🔖 Bump the Helm chart version to 52.1.63

💚 Change ssh-key field to token
🔖 Bump the Helm chart version to 52.1.62
2026-02-19 04:20:01 +00:00 · 2024-02-29 01:45:41 +03:00 · 2024-02-29 01:45:11 +03:00 · 2024-02-29 01:33:28 +03:00 · 2024-02-29 01:32:57 +03:00 · 2024-02-28 23:43:04 +03:00
21 changed files with 397 additions and 215 deletions
--- a/.github/static/kubeshark.rb.tmpl
+++ b/.github/static/kubeshark.rb.tmpl
@@ -0,0 +1,46 @@
+# typed: false
+# frozen_string_literal: true
+
+class Kubeshark < Formula
+  desc ""
+  homepage "https://github.com/kubeshark/kubeshark"
+  version "${CLEAN_VERSION}"
+
+  on_macos do
+    if Hardware::CPU.arm?
+      url "https://github.com/kubeshark/kubeshark/releases/download/${FULL_VERSION}/kubeshark_darwin_arm64"
+      sha256 "${DARWIN_ARM64_SHA256}"
+
+      def install
+        bin.install "kubeshark_darwin_arm64" => "kubeshark"
+      end
+    end
+    if Hardware::CPU.intel?
+      url "https://github.com/kubeshark/kubeshark/releases/download/${FULL_VERSION}/kubeshark_darwin_amd64"
+      sha256 "${DARWIN_AMD64_SHA256}"
+
+      def install
+        bin.install "kubeshark_darwin_amd64" => "kubeshark"
+      end
+    end
+  end
+
+  on_linux do
+    if Hardware::CPU.intel?
+      url "https://github.com/kubeshark/kubeshark/releases/download/${FULL_VERSION}/kubeshark_linux_amd64"
+      sha256 "${LINUX_AMD64_SHA256}"
+
+      def install
+        bin.install "kubeshark_linux_amd64" => "kubeshark"
+      end
+    end
+    if Hardware::CPU.arm? && Hardware::CPU.is_64_bit?
+      url "https://github.com/kubeshark/kubeshark/releases/download/${FULL_VERSION}/kubeshark_linux_arm64"
+      sha256 "${LINUX_ARM64_SHA256}"
+
+      def install
+        bin.install "kubeshark_linux_arm64" => "kubeshark"
+      end
+    end
+  end
+end
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -50,41 +50,32 @@ jobs:
          prerelease: true
          bodyFile: 'bin/README.md'

-  brew-tap:
-    name: Create Homebrew formulae
-    runs-on: ubuntu-latest
-    needs: [release]
-    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
+          repository: kubeshark/homebrew-kubeshark
+          token: ${{ secrets.HOMEBREW_TOKEN }}
+          path: homebrew-kubeshark

-      - name: Version
-        id: version
+      - name: Generate Homebrew formulae
        shell: bash
        run: |
-          {
-            echo "tag=${GITHUB_REF#refs/*/}"
-            echo "build_timestamp=$(date +%s)"
-            echo "branch=${GITHUB_REF#refs/heads/}"
-          } >> "$GITHUB_OUTPUT"
+          export FULL_VERSION=${{ steps.version.outputs.tag }}
+          export CLEAN_VERSION=$(echo $FULL_VERSION | sed 's/^v//')
+          export DARWIN_AMD64_SHA256=$(shasum -a 256 bin/kubeshark_darwin_amd64 | awk '{print $1}')
+          export DARWIN_ARM64_SHA256=$(shasum -a 256 bin/kubeshark_darwin_arm64 | awk '{print $1}')
+          export LINUX_AMD64_SHA256=$(shasum -a 256 bin/kubeshark_linux_amd64 | awk '{print $1}')
+          export LINUX_ARM64_SHA256=$(shasum -a 256 bin/kubeshark_linux_arm64 | awk '{print $1}')
+          envsubst < .github/static/kubeshark.rb.tmpl > homebrew-kubeshark/kubeshark.rb

-      - name: Fetch all tags
-        run: git fetch --force --tags
+          cat homebrew-kubeshark/kubeshark.rb

-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version-file: 'go.mod'
-
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
-        with:
-          distribution: goreleaser
-          version: ${{ env.GITHUB_REF_NAME }}
-          args: release --clean
-        env:
-          GITHUB_TOKEN: ${{ secrets.HOMEBREW_TOKEN }}
-          VER: ${{ steps.version.outputs.tag }}
-          BUILD_TIMESTAMP: ${{ steps.version.outputs.build_timestamp }}
+      - name: Commit and push Homebrew formulae
+        working-directory: homebrew-kubeshark
+        run: |
+          git config --global user.email "bot@kubeshark.io"
+          git config --global user.name "Kubeshark Bot"
+          git add kubeshark.rb
+          git commit -m "Release ${{ steps.version.outputs.tag }}"
+          git push
--- a/13
+++ b/13
@@ -40,6 +40,15 @@ build-base: ## Build binary (select the platform via GOOS / GOARCH env variables
 					-o bin/kubeshark_$(SUFFIX) kubeshark.go && \
 	cd bin && shasum -a 256 kubeshark_${SUFFIX} > kubeshark_${SUFFIX}.sha256

+build-brew: ## Build binary for brew/core CI
+	go build ${GCLFAGS} -ldflags="${LDFLAGS_EXT} \
+					-X 'github.com/kubeshark/kubeshark/misc.GitCommitHash=$(COMMIT_HASH)' \
+					-X 'github.com/kubeshark/kubeshark/misc.Branch=$(GIT_BRANCH)' \
+					-X 'github.com/kubeshark/kubeshark/misc.BuildTimestamp=$(BUILD_TIMESTAMP)' \
+					-X 'github.com/kubeshark/kubeshark/misc.Platform=$(SUFFIX)' \
+					-X 'github.com/kubeshark/kubeshark/misc.Ver=$(VER)'" \
+					-o kubeshark kubeshark.go
+
 build-all: ## Build for all supported platforms.
 	export CGO_ENABLED=0
 	echo "Compiling for every OS and Platform" && \
@@ -70,7 +79,7 @@ kubectl-view-kubeshark-resources: ## This command outputs all Kubernetes resourc
 	./kubectl.sh view-kubeshark-resources

 generate-helm-values: ## Generate the Helm values from config.yaml
-	./bin/kubeshark__ config > ./helm-chart/values.yaml
+	./bin/kubeshark__ config > ./helm-chart/values.yaml && sed -i 's/^license:.*/license: ""/' helm-chart/values.yaml

 generate-manifests: ## Generate the manifests from the Helm chart using default configuration
 	helm template kubeshark -n default ./helm-chart > ./manifests/complete.yaml
@@ -157,7 +166,7 @@ release:
 	@cd ../worker && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../hub && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../front && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
-	@cd ../kubeshark && sed -i 's/^version:.*/version: "$(VERSION)"/' helm-chart/Chart.yaml
+	@cd ../kubeshark && sed -i 's/^version:.*/version: "$(VERSION)"/' helm-chart/Chart.yaml && make && make generate-helm-values && make generate-manifests
 	@git add -A . && git commit -m ":bookmark: Bump the Helm chart version to $(VERSION)" && git push
 	@git tag v$(VERSION) && git push origin --tags
 	@cd helm-chart && cp -r . ../../kubeshark.github.io/charts/chart
--- a/README.md
+++ b/README.md
@@ -23,11 +23,9 @@
 <p align="center">
  <b>
 	  NEW: 
-	  <a href="https://github.com/kubeshark/kubeshark/releases/latest">Version 52.0.0</a> 
-	  now available, featuring a new 
-	  <a href="https://docs.kubeshark.co/en/traffic_recorder">Traffic Recorder</a> 
-	  and  
-	  <a href="https://docs.kubeshark.co/en/half_connections">Half & Erroneous Connection Analysis</a>.
+	  <a href="https://github.com/kubeshark/kubeshark/releases/latest">Version 52.1.50</a> 
+	  now available, featuring enhanced 
+	  <a href="https://docs.kubeshark.co/en/half_connections">Network Error Detection & Analysis</a>.
  </b>
 </p>

--- a/cmd/tapRunner.go
+++ b/cmd/tapRunner.go
@@ -461,8 +461,5 @@ func updateConfig(kubernetesProvider *kubernetes.Provider) {

 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_ENABLED, authEnabled)
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_TYPE, config.Config.Tap.Auth.Type)
-	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_EMAILS, strings.Join(config.Config.Tap.Auth.ApprovedEmails, ","))
-	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_DOMAINS, strings.Join(config.Config.Tap.Auth.ApprovedDomains, ","))
-	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_APPROVED_TENANTS, strings.Join(config.Config.Tap.Auth.ApprovedTenants, ","))
 	_, _ = kubernetes.SetConfig(kubernetesProvider, kubernetes.CONFIG_AUTH_SAML_IDP_METADATA_URL, config.Config.Tap.Auth.Saml.IdpMetadataUrl)
 }
--- a/config/configStruct.go
+++ b/config/configStruct.go
@@ -41,8 +41,6 @@ func CreateDefaultConfig() ConfigStruct {
 					"SYS_PTRACE",
 					// DAC_OVERRIDE is required to read /proc/PID/environ
 					"DAC_OVERRIDE",
-					// CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
-					"CHECKPOINT_RESTORE",
 				},
 				KernelModule: []string{
 					// SYS_MODULE is required to install kernel modules
@@ -55,12 +53,14 @@ func CreateDefaultConfig() ConfigStruct {
 					"SYS_PTRACE",
 					// SYS_RESOURCE is required to change rlimits for eBPF
 					"SYS_RESOURCE",
-					// CHECKPOINT_RESTORE is required to readlink /proc/PID/exe (kernel > 5.9)
-					"CHECKPOINT_RESTORE",
+					// IPC_LOCK is required for ebpf perf buffers allocations after some amount of size buffer size:
+					// https://github.com/kubeshark/tracer/blob/13e24725ba8b98216dd0e553262e6d9c56dce5fa/main.go#L82)
+					"IPC_LOCK",
 				},
 			},
 			Auth: configStructs.AuthConfig{
 				Saml: configStructs.SamlConfig{
+					RoleAttribute: "role",
 					Roles: map[string]configStructs.Role{
 						"admin": {
 							Filter:                "",
@@ -68,6 +68,7 @@ func CreateDefaultConfig() ConfigStruct {
 							CanDownloadPCAP:       true,
 							CanUseScripting:       true,
 							CanUpdateTargetedPods: true,
+							ShowAdminConsoleLink:  true,
 						},
 					},
 				},
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -88,22 +88,21 @@ type Role struct {
 	CanDownloadPCAP       bool   `yaml:"canDownloadPCAP" json:"canDownloadPCAP" default:"false"`
 	CanUseScripting       bool   `yaml:"canUseScripting" json:"canUseScripting" default:"false"`
 	CanUpdateTargetedPods bool   `yaml:"canUpdateTargetedPods" json:"canUpdateTargetedPods" default:"false"`
+	ShowAdminConsoleLink  bool   `yaml:"showAdminConsoleLink" json:"showAdminConsoleLink" default:"false"`
 }

 type SamlConfig struct {
 	IdpMetadataUrl string          `yaml:"idpMetadataUrl" json:"idpMetadataUrl"`
 	X509crt        string          `yaml:"x509crt" json:"x509crt"`
 	X509key        string          `yaml:"x509key" json:"x509key"`
+	RoleAttribute  string          `yaml:"roleAttribute" json:"roleAttribute"`
 	Roles          map[string]Role `yaml:"roles" json:"roles"`
 }

 type AuthConfig struct {
-	Enabled         bool       `yaml:"enabled" json:"enabled" default:"false"`
-	Type            string     `yaml:"type" json:"type" default:"saml"`
-	ApprovedEmails  []string   `yaml:"approvedEmails" json:"approvedEmails"  default:"[]"`
-	ApprovedDomains []string   `yaml:"approvedDomains" json:"approvedDomains"  default:"[]"`
-	ApprovedTenants []string   `yaml:"approvedTenants" json:"approvedTenants"  default:"[]"`
-	Saml            SamlConfig `yaml:"saml" json:"saml"`
+	Enabled bool       `yaml:"enabled" json:"enabled" default:"false"`
+	Type    string     `yaml:"type" json:"type" default:"saml"`
+	Saml    SamlConfig `yaml:"saml" json:"saml"`
 }

 type IngressConfig struct {
@@ -141,6 +140,12 @@ type MetricsConfig struct {
 	Port uint16 `yaml:"port" json:"port" default:"49100"`
 }

+type MiscConfig struct {
+	JsonTTL      string `yaml:"jsonTTL" json:"jsonTTL" default:"5m"`
+	PcapTTL      string `yaml:"pcapTTL" json:"pcapTTL" default:"10s"`
+	PcapErrorTTL string `yaml:"pcapErrorTTL" json:"pcapErrorTTL" default:"60s"`
+}
+
 type TapConfig struct {
 	Docker                    DockerConfig          `yaml:"docker" json:"docker"`
 	Proxy                     ProxyConfig           `yaml:"proxy" json:"proxy"`
@@ -173,6 +178,7 @@ type TapConfig struct {
 	Metrics                   MetricsConfig         `yaml:"metrics" json:"metrics"`
 	TrafficSampleRate         int                   `yaml:"trafficSampleRate" json:"trafficSampleRate" default:"100"`
 	TcpStreamChannelTimeoutMs int                   `yaml:"tcpStreamChannelTimeoutMs" json:"tcpStreamChannelTimeoutMs" default:"10000"`
+	Misc                      MiscConfig            `yaml:"misc" json:"misc"`
 }

 func (config *TapConfig) PodRegex() *regexp.Regexp {
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kubeshark
-version: "52.1.9"
+version: "52.1.63"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.co
 keywords:
--- a/helm-chart/README.md
+++ b/helm-chart/README.md
@@ -1,6 +1,6 @@
 # Helm Chart of Kubeshark

-## Officially
+## Official

 Add the Helm repo for Kubeshark:

@@ -14,7 +14,7 @@ then install Kubeshark:
 helm install kubeshark kubeshark/kubeshark
 ```

-## Locally
+## Local

 Clone the repo:

@@ -41,7 +41,7 @@ Uninstall Kubeshark:
 helm uninstall kubeshark
 ```

-## Accessing
+## Port-forward

 Do the port forwarding:

@@ -51,6 +51,25 @@ kubectl port-forward service/kubeshark-front 8899:80

 Visit [localhost:8899](http://localhost:8899)

+
+## Increase the Worker's Storage Limit
+
+For example, change from the default 500Mi to 5Gi:
+
+```shell
+--set tap.storageLimit=5Gi
+```
+
+## Add a License
+
+When it's necessary, you can use:
+
+```shell
+--set license=YOUR_LICENSE_GOES_HERE
+```
+
+Get your license from Kubeshark's [Admin Console](https://console.kubeshark.co/).
+
 ## Installing with Ingress (EKS) enabled

 ```shell
@@ -71,93 +90,6 @@ tap:
      alb.ingress.kubernetes.io/scheme: internet-facing
 ```

-## Installing with SAML enabled
-
-### Prerequisites:
-
-##### 1. Generate X.509 certificate & key (TL;DR: https://ubuntu.com/server/docs/security-certificates)
-
-**Example:**
-```
-openssl genrsa -out mykey.key 2048
-openssl req -new -key mykey.key -out mycsr.csr
-openssl x509 -signkey mykey.key -in mycsr.csr -req -days 365 -out mycert.crt
-```
-
-**What you get:**
- `mycert.crt` - use it for `tap.auth.saml.x509crt`
- `mykey.key` - use it for `tap.auth.saml.x509crt`
-
-##### 2. Prepare your SAML IDP
-
-You should set up the required SAML IDP (Google, Auth0, your custom IDP, etc.)
-
-During setup, an IDP provider will typically request to enter:
- Metadata URL
- ACS URL (Assertion Consumer Service URL, aka Callback URL)
- SLO URL (Single Logout URL)
-
-Correspondingly, you will enter these (if you run the most default Kubeshark setup):
- [http://localhost:8899/saml/metadata](http://localhost:8899/saml/metadata)
- [http://localhost:8899/saml/acs](http://localhost:8899/saml/acs)
- [http://localhost:8899/saml/slo](http://localhost:8899/saml/slo)
-
-Otherwise, if you have `tap.ingress.enabled == true`, change protocol & domain respectively - showing example domain:
- [https://kubeshark.example.com/saml/metadata](https://kubeshark.example.com/saml/metadata)
- [https://kubeshark.example.com/saml/acs](https://kubeshark.example.com/saml/acs)
- [https://kubeshark.example.com/saml/slo](https://kubeshark.example.com/saml/slo)
-
-```shell
-helm install kubeshark kubeshark/kubeshark -f values.yaml
-```
-
-Set this `value.yaml`:
-```shell
-tap:
-  auth:
-    enabled: true
-    type: saml
-    approvedEmails: []
-    approvedDomains: []
-    approvedTenants: []
-    saml:
-      idpMetadataUrl: "https://tiptophelmet.us.auth0.com/samlp/metadata/MpWiDCMMB5ShU1HRnhdb1sHM6VWqdnDG"
-      x509crt: |
-        -----BEGIN CERTIFICATE-----
-        MIIDlTCCAn0CFFRUzMh+dZvp+FvWd4gRaiBVN8EvMA0GCSqGSIb3DQEBCwUAMIGG
-        MSQwIgYJKoZIhvcNAQkBFhV3ZWJtYXN0ZXJAZXhhbXBsZS5jb20wHhcNMjMxMjI4
-        ........<redacted: please, generate your own X.509 cert>........
-        ZMzM7YscqZwoVhTOhrD4/5nIfOD/hTWG/MBe2Um1V1IYF8aVEllotTKTgsF6ZblA
-        miCOgl6lIlZy
-        -----END CERTIFICATE-----
-      x509key: |
-        -----BEGIN PRIVATE KEY-----
-        MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDlgDFKsRHj+mok
-        euOF0IpwToOEpQGtafB75ytv3psD/tQAzEIug+rkDriVvsfcvafj0qcaTeYvnCoz
-        ........<redacted: please, generate your own X.509 key>.........
-        sUpBCu0E3nRJM/QB2ui5KhNR7uvPSL+kSsaEq19/mXqsL+mRi9aqy2wMEvUSU/kt
-        UaV5sbRtTzYLxpOSQyi8CEFA+A==
-        -----END PRIVATE KEY-----
-```
-
-## Add a License
-
-When it's necessary, you can use:
-
-```shell
--set license=YOUR_LICENSE_GOES_HERE
-```
-
-Get your license from Kubeshark's [Admin Console](https://console.kubeshark.co/).
-
-## Increase the Worker's Storage Limit
-
-For example, change from the default 500Mi to 1Gi:
-
-```shell
--set tap.storageLimit=1Gi
-```
-
 ## Disabling IPV6

 Not all have IPV6 enabled, hence this has to be disabled as follows:
@@ -216,6 +148,8 @@ Please refer to [metrics](./metrics.md) documentation for details.
 | `tap.auth.saml.idpMetadataUrl`                    | SAML IDP metadata URL <br/>(effective, if `tap.auth.type = saml`)                                  | ``                                                      |
 | `tap.auth.saml.x509crt`                   | A self-signed X.509 `.cert` contents <br/>(effective, if `tap.auth.type = saml`)          | ``                                                      |
 | `tap.auth.saml.x509key`                   | A self-signed X.509 `.key` contents <br/>(effective, if `tap.auth.type = saml`)           | ``                                                      |
+| `tap.auth.saml.roleAttribute`             | A SAML attribute name corresponding to user's authorization role <br/>(effective, if `tap.auth.type = saml`)  | `role` |
+| `tap.auth.saml.roles`                     | A list of SAML authorization roles and their permissions <br/>(effective, if `tap.auth.type = saml`)  | `{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}` |
 | `tap.ingress.enabled`                     | Enable `Ingress`                                | `false`                                                 |
 | `tap.ingress.className`                   | Ingress class name                            | `""`                                                    |
 | `tap.ingress.host`                        | Host of the `Ingress`                          | `ks.svc.cluster.local`                                  |
@@ -243,3 +177,69 @@ Please refer to [metrics](./metrics.md) documentation for details.
 KernelMapping pairs kernel versions with a
                            DriverContainer image. Kernel versions can be matched
                            literally or using a regular expression
+
+## Installing with SAML enabled
+
+### Prerequisites:
+
+##### 1. Generate X.509 certificate & key (TL;DR: https://ubuntu.com/server/docs/security-certificates)
+
+**Example:**
+```
+openssl genrsa -out mykey.key 2048
+openssl req -new -key mykey.key -out mycsr.csr
+openssl x509 -signkey mykey.key -in mycsr.csr -req -days 365 -out mycert.crt
+```
+
+**What you get:**
+- `mycert.crt` - use it for `tap.auth.saml.x509crt`
+- `mykey.key` - use it for `tap.auth.saml.x509crt`
+
+##### 2. Prepare your SAML IDP
+
+You should set up the required SAML IDP (Google, Auth0, your custom IDP, etc.)
+
+During setup, an IDP provider will typically request to enter:
+- Metadata URL
+- ACS URL (Assertion Consumer Service URL, aka Callback URL)
+- SLO URL (Single Logout URL)
+
+Correspondingly, you will enter these (if you run the most default Kubeshark setup):
+- [http://localhost:8899/saml/metadata](http://localhost:8899/saml/metadata)
+- [http://localhost:8899/saml/acs](http://localhost:8899/saml/acs)
+- [http://localhost:8899/saml/slo](http://localhost:8899/saml/slo)
+
+Otherwise, if you have `tap.ingress.enabled == true`, change protocol & domain respectively - showing example domain:
+- [https://kubeshark.example.com/saml/metadata](https://kubeshark.example.com/saml/metadata)
+- [https://kubeshark.example.com/saml/acs](https://kubeshark.example.com/saml/acs)
+- [https://kubeshark.example.com/saml/slo](https://kubeshark.example.com/saml/slo)
+
+```shell
+helm install kubeshark kubeshark/kubeshark -f values.yaml
+```
+
+Set this `value.yaml`:
+```shell
+tap:
+  auth:
+    enabled: true
+    type: saml
+    saml:
+      idpMetadataUrl: "https://tiptophelmet.us.auth0.com/samlp/metadata/MpWiDCMMB5ShU1HRnhdb1sHM6VWqdnDG"
+      x509crt: |
+        -----BEGIN CERTIFICATE-----
+        MIIDlTCCAn0CFFRUzMh+dZvp+FvWd4gRaiBVN8EvMA0GCSqGSIb3DQEBCwUAMIGG
+        MSQwIgYJKoZIhvcNAQkBFhV3ZWJtYXN0ZXJAZXhhbXBsZS5jb20wHhcNMjMxMjI4
+        ........<redacted: please, generate your own X.509 cert>........
+        ZMzM7YscqZwoVhTOhrD4/5nIfOD/hTWG/MBe2Um1V1IYF8aVEllotTKTgsF6ZblA
+        miCOgl6lIlZy
+        -----END CERTIFICATE-----
+      x509key: |
+        -----BEGIN PRIVATE KEY-----
+        MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDlgDFKsRHj+mok
+        euOF0IpwToOEpQGtafB75ytv3psD/tQAzEIug+rkDriVvsfcvafj0qcaTeYvnCoz
+        ........<redacted: please, generate your own X.509 key>.........
+        sUpBCu0E3nRJM/QB2ui5KhNR7uvPSL+kSsaEq19/mXqsL+mRi9aqy2wMEvUSU/kt
+        UaV5sbRtTzYLxpOSQyi8CEFA+A==
+        -----END PRIVATE KEY-----
+```
--- a/helm-chart/metrics.md
+++ b/helm-chart/metrics.md
@@ -48,4 +48,8 @@ prometheus:
 | kubeshark_reassembled_tcp_payloads_total | Counter | Total number of reassembled TCP payloads |
 | kubeshark_matched_pairs_total | Counter | Total number of matched pairs | 
 | kubeshark_dropped_tcp_streams_total | Counter | Total number of dropped TCP streams | 
-| kubeshark_live_tcp_streams | Gauge | Number of live TCP streams |
+| kubeshark_live_tcp_streams | Gauge | Number of live TCP streams |
+
+## Ready-to-use Dashboard
+
+You can import a ready-to-use dashboard from [Grafana's Dashboards Portal](https://grafana.com/grafana/dashboards/20359-kubeshark-dashboard-v1-0-003/).
--- a/helm-chart/templates/02-cluster-role.yaml
+++ b/helm-chart/templates/02-cluster-role.yaml
@@ -8,7 +8,7 @@ metadata:
  {{- if .Values.tap.annotations }}
    {{- toYaml .Values.tap.annotations | nindent 4 }}
  {{- end }}
-  name: kubeshark-cluster-role
+  name: kubeshark-cluster-role-{{ .Release.Namespace }}
  namespace: {{ .Release.Namespace }}
 rules:
  - apiGroups:
--- a/helm-chart/templates/03-cluster-role-binding.yaml
+++ b/helm-chart/templates/03-cluster-role-binding.yaml
@@ -8,12 +8,12 @@ metadata:
  {{- if .Values.tap.annotations }}
    {{- toYaml .Values.tap.annotations | nindent 4 }}
  {{- end }}
-  name: kubeshark-cluster-role-binding
+  name: kubeshark-cluster-role-binding-{{ .Release.Namespace }}
  namespace: {{ .Release.Namespace }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: kubeshark-cluster-role
+  name: kubeshark-cluster-role-{{ .Release.Namespace }}
 subjects:
  - kind: ServiceAccount
    name: {{ include "kubeshark.serviceAccountName" . }}
--- a/helm-chart/templates/04-hub-deployment.yaml
+++ b/helm-chart/templates/04-hub-deployment.yaml
@@ -41,6 +41,8 @@ spec:
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
+          - name: KUBESHARK_CLOUD_API_URL
+            value: 'https://api.kubeshark.co'
          image: '{{ .Values.tap.docker.registry }}/hub:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
          imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
          readinessProbe:
--- a/helm-chart/templates/09-worker-daemon-set.yaml
+++ b/helm-chart/templates/09-worker-daemon-set.yaml
@@ -51,6 +51,7 @@ spec:
            - '{{ .Values.tap.proxy.worker.srvPort }}'
            - -metrics-port
            - '{{ .Values.tap.metrics.port }}'
+            - -unixsocket
          {{- if .Values.tap.serviceMesh }}
            - -servicemesh
          {{- end }}
@@ -61,6 +62,8 @@ spec:
          {{- end }}
          {{- if .Values.tap.debug }}
            - -debug
+            - -dumptracer
+            - "100000000"
          {{- end }}
          image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
          imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
@@ -80,6 +83,8 @@ spec:
                fieldPath: metadata.namespace
          - name: TCP_STREAM_CHANNEL_TIMEOUT_MS
            value: '{{ .Values.tap.tcpStreamChannelTimeoutMs }}'
+          - name: KUBESHARK_CLOUD_API_URL
+            value: 'https://api.kubeshark.co'
          resources:
            limits:
              cpu: {{ .Values.tap.resources.sniffer.limits.cpu }}
--- a/helm-chart/templates/12-config-map.yaml
+++ b/helm-chart/templates/12-config-map.yaml
@@ -15,12 +15,13 @@ data:
    PROXY_FRONT_PORT: '{{ .Values.tap.proxy.front.port }}'
    AUTH_ENABLED: '{{ .Values.tap.auth.enabled | ternary "true" "" }}'
    AUTH_TYPE: '{{ .Values.tap.auth.type }}'
-    AUTH_APPROVED_EMAILS: '{{ gt (len .Values.tap.auth.approvedEmails) 0 | ternary (join "," .Values.tap.auth.approvedEmails) "" }}'
-    AUTH_APPROVED_DOMAINS: '{{ gt (len .Values.tap.auth.approvedDomains) 0 | ternary (join "," .Values.tap.auth.approvedDomains) "" }}'
-    AUTH_APPROVED_TENANTS: '{{ gt (len .Values.tap.auth.approvedTenants) 0 | ternary (join "," .Values.tap.auth.approvedTenants) "" }}'
    AUTH_SAML_IDP_METADATA_URL: '{{ .Values.tap.auth.saml.idpMetadataUrl }}'
+    AUTH_SAML_ROLE_ATTRIBUTE: '{{ .Values.tap.auth.saml.roleAttribute }}'
    AUTH_SAML_ROLES: '{{ .Values.tap.auth.saml.roles | toJson }}'
    TELEMETRY_DISABLED: '{{ not .Values.tap.telemetry.enabled | ternary "true" "" }}'
    REPLAY_DISABLED: '{{ .Values.tap.replayDisabled | ternary "true" "" }}'
    GLOBAL_FILTER: {{ include "kubeshark.escapeDoubleQuotes" .Values.tap.globalFilter | quote }}
    TRAFFIC_SAMPLE_RATE: '{{ .Values.tap.trafficSampleRate }}'
+    JSON_TTL: '{{ .Values.tap.misc.jsonTTL }}'
+    PCAP_TTL: '{{ .Values.tap.misc.pcapTTL }}'
+    PCAP_ERROR_TTL: '{{ .Values.tap.misc.pcapErrorTTL }}'
--- a/helm-chart/templates/14-openshift-security-context-constraints.yaml
+++ b/helm-chart/templates/14-openshift-security-context-constraints.yaml
@@ -27,7 +27,6 @@ allowedCapabilities:
  - SYS_PTRACE
  - DAC_OVERRIDE
  - SYS_RESOURCE
-  - CHECKPOINT_RESTORE
  - SYS_MODULE
 runAsUser:
  type: RunAsAny
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -60,13 +60,11 @@ tap:
  auth:
    enabled: false
    type: saml
-    approvedEmails: []
-    approvedDomains: []
-    approvedTenants: []
    saml:
      idpMetadataUrl: ""
      x509crt: ""
      x509key: ""
+      roleAttribute: role
      roles:
        admin:
          filter: ""
@@ -74,6 +72,7 @@ tap:
          canDownloadPCAP: true
          canUseScripting: true
          canUpdateTargetedPods: true
+          showAdminConsoleLink: true
  ingress:
    enabled: false
    className: ""
@@ -98,19 +97,22 @@ tap:
    - SYS_ADMIN
    - SYS_PTRACE
    - DAC_OVERRIDE
-    - CHECKPOINT_RESTORE
    kernelModule:
    - SYS_MODULE
    ebpfCapture:
    - SYS_ADMIN
    - SYS_PTRACE
    - SYS_RESOURCE
-    - CHECKPOINT_RESTORE
+    - IPC_LOCK
  globalFilter: ""
  metrics:
    port: 49100
  trafficSampleRate: 100
  tcpStreamChannelTimeoutMs: 10000
+  misc:
+    jsonTTL: 5m
+    pcapTTL: 10s
+    pcapErrorTTL: 60s
 logs:
  file: ""
 kube:
--- a/install.sh
+++ b/install.sh
@@ -0,0 +1,94 @@
+#!/bin/sh
+
+EXE_NAME=kubeshark
+ALIAS_NAME=ks
+PROG_NAME=Kubeshark
+INSTALL_PATH=/usr/local/bin/$EXE_NAME
+ALIAS_PATH=/usr/local/bin/$ALIAS_NAME
+REPO=https://github.com/kubeshark/kubeshark
+OS=$(echo $(uname -s) | tr '[:upper:]' '[:lower:]')
+ARCH=$(echo $(uname -m) | tr '[:upper:]' '[:lower:]')
+SUPPORTED_PAIRS="linux_amd64 linux_arm64 darwin_amd64 darwin_arm64"
+
+ESC="\033["
+F_DEFAULT=39
+F_RED=31
+F_GREEN=32
+F_YELLOW=33
+B_DEFAULT=49
+B_RED=41
+B_BLUE=44
+B_LIGHT_BLUE=104
+
+if [ "$ARCH" = "x86_64" ]; then
+    ARCH="amd64"
+fi
+
+if [ "$ARCH" = "aarch64" ]; then
+    ARCH="arm64"
+fi
+
+echo $SUPPORTED_PAIRS | grep -w -q "${OS}_${ARCH}"
+
+if [ $? != 0 ] ; then
+	echo "\n${ESC}${F_RED}m🛑 Unsupported OS \"$OS\" or architecture \"$ARCH\". Failed to install $PROG_NAME.${ESC}${F_DEFAULT}m"
+    echo "${ESC}${B_RED}mPlease report 🐛 to $REPO/issues${ESC}${F_DEFAULT}m"
+	exit 1
+fi
+
+# Check for Homebrew and kubeshark installation
+if command -v brew >/dev/null; then
+    if brew list kubeshark &>/dev/null; then
+        echo "📦 Found $PROG_NAME instance installed with Homebrew"
+		echo "${ESC}${F_GREEN}m⬇️ Removing before installation with script${ESC}${F_DEFAULT}m"
+        brew uninstall kubeshark
+    fi
+fi
+
+echo "\n🦈 ${ESC}${F_DEFAULT};${B_BLUE}m Started to download $PROG_NAME ${ESC}${B_DEFAULT};${F_DEFAULT}m"
+
+if curl -# --fail -Lo $EXE_NAME ${REPO}/releases/latest/download/${EXE_NAME}_${OS}_${ARCH} ; then
+    chmod +x $PWD/$EXE_NAME
+    echo "\n${ESC}${F_GREEN}m⬇️  $PROG_NAME is downloaded into $PWD/$EXE_NAME${ESC}${F_DEFAULT}m"
+else
+    echo "\n${ESC}${F_RED}m🛑 Couldn't download ${REPO}/releases/latest/download/${EXE_NAME}_${OS}_${ARCH}\n\
+  ⚠️  Check your internet connection.\n\
+  ⚠️  Make sure 'curl' command is available.\n\
+  ⚠️  Make sure there is no directory named '${EXE_NAME}' in ${PWD}\n\
+${ESC}${F_DEFAULT}m"
+    echo "${ESC}${B_RED}mPlease report 🐛 to $REPO/issues${ESC}${F_DEFAULT}m"
+    exit 1
+fi
+
+use_cmd=$EXE_NAME
+printf "Do you want to install system-wide? Requires sudo 😇 (y/N)? "
+old_stty_cfg=$(stty -g)
+stty raw -echo ; answer=$(head -c 1) ; stty $old_stty_cfg
+if echo "$answer" | grep -iq "^y" ;then
+    echo "$answer"
+    sudo mv ./$EXE_NAME $INSTALL_PATH || exit 1
+    echo "${ESC}${F_GREEN}m$PROG_NAME is installed into $INSTALL_PATH${ESC}${F_DEFAULT}m\n"
+
+	ls $ALIAS_PATH >> /dev/null 2>&1
+	if [ $? != 0 ] ; then
+		printf "Do you want to add 'ks' alias for Kubeshark? (y/N)? "
+		old_stty_cfg=$(stty -g)
+		stty raw -echo ; answer=$(head -c 1) ; stty $old_stty_cfg
+		if echo "$answer" | grep -iq "^y" ; then
+			echo "$answer"
+			sudo ln -s $INSTALL_PATH $ALIAS_PATH
+
+			use_cmd=$ALIAS_NAME
+		else
+			echo "$answer"
+		fi
+	else
+		use_cmd=$ALIAS_NAME
+	fi
+else
+	echo "$answer"
+	use_cmd="./$EXE_NAME"
+fi
+
+echo "${ESC}${F_GREEN}m✅ You can use the ${ESC}${F_DEFAULT};${B_LIGHT_BLUE}m $use_cmd ${ESC}${B_DEFAULT};${F_GREEN}m command now.${ESC}${F_DEFAULT}m"
+echo "\n${ESC}${F_YELLOW}mPlease give us a star 🌟 on ${ESC}${F_DEFAULT}m$REPO${ESC}${F_YELLOW}m if you ❤️  $PROG_NAME!${ESC}${F_DEFAULT}m"
--- a/kubernetes/config.go
+++ b/kubernetes/config.go
@@ -21,9 +21,6 @@ const (
 	CONFIG_PROXY_FRONT_PORT           = "PROXY_FRONT_PORT"
 	CONFIG_AUTH_ENABLED               = "AUTH_ENABLED"
 	CONFIG_AUTH_TYPE                  = "AUTH_TYPE"
-	CONFIG_AUTH_APPROVED_EMAILS       = "AUTH_APPROVED_EMAILS"
-	CONFIG_AUTH_APPROVED_DOMAINS      = "AUTH_APPROVED_DOMAINS"
-	CONFIG_AUTH_APPROVED_TENANTS      = "AUTH_APPROVED_TENANTS"
 	CONFIG_AUTH_SAML_IDP_METADATA_URL = "AUTH_SAML_IDP_METADATA_URL"
 )

--- a/manifests/complete.yaml
+++ b/manifests/complete.yaml
@@ -4,10 +4,10 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-service-account
@@ -21,10 +21,10 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
 stringData:
    LICENSE: ''
@@ -38,10 +38,10 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
 stringData:
  AUTH_SAML_X509_CRT: |
@@ -54,10 +54,10 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
 stringData:
  AUTH_SAML_X509_KEY: |
@@ -69,10 +69,10 @@ metadata:
  name: kubeshark-nginx-config-map
  namespace: default
  labels:
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
 data:
  default.conf: |
@@ -133,10 +133,10 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
 data:
    POD_REGEX: '.*'
@@ -147,28 +147,29 @@ data:
    PROXY_FRONT_PORT: '8899'
    AUTH_ENABLED: ''
    AUTH_TYPE: 'saml'
-    AUTH_APPROVED_EMAILS: ''
-    AUTH_APPROVED_DOMAINS: ''
-    AUTH_APPROVED_TENANTS: ''
    AUTH_SAML_IDP_METADATA_URL: ''
-    AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":""}}'
+    AUTH_SAML_ROLE_ATTRIBUTE: 'role'
+    AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canReplayTraffic":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}'
    TELEMETRY_DISABLED: ''
    REPLAY_DISABLED: ''
    GLOBAL_FILTER: ""
    TRAFFIC_SAMPLE_RATE: '100'
+    JSON_TTL: '5m'
+    PCAP_TTL: '10s'
+    PCAP_ERROR_TTL: '60s'
 ---
 # Source: kubeshark/templates/02-cluster-role.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
  annotations:
-  name: kubeshark-cluster-role
+  name: kubeshark-cluster-role-default
  namespace: default
 rules:
  - apiGroups:
@@ -190,18 +191,18 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels:
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
  annotations:
-  name: kubeshark-cluster-role-binding
+  name: kubeshark-cluster-role-binding-default
  namespace: default
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: kubeshark-cluster-role
+  name: kubeshark-cluster-role-default
 subjects:
  - kind: ServiceAccount
    name: kubeshark-service-account
@@ -212,10 +213,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  labels:
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-self-config-role
@@ -241,10 +242,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  labels:
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-self-config-role-binding
@@ -264,10 +265,10 @@ kind: Service
 metadata:
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-hub
@@ -286,10 +287,10 @@ apiVersion: v1
 kind: Service
 metadata:
  labels:
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-front
@@ -315,10 +316,10 @@ metadata:
 spec:
  selector:
    app.kubeshark.co/app: worker
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
  ports:
  - name: metrics
@@ -333,10 +334,10 @@ metadata:
  labels:
    app.kubeshark.co/app: worker
    sidecar.istio.io/inject: "false"
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-worker-daemon-set
@@ -345,19 +346,19 @@ spec:
  selector:
    matchLabels:
      app.kubeshark.co/app: worker
-      helm.sh/chart: kubeshark-52.1.0
+      helm.sh/chart: kubeshark-52.1.63
      app.kubernetes.io/name: kubeshark
      app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "52.1.0"
+      app.kubernetes.io/version: "52.1.63"
      app.kubernetes.io/managed-by: Helm
  template:
    metadata:
      labels:
        app.kubeshark.co/app: worker
-        helm.sh/chart: kubeshark-52.1.0
+        helm.sh/chart: kubeshark-52.1.63
        app.kubernetes.io/name: kubeshark
        app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.1.0"
+        app.kubernetes.io/version: "52.1.63"
        app.kubernetes.io/managed-by: Helm
      name: kubeshark-worker-daemon-set
      namespace: kubeshark
@@ -384,11 +385,12 @@ spec:
            - '30001'
            - -metrics-port
            - '49100'
+            - -unixsocket
            - -servicemesh
            - -procfs
            - /hostproc
            - -kernel-module
-          image: 'docker.io/kubeshark/worker:v52.1.0'
+          image: 'docker.io/kubeshark/worker:v52.1.63'
          imagePullPolicy: Always
          name: sniffer
          ports:
@@ -406,6 +408,8 @@ spec:
                fieldPath: metadata.namespace
          - name: TCP_STREAM_CHANNEL_TIMEOUT_MS
            value: '10000'
+          - name: KUBESHARK_CLOUD_API_URL
+            value: 'https://api.kubeshark.co'
          resources:
            limits:
              cpu: 750m
@@ -421,7 +425,6 @@ spec:
                - SYS_ADMIN
                - SYS_PTRACE
                - DAC_OVERRIDE
-                - CHECKPOINT_RESTORE
              drop:
                - ALL
          readinessProbe:
@@ -451,7 +454,7 @@ spec:
            - ./tracer
            - -procfs
            - /hostproc
-          image: 'docker.io/kubeshark/worker:v52.1.0'
+          image: 'docker.io/kubeshark/worker:v52.1.63'
          imagePullPolicy: Always
          name: tracer
          env:
@@ -476,7 +479,7 @@ spec:
                - SYS_ADMIN
                - SYS_PTRACE
                - SYS_RESOURCE
-                - CHECKPOINT_RESTORE
+                - IPC_LOCK
              drop:
                - ALL
          volumeMounts:
@@ -526,10 +529,10 @@ kind: Deployment
 metadata:
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-hub
@@ -539,19 +542,19 @@ spec:
  selector:
    matchLabels:
      app.kubeshark.co/app: hub
-      helm.sh/chart: kubeshark-52.1.0
+      helm.sh/chart: kubeshark-52.1.63
      app.kubernetes.io/name: kubeshark
      app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "52.1.0"
+      app.kubernetes.io/version: "52.1.63"
      app.kubernetes.io/managed-by: Helm
  template:
    metadata:
      labels:
        app.kubeshark.co/app: hub
-        helm.sh/chart: kubeshark-52.1.0
+        helm.sh/chart: kubeshark-52.1.63
        app.kubernetes.io/name: kubeshark
        app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.1.0"
+        app.kubernetes.io/version: "52.1.63"
        app.kubernetes.io/managed-by: Helm
    spec:
      dnsPolicy: ClusterFirstWithHostNet
@@ -569,7 +572,9 @@ spec:
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
-          image: 'docker.io/kubeshark/hub:v52.1.0'
+          - name: KUBESHARK_CLOUD_API_URL
+            value: 'https://api.kubeshark.co'
+          image: 'docker.io/kubeshark/hub:v52.1.63'
          imagePullPolicy: Always
          readinessProbe:
            periodSeconds: 1
@@ -617,10 +622,10 @@ kind: Deployment
 metadata:
  labels:
    app.kubeshark.co/app: front
-    helm.sh/chart: kubeshark-52.1.0
+    helm.sh/chart: kubeshark-52.1.63
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.1.0"
+    app.kubernetes.io/version: "52.1.63"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-front
@@ -630,19 +635,19 @@ spec:
  selector:
    matchLabels:
      app.kubeshark.co/app: front
-      helm.sh/chart: kubeshark-52.1.0
+      helm.sh/chart: kubeshark-52.1.63
      app.kubernetes.io/name: kubeshark
      app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "52.1.0"
+      app.kubernetes.io/version: "52.1.63"
      app.kubernetes.io/managed-by: Helm
  template:
    metadata:
      labels:
        app.kubeshark.co/app: front
-        helm.sh/chart: kubeshark-52.1.0
+        helm.sh/chart: kubeshark-52.1.63
        app.kubernetes.io/name: kubeshark
        app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.1.0"
+        app.kubernetes.io/version: "52.1.63"
        app.kubernetes.io/managed-by: Helm
    spec:
      containers:
@@ -654,10 +659,10 @@ spec:
            - name: REACT_APP_AUTH_TYPE
              value: 'saml'
            - name: REACT_APP_AUTH_SAML_IDP_METADATA_URL
-              value: ''
+              value: ' '
            - name: REACT_APP_REPLAY_DISABLED
              value: 'false'
-          image: 'docker.io/kubeshark/front:v52.1.0'
+          image: 'docker.io/kubeshark/front:v52.1.63'
          imagePullPolicy: Always
          name: kubeshark-front
          livenessProbe:
--- a/manifests/prometheus/kube_prometheus_stack.yaml
+++ b/manifests/prometheus/kube_prometheus_stack.yaml
@@ -0,0 +1,25 @@
+grafana:
+  additionalDataSources: []
+prometheus:
+  prometheusSpec:
+    scrapeInterval: 10s
+    evaluationInterval: 30s
+    additionalScrapeConfigs: |
+      - job_name: 'kubeshark-worker-metrics'
+        kubernetes_sd_configs:
+          - role: endpoints
+        relabel_configs:
+          - source_labels: [__meta_kubernetes_pod_name]
+            target_label: pod
+          - source_labels: [__meta_kubernetes_pod_node_name]
+            target_label: node
+          - source_labels: [__meta_kubernetes_endpoint_port_name]
+            action: keep
+            regex: ^metrics$
+          - source_labels: [__address__, __meta_kubernetes_endpoint_port_number]
+            action: replace
+            regex: ([^:]+)(?::\d+)?
+            replacement: $1:49100
+            target_label: __address__
+          - action: labelmap
+            regex: __meta_kubernetes_service_label_(.+)
Author	SHA1	Message	Date
M. Mert Yildiran	68aabf262f	🔖 Bump the Helm chart version to 52.1.63	2024-02-29 01:45:41 +03:00
M. Mert Yildiran	d279b7272d	💚 Change `ssh-key` field to `token`	2024-02-29 01:45:11 +03:00
M. Mert Yildiran	d15e1cca54	🔖 Bump the Helm chart version to 52.1.62	2024-02-29 01:33:28 +03:00
M. Mert Yildiran	d8761e1e31	💚 Fix the secret name for Homebrew repo	2024-02-29 01:32:57 +03:00
M. Mert Yildiran	a9d2cb5ac2	🔖 Bump the Helm chart version to 52.1.61	2024-02-28 23:43:04 +03:00
M. Mert Yildiran	ddcf973e35	Revert "🔖 Bump the Helm chart version to 52.1.61" This reverts commit `b6d1804326`.	2024-02-28 23:42:08 +03:00
M. Mert Yildiran	b6d1804326	🔖 Bump the Helm chart version to 52.1.61	2024-02-28 23:39:06 +03:00
Volodymyr Stoiko	6dc12af55b	Add namespace prefix to cluster scope resources (#1506 ) Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-02-28 12:14:03 -08:00
Volodymyr Stoiko	d78b0b987a	Remove brew version before installing with script (#1503 ) Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-02-28 11:48:43 -08:00
iluxa	9889787833	update comment for IPC_LOCK (#1507 )	2024-02-27 11:52:07 -08:00
M. Mert Yildiran	8fe0544175	🔨 Remove `CHECKPOINT_RESTORE` capability from defaults	2024-02-26 21:40:14 +03:00
Volodymyr Stoiko	09afa1983a	Add build-brew target for makefile (#1504 )	2024-02-26 09:38:01 -08:00
Alon Girmonsky	669b5cb1f2	Update README.md	2024-02-25 13:55:08 -08:00
Volodymyr Stoiko	25e0949761	Template homebrew formulae (#1502 )	2024-02-24 15:06:15 -08:00
Alon Girmonsky	fa07f973c0	Moving the installation script to the project's repo	2024-02-21 15:47:25 -08:00
M. Mert Yildiran	c38bdcd977	🔖 Bump the Helm chart version to 52.1.50	2024-02-20 21:25:10 +03:00
M. Mert Yildiran	51a4165304	🔧 Update the `generate-helm-values` Makefile rule	2024-02-15 19:54:40 +03:00
M. Mert Yildiran	c8cd1f57c4	🔖 Bump the Helm chart version to 52.1.45	2024-02-15 19:35:01 +03:00
M. Mert Yildiran	dfde87140a	🔧 Update the `release` Makefile rule	2024-02-15 19:34:09 +03:00
M. Mert Yildiran	64b6368e63	🔨 Update `complete.yaml`	2024-02-15 19:25:22 +03:00
Alon Girmonsky	6af2d11878	removed cloud URL from config map (#1499 ) 1. removed cloud URL from config map 2. added to hub's and worker's deployments	2024-02-14 13:06:24 -08:00
M. Mert Yildiran	2b552b5847	🔨 Update `complete.yaml`	2024-02-08 13:18:11 +03:00
Alon Girmonsky	72ec983b24	updated the top banner	2024-02-07 17:18:11 -08:00
M. Mert Yildiran	2f899a943c	🔖 Bump the Helm chart version to 52.1.30	2024-02-07 22:43:22 +03:00
M. Mert Yildiran	12f6b04a49	🔨 Update `complete.yaml`	2024-02-07 22:22:48 +03:00
Alon Girmonsky	f010f349a1	unixsocket for tracer (#1497 ) - Added `-unixsocket` by default - In DEBUG mode, added `-dumptracer 100000000`	2024-02-07 09:50:58 -08:00
iluxa	26e23dc94f	add capability for tracer (#1496 ) Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-02-06 13:38:21 -08:00
Serhii Ponomarenko	6785f024e4	✨ Feature-based SAML authorization (#49 ) (#1495 ) * 🔨 Add `showAdminConsoleLink` to helm values * 🔨 Add `ShowAdminConsoleLink` to `TapConfig` * 🔨 Regenerate `complete.yaml` manifest * 📝 Update helm-chart `README.md` --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-02-06 13:36:32 -08:00
M. Mert Yildiran	92dab2e2f7	🔨 Add `PcapErrorTTL` field to `MiscConfig`	2024-02-06 01:32:07 +03:00
M. Mert Yildiran	4da51c40b9	🔨 Add `kube_prometheus_stack.yaml` manifest	2024-02-06 01:28:15 +03:00
Serhii Ponomarenko	18d051af28	🔥 Remove old `Descope` auth (#1490 ) * 🔥 Remove Descope-related config updates * 🔥 Remove Descope-related helm values * 🔥 Remove Descope-related k8s configs * 🔥 Remove Descope-related fields from `tapConfig` --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-01-31 14:49:55 -08:00
M. Mert Yildiran	cef012d1f3	🐛 Fix the `ConfigMap` keys of `JsonTTL` and `PcapTTL` fields	2024-01-31 16:57:11 +03:00
M. Mert Yildiran	4802cca646	✨ Add `MiscConfig` struct with has `JsonTTL` and `PcapTTL` fields	2024-01-30 02:25:04 +03:00
Alon Girmonsky	4117d008a9	Update README.md	2024-01-28 11:06:18 -08:00
Alon Girmonsky	91e3546196	added a link to the dashboard	2024-01-26 15:38:40 -08:00
Alon Girmonsky	4db2a80675	Add API cloud endpoint env var to hub deployment (#1489 ) * Add API cloud endpoint env var to hub deployment * Added an env var for api cloud endpoint	2024-01-26 00:24:38 -08:00
Serhii Ponomarenko	bfa3efd23a	✨ SAML authorization (#1487 ) * 🔨 Add `AUTH_SAML_ROLE_ATTRIBUTE` field to `ConfigMap` * 📝 Document `tap.auth.saml.roleAttribute/roles` values * 🔧 Re-generate `complete.yaml` * 🔥 Remove `default` tag from `SamlConfig.RoleAttribute` --------- Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-01-24 16:05:37 -08:00