🔖 Bump the Helm chart version to 52.3.82

* respect tap.docker.imagePullSecrets

Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com>

* respect tap.docker.imagePullSecrets

Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com>

* fix: respect tap.docker.imagePullSecrets

Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com>

---------

Signed-off-by: zyue110026 <98426905+zyue110026@users.noreply.github.com>
Co-authored-by: M. Mert Yildiran <me@mertyildiran.com>

Makefile

@@ -84,7 +84,7 @@ kubectl-view-kubeshark-resources: ## This command outputs all Kubernetes resourc
 	./kubectl.sh view-kubeshark-resources
 
 generate-helm-values: ## Generate the Helm values from config.yaml
-	./bin/kubeshark__ config > ./helm-chart/values.yaml && sed -i 's/^license:.*/license: ""/' helm-chart/values.yaml
+	./bin/kubeshark__ config > ./helm-chart/values.yaml && sed -i 's/^license:.*/license: ""/' helm-chart/values.yaml && sed -i '1i # find a detailed description here: https://github.com/kubeshark/kubeshark/blob/master/helm-chart/README.md' helm-chart/values.yaml 
 
 generate-manifests: ## Generate the manifests from the Helm chart using default configuration
 	helm template kubeshark -n default ./helm-chart > ./manifests/complete.yaml
@@ -165,7 +165,7 @@ helm-install-debug:
 	cd helm-chart && helm install kubeshark . --set tap.docker.tag=$(TAG) --set tap.debug=true && cd ..
 
 helm-install-profile:
-	cd helm-chart && helm install kubeshark . --set tap.docker.tag=$(TAG) --set tap.misc.profile=true && cd ..
+	cd helm-chart && helm install kubeshark . --set tap.docker.tag=$(TAG) --set tap.pprof.enabled=true && cd ..
 
 helm-uninstall:
 	helm uninstall kubeshark
@@ -180,7 +180,7 @@ release:
 	@cd ../worker && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../hub && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../front && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
-	@cd ../kubeshark && sed -i 's/^version:.*/version: "$(VERSION)"/' helm-chart/Chart.yaml && make && make generate-helm-values && make generate-manifests
+	@cd ../kubeshark && git checkout master && git pull && sed -i 's/^version:.*/version: "$(VERSION)"/' helm-chart/Chart.yaml && make && make generate-helm-values && make generate-manifests
 	@git add -A . && git commit -m ":bookmark: Bump the Helm chart version to $(VERSION)" && git push
 	@git tag v$(VERSION) && git push origin --tags
 	@cd helm-chart && cp -r . ../../kubeshark.github.io/charts/chart

cmd/pprof.go

@@ -1,6 +1,9 @@
 package cmd
 
 import (
+	"github.com/creasty/defaults"
+	"github.com/kubeshark/kubeshark/config/configStructs"
+	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 )
 
@@ -15,4 +18,15 @@ var pprofCmd = &cobra.Command{
 
 func init() {
 	rootCmd.AddCommand(pprofCmd)
+
+	defaultTapConfig := configStructs.TapConfig{}
+	if err := defaults.Set(&defaultTapConfig); err != nil {
+		log.Debug().Err(err).Send()
+	}
+
+	pprofCmd.Flags().Uint16(configStructs.ProxyFrontPortLabel, defaultTapConfig.Proxy.Front.Port, "Provide a custom port for the proxy/port-forward")
+	pprofCmd.Flags().String(configStructs.ProxyHostLabel, defaultTapConfig.Proxy.Host, "Provide a custom host for the proxy/port-forward")
+	pprofCmd.Flags().StringP(configStructs.ReleaseNamespaceLabel, "s", defaultTapConfig.Release.Namespace, "Release namespace of Kubeshark")
+	pprofCmd.Flags().Uint16(configStructs.PprofPortLabel, defaultTapConfig.Pprof.Port, "Provide a custom port for the pprof server")
+	pprofCmd.Flags().String(configStructs.PprofViewLabel, defaultTapConfig.Pprof.View, "Change the default view of the pprof web interface")
 }

cmd/pprofRunner.go

@@ -10,6 +10,7 @@ import (
 	"github.com/kubeshark/kubeshark/utils"
 	"github.com/rivo/tview"
 	"github.com/rs/zerolog/log"
+	v1 "k8s.io/api/core/v1"
 )
 
 func runPprof() {
@@ -23,7 +24,16 @@ func runPprof() {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	pods, err := provider.ListPodsByAppLabel(ctx, config.Config.Tap.Release.Namespace, map[string]string{"app.kubeshark.co/app": "worker"})
+	hubPods, err := provider.ListPodsByAppLabel(ctx, config.Config.Tap.Release.Namespace, map[string]string{kubernetes.AppLabelKey: "hub"})
+	if err != nil {
+		log.Error().
+			Err(err).
+			Msg("Failed to list hub pods!")
+		cancel()
+		return
+	}
+
+	workerPods, err := provider.ListPodsByAppLabel(ctx, config.Config.Tap.Release.Namespace, map[string]string{kubernetes.AppLabelKey: "worker"})
 	if err != nil {
 		log.Error().
 			Err(err).
@@ -40,62 +50,39 @@ func runPprof() {
 	var currentCmd *cmd.Cmd
 
 	i := 48
-	for _, pod := range pods {
+	for _, pod := range hubPods {
+		for _, container := range pod.Spec.Containers {
+			log.Info().Str("pod", pod.Name).Str("container", container.Name).Send()
+			homeUrl := fmt.Sprintf("%s/debug/pprof/", kubernetes.GetHubUrl())
+			modal := buildNewModal(
+				pod,
+				container,
+				homeUrl,
+				app,
+				list,
+				fullscreen,
+				currentCmd,
+			)
+			list.AddItem(fmt.Sprintf("pod: %s container: %s", pod.Name, container.Name), pod.Spec.NodeName, rune(i), func() {
+				app.SetRoot(modal, fullscreen)
+			})
+			i++
+		}
+	}
+
+	for _, pod := range workerPods {
 		for _, container := range pod.Spec.Containers {
 			log.Info().Str("pod", pod.Name).Str("container", container.Name).Send()
 			homeUrl := fmt.Sprintf("%s/pprof/%s/%s/", kubernetes.GetHubUrl(), pod.Status.HostIP, container.Name)
-			modal := tview.NewModal().
-				SetText(fmt.Sprintf("pod: %s container: %s", pod.Name, container.Name)).
-				AddButtons([]string{
-					"Open Debug Home Page",
-					"Profile: CPU",
-					"Profile: Memory",
-					"Profile: Goroutine",
-					"Cancel",
-				}).
-				SetDoneFunc(func(buttonIndex int, buttonLabel string) {
-					switch buttonLabel {
-					case "Open Debug Home Page":
-						utils.OpenBrowser(homeUrl)
-					case "Profile: CPU":
-						if currentCmd != nil {
-							err = currentCmd.Stop()
-							if err != nil {
-								log.Error().Err(err).Str("name", currentCmd.Name).Msg("Failed to stop process!")
-							}
-						}
-						currentCmd = cmd.NewCmd("go", "tool", "pprof", "-http", ":8000", fmt.Sprintf("%sprofile", homeUrl))
-						currentCmd.Start()
-					case "Profile: Memory":
-						if currentCmd != nil {
-							err = currentCmd.Stop()
-							if err != nil {
-								log.Error().Err(err).Str("name", currentCmd.Name).Msg("Failed to stop process!")
-							}
-						}
-						currentCmd = cmd.NewCmd("go", "tool", "pprof", "-http", ":8000", fmt.Sprintf("%sheap", homeUrl))
-						currentCmd.Start()
-					case "Profile: Goroutine":
-						if currentCmd != nil {
-							err = currentCmd.Stop()
-							if err != nil {
-								log.Error().Err(err).Str("name", currentCmd.Name).Msg("Failed to stop process!")
-							}
-						}
-						currentCmd = cmd.NewCmd("go", "tool", "pprof", "-http", ":8000", fmt.Sprintf("%sgoroutine", homeUrl))
-						currentCmd.Start()
-					case "Cancel":
-						if currentCmd != nil {
-							err = currentCmd.Stop()
-							if err != nil {
-								log.Error().Err(err).Str("name", currentCmd.Name).Msg("Failed to stop process!")
-							}
-						}
-						fallthrough
-					default:
-						app.SetRoot(list, fullscreen)
-					}
-				})
+			modal := buildNewModal(
+				pod,
+				container,
+				homeUrl,
+				app,
+				list,
+				fullscreen,
+				currentCmd,
+			)
 			list.AddItem(fmt.Sprintf("pod: %s container: %s", pod.Name, container.Name), pod.Spec.NodeName, rune(i), func() {
 				app.SetRoot(modal, fullscreen)
 			})
@@ -117,3 +104,73 @@ func runPprof() {
 		panic(err)
 	}
 }
+
+func buildNewModal(
+	pod v1.Pod,
+	container v1.Container,
+	homeUrl string,
+	app *tview.Application,
+	list *tview.List,
+	fullscreen bool,
+	currentCmd *cmd.Cmd,
+) *tview.Modal {
+	return tview.NewModal().
+		SetText(fmt.Sprintf("pod: %s container: %s", pod.Name, container.Name)).
+		AddButtons([]string{
+			"Open Debug Home Page",
+			"Profile: CPU",
+			"Profile: Memory",
+			"Profile: Goroutine",
+			"Cancel",
+		}).
+		SetDoneFunc(func(buttonIndex int, buttonLabel string) {
+			var err error
+			port := fmt.Sprintf(":%d", config.Config.Tap.Pprof.Port)
+			view := fmt.Sprintf("http://localhost%s/ui/%s", port, config.Config.Tap.Pprof.View)
+
+			switch buttonLabel {
+			case "Open Debug Home Page":
+				utils.OpenBrowser(homeUrl)
+			case "Profile: CPU":
+				if currentCmd != nil {
+					err = currentCmd.Stop()
+					if err != nil {
+						log.Error().Err(err).Str("name", currentCmd.Name).Msg("Failed to stop process!")
+					}
+				}
+				currentCmd = cmd.NewCmd("go", "tool", "pprof", "-http", port, "-no_browser", fmt.Sprintf("%sprofile", homeUrl))
+				currentCmd.Start()
+				utils.OpenBrowser(view)
+			case "Profile: Memory":
+				if currentCmd != nil {
+					err = currentCmd.Stop()
+					if err != nil {
+						log.Error().Err(err).Str("name", currentCmd.Name).Msg("Failed to stop process!")
+					}
+				}
+				currentCmd = cmd.NewCmd("go", "tool", "pprof", "-http", port, "-no_browser", fmt.Sprintf("%sheap", homeUrl))
+				currentCmd.Start()
+				utils.OpenBrowser(view)
+			case "Profile: Goroutine":
+				if currentCmd != nil {
+					err = currentCmd.Stop()
+					if err != nil {
+						log.Error().Err(err).Str("name", currentCmd.Name).Msg("Failed to stop process!")
+					}
+				}
+				currentCmd = cmd.NewCmd("go", "tool", "pprof", "-http", port, "-no_browser", fmt.Sprintf("%sgoroutine", homeUrl))
+				currentCmd.Start()
+				utils.OpenBrowser(view)
+			case "Cancel":
+				if currentCmd != nil {
+					err = currentCmd.Stop()
+					if err != nil {
+						log.Error().Err(err).Str("name", currentCmd.Name).Msg("Failed to stop process!")
+					}
+				}
+				fallthrough
+			default:
+				app.SetRoot(list, fullscreen)
+			}
+		})
+}

config/config.go

@@ -70,6 +70,7 @@ func InitConfig(cmd *cobra.Command) error {
 		"pro",
 		"proxy",
 		"scripts",
+		"pprof",
 	}, cmdName) {
 		cmdName = "tap"
 	}

config/configStruct.go

@@ -99,19 +99,20 @@ type ManifestsConfig struct {
 }
 
 type ConfigStruct struct {
-	Tap                  configStructs.TapConfig       `yaml:"tap" json:"tap"`
-	Logs                 configStructs.LogsConfig      `yaml:"logs" json:"logs"`
-	Config               configStructs.ConfigConfig    `yaml:"config,omitempty" json:"config,omitempty"`
-	Kube                 KubeConfig                    `yaml:"kube" json:"kube"`
-	DumpLogs             bool                          `yaml:"dumpLogs" json:"dumpLogs" default:"false"`
-	HeadlessMode         bool                          `yaml:"headless" json:"headless" default:"false"`
-	License              string                        `yaml:"license" json:"license" default:""`
-	CloudLicenseEnabled  bool                          `yaml:"cloudLicenseEnabled" json:"cloudLicenseEnabled" default:"true"`
-	SupportChatEnabled   bool                          `yaml:"supportChatEnabled" json:"supportChatEnabled" default:"true"`
-	InternetConnectivity bool                          `yaml:"internetConnectivity" json:"internetConnectivity" default:"true"`
-	Scripting            configStructs.ScriptingConfig `yaml:"scripting" json:"scripting"`
-	Manifests            ManifestsConfig               `yaml:"manifests,omitempty" json:"manifests,omitempty"`
-	Timezone             string                        `yaml:"timezone" json:"timezone"`
+	Tap                       configStructs.TapConfig       `yaml:"tap" json:"tap"`
+	Logs                      configStructs.LogsConfig      `yaml:"logs" json:"logs"`
+	Config                    configStructs.ConfigConfig    `yaml:"config,omitempty" json:"config,omitempty"`
+	Kube                      KubeConfig                    `yaml:"kube" json:"kube"`
+	DumpLogs                  bool                          `yaml:"dumpLogs" json:"dumpLogs" default:"false"`
+	HeadlessMode              bool                          `yaml:"headless" json:"headless" default:"false"`
+	License                   string                        `yaml:"license" json:"license" default:""`
+	CloudLicenseEnabled       bool                          `yaml:"cloudLicenseEnabled" json:"cloudLicenseEnabled" default:"true"`
+	SupportChatEnabled        bool                          `yaml:"supportChatEnabled" json:"supportChatEnabled" default:"true"`
+	InternetConnectivity      bool                          `yaml:"internetConnectivity" json:"internetConnectivity" default:"true"`
+	DissectorsUpdatingEnabled bool                          `yaml:"dissectorsUpdatingEnabled" json:"dissectorsUpdatingEnabled" default:"true"`
+	Scripting                 configStructs.ScriptingConfig `yaml:"scripting" json:"scripting"`
+	Manifests                 ManifestsConfig               `yaml:"manifests,omitempty" json:"manifests,omitempty"`
+	Timezone                  string                        `yaml:"timezone" json:"timezone"`
 }
 
 func (config *ConfigStruct) ImagePullPolicy() v1.PullPolicy {

config/configStructs/tapConfig.go

@@ -31,6 +31,8 @@ const (
 	IgnoreTaintedLabel           = "ignoreTainted"
 	IngressEnabledLabel          = "ingress-enabled"
 	TelemetryEnabledLabel        = "telemetry-enabled"
+	PprofPortLabel               = "pprof-port"
+	PprofViewLabel               = "pprof-view"
 	DebugLabel                   = "debug"
 	ContainerPort                = 80
 	ContainerPortStr             = "80"
@@ -89,6 +91,7 @@ type OverrideTagConfig struct {
 type DockerConfig struct {
 	Registry         string            `yaml:"registry" json:"registry" default:"docker.io/kubeshark"`
 	Tag              string            `yaml:"tag" json:"tag" default:""`
+	TagLocked        bool              `yaml:"tagLocked" json:"tagLocked" default:"true"`
 	ImagePullPolicy  string            `yaml:"imagePullPolicy" json:"imagePullPolicy" default:"Always"`
 	ImagePullSecrets []string          `yaml:"imagePullSecrets" json:"imagePullSecrets"`
 	OverrideTag      OverrideTagConfig `yaml:"overrideTag" json:"overrideTag"`
@@ -141,6 +144,11 @@ type TelemetryConfig struct {
 	Enabled bool `yaml:"enabled" json:"enabled" default:"true"`
 }
 
+type SentryConfig struct {
+	Enabled     bool   `yaml:"enabled" json:"enabled" default:"false"`
+	Environment string `yaml:"environment" json:"environment" default:"production"`
+}
+
 type CapabilitiesConfig struct {
 	NetworkCapture     []string `yaml:"networkCapture" json:"networkCapture"  default:"[]"`
 	ServiceMeshCapture []string `yaml:"serviceMeshCapture" json:"serviceMeshCapture"  default:"[]"`
@@ -158,6 +166,12 @@ type MetricsConfig struct {
 	Port uint16 `yaml:"port" json:"port" default:"49100"`
 }
 
+type PprofConfig struct {
+	Enabled bool   `yaml:"enabled" json:"enabled" default:"false"`
+	Port    uint16 `yaml:"port" json:"port" default:"8000"`
+	View    string `yaml:"view" json:"view" default:"flamegraph"`
+}
+
 type MiscConfig struct {
 	JsonTTL                     string `yaml:"jsonTTL" json:"jsonTTL" default:"5m"`
 	PcapTTL                     string `yaml:"pcapTTL" json:"pcapTTL" default:"10s"`
@@ -166,7 +180,6 @@ type MiscConfig struct {
 	TcpStreamChannelTimeoutMs   int    `yaml:"tcpStreamChannelTimeoutMs" json:"tcpStreamChannelTimeoutMs" default:"10000"`
 	TcpStreamChannelTimeoutShow bool   `yaml:"tcpStreamChannelTimeoutShow" json:"tcpStreamChannelTimeoutShow" default:"false"`
 	ResolutionStrategy          string `yaml:"resolutionStrategy" json:"resolutionStrategy" default:"auto"`
-	Profile                     bool   `yaml:"profile" json:"profile" default:"false"`
 	DuplicateTimeframe          string `yaml:"duplicateTimeframe" json:"duplicateTimeframe" default:"200ms"`
 	DetectDuplicates            bool   `yaml:"detectDuplicates" json:"detectDuplicates" default:"false"`
 }
@@ -189,6 +202,7 @@ type TapConfig struct {
 	Resources                    ResourcesConfig       `yaml:"resources" json:"resources"`
 	ServiceMesh                  bool                  `yaml:"serviceMesh" json:"serviceMesh" default:"true"`
 	Tls                          bool                  `yaml:"tls" json:"tls" default:"true"`
+	DisableTlsLog                bool                  `yaml:"disableTlsLog" json:"disableTlsLog" default:"false"`
 	PacketCapture                string                `yaml:"packetCapture" json:"packetCapture" default:"best"`
 	IgnoreTainted                bool                  `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"`
 	Labels                       map[string]string     `yaml:"labels" json:"labels" default:"{}"`
@@ -200,6 +214,7 @@ type TapConfig struct {
 	Debug                        bool                  `yaml:"debug" json:"debug" default:"false"`
 	KernelModule                 KernelModuleConfig    `yaml:"kernelModule" json:"kernelModule"`
 	Telemetry                    TelemetryConfig       `yaml:"telemetry" json:"telemetry"`
+	Sentry                       SentryConfig          `yaml:"sentry" json:"sentry"`
 	DefaultFilter                string                `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !tcp"`
 	ScriptingDisabled            bool                  `yaml:"scriptingDisabled" json:"scriptingDisabled" default:"false"`
 	TargetedPodsUpdateDisabled   bool                  `yaml:"targetedPodsUpdateDisabled" json:"targetedPodsUpdateDisabled" default:"false"`
@@ -209,6 +224,7 @@ type TapConfig struct {
 	GlobalFilter                 string                `yaml:"globalFilter" json:"globalFilter"`
 	EnabledDissectors            []string              `yaml:"enabledDissectors" json:"enabledDissectors"`
 	Metrics                      MetricsConfig         `yaml:"metrics" json:"metrics"`
+	Pprof                        PprofConfig           `yaml:"pprof" json:"pprof"`
 	Misc                         MiscConfig            `yaml:"misc" json:"misc"`
 }
 

helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kubeshark
-version: "52.3.79"
+version: "52.3.82"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.co
 keywords:

helm-chart/README.md

@@ -115,37 +115,46 @@ Please refer to [metrics](./metrics.md) documentation for details.
 
 | Parameter                                 | Description                                   | Default                                                 |
 |-------------------------------------------|-----------------------------------------------|---------------------------------------------------------|
-| `tap.docker.registry`                     | Docker registry to pull from                           | `docker.io/kubeshark`                                   |
-| `tap.docker.tag`                          | Tag of the Docker images                              | `latest`                                                |
+| `tap.docker.registry`                     | Docker registry to pull from                  | `docker.io/kubeshark`                                   |
+| `tap.docker.tag`                          | Tag of the Docker images                      | `latest`                                                |
+| `tap.docker.tagLocked`                    | Lock the Docker image tags to prevent automatic upgrades to the latest branch image version. | `true`   |
+| `tap.docker.tagLocked`                    | If `false` - use latest minor tag             | `true`                                                  |
 | `tap.docker.imagePullPolicy`              | Kubernetes image pull policy                  | `Always`                                                |
-| `tap.docker.imagePullSecrets`             | Kubernetes secrets to pull the images      | `[]`                                                    |
-| `tap.proxy.worker.srvPort`                | Worker server port                           | `30001`                                                  |
-| `tap.proxy.hub.port`                      | Hub service port                              | `8898`                                                  |
-| `tap.proxy.hub.srvPort`                   | Hub server port                   | `8898`                                                  |
-| `tap.proxy.front.port`                    | Front-facing service port                     | `8899`                                                  |
-| `tap.proxy.host`                          | Proxy server's IP                                   | `127.0.0.1`                                             |
-| `tap.namespaces`                          | List of namespaces for the traffic capture                 | `[]`                                                    |
-| `tap.excludedNamespaces`                  | List of namespaces to explicitly exclude                 | `[]`                                                    |
-| `tap.release.repo`                        | URL of the Helm chart repository             | `https://helm.kubeshark.co`                             |
-| `tap.release.name`                        | Helm release name                          | `kubeshark`                                             |
-| `tap.release.namespace`                   | Helm release namespace                | `default`                                               |
-| `tap.persistentStorage`                   | Use `persistentVolumeClaim` instead of `emptyDir` | `false`                                                |
-| `tap.persistentStorageStatic`             | Use static persistent volume provisioning (explicitly defined `PersistentVolume` ) | `false`                                                      |
-| `tap.efsFileSytemIdAndPath`               | [EFS file system ID and, optionally, subpath and/or access point](https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/examples/kubernetes/access_points/README.md) `<FileSystemId>:<Path>:<AccessPointId>`     | ""                                                           |
-| `tap.storageLimit`                        | Limit of either the `emptyDir` or `persistentVolumeClaim`                  | `500Mi`                                                 |
-| `tap.storageClass`                        | Storage class of the `PersistentVolumeClaim`          | `standard`                                              |
-| `tap.dryRun`                              | Preview of all pods matching the regex, without tapping them                    | `false`                                                 |
-| `tap.pcap`                                |                                               | `""`                                                    |
-| `tap.resources.worker.limits.cpu`         | CPU limit for worker                          | `750m`                                                  |
-| `tap.resources.worker.limits.memory`      | Memory limit for worker                       | `1Gi`                                                   |
-| `tap.resources.worker.requests.cpu`       | CPU request for worker                        | `50m`                                                   |
-| `tap.resources.worker.requests.memory`    | Memory request for worker                     | `50Mi`                                                  |
-| `tap.resources.hub.limits.cpu`            | CPU limit for hub                             | `750m`                                                  |
-| `tap.resources.hub.limits.memory`         | Memory limit for hub                          | `1Gi`                                                   |
+| `tap.docker.imagePullSecrets`             | Kubernetes secrets to pull the images         | `[]`                                                    |
+| `tap.docker.overrideTag`                  | DANGER: Used to override specific images, when testing custom features from the Kubeshark team | `""`   |
+| `tap.proxy.hub.srvPort`                   | Hub server port. Change if already occupied.  | `8898`                                                  |
+| `tap.proxy.worker.srvPort`                | Worker server port. Change if already occupied.| `30001`                                                |
+| `tap.proxy.front.port`                    | Front service port. Change if already occupied.| `8899`                                                 |
+| `tap.proxy.host`                          | Change to 0.0.0.0 top open up to the world.   | `127.0.0.1`                                             |
+| `tap.regex`                               | Target (process traffic from) pods that match regex | `.*`                                              |
+| `tap.namespaces`                          | Target pods in namespaces                     | `[]`                                                    |
+| `tap.excludedNamespaces`                  | Exclude pods in namespaces                    | `[]`                                                    |
+| `tap.bpfOverride`                         | When using AF_PACKET as a traffic capture backend, override any existing pod targeting rules and set explicit BPF expression (e.g. `net 0.0.0.0/0`).                                                          | `[]`                                                    |
+| `tap.stopped`                             | Set to `false` to have traffic processing start automatically. When set to `true`, traffic processing is stopped by default, resulting in almost no resource consumption (e.g. Kubeshark is dormant). This property can be dynamically control via the dashboard.      | `true`                                                                                                                                                |
+| `tap.release.repo`                        | URL of the Helm chart repository              | `https://helm.kubeshark.co`                             |
+| `tap.release.name`                        | Helm release name                             | `kubeshark`                                             |
+| `tap.release.namespace`                   | Helm release namespace                        | `default`                                               |
+| `tap.persistentStorage`                   | Use `persistentVolumeClaim` instead of `emptyDir` | `false`                                             |
+| `tap.persistentStorageStatic`             | Use static persistent volume provisioning (explicitly defined `PersistentVolume` ) | `false`            |
+| `tap.efsFileSytemIdAndPath`               | [EFS file system ID and, optionally, subpath and/or access point](https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/examples/kubernetes/access_points/README.md) `<FileSystemId>:<Path>:<AccessPointId>`  | ""                             |
+| `tap.storageLimit`                        | Limit of either the `emptyDir` or `persistentVolumeClaim` | `500Mi`                                     |
+| `tap.storageClass`                        | Storage class of the `PersistentVolumeClaim`          | `standard`                                      |
+| `tap.dryRun`                              | Preview of all pods matching the regex, without tapping them    | `false`                               |
+| `tap.resources.hub.limits.cpu`            | CPU limit for hub                             | `1000m`                                                 |
+| `tap.resources.hub.limits.memory`         | Memory limit for hub                          | `1500Mi`                                                |
 | `tap.resources.hub.requests.cpu`          | CPU request for hub                           | `50m`                                                   |
 | `tap.resources.hub.requests.memory`       | Memory request for hub                        | `50Mi`                                                  |
+| `tap.resources.sniffer.limits.cpu`        | CPU limit for sniffer                         | `1000m`                                                 |
+| `tap.resources.sniffer.limits.memory`     | Memory limit for sniffer                      | `1500Mi`                                                |
+| `tap.resources.sniffer.requests.cpu`      | CPU request for sniffer                       | `50m`                                                   |
+| `tap.resources.sniffer.requests.memory`   | Memory request for sniffer                    | `50Mi`                                                  |
+| `tap.resources.tracer.limits.cpu`         | CPU limit for tracer                          | `1000m`                                                 |
+| `tap.resources.tracer.limits.memory`      | Memory limit for tracer                       | `1500Mi`                                                |
+| `tap.resources.tracer.requests.cpu`       | CPU request for tracer                        | `50m`                                                   |
+| `tap.resources.tracer.requests.memory`    | Memory request for tracer                     | `50Mi`                                                  |
 | `tap.serviceMesh`                         | Capture traffic from service meshes like Istio, Linkerd, Consul, etc.          | `true`                                                  |
 | `tap.tls`                                 | Capture the encrypted/TLS traffic from cryptography libraries like OpenSSL                         | `true`                                                  |
+| `tap.disableTlsLog`                       | Suppress logging for TLS/eBPF                 | `false`                                                 |
 | `tap.ignoreTainted`                       | Whether to ignore tainted nodes               | `false`                                                 |
 | `tap.labels`                              | Kubernetes labels to apply to all Kubeshark resources  | `{}`                                                    |
 | `tap.annotations`                         | Kubernetes annotations to apply to all Kubeshark resources | `{}`                                                |
@@ -170,10 +179,11 @@ Please refer to [metrics](./metrics.md) documentation for details.
 | `tap.kernelModule.image`                  | Container image containing PF_RING kernel module with supported kernel version([details](PF_RING.md))      | "kubeshark/pf-ring-module:all"                                                 |
 | `tap.kernelModule.unloadOnDestroy`        | Create additional container which watches for pod termination and unloads PF_RING kernel module. | `false`|
 | `tap.telemetry.enabled`                   | Enable anonymous usage statistics collection           | `true`                                                  |
+| `tap.sentry.enabled`                      | Enable sending of error logs to Sentry          | `false`                                                  |
+| `tap.sentry.environment`                      | Sentry environment to label error logs with      | `production`                                                  |
 | `tap.defaultFilter`                       | Sets the default dashboard KFL filter (e.g. `http`). By default, this value is set to filter out DNS  and TCP entries. The user can easily change this in the Dashboard.         | `"!dns and !tcp"`                                                  |
 | `tap.globalFilter`                        | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field. Another example `!dns` will not show any DNS traffic.      | `""`                                        |
 | `tap.metrics.port`                  | Pod port used to expose Prometheus metrics          | `49100`                                                  |
-| `tap.stopped`                             | A flag indicating whether to start Kubeshark with traffic processing stopped resulting in almost no resource consumption (e.g. Kubeshark is dormant). This property can be dynamically control via the dashboard.         | `true`                                                  |
 | `tap.enabledDissectors`                   | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list includes: amqp, dns , http, icmp, kafka, redis,sctp, syscall, tcp, ws.  |
 | `logs.file`                               | Logs dump path                      | `""`                                                    |
 | `kube.configPath`                         | Path to the `kubeconfig` file (`$HOME/.kube/config`)            | `""`                                                    |
@@ -187,6 +197,7 @@ Please refer to [metrics](./metrics.md) documentation for details.
 | `timezone`                                | IANA time zone applied to time shown in the front-end | `""` (local time zone applies) |
 | `supportChatEnabled`                      | Enable real-time support chat channel based on Intercom | `true` |
 | `internetConnectivity`                    | Turns off API requests that are dependant on Internet connectivity such as `telemetry` and `online-support`. | `true` |
+| `dissectorsUpdatingEnabled`                     | Turns off UI for enabling/disabling dissectors | `true` |
 
 KernelMapping pairs kernel versions with a
                             DriverContainer image. Kernel versions can be matched

helm-chart/templates/04-hub-deployment.yaml

@@ -26,7 +26,7 @@ spec:
       dnsPolicy: ClusterFirstWithHostNet
       serviceAccountName: {{ include "kubeshark.serviceAccountName" . }}
       containers:
-        - name: kubeshark-hub
+        - name: hub
           command:
             - ./hub
             - -port
@@ -43,14 +43,26 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+          - name: SENTRY_ENABLED
+            value: '{{ (include "sentry.enabled" .) }}'
+          - name: SENTRY_ENVIRONMENT
+            value: '{{ .Values.tap.sentry.environment }}'
           - name: KUBESHARK_CLOUD_API_URL
             value: 'https://api.kubeshark.co'
+          - name: PROFILING_ENABLED
+            value: '{{ .Values.tap.pprof.enabled }}'
         {{- if .Values.tap.docker.overrideTag.hub }}
           image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.overrideTag.hub }}'
         {{ else }}
-          image: '{{ .Values.tap.docker.registry }}/hub:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
+          image: '{{ .Values.tap.docker.registry }}/hub:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}'
         {{- end }}
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
+        {{- if .Values.tap.docker.imagePullSecrets }}
+          imagePullSecrets:
+            {{- range .Values.tap.docker.imagePullSecrets }}
+            - name: {{ . }}
+            {{- end }}
+        {{- end }}
           readinessProbe:
             periodSeconds: 1
             failureThreshold: 3

helm-chart/templates/06-front-deployment.yaml

@@ -60,12 +60,24 @@ spec:
                       {{- end }}'
             - name: REACT_APP_SUPPORT_CHAT_ENABLED
               value: '{{ and .Values.supportChatEnabled .Values.internetConnectivity | ternary "true" "false" }}'
+            - name: REACT_APP_DISSECTORS_UPDATING_ENABLED
+              value: '{{ .Values.dissectorsUpdatingEnabled | ternary "true" "false" }}'
+            - name: REACT_APP_SENTRY_ENABLED
+              value: '{{ (include "sentry.enabled" .) }}'
+            - name: REACT_APP_SENTRY_ENVIRONMENT
+              value: '{{ .Values.tap.sentry.environment }}'
         {{- if .Values.tap.docker.overrideTag.front }}
           image: '{{ .Values.tap.docker.registry }}/front:{{ .Values.tap.docker.overrideTag.front }}'
         {{ else }}
-          image: '{{ .Values.tap.docker.registry }}/front:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}'
+          image: '{{ .Values.tap.docker.registry }}/front:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}'
         {{- end }}
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
+        {{- if .Values.tap.docker.imagePullSecrets }}
+          imagePullSecrets:
+            {{- range .Values.tap.docker.imagePullSecrets }}
+            - name: {{ . }}
+            {{- end }}
+        {{- end }}
           name: kubeshark-front
           livenessProbe:
             periodSeconds: 1

helm-chart/templates/09-worker-daemon-set.yaml

@@ -30,6 +30,12 @@ spec:
       - name: load-pf-ring
         image: {{ .Values.tap.kernelModule.image }}
         imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
+      {{- if .Values.tap.docker.imagePullSecrets }}
+        imagePullSecrets:
+          {{- range .Values.tap.docker.imagePullSecrets }}
+          - name: {{ . }}
+          {{- end }}
+      {{- end }}
         securityContext:
           capabilities:
             add:
@@ -73,9 +79,15 @@ spec:
         {{- if .Values.tap.docker.overrideTag.worker }}
           image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}{{ include "kubeshark.dockerTagDebugVersion" . }}'
         {{ else }}
-          image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}{{ include "kubeshark.dockerTagDebugVersion" . }}'
+          image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}{{ include "kubeshark.dockerTagDebugVersion" . }}'
         {{- end }}
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
+        {{- if .Values.tap.docker.imagePullSecrets }}
+          imagePullSecrets:
+            {{- range .Values.tap.docker.imagePullSecrets }}
+            - name: {{ . }}
+            {{- end }}
+        {{- end }}
           name: sniffer
           ports:
             - containerPort: {{ .Values.tap.metrics.port }}
@@ -97,7 +109,11 @@ spec:
           - name: KUBESHARK_CLOUD_API_URL
             value: 'https://api.kubeshark.co'
           - name: PROFILING_ENABLED
-            value: '{{ .Values.tap.misc.profile }}'
+            value: '{{ .Values.tap.pprof.enabled }}'
+          - name: SENTRY_ENABLED
+            value: '{{ (include "sentry.enabled" .) }}'
+          - name: SENTRY_ENVIRONMENT
+            value: '{{ .Values.tap.sentry.environment }}'
           resources:
             limits:
               cpu: {{ .Values.tap.resources.sniffer.limits.cpu }}
@@ -166,16 +182,25 @@ spec:
           {{- if .Values.tap.debug }}
             - -debug
           {{- end }}
-          {{- if .Values.tap.misc.profile }}
+          {{- if .Values.tap.disableTlsLog }}
+            - -disable-tls-log
+          {{- end }}
+          {{- if .Values.tap.pprof.enabled }}
             - -port
             - '{{ add .Values.tap.proxy.worker.srvPort 1 }}'
           {{- end }}
         {{- if .Values.tap.docker.overrideTag.worker }}
           image: '{{ .Values.tap.docker.registry }}/worker:{{ .Values.tap.docker.overrideTag.worker }}{{ include "kubeshark.dockerTagDebugVersion" . }}'
         {{ else }}
-          image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (printf "v%s" .Chart.Version) }}{{ include "kubeshark.dockerTagDebugVersion" . }}'
+          image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}{{ include "kubeshark.dockerTagDebugVersion" . }}'
         {{- end }}
           imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
+        {{- if .Values.tap.docker.imagePullSecrets }}
+          imagePullSecrets:
+            {{- range .Values.tap.docker.imagePullSecrets }}
+            - name: {{ . }}
+            {{- end }}
+        {{- end }}
           name: tracer
           env:
           - name: POD_NAME
@@ -187,7 +212,11 @@ spec:
               fieldRef:
                 fieldPath: metadata.namespace
           - name: PROFILING_ENABLED
-            value: '{{ .Values.tap.misc.profile }}'
+            value: '{{ .Values.tap.pprof.enabled }}'
+          - name: SENTRY_ENABLED
+            value: '{{ (include "sentry.enabled" .) }}'
+          - name: SENTRY_ENVIRONMENT
+            value: '{{ .Values.tap.sentry.environment }}'
           resources:
             limits:
               cpu: {{ .Values.tap.resources.tracer.limits.cpu }}

helm-chart/templates/12-config-map.yaml

@@ -47,5 +47,6 @@ data:
                             {{- end }}'
     DUPLICATE_TIMEFRAME: '{{ .Values.tap.misc.duplicateTimeframe }}'
     ENABLED_DISSECTORS: '{{ gt (len .Values.tap.enabledDissectors) 0 | ternary (join "," .Values.tap.enabledDissectors) "" }}'
+    DISSECTORS_UPDATING_ENABLED: '{{ .Values.dissectorsUpdatingEnabled | ternary "true" "false" }}'
     DETECT_DUPLICATES: '{{ .Values.tap.misc.detectDuplicates | ternary "true" "false" }}'
 

helm-chart/templates/_helpers.tpl

@@ -60,5 +60,29 @@ Escape double quotes in a string
 Define debug docker tag suffix
 */}}
 {{- define "kubeshark.dockerTagDebugVersion" -}}
-{{- .Values.tap.misc.profile | ternary "-debug" "" }}
+{{- .Values.tap.pprof.enabled | ternary "-debug" "" }}
+{{- end -}}
+
+{{/*
+Create docker tag default version
+*/}}
+{{- define "kubeshark.defaultVersion" -}}
+{{- $defaultVersion := (printf "v%s" .Chart.Version) -}}
+{{- if not .Values.tap.docker.tagLocked }}
+  {{- $defaultVersion = regexReplaceAll "^([^.]+\\.[^.]+).*" $defaultVersion "$1" -}}
+{{- end }}
+{{- $defaultVersion }}
+{{- end -}}
+
+{{/*
+Set sentry based on internet connectivity and telemetry
+*/}}
+{{- define "sentry.enabled" -}}
+  {{- $sentryEnabledVal := .Values.tap.sentry.enabled -}}
+  {{- if not .Values.internetConnectivity -}}
+    {{- $sentryEnabledVal = false -}}
+  {{- else if not .Values.tap.telemetry.enabled -}}
+    {{- $sentryEnabledVal = false -}}
+  {{- end -}}
+  {{- $sentryEnabledVal -}}
 {{- end -}}

helm-chart/values.yaml

@@ -1,7 +1,9 @@
+# find a detailed description here: https://github.com/kubeshark/kubeshark/blob/master/helm-chart/README.md
 tap:
   docker:
     registry: docker.io/kubeshark
     tag: ""
+    tagLocked: true
     imagePullPolicy: Always
     imagePullSecrets: []
     overrideTag:
@@ -55,6 +57,7 @@ tap:
         memory: 50Mi
   serviceMesh: true
   tls: true
+  disableTlsLog: false
   packetCapture: best
   ignoreTainted: false
   labels: {}
@@ -95,6 +98,9 @@ tap:
     unloadOnDestroy: false
   telemetry:
     enabled: true
+  sentry:
+    enabled: false
+    environment: production
   defaultFilter: "!dns and !tcp"
   scriptingDisabled: false
   targetedPodsUpdateDisabled: false
@@ -129,6 +135,10 @@ tap:
   - ws
   metrics:
     port: 49100
+  pprof:
+    enabled: false
+    port: 8000
+    view: flamegraph
   misc:
     jsonTTL: 5m
     pcapTTL: 10s
@@ -137,7 +147,6 @@ tap:
     tcpStreamChannelTimeoutMs: 10000
     tcpStreamChannelTimeoutShow: false
     resolutionStrategy: auto
-    profile: false
     duplicateTimeframe: 200ms
     detectDuplicates: false
 logs:
@@ -152,6 +161,7 @@ license: ""
 cloudLicenseEnabled: true
 supportChatEnabled: true
 internetConnectivity: true
+dissectorsUpdatingEnabled: true
 scripting:
   env: {}
   source: ""

kubernetes/consts.go

@@ -8,4 +8,5 @@ const (
 	HubServiceName             = HubPodName
 	K8sAllNamespaces           = ""
 	MinKubernetesServerVersion = "1.16.0"
+	AppLabelKey                = "app.kubeshark.co/app"
 )

kubernetes/proxy.go

@@ -106,7 +106,7 @@ func getRerouteHttpHandlerSelfStatic(proxyHandler http.Handler, selfNamespace st
 }
 
 func NewPortForward(kubernetesProvider *Provider, namespace string, podRegex *regexp.Regexp, srcPort uint16, dstPort uint16, ctx context.Context) (*portforward.PortForwarder, error) {
-	pods, err := kubernetesProvider.ListPodsByAppLabel(ctx, namespace, map[string]string{"app.kubeshark.co/app": "front"})
+	pods, err := kubernetesProvider.ListPodsByAppLabel(ctx, namespace, map[string]string{AppLabelKey: "front"})
 	if err != nil {
 		return nil, err
 	} else if len(pods) == 0 {

manifests/complete.yaml

@@ -4,10 +4,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub-network-policy
@@ -31,10 +31,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front-network-policy
@@ -58,10 +58,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-worker-network-policy
@@ -87,10 +87,10 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-service-account
@@ -104,10 +104,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
 stringData:
     LICENSE: ''
@@ -121,10 +121,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
 stringData:
   AUTH_SAML_X509_CRT: |
@@ -137,10 +137,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
 stringData:
   AUTH_SAML_X509_KEY: |
@@ -152,10 +152,10 @@ metadata:
   name: kubeshark-nginx-config-map
   namespace: default
   labels:
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
 data:
   default.conf: |
@@ -216,10 +216,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
 data:
     POD_REGEX: '.*'
@@ -250,6 +250,7 @@ data:
     CLOUD_LICENSE_ENABLED: 'true'
     DUPLICATE_TIMEFRAME: '200ms'
     ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,sctp,syscall,tcp,ws'
+    DISSECTORS_UPDATING_ENABLED: 'true'
     DETECT_DUPLICATES: 'false'
 ---
 # Source: kubeshark/templates/02-cluster-role.yaml
@@ -257,10 +258,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-cluster-role-default
@@ -294,10 +295,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-cluster-role-binding-default
@@ -316,10 +317,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role
@@ -345,10 +346,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role-binding
@@ -368,10 +369,10 @@ kind: Service
 metadata:
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub
@@ -390,10 +391,10 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front
@@ -412,10 +413,10 @@ kind: Service
 apiVersion: v1
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
     prometheus.io/scrape: 'true'
@@ -425,10 +426,10 @@ metadata:
 spec:
   selector:
     app.kubeshark.co/app: worker
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   ports:
   - name: metrics
@@ -443,10 +444,10 @@ metadata:
   labels:
     app.kubeshark.co/app: worker
     sidecar.istio.io/inject: "false"
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-worker-daemon-set
@@ -461,10 +462,10 @@ spec:
     metadata:
       labels:
         app.kubeshark.co/app: worker
-        helm.sh/chart: kubeshark-52.3.79
+        helm.sh/chart: kubeshark-52.3.82
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.3.79"
+        app.kubernetes.io/version: "52.3.82"
         app.kubernetes.io/managed-by: Helm
       name: kubeshark-worker-daemon-set
       namespace: kubeshark
@@ -487,7 +488,7 @@ spec:
             - -disable-ebpf
             - -resolution-strategy
             - 'auto'
-          image: 'docker.io/kubeshark/worker:v52.3.79'
+          image: 'docker.io/kubeshark/worker:v52.3.82'
           imagePullPolicy: Always
           name: sniffer
           ports:
@@ -511,6 +512,10 @@ spec:
             value: 'https://api.kubeshark.co'
           - name: PROFILING_ENABLED
             value: 'false'
+          - name: SENTRY_ENABLED
+            value: 'false'
+          - name: SENTRY_ENVIRONMENT
+            value: 'production'
           resources:
             limits:
               cpu: 1000m
@@ -556,7 +561,7 @@ spec:
             - -procfs
             - /hostproc
             - -disable-ebpf
-          image: 'docker.io/kubeshark/worker:v52.3.79'
+          image: 'docker.io/kubeshark/worker:v52.3.82'
           imagePullPolicy: Always
           name: tracer
           env:
@@ -570,6 +575,10 @@ spec:
                 fieldPath: metadata.namespace
           - name: PROFILING_ENABLED
             value: 'false'
+          - name: SENTRY_ENABLED
+            value: 'false'
+          - name: SENTRY_ENVIRONMENT
+            value: 'production'
           resources:
             limits:
               cpu: 1000m
@@ -641,10 +650,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub
@@ -660,16 +669,16 @@ spec:
     metadata:
       labels:
         app.kubeshark.co/app: hub
-        helm.sh/chart: kubeshark-52.3.79
+        helm.sh/chart: kubeshark-52.3.82
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.3.79"
+        app.kubernetes.io/version: "52.3.82"
         app.kubernetes.io/managed-by: Helm
     spec:
       dnsPolicy: ClusterFirstWithHostNet
       serviceAccountName: kubeshark-service-account
       containers:
-        - name: kubeshark-hub
+        - name: hub
           command:
             - ./hub
             - -port
@@ -683,9 +692,15 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+          - name: SENTRY_ENABLED
+            value: 'false'
+          - name: SENTRY_ENVIRONMENT
+            value: 'production'
           - name: KUBESHARK_CLOUD_API_URL
             value: 'https://api.kubeshark.co'
-          image: 'docker.io/kubeshark/hub:v52.3.79'
+          - name: PROFILING_ENABLED
+            value: 'false'
+          image: 'docker.io/kubeshark/hub:v52.3.82'
           imagePullPolicy: Always
           readinessProbe:
             periodSeconds: 1
@@ -733,10 +748,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.co/app: front
-    helm.sh/chart: kubeshark-52.3.79
+    helm.sh/chart: kubeshark-52.3.82
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.79"
+    app.kubernetes.io/version: "52.3.82"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front
@@ -752,10 +767,10 @@ spec:
     metadata:
       labels:
         app.kubeshark.co/app: front
-        helm.sh/chart: kubeshark-52.3.79
+        helm.sh/chart: kubeshark-52.3.82
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.3.79"
+        app.kubernetes.io/version: "52.3.82"
         app.kubernetes.io/managed-by: Helm
     spec:
       containers:
@@ -784,7 +799,13 @@ spec:
               value: 'true'
             - name: REACT_APP_SUPPORT_CHAT_ENABLED
               value: 'true'
-          image: 'docker.io/kubeshark/front:v52.3.79'
+            - name: REACT_APP_DISSECTORS_UPDATING_ENABLED
+              value: 'true'
+            - name: REACT_APP_SENTRY_ENABLED
+              value: 'false'
+            - name: REACT_APP_SENTRY_ENVIRONMENT
+              value: 'production'
+          image: 'docker.io/kubeshark/front:v52.3.82'
           imagePullPolicy: Always
           name: kubeshark-front
           livenessProbe: