🔖 Bump the Helm chart version to 52.1.0

* Load kernel module in init container

* Update docs

* Update formatting

* Add pre-stop hook to unload pf_ring module

* Enable hook only on kernel module enabled

* fix template

* Use sidecontainer to unload pf_ring

* Add requirements for tracer into structs

* fix values

* fix typo

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>

README.md

@@ -22,8 +22,12 @@
 
 <p align="center">
   <b>
-  <span>NEW: </span>
-  <a href="https://github.com/kubeshark/kubeshark/releases/latest">v51.0.0</a> is out, with significantly improved performance and optimized resource utilization.
+	  NEW: 
+	  <a href="https://github.com/kubeshark/kubeshark/releases/latest">Version 52.0.0</a> 
+	  now available, featuring a new 
+	  <a href="https://docs.kubeshark.co/en/traffic_recorder">Traffic Recorder</a> 
+	  and  
+	  <a href="https://docs.kubeshark.co/en/half_connections">Half & Erroneous Connection Analysis</a>.
   </b>
 </p>
 

config/configStruct.go

@@ -27,6 +27,38 @@ func CreateDefaultConfig() ConfigStruct {
 					},
 				},
 			},
+			Capabilities: configStructs.CapabilitiesConfig{
+				NetworkCapture: []string{
+					// NET_RAW is required to listen the network traffic
+					"NET_RAW",
+					// NET_ADMIN is required to listen the network traffic
+					"NET_ADMIN",
+				},
+				ServiceMeshCapture: []string{
+					// SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
+					"SYS_ADMIN",
+					// SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
+					"SYS_PTRACE",
+					// DAC_OVERRIDE is required to read /proc/PID/environ
+					"DAC_OVERRIDE",
+					// CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
+					"CHECKPOINT_RESTORE",
+				},
+				KernelModule: []string{
+					// SYS_MODULE is required to install kernel modules
+					"SYS_MODULE",
+				},
+				EBPFCapture: []string{
+					// SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
+					"SYS_ADMIN",
+					// SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
+					"SYS_PTRACE",
+					// SYS_RESOURCE is required to change rlimits for eBPF
+					"SYS_RESOURCE",
+					// CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
+					"CHECKPOINT_RESTORE",
+				},
+			},
 		},
 	}
 }

config/configStructs/tapConfig.go

@@ -77,8 +77,9 @@ type DockerConfig struct {
 }
 
 type ResourcesConfig struct {
-	Worker ResourceRequirements `yaml:"worker" json:"worker"`
-	Hub    ResourceRequirements `yaml:"hub" json:"hub"`
+	Hub     ResourceRequirements `yaml:"hub" json:"hub"`
+	Sniffer ResourceRequirements `yaml:"sniffer" json:"sniffer"`
+	Tracer  ResourceRequirements `yaml:"tracer" json:"tracer"`
 }
 
 type AuthConfig struct {
@@ -106,32 +107,55 @@ type TelemetryConfig struct {
 	Enabled bool `yaml:"enabled" json:"enabled" default:"true"`
 }
 
+type CapabilitiesConfig struct {
+	NetworkCapture     []string `yaml:"networkCapture" json:"networkCapture"  default:"[]"`
+	ServiceMeshCapture []string `yaml:"serviceMeshCapture" json:"serviceMeshCapture"  default:"[]"`
+	KernelModule       []string `yaml:"kernelModule" json:"kernelModule"  default:"[]"`
+	EBPFCapture        []string `yaml:"ebpfCapture" json:"ebpfCapture"  default:"[]"`
+}
+
+type KernelModuleConfig struct {
+	Enabled         bool   `yaml:"enabled" json:"enabled" default:"true"`
+	Image           string `yaml:"image" json:"image" default:"kubeshark/pf-ring-module:all"`
+	UnloadOnDestroy bool   `yaml:"unloadOnDestroy" json:"unloadOnDestroy" default:"false"`
+}
+
+type MetricsConfig struct {
+	Port uint16 `yaml:"port" json:"port" default:"49100"`
+}
+
 type TapConfig struct {
-	Docker                  DockerConfig          `yaml:"docker" json:"docker"`
-	Proxy                   ProxyConfig           `yaml:"proxy" json:"proxy"`
-	PodRegexStr             string                `yaml:"regex" json:"regex" default:".*"`
-	Namespaces              []string              `yaml:"namespaces" json:"namespaces" default:"[]"`
-	Release                 ReleaseConfig         `yaml:"release" json:"release"`
-	PersistentStorage       bool                  `yaml:"persistentStorage" json:"persistentStorage" default:"false"`
-	PersistentStorageStatic bool                  `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"`
-	EfsFileSytemIdAndPath   string                `yaml:"efsFileSytemIdAndPath" json:"efsFileSytemIdAndPath" default:""`
-	StorageLimit            string                `yaml:"storageLimit" json:"storageLimit" default:"500Mi"`
-	StorageClass            string                `yaml:"storageClass" json:"storageClass" default:"standard"`
-	DryRun                  bool                  `yaml:"dryRun" json:"dryRun" default:"false"`
-	Resources               ResourcesConfig       `yaml:"resources" json:"resources"`
-	ServiceMesh             bool                  `yaml:"serviceMesh" json:"serviceMesh" default:"true"`
-	Tls                     bool                  `yaml:"tls" json:"tls" default:"true"`
-	IgnoreTainted           bool                  `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"`
-	Labels                  map[string]string     `yaml:"labels" json:"labels" default:"{}"`
-	Annotations             map[string]string     `yaml:"annotations" json:"annotations" default:"{}"`
-	NodeSelectorTerms       []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"`
-	Auth                    AuthConfig            `yaml:"auth" json:"auth"`
-	Ingress                 IngressConfig         `yaml:"ingress" json:"ingress"`
-	IPv6                    bool                  `yaml:"ipv6" json:"ipv6" default:"true"`
-	Debug                   bool                  `yaml:"debug" json:"debug" default:"false"`
-	NoKernelModule          bool                  `yaml:"noKernelModule" json:"noKernelModule" default:"false"`
-	Telemetry               TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
-	DefaultFilter           string                `yaml:"defaultFilter" json:"defaultFilter"`
+	Docker                    DockerConfig          `yaml:"docker" json:"docker"`
+	Proxy                     ProxyConfig           `yaml:"proxy" json:"proxy"`
+	PodRegexStr               string                `yaml:"regex" json:"regex" default:".*"`
+	Namespaces                []string              `yaml:"namespaces" json:"namespaces" default:"[]"`
+	Release                   ReleaseConfig         `yaml:"release" json:"release"`
+	PersistentStorage         bool                  `yaml:"persistentStorage" json:"persistentStorage" default:"false"`
+	PersistentStorageStatic   bool                  `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"`
+	EfsFileSytemIdAndPath     string                `yaml:"efsFileSytemIdAndPath" json:"efsFileSytemIdAndPath" default:""`
+	StorageLimit              string                `yaml:"storageLimit" json:"storageLimit" default:"500Mi"`
+	StorageClass              string                `yaml:"storageClass" json:"storageClass" default:"standard"`
+	DryRun                    bool                  `yaml:"dryRun" json:"dryRun" default:"false"`
+	Resources                 ResourcesConfig       `yaml:"resources" json:"resources"`
+	ServiceMesh               bool                  `yaml:"serviceMesh" json:"serviceMesh" default:"true"`
+	Tls                       bool                  `yaml:"tls" json:"tls" default:"true"`
+	IgnoreTainted             bool                  `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"`
+	Labels                    map[string]string     `yaml:"labels" json:"labels" default:"{}"`
+	Annotations               map[string]string     `yaml:"annotations" json:"annotations" default:"{}"`
+	NodeSelectorTerms         []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"`
+	Auth                      AuthConfig            `yaml:"auth" json:"auth"`
+	Ingress                   IngressConfig         `yaml:"ingress" json:"ingress"`
+	IPv6                      bool                  `yaml:"ipv6" json:"ipv6" default:"true"`
+	Debug                     bool                  `yaml:"debug" json:"debug" default:"false"`
+	KernelModule              KernelModuleConfig    `yaml:"kernelModule" json:"kernelModule"`
+	Telemetry                 TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
+	DefaultFilter             string                `yaml:"defaultFilter" json:"defaultFilter"`
+	ReplayDisabled            bool                  `yaml:"replayDisabled" json:"replayDisabled" default:"false"`
+	Capabilities              CapabilitiesConfig    `yaml:"capabilities" json:"capabilities"`
+	GlobalFilter              string                `yaml:"globalFilter" json:"globalFilter"`
+	Metrics                   MetricsConfig         `yaml:"metrics" json:"metrics"`
+	TrafficSampleRate         int                   `yaml:"trafficSampleRate" json:"trafficSampleRate" default:"100"`
+	TcpStreamChannelTimeoutMs int                   `yaml:"tcpStreamChannelTimeoutMs" json:"tcpStreamChannelTimeoutMs" default:"10000"`
 }
 
 func (config *TapConfig) PodRegex() *regexp.Regexp {

go.mod

@@ -3,13 +3,7 @@ module github.com/kubeshark/kubeshark
 go 1.20
 
 require (
-	github.com/aws/aws-sdk-go-v2 v1.18.1
-	github.com/aws/aws-sdk-go-v2/config v1.18.27
-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0
 	github.com/creasty/defaults v1.5.2
-	github.com/docker/docker v20.10.24+incompatible
-	github.com/docker/go-connections v0.4.0
 	github.com/fsnotify/fsnotify v1.6.0
 	github.com/gin-gonic/gin v1.9.1
 	github.com/goccy/go-yaml v1.11.2
@@ -36,23 +30,7 @@ require (
 	github.com/Masterminds/semver/v3 v3.2.0 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Masterminds/squirrel v1.5.3 // indirect
-	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.26 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 // indirect
-	github.com/aws/smithy-go v1.13.5 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bytedance/sonic v1.9.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
@@ -63,7 +41,9 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/docker/cli v20.10.21+incompatible // indirect
 	github.com/docker/distribution v2.8.2+incompatible // indirect
+	github.com/docker/docker v20.10.24+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
@@ -101,7 +81,6 @@ require (
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@@ -161,7 +140,6 @@ require (
 	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.8.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect

go.sum

@@ -59,7 +59,6 @@ github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBa
 github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc=
 github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10=
 github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2yDvg=
-github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE=
 github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
@@ -75,44 +74,6 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
 github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
-github.com/aws/aws-sdk-go-v2 v1.18.1 h1:+tefE750oAb7ZQGzla6bLkOwfcQCEtC5y2RqoqCeqKo=
-github.com/aws/aws-sdk-go-v2 v1.18.1/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10 h1:dK82zF6kkPeCo8J1e+tGx4JdvDIQzj7ygIoLg8WMuGs=
-github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.10/go.mod h1:VeTZetY5KRJLuD/7fkQXMU6Mw7H5m/KP2J5Iy9osMno=
-github.com/aws/aws-sdk-go-v2/config v1.18.27 h1:Az9uLwmssTE6OGTpsFqOnaGpLnKDqNYOJzWuC6UAYzA=
-github.com/aws/aws-sdk-go-v2/config v1.18.27/go.mod h1:0My+YgmkGxeqjXZb5BYme5pc4drjTnM+x1GJ3zv42Nw=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.26 h1:qmU+yhKmOCyujmuPY7tf5MxR/RKyZrOPO3V4DobiTUk=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.26/go.mod h1:GoXt2YC8jHUBbA4jr+W3JiemnIbkXOfxSXcisUsZ3os=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4 h1:LxK/bitrAr4lnh9LnIS6i7zWbCOdMsfzKFBI6LUCS0I=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.4/go.mod h1:E1hLXN/BL2e6YizK1zFlYd8vsfi2GTjbjBazinMmeaM=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70 h1:4bh28MeeXoBFTjb0JjQ5sVatzlf5xA1DziV8mZed9v4=
-github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.70/go.mod h1:9yI5NXzqy2yOiMytv6QLZHvlyHLwYxO9iIq+bZIbrFg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34 h1:A5UqQEmPaCFpedKouS4v+dHCTUo2sKqhoKO9U5kxyWo=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.34/go.mod h1:wZpTEecJe0Btj3IYnDx/VlUzor9wm3fJHyvLpQF0VwY=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28 h1:srIVS45eQuewqz6fKKu6ZGXaq6FuFg5NzgQBAM6g8Y4=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.28/go.mod h1:7VRpKQQedkfIEXb4k52I7swUnZP0wohVajJMRn3vsUw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35 h1:LWA+3kDM8ly001vJ1X1waCuLJdtTl48gwkPKWy9sosI=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.35/go.mod h1:0Eg1YjxE0Bhn56lx+SHJwCzhW+2JGtizsrx+lCqrfm0=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26 h1:wscW+pnn3J1OYnanMnza5ZVYXLX4cKk5rAvUAl4Qu+c=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.0.26/go.mod h1:MtYiox5gvyB+OyP0Mr0Sm/yzbEAIPL9eijj/ouHAPw0=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11 h1:y2+VQzC6Zh2ojtV2LoC0MNwHWc6qXv/j2vrQtlftkdA=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.9.11/go.mod h1:iV4q2hsqtNECrfmlXyord9u4zyuFEJX9eLgLpSPzWA8=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29 h1:zZSLP3v3riMOP14H7b4XP0uyfREDQOYv2cqIrvTXDNQ=
-github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.29/go.mod h1:z7EjRjVwZ6pWcWdI2H64dKttvzaP99jRIj5hphW0M5U=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28 h1:bkRyG4a929RCnpVSTvLM2j/T4ls015ZhhYApbmYs15s=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.28/go.mod h1:jj7znCIg05jXlaGBlFMGP8+7UN3VtCkRBG2spnmRQkU=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3 h1:dBL3StFxHtpBzJJ/mNEsjXVgfO+7jR0dAIEwLqMapEA=
-github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.14.3/go.mod h1:f1QyiAsvIv4B49DmCqrhlXqyaR+0IxMmyX+1P+AnzOM=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0 h1:ya7fmrN2fE7s1P2gaPbNg5MTkERVWfsH8ToP1YC4Z9o=
-github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0/go.mod h1:aVbf0sko/TsLWHx30c/uVu7c62+0EAJ3vbxaJga0xCw=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.12 h1:nneMBM2p79PGWBQovYO/6Xnc2ryRMw3InnDJq1FHkSY=
-github.com/aws/aws-sdk-go-v2/service/sso v1.12.12/go.mod h1:HuCOxYsF21eKrerARYO6HapNeh9GBNq7fius2AcwodY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12 h1:2qTR7IFk7/0IN/adSFhYu9Xthr0zVFTgBrmPldILn80=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.12/go.mod h1:E4VrHCPzmVB/KFXtqBGKb3c8zpbNBgKe3fisDNLAW5w=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.2 h1:XFJ2Z6sNUUcAz9poj+245DMkrHE4h2j5I9/xD50RHfE=
-github.com/aws/aws-sdk-go-v2/service/sts v1.19.2/go.mod h1:dp0yLPsLBOi++WTxzCjA/oZqi6NPIhoR+uF7GeMU9eg=
-github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
-github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -323,7 +284,6 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-github/v37 v37.0.0 h1:rCspN8/6kB1BAJWZfuafvHhyfIo5fkAulaP/3bOQ/tM=
@@ -411,10 +371,6 @@ github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
-github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
 github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
@@ -991,7 +947,6 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
-golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kubeshark
-version: "52.0.0"
+version: "52.1.0"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.co
 keywords:

helm-chart/PF_RING.md

@@ -0,0 +1,152 @@
+# PF_RING
+
+<!-- TOC -->
+
+- [PF\_RING](#pf_ring)
+  - [Overview](#overview)
+  - [Loading PF\_RING module on Kubernetes nodes](#loading-pf_ring-module-on-kubernetes-nodes)
+    - [Pre-built kernel module exists and external egress allowed](#pre-built-kernel-module-exists-and-external-egress-allowed)
+    - [Pre-built kernel module doesn't exist or external egress isn't allowed](#pre-built-kernel-module-doesnt-exist-or-external-egress-isnt-allowed)
+  - [Appendix A: PF\_RING kernel module compilation](#appendix-a-pf_ring-kernel-module-compilation)
+    - [Automated complilation](#automated-complilation)
+    - [Manual compilation](#manual-compilation)
+
+<!-- /TOC -->
+
+## Overview
+
+PF_RING™ is an advanced Linux kernel module and user-space framework designed for high-speed packet processing. It offers a uniform API for packet processing applications, enabling efficient handling of large volumes of network data.
+
+For comprehensive information on PF_RING™, please visit the [User's Guide]((https://www.ntop.org/guides/pf_ring) and access detailed [API Documentation](http://www.ntop.org/guides/pf_ring_api/files.html).
+
+## Loading PF_RING module on Kubernetes nodes
+
+PF_RING kernel module loading is performed via of the `worker` component pod.
+The target container `tap.kernelModule.image` must contain `pf_ring.ko` file under path `/opt/lib/modules/<kernel version>/pf_ring.ko`.
+Kubeshark provides ready to use containers with kernel modules for the most popular kernel versions running in different managed clouds.
+
+Prior to deploying `kubeshark` with PF_RING enabled, it is essential to verify if a PF_RING kernel module is already built for your kernel version.
+Kubeshark provides additional CLI tool for this purpose - [pf-ring-compiler](https://github.com/kubeshark/pf-ring-compiler).
+
+Compatibility verification can be done by running:
+
+```bash
+pfring-compiler compatibility
+```
+
+This command checks for the availability of kernel modules for the kernel versions running across all nodes in the Kubernetes cluster.
+
+Example output for a compatible cluster:
+
+```bash
+Node                                          Kernel Version                 Supported
+ip-192-168-77-230.us-west-2.compute.internal  5.10.199-190.747.amzn2.x86_64  true
+ip-192-168-34-216.us-west-2.compute.internal  5.10.199-190.747.amzn2.x86_64  true
+
+Cluster is compatible
+```
+
+Another option to verify availability of kernel modules is just inspecting available kernel module versions via:
+
+```bash
+curl https://api.kubeshark.co/kernel-modules/meta/versions.jso
+```
+
+Based on Kubernetes cluster compatibility and external connection capabilities, user has two options:
+
+1. Use Kubeshark provided container `kubeshark/pf-ring-module`
+2. Build custom container with required kernel module version. 
+
+### Pre-built kernel module exists and external egress allowed
+
+In this case no additional configuration required.
+Kubeshark will load PF_RING kernel module from the default `kubeshark/pf-ring-module:all` container.
+
+### Pre-built kernel module doesn't exist or external egress isn't allowed
+
+In this case building custom Docker image is required.
+
+1. Compile PF_RING kernel module for target version
+
+Skip if you have `pf_ring.ko` for the target kernel version.
+Otherwise, follow [Appendix A](#appendix-a-pf_ring-kernel-module-compilation) for details.
+
+2. Build container
+
+The same build process Kubeshark has can be reused (follow [pfring-compilier](https://github.com/kubeshark/pf-ring-compiler/tree/main/modules) for details).
+
+3. Configure Helm values
+
+```yaml
+tap:
+  kernelModule:
+    image: <container from stage 2>
+```
+
+
+## Appendix A: PF_RING kernel module compilation
+
+PF_RING kernel module compilation can be completed automatically or manually.
+
+### Automated complilation
+
+In case your Kubernetes workers run supported Linux distribution, `kubeshark` CLI can be used to build PF_RING module:
+
+```bash
+pfring-compiler compile --target <distro>
+```
+
+This command requires:
+
+- kubectl to be installed and configured with a proper context
+- egress connection to Internet available
+
+This command:
+
+1. Runs Kubernetes job with build container
+2. Waits for job to be completed
+3. Downloads `pf-ring-<kernel version>.ko` file into the current folder.
+4. Cleans up created job.
+
+Currently supported distros:
+
+- Ubuntu
+- RHEL 9
+- Amazon Linux 2
+
+### Manual compilation
+
+The process description is based on Ubuntu 22.04 distribution.
+
+1. Get terminal access to the node with target kernel version
+This can be done either via SSH directly to node or with debug container running on the target node:
+
+```bash
+kubectl debug node/<target node> -it --attach=true --image=ubuntu:22.04
+```
+
+2. Install build tools and kernel headers
+
+```bash
+apt update
+apt install -y gcc build-essential make git wget tar gzip
+apt install -y linux-headers-$(uname -r)
+```
+
+3. Download PF_RING source code
+
+```bash
+wget https://github.com/ntop/PF_RING/archive/refs/tags/8.4.0.tar.gz
+tar -xf 8.4.0.tar.gz
+cd PF_RING-8.4.0/kernel
+```
+
+4. Compile the kernel module
+
+```bash
+make KERNEL_SRC=/usr/src/linux-headers-$(uname -r)
+```
+
+5. Copy `pf_ring.ko` to the local file system.
+
+Use `scp` or `kubectl cp` depending on type of access(SSH or debug pod).

helm-chart/README.md

@@ -94,7 +94,7 @@ For example, change from the default 500Mi to 1Gi:
 ```shell
 --set tap.storageLimit=1Gi
 ```
- 
+
 ## Disabling IPV6
 
 Not all have IPV6 enabled, hence this has to be disabled as follows:
@@ -104,6 +104,10 @@ helm install kubeshark kubeshark/kubeshark \
   --set tap.ipv6=false
 ```
 
+## Metrics
+
+Please refer to [metrics](./metrics.md) documentation for details.
+
 ## Configuration
 
 | Parameter                                 | Description                                   | Default                                                 |
@@ -152,8 +156,12 @@ helm install kubeshark kubeshark/kubeshark \
 | `tap.ingress.annotations`                 | `Ingress` annotations                           | `{}`                                                    |
 | `tap.ipv6`                                | Enable IPv6 support for the front-end                        | `true`                                                  |
 | `tap.debug`                               | Enable debug mode                             | `false`                                                 |
-| `tap.noKernelModule`                      | Do not install `PF_RING` kernel module       | `false`                                                 |
+| `tap.kernelModule.enabled`                | Use PF_RING kernel module([details](PF_RING.md))      | `true`                                                 |
+| `tap.kernelModule.image`                  | Container image containing PF_RING kernel module with supported kernel version([details](PF_RING.md))      | "kubeshark/pf-ring-module:all"                                                 |
+| `tap.kernelModule.unloadOnDestroy`        | Create additional container which watches for pod termination and unloads PF_RING kernel module. | `false`|
 | `tap.telemetry.enabled`                   | Enable anonymous usage statistics collection           | `true`                                                  |
+| `tap.defaultFilter`                       | Sets the default dashboard KFL filter (e.g. `http`)        | `""`                                                  |
+| `tap.globalFilter`                        | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field.       | `""`                                        |
 | `logs.file`                               | Logs dump path                      | `""`                                                    |
 | `kube.configPath`                         | Path to the `kubeconfig` file (`$HOME/.kube/config`)            | `""`                                                    |
 | `kube.context`                            | Kubernetes context to use for the deployment  | `""`                                                    |
@@ -163,3 +171,8 @@ helm install kubeshark kubeshark/kubeshark \
 | `scripting.env`                           | Environment variables for the scripting      | `{}`                                                    |
 | `scripting.source`                        | Source directory of the scripts                | `""`                                                    |
 | `scripting.watchScripts`                  | Enable watch mode for the scripts in source directory          | `true`                                                  |
+| `tap.metrics.port`                  | Pod port used to expose Prometheus metrics          | `49100`                                                  |
+
+KernelMapping pairs kernel versions with a
+                            DriverContainer image. Kernel versions can be matched
+                            literally or using a regular expression

helm-chart/metrics.md

@@ -0,0 +1,51 @@
+# Metrics
+
+Kubeshark provides metrics from `worker` components.
+It can be useful for monitoring and debugging purpose.
+
+## Configuration
+
+By default, Kubeshark uses port `49100` to expose metrics via service `kubeshark-worker-metrics`.
+
+In case you use [kube-prometheus-stack] (https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) community Helm chart, additional scrape configuration for Kubeshark worker metrics endpoint can be configured with values:
+
+```
+prometheus:
+  enabled: true
+  prometheusSpec:
+    additionalScrapeConfigs: |
+      - job_name: 'kubeshark-worker-metrics'
+        kubernetes_sd_configs:
+          - role: endpoints
+        relabel_configs:
+          - source_labels: [__meta_kubernetes_pod_name]
+            target_label: pod
+          - source_labels: [__meta_kubernetes_pod_node_name]
+            target_label: node
+          - source_labels: [__meta_kubernetes_endpoint_port_name]
+            action: keep
+            regex: ^metrics$
+          - source_labels: [__address__, __meta_kubernetes_endpoint_port_number]
+            action: replace
+            regex: ([^:]+)(?::\d+)?
+            replacement: $1:49100
+            target_label: __address__
+          - action: labelmap
+            regex: __meta_kubernetes_service_label_(.+)
+```
+
+
+## Available metrics
+
+| Name | Type | Description | 
+| --- | --- | --- | 
+| kubeshark_received_packets_total | Counter | Total number of packets received | 
+| kubeshark_dropped_packets_total | Counter | Total number of packets dropped | 
+| kubeshark_processed_bytes_total | Counter | Total number of bytes processed |
+| kubeshark_tcp_packets_total | Counter | Total number of TCP packets | 
+| kubeshark_dns_packets_total | Counter | Total number of DNS packets | 
+| kubeshark_icmp_packets_total | Counter | Total number of ICMP packets | 
+| kubeshark_reassembled_tcp_payloads_total | Counter | Total number of reassembled TCP payloads |
+| kubeshark_matched_pairs_total | Counter | Total number of matched pairs | 
+| kubeshark_dropped_tcp_streams_total | Counter | Total number of dropped TCP streams | 
+| kubeshark_live_tcp_streams | Gauge | Number of live TCP streams |

helm-chart/templates/06-front-deployment.yaml

@@ -28,6 +28,8 @@ spec:
               value: '{{ not (eq .Values.tap.defaultFilter "") | ternary .Values.tap.defaultFilter " " }}'
             - name: REACT_APP_AUTH_ENABLED
               value: '{{ .Values.tap.auth.enabled }}'
+            - name: REACT_APP_REPLAY_DISABLED
+              value: '{{ .Values.tap.replayDisabled }}'
           image: '{{ .Values.tap.docker.registry }}/front:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           name: kubeshark-front

helm-chart/templates/09-worker-daemon-set.yaml

@@ -25,6 +25,23 @@ spec:
       name: kubeshark-worker-daemon-set
       namespace: kubeshark
     spec:
+    {{- if .Values.tap.kernelModule.enabled }}
+      initContainers:
+      - name: load-pf-ring
+        image: {{ .Values.tap.kernelModule.image }}
+        imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
+        securityContext:
+          capabilities:
+            add:
+              {{- range .Values.tap.capabilities.kernelModule }}
+              {{ print "- " . }}
+              {{- end }}
+            drop:
+              - ALL
+        volumeMounts:
+        - name: lib-modules
+          mountPath: /lib/modules
+    {{- end }}
       containers:
         - command:
             - ./worker
@@ -32,20 +49,26 @@ spec:
             - any
             - -port
             - '{{ .Values.tap.proxy.worker.srvPort }}'
+            - -metrics-port
+            - '{{ .Values.tap.metrics.port }}'
           {{- if .Values.tap.serviceMesh }}
             - -servicemesh
           {{- end }}
             - -procfs
             - /hostproc
+          {{- if .Values.tap.kernelModule.enabled }}
+            - -kernel-module
+          {{- end }}
           {{- if .Values.tap.debug }}
             - -debug
           {{- end }}
-          {{- if .Values.tap.noKernelModule }}
-            - -no-kernel-module
-          {{- end }}
           image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           name: sniffer
+          ports:
+            - containerPort: {{ .Values.tap.metrics.port }}
+              protocol: TCP
+              name: metrics
           env:
           - name: POD_NAME
             valueFrom:
@@ -55,33 +78,25 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+          - name: TCP_STREAM_CHANNEL_TIMEOUT_MS
+            value: '{{ .Values.tap.tcpStreamChannelTimeoutMs }}'
           resources:
             limits:
-              cpu: {{ .Values.tap.resources.worker.limits.cpu }}
-              memory: {{ .Values.tap.resources.worker.limits.memory }}
+              cpu: {{ .Values.tap.resources.sniffer.limits.cpu }}
+              memory: {{ .Values.tap.resources.sniffer.limits.memory }}
             requests:
-              cpu: {{ .Values.tap.resources.worker.requests.cpu }}
-              memory: {{ .Values.tap.resources.worker.requests.memory }}
+              cpu: {{ .Values.tap.resources.sniffer.requests.cpu }}
+              memory: {{ .Values.tap.resources.sniffer.requests.memory }}
           securityContext:
             capabilities:
               add:
-                # NET_RAW is required to listen the network traffic
-                - NET_RAW
-                # NET_ADMIN is required to listen the network traffic
-                - NET_ADMIN
-                {{- if not .Values.tap.noKernelModule }}
-                # SYS_MODULE is required to install kernel modules
-                - SYS_MODULE
+                {{- range .Values.tap.capabilities.networkCapture }}
+                {{ print "- " . }}
                 {{- end }}
                 {{- if .Values.tap.serviceMesh }}
-                # SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
-                - SYS_ADMIN
-                # SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
-                - SYS_PTRACE
-                # DAC_OVERRIDE is required to read /proc/PID/environ
-                - DAC_OVERRIDE
-                # CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
-                - CHECKPOINT_RESTORE
+                {{- range .Values.tap.capabilities.serviceMeshCapture }}
+                {{ print "- " . }}
+                {{- end }}
                 {{- end }}
               drop:
                 - ALL
@@ -108,6 +123,20 @@ spec:
               readOnly: true
             - mountPath: /app/data
               name: data
+      {{- if and (eq .Values.tap.kernelModule.enabled true) (eq .Values.tap.kernelModule.unloadOnDestroy true) }}
+        - name: unload-pf-ring
+          image: {{ .Values.tap.kernelModule.image }}
+          command: ["/bin/sh"]
+          args: ["-c", "trap 'rmmod pf_ring && sleep 3' SIGTERM; while true; do sleep 1; done"] 
+          securityContext:
+            capabilities:
+              add:
+                {{- range .Values.tap.capabilities.kernelModule }}
+                {{ print "- " . }}
+                {{- end }}
+              drop:
+                - ALL
+      {{- end }}
       {{- if .Values.tap.tls }}
         - command:
             - ./tracer
@@ -128,17 +157,19 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+          resources:
+            limits:
+              cpu: {{ .Values.tap.resources.tracer.limits.cpu }}
+              memory: {{ .Values.tap.resources.tracer.limits.memory }}
+            requests:
+              cpu: {{ .Values.tap.resources.tracer.requests.cpu }}
+              memory: {{ .Values.tap.resources.tracer.requests.memory }}
           securityContext:
             capabilities:
               add:
-                # SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
-                - SYS_ADMIN
-                # SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
-                - SYS_PTRACE
-                # SYS_RESOURCE is required to change rlimits for eBPF
-                - SYS_RESOURCE
-                # CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
-                - CHECKPOINT_RESTORE
+                {{- range .Values.tap.capabilities.ebpfCapture }}
+                {{ print "- " . }}
+                {{- end }}
               drop:
                 - ALL
           volumeMounts:
@@ -176,6 +207,9 @@ spec:
         - hostPath:
             path: /sys
           name: sys
+        - name: lib-modules
+          hostPath:
+            path: /lib/modules
         - name: data
 {{- if .Values.tap.persistentStorage }}
           persistentVolumeClaim:

helm-chart/templates/12-config-map.yaml

@@ -9,10 +9,12 @@ metadata:
 data:
     POD_REGEX: '{{ .Values.tap.regex }}'
     NAMESPACES: '{{ gt (len .Values.tap.namespaces) 0 | ternary (join "," .Values.tap.namespaces) "" }}'
-    SCRIPTING_ENV: '{{ .Values.scripting.env | toJson }}'
     SCRIPTING_SCRIPTS: '{}'
     AUTH_ENABLED: '{{ .Values.tap.auth.enabled | ternary "true" "" }}'
     AUTH_APPROVED_EMAILS: '{{ gt (len .Values.tap.auth.approvedEmails) 0 | ternary (join "," .Values.tap.auth.approvedEmails) "" }}'
     AUTH_APPROVED_DOMAINS: '{{ gt (len .Values.tap.auth.approvedDomains) 0 | ternary (join "," .Values.tap.auth.approvedDomains) "" }}'
     AUTH_APPROVED_TENANTS: '{{ gt (len .Values.tap.auth.approvedTenants) 0 | ternary (join "," .Values.tap.auth.approvedTenants) "" }}'
     TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}'
+    REPLAY_DISABLED: '{{ .Values.tap.replayDisabled | ternary "true" "" }}'
+    GLOBAL_FILTER: '{{ .Values.tap.globalFilter }}'
+    TRAFFIC_SAMPLE_RATE: '{{ .Values.tap.trafficSampleRate }}'

helm-chart/templates/13-secret.yaml

@@ -8,3 +8,4 @@ metadata:
     {{- include "kubeshark.labels" . | nindent 4 }}
 stringData:
     LICENSE: '{{ .Values.license }}'
+    SCRIPTING_ENV: '{{ .Values.scripting.env | toJson }}'

helm-chart/templates/15-worker-service-metrics.yaml

@@ -0,0 +1,18 @@
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: kubeshark-worker-metrics
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    prometheus.io/scrape: 'true'
+    prometheus.io/port: '{{ .Values.tap.metrics.port }}'
+spec:
+  selector:
+    app.kubeshark.co/app: worker
+    {{- include "kubeshark.labels" . | nindent 4 }}
+  ports:
+  - name: metrics
+    protocol: TCP
+    port: {{ .Values.tap.metrics.port }}
+    targetPort: {{ .Values.tap.metrics.port }}

helm-chart/values.yaml

@@ -25,14 +25,21 @@ tap:
   storageClass: standard
   dryRun: false
   resources:
-    worker:
+    hub:
       limits:
         cpu: 750m
         memory: 1Gi
       requests:
         cpu: 50m
         memory: 50Mi
-    hub:
+    sniffer:
+      limits:
+        cpu: 750m
+        memory: 1Gi
+      requests:
+        cpu: 50m
+        memory: 50Mi
+    tracer:
       limits:
         cpu: 750m
         memory: 1Gi
@@ -63,10 +70,35 @@ tap:
     annotations: {}
   ipv6: true
   debug: false
-  noKernelModule: false
+  kernelModule:
+    enabled: true
+    image: kubeshark/pf-ring-module:all
+    unloadOnDestroy: false
   telemetry:
     enabled: true
   defaultFilter: ""
+  replayDisabled: false
+  capabilities:
+    networkCapture:
+    - NET_RAW
+    - NET_ADMIN
+    serviceMeshCapture:
+    - SYS_ADMIN
+    - SYS_PTRACE
+    - DAC_OVERRIDE
+    - CHECKPOINT_RESTORE
+    kernelModule:
+    - SYS_MODULE
+    ebpfCapture:
+    - SYS_ADMIN
+    - SYS_PTRACE
+    - SYS_RESOURCE
+    - CHECKPOINT_RESTORE
+  globalFilter: ""
+  metrics:
+    port: 49100
+  trafficSampleRate: 100
+  tcpStreamChannelTimeoutMs: 10000
 logs:
   file: ""
 kube:

manifests/complete.yaml

@@ -28,6 +28,7 @@ metadata:
     app.kubernetes.io/managed-by: Helm
 stringData:
     LICENSE: ''
+    SCRIPTING_ENV: '{}'
 ---
 # Source: kubeshark/templates/11-nginx-config-map.yaml
 apiVersion: v1
@@ -93,13 +94,15 @@ metadata:
 data:
     POD_REGEX: '.*'
     NAMESPACES: ''
-    SCRIPTING_ENV: '{}'
     SCRIPTING_SCRIPTS: '{}'
     AUTH_ENABLED: ''
     AUTH_APPROVED_EMAILS: ''
     AUTH_APPROVED_DOMAINS: ''
     AUTH_APPROVED_TENANTS: ''
     TELEMETRY_DISABLED: ''
+    REPLAY_DISABLED: ''
+    GLOBAL_FILTER: ''
+    TRAFFIC_SAMPLE_RATE: '100'
 ---
 # Source: kubeshark/templates/02-cluster-role.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -246,6 +249,29 @@ spec:
     app.kubeshark.co/app: front
   type: ClusterIP
 ---
+# Source: kubeshark/templates/15-worker-service-metrics.yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: kubeshark-worker-metrics
+  namespace: default
+  annotations:
+    prometheus.io/scrape: 'true'
+    prometheus.io/port: '49100'
+spec:
+  selector:
+    app.kubeshark.co/app: worker
+    helm.sh/chart: kubeshark-52.0.0
+    app.kubernetes.io/name: kubeshark
+    app.kubernetes.io/instance: kubeshark
+    app.kubernetes.io/version: "52.0.0"
+    app.kubernetes.io/managed-by: Helm
+  ports:
+  - name: metrics
+    protocol: TCP
+    port: 49100
+    targetPort: 49100
+---
 # Source: kubeshark/templates/09-worker-daemon-set.yaml
 apiVersion: apps/v1
 kind: DaemonSet
@@ -282,6 +308,19 @@ spec:
       name: kubeshark-worker-daemon-set
       namespace: kubeshark
     spec:
+      initContainers:
+      - name: load-pf-ring
+        image: kubeshark/pf-ring-module:all
+        imagePullPolicy: Always
+        securityContext:
+          capabilities:
+            add:
+              - SYS_MODULE
+            drop:
+              - ALL
+        volumeMounts:
+        - name: lib-modules
+          mountPath: /lib/modules
       containers:
         - command:
             - ./worker
@@ -289,12 +328,19 @@ spec:
             - any
             - -port
             - '30001'
+            - -metrics-port
+            - '49100'
             - -servicemesh
             - -procfs
             - /hostproc
+            - -kernel-module
           image: 'docker.io/kubeshark/worker:v52.0.0'
           imagePullPolicy: Always
           name: sniffer
+          ports:
+            - containerPort: 49100
+              protocol: TCP
+              name: metrics
           env:
           - name: POD_NAME
             valueFrom:
@@ -304,6 +350,8 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+          - name: TCP_STREAM_CHANNEL_TIMEOUT_MS
+            value: '10000'
           resources:
             limits:
               cpu: 750m
@@ -314,19 +362,11 @@ spec:
           securityContext:
             capabilities:
               add:
-                # NET_RAW is required to listen the network traffic
                 - NET_RAW
-                # NET_ADMIN is required to listen the network traffic
                 - NET_ADMIN
-                # SYS_MODULE is required to install kernel modules
-                - SYS_MODULE
-                # SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
                 - SYS_ADMIN
-                # SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
                 - SYS_PTRACE
-                # DAC_OVERRIDE is required to read /proc/PID/environ
                 - DAC_OVERRIDE
-                # CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
                 - CHECKPOINT_RESTORE
               drop:
                 - ALL
@@ -369,16 +409,19 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+          resources:
+            limits:
+              cpu: 750m
+              memory: 1Gi
+            requests:
+              cpu: 50m
+              memory: 50Mi
           securityContext:
             capabilities:
               add:
-                # SYS_ADMIN is required to read /proc/PID/net/ns + to install eBPF programs (kernel < 5.8)
                 - SYS_ADMIN
-                # SYS_PTRACE is required to set netns to other process + to open libssl.so of other process
                 - SYS_PTRACE
-                # SYS_RESOURCE is required to change rlimits for eBPF
                 - SYS_RESOURCE
-                # CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
                 - CHECKPOINT_RESTORE
               drop:
                 - ALL
@@ -416,6 +459,9 @@ spec:
         - hostPath:
             path: /sys
           name: sys
+        - name: lib-modules
+          hostPath:
+            path: /lib/modules
         - name: data
           emptyDir:
             sizeLimit: 500Mi
@@ -533,6 +579,8 @@ spec:
               value: ' '
             - name: REACT_APP_AUTH_ENABLED
               value: 'false'
+            - name: REACT_APP_REPLAY_DISABLED
+              value: 'false'
           image: 'docker.io/kubeshark/front:v52.0.0'
           imagePullPolicy: Always
           name: kubeshark-front