🔖 Bump the Helm chart version to 52.2.30

as eBPF is a significant feature that can impact many users, this PR is meant (#1532 )
to provide it NOT as the default option, but require an explicit indication to use it. To use eBPF instead of AF-PACKET or PF-RING, use: --set tap.packetCapture=ebpf
2026-02-22 22:04:04 +00:00 · 2024-04-19 17:59:51 +03:00 · 2024-04-18 16:28:31 -07:00 · 2024-04-16 09:02:33 -07:00 · 2024-04-16 00:27:18 +03:00 · 2024-04-15 14:20:44 -07:00
10 changed files with 99 additions and 76 deletions
--- a/README.md
+++ b/README.md
@@ -22,10 +22,8 @@

 <p align="center">
  <b>
-	  NEW: 
-	  <a href="https://github.com/kubeshark/kubeshark/releases/latest">Version 52.1.63</a> 
-	  now available, featuring enhanced 
-	  <a href="https://docs.kubeshark.co/en/half_connections">Network Error Detection & Analysis</a>.
+	  Want to see Kubeshark in action,  right now? Visit this
+	  <a href="https://demo.kubeshark.co/">live demo deploymenet</a> of Kubeshark.
  </b>
 </p>

@@ -51,18 +49,21 @@ Running any of the :point_up: above commands will open the [Web UI](https://docs

 ### Homebrew

-[Homebrew](https://brew.sh/) :beer: users can add Kubeshark formulae with:
-
-```shell
-brew tap kubeshark/kubeshark
-```
-
-and install Kubeshark CLI with:
+[Homebrew](https://brew.sh/) :beer: users install Kubeshark CLI with:

 ```shell
 brew install kubeshark
 ```

+### Helm
+
+Add the helm repository and install the chart:
+
+```shell
+helm repo add kubeshark https://helm.kubeshark.co
+‍helm install kubeshark kubeshark/kubeshark
+```
+
 ## Building From Source

 Clone this repository and run `make` command to build it. After the build is complete, the executable can be found at `./bin/kubeshark__`.
--- a/config/configStructs/tapConfig.go
+++ b/config/configStructs/tapConfig.go
@@ -141,9 +141,12 @@ type MetricsConfig struct {
 }

 type MiscConfig struct {
-	JsonTTL      string `yaml:"jsonTTL" json:"jsonTTL" default:"5m"`
-	PcapTTL      string `yaml:"pcapTTL" json:"pcapTTL" default:"10s"`
-	PcapErrorTTL string `yaml:"pcapErrorTTL" json:"pcapErrorTTL" default:"60s"`
+	JsonTTL                     string `yaml:"jsonTTL" json:"jsonTTL" default:"5m"`
+	PcapTTL                     string `yaml:"pcapTTL" json:"pcapTTL" default:"10s"`
+	PcapErrorTTL                string `yaml:"pcapErrorTTL" json:"pcapErrorTTL" default:"60s"`
+	TrafficSampleRate           int    `yaml:"trafficSampleRate" json:"trafficSampleRate" default:"100"`
+	TcpStreamChannelTimeoutMs   int    `yaml:"tcpStreamChannelTimeoutMs" json:"tcpStreamChannelTimeoutMs" default:"10000"`
+	TcpStreamChannelTimeoutShow bool   `yaml:"tcpStreamChannelTimeoutShow" json:"tcpStreamChannelTimeoutShow" default:"false"`
 }

 type TapConfig struct {
@@ -180,8 +183,6 @@ type TapConfig struct {
 	Capabilities               CapabilitiesConfig    `yaml:"capabilities" json:"capabilities"`
 	GlobalFilter               string                `yaml:"globalFilter" json:"globalFilter"`
 	Metrics                    MetricsConfig         `yaml:"metrics" json:"metrics"`
-	TrafficSampleRate          int                   `yaml:"trafficSampleRate" json:"trafficSampleRate" default:"100"`
-	TcpStreamChannelTimeoutMs  int                   `yaml:"tcpStreamChannelTimeoutMs" json:"tcpStreamChannelTimeoutMs" default:"10000"`
 	Misc                       MiscConfig            `yaml:"misc" json:"misc"`
 }

--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kubeshark
-version: "52.2.1"
+version: "52.2.30"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.co
 keywords:
--- a/helm-chart/templates/02-cluster-role.yaml
+++ b/helm-chart/templates/02-cluster-role.yaml
@@ -24,6 +24,14 @@ rules:
      - list
      - get
      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+    resourceNames:
+      - kube-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
--- a/helm-chart/templates/04-hub-deployment.yaml
+++ b/helm-chart/templates/04-hub-deployment.yaml
@@ -16,7 +16,7 @@ spec:
  selector:
    matchLabels:
      app.kubeshark.co/app: hub
-      {{- include "kubeshark.labels" . | nindent 6 }}
+      {{- include "kubeshark.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
--- a/helm-chart/templates/06-front-deployment.yaml
+++ b/helm-chart/templates/06-front-deployment.yaml
@@ -15,7 +15,7 @@ spec:
  selector:
    matchLabels:
      app.kubeshark.co/app: front
-      {{- include "kubeshark.labels" . | nindent 6 }}
+      {{- include "kubeshark.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
--- a/helm-chart/templates/09-worker-daemon-set.yaml
+++ b/helm-chart/templates/09-worker-daemon-set.yaml
@@ -16,7 +16,7 @@ spec:
  selector:
    matchLabels:
      app.kubeshark.co/app: worker
-      {{- include "kubeshark.labels" . | nindent 6 }}
+      {{- include "kubeshark.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
@@ -62,6 +62,9 @@ spec:
          {{- if .Values.tap.kernelModule.enabled }}
            - -kernel-module
          {{- end }}
+          {{- if ne .Values.tap.packetCapture "ebpf" }}
+            - -disable-ebpf
+          {{- end }}
          {{- if .Values.tap.debug }}
            - -debug
            - -dumptracer
@@ -84,7 +87,9 @@ spec:
              fieldRef:
                fieldPath: metadata.namespace
          - name: TCP_STREAM_CHANNEL_TIMEOUT_MS
-            value: '{{ .Values.tap.tcpStreamChannelTimeoutMs }}'
+            value: '{{ .Values.tap.misc.tcpStreamChannelTimeoutMs }}'
+          - name: TCP_STREAM_CHANNEL_TIMEOUT_SHOW
+            value: '{{ .Values.tap.misc.tcpStreamChannelTimeoutShow }}'
          - name: KUBESHARK_CLOUD_API_URL
            value: 'https://api.kubeshark.co'
          resources:
@@ -134,7 +139,7 @@ spec:
        - name: unload-pf-ring
          image: {{ .Values.tap.kernelModule.image }}
          command: ["/bin/sh"]
-          args: ["-c", "trap 'rmmod pf_ring && sleep 3' SIGTERM; while true; do sleep 1; done"] 
+          args: ["-c", "trap 'rmmod pf_ring && sleep 3' SIGTERM; while true; do sleep 1; done"]
          securityContext:
            capabilities:
              add:
@@ -177,6 +182,9 @@ spec:
                {{- range .Values.tap.capabilities.ebpfCapture }}
                {{ print "- " . }}
                {{- end }}
+                {{- range .Values.tap.capabilities.networkCapture }}
+                {{ print "- " . }}
+                {{- end }}
              drop:
                - ALL
          volumeMounts:
--- a/helm-chart/templates/12-config-map.yaml
+++ b/helm-chart/templates/12-config-map.yaml
@@ -24,7 +24,7 @@ data:
    TARGETED_PODS_UPDATE_DISABLED: '{{ .Values.tap.targetedPodsUpdateDisabled | ternary "true" "" }}'
    RECORDING_DISABLED: '{{ .Values.tap.recordingDisabled | ternary "true" "" }}'
    GLOBAL_FILTER: {{ include "kubeshark.escapeDoubleQuotes" .Values.tap.globalFilter | quote }}
-    TRAFFIC_SAMPLE_RATE: '{{ .Values.tap.trafficSampleRate }}'
+    TRAFFIC_SAMPLE_RATE: '{{ .Values.tap.misc.trafficSampleRate }}'
    JSON_TTL: '{{ .Values.tap.misc.jsonTTL }}'
    PCAP_TTL: '{{ .Values.tap.misc.pcapTTL }}'
    PCAP_ERROR_TTL: '{{ .Values.tap.misc.pcapErrorTTL }}'
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -111,12 +111,13 @@ tap:
  globalFilter: ""
  metrics:
    port: 49100
-  trafficSampleRate: 100
-  tcpStreamChannelTimeoutMs: 10000
  misc:
    jsonTTL: 5m
    pcapTTL: 10s
    pcapErrorTTL: 60s
+    trafficSampleRate: 100
+    tcpStreamChannelTimeoutMs: 10000
+    tcpStreamChannelTimeoutShow: false
 logs:
  file: ""
 kube:
--- a/manifests/complete.yaml
+++ b/manifests/complete.yaml
@@ -66,10 +66,10 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-service-account
@@ -83,10 +83,10 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
 stringData:
    LICENSE: ''
@@ -100,10 +100,10 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
 stringData:
  AUTH_SAML_X509_CRT: |
@@ -116,10 +116,10 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
 stringData:
  AUTH_SAML_X509_KEY: |
@@ -131,10 +131,10 @@ metadata:
  name: kubeshark-nginx-config-map
  namespace: default
  labels:
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
 data:
  default.conf: |
@@ -195,10 +195,10 @@ metadata:
  namespace: default
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
 data:
    POD_REGEX: '.*'
@@ -229,10 +229,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-cluster-role-default
@@ -251,16 +251,24 @@ rules:
      - list
      - get
      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+    resourceNames:
+      - kube-system
 ---
 # Source: kubeshark/templates/03-cluster-role-binding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels:
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-cluster-role-binding-default
@@ -279,10 +287,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  labels:
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-self-config-role
@@ -308,10 +316,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  labels:
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-self-config-role-binding
@@ -331,10 +339,10 @@ kind: Service
 metadata:
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-hub
@@ -353,10 +361,10 @@ apiVersion: v1
 kind: Service
 metadata:
  labels:
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-front
@@ -382,10 +390,10 @@ metadata:
 spec:
  selector:
    app.kubeshark.co/app: worker
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
  ports:
  - name: metrics
@@ -400,10 +408,10 @@ metadata:
  labels:
    app.kubeshark.co/app: worker
    sidecar.istio.io/inject: "false"
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-worker-daemon-set
@@ -412,19 +420,16 @@ spec:
  selector:
    matchLabels:
      app.kubeshark.co/app: worker
-      helm.sh/chart: kubeshark-52.2.1
      app.kubernetes.io/name: kubeshark
      app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "52.2.1"
-      app.kubernetes.io/managed-by: Helm
  template:
    metadata:
      labels:
        app.kubeshark.co/app: worker
-        helm.sh/chart: kubeshark-52.2.1
+        helm.sh/chart: kubeshark-52.2.30
        app.kubernetes.io/name: kubeshark
        app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.2.1"
+        app.kubernetes.io/version: "52.2.30"
        app.kubernetes.io/managed-by: Helm
      name: kubeshark-worker-daemon-set
      namespace: kubeshark
@@ -458,7 +463,8 @@ spec:
            - -procfs
            - /hostproc
            - -kernel-module
-          image: 'docker.io/kubeshark/worker:v52.2.1'
+            - -disable-ebpf
+          image: 'docker.io/kubeshark/worker:v52.2.30'
          imagePullPolicy: Always
          name: sniffer
          ports:
@@ -476,6 +482,8 @@ spec:
                fieldPath: metadata.namespace
          - name: TCP_STREAM_CHANNEL_TIMEOUT_MS
            value: '10000'
+          - name: TCP_STREAM_CHANNEL_TIMEOUT_SHOW
+            value: 'false'
          - name: KUBESHARK_CLOUD_API_URL
            value: 'https://api.kubeshark.co'
          resources:
@@ -522,7 +530,7 @@ spec:
            - ./tracer
            - -procfs
            - /hostproc
-          image: 'docker.io/kubeshark/worker:v52.2.1'
+          image: 'docker.io/kubeshark/worker:v52.2.30'
          imagePullPolicy: Always
          name: tracer
          env:
@@ -548,6 +556,8 @@ spec:
                - SYS_PTRACE
                - SYS_RESOURCE
                - IPC_LOCK
+                - NET_RAW
+                - NET_ADMIN
              drop:
                - ALL
          volumeMounts:
@@ -597,10 +607,10 @@ kind: Deployment
 metadata:
  labels:
    app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-hub
@@ -610,19 +620,16 @@ spec:
  selector:
    matchLabels:
      app.kubeshark.co/app: hub
-      helm.sh/chart: kubeshark-52.2.1
      app.kubernetes.io/name: kubeshark
      app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "52.2.1"
-      app.kubernetes.io/managed-by: Helm
  template:
    metadata:
      labels:
        app.kubeshark.co/app: hub
-        helm.sh/chart: kubeshark-52.2.1
+        helm.sh/chart: kubeshark-52.2.30
        app.kubernetes.io/name: kubeshark
        app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.2.1"
+        app.kubernetes.io/version: "52.2.30"
        app.kubernetes.io/managed-by: Helm
    spec:
      dnsPolicy: ClusterFirstWithHostNet
@@ -644,7 +651,7 @@ spec:
                fieldPath: metadata.namespace
          - name: KUBESHARK_CLOUD_API_URL
            value: 'https://api.kubeshark.co'
-          image: 'docker.io/kubeshark/hub:v52.2.1'
+          image: 'docker.io/kubeshark/hub:v52.2.30'
          imagePullPolicy: Always
          readinessProbe:
            periodSeconds: 1
@@ -692,10 +699,10 @@ kind: Deployment
 metadata:
  labels:
    app.kubeshark.co/app: front
-    helm.sh/chart: kubeshark-52.2.1
+    helm.sh/chart: kubeshark-52.2.30
    app.kubernetes.io/name: kubeshark
    app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.2.1"
+    app.kubernetes.io/version: "52.2.30"
    app.kubernetes.io/managed-by: Helm
  annotations:
  name: kubeshark-front
@@ -705,19 +712,16 @@ spec:
  selector:
    matchLabels:
      app.kubeshark.co/app: front
-      helm.sh/chart: kubeshark-52.2.1
      app.kubernetes.io/name: kubeshark
      app.kubernetes.io/instance: kubeshark
-      app.kubernetes.io/version: "52.2.1"
-      app.kubernetes.io/managed-by: Helm
  template:
    metadata:
      labels:
        app.kubeshark.co/app: front
-        helm.sh/chart: kubeshark-52.2.1
+        helm.sh/chart: kubeshark-52.2.30
        app.kubernetes.io/name: kubeshark
        app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.2.1"
+        app.kubernetes.io/version: "52.2.30"
        app.kubernetes.io/managed-by: Helm
    spec:
      containers:
@@ -740,7 +744,7 @@ spec:
              value: 'false'
            - name: REACT_APP_RECORDING_DISABLED
              value: 'false'
-          image: 'docker.io/kubeshark/front:v52.2.1'
+          image: 'docker.io/kubeshark/front:v52.2.30'
          imagePullPolicy: Always
          name: kubeshark-front
          livenessProbe:
Author	SHA1	Message	Date
M. Mert Yildiran	5a322fc58a	🔖 Bump the Helm chart version to 52.2.30	2024-04-19 17:59:51 +03:00
Alon Girmonsky	53c3dabcbf	as eBPF is a significant feature that can impact many users, this PR is meant (#1532 ) to provide it NOT as the default option, but require an explicit indication to use it. To use eBPF instead of AF-PACKET or PF-RING, use: --set tap.packetCapture=ebpf	2024-04-18 16:28:31 -07:00
Volodymyr Stoiko	6b6915c7ee	helm: Use proper labels in selectors (#1528 ) * Use proper selectorLabels in daemonset * Update selector labels in deployments	2024-04-16 09:02:33 -07:00
M. Mert Yildiran	e819759c2d	🎨 Remove a whitespace in `09-worker-daemon-set.yaml`	2024-04-16 00:27:18 +03:00
Ilya Gavrilov	b39c5dd5d3	add net capabilities for tracer (#1525 ) Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>	2024-04-15 14:20:44 -07:00
M. Mert Yildiran	0f402789f1	✨ Add `TcpStreamChannelTimeoutShow` field to `MiscConfig`	2024-04-15 22:46:18 +03:00
Volodymyr Stoiko	d4fade3599	Extend cluster-role permissions (#1527 ) * Extend cluster-role permissions * Format * upd	2024-04-09 14:20:52 -07:00
Alon Girmonsky	054c4a9e8b	Update the readme Added a link to the live demo portal. updated the homebrew and helm installation instructions.	2024-03-29 15:44:42 -07:00