults v1.5.2
-	github.com/docker/docker v20.10.24+incompatible
-	github.com/docker/go-connections v0.4.0
 	github.com/fsnotify/fsnotify v1.6.0
 	github.com/gin-gonic/gin v1.9.1
 	github.com/goccy/go-yaml v1.11.2
@@ -36,23 +30,7 @@ require (
 	github.com/Masterminds/semver/v3 v3.2.0 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Masterminds/squirrel v1.5.3 // indirect
-	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.26 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 // indirect
-	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bytedance/sonic v1.9.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
@@ -63,7 +41,9 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/cli v20.10.21+incompatible // indirect
 	github.com/docker/distribution v2.8.2+incompatible // indirect
+	github.com/docker/docker v20.10.24+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
@@ -101,7 +81,6 @@ require (
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@@ -161,7 +140,6 @@ require (
 	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.8.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect
--- a/go.sum
+++ b/go.sum
@@ -59,7 +59,6 @@ github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBa
 github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc=
 github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
 github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
-github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
@@ -75,44 +74,6 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
-github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
-github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 h1:dK82zF6kkPeCo8J1e+tGx4JdvDIQzj7ygIoLg8WMuGs=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10/go.mod h1:VeTZetY5KRJLuD/7fkQXMU6Mw7H5m/KP2J5Iy9osMno=
-github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA=
-github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70 h1:4bh28MeeXoBFTjb0JjQ5sVatzlf5xA1DziV8mZed9v4=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70/go.mod h1:9yI5NXzqy2yOiMytv6QLZHvlyHLwYxO9iIq+bZIbrFg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 h1:wscW+pnn3J1OYnanMnza5ZVYXLX4cKk5rAvUAl4Qu+c=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26/go.mod h1:MtYiox5gvyB+OyP0Mr0Sm/yzbEAIPL9eijj/ouHAPw0=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 h1:y2+VQzC6Zh2ojtV2LoC0MNwHWc6qXv/j2vrQtlftkdA=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11/go.mod h1:iV4q2hsqtNECrfmlXyord9u4zyuFEJX9eLgLpSPzWA8=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 h1:zZSLP3v3riMOP14H7b4XP0uyfREDQOYv2cqIrvTXDNQ=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29/go.mod h1:z7EjRjVwZ6pWcWdI2H64dKttvzaP99jRIj5hphW0M5U=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 h1:dBL3StFxHtpBzJJ/mNEsjXVgfO+7jR0dAIEwLqMapEA=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3/go.mod h1:f1QyiAsvIv4B49DmCqrhlXqyaR+0IxMmyX+1P+AnzOM=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0 h1:ya7fmrN2fE7s1P2gaPbNg5MTkERVWfsH8ToP1YC4Z9o=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0/go.mod h1:aVbf0sko/TsLWHx30c/uVu7c62+0EAJ3vbxaJga0xCw=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg=
-github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
-github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -323,7 +284,6 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-github/v37 v37.0.0 h1:rCspN8/6kB1BAJWZfuafvHhyfIo5fkAulaP/3bOQ/tM=
@@ -411,10 +371,6 @@ github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
-github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
@@ -991,7 +947,6 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
-golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kubeshark
-version: "51.0.37"
+version: "52.1.66"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.co
 keywords:
--- a/helm-chart/PF_RING.md
+++ b/helm-chart/PF_RING.md
@@ -0,0 +1,152 @@
+# PF_RING
+
+<!-- TOC -->
+
+- [PF\_RING](#pf_ring)
+  - [Overview](#overview)
+  - [Loading PF\_RING module on Kubernetes nodes](#loading-pf_ring-module-on-kubernetes-nodes)
+    - [Pre-built kernel module exists and external egress allowed](#pre-built-kernel-module-exists-and-external-egress-allowed)
+    - [Pre-built kernel module doesn't exist or external egress isn't allowed](#pre-built-kernel-module-doesnt-exist-or-external-egress-isnt-allowed)
+  - [Appendix A: PF\_RING kernel module compilation](#appendix-a-pf_ring-kernel-module-compilation)
+    - [Automated complilation](#automated-complilation)
+    - [Manual compilation](#manual-compilation)
+
+<!-- /TOC -->
+
+## Overview
+
+PF_RING™ is an advanced Linux kernel module and user-space framework designed for high-speed packet processing. It offers a uniform API for packet processing applications, enabling efficient handling of large volumes of network data.
+
+For comprehensive information on PF_RING™, please visit the [User's Guide]((https://www.ntop.org/guides/pf_ring) and access detailed [API Documentation](http://www.ntop.org/guides/pf_ring_api/files.html).
+
+## Loading PF_RING module on Kubernetes nodes
+
+PF_RING kernel module loading is performed via of the `worker` component pod.
+The target container `tap.kernelModule.image` must contain `pf_ring.ko` file under path `/opt/lib/modules/<kernel version>/pf_ring.ko`.
+Kubeshark provides ready to use containers with kernel modules for the most popular kernel versions running in different managed clouds.
+
+Prior to deploying `kubeshark` with PF_RING enabled, it is essential to verify if a PF_RING kernel module is already built for your kernel version.
+Kubeshark provides additional CLI tool for this purpose - [pf-ring-compiler](https://github.com/kubeshark/pf-ring-compiler).
+
+Compatibility verification can be done by running:
+
+```bash
+pfring-compiler compatibility
+```
+
+This command checks for the availability of kernel modules for the kernel versions running across all nodes in the Kubernetes cluster.
+
+Example output for a compatible cluster:
+
+```bash
+Node                                          Kernel Version                 Supported
+ip-192-168-77-230.us-west-2.compute.internal  5.10.199-190.747.amzn2.x86_64  true
+ip-192-168-34-216.us-west-2.compute.internal  5.10.199-190.747.amzn2.x86_64  true
+
+Cluster is compatible
+```
+
+Another option to verify availability of kernel modules is just inspecting available kernel module versions via:
+
+```bash
+curl https://api.kubeshark.co/kernel-modules/meta/versions.jso
+```
+
+Based on Kubernetes cluster compatibility and external connection capabilities, user has two options:
+
+1. Use Kubeshark provided container `kubeshark/pf-ring-module`
+2. Build custom container with required kernel module version. 
+
+### Pre-built kernel module exists and external egress allowed
+
+In this case no additional configuration required.
+Kubeshark will load PF_RING kernel module from the default `kubeshark/pf-ring-module:all` container.
+
+### Pre-built kernel module doesn't exist or external egress isn't allowed
+
+In this case building custom Docker image is required.
+
+1. Compile PF_RING kernel module for target version
+
+Skip if you have `pf_ring.ko` for the target kernel version.
+Otherwise, follow [Appendix A](#appendix-a-pf_ring-kernel-module-compilation) for details.
+
+2. Build container
+
+The same build process Kubeshark has can be reused (follow [pfring-compilier](https://github.com/kubeshark/pf-ring-compiler/tree/main/modules) for details).
+
+3. Configure Helm values
+
+```yaml
+tap:
+  kernelModule:
+    image: <container from stage 2>
+```
+
+
+## Appendix A: PF_RING kernel module compilation
+
+PF_RING kernel module compilation can be completed automatically or manually.
+
+### Automated complilation
+
+In case your Kubernetes workers run supported Linux distribution, `kubeshark` CLI can be used to build PF_RING module:
+
+```bash
+pfring-compiler compile --target <distro>
+```
+
+This command requires:
+
+- kubectl to be installed and configured with a proper context
+- egress connection to Internet available
+
+This command:
+
+1. Runs Kubernetes job with build container
+2. Waits for job to be completed
+3. Downloads `pf-ring-<kernel version>.ko` file into the current folder.
+4. Cleans up created job.
+
+Currently supported distros:
+
+- Ubuntu
+- RHEL 9
+- Amazon Linux 2
+
+### Manual compilation
+
+The process description is based on Ubuntu 22.04 distribution.
+
+1. Get terminal access to the node with target kernel version
+This can be done either via SSH directly to node or with debug container running on the target node:
+
+```bash
+kubectl debug node/<target node> -it --attach=true --image=ubuntu:22.04
+```
+
+2. Install build tools and kernel headers
+
+```bash
+apt update
+apt install -y gcc build-essential make git wget tar gzip
+apt install -y linux-headers-$(uname -r)
+```
+
+3. Download PF_RING source code
+
+```bash
+wget https://github.com/ntop/PF_RING/archive/refs/tags/8.4.0.tar.gz
+tar -xf 8.4.0.tar.gz
+cd PF_RING-8.4.0/kernel
+```
+
+4. Compile the kernel module
+
+```bash
+make KERNEL_SRC=/usr/src/linux-headers-$(uname -r)
+```
+
+5. Copy `pf_ring.ko` to the local file system.
+
+Use `scp` or `kubectl cp` depending on type of access(SSH or debug pod).
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@@ -1,6 +1,6 @@
 # Helm Chart of Kubeshark

-## Officially
+## Official

 Add the Helm repo for Kubeshark:

@@ -14,7 +14,7 @@ then install Kubeshark:
 helm install kubeshark kubeshark/kubeshark
 ```

-## Locally
+## Local

 Clone the repo:

@@ -41,7 +41,7 @@ Uninstall Kubeshark:
 helm uninstall kubeshark
 ```

-## Accesing
+## Port-forward

 Do the port forwarding:

@@ -51,30 +51,13 @@ kubectl port-forward service/kubeshark-front 8899:80

 Visit [localhost:8899](http://localhost:8899)

-## Installing with Ingress (EKS) and enable Auth
+
+## Increase the Worker's Storage Limit
+
+For example, change from the default 500Mi to 5Gi:

 ```shell
-helm install kubeshark kubeshark/kubeshark -f values.yaml
-```
-
-Set this `value.yaml`:
-```shell
-tap:
-  auth:
-    enabled: true
-    approvedEmails:
-    - john.doe@example.com
-    approvedDomains: []
-    approvedTenants: []
-  ingress:
-    enabled: true
-    className: "alb"
-    host: ks.example.com
-    tls: []
-    annotations:
-      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:7..8:certificate/b...65c
-      alb.ingress.kubernetes.io/target-type: ip
-      alb.ingress.kubernetes.io/scheme: internet-facing
+--set tap.storageLimit=5Gi
 ```

 ## Add a License
@@ -87,14 +70,26 @@ When it's necessary, you can use:

 Get your license from Kubeshark's [Admin Console](https://console.kubeshark.co/).

-## Increase the Worker's Storage Limit
-
-For example, change from the default 500Mi to 1Gi:
+## Installing with Ingress (EKS) enabled

 ```shell
--set tap.storageLimit=1Gi
+helm install kubeshark kubeshark/kubeshark -f values.yaml
 ```
- 
+
+Set this `value.yaml`:
+```shell
+tap:
+  ingress:
+    enabled: true
+    className: "alb"
+    host: ks.example.com
+    tls: []
+    annotations:
+      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:7..8:certificate/b...65c
+      alb.ingress.kubernetes.io/target-type: ip
+      alb.ingress.kubernetes.io/scheme: internet-facing
+```
+
 ## Disabling IPV6

 Not all have IPV6 enabled, hence this has to be disabled as follows:
@@ -104,6 +99,10 @@ helm install kubeshark kubeshark/kubeshark \
  --set tap.ipv6=false
 ```

+## Metrics
+
+Please refer to [metrics](./metrics.md) documentation for details.
+
 ## Configuration

 | Parameter                                 | Description                                   | Default                                                 |
@@ -122,6 +121,8 @@ helm install kubeshark kubeshark/kubeshark \
 | `tap.release.name`                        | Helm release name                          | `kubeshark`                                             |
 | `tap.release.namespace`                   | Helm release namespace                | `default`                                               |
 | `tap.persistentStorage`                   | Use `persistentVolumeClaim` instead of `emptyDir` | `false`                                                |
+| `tap.persistentStorageStatic`             | Use static persistent volume provisioning (explicitly defined `PersistentVolume` ) | `false`                                                      |
+| `tap.efsFileSytemIdAndPath`               | [EFS file system ID and, optionally, subpath and/or access point](https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/examples/kubernetes/access_points/README.md) `<FileSystemId>:<Path>:<AccessPointId>`     | ""                                                           |
 | `tap.storageLimit`                        | Limit of either the `emptyDir` or `persistentVolumeClaim`                  | `500Mi`                                                 |
 | `tap.storageClass`                        | Storage class of the `PersistentVolumeClaim`          | `standard`                                              |
 | `tap.dryRun`                              | Preview of all pods matching the regex, without tapping them                    | `false`                                                 |
@@ -141,8 +142,14 @@ helm install kubeshark kubeshark/kubeshark \
 | `tap.annotations`                         | Kubernetes annotations to apply to all Kubeshark resources | `{}`                                                |
 | `tap.nodeSelectorTerms`                   | Node selector terms                           | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` |
 | `tap.auth.enabled`                        | Enable authentication                         | `false`                                                 |
+| `tap.auth.type`                           | Authentication type (1 option available: `saml`)      | `saml`                                              |
 | `tap.auth.approvedEmails`                 | List of approved email addresses for authentication              | `[]`                                                    |
 | `tap.auth.approvedDomains`                | List of approved email domains for authentication                | `[]`                                                    |
+| `tap.auth.saml.idpMetadataUrl`                    | SAML IDP metadata URL <br/>(effective, if `tap.auth.type = saml`)                                  | ``                                                      |
+| `tap.auth.saml.x509crt`                   | A self-signed X.509 `.cert` contents <br/>(effective, if `tap.auth.type = saml`)          | ``                                                      |
+| `tap.auth.saml.x509key`                   | A self-signed X.509 `.key` contents <br/>(effective, if `tap.auth.type = saml`)           | ``                                                      |
+| `tap.auth.saml.roleAttribute`             | A SAML attribute name corresponding to user's authorization role <br/>(effective, if `tap.auth.type = saml`)  | `role` |
+| `tap.auth.saml.roles`                     | A list of SAML authorization roles and their permissions <br/>(effective, if `tap.auth.type = saml`)  | `{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}` |
 | `tap.ingress.enabled`                     | Enable `Ingress`                                | `false`                                                 |
 | `tap.ingress.className`                   | Ingress class name                            | `""`                                                    |
 | `tap.ingress.host`                        | Host of the `Ingress`                          | `ks.svc.cluster.local`                                  |
@@ -150,8 +157,12 @@ helm install kubeshark kubeshark/kubeshark \
 | `tap.ingress.annotations`                 | `Ingress` annotations                           | `{}`                                                    |
 | `tap.ipv6`                                | Enable IPv6 support for the front-end                        | `true`                                                  |
 | `tap.debug`                               | Enable debug mode                             | `false`                                                 |
-| `tap.noKernelModule`                      | Do not install `PF_RING` kernel module       | `false`                                                 |
+| `tap.kernelModule.enabled`                | Use PF_RING kernel module([details](PF_RING.md))      | `true`                                                 |
+| `tap.kernelModule.image`                  | Container image containing PF_RING kernel module with supported kernel version([details](PF_RING.md))      | "kubeshark/pf-ring-module:all"                                                 |
+| `tap.kernelModule.unloadOnDestroy`        | Create additional container which watches for pod termination and unloads PF_RING kernel module. | `false`|
 | `tap.telemetry.enabled`                   | Enable anonymous usage statistics collection           | `true`                                                  |
+| `tap.defaultFilter`                       | Sets the default dashboard KFL filter (e.g. `http`)        | `""`                                                  |
+| `tap.globalFilter`                        | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field.       | `""`                                        |
 | `logs.file`                               | Logs dump path                      | `""`                                                    |
 | `kube.configPath`                         | Path to the `kubeconfig` file (`$HOME/.kube/config`)            | `""`                                                    |
 | `kube.context`                            | Kubernetes context to use for the deployment  | `""`                                                    |
@@ -161,3 +172,74 @@ helm install kubeshark kubeshark/kubeshark \
 | `scripting.env`                           | Environment variables for the scripting      | `{}`                                                    |
 | `scripting.source`                        | Source directory of the scripts                | `""`                                                    |
 | `scripting.watchScripts`                  | Enable watch mode for the scripts in source directory          | `true`                                                  |
+| `tap.metrics.port`                  | Pod port used to expose Prometheus metrics          | `49100`                                                  |
+
+KernelMapping pairs kernel versions with a
+                            DriverContainer image. Kernel versions can be matched
+                            literally or using a regular expression
+
+## Installing with SAML enabled
+
+### Prerequisites:
+
+##### 1. Generate X.509 certificate & key (TL;DR: https://ubuntu.com/server/docs/security-certificates)
+
+**Example:**
+```
+openssl genrsa -out mykey.key 2048
+openssl req -new -key mykey.key -out mycsr.csr
+openssl x509 -signkey mykey.key -in mycsr.csr -req -days 365 -out mycert.crt
+```
+
+**What you get:**
+- `mycert.crt` - use it for `tap.auth.saml.x509crt`
+- `mykey.key` - use it for `tap.auth.saml.x509crt`
+
+##### 2. Prepare your SAML IDP
+
+You should set up the required SAML IDP (Google, Auth0, your custom IDP, etc.)
+
+During setup, an IDP provider will typically request to enter:
+- Metadata URL
+- ACS URL (Assertion Consumer Service URL, aka Callback URL)
+- SLO URL (Single Logout URL)
+
+Correspondingly, you will enter these (if you run the most default Kubeshark setup):
+- [http://localhost:8899/saml/metadata](http://localhost:8899/saml/metadata)
+- [http://localhost:8899/saml/acs](http://localhost:8899/saml/acs)
+- [http://localhost:8899/saml/slo](http://localhost:8899/saml/slo)
+
+Otherwise, if you have `tap.ingress.enabled == true`, change protocol & domain respectively - showing example domain:
+- [https://kubeshark.example.com/saml/metadata](https://kubeshark.example.com/saml/metadata)
+- [https://kubeshark.example.com/saml/acs](https://kubeshark.example.com/saml/acs)
+- [https://kubeshark.example.com/saml/slo](https://kubeshark.example.com/saml/slo)
+
+```shell
+helm install kubeshark kubeshark/kubeshark -f values.yaml
+```
+
+Set this `value.yaml`:
+```shell
+tap:
+  auth:
+    enabled: true
+    type: saml
+    saml:
+      idpMetadataUrl: "https://tiptophelmet.us.auth0.com/samlp/metadata/MpWiDCMMB5ShU1HRnhdb1sHM6VWqdnDG"
+      x509crt: |
+        -----BEGIN CERTIFICATE-----
+        MIIDlTCCAn0CFFRUzMh+dZvp+FvWd4gRaiBVN8EvMA0GCSqGSIb3DQEBCwUAMIGG
+        MSQwIgYJKoZIhvcNAQkBFhV3ZWJtYXN0ZXJAZXhhbXBsZS5jb20wHhcNMjMxMjI4
+        ........<redacted: please, generate your own X.509 cert>........
+        ZMzM7YscqZwoVhTOhrD4/5nIfOD/hTWG/MBe2Um1V1IYF8aVEllotTKTgsF6ZblA
+        miCOgl6lIlZy
+        -----END CERTIFICATE-----
+      x509key: |
+        -----BEGIN PRIVATE KEY-----
+        MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDlgDFKsRHj+mok
+        euOF0IpwToOEpQGtafB75ytv3psD/tQAzEIug+rkDriVvsfcvafj0qcaTeYvnCoz
+        ........<redacted: please, generate your own X.509 key>.........
+        sUpBCu0E3nRJM/QB2ui5KhNR7uvPSL+kSsaEq19/mXqsL+mRi9aqy2wMEvUSU/kt
+        UaV5sbRtTzYLxpOSQyi8CEFA+A==
+        -----END PRIVATE KEY-----
+```
--- a/helm-chart/metrics.md
+++ b/helm-chart/metrics.md
@@ -0,0 +1,55 @@
+# Metrics
+
+Kubeshark provides metrics from `worker` components.
+It can be useful for monitoring and debugging purpose.
+
+## Configuration
+
+By default, Kubeshark uses port `49100` to expose metrics via service `kubeshark-worker-metrics`.
+
+In case you use [kube-prometheus-stack] (https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) community Helm chart, additional scrape configuration for Kubeshark worker metrics endpoint can be configured with values:
+
+```
+prometheus:
+  enabled: true
+  prometheusSpec:
+    additionalScrapeConfigs: |
+      - job_name: 'kubeshark-worker-metrics'
+        kubernetes_sd_configs:
+          - role: endpoints
+        relabel_configs:
+          - source_labels: [__meta_kubernetes_pod_name]
+            target_label: pod
+          - source_labels: [__meta_kubernetes_pod_node_name]
+            target_label: node
+          - source_labels: [__meta_kubernetes_endpoint_port_name]
+            action: keep
+            regex: ^metrics$
+          - source_labels: [__address__, __meta_kubernetes_endpoint_port_number]
+            action: replace
+            regex: ([^:]+)(?::\d+)?
+            replacement: $1:49100
+            target_label: __address__
+          - action: labelmap
+            regex: __meta_kubernetes_service_label_(.+)
+```
+
+
+## Available metrics
+
+| Name | Type | Description | 
+| --- | --- | --- | 
+| kubeshark_received_packets_total | Counter | Total number of packets received | 
+| kubeshark_dropped_packets_total | Counter | Total number of packets dropped | 
+| kubeshark_processed_bytes_total | Counter | Total number of bytes processed |
+| kubeshark_tcp_packets_total | Counter | Total number of TCP packets | 
+| kubeshark_dns_packets_total | Counter | Total number of DNS packets | 
+| kubeshark_icmp_packets_total | Counter | Total number of ICMP packets | 
+| kubeshark_reassembled_tcp_payloads_total | Counter | Total number of reassembled TCP payloads |
+| kubeshark_matched_pairs_total | Counter | Total number of matched pairs | 
+| kubeshark_dropped_tcp_streams_total | Counter | Total number of dropped TCP streams | 
+| kubeshark_live_tcp_streams | Gauge | Number of live TCP streams |
+
+## Ready-to-use Dashboard
+
+You can import a ready-to-use dashboard from [Grafana's Dashboards Portal](https://grafana.com/grafana/dashboards/20359-kubeshark-dashboard-v1-0-003/).
--- a/helm-chart/templates/02-cluster-role.yaml
+++ b/helm-chart/templates/02-cluster-role.yaml
@@ -8,7 +8,7 @@ metadata:
  {{- if .Values.tap.annotations }}
    {{- toYaml .Values.tap.annotations | nindent 4 }}
  {{- end }}
-  name: kubeshark-cluster-role
+  name: kubeshark-cluster-role-{{ .Release.Namespace }}
  namespace: {{ .Release.Namespace }}
 rules:
  - apiGroups:
@@ -50,3 +50,4 @@ rules:
      - get
      - watch
      - update
+      - patch
--- a/helm-chart/templates/03-cluster-role-binding.yaml
+++ b/helm-chart/templates/03-cluster-role-binding.yaml
@@ -8,12 +8,12 @@ metadata:
  {{- if .Values.tap.annotations }}
    {{- toYaml .Values.tap.annotations | nindent 4 }}
  {{- end }}
-  name: kubeshark-cluster-role-binding
+  name: kubeshark-cluster-role-binding-{{ .Release.Namespace }}
  namespace: {{ .Release.Namespace }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: kubeshark-cluster-role
+  name: kubeshark-cluster-role-{{ .Release.Namespace }}
 subjects:
  - kind: ServiceAccount
    name: {{ include "kubeshark.serviceAccountName" . }}
--- a/helm-chart/templates/04-hub-deployment.yaml
+++ b/helm-chart/templates/04-hub-deployment.yaml
@@ -41,6 +41,8 @@ spec:
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
+          - name: KUBESHARK_CLOUD_API_URL
+            value: 'https://api.kubeshark.co'
          image: '{{ .Values.tap.docker.registry }}/hub:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
          imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
          readinessProbe:
@@ -64,3 +66,21 @@ spec:
            requests:
              cpu: {{ .Values.tap.resources.hub.requests.cpu }}
              memory: {{ .Values.tap.resources.hub.requests.memory }}
+          volumeMounts:
+          - name: saml-x509-volume
+            mountPath: "/etc/saml/x509"
+            readOnly: true
+      volumes:
+      - name: saml-x509-volume
+        projected:
+          sources:
+          - secret:
+              name: kubeshark-saml-x509-crt-secret
+              items:
+              - key: AUTH_SAML_X509_CRT
+                path: kubeshark.crt
+          - secret:
+              name: kubeshark-saml-x509-key-secret
+              items:
+              - key: AUTH_SAML_X509_KEY
+                path: kubeshark.key
--- a/helm-chart/templates/06-front-deployment.yaml
+++ b/helm-chart/templates/06-front-deployment.yaml
@@ -25,13 +25,15 @@ spec:
      containers:
        - env:
            - name: REACT_APP_DEFAULT_FILTER
-              value: ' '
-            - name: REACT_APP_HUB_HOST
-              value: ' '
-            - name: REACT_APP_HUB_PORT
-              value: '{{ .Values.tap.ingress.enabled | ternary "/api" (print ":" .Values.tap.proxy.front.port "/api") }}'
+              value: '{{ not (eq .Values.tap.defaultFilter "") | ternary .Values.tap.defaultFilter " " }}'
            - name: REACT_APP_AUTH_ENABLED
              value: '{{ .Values.tap.auth.enabled }}'
+            - name: REACT_APP_AUTH_TYPE
+              value: '{{ not (eq .Values.tap.auth.type "") | ternary .Values.tap.auth.type " " }}'
+            - name: REACT_APP_AUTH_SAML_IDP_METADATA_URL
+              value: '{{ not (eq .Values.tap.auth.saml.idpMetadataUrl "") | ternary .Values.tap.auth.saml.idpMetadataUrl " " }}'
+            - name: REACT_APP_REPLAY_DISABLED
+              value: '{{ .Values.tap.replayDisabled }}'
          image: '{{ .Values.tap.docker.registry }}/front:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
          imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
          name: kubeshark-front
--- a/helm-chart/templates/08-persistent-volume-claim.yaml
+++ b/helm-chart/templates/08-persistent-volume-claim.yaml
@@ -1,4 +1,25 @@
 ---
+{{- if .Values.tap.persistentStorageStatic }}
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: kubeshark-persistent-volume
+  namespace: {{ .Release.Namespace }}
+spec:
+  capacity:
+    storage: {{ .Values.tap.storageLimit }}
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: {{ .Values.tap.storageClass }}
+  {{- if .Values.tap.efsFileSytemIdAndPath }}
+  csi:
+    driver: efs.csi.aws.com
+    volumeHandle: {{ .Values.tap.efsFileSytemIdAndPath }}
+  {{ end }}
+---
+{{ end }}
 {{- if .Values.tap.persistentStorage }}
 apiVersion: v1
 kind: PersistentVolumeClaim
--- a/helm-chart/templates/09-worker-daemon-set.yaml
+++ b/helm-chart/templates/09-worker-daemon-set.yaml
@@ -25,6 +25,23 @@ spec:
      name: kubeshark-worker-daemon-set
      namespace: kubeshark
    spec:
+    {{- if .Values.tap.kernelModule.enabled }}
+      initContainers:
+      - name: load-pf-ring
+        image: {{ .Values.tap.kernelModule.image }}
+        imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
+        securityContext:
+          capabilities:
+            add:
+              {{- range .Values.tap.capabilities.kernelModule }}
+              {{ print "- " . }}
+              {{- end }}
+            drop:
+              - ALL
+        volumeMounts:
+        - name: lib-modules
+          mountPath: /lib/modules
+    {{- end }}
      containers:
        - command:
            - ./worker
@@ -32,20 +49,29 @@ spec:
            - any
            - -port
            - '{{ .Values.tap.proxy.worker.srvPort }}'
+            - -metrics-port
+            - '{{ .Values.tap.metrics.port }}'
+            - -unixsocket
          {{- if .Values.tap.serviceMesh }}
            - -servicemesh
          {{- end }}
            - -procfs
            - /hostproc
+          {{- if .Values.tap.kernelModule.enabled }}
+            - -kernel-module
+          {{- end }}
          {{- if .Values.tap.debug }}
            - -debug
-          {{- end }}
-          {{- if .Values.tap.noKernelModule }}
-            - -no-kernel-module
+            - -dumptracer
+            - "100000000"
          {{- end }}
          image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
          imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
          name: sniffer
+          ports:
+            - containerPort: {{ .Values.tap.metrics.port }}
+              protocol: TCP
+              name: metrics
          env:
          - name: POD_NAME
            valueFrom:
@@ -55,23 +81,28 @@ spec:
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
+          - name: TCP_STREAM_CHANNEL_TIMEOUT_MS
+            value: '{{ .Values.tap.tcpStreamChannelTimeoutMs }}'
+          - name: KUBESHARK_CLOUD_API_URL
+            value: 'https://api.kubeshark.co'
          resources:
            limits:
-              cpu: {{ .Values.tap.resources.worker.limits.cpu }}
-              memory: {{ .Values.tap.resources.worker.limits.memory }}
+              cpu: {{ .Values.tap.resources.sniffer.limits.cpu }}
+              memory: {{ .Values.tap.resources.sniffer.limits.memory }}
            requests:
-              cpu: {{ .Values.tap.resources.worker.requests.cpu }}
-              memory: {{ .Values.tap.resources.worker.requests.memory }}
+              cpu: {{ .Values.tap.resources.sniffer.requests.cpu }}
+              memory: {{ .Values.tap.resources.sniffer.requests.memory }}
          securityContext:
            capabilities:
              add:
-                - NET_RAW
-                - NET_ADMIN
-                - SYS_ADMIN
-                - SYS_PTRACE
-                - DAC_OVERRIDE
-                - SYS_MODULE
-                - CHECKPOINT_RESTORE
+                {{- range .Values.tap.capabilities.networkCapture }}
+                {{ print "- " . }}
+                {{- end }}
+                {{- if .Values.tap.serviceMesh }}
+                {{- range .Values.tap.capabilities.serviceMeshCapture }}
+                {{ print "- " . }}
+                {{- end }}
+                {{- end }}
              drop:
                - ALL
          readinessProbe:
@@ -97,6 +128,20 @@ spec:
              readOnly: true
            - mountPath: /app/data
              name: data
+      {{- if and (eq .Values.tap.kernelModule.enabled true) (eq .Values.tap.kernelModule.unloadOnDestroy true) }}
+        - name: unload-pf-ring
+          image: {{ .Values.tap.kernelModule.image }}
+          command: ["/bin/sh"]
+          args: ["-c", "trap 'rmmod pf_ring && sleep 3' SIGTERM; while true; do sleep 1; done"] 
+          securityContext:
+            capabilities:
+              add:
+                {{- range .Values.tap.capabilities.kernelModule }}
+                {{ print "- " . }}
+                {{- end }}
+              drop:
+                - ALL
+      {{- end }}
      {{- if .Values.tap.tls }}
        - command:
            - ./tracer
@@ -117,16 +162,19 @@ spec:
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
+          resources:
+            limits:
+              cpu: {{ .Values.tap.resources.tracer.limits.cpu }}
+              memory: {{ .Values.tap.resources.tracer.limits.memory }}
+            requests:
+              cpu: {{ .Values.tap.resources.tracer.requests.cpu }}
+              memory: {{ .Values.tap.resources.tracer.requests.memory }}
          securityContext:
            capabilities:
              add:
-                - NET_RAW
-                - NET_ADMIN
-                - SYS_ADMIN
-                - SYS_PTRACE
-                - DAC_OVERRIDE
-                - SYS_RESOURCE
-                - CHECKPOINT_RESTORE
+                {{- range .Values.tap.capabilities.ebpfCapture }}
+                {{ print "- " . }}
+                {{- end }}
              drop:
                - ALL
          volumeMounts:
@@ -164,6 +212,9 @@ spec:
        - hostPath:
            path: /sys
          name: sys
+        - name: lib-modules
+          hostPath:
+            path: /lib/modules
        - name: data
 {{- if .Values.tap.persistentStorage }}
          persistentVolumeClaim:
--- a/helm-chart/templates/11-nginx-config-map.yaml
+++ b/helm-chart/templates/11-nginx-config-map.yaml
@@ -16,6 +16,10 @@ data:
      access_log /dev/stdout;
      error_log /dev/stdout;

+      client_body_buffer_size     64k;
+      client_header_buffer_size   32k;
+      large_client_header_buffers 8 64k;
+
      location /api {
        rewrite ^/api(.*)$ $1 break;
        proxy_pass http://kubeshark-hub;
@@ -31,6 +35,17 @@ data:
        proxy_pass_request_headers      on;
      }

+      location /saml {
+        rewrite ^/saml(.*)$ /saml$1 break;
+        proxy_pass http://kubeshark-hub;
+        proxy_set_header   X-Forwarded-For $remote_addr;
+        proxy_set_header   Host $http_host;
+        proxy_connect_timeout 4s;
+        proxy_read_timeout 120s;
+        proxy_send_timeout 12s;
+        proxy_pass_request_headers on;
+      }
+
      location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
--- a/helm-chart/templates/12-config-map.yaml
+++ b/helm-chart/templates/12-config-map.yaml
@@ -9,10 +9,19 @@ metadata:
 data:
    POD_REGEX: '{{ .Values.tap.regex }}'
    NAMESPACES: '{{ gt (len .Values.tap.namespaces) 0 | ternary (join "," .Values.tap.namespaces) "" }}'
-    SCRIPTING_ENV: '{{ .Values.scripting.env | toJson }}'
    SCRIPTING_SCRIPTS: '{}'
+    INGRESS_ENABLED: '{{ .Values.tap.ingress.enabled }}'
+    INGRESS_HOST: '{{ .Values.tap.ingress.host }}'
+    PROXY_FRONT_PORT: '{{ .Values.tap.proxy.front.port }}'
    AUTH_ENABLED: '{{ .Values.tap.auth.enabled | ternary "true" "" }}'
-    AUTH_APPROVED_EMAILS: '{{ gt (len .Values.tap.auth.approvedEmails) 0 | ternary (join "," .Values.tap.auth.approvedEmails) "" }}'
-    AUTH_APPROVED_DOMAINS: '{{ gt (len .Values.tap.auth.approvedDomains) 0 | ternary (join "," .Values.tap.auth.approvedDomains) "" }}'
-    AUTH_APPROVED_TENANTS: '{{ gt (len .Values.tap.auth.approvedTenants) 0 | ternary (join "," .Values.tap.auth.approvedTenants) "" }}'
+    AUTH_TYPE: '{{ .Values.tap.auth.type }}'
+    AUTH_SAML_IDP_METADATA_URL: '{{ .Values.tap.auth.saml.idpMetadataUrl }}'
+    AUTH_SAML_ROLE_ATTRIBUTE: '{{ .Values.tap.auth.saml.roleAttribute }}'
+    AUTH_SAML_ROLES: '{{ .Values.tap.auth.saml.roles | toJson }}'
    TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}'
+    REPLAY_DISABLED: '{{ .Values.tap.replayDisabled | ternary "true" "" }}'
+    GLOBAL_FILTER: {{ include "kubeshark.escapeDoubleQuotes" .Values.tap.globalFilter | quote }}
+    TRAFFIC_SAMPLE_RATE: '{{ .Values.tap.trafficSampleRate }}'
+    JSON_TTL: '{{ .Values.tap.misc.jsonTTL }}'
+    PCAP_TTL: '{{ .Values.tap.misc.pcapTTL }}'
+    PCAP_ERROR_TTL: '{{ .Values.tap.misc.pcapErrorTTL }}'
--- a/helm-chart/templates/13-secret.yaml
+++ b/helm-chart/templates/13-secret.yaml
@@ -8,3 +8,34 @@ metadata:
    {{- include "kubeshark.labels" . | nindent 4 }}
 stringData:
    LICENSE: '{{ .Values.license }}'
+    SCRIPTING_ENV: '{{ .Values.scripting.env | toJson }}'
+
+---
+
+kind: Secret
+apiVersion: v1
+metadata:
+  name: kubeshark-saml-x509-crt-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubeshark.co/app: hub
+    {{- include "kubeshark.labels" . | nindent 4 }}
+stringData:
+  AUTH_SAML_X509_CRT: |
+    {{ .Values.tap.auth.saml.x509crt | nindent 4 }}
+
+---
+
+kind: Secret
+apiVersion: v1
+metadata:
+  name: kubeshark-saml-x509-key-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubeshark.co/app: hub
+    {{- include "kubeshark.labels" . | nindent 4 }}
+stringData:
+  AUTH_SAML_X509_KEY: |
+    {{ .Values.tap.auth.saml.x509key | nindent 4 }}
+
+---
--- a/helm-chart/templates/14-openshift-security-context-constraints.yaml
+++ b/helm-chart/templates/14-openshift-security-context-constraints.yaml
@@ -27,7 +27,6 @@ allowedCapabilities:
  - SYS_PTRACE
  - DAC_OVERRIDE
  - SYS_RESOURCE
-  - CHECKPOINT_RESTORE
  - SYS_MODULE
 runAsUser:
  type: RunAsAny
--- a/helm-chart/templates/15-worker-service-metrics.yaml
+++ b/helm-chart/templates/15-worker-service-metrics.yaml
@@ -0,0 +1,18 @@
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: kubeshark-worker-metrics
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    prometheus.io/scrape: 'true'
+    prometheus.io/port: '{{ .Values.tap.metrics.port }}'
+spec:
+  selector:
+    app.kubeshark.co/app: worker
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  ports:
+  - name: metrics
+    protocol: TCP
+    port: {{ .Values.tap.metrics.port }}
+    targetPort: {{ .Values.tap.metrics.port }}
--- a/helm-chart/templates/_helpers.tpl
+++ b/helm-chart/templates/_helpers.tpl
@@ -48,3 +48,11 @@ Create the name of the service account to use
 {{- define "kubeshark.serviceAccountName" -}}
 {{- printf "%s-service-account" .Release.Name }}
 {{- end }}
+
+{{/*
+Escape double quotes in a string
+*/}}
+{{- define "kubeshark.escapeDoubleQuotes" -}}
+  {{- regexReplaceAll "\"" . "\"" -}}
+{{- end -}}
+
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -8,7 +8,6 @@ tap:
    worker:
      srvPort: 30001
    hub:
-      port: 8898
      srvPort: 8898
    front:
      port: 8899
@@ -20,18 +19,27 @@ tap:
    name: kubeshark
    namespace: default
  persistentStorage: false
+  persistentStorageStatic: false
+  efsFileSytemIdAndPath: ""
  storageLimit: 500Mi
  storageClass: standard
  dryRun: false
  resources:
-    worker:
+    hub:
      limits:
        cpu: 750m
        memory: 1Gi
      requests:
        cpu: 50m
        memory: 50Mi
-    hub:
+    sniffer:
+      limits:
+        cpu: 750m
+        memory: 1Gi
+      requests:
+        cpu: 50m
+        memory: 50Mi
+    tracer:
      limits:
        cpu: 750m
        memory: 1Gi
@@ -51,9 +59,20 @@ tap:
      - linux
  auth:
    enabled: false
-    approvedEmails: []
-    approvedDomains: []
-    approvedTenants: []
+    type: saml
+    saml:
+      idpMetadataUrl: ""
+      x509crt: ""
+      x509key: ""
+      roleAttribute: role
+      roles:
+        admin:
+          filter: ""
+          canReplayTraffic: true
+          canDownloadPCAP: true
+          canUseScripting: true
+          canUpdateTargetedPods: true
+          showAdminConsoleLink: true
  ingress:
    enabled: false
    className: ""
@@ -62,9 +81,38 @@ tap:
    annotations: {}
  ipv6: true
  debug: false
-  noKernelModule: false
+  kernelModule:
+    enabled: true
+    image: kubeshark/pf-ring-module:all
+    unloadOnDestroy: false
  telemetry:
    enabled: true
+  defaultFilter: ""
+  replayDisabled: false
+  capabilities:
+    networkCapture:
+    - NET_RAW
+    - NET_ADMIN
+    serviceMeshCapture:
+    - SYS_ADMIN
+    - SYS_PTRACE
+    - DAC_OVERRIDE
+    kernelModule:
+    - SYS_MODULE
+    ebpfCapture:
+    - SYS_ADMIN
+    - SYS_PTRACE
+    - SYS_RESOURCE
+    - IPC_LOCK
+  globalFilter: ""
+  metrics:
+    port: 49100
+  trafficSampleRate: 100
+  tcpStreamChannelTimeoutMs: 10000
+  misc:
+    jsonTTL: 5m
+    pcapTTL: 10s
+    pcapErrorTTL: 60s
 logs:
  file: ""
 kube:
--- a/install.sh
+++ b/install.sh
@@ -0,0 +1,94 @@
+#!/bin/sh
+
+EXE_NAME=kubeshark
+ALIAS_NAME=ks
+PROG_NAME=Kubeshark
+INSTALL_PATH=/usr/local/bin/$EXE_NAME
+ALIAS_PATH=/usr/local/bin/$ALIAS_NAME
+REPO=https://github.com/kubeshark/kubeshark
+OS=$(echo $(uname -s) | tr '[:upper:]' '[:lower:]')
+ARCH=$(echo $(uname -m) | tr '[:upper:]' '[:lower:]')
+SUPPORTED_PAIRS="linux_amd64 linux_arm64 darwin_amd64 darwin_arm64"
+
+ESC="\033["
+F_DEFAULT=39
+F_RED=31
+F_GREEN=32
+F_YELLOW=33
+B_DEFAULT=49
+B_RED=41
+B_BLUE=44
+B_LIGHT_BLUE=104
+
+if [ "$ARCH" = "x86_64" ]; then
+    ARCH="amd64"
+fi
+
+if [ "$ARCH" = "aarch64" ]; then
+    ARCH="arm64"
+fi
+
+echo $SUPPORTED_PAIRS | grep -w -q "${OS}_${ARCH}"
+
+if [ $? != 0 ] ; then
+	echo "\n${ESC}${F_RED}m🛑 Unsupported OS \"$OS\" or architecture \"$ARCH\". Failed to install $PROG_NAME.${ESC}${F_DEFAULT}m"
+    echo "${ESC}${B_RED}mPlease report 🐛 to $REPO/issues${ESC}${F_DEFAULT}m"
+	exit 1
+fi
+
+# Check for Homebrew and kubeshark installation
+if command -v brew >/dev/null; then
+    if brew list kubeshark &>/dev/null; then
+        echo "📦 Found $PROG_NAME instance installed with Homebrew"
+		echo "${ESC}${F_GREEN}m⬇️ Removing before installation with script${ESC}${F_DEFAULT}m"
+        brew uninstall kubeshark
+    fi
+fi
+
+echo "\n🦈 ${ESC}${F_DEFAULT};${B_BLUE}m Started to download $PROG_NAME ${ESC}${B_DEFAULT};${F_DEFAULT}m"
+
+if curl -# --fail -Lo $EXE_NAME ${REPO}/releases/latest/download/${EXE_NAME}_${OS}_${ARCH} ; then
+    chmod +x $PWD/$EXE_NAME
+    echo "\n${ESC}${F_GREEN}m⬇️  $PROG_NAME is downloaded into $PWD/$EXE_NAME${ESC}${F_DEFAULT}m"
+else
+    echo "\n${ESC}${F_RED}m🛑 Couldn't download ${REPO}/releases/latest/download/${EXE_NAME}_${OS}_${ARCH}\n\
+  ⚠️  Check your internet connection.\n\
+  ⚠️  Make sure 'curl' command is available.\n\
+  ⚠️  Make sure there is no directory named '${EXE_NAME}' in ${PWD}\n\
+${ESC}${F_DEFAULT}m"
+    echo "${ESC}${B_RED}mPlease report 🐛 to $REPO/issues${ESC}${F_DEFAULT}m"
+    exit 1
+fi
+
+use_cmd=$EXE_NAME
+printf "Do you want to install system-wide? Requires sudo 😇 (y/N)? "
+old_stty_cfg=$(stty -g)
+stty raw -echo ; answer=$(head -c 1) ; stty $old_stty_cfg
+if echo "$answer" | grep -iq "^y" ;then
+    echo "$answer"
+    sudo mv ./$EXE_NAME $INSTALL_PATH || exit 1
+    echo "${ESC}${F_GREEN}m$PROG_NAME is installed into $INSTALL_PATH${ESC}${F_DEFAULT}m\n"
+
+	ls $ALIAS_PATH >> /dev/null 2>&1
+	if [ $? != 0 ] ; then
+		printf "Do you want to add 'ks' alias for Kubeshark? (y/N)? "
+		old_stty_cfg=$(stty -g)
+		stty raw -echo ; answer=$(head -c 1) ; stty $old_stty_cfg
+		if echo "$answer" | grep -iq "^y" ; then
+			echo "$answer"
+			sudo ln -s $INSTALL_PATH $ALIAS_PATH
+
+			use_cmd=$ALIAS_NAME
+		else
+			echo "$answer"
+		fi
+	else
+		use_cmd=$ALIAS_NAME
+	fi
+else
+	echo "$answer"
+	use_cmd="./$EXE_NAME"
+fi
+
+echo "${ESC}${F_GREEN}m✅ You can use the ${ESC}${F_DEFAULT};${B_LIGHT_BLUE}m $use_cmd ${ESC}${B_DEFAULT};${F_GREEN}m command now.${ESC}${F_DEFAULT}m"
+echo "\n${ESC}${F_YELLOW}mPlease give us a star 🌟 on ${ESC}${F_DEFAULT}m$REPO${ESC}${F_YELLOW}m if you ❤️  $PROG_NAME!${ESC}${F_DEFAULT}m"
--- a/kubernetes/config.go
+++ b/kubernetes/config.go
@@ -10,16 +10,18 @@ import (
 )

 const (
-	SUFFIX_SECRET                = "secret"
-	SUFFIX_CONFIG_MAP            = "config-map"
-	SECRET_LICENSE               = "LICENSE"
-	CONFIG_POD_REGEX             = "POD_REGEX"
-	CONFIG_NAMESPACES            = "NAMESPACES"
-	CONFIG_SCRIPTING_ENV         = "SCRIPTING_ENV"
-	CONFIG_AUTH_ENABLED          = "AUTH_ENABLED"
-	CONFIG_AUTH_APPROVED_EMAILS  = "AUTH_APPROVED_EMAILS"
-	CONFIG_AUTH_APPROVED_DOMAINS = "AUTH_APPROVED_DOMAINS"
-	CONFIG_AUTH_APPROVED_TENANTS = "AUTH_APPROVED_TENANTS"
+	SUFFIX_SECRET                     = "secret"
+	SUFFIX_CONFIG_MAP                 = "config-map"
+	SECRET_LICENSE                    = "LICENSE"
+	CONFIG_POD_REGEX                  = "POD_REGEX"
+	CONFIG_NAMESPACES                 = "NAMESPACES"
+	CONFIG_SCRIPTING_ENV              = "SCRIPTING_ENV"
+	CONFIG_INGRESS_ENABLED            = "INGRESS_ENABLED"
+	CONFIG_INGRESS_HOST               = "INGRESS_HOST"
+	CONFIG_PROXY_FRONT_PORT           = "PROXY_FRONT_PORT"
+	CONFIG_AUTH_ENABLED               = "AUTH_ENABLED"
+	CONFIG_AUTH_TYPE                  = "AUTH_TYPE"
+	CONFIG_AUTH_SAML_IDP_METADATA_URL = "AUTH_SAML_IDP_METADATA_URL"
 )

 func SetSecret(provider *Provider, key string, value string) (updated bool, err error) {
--- a/manifests/complete.yaml
+++ b/manifests/complete.yaml
@@ -4,10 +4,10 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
-    helm.sh/chart: kubeshark-51.0.37
+    helm.sh/chart: kubeshark-52.1.66
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.37"
+    app.kubernetes.io/version: "52.1.66"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-service-account
@@ -21,13 +21,46 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-51.0.37
+    helm.sh/chart: kubeshark-52.1.66
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.37"
+    app.kubernetes.io/version: "52.1.66"
    app.kubernetes.io/managed-by: Helm
 stringData:
    LICENSE: ''
+    SCRIPTING_ENV: '{}'
+---
+# Source: kubeshark/templates/13-secret.yaml
+kind: Secret
+apiVersion: v1
+metadata:
+  name: kubeshark-saml-x509-crt-secret
+  namespace: default
+  labels:
+    app.kubeshark.co/app: hub
+    helm.sh/chart: kubeshark-52.1.66
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "52.1.66"
+    app.kubernetes.io/managed-by: Helm
+stringData:
+  AUTH_SAML_X509_CRT: |
+---
+# Source: kubeshark/templates/13-secret.yaml
+kind: Secret
+apiVersion: v1
+metadata:
+  name: kubeshark-saml-x509-key-secret
+  namespace: default
+  labels:
+    app.kubeshark.co/app: hub
+    helm.sh/chart: kubeshark-52.1.66
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "52.1.66"
+    app.kubernetes.io/managed-by: Helm
+stringData:
+  AUTH_SAML_X509_KEY: |
 ---
 # Source: kubeshark/templates/11-nginx-config-map.yaml
 apiVersion: v1
@@ -36,10 +69,10 @@ metadata:
  name: kubeshark-nginx-config-map
  namespace: default
  labels:
-    helm.sh/chart: kubeshark-51.0.37
+    helm.sh/chart: kubeshark-52.1.66
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.37"
+    app.kubernetes.io/version: "52.1.66"
    app.kubernetes.io/managed-by: Helm
 data:
  default.conf: |
@@ -49,6 +82,10 @@ data:
      access_log /dev/stdout;
      error_log /dev/stdout;

+      client_body_buffer_size     64k;
+      client_header_buffer_size   32k;
+      large_client_header_buffers 8 64k;
+
      location /api {
        rewrite ^/api(.*)$ $1 break;
        proxy_pass http://kubeshark-hub;
@@ -64,6 +101,17 @@ data:
        proxy_pass_request_headers      on;
      }

+      location /saml {
+        rewrite ^/saml(.*)$ /saml$1 break;
+        proxy_pass http://kubeshark-hub;
+        proxy_set_header   X-Forwarded-For $remote_addr;
+        proxy_set_header   Host $http_host;
+        proxy_connect_timeout 4s;
+        proxy_read_timeout 120s;
+        proxy_send_timeout 12s;
+        proxy_pass_request_headers on;
+      }
+
      location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
@@ -85,34 +133,43 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-51.0.37
+    helm.sh/chart: kubeshark-52.1.66
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.37"
+    app.kubernetes.io/version: "52.1.66"
    app.kubernetes.io/managed-by: Helm
 data:
    POD_REGEX: '.*'
    NAMESPACES: ''
-    SCRIPTING_ENV: '{}'
    SCRIPTING_SCRIPTS: '{}'
+    INGRESS_ENABLED: 'false'
+    INGRESS_HOST: 'ks.svc.cluster.local'
+    PROXY_FRONT_PORT: '8899'
    AUTH_ENABLED: ''
-    AUTH_APPROVED_EMAILS: ''
-    AUTH_APPROVED_DOMAINS: ''
-    AUTH_APPROVED_TENANTS: ''
+    AUTH_TYPE: 'saml'
+    AUTH_SAML_IDP_METADATA_URL: ''
+    AUTH_SAML_ROLE_ATTRIBUTE: 'role'
+    AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}'
    TELEMETRY_DISABLED: ''
+    REPLAY_DISABLED: ''
+    GLOBAL_FILTER: ""
+    TRAFFIC_SAMPLE_RATE: '100'
+    JSON_TTL: '5m'
+    PCAP_TTL: '10s'
+    PCAP_ERROR_TTL: '60s'
 ---
 # Source: kubeshark/templates/02-cluster-role.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
-    helm.sh/chart: kubeshark-51.0.37
+    helm.sh/chart: kubeshark-52.1.66
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.37"
+    app.kubernetes.io/version: "52.1.66"
    app.kubernetes.io/managed-by: Helm
  annotations:
-  name: kubeshark-cluster-role
+  name: kubeshark-cluster-role-default
  namespace: default
 rules:
  - apiGroups:
@@ -134,18 +191,18 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels:
-    helm.sh/chart: kubeshark-51.0.37
+    helm.sh/chart: kubeshark-52.1.66
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.37"
+    app.kubernetes.io/version: "52.1.66"
    app.kubernetes.io/managed-by: Helm
  annotations:
-  name: kubeshark-cluster-role-binding
+  name: kubeshark-cluster-role-binding-default
  namespace: default
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: kubeshark-cluster-role
+  name: kubeshark-cluster-role-default
 subjects:
  - kind: ServiceAccount
    name: kubeshark-service-account
@@ -156,10 +213,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  labels:
-    helm.sh/chart: kubeshark-51.0.37
+    helm.sh/chart: kubeshark-52.1.66
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.37"
+    app.kubernetes.io/version: "52.1.66"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-self-config-role
@@ -178,16 +235,17 @@ rules:
      - get
      - watch
      - update
+      - patch
 ---
 # Source: kubeshark/templates/03-cluster-role-binding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  labels:
-    helm.sh/chart: kubeshark-51.0.37
+    helm.sh/chart: kubeshark-52.1.66
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.37"
+    app.kubernetes.io/version: "52.1.66"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-self-config-role-binding
@@ -207,10 +265,10 @@ kind: Service
 metadata:
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-51.0.37
+    helm.sh/chart: kubeshark-52.1.66
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.37"
+    app.kubernetes.io/version: "52.1.66"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-hub
@@ -229,10 +287,10 @@ apiVersion: v1
 kind: Service
 metadata:
  labels:
-    helm.sh/chart: kubeshark-51.0.37
+    helm.sh/chart: kubeshark-52.1.66
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.37"
+    app.kubernetes.io/version: "52.1.66"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-front
@@ -246,6 +304,29 @@ spec:
    app.kubeshark.co/app: front
  type: ClusterIP
 ---
+# Source: kubeshark/templates/15-worker-service-metrics.yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: kubeshark-worker-metrics
+  namespace: default
+  annotations:
+    prometheus.io/scrape: 'true'
+    prometheus.io/port: '49100'
+spec:
+  selector:
+    app.kubeshark.co/app: worker
+    helm.sh/chart: kubeshark-52.1.66
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "52.1.66"
+    app.kubernetes.io/managed-by: Helm
+  ports:
+  - name: metrics
+    protocol: TCP
+    port: 49100
+    targetPort: 49100
+---
 # Source: kubeshark/templates/09-worker-daemon-set.yaml
 apiVersion: apps/v1
 kind: DaemonSet
@@ -253,10 +334,10 @@ metadata:
  labels:
    app.kubeshark.co/app: worker
    sidecar.istio.io/inject: "false"
-    helm.sh/chart: kubeshark-51.0.37
+    helm.sh/chart: kubeshark-52.1.66
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.37"
+    app.kubernetes.io/version: "52.1.66"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-worker-daemon-set
@@ -265,23 +346,36 @@ spec:
  selector:
    matchLabels:
      app.kubeshark.co/app: worker
-      helm.sh/chart: kubeshark-51.0.37
+      helm.sh/chart: kubeshark-52.1.66
      app.kubernetes.io/name: kubeshark
      app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "51.0.37"
+      app.kubernetes.io/version: "52.1.66"
      app.kubernetes.io/managed-by: Helm
  template:
    metadata:
      labels:
        app.kubeshark.co/app: worker
-        helm.sh/chart: kubeshark-51.0.37
+        helm.sh/chart: kubeshark-52.1.66
        app.kubernetes.io/name: kubeshark
        app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "51.0.37"
+        app.kubernetes.io/version: "52.1.66"
        app.kubernetes.io/managed-by: Helm
      name: kubeshark-worker-daemon-set
      namespace: kubeshark
    spec:
+      initContainers:
+      - name: load-pf-ring
+        image: kubeshark/pf-ring-module:all
+        imagePullPolicy: Always
+        securityContext:
+          capabilities:
+            add:
+              - SYS_MODULE
+            drop:
+              - ALL
+        volumeMounts:
+        - name: lib-modules
+          mountPath: /lib/modules
      containers:
        - command:
            - ./worker
@@ -289,12 +383,20 @@ spec:
            - any
            - -port
            - '30001'
+            - -metrics-port
+            - '49100'
+            - -unixsocket
            - -servicemesh
            - -procfs
            - /hostproc
-          image: 'docker.io/kubeshark/worker:v51.0.37'
+            - -kernel-module
+          image: 'docker.io/kubeshark/worker:v52.1.66'
          imagePullPolicy: Always
          name: sniffer
+          ports:
+            - containerPort: 49100
+              protocol: TCP
+              name: metrics
          env:
          - name: POD_NAME
            valueFrom:
@@ -304,6 +406,10 @@ spec:
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
+          - name: TCP_STREAM_CHANNEL_TIMEOUT_MS
+            value: '10000'
+          - name: KUBESHARK_CLOUD_API_URL
+            value: 'https://api.kubeshark.co'
          resources:
            limits:
              cpu: 750m
@@ -319,8 +425,6 @@ spec:
                - SYS_ADMIN
                - SYS_PTRACE
                - DAC_OVERRIDE
-                - SYS_MODULE
-                - CHECKPOINT_RESTORE
              drop:
                - ALL
          readinessProbe:
@@ -350,7 +454,7 @@ spec:
            - ./tracer
            - -procfs
            - /hostproc
-          image: 'docker.io/kubeshark/worker:v51.0.37'
+          image: 'docker.io/kubeshark/worker:v52.1.66'
          imagePullPolicy: Always
          name: tracer
          env:
@@ -362,16 +466,20 @@ spec:
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
+          resources:
+            limits:
+              cpu: 750m
+              memory: 1Gi
+            requests:
+              cpu: 50m
+              memory: 50Mi
          securityContext:
            capabilities:
              add:
-                - NET_RAW
-                - NET_ADMIN
                - SYS_ADMIN
                - SYS_PTRACE
-                - DAC_OVERRIDE
                - SYS_RESOURCE
-                - CHECKPOINT_RESTORE
+                - IPC_LOCK
              drop:
                - ALL
          volumeMounts:
@@ -408,6 +516,9 @@ spec:
        - hostPath:
            path: /sys
          name: sys
+        - name: lib-modules
+          hostPath:
+            path: /lib/modules
        - name: data
          emptyDir:
            sizeLimit: 500Mi
@@ -418,10 +529,10 @@ kind: Deployment
 metadata:
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-51.0.37
+    helm.sh/chart: kubeshark-52.1.66
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.37"
+    app.kubernetes.io/version: "52.1.66"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-hub
@@ -431,19 +542,19 @@ spec:
  selector:
    matchLabels:
      app.kubeshark.co/app: hub
-      helm.sh/chart: kubeshark-51.0.37
+      helm.sh/chart: kubeshark-52.1.66
      app.kubernetes.io/name: kubeshark
      app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "51.0.37"
+      app.kubernetes.io/version: "52.1.66"
      app.kubernetes.io/managed-by: Helm
  template:
    metadata:
      labels:
        app.kubeshark.co/app: hub
-        helm.sh/chart: kubeshark-51.0.37
+        helm.sh/chart: kubeshark-52.1.66
        app.kubernetes.io/name: kubeshark
        app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "51.0.37"
+        app.kubernetes.io/version: "52.1.66"
        app.kubernetes.io/managed-by: Helm
    spec:
      dnsPolicy: ClusterFirstWithHostNet
@@ -461,7 +572,9 @@ spec:
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
-          image: 'docker.io/kubeshark/hub:v51.0.37'
+          - name: KUBESHARK_CLOUD_API_URL
+            value: 'https://api.kubeshark.co'
+          image: 'docker.io/kubeshark/hub:v52.1.66'
          imagePullPolicy: Always
          readinessProbe:
            periodSeconds: 1
@@ -484,6 +597,24 @@ spec:
            requests:
              cpu: 50m
              memory: 50Mi
+          volumeMounts:
+          - name: saml-x509-volume
+            mountPath: "/etc/saml/x509"
+            readOnly: true
+      volumes:
+      - name: saml-x509-volume
+        projected:
+          sources:
+          - secret:
+              name: kubeshark-saml-x509-crt-secret
+              items:
+              - key: AUTH_SAML_X509_CRT
+                path: kubeshark.crt
+          - secret:
+              name: kubeshark-saml-x509-key-secret
+              items:
+              - key: AUTH_SAML_X509_KEY
+                path: kubeshark.key
 ---
 # Source: kubeshark/templates/06-front-deployment.yaml
 apiVersion: apps/v1
@@ -491,10 +622,10 @@ kind: Deployment
 metadata:
  labels:
    app.kubeshark.co/app: front
-    helm.sh/chart: kubeshark-51.0.37
+    helm.sh/chart: kubeshark-52.1.66
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "51.0.37"
+    app.kubernetes.io/version: "52.1.66"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-front
@@ -504,32 +635,34 @@ spec:
  selector:
    matchLabels:
      app.kubeshark.co/app: front
-      helm.sh/chart: kubeshark-51.0.37
+      helm.sh/chart: kubeshark-52.1.66
      app.kubernetes.io/name: kubeshark
      app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "51.0.37"
+      app.kubernetes.io/version: "52.1.66"
      app.kubernetes.io/managed-by: Helm
  template:
    metadata:
      labels:
        app.kubeshark.co/app: front
-        helm.sh/chart: kubeshark-51.0.37
+        helm.sh/chart: kubeshark-52.1.66
        app.kubernetes.io/name: kubeshark
        app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "51.0.37"
+        app.kubernetes.io/version: "52.1.66"
        app.kubernetes.io/managed-by: Helm
    spec:
      containers:
        - env:
            - name: REACT_APP_DEFAULT_FILTER
              value: ' '
-            - name: REACT_APP_HUB_HOST
-              value: ' '
-            - name: REACT_APP_HUB_PORT
-              value: ':8899/api'
            - name: REACT_APP_AUTH_ENABLED
              value: 'false'
-          image: 'docker.io/kubeshark/front:v51.0.37'
+            - name: REACT_APP_AUTH_TYPE
+              value: 'saml'
+            - name: REACT_APP_AUTH_SAML_IDP_METADATA_URL
+              value: ' '
+            - name: REACT_APP_REPLAY_DISABLED
+              value: 'false'
+          image: 'docker.io/kubeshark/front:v52.1.66'
          imagePullPolicy: Always
          name: kubeshark-front
          livenessProbe:
--- a/manifests/prometheus/kube_prometheus_stack.yaml
+++ b/manifests/prometheus/kube_prometheus_stack.yaml
@@ -0,0 +1,25 @@
+grafana:
+  additionalDataSources: []
+prometheus:
+  prometheusSpec:
+    scrapeInterval: 10s
+    evaluationInterval: 30s
+    additionalScrapeConfigs: |
+      - job_name: 'kubeshark-worker-metrics'
+        kubernetes_sd_configs:
+          - role: endpoints
+        relabel_configs:
+          - source_labels: [__meta_kubernetes_pod_name]
+            target_label: pod
+          - source_labels: [__meta_kubernetes_pod_node_name]
+            target_label: node
+          - source_labels: [__meta_kubernetes_endpoint_port_name]
+            action: keep
+            regex: ^metrics$
+          - source_labels: [__address__, __meta_kubernetes_endpoint_port_number]
+            action: replace
+            regex: ([^:]+)(?::\d+)?
+            replacement: $1:49100
+            target_label: __address__
+          - action: labelmap
+            regex: __meta_kubernetes_service_label_(.+)
Author	SHA1	Message	Date
M. Mert Yildiran	93de6e8934	🔖 Bump the Helm chart version to 52.1.66	2024-03-06 00:12:02 +03:00
Alon Girmonsky	5998d00e6a	Update README.md	2024-03-03 20:45:44 +02:00
Volodymyr Stoiko	afafb2c625	Add homebrew core version update release step (#1511 )	2024-02-29 23:32:52 +02:00
M. Mert Yildiran	b125860d06	💚 Set `prerelease` to `false`	2024-02-29 01:53:32 +03:00
M. Mert Yildiran	68aabf262f	🔖 Bump the Helm chart version to 52.1.63	2024-02-29 01:45:41 +03:00
M. Mert Yildiran	d279b7272d	💚 Change `ssh-key` field to `token`	2024-02-29 01:45:11 +03:00
M. Mert Yildiran	d15e1cca54	🔖 Bump the Helm chart version to 52.1.62	2024-02-29 01:33:28 +03:00
M. Mert Yildiran	d8761e1e31	💚 Fix the secret name for Homebrew repo	2024-02-29 01:32:57 +03:00
M. Mert Yildiran	a9d2cb5ac2	🔖 Bump the Helm chart version to 52.1.61	2024-02-28 23:43:04 +03:00
M. Mert Yildiran	ddcf973e35	Revert "🔖 Bump the Helm chart version to 52.1.61" This reverts commit `b6d1804326`.	2024-02-28 23:42:08 +03:00
M. Mert Yildiran	b6d1804326	🔖 Bump the Helm chart version to 52.1.61	2024-02-28 23:39:06 +03:00
Volodymyr Stoiko	6dc12af55b	Add namespace prefix to cluster scope resources (#1506 ) Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-02-28 12:14:03 -08:00
Volodymyr Stoiko	d78b0b987a	Remove brew version before installing with script (#1503 ) Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-02-28 11:48:43 -08:00
iluxa	9889787833	update comment for IPC_LOCK (#1507 )	2024-02-27 11:52:07 -08:00
M. Mert Yildiran	8fe0544175	🔨 Remove `CHECKPOINT_RESTORE` capability from defaults	2024-02-26 21:40:14 +03:00
Volodymyr Stoiko	09afa1983a	Add build-brew target for makefile (#1504 )	2024-02-26 09:38:01 -08:00
Alon Girmonsky	669b5cb1f2	Update README.md	2024-02-25 13:55:08 -08:00
Volodymyr Stoiko	25e0949761	Template homebrew formulae (#1502 )	2024-02-24 15:06:15 -08:00
Alon Girmonsky	fa07f973c0	Moving the installation script to the project's repo	2024-02-21 15:47:25 -08:00
M. Mert Yildiran	c38bdcd977	🔖 Bump the Helm chart version to 52.1.50	2024-02-20 21:25:10 +03:00
M. Mert Yildiran	51a4165304	🔧 Update the `generate-helm-values` Makefile rule	2024-02-15 19:54:40 +03:00
M. Mert Yildiran	c8cd1f57c4	🔖 Bump the Helm chart version to 52.1.45	2024-02-15 19:35:01 +03:00
M. Mert Yildiran	dfde87140a	🔧 Update the `release` Makefile rule	2024-02-15 19:34:09 +03:00
M. Mert Yildiran	64b6368e63	🔨 Update `complete.yaml`	2024-02-15 19:25:22 +03:00
Alon Girmonsky	6af2d11878	removed cloud URL from config map (#1499 ) 1. removed cloud URL from config map 2. added to hub's and worker's deployments	2024-02-14 13:06:24 -08:00
M. Mert Yildiran	2b552b5847	🔨 Update `complete.yaml`	2024-02-08 13:18:11 +03:00
Alon Girmonsky	72ec983b24	updated the top banner	2024-02-07 17:18:11 -08:00
M. Mert Yildiran	2f899a943c	🔖 Bump the Helm chart version to 52.1.30	2024-02-07 22:43:22 +03:00
M. Mert Yildiran	12f6b04a49	🔨 Update `complete.yaml`	2024-02-07 22:22:48 +03:00
Alon Girmonsky	f010f349a1	unixsocket for tracer (#1497 ) - Added `-unixsocket` by default - In DEBUG mode, added `-dumptracer 100000000`	2024-02-07 09:50:58 -08:00
iluxa	26e23dc94f	add capability for tracer (#1496 ) Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-02-06 13:38:21 -08:00
Serhii Ponomarenko	6785f024e4	✨ Feature-based SAML authorization (#49 ) (#1495 ) * 🔨 Add `showAdminConsoleLink` to helm values * 🔨 Add `ShowAdminConsoleLink` to `TapConfig` * 🔨 Regenerate `complete.yaml` manifest * 📝 Update helm-chart `README.md` --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-02-06 13:36:32 -08:00
M. Mert Yildiran	92dab2e2f7	🔨 Add `PcapErrorTTL` field to `MiscConfig`	2024-02-06 01:32:07 +03:00
M. Mert Yildiran	4da51c40b9	🔨 Add `kube_prometheus_stack.yaml` manifest	2024-02-06 01:28:15 +03:00
Serhii Ponomarenko	18d051af28	🔥 Remove old `Descope` auth (#1490 ) * 🔥 Remove Descope-related config updates * 🔥 Remove Descope-related helm values * 🔥 Remove Descope-related k8s configs * 🔥 Remove Descope-related fields from `tapConfig` --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-01-31 14:49:55 -08:00
M. Mert Yildiran	cef012d1f3	🐛 Fix the `ConfigMap` keys of `JsonTTL` and `PcapTTL` fields	2024-01-31 16:57:11 +03:00
M. Mert Yildiran	4802cca646	✨ Add `MiscConfig` struct with has `JsonTTL` and `PcapTTL` fields	2024-01-30 02:25:04 +03:00
Alon Girmonsky	4117d008a9	Update README.md	2024-01-28 11:06:18 -08:00
Alon Girmonsky	91e3546196	added a link to the dashboard	2024-01-26 15:38:40 -08:00
Alon Girmonsky	4db2a80675	Add API cloud endpoint env var to hub deployment (#1489 ) * Add API cloud endpoint env var to hub deployment * Added an env var for api cloud endpoint	2024-01-26 00:24:38 -08:00
Serhii Ponomarenko	bfa3efd23a	✨ SAML authorization (#1487 ) * 🔨 Add `AUTH_SAML_ROLE_ATTRIBUTE` field to `ConfigMap` * 📝 Document `tap.auth.saml.roleAttribute/roles` values * 🔧 Re-generate `complete.yaml` * 🔥 Remove `default` tag from `SamlConfig.RoleAttribute` --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-01-24 16:05:37 -08:00
M. Mert Yildiran	c48187a02e	🔖 Bump the Helm chart version to 52.1.9	2024-01-24 22:29:38 +03:00
Alon Girmonsky	f6d7510a14	fix the env variable / helm issue (#1486 ) * fix the env variable / helm issue Empty environment variables can not be read by front. * change env variable to avoid an empty string	2024-01-23 21:30:24 -08:00
M. Mert Yildiran	f9e0c36d5f	🔨 Add `AUTH_SAML_ROLES` field to `ConfigMap`	2024-01-23 23:22:06 +03:00
Serhii Ponomarenko	a8dd332ff8	✨ SAML integration prototype (#1475 ) * 🔨 Add `AUTH_TYPE` field to `ConfigMap` * 🔨 Add `AUTH_SAML_IDP_METADATA_URL` field to `ConfigMap` * 🔨 Add `AUTH_SAML_X509_CRT` field to `Secret` * 🔨 Add `AUTH_SAML_X509_KEY` field to `Secret` * 🔨 Mount SAML X.509 key pair into `hub` * 🔨 Add `REACT_APP_AUTH_TYPE` environment variable to `front` * 🔧 Add Nginx path rewrite for `/saml` * 🔧 Raise request size to accept big SAML responses * 🔨 Add `REACT_APP_AUTH_TYPE` environment default value * 📝 Update `README.md` * 📝 Update `README.md` * 🔨 Add `AUTH_TYPE` config map key * 🔨 Add `AUTH_SAML_IDP_METADATA_URL` config map key * ☸ Set `CONFIG_AUTH_TYPE` from `TapConfig` * ☸ Set `CONFIG_AUTH_SAML_IDP_METADATA_URL` from `TapConfig` * ✨ Create `SamlConfig` in `TapConfig.AuthConfig` * 🔨 Use updated `tap.auth.saml.idpMetadataUrl` tap config field * 📝 Update `README.md` * 🔨 Add `tap.insgress.enabled/host` to `ConfigMap` * 🔨 Add `tap.proxy.front.port` to `ConfigMap` * 🔨 Add `REACT_APP_AUTH_SAML_IDP_METADATA_URL` env to `front` * 🔧 Supply `auth.saml` fields to `helm-chart/values.yaml` * 🐛 Fix indentation for X.509 secrets * 📝 Provide SAML setup docs * 📝 Update SAML setup docs * 📝 Update SAML setup docs * Added callback URL indication * 💥 Disable standard `Descope` auth --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-01-23 10:47:29 -08:00
M. Mert Yildiran	8e5df14f49	🔨 Run `make generate-manifests`	2024-01-23 20:54:58 +03:00
M. Mert Yildiran	6307871584	🔨 Add `patch` verb to `kubeshark-self-config-role`	2024-01-23 20:52:04 +03:00
Alon Girmonsky	7e77a76334	added custom release name support (-s) to the CLI's pro command (#1483 )	2024-01-20 15:28:06 -08:00
Alon Girmonsky	f2b7df7e02	Global Filter, escaping doublequotes in strings (#1484 ) * Global filter quote change Global filter uses a single quote as opposed to double quote. This limits the use of `'` inside the string as it can not be escaped. When using double quote ("), single quote can be used and double quote can be escaped as part of a string. An example for a Global Filter string: "redact(\"request.headers.Authorization\", \"request.headers['X-Aws-Ec2-Metadata-Token']\")" * support escaping double quotes in the global filter string	2024-01-19 16:51:33 -08:00
M. Mert Yildiran	b0af52ba9c	🔖 Bump the Helm chart version to 52.1.0	2024-01-18 02:22:20 +03:00
M. Mert Yildiran	ddc1dc3d71	🔨 Add `TcpStreamChannelTimeoutMs` field to `TapConfig` struct	2024-01-15 23:00:31 +03:00
M. Mert Yildiran	d99bfea0db	🔨 Rename `worker` resource requirement to `sniffer`	2024-01-15 21:14:06 +03:00
Volodymyr Stoiko	bed9d06c59	Pass kernel-module flag only if pf_ring enabled (#1480 )	2024-01-14 14:39:32 -08:00
Volodymyr Stoiko	aaeb3ca1eb	Load pf-ring kernel module in init container (#1476 ) * Load kernel module in init container * Update docs * Update formatting * Add pre-stop hook to unload pf_ring module * Enable hook only on kernel module enabled * fix template * Use sidecontainer to unload pf_ring * Add requirements for tracer into structs * fix values * fix typo --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-01-12 15:49:39 -08:00
Alon Girmonsky	7df35e04a8	Update README.md Changed `tap.tls` and `tap.serviceMesh` defaults to `true` following this commit: `8ba3e603a4`	2024-01-12 09:36:34 -08:00
tgaliotto	a5be1a8eaa	add request and limits for tracer container (#1459 ) Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-01-12 09:30:50 -08:00
M. Mert Yildiran	8ba3e603a4	✨ Add `trafficSampleRate` field to `TapConfig`	2024-01-10 18:51:52 +03:00
Volodymyr Stoiko	db51e6dbc2	✨ Add `kubeshark-worker-metrics` service and document it (#1474 ) * Expose worker metrics * Add metrics documentation * upd * Update metrics port configuration * Update config/configStructs/tapConfig.go Co-authored-by: M. Mert Yildiran <me@mertyildiran.com> * Update helm-chart/README.md Co-authored-by: M. Mert Yildiran <me@mertyildiran.com> * Update helm-chart/templates/16-worker-service-metrics.yaml Co-authored-by: M. Mert Yildiran <me@mertyildiran.com> --------- Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>	2024-01-04 16:17:22 +03:00
Alon Girmonsky	77878e97f5	Tracer, ServiceMesh - Disable by default and some docs updates (#1472 ) * Disabled Tracer by default As Tracer requires significantly more resources and elevated security capability, it is recommended to have it disabled by default and enabled on demand. * Updated the tap.tls default value to false * added description to the default and global KFL filters * serviceMesh false by default As serviceMesh requires elevated security permissions. Furthermore this capability is required only in a fraction of the userbase. Some service mesh versions/configurations aren't supported. Therefore, it is recommended to start as disabled and enable on-demand * Update the readme related to the service mesh default value Set the default value of serviceMesh to false as among other things, it requires elevated security permissions and therefore should be enabled on demand.	2023-12-30 18:47:26 -08:00
M. Mert Yildiran	36767eda27	🔨 Add `KernelModuleConfig` struct to `TapConfig`	2023-12-28 22:09:01 +03:00
Volodymyr Stoiko	6c01078f97	Add PF_RING related changes to docs and helm (#1471 ) * Install pf-ring KMM Module and wait for it * Add mode configuration * save * Update doc * upd * toc * adjust template * upd * Add module cr verification job * upd doc * Fix binary name * Add disable mode * Update PF_RING.md Some adjustments to the instructions. * Update 15-pf-ring-kernel-module.yaml Small syntax err * upd * merge master --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2023-12-27 19:01:20 -08:00
M. Mert Yildiran	6c06307d68	🔨 Add `GLOBAL_FILTER` field to `ConfigMap`	2023-12-27 23:58:17 +03:00
M. Mert Yildiran	2223cad038	🔨 Add `REACT_APP_REPLAY_DISABLED` environment variable to `front`	2023-12-27 22:30:17 +03:00
M. Mert Yildiran	c1fc4447ef	🔨 Move the list of Linux capabilities into `values.yaml`	2023-12-27 13:14:53 +03:00
M. Mert Yildiran	ea3eecfa04	🔨 Move `SCRIPTING_ENV` from `ConfigMap` to `Secret`	2023-12-25 20:55:26 +03:00
M. Mert Yildiran	51968f2aae	🔨 Add `REPLAY_DISABLED` field to `ConfigMap`	2023-12-25 17:34:38 +03:00
Alon Girmonsky	15f7a3559a	Update README.md UPdated the banner	2023-12-20 12:59:48 +02:00
M. Mert Yildiran	cc9627c884	🔖 Bump the Helm chart version to `52.0.0`	2023-12-19 20:20:43 +03:00
M. Mert Yildiran	d3f2cdbf0e	✨ Add `DefaultFilter` field to `TapConfig`	2023-12-18 16:51:55 +03:00
M. Mert Yildiran	28bfbf4186	🐛 Fix the type of `EfsFileSytemIdAndPath` field	2023-12-18 16:51:21 +03:00
Serhiy Berezin	d3c21a07bb	EFS persistent volume helm deployment support (#1455 ) * EFS persistent volume docs/14 EFS static and dynamic provision added to default * Update helm-chart/values.yaml Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com> * Update helm-chart/templates/08-persistent-volume-claim.yaml Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com> * Update config/configStructs/tapConfig.go Fix format Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com> * Fix format config/configStructs/tapConfig.go Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com> * Improve formatting --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com> Co-authored-by: M. Mert Yildiran <mehmetmertyildiran@gmail.com>	2023-12-11 10:52:58 -08:00
M. Mert Yildiran	510d5e5ed8	🔥 Remove `REACT_APP_HUB_HOST` and `REACT_APP_HUB_PORT` environment variables	2023-12-07 22:10:11 +03:00
Alon Girmonsky	1070d17e20	Update README.md fixing syntax err	2023-12-05 00:17:36 -08:00
M. Mert Yildiran	6b8beb50ad	🔨 Update the capabilities	2023-12-04 23:31:15 +03:00
M. Mert Yildiran	68877b254b	🔨 Run `make generate-helm-values && make generate-manifests`	2023-12-04 22:50:19 +03:00
M. Mert Yildiran	dd91087157	Add comments to explain the required Linux capabilities	2023-12-04 22:49:31 +03:00
M. Mert Yildiran	cf3ce0180b	🔨 Remove the unnecessary Linux capabilities	2023-12-04 22:39:21 +03:00
M. Mert Yildiran	b4dc321829	🔖 Bump the Helm chart version to `51.0.39`	2023-11-22 02:03:56 +03:00
M. Mert Yildiran	7e893a5b52	🔖 Bump the Helm chart version to `51.0.38`	2023-11-22 01:03:27 +03:00