🔖 Bump the Helm chart version to 52.1.75

* 🐛 Use `8080` listen port for front nginx config

* 🐛 Use `8080` ingress port for front/hub network policies

.github/static/kubeshark.rb.tmpl

@@ -0,0 +1,46 @@
+# typed: false
+# frozen_string_literal: true
+
+class Kubeshark < Formula
+  desc ""
+  homepage "https://github.com/kubeshark/kubeshark"
+  version "${CLEAN_VERSION}"
+
+  on_macos do
+    if Hardware::CPU.arm?
+      url "https://github.com/kubeshark/kubeshark/releases/download/${FULL_VERSION}/kubeshark_darwin_arm64"
+      sha256 "${DARWIN_ARM64_SHA256}"
+
+      def install
+        bin.install "kubeshark_darwin_arm64" => "kubeshark"
+      end
+    end
+    if Hardware::CPU.intel?
+      url "https://github.com/kubeshark/kubeshark/releases/download/${FULL_VERSION}/kubeshark_darwin_amd64"
+      sha256 "${DARWIN_AMD64_SHA256}"
+
+      def install
+        bin.install "kubeshark_darwin_amd64" => "kubeshark"
+      end
+    end
+  end
+
+  on_linux do
+    if Hardware::CPU.intel?
+      url "https://github.com/kubeshark/kubeshark/releases/download/${FULL_VERSION}/kubeshark_linux_amd64"
+      sha256 "${LINUX_AMD64_SHA256}"
+
+      def install
+        bin.install "kubeshark_linux_amd64" => "kubeshark"
+      end
+    end
+    if Hardware::CPU.arm? && Hardware::CPU.is_64_bit?
+      url "https://github.com/kubeshark/kubeshark/releases/download/${FULL_VERSION}/kubeshark_linux_arm64"
+      sha256 "${LINUX_ARM64_SHA256}"
+
+      def install
+        bin.install "kubeshark_linux_arm64" => "kubeshark"
+      end
+    end
+  end
+end

.github/workflows/release.yml

@@ -14,6 +14,8 @@ jobs:
   release:
     name: Build and publish a new release
     runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.version.outputs.tag }}
     steps:
       - name: Check out the repo
         uses: actions/checkout@v3
@@ -47,44 +49,49 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
           artifacts: "bin/*"
           tag: ${{ steps.version.outputs.tag }}
-          prerelease: true
+          prerelease: false
           bodyFile: 'bin/README.md'
 
-  brew-tap:
-    name: Create Homebrew formulae
-    runs-on: ubuntu-latest
+  brew:
+    name: Build and publish a new release
     needs: [release]
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          repository: kubeshark/homebrew-kubeshark
+          token: ${{ secrets.HOMEBREW_TOKEN }}
+          path: homebrew-kubeshark
 
-      - name: Version
-        id: version
+      - name: Bump core homebrew formula
+        uses: mislav/bump-homebrew-formula-action@v3
+        with:
+          # A PR will be sent to github.com/Homebrew/homebrew-core to update this formula:
+          formula-name: kubeshark
+          push-to: kubeshark/homebrew-core
+        env:
+          COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }}
+
+      - name: Generate Homebrew formulae
         shell: bash
         run: |
-          {
-            echo "tag=${GITHUB_REF#refs/*/}"
-            echo "build_timestamp=$(date +%s)"
-            echo "branch=${GITHUB_REF#refs/heads/}"
-          } >> "$GITHUB_OUTPUT"
+          export FULL_VERSION=${{ needs.release.outputs.version }}
+          export CLEAN_VERSION=$(echo $FULL_VERSION | sed 's/^v//')
+          export DARWIN_AMD64_SHA256=$(shasum -a 256 bin/kubeshark_darwin_amd64 | awk '{print $1}')
+          export DARWIN_ARM64_SHA256=$(shasum -a 256 bin/kubeshark_darwin_arm64 | awk '{print $1}')
+          export LINUX_AMD64_SHA256=$(shasum -a 256 bin/kubeshark_linux_amd64 | awk '{print $1}')
+          export LINUX_ARM64_SHA256=$(shasum -a 256 bin/kubeshark_linux_arm64 | awk '{print $1}')
+          envsubst < .github/static/kubeshark.rb.tmpl > homebrew-kubeshark/kubeshark.rb
 
-      - name: Fetch all tags
-        run: git fetch --force --tags
+          cat homebrew-kubeshark/kubeshark.rb
 
-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version-file: 'go.mod'
-
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
-        with:
-          distribution: goreleaser
-          version: ${{ env.GITHUB_REF_NAME }}
-          args: release --clean
-        env:
-          GITHUB_TOKEN: ${{ secrets.HOMEBREW_TOKEN }}
-          VER: ${{ steps.version.outputs.tag }}
-          BUILD_TIMESTAMP: ${{ steps.version.outputs.build_timestamp }}
+      - name: Commit and push Homebrew formulae
+        working-directory: homebrew-kubeshark
+        run: |
+          git config --global user.email "bot@kubeshark.io"
+          git config --global user.name "Kubeshark Bot"
+          git add kubeshark.rb
+          git commit -m "Release ${{ needs.release.outputs.version }}"
+          git push

Makefile

@@ -40,6 +40,21 @@ build-base: ## Build binary (select the platform via GOOS / GOARCH env variables
 					-o bin/kubeshark_$(SUFFIX) kubeshark.go && \
 	cd bin && shasum -a 256 kubeshark_${SUFFIX} > kubeshark_${SUFFIX}.sha256
 
+build-brew: ## Build binary for brew/core CI
+	go build ${GCLFAGS} -ldflags="${LDFLAGS_EXT} \
+					-X 'github.com/kubeshark/kubeshark/misc.GitCommitHash=$(COMMIT_HASH)' \
+					-X 'github.com/kubeshark/kubeshark/misc.Branch=$(GIT_BRANCH)' \
+					-X 'github.com/kubeshark/kubeshark/misc.BuildTimestamp=$(BUILD_TIMESTAMP)' \
+					-X 'github.com/kubeshark/kubeshark/misc.Platform=$(SUFFIX)' \
+					-X 'github.com/kubeshark/kubeshark/misc.Ver=$(VER)'" \
+					-o kubeshark kubeshark.go
+
+build-windows-amd64:
+	$(MAKE) build GOOS=windows GOARCH=amd64 && \
+	mv ./bin/kubeshark_windows_amd64 ./bin/kubeshark.exe && \
+	rm bin/kubeshark_windows_amd64.sha256 && \
+	cd bin && shasum -a 256 kubeshark.exe > kubeshark.exe.sha256
+
 build-all: ## Build for all supported platforms.
 	export CGO_ENABLED=0
 	echo "Compiling for every OS and Platform" && \
@@ -48,8 +63,7 @@ build-all: ## Build for all supported platforms.
 	$(MAKE) build GOOS=linux GOARCH=arm64 && \
 	$(MAKE) build GOOS=darwin GOARCH=amd64 && \
 	$(MAKE) build GOOS=darwin GOARCH=arm64 && \
-	$(MAKE) build GOOS=windows GOARCH=amd64 && \
-	mv ./bin/kubeshark_windows_amd64 ./bin/kubeshark.exe && \
+	$(MAKE) build-windows-amd64 && \
 	echo "---------" && \
 	find ./bin -ls
 
@@ -70,7 +84,7 @@ kubectl-view-kubeshark-resources: ## This command outputs all Kubernetes resourc
 	./kubectl.sh view-kubeshark-resources
 
 generate-helm-values: ## Generate the Helm values from config.yaml
-	./bin/kubeshark__ config > ./helm-chart/values.yaml
+	./bin/kubeshark__ config > ./helm-chart/values.yaml && sed -i 's/^license:.*/license: ""/' helm-chart/values.yaml
 
 generate-manifests: ## Generate the manifests from the Helm chart using default configuration
 	helm template kubeshark -n default ./helm-chart > ./manifests/complete.yaml
@@ -157,7 +171,7 @@ release:
 	@cd ../worker && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../hub && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../front && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
-	@cd ../kubeshark && sed -i 's/^version:.*/version: "$(VERSION)"/' helm-chart/Chart.yaml
+	@cd ../kubeshark && sed -i 's/^version:.*/version: "$(VERSION)"/' helm-chart/Chart.yaml && make && make generate-helm-values && make generate-manifests
 	@git add -A . && git commit -m ":bookmark: Bump the Helm chart version to $(VERSION)" && git push
 	@git tag v$(VERSION) && git push origin --tags
 	@cd helm-chart && cp -r . ../../kubeshark.github.io/charts/chart

README.md

@@ -23,11 +23,9 @@
 <p align="center">
   <b>
 	  NEW: 
-	  <a href="https://github.com/kubeshark/kubeshark/releases/latest">Version 52.0.0</a> 
-	  now available, featuring a new 
-	  <a href="https://docs.kubeshark.co/en/traffic_recorder">Traffic Recorder</a> 
-	  and  
-	  <a href="https://docs.kubeshark.co/en/half_connections">Half & Erroneous Connection Analysis</a>.
+	  <a href="https://github.com/kubeshark/kubeshark/releases/latest">Version 52.1.63</a> 
+	  now available, featuring enhanced 
+	  <a href="https://docs.kubeshark.co/en/half_connections">Network Error Detection & Analysis</a>.
   </b>
 </p>
 

config/configStruct.go

@@ -41,8 +41,6 @@ func CreateDefaultConfig() ConfigStruct {
 					"SYS_PTRACE",
 					// DAC_OVERRIDE is required to read /proc/PID/environ
 					"DAC_OVERRIDE",
-					// CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
-					"CHECKPOINT_RESTORE",
 				},
 				KernelModule: []string{
 					// SYS_MODULE is required to install kernel modules
@@ -55,9 +53,8 @@ func CreateDefaultConfig() ConfigStruct {
 					"SYS_PTRACE",
 					// SYS_RESOURCE is required to change rlimits for eBPF
 					"SYS_RESOURCE",
-					// CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
-					"CHECKPOINT_RESTORE",
-					// IPC_LOCK is required for ebpf perf rings (kernel > )
+					// IPC_LOCK is required for ebpf perf buffers allocations after some amount of size buffer size:
+					// https://github.com/kubeshark/tracer/blob/13e24725ba8b98216dd0e553262e6d9c56dce5fa/main.go#L82)
 					"IPC_LOCK",
 				},
 			},

config/configStructs/tapConfig.go

@@ -147,38 +147,41 @@ type MiscConfig struct {
 }
 
 type TapConfig struct {
-	Docker                    DockerConfig          `yaml:"docker" json:"docker"`
-	Proxy                     ProxyConfig           `yaml:"proxy" json:"proxy"`
-	PodRegexStr               string                `yaml:"regex" json:"regex" default:".*"`
-	Namespaces                []string              `yaml:"namespaces" json:"namespaces" default:"[]"`
-	Release                   ReleaseConfig         `yaml:"release" json:"release"`
-	PersistentStorage         bool                  `yaml:"persistentStorage" json:"persistentStorage" default:"false"`
-	PersistentStorageStatic   bool                  `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"`
-	EfsFileSytemIdAndPath     string                `yaml:"efsFileSytemIdAndPath" json:"efsFileSytemIdAndPath" default:""`
-	StorageLimit              string                `yaml:"storageLimit" json:"storageLimit" default:"500Mi"`
-	StorageClass              string                `yaml:"storageClass" json:"storageClass" default:"standard"`
-	DryRun                    bool                  `yaml:"dryRun" json:"dryRun" default:"false"`
-	Resources                 ResourcesConfig       `yaml:"resources" json:"resources"`
-	ServiceMesh               bool                  `yaml:"serviceMesh" json:"serviceMesh" default:"true"`
-	Tls                       bool                  `yaml:"tls" json:"tls" default:"true"`
-	IgnoreTainted             bool                  `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"`
-	Labels                    map[string]string     `yaml:"labels" json:"labels" default:"{}"`
-	Annotations               map[string]string     `yaml:"annotations" json:"annotations" default:"{}"`
-	NodeSelectorTerms         []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"`
-	Auth                      AuthConfig            `yaml:"auth" json:"auth"`
-	Ingress                   IngressConfig         `yaml:"ingress" json:"ingress"`
-	IPv6                      bool                  `yaml:"ipv6" json:"ipv6" default:"true"`
-	Debug                     bool                  `yaml:"debug" json:"debug" default:"false"`
-	KernelModule              KernelModuleConfig    `yaml:"kernelModule" json:"kernelModule"`
-	Telemetry                 TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
-	DefaultFilter             string                `yaml:"defaultFilter" json:"defaultFilter"`
-	ReplayDisabled            bool                  `yaml:"replayDisabled" json:"replayDisabled" default:"false"`
-	Capabilities              CapabilitiesConfig    `yaml:"capabilities" json:"capabilities"`
-	GlobalFilter              string                `yaml:"globalFilter" json:"globalFilter"`
-	Metrics                   MetricsConfig         `yaml:"metrics" json:"metrics"`
-	TrafficSampleRate         int                   `yaml:"trafficSampleRate" json:"trafficSampleRate" default:"100"`
-	TcpStreamChannelTimeoutMs int                   `yaml:"tcpStreamChannelTimeoutMs" json:"tcpStreamChannelTimeoutMs" default:"10000"`
-	Misc                      MiscConfig            `yaml:"misc" json:"misc"`
+	Docker                     DockerConfig          `yaml:"docker" json:"docker"`
+	Proxy                      ProxyConfig           `yaml:"proxy" json:"proxy"`
+	PodRegexStr                string                `yaml:"regex" json:"regex" default:".*"`
+	Namespaces                 []string              `yaml:"namespaces" json:"namespaces" default:"[]"`
+	Release                    ReleaseConfig         `yaml:"release" json:"release"`
+	PersistentStorage          bool                  `yaml:"persistentStorage" json:"persistentStorage" default:"false"`
+	PersistentStorageStatic    bool                  `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"`
+	EfsFileSytemIdAndPath      string                `yaml:"efsFileSytemIdAndPath" json:"efsFileSytemIdAndPath" default:""`
+	StorageLimit               string                `yaml:"storageLimit" json:"storageLimit" default:"500Mi"`
+	StorageClass               string                `yaml:"storageClass" json:"storageClass" default:"standard"`
+	DryRun                     bool                  `yaml:"dryRun" json:"dryRun" default:"false"`
+	Resources                  ResourcesConfig       `yaml:"resources" json:"resources"`
+	ServiceMesh                bool                  `yaml:"serviceMesh" json:"serviceMesh" default:"true"`
+	Tls                        bool                  `yaml:"tls" json:"tls" default:"true"`
+	IgnoreTainted              bool                  `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"`
+	Labels                     map[string]string     `yaml:"labels" json:"labels" default:"{}"`
+	Annotations                map[string]string     `yaml:"annotations" json:"annotations" default:"{}"`
+	NodeSelectorTerms          []v1.NodeSelectorTerm `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"[]"`
+	Auth                       AuthConfig            `yaml:"auth" json:"auth"`
+	Ingress                    IngressConfig         `yaml:"ingress" json:"ingress"`
+	IPv6                       bool                  `yaml:"ipv6" json:"ipv6" default:"true"`
+	Debug                      bool                  `yaml:"debug" json:"debug" default:"false"`
+	KernelModule               KernelModuleConfig    `yaml:"kernelModule" json:"kernelModule"`
+	Telemetry                  TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
+	DefaultFilter              string                `yaml:"defaultFilter" json:"defaultFilter"`
+	ReplayDisabled             bool                  `yaml:"replayDisabled" json:"replayDisabled" default:"false"`
+	ScriptingDisabled          bool                  `yaml:"scriptingDisabled" json:"scriptingDisabled" default:"false"`
+	TargetedPodsUpdateDisabled bool                  `yaml:"targetedPodsUpdateDisabled" json:"targetedPodsUpdateDisabled" default:"false"`
+	RecordingDisabled          bool                  `yaml:"recordingDisabled" json:"recordingDisabled" default:"false"`
+	Capabilities               CapabilitiesConfig    `yaml:"capabilities" json:"capabilities"`
+	GlobalFilter               string                `yaml:"globalFilter" json:"globalFilter"`
+	Metrics                    MetricsConfig         `yaml:"metrics" json:"metrics"`
+	TrafficSampleRate          int                   `yaml:"trafficSampleRate" json:"trafficSampleRate" default:"100"`
+	TcpStreamChannelTimeoutMs  int                   `yaml:"tcpStreamChannelTimeoutMs" json:"tcpStreamChannelTimeoutMs" default:"10000"`
+	Misc                       MiscConfig            `yaml:"misc" json:"misc"`
 }
 
 func (config *TapConfig) PodRegex() *regexp.Regexp {

helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kubeshark
-version: "52.1.30"
+version: "52.1.75"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.co
 keywords:

helm-chart/templates/02-cluster-role.yaml

@@ -8,7 +8,7 @@ metadata:
   {{- if .Values.tap.annotations }}
     {{- toYaml .Values.tap.annotations | nindent 4 }}
   {{- end }}
-  name: kubeshark-cluster-role
+  name: kubeshark-cluster-role-{{ .Release.Namespace }}
   namespace: {{ .Release.Namespace }}
 rules:
   - apiGroups:

helm-chart/templates/03-cluster-role-binding.yaml

@@ -8,12 +8,12 @@ metadata:
   {{- if .Values.tap.annotations }}
     {{- toYaml .Values.tap.annotations | nindent 4 }}
   {{- end }}
-  name: kubeshark-cluster-role-binding
+  name: kubeshark-cluster-role-binding-{{ .Release.Namespace }}
   namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: kubeshark-cluster-role
+  name: kubeshark-cluster-role-{{ .Release.Namespace }}
 subjects:
   - kind: ServiceAccount
     name: {{ include "kubeshark.serviceAccountName" . }}

helm-chart/templates/04-hub-deployment.yaml

@@ -29,6 +29,8 @@ spec:
         - name: kubeshark-hub
           command:
             - ./hub
+            - -port
+            - "8080"
           {{- if .Values.tap.debug }}
             - -debug
           {{- end }}
@@ -42,10 +44,7 @@ spec:
               fieldRef:
                 fieldPath: metadata.namespace
           - name: KUBESHARK_CLOUD_API_URL
-            valueFrom:
-              configMapKeyRef:
-                name: kubeshark-config-map
-                key: KUBESHARK_CLOUD_API_URL
+            value: 'https://api.kubeshark.co'
           image: '{{ .Values.tap.docker.registry }}/hub:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           readinessProbe:
@@ -54,14 +53,14 @@ spec:
             successThreshold: 1
             initialDelaySeconds: 3
             tcpSocket:
-              port: 80
+              port: 8080
           livenessProbe:
             periodSeconds: 1
             failureThreshold: 3
             successThreshold: 1
             initialDelaySeconds: 3
             tcpSocket:
-              port: 80
+              port: 8080
           resources:
             limits:
               cpu: {{ .Values.tap.resources.hub.limits.cpu }}

helm-chart/templates/05-hub-service.yaml

@@ -15,7 +15,7 @@ spec:
   ports:
     - name: kubeshark-hub
       port: 80
-      targetPort: 80
+      targetPort: 8080
   selector:
     app.kubeshark.co/app: hub
   type: ClusterIP

helm-chart/templates/06-front-deployment.yaml

@@ -34,6 +34,12 @@ spec:
               value: '{{ not (eq .Values.tap.auth.saml.idpMetadataUrl "") | ternary .Values.tap.auth.saml.idpMetadataUrl " " }}'
             - name: REACT_APP_REPLAY_DISABLED
               value: '{{ .Values.tap.replayDisabled }}'
+            - name: REACT_APP_SCRIPTING_DISABLED
+              value: '{{ .Values.tap.scriptingDisabled }}'
+            - name: REACT_APP_TARGETED_PODS_UPDATE_DISABLED
+              value: '{{ .Values.tap.targetedPodsUpdateDisabled }}'
+            - name: REACT_APP_RECORDING_DISABLED
+              value: '{{ .Values.tap.recordingDisabled }}'
           image: '{{ .Values.tap.docker.registry }}/front:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
           name: kubeshark-front
@@ -43,14 +49,14 @@ spec:
             successThreshold: 1
             initialDelaySeconds: 3
             tcpSocket:
-              port: 80
+              port: 8080
           readinessProbe:
             periodSeconds: 1
             failureThreshold: 3
             successThreshold: 1
             initialDelaySeconds: 3
             tcpSocket:
-              port: 80
+              port: 8080
             timeoutSeconds: 1
           resources:
             limits:

helm-chart/templates/07-front-service.yaml

@@ -14,7 +14,7 @@ spec:
   ports:
     - name: kubeshark-front
       port: 80
-      targetPort: 80
+      targetPort: 8080
   selector:
     app.kubeshark.co/app: front
   type: ClusterIP

helm-chart/templates/09-worker-daemon-set.yaml

@@ -84,10 +84,7 @@ spec:
           - name: TCP_STREAM_CHANNEL_TIMEOUT_MS
             value: '{{ .Values.tap.tcpStreamChannelTimeoutMs }}'
           - name: KUBESHARK_CLOUD_API_URL
-            valueFrom:
-              configMapKeyRef:
-                name: kubeshark-config-map
-                key: KUBESHARK_CLOUD_API_URL
+            value: 'https://api.kubeshark.co'
           resources:
             limits:
               cpu: {{ .Values.tap.resources.sniffer.limits.cpu }}

helm-chart/templates/11-nginx-config-map.yaml

@@ -9,9 +9,9 @@ metadata:
 data:
   default.conf: |
     server {
-      listen 80;
+      listen 8080;
 {{- if .Values.tap.ipv6 }}
-      listen [::]:80;
+      listen [::]:8080;
 {{- end }}
       access_log /dev/stdout;
       error_log /dev/stdout;

helm-chart/templates/12-config-map.yaml

@@ -20,9 +20,11 @@ data:
     AUTH_SAML_ROLES: '{{ .Values.tap.auth.saml.roles | toJson }}'
     TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}'
     REPLAY_DISABLED: '{{ .Values.tap.replayDisabled | ternary "true" "" }}'
+    SCRIPTING_DISABLED: '{{ .Values.tap.scriptingDisabled | ternary "true" "" }}'
+    TARGETED_PODS_UPDATE_DISABLED: '{{ .Values.tap.targetedPodsUpdateDisabled | ternary "true" "" }}'
+    RECORDING_DISABLED: '{{ .Values.tap.recordingDisabled | ternary "true" "" }}'
     GLOBAL_FILTER: {{ include "kubeshark.escapeDoubleQuotes" .Values.tap.globalFilter | quote }}
     TRAFFIC_SAMPLE_RATE: '{{ .Values.tap.trafficSampleRate }}'
-    KUBESHARK_CLOUD_API_URL: 'https://api.kubeshark.co'
     JSON_TTL: '{{ .Values.tap.misc.jsonTTL }}'
     PCAP_TTL: '{{ .Values.tap.misc.pcapTTL }}'
     PCAP_ERROR_TTL: '{{ .Values.tap.misc.pcapErrorTTL }}'

helm-chart/templates/14-openshift-security-context-constraints.yaml

@@ -27,7 +27,6 @@ allowedCapabilities:
   - SYS_PTRACE
   - DAC_OVERRIDE
   - SYS_RESOURCE
-  - CHECKPOINT_RESTORE
   - SYS_MODULE
 runAsUser:
   type: RunAsAny

helm-chart/templates/16-network-policies.yaml

@@ -0,0 +1,58 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: kubeshark-hub-network-policy
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubeshark.co/app: hub
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - ports:
+        - protocol: TCP
+          port: 8080
+  egress:
+    - {}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: kubeshark-front-network-policy
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubeshark.co/app: front
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - ports:
+        - protocol: TCP
+          port: 8080
+  egress:
+    - {}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: kubeshark-worker-network-policy
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubeshark.co/app: worker
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - ports:
+        - protocol: TCP
+          port: {{ .Values.tap.proxy.worker.srvPort }}
+        - protocol: TCP
+          port: {{ .Values.tap.metrics.port }}
+  egress:
+    - {}

helm-chart/values.yaml

@@ -89,6 +89,9 @@ tap:
     enabled: true
   defaultFilter: ""
   replayDisabled: false
+  scriptingDisabled: false
+  targetedPodsUpdateDisabled: false
+  recordingDisabled: false
   capabilities:
     networkCapture:
     - NET_RAW
@@ -97,14 +100,12 @@ tap:
     - SYS_ADMIN
     - SYS_PTRACE
     - DAC_OVERRIDE
-    - CHECKPOINT_RESTORE
     kernelModule:
     - SYS_MODULE
     ebpfCapture:
     - SYS_ADMIN
     - SYS_PTRACE
     - SYS_RESOURCE
-    - CHECKPOINT_RESTORE
     - IPC_LOCK
   globalFilter: ""
   metrics:

install.sh

@@ -0,0 +1,94 @@
+#!/bin/sh
+
+EXE_NAME=kubeshark
+ALIAS_NAME=ks
+PROG_NAME=Kubeshark
+INSTALL_PATH=/usr/local/bin/$EXE_NAME
+ALIAS_PATH=/usr/local/bin/$ALIAS_NAME
+REPO=https://github.com/kubeshark/kubeshark
+OS=$(echo $(uname -s) | tr '[:upper:]' '[:lower:]')
+ARCH=$(echo $(uname -m) | tr '[:upper:]' '[:lower:]')
+SUPPORTED_PAIRS="linux_amd64 linux_arm64 darwin_amd64 darwin_arm64"
+
+ESC="\033["
+F_DEFAULT=39
+F_RED=31
+F_GREEN=32
+F_YELLOW=33
+B_DEFAULT=49
+B_RED=41
+B_BLUE=44
+B_LIGHT_BLUE=104
+
+if [ "$ARCH" = "x86_64" ]; then
+    ARCH="amd64"
+fi
+
+if [ "$ARCH" = "aarch64" ]; then
+    ARCH="arm64"
+fi
+
+echo $SUPPORTED_PAIRS | grep -w -q "${OS}_${ARCH}"
+
+if [ $? != 0 ] ; then
+	echo "\n${ESC}${F_RED}m🛑 Unsupported OS \"$OS\" or architecture \"$ARCH\". Failed to install $PROG_NAME.${ESC}${F_DEFAULT}m"
+    echo "${ESC}${B_RED}mPlease report 🐛 to $REPO/issues${ESC}${F_DEFAULT}m"
+	exit 1
+fi
+
+# Check for Homebrew and kubeshark installation
+if command -v brew >/dev/null; then
+    if brew list kubeshark &>/dev/null; then
+        echo "📦 Found $PROG_NAME instance installed with Homebrew"
+		echo "${ESC}${F_GREEN}m⬇️ Removing before installation with script${ESC}${F_DEFAULT}m"
+        brew uninstall kubeshark
+    fi
+fi
+
+echo "\n🦈 ${ESC}${F_DEFAULT};${B_BLUE}m Started to download $PROG_NAME ${ESC}${B_DEFAULT};${F_DEFAULT}m"
+
+if curl -# --fail -Lo $EXE_NAME ${REPO}/releases/latest/download/${EXE_NAME}_${OS}_${ARCH} ; then
+    chmod +x $PWD/$EXE_NAME
+    echo "\n${ESC}${F_GREEN}m⬇️  $PROG_NAME is downloaded into $PWD/$EXE_NAME${ESC}${F_DEFAULT}m"
+else
+    echo "\n${ESC}${F_RED}m🛑 Couldn't download ${REPO}/releases/latest/download/${EXE_NAME}_${OS}_${ARCH}\n\
+  ⚠️  Check your internet connection.\n\
+  ⚠️  Make sure 'curl' command is available.\n\
+  ⚠️  Make sure there is no directory named '${EXE_NAME}' in ${PWD}\n\
+${ESC}${F_DEFAULT}m"
+    echo "${ESC}${B_RED}mPlease report 🐛 to $REPO/issues${ESC}${F_DEFAULT}m"
+    exit 1
+fi
+
+use_cmd=$EXE_NAME
+printf "Do you want to install system-wide? Requires sudo 😇 (y/N)? "
+old_stty_cfg=$(stty -g)
+stty raw -echo ; answer=$(head -c 1) ; stty $old_stty_cfg
+if echo "$answer" | grep -iq "^y" ;then
+    echo "$answer"
+    sudo mv ./$EXE_NAME $INSTALL_PATH || exit 1
+    echo "${ESC}${F_GREEN}m$PROG_NAME is installed into $INSTALL_PATH${ESC}${F_DEFAULT}m\n"
+
+	ls $ALIAS_PATH >> /dev/null 2>&1
+	if [ $? != 0 ] ; then
+		printf "Do you want to add 'ks' alias for Kubeshark? (y/N)? "
+		old_stty_cfg=$(stty -g)
+		stty raw -echo ; answer=$(head -c 1) ; stty $old_stty_cfg
+		if echo "$answer" | grep -iq "^y" ; then
+			echo "$answer"
+			sudo ln -s $INSTALL_PATH $ALIAS_PATH
+
+			use_cmd=$ALIAS_NAME
+		else
+			echo "$answer"
+		fi
+	else
+		use_cmd=$ALIAS_NAME
+	fi
+else
+	echo "$answer"
+	use_cmd="./$EXE_NAME"
+fi
+
+echo "${ESC}${F_GREEN}m✅ You can use the ${ESC}${F_DEFAULT};${B_LIGHT_BLUE}m $use_cmd ${ESC}${B_DEFAULT};${F_GREEN}m command now.${ESC}${F_DEFAULT}m"
+echo "\n${ESC}${F_YELLOW}mPlease give us a star 🌟 on ${ESC}${F_DEFAULT}m$REPO${ESC}${F_YELLOW}m if you ❤️  $PROG_NAME!${ESC}${F_DEFAULT}m"

manifests/complete.yaml

@@ -1,13 +1,75 @@
 ---
+# Source: kubeshark/templates/16-network-policies.yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: kubeshark-hub-network-policy
+  namespace: default
+spec:
+  podSelector:
+    matchLabels:
+      app.kubeshark.co/app: hub
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - ports:
+        - protocol: TCP
+          port: 8080
+  egress:
+    - {}
+---
+# Source: kubeshark/templates/16-network-policies.yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: kubeshark-front-network-policy
+  namespace: default
+spec:
+  podSelector:
+    matchLabels:
+      app.kubeshark.co/app: front
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - ports:
+        - protocol: TCP
+          port: 8080
+  egress:
+    - {}
+---
+# Source: kubeshark/templates/16-network-policies.yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: kubeshark-worker-network-policy
+  namespace: default
+spec:
+  podSelector:
+    matchLabels:
+      app.kubeshark.co/app: worker
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - ports:
+        - protocol: TCP
+          port: 30001
+        - protocol: TCP
+          port: 49100
+  egress:
+    - {}
+---
 # Source: kubeshark/templates/01-service-account.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-service-account
@@ -21,10 +83,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
 stringData:
     LICENSE: ''
@@ -38,10 +100,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
 stringData:
   AUTH_SAML_X509_CRT: |
@@ -54,10 +116,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
 stringData:
   AUTH_SAML_X509_KEY: |
@@ -69,16 +131,16 @@ metadata:
   name: kubeshark-nginx-config-map
   namespace: default
   labels:
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
 data:
   default.conf: |
     server {
-      listen 80;
-      listen [::]:80;
+      listen 8080;
+      listen [::]:8080;
       access_log /dev/stdout;
       error_log /dev/stdout;
 
@@ -133,10 +195,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
 data:
     POD_REGEX: '.*'
@@ -152,9 +214,11 @@ data:
     AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}'
     TELEMETRY_DISABLED: ''
     REPLAY_DISABLED: ''
+    SCRIPTING_DISABLED: ''
+    TARGETED_PODS_UPDATE_DISABLED: ''
+    RECORDING_DISABLED: ''
     GLOBAL_FILTER: ""
     TRAFFIC_SAMPLE_RATE: '100'
-    KUBESHARK_CLOUD_API_URL: 'https://api.kubeshark.co'
     JSON_TTL: '5m'
     PCAP_TTL: '10s'
     PCAP_ERROR_TTL: '60s'
@@ -164,13 +228,13 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
   annotations:
-  name: kubeshark-cluster-role
+  name: kubeshark-cluster-role-default
   namespace: default
 rules:
   - apiGroups:
@@ -192,18 +256,18 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
   annotations:
-  name: kubeshark-cluster-role-binding
+  name: kubeshark-cluster-role-binding-default
   namespace: default
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: kubeshark-cluster-role
+  name: kubeshark-cluster-role-default
 subjects:
   - kind: ServiceAccount
     name: kubeshark-service-account
@@ -214,10 +278,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role
@@ -243,10 +307,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role-binding
@@ -266,10 +330,10 @@ kind: Service
 metadata:
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub
@@ -278,7 +342,7 @@ spec:
   ports:
     - name: kubeshark-hub
       port: 80
-      targetPort: 80
+      targetPort: 8080
   selector:
     app.kubeshark.co/app: hub
   type: ClusterIP
@@ -288,10 +352,10 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front
@@ -300,7 +364,7 @@ spec:
   ports:
     - name: kubeshark-front
       port: 80
-      targetPort: 80
+      targetPort: 8080
   selector:
     app.kubeshark.co/app: front
   type: ClusterIP
@@ -317,10 +381,10 @@ metadata:
 spec:
   selector:
     app.kubeshark.co/app: worker
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
   ports:
   - name: metrics
@@ -335,10 +399,10 @@ metadata:
   labels:
     app.kubeshark.co/app: worker
     sidecar.istio.io/inject: "false"
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-worker-daemon-set
@@ -347,19 +411,19 @@ spec:
   selector:
     matchLabels:
       app.kubeshark.co/app: worker
-      helm.sh/chart: kubeshark-52.1.9
+      helm.sh/chart: kubeshark-52.1.75
       app.kubernetes.io/name: kubeshark
       app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "52.1.9"
+      app.kubernetes.io/version: "52.1.75"
       app.kubernetes.io/managed-by: Helm
   template:
     metadata:
       labels:
         app.kubeshark.co/app: worker
-        helm.sh/chart: kubeshark-52.1.9
+        helm.sh/chart: kubeshark-52.1.75
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.1.9"
+        app.kubernetes.io/version: "52.1.75"
         app.kubernetes.io/managed-by: Helm
       name: kubeshark-worker-daemon-set
       namespace: kubeshark
@@ -391,7 +455,7 @@ spec:
             - -procfs
             - /hostproc
             - -kernel-module
-          image: 'docker.io/kubeshark/worker:v52.1.9'
+          image: 'docker.io/kubeshark/worker:v52.1.75'
           imagePullPolicy: Always
           name: sniffer
           ports:
@@ -410,10 +474,7 @@ spec:
           - name: TCP_STREAM_CHANNEL_TIMEOUT_MS
             value: '10000'
           - name: KUBESHARK_CLOUD_API_URL
-            valueFrom:
-              configMapKeyRef:
-                name: kubeshark-config-map
-                key: KUBESHARK_CLOUD_API_URL
+            value: 'https://api.kubeshark.co'
           resources:
             limits:
               cpu: 750m
@@ -429,7 +490,6 @@ spec:
                 - SYS_ADMIN
                 - SYS_PTRACE
                 - DAC_OVERRIDE
-                - CHECKPOINT_RESTORE
               drop:
                 - ALL
           readinessProbe:
@@ -459,7 +519,7 @@ spec:
             - ./tracer
             - -procfs
             - /hostproc
-          image: 'docker.io/kubeshark/worker:v52.1.9'
+          image: 'docker.io/kubeshark/worker:v52.1.75'
           imagePullPolicy: Always
           name: tracer
           env:
@@ -484,7 +544,6 @@ spec:
                 - SYS_ADMIN
                 - SYS_PTRACE
                 - SYS_RESOURCE
-                - CHECKPOINT_RESTORE
                 - IPC_LOCK
               drop:
                 - ALL
@@ -535,10 +594,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub
@@ -548,19 +607,19 @@ spec:
   selector:
     matchLabels:
       app.kubeshark.co/app: hub
-      helm.sh/chart: kubeshark-52.1.9
+      helm.sh/chart: kubeshark-52.1.75
       app.kubernetes.io/name: kubeshark
       app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "52.1.9"
+      app.kubernetes.io/version: "52.1.75"
       app.kubernetes.io/managed-by: Helm
   template:
     metadata:
       labels:
         app.kubeshark.co/app: hub
-        helm.sh/chart: kubeshark-52.1.9
+        helm.sh/chart: kubeshark-52.1.75
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.1.9"
+        app.kubernetes.io/version: "52.1.75"
         app.kubernetes.io/managed-by: Helm
     spec:
       dnsPolicy: ClusterFirstWithHostNet
@@ -569,6 +628,8 @@ spec:
         - name: kubeshark-hub
           command:
             - ./hub
+            - -port
+            - "8080"
           env:
           - name: POD_NAME
             valueFrom:
@@ -579,11 +640,8 @@ spec:
               fieldRef:
                 fieldPath: metadata.namespace
           - name: KUBESHARK_CLOUD_API_URL
-            valueFrom:
-              configMapKeyRef:
-                name: kubeshark-config-map
-                key: KUBESHARK_CLOUD_API_URL
-          image: 'docker.io/kubeshark/hub:v52.1.9'
+            value: 'https://api.kubeshark.co'
+          image: 'docker.io/kubeshark/hub:v52.1.75'
           imagePullPolicy: Always
           readinessProbe:
             periodSeconds: 1
@@ -591,14 +649,14 @@ spec:
             successThreshold: 1
             initialDelaySeconds: 3
             tcpSocket:
-              port: 80
+              port: 8080
           livenessProbe:
             periodSeconds: 1
             failureThreshold: 3
             successThreshold: 1
             initialDelaySeconds: 3
             tcpSocket:
-              port: 80
+              port: 8080
           resources:
             limits:
               cpu: 750m
@@ -631,10 +689,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.co/app: front
-    helm.sh/chart: kubeshark-52.1.9
+    helm.sh/chart: kubeshark-52.1.75
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.9"
+    app.kubernetes.io/version: "52.1.75"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front
@@ -644,19 +702,19 @@ spec:
   selector:
     matchLabels:
       app.kubeshark.co/app: front
-      helm.sh/chart: kubeshark-52.1.9
+      helm.sh/chart: kubeshark-52.1.75
       app.kubernetes.io/name: kubeshark
       app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "52.1.9"
+      app.kubernetes.io/version: "52.1.75"
       app.kubernetes.io/managed-by: Helm
   template:
     metadata:
       labels:
         app.kubeshark.co/app: front
-        helm.sh/chart: kubeshark-52.1.9
+        helm.sh/chart: kubeshark-52.1.75
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.1.9"
+        app.kubernetes.io/version: "52.1.75"
         app.kubernetes.io/managed-by: Helm
     spec:
       containers:
@@ -671,7 +729,13 @@ spec:
               value: ' '
             - name: REACT_APP_REPLAY_DISABLED
               value: 'false'
-          image: 'docker.io/kubeshark/front:v52.1.9'
+            - name: REACT_APP_SCRIPTING_DISABLED
+              value: 'false'
+            - name: REACT_APP_TARGETED_PODS_UPDATE_DISABLED
+              value: 'false'
+            - name: REACT_APP_RECORDING_DISABLED
+              value: 'false'
+          image: 'docker.io/kubeshark/front:v52.1.75'
           imagePullPolicy: Always
           name: kubeshark-front
           livenessProbe:
@@ -680,14 +744,14 @@ spec:
             successThreshold: 1
             initialDelaySeconds: 3
             tcpSocket:
-              port: 80
+              port: 8080
           readinessProbe:
             periodSeconds: 1
             failureThreshold: 3
             successThreshold: 1
             initialDelaySeconds: 3
             tcpSocket:
-              port: 80
+              port: 8080
             timeoutSeconds: 1
           resources:
             limits: