🔖 Bump the Helm chart version to 52.3.85

if one exists

Makefile

@@ -84,7 +84,8 @@ kubectl-view-kubeshark-resources: ## This command outputs all Kubernetes resourc
 	./kubectl.sh view-kubeshark-resources
 
 generate-helm-values: ## Generate the Helm values from config.yaml
-	./bin/kubeshark__ config > ./helm-chart/values.yaml && sed -i 's/^license:.*/license: ""/' helm-chart/values.yaml && sed -i '1i # find a detailed description here: https://github.com/kubeshark/kubeshark/blob/master/helm-chart/README.md' helm-chart/values.yaml 
+	mv ~/.kubeshark/config.yaml ~/.kubeshark/config.yaml.old; bin/kubeshark__ config>helm-chart/values.yaml;mv ~/.kubeshark/config.yaml.old ~/.kubeshark/config.yaml
+	sed -i 's/^license:.*/license: ""/' helm-chart/values.yaml && sed -i '1i # find a detailed description here: https://github.com/kubeshark/kubeshark/blob/master/helm-chart/README.md' helm-chart/values.yaml 
 
 generate-manifests: ## Generate the manifests from the Helm chart using default configuration
 	helm template kubeshark -n default ./helm-chart > ./manifests/complete.yaml
@@ -177,7 +178,7 @@ port-forward:
 	kubectl port-forward $$(kubectl get pods | awk '$$1 ~ /^$(POD_PREFIX)/' | awk 'END {print $$1}') $(SRC_PORT):$(DST_PORT)
 
 release:
-	@cd ../worker && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) ## && git push origin --tags
+	@cd ../worker && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../tracer && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../hub && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../front && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags

cmd/proxyRunner.go

@@ -92,13 +92,6 @@ func runProxy(block bool, noBrowser bool) {
 		establishedProxy = true
 		okToOpen("Kubeshark", frontUrl, noBrowser)
 	}
-	if config.Config.Scripting.Source != "" && config.Config.Scripting.WatchScripts {
-		watchScripts(kubernetesProvider, false)
-	}
-
-	if config.Config.Scripting.Console {
-		go runConsoleWithoutProxy()
-	}
 	if establishedProxy && block {
 		utils.WaitForTermination(ctx, cancel)
 	}

cmd/scripts.go

@@ -70,6 +70,7 @@ func createScript(provider *kubernetes.Provider, script misc.ConfigMapScript) (i
 	}
 	scripts[index] = script
 
+	log.Info().Str("title", script.Title).Bool("Active", script.Active).Int64("Index", index).Msg("Creating script")
 	var data []byte
 	data, err = json.Marshal(scripts)
 	if err != nil {
@@ -146,7 +147,7 @@ func watchScripts(provider *kubernetes.Provider, block bool) {
 		index, err := createScript(provider, script.ConfigMap())
 		if err != nil {
 			log.Error().Err(err).Send()
-			return
+			continue
 		}
 
 		files[script.Path] = index

config/configStruct.go

@@ -82,8 +82,8 @@ func CreateDefaultConfig() ConfigStruct {
 				"redis",
 				"sctp",
 				"syscall",
-				"tcp",
-				"udp",
+				// "tcp",
+				// "udp",
 				"ws",
 				"tls",
 			},

config/configStructs/tapConfig.go

@@ -152,7 +152,7 @@ type TelemetryConfig struct {
 }
 
 type ResourceGuardConfig struct {
-	Enabled bool `yaml:"enabled" json:"enabled" default:"false"`
+	Enabled bool `yaml:"enabled" json:"enabled" default:"true"`
 }
 
 type SentryConfig struct {
@@ -211,7 +211,7 @@ type TapConfig struct {
 	Namespaces                   []string              `yaml:"namespaces" json:"namespaces" default:"[]"`
 	ExcludedNamespaces           []string              `yaml:"excludedNamespaces" json:"excludedNamespaces" default:"[]"`
 	BpfOverride                  string                `yaml:"bpfOverride" json:"bpfOverride" default:""`
-	Stopped                      bool                  `yaml:"stopped" json:"stopped" default:"true"`
+	Stopped                      bool                  `yaml:"stopped" json:"stopped" default:"false"`
 	Release                      ReleaseConfig         `yaml:"release" json:"release"`
 	PersistentStorage            bool                  `yaml:"persistentStorage" json:"persistentStorage" default:"false"`
 	PersistentStorageStatic      bool                  `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"`
@@ -243,7 +243,7 @@ type TapConfig struct {
 	RecordingDisabled            bool                  `yaml:"recordingDisabled" json:"recordingDisabled" default:"false"`
 	StopTrafficCapturingDisabled bool                  `yaml:"stopTrafficCapturingDisabled" json:"stopTrafficCapturingDisabled" default:"false"`
 	Capabilities                 CapabilitiesConfig    `yaml:"capabilities" json:"capabilities"`
-	GlobalFilter                 string                `yaml:"globalFilter" json:"globalFilter" default:"timestamp>now()"`
+	GlobalFilter                 string                `yaml:"globalFilter" json:"globalFilter" default:""`
 	EnabledDissectors            []string              `yaml:"enabledDissectors" json:"enabledDissectors"`
 	Metrics                      MetricsConfig         `yaml:"metrics" json:"metrics"`
 	Pprof                        PprofConfig           `yaml:"pprof" json:"pprof"`

helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kubeshark
-version: "52.3.84"
+version: "52.3.85"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.co
 keywords:

helm-chart/README.md

@@ -123,7 +123,7 @@ Please refer to [metrics](./metrics.md) documentation for details.
 | `tap.namespaces`                          | Target pods in namespaces                     | `[]`                                                    |
 | `tap.excludedNamespaces`                  | Exclude pods in namespaces                    | `[]`                                                    |
 | `tap.bpfOverride`                         | When using AF_PACKET as a traffic capture backend, override any existing pod targeting rules and set explicit BPF expression (e.g. `net 0.0.0.0/0`).                                                          | `[]`                                                    |
-| `tap.stopped`                             | Set to `false` to have traffic processing start automatically. When set to `true`, traffic processing is stopped by default, resulting in almost no resource consumption (e.g. Kubeshark is dormant). This property can be dynamically control via the dashboard.      | `true`                                                                                                                                                |
+| `tap.stopped`                             | Set to `false` to have traffic processing start automatically. When set to `true`, traffic processing is stopped by default, resulting in almost no resource consumption (e.g. Kubeshark is dormant). This property can be dynamically control via the dashboard.      | `false`                                                                                                                                                |
 | `tap.release.repo`                        | URL of the Helm chart repository              | `https://helm.kubeshark.co`                             |
 | `tap.release.name`                        | Helm release name                             | `kubeshark`                                             |
 | `tap.release.namespace`                   | Helm release namespace                        | `default`                                               |
@@ -172,13 +172,13 @@ Please refer to [metrics](./metrics.md) documentation for details.
 | `tap.kernelModule.image`                  | Container image containing PF_RING kernel module with supported kernel version([details](PF_RING.md))      | "kubeshark/pf-ring-module:all"                                                 |
 | `tap.kernelModule.unloadOnDestroy`        | Create additional container which watches for pod termination and unloads PF_RING kernel module. | `false`|
 | `tap.telemetry.enabled`                   | Enable anonymous usage statistics collection           | `true`                                                  |
-| `tap.resourceGuard.enabled`               | Enable resource guard worker process, which watches RAM/disk usage and enables/disables traffic capture based on available resources | `false` |
+| `tap.resourceGuard.enabled`               | Enable resource guard worker process, which watches RAM/disk usage and enables/disables traffic capture based on available resources. This means that for any specific node, if resource utilization (CPU, memory, disk) reaches 90% traffic capture will stop automatically. Traffic capture will restart once resources go back to below the 90% level. | `true` |
 | `tap.sentry.enabled`                      | Enable sending of error logs to Sentry          | `false`                                                  |
 | `tap.sentry.environment`                      | Sentry environment to label error logs with      | `production`                                                  |
 | `tap.defaultFilter`                       | Sets the default dashboard KFL filter (e.g. `http`). By default, this value is set to filter out noisy protocols such as DNS, UDP, ICMP and TCP. The user can easily change this in the Dashboard. You can also change this value to change this behavior.        | `"!dns and !tcp and !udp and !icmp"`                                                  |
-| `tap.globalFilter`                        | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field. Another example `!dns` will not show any DNS traffic.      | `"timestamp>now()"`                                        |
+| `tap.globalFilter`                        | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field. Another example `!dns` will not show any DNS traffic.      | `""`                                        |
 | `tap.metrics.port`                  | Pod port used to expose Prometheus metrics          | `49100`                                                  |
-| `tap.enabledDissectors`                   | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list includes: amqp, dns , http, icmp, kafka, redis,sctp, syscall, tcp, ws.  |
+| `tap.enabledDissectors`                   | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `dns` and `tcp` |
 | `logs.file`                               | Logs dump path                      | `""`                                                    |
 | `pcapdump.enabled`                        | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools                 | `true`                                                                                                  |
 | `pcapdump.maxTime`                        | The time window into the past that will be stored. Older traffic will be discarded.  | `2h`  |

helm-chart/templates/02-cluster-role.yaml

@@ -33,6 +33,17 @@ rules:
       - get
     resourceNames:
       - kube-system
+  - apiGroups:
+    - networking.k8s.io
+    resources:
+    - networkpolicies
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role

helm-chart/templates/06-front-deployment.yaml

@@ -106,17 +106,6 @@ spec:
               mountPath: /etc/nginx/conf.d/default.conf
               subPath: default.conf
               readOnly: true
-      initContainers:
-      - name: wait-for-kubeshark-hub
-        image: busybox
-        command:
-        - sh
-        - -c
-        - |
-          until nc -z kubeshark-hub 80; do
-            echo "Waiting for kubeshark-hub to be ready..."
-            sleep 5
-          done
       volumes:
         - name: nginx-config
           configMap:

helm-chart/values.yaml

@@ -22,7 +22,7 @@ tap:
   namespaces: []
   excludedNamespaces: []
   bpfOverride: ""
-  stopped: true
+  stopped: false
   release:
     repo: https://helm.kubeshark.co
     name: kubeshark
@@ -99,7 +99,7 @@ tap:
   telemetry:
     enabled: true
   resourceGuard:
-    enabled: false
+    enabled: true
   sentry:
     enabled: false
     environment: production
@@ -124,7 +124,7 @@ tap:
     - SYS_PTRACE
     - SYS_RESOURCE
     - IPC_LOCK
-  globalFilter: timestamp>now()
+  globalFilter: ""
   enabledDissectors:
   - amqp
   - dns
@@ -134,8 +134,6 @@ tap:
   - redis
   - sctp
   - syscall
-  - tcp
-  - udp
   - ws
   - tls
   metrics:

kubernetes/config.go

@@ -84,7 +84,16 @@ func SetConfig(provider *Provider, key string, value string) (updated bool, err
 	_, err = provider.clientSet.CoreV1().ConfigMaps(config.Config.Tap.Release.Namespace).Update(context.TODO(), configMap, metav1.UpdateOptions{})
 	if err == nil {
 		if updated {
-			log.Info().Str("config", key).Str("value", value).Msg("Updated:")
+			log.Info().
+				Str("config", key).
+				Str("value", func() string {
+					if len(value) > 10 {
+						return value[:10]
+					}
+					return value
+				}()).
+				Int("length", len(value)).
+				Msg("Updated. Printing only 10 first characters of value:")
 		}
 	} else {
 		log.Error().Str("config", key).Err(err).Send()

manifests/complete.yaml

@@ -4,10 +4,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub-network-policy
@@ -31,10 +31,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front-network-policy
@@ -58,10 +58,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-worker-network-policy
@@ -87,10 +87,10 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-service-account
@@ -104,10 +104,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
 stringData:
     LICENSE: ''
@@ -121,10 +121,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
 stringData:
   AUTH_SAML_X509_CRT: |
@@ -137,10 +137,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
 stringData:
   AUTH_SAML_X509_KEY: |
@@ -152,10 +152,10 @@ metadata:
   name: kubeshark-nginx-config-map
   namespace: default
   labels:
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
 data:
   default.conf: |
@@ -216,17 +216,17 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
 data:
     POD_REGEX: '.*'
     NAMESPACES: ''
     EXCLUDED_NAMESPACES: ''
     BPF_OVERRIDE: ''
-    STOPPED: 'true'
+    STOPPED: 'false'
     SCRIPTING_SCRIPTS: '{}'
     SCRIPTING_ACTIVE_SCRIPTS: ''
     INGRESS_ENABLED: 'false'
@@ -243,7 +243,7 @@ data:
     PRESET_FILTERS_CHANGING_ENABLED: 'true'
     RECORDING_DISABLED: ''
     STOP_TRAFFIC_CAPTURING_DISABLED: 'false'
-    GLOBAL_FILTER: "timestamp>now()"
+    GLOBAL_FILTER: ""
     DEFAULT_FILTER: "!dns and !tcp and !udp and !icmp"
     TRAFFIC_SAMPLE_RATE: '100'
     JSON_TTL: '5m'
@@ -252,7 +252,7 @@ data:
     TIMEZONE: ' '
     CLOUD_LICENSE_ENABLED: 'true'
     DUPLICATE_TIMEFRAME: '200ms'
-    ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,sctp,syscall,tcp,udp,ws,tls'
+    ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,sctp,syscall,ws,tls'
     DISSECTORS_UPDATING_ENABLED: 'true'
     DETECT_DUPLICATES: 'false'
     PCAP_DUMP_ENABLE: 'true'
@@ -266,10 +266,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-cluster-role-default
@@ -297,16 +297,27 @@ rules:
       - get
     resourceNames:
       - kube-system
+  - apiGroups:
+    - networking.k8s.io
+    resources:
+    - networkpolicies
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
 ---
 # Source: kubeshark/templates/03-cluster-role-binding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-cluster-role-binding-default
@@ -325,10 +336,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role
@@ -355,10 +366,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role-binding
@@ -378,10 +389,10 @@ kind: Service
 metadata:
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub
@@ -400,10 +411,10 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front
@@ -422,10 +433,10 @@ kind: Service
 apiVersion: v1
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
     prometheus.io/scrape: 'true'
@@ -435,10 +446,10 @@ metadata:
 spec:
   selector:
     app.kubeshark.co/app: worker
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   ports:
   - name: metrics
@@ -453,10 +464,10 @@ metadata:
   labels:
     app.kubeshark.co/app: worker
     sidecar.istio.io/inject: "false"
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-worker-daemon-set
@@ -471,10 +482,10 @@ spec:
     metadata:
       labels:
         app.kubeshark.co/app: worker
-        helm.sh/chart: kubeshark-52.3.84
+        helm.sh/chart: kubeshark-52.3.85
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.3.84"
+        app.kubernetes.io/version: "52.3.85"
         app.kubernetes.io/managed-by: Helm
       name: kubeshark-worker-daemon-set
       namespace: kubeshark
@@ -495,11 +506,12 @@ spec:
             - -procfs
             - /hostproc
             - -disable-ebpf
+            - -enable-resource-guard
             - -resolution-strategy
             - 'auto'
             - -staletimeout
             - '30'
-          image: 'docker.io/kubeshark/worker:v52.3.84'
+          image: 'docker.io/kubeshark/worker:v52.3.85'
           imagePullPolicy: Always
           name: sniffer
           ports:
@@ -573,7 +585,7 @@ spec:
             - /hostproc
             - -disable-ebpf
             - -disable-tls-log
-          image: 'docker.io/kubeshark/worker:v52.3.84'
+          image: 'docker.io/kubeshark/worker:v52.3.85'
           imagePullPolicy: Always
           name: tracer
           env:
@@ -669,10 +681,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub
@@ -688,10 +700,10 @@ spec:
     metadata:
       labels:
         app.kubeshark.co/app: hub
-        helm.sh/chart: kubeshark-52.3.84
+        helm.sh/chart: kubeshark-52.3.85
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.3.84"
+        app.kubernetes.io/version: "52.3.85"
         app.kubernetes.io/managed-by: Helm
     spec:
       dnsPolicy: ClusterFirstWithHostNet
@@ -719,7 +731,7 @@ spec:
             value: 'https://api.kubeshark.co'
           - name: PROFILING_ENABLED
             value: 'false'
-          image: 'docker.io/kubeshark/hub:v52.3.84'
+          image: 'docker.io/kubeshark/hub:v52.3.85'
           imagePullPolicy: Always
           readinessProbe:
             periodSeconds: 1
@@ -767,10 +779,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.co/app: front
-    helm.sh/chart: kubeshark-52.3.84
+    helm.sh/chart: kubeshark-52.3.85
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.3.84"
+    app.kubernetes.io/version: "52.3.85"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front
@@ -786,10 +798,10 @@ spec:
     metadata:
       labels:
         app.kubeshark.co/app: front
-        helm.sh/chart: kubeshark-52.3.84
+        helm.sh/chart: kubeshark-52.3.85
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.3.84"
+        app.kubernetes.io/version: "52.3.85"
         app.kubernetes.io/managed-by: Helm
     spec:
       containers:
@@ -824,7 +836,7 @@ spec:
               value: 'false'
             - name: REACT_APP_SENTRY_ENVIRONMENT
               value: 'production'
-          image: 'docker.io/kubeshark/front:v52.3.84'
+          image: 'docker.io/kubeshark/front:v52.3.85'
           imagePullPolicy: Always
           name: kubeshark-front
           livenessProbe:
@@ -854,17 +866,6 @@ spec:
               mountPath: /etc/nginx/conf.d/default.conf
               subPath: default.conf
               readOnly: true
-      initContainers:
-      - name: wait-for-kubeshark-hub
-        image: busybox
-        command:
-        - sh
-        - -c
-        - |
-          until nc -z kubeshark-hub 80; do
-            echo "Waiting for kubeshark-hub to be ready..."
-            sleep 5
-          done
       volumes:
         - name: nginx-config
           configMap: