🔖 Bump the Helm chart version to 52.5.0

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>

Makefile

@@ -182,7 +182,11 @@ release:
 	@cd ../tracer && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../hub && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd ../front && git checkout master && git pull && git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
-	@cd ../kubeshark && git checkout master && git pull && sed -i "s/^version:.*/version: \"$(shell echo $(VERSION) | sed -E 's/^([0-9]+\.[0-9]+)\..*/\1/')\"/" helm-chart/Chart.yaml && make && make generate-helm-values && make generate-manifests
+	@cd ../kubeshark && git checkout master && git pull && sed -i "s/^version:.*/version: \"$(shell echo $(VERSION) | sed -E 's/^([0-9]+\.[0-9]+)\..*/\1/')\"/" helm-chart/Chart.yaml && make
+	@if [ "$(shell uname)" = "Darwin" ]; then \
+		codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/kubeshark__; \
+	fi
+	@make generate-helm-values && make generate-manifests
 	@git add -A . && git commit -m ":bookmark: Bump the Helm chart version to $(VERSION)" && git push
 	@git tag -d v$(VERSION); git tag v$(VERSION) && git push origin --tags
 	@cd helm-chart && rm -r ../../kubeshark.github.io/charts/chart/* && cp -r . ../../kubeshark.github.io/charts/chart

cmd/pcapDumpRunner.go

@@ -341,13 +341,18 @@ func copyPcapFiles(clientset *kubernetes.Clientset, config *rest.Config, destDir
 
 	// Remove the original files after merging
 	for _, file := range copiedFiles {
-		if err := os.Remove(file); err != nil {
+		if err = os.Remove(file); err != nil {
 			log.Debug().Err(err).Msgf("error removing file %s", file)
 		}
 	}
 
+	clusterID, err := getClusterID(clientset)
+	if err != nil {
+		return fmt.Errorf("failed to get cluster ID: %w", err)
+	}
+	timestamp := time.Now().Format("2006-01-02_15-04")
 	// Rename the temp file to the final name
-	finalMergedFile := strings.TrimSuffix(tempMergedFile, "_temp")
+	finalMergedFile := filepath.Join(destDir, fmt.Sprintf("%s-%s.pcap", clusterID, timestamp))
 	err = os.Rename(tempMergedFile, finalMergedFile)
 	if err != nil {
 		return err
@@ -356,3 +361,11 @@ func copyPcapFiles(clientset *kubernetes.Clientset, config *rest.Config, destDir
 	log.Info().Msgf("Merged file created: %s", finalMergedFile)
 	return nil
 }
+
+func getClusterID(clientset *kubernetes.Clientset) (string, error) {
+	namespace, err := clientset.CoreV1().Namespaces().Get(context.TODO(), "kube-system", metav1.GetOptions{})
+	if err != nil {
+		return "", fmt.Errorf("failed to get kube-system namespace UID: %w", err)
+	}
+	return string(namespace.UID), nil
+}

cmd/tap.go

@@ -58,7 +58,6 @@ func init() {
 	tapCmd.Flags().Bool(configStructs.DryRunLabel, defaultTapConfig.DryRun, "Preview of all pods matching the regex, without tapping them")
 	tapCmd.Flags().Bool(configStructs.ServiceMeshLabel, defaultTapConfig.ServiceMesh, "Capture the encrypted traffic if the cluster is configured with a service mesh and with mTLS")
 	tapCmd.Flags().Bool(configStructs.TlsLabel, defaultTapConfig.Tls, "Capture the traffic that's encrypted with OpenSSL or Go crypto/tls libraries")
-	tapCmd.Flags().Bool(configStructs.IgnoreTaintedLabel, defaultTapConfig.IgnoreTainted, "Ignore tainted pods while running Worker DaemonSet")
 	tapCmd.Flags().Bool(configStructs.IngressEnabledLabel, defaultTapConfig.Ingress.Enabled, "Enable Ingress")
 	tapCmd.Flags().Bool(configStructs.TelemetryEnabledLabel, defaultTapConfig.Telemetry.Enabled, "Enable/disable Telemetry")
 	tapCmd.Flags().Bool(configStructs.ResourceGuardEnabledLabel, defaultTapConfig.ResourceGuard.Enabled, "Enable/disable resource guard")

config/configStruct.go

@@ -51,6 +51,14 @@ func CreateDefaultConfig() ConfigStruct {
 					},
 				},
 			},
+			Tolerations: configStructs.TolerationsConfig{
+				Workers: []v1.Toleration{
+					{
+						Effect:   v1.TaintEffect("NoExecute"),
+						Operator: v1.TolerationOpExists,
+					},
+				},
+			},
 			SecurityContext: configStructs.SecurityContextConfig{
 				Privileged: true,
 				// Capabilities used only when running in unprivileged mode
@@ -150,6 +158,8 @@ type ConfigStruct struct {
 	HeadlessMode         bool                          `yaml:"headless" json:"headless" default:"false"`
 	License              string                        `yaml:"license" json:"license" default:""`
 	CloudLicenseEnabled  bool                          `yaml:"cloudLicenseEnabled" json:"cloudLicenseEnabled" default:"true"`
+	AiAssistantEnabled   bool                          `yaml:"aiAssistantEnabled" json:"aiAssistantEnabled" default:"false"`
+	DemoModeEnabled      bool                          `yaml:"demoModeEnabled" json:"demoModeEnabled" default:"false"`
 	SupportChatEnabled   bool                          `yaml:"supportChatEnabled" json:"supportChatEnabled" default:"true"`
 	InternetConnectivity bool                          `yaml:"internetConnectivity" json:"internetConnectivity" default:"true"`
 	Scripting            configStructs.ScriptingConfig `yaml:"scripting" json:"scripting"`

config/configStructs/tapConfig.go

@@ -139,6 +139,12 @@ type NodeSelectorTermsConfig struct {
 	Front   []v1.NodeSelectorTerm `yaml:"front" json:"front" default:"[]"`
 }
 
+type TolerationsConfig struct {
+	Hub     []v1.Toleration `yaml:"hub" json:"hub" default:"[]"`
+	Workers []v1.Toleration `yaml:"workers" json:"workers" default:"[]"`
+	Front   []v1.Toleration `yaml:"front" json:"front" default:"[]"`
+}
+
 type ProbeConfig struct {
 	InitialDelaySeconds int `yaml:"initialDelaySeconds" json:"initialDelaySeconds" default:"15"`
 	PeriodSeconds       int `yaml:"periodSeconds" json:"periodSeconds" default:"10"`
@@ -292,10 +298,10 @@ type TapConfig struct {
 	Tls                          bool                    `yaml:"tls" json:"tls" default:"true"`
 	DisableTlsLog                bool                    `yaml:"disableTlsLog" json:"disableTlsLog" default:"true"`
 	PacketCapture                string                  `yaml:"packetCapture" json:"packetCapture" default:"best"`
-	IgnoreTainted                bool                    `yaml:"ignoreTainted" json:"ignoreTainted" default:"false"`
 	Labels                       map[string]string       `yaml:"labels" json:"labels" default:"{}"`
 	Annotations                  map[string]string       `yaml:"annotations" json:"annotations" default:"{}"`
 	NodeSelectorTerms            NodeSelectorTermsConfig `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"{}"`
+	Tolerations                  TolerationsConfig       `yaml:"tolerations" json:"tolerations" default:"{}"`
 	Auth                         AuthConfig              `yaml:"auth" json:"auth"`
 	Ingress                      IngressConfig           `yaml:"ingress" json:"ingress"`
 	IPv6                         bool                    `yaml:"ipv6" json:"ipv6" default:"true"`
@@ -313,6 +319,7 @@ type TapConfig struct {
 	Pprof                        PprofConfig             `yaml:"pprof" json:"pprof"`
 	Misc                         MiscConfig              `yaml:"misc" json:"misc"`
 	SecurityContext              SecurityContextConfig   `yaml:"securityContext" json:"securityContext"`
+	MountBpf                     bool                    `yaml:"mountBpf" json:"mountBpf" default:"true"`
 }
 
 func (config *TapConfig) PodRegex() *regexp.Regexp {

helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kubeshark
-version: "52.4"
+version: "52.5"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.co
 keywords:

helm-chart/README.md

@@ -174,12 +174,14 @@ Example for overriding image names:
 | `tap.serviceMesh`                         | Capture traffic from service meshes like Istio, Linkerd, Consul, etc.          | `true`                                                  |
 | `tap.tls`                                 | Capture the encrypted/TLS traffic from cryptography libraries like OpenSSL                         | `true`                                                  |
 | `tap.disableTlsLog`                       | Suppress logging for TLS/eBPF                 | `true`                                                 |
-| `tap.ignoreTainted`                       | Whether to ignore tainted nodes               | `false`                                                 |
 | `tap.labels`                              | Kubernetes labels to apply to all Kubeshark resources  | `{}`                                                    |
 | `tap.annotations`                         | Kubernetes annotations to apply to all Kubeshark resources | `{}`                                                |
-| `tap.nodeSelectorTerms.Workers`                   | Node selector terms for workers components                       | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` |
-| `tap.nodeSelectorTerms.Hub`                   | Node selector terms for hub component                 | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` |
-| `tap.nodeSelectorTerms.Front`                   | Node selector terms for front-end component                         | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` |
+| `tap.nodeSelectorTerms.workers`                   | Node selector terms for workers components                       | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` |
+| `tap.nodeSelectorTerms.hub`                   | Node selector terms for hub component                 | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` |
+| `tap.nodeSelectorTerms.front`                   | Node selector terms for front-end component                         | `[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]` |
+| `tap.tolerations.workers`                  | Tolerations for workers components                         | `[ {"operator": "Exists", "effect": "NoExecute"}` |
+| `tap.tolerations.hub`                  | Tolerations for hub component                         | `[]` |
+| `tap.tolerations.front`                  | Tolerations for front-end component                         | `[]` |
 | `tap.auth.enabled`                        | Enable authentication                         | `false`                                                 |
 | `tap.auth.type`                           | Authentication type (1 option available: `saml`)      | `saml`                                              |
 | `tap.auth.approvedEmails`                 | List of approved email addresses for authentication              | `[]`                                                    |
@@ -205,6 +207,7 @@ Example for overriding image names:
 | `tap.globalFilter`                        | Prepends to any KFL filter and can be used to limit what is visible in the dashboard. For example, `redact("request.headers.Authorization")` will redact the appropriate field. Another example `!dns` will not show any DNS traffic.      | `""`                                        |
 | `tap.metrics.port`                  | Pod port used to expose Prometheus metrics          | `49100`                                                  |
 | `tap.enabledDissectors`                   | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `udp` and `tcp` |
+| `tap.mountBpf`                            | BPF filesystem needs to be mounted for eBPF to work properly. This helm value determines whether Kubeshark will attempt to mount the filesystem. This option is not required if filesystem is already mounts. │ `true`|
 | `logs.file`                               | Logs dump path                      | `""`                                                    |
 | `pcapdump.enabled`                        | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools                 | `true`                                                                                                  |
 | `pcapdump.maxTime`                        | The time window into the past that will be stored. Older traffic will be discarded.  | `2h`  |

helm-chart/templates/04-hub-deployment.yaml

@@ -128,6 +128,22 @@ spec:
         {{- end }}
         {{- end }}
       {{- end }}
+      {{- if .Values.tap.tolerations.hub }}
+      tolerations:
+      {{- range .Values.tap.tolerations.hub }}
+        - key: {{ .key | quote }}
+          operator: {{ .operator | quote }}
+          {{- if .value }}
+          value: {{ .value | quote }}
+          {{- end }}
+          {{- if .effect }}
+          effect: {{ .effect | quote }}
+          {{- end }}
+          {{- if .tolerationSeconds }}
+          tolerationSeconds: {{ .tolerationSeconds }}
+          {{- end }}
+      {{- end }}
+      {{- end }}
       volumes:
       - name: saml-x509-volume
         projected:

helm-chart/templates/06-front-deployment.yaml

@@ -37,13 +37,21 @@ spec:
             - name: REACT_APP_TIMEZONE
               value: '{{ not (eq .Values.timezone "") | ternary .Values.timezone " " }}'
             - name: REACT_APP_SCRIPTING_DISABLED
-              value: '{{ .Values.tap.liveConfigMapChangesDisabled }}'
+              value: '{{- if .Values.tap.liveConfigMapChangesDisabled -}}
+                        {{- if .Values.demoModeEnabled -}}
+                          {{ .Values.demoModeEnabled | ternary false true }}
+                        {{- else -}}
+                          true
+                        {{- end }}
+                      {{- else -}}
+                        false
+                      {{- end }}'
             - name: REACT_APP_TARGETED_PODS_UPDATE_DISABLED
               value: '{{ .Values.tap.liveConfigMapChangesDisabled }}'
             - name: REACT_APP_PRESET_FILTERS_CHANGING_ENABLED
               value: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "false" "true" }}'
             - name: REACT_APP_BPF_OVERRIDE_DISABLED
-              value: '{{ eq .Values.tap.packetCapture "ebpf" | ternary "true" "false" }}'
+              value: '{{ eq .Values.tap.packetCapture "af_packet" | ternary "false" "true" }}'
             - name: REACT_APP_RECORDING_DISABLED
               value: '{{ .Values.tap.liveConfigMapChangesDisabled }}'
             - name: REACT_APP_STOP_TRAFFIC_CAPTURING_DISABLED
@@ -58,6 +66,8 @@ spec:
                       {{- else -}}
                         {{ .Values.cloudLicenseEnabled }}
                       {{- end }}'
+            - name: 'REACT_APP_AI_ASSISTANT_ENABLED'
+              value: '{{ .Values.aiAssistantEnabled | ternary "true" "false" }}'
             - name: REACT_APP_SUPPORT_CHAT_ENABLED
               value: '{{ and .Values.supportChatEnabled .Values.internetConnectivity | ternary "true" "false" }}'
             - name: REACT_APP_DISSECTORS_UPDATING_ENABLED
@@ -139,6 +149,22 @@ spec:
         {{- end }}
         {{- end }}
       {{- end }}
+      {{- if .Values.tap.tolerations.front }}
+      tolerations:
+      {{- range .Values.tap.tolerations.front }}
+        - key: {{ .key | quote }}
+          operator: {{ .operator | quote }}
+          {{- if .value }}
+          value: {{ .value | quote }}
+          {{- end }}
+          {{- if .effect }}
+          effect: {{ .effect | quote }}
+          {{- end }}
+          {{- if .tolerationSeconds }}
+          tolerationSeconds: {{ .tolerationSeconds }}
+          {{- end }}
+      {{- end }}
+      {{- end }}
       volumes:
         - name: nginx-config
           configMap:

helm-chart/templates/09-worker-daemon-set.yaml

@@ -311,14 +311,22 @@ spec:
       dnsPolicy: ClusterFirstWithHostNet
       hostNetwork: true
       serviceAccountName: {{ include "kubeshark.serviceAccountName" . }}
-      terminationGracePeriodSeconds: 0
+      {{- if .Values.tap.tolerations.workers }}
       tolerations:
-        - effect: NoExecute
-          operator: Exists
-{{- if not .Values.tap.ignoreTainted }}
-        - effect: NoSchedule
-          operator: Exists
-{{- end }}
+      {{- range .Values.tap.tolerations.workers }}
+        - key: {{ .key | quote }}
+          operator: {{ .operator | quote }}
+          {{- if .value }}
+          value: {{ .value | quote }}
+          {{- end }}
+          {{- if .effect }}
+          effect: {{ .effect | quote }}
+          {{- end }}
+          {{- if .tolerationSeconds }}
+          tolerationSeconds: {{ .tolerationSeconds }}
+          {{- end }}
+      {{- end }}
+      {{- end }}
     {{- if .Values.tap.docker.imagePullSecrets }}
       imagePullSecrets:
         {{- range .Values.tap.docker.imagePullSecrets }}

helm-chart/templates/12-config-map.yaml

@@ -27,7 +27,15 @@ data:
     AUTH_SAML_ROLE_ATTRIBUTE: '{{ .Values.tap.auth.saml.roleAttribute }}'
     AUTH_SAML_ROLES: '{{ .Values.tap.auth.saml.roles | toJson }}'
     TELEMETRY_DISABLED: '{{ not .Values.internetConnectivity | ternary "true" (not .Values.tap.telemetry.enabled | ternary "true" "false") }}'
-    SCRIPTING_DISABLED: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "true" "" }}'
+    SCRIPTING_DISABLED: '{{- if .Values.tap.liveConfigMapChangesDisabled -}}
+                           {{- if .Values.demoModeEnabled -}}
+                             {{ .Values.demoModeEnabled | ternary false true }}
+                           {{- else -}}
+                             true
+                           {{- end }}
+                         {{- else -}}
+                           false
+                         {{- end }}'
     TARGETED_PODS_UPDATE_DISABLED: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "true" "" }}'
     PRESET_FILTERS_CHANGING_ENABLED: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "false" "true" }}'
     RECORDING_DISABLED: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "true" "" }}'
@@ -48,6 +56,7 @@ data:
                             {{- else -}}
                               {{ .Values.cloudLicenseEnabled }}
                             {{- end }}'
+    AI_ASSISTANT_ENABLED: '{{ .Values.aiAssistantEnabled | ternary "true" "false" }}'
     DUPLICATE_TIMEFRAME: '{{ .Values.tap.misc.duplicateTimeframe }}'
     ENABLED_DISSECTORS: '{{ gt (len .Values.tap.enabledDissectors) 0 | ternary (join "," .Values.tap.enabledDissectors) "" }}'
     CUSTOM_MACROS: '{{ toJson .Values.tap.customMacros }}'

helm-chart/values.yaml

@@ -78,7 +78,6 @@ tap:
   tls: true
   disableTlsLog: true
   packetCapture: best
-  ignoreTainted: false
   labels: {}
   annotations: {}
   nodeSelectorTerms:
@@ -100,6 +99,12 @@ tap:
         operator: In
         values:
         - linux
+  tolerations:
+    hub: []
+    workers:
+    - operator: Exists
+      effect: NoExecute
+    front: []
   auth:
     enabled: false
     type: saml
@@ -209,6 +214,7 @@ tap:
       - SYS_PTRACE
       - SYS_RESOURCE
       - IPC_LOCK
+  mountBpf: true
 logs:
   file: ""
   grep: ""
@@ -227,6 +233,8 @@ dumpLogs: false
 headless: false
 license: ""
 cloudLicenseEnabled: true
+aiAssistantEnabled: false
+demoModeEnabled: false
 supportChatEnabled: true
 internetConnectivity: true
 scripting:

manifests/complete.yaml

@@ -4,10 +4,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub-network-policy
@@ -34,10 +34,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front-network-policy
@@ -61,10 +61,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-worker-network-policy
@@ -90,10 +90,10 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-service-account
@@ -107,10 +107,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
 stringData:
     LICENSE: ''
@@ -124,10 +124,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
 stringData:
   AUTH_SAML_X509_CRT: |
@@ -140,10 +140,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
 stringData:
   AUTH_SAML_X509_KEY: |
@@ -155,10 +155,10 @@ metadata:
   name: kubeshark-nginx-config-map
   namespace: default
   labels:
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
 data:
   default.conf: |
@@ -219,10 +219,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
 data:
     POD_REGEX: '.*'
@@ -241,7 +241,7 @@ data:
     AUTH_SAML_ROLE_ATTRIBUTE: 'role'
     AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canStopTrafficCapturing":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","scriptingPermissions":{"canActivate":true,"canDelete":true,"canSave":true},"showAdminConsoleLink":true}}'
     TELEMETRY_DISABLED: 'false'
-    SCRIPTING_DISABLED: ''
+    SCRIPTING_DISABLED: 'false'
     TARGETED_PODS_UPDATE_DISABLED: ''
     PRESET_FILTERS_CHANGING_ENABLED: 'true'
     RECORDING_DISABLED: ''
@@ -254,6 +254,7 @@ data:
     PCAP_ERROR_TTL: '60s'
     TIMEZONE: ' '
     CLOUD_LICENSE_ENABLED: 'true'
+    AI_ASSISTANT_ENABLED: 'false'
     DUPLICATE_TIMEFRAME: '200ms'
     ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,sctp,syscall,ws,ldap,radius,diameter'
     CUSTOM_MACROS: '{"https":"tls and (http or http2)"}'
@@ -270,10 +271,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-cluster-role-default
@@ -318,10 +319,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-cluster-role-binding-default
@@ -340,10 +341,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role
@@ -370,10 +371,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role-binding
@@ -393,10 +394,10 @@ kind: Service
 metadata:
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub
@@ -415,10 +416,10 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front
@@ -437,10 +438,10 @@ kind: Service
 apiVersion: v1
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
     prometheus.io/scrape: 'true'
@@ -450,10 +451,10 @@ metadata:
 spec:
   selector:
     app.kubeshark.co/app: worker
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   ports:
   - name: metrics
@@ -466,10 +467,10 @@ kind: Service
 apiVersion: v1
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
     prometheus.io/scrape: 'true'
@@ -479,10 +480,10 @@ metadata:
 spec:
   selector:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   ports:
   - name: metrics
@@ -497,10 +498,10 @@ metadata:
   labels:
     app.kubeshark.co/app: worker
     sidecar.istio.io/inject: "false"
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-worker-daemon-set
@@ -515,14 +516,28 @@ spec:
     metadata:
       labels:
         app.kubeshark.co/app: worker
-        helm.sh/chart: kubeshark-52.4
+        helm.sh/chart: kubeshark-52.5
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.4"
+        app.kubernetes.io/version: "52.5"
         app.kubernetes.io/managed-by: Helm
       name: kubeshark-worker-daemon-set
       namespace: kubeshark
     spec:
+      initContainers:
+        - command:
+          - /bin/sh
+          - -c
+          - mkdir -p /sys/fs/bpf && mount | grep -q '/sys/fs/bpf' || mount -t bpf bpf /sys/fs/bpf
+          image: 'docker.io/kubeshark/worker:v52.5'
+          imagePullPolicy: Always
+          name: mount-bpf
+          securityContext:
+            privileged: true
+          volumeMounts:
+          - mountPath: /sys
+            name: sys
+            mountPropagation: Bidirectional
       containers:
         - command:
             - ./worker
@@ -543,7 +558,7 @@ spec:
             - 'auto'
             - -staletimeout
             - '30'
-          image: 'docker.io/kubeshark/worker:v52.4'
+          image: 'docker.io/kubeshark/worker:v52.5'
           imagePullPolicy: Always
           name: sniffer
           ports:
@@ -617,7 +632,7 @@ spec:
             - -disable-tls-log
             - -loglevel
             - 'warning'
-          image: 'docker.io/kubeshark/worker:v52.4'
+          image: 'docker.io/kubeshark/worker:v52.5'
           imagePullPolicy: Always
           name: tracer
           env:
@@ -670,12 +685,10 @@ spec:
       dnsPolicy: ClusterFirstWithHostNet
       hostNetwork: true
       serviceAccountName: kubeshark-service-account
-      terminationGracePeriodSeconds: 0
       tolerations:
-        - effect: NoExecute
-          operator: Exists
-        - effect: NoSchedule
-          operator: Exists
+        - key: 
+          operator: "Exists"
+          effect: "NoExecute"
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -711,10 +724,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub
@@ -730,10 +743,10 @@ spec:
     metadata:
       labels:
         app.kubeshark.co/app: hub
-        helm.sh/chart: kubeshark-52.4
+        helm.sh/chart: kubeshark-52.5
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.4"
+        app.kubernetes.io/version: "52.5"
         app.kubernetes.io/managed-by: Helm
     spec:
       dnsPolicy: ClusterFirstWithHostNet
@@ -763,7 +776,7 @@ spec:
             value: 'https://api.kubeshark.co'
           - name: PROFILING_ENABLED
             value: 'false'
-          image: 'docker.io/kubeshark/hub:v52.4'
+          image: 'docker.io/kubeshark/hub:v52.5'
           imagePullPolicy: Always
           readinessProbe:
             periodSeconds: 10
@@ -826,10 +839,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.co/app: front
-    helm.sh/chart: kubeshark-52.4
+    helm.sh/chart: kubeshark-52.5
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.4"
+    app.kubernetes.io/version: "52.5"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front
@@ -845,10 +858,10 @@ spec:
     metadata:
       labels:
         app.kubeshark.co/app: front
-        helm.sh/chart: kubeshark-52.4
+        helm.sh/chart: kubeshark-52.5
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.4"
+        app.kubernetes.io/version: "52.5"
         app.kubernetes.io/managed-by: Helm
     spec:
       containers:
@@ -868,13 +881,15 @@ spec:
             - name: REACT_APP_PRESET_FILTERS_CHANGING_ENABLED
               value: 'true'
             - name: REACT_APP_BPF_OVERRIDE_DISABLED
-              value: 'false'
+              value: 'true'
             - name: REACT_APP_RECORDING_DISABLED
               value: 'false'
             - name: REACT_APP_STOP_TRAFFIC_CAPTURING_DISABLED
               value: 'false'
             - name: 'REACT_APP_CLOUD_LICENSE_ENABLED'
               value: 'true'
+            - name: 'REACT_APP_AI_ASSISTANT_ENABLED'
+              value: 'false'
             - name: REACT_APP_SUPPORT_CHAT_ENABLED
               value: 'true'
             - name: REACT_APP_DISSECTORS_UPDATING_ENABLED
@@ -883,7 +898,7 @@ spec:
               value: 'false'
             - name: REACT_APP_SENTRY_ENVIRONMENT
               value: 'production'
-          image: 'docker.io/kubeshark/front:v52.4'
+          image: 'docker.io/kubeshark/front:v52.5'
           imagePullPolicy: Always
           name: kubeshark-front
           livenessProbe: