🔖 Bump the Helm chart version to 52.7.0

* Add `--config-path` flag to root command

* Use `filepath.Abs`

---------

Co-authored-by: Alon Girmonsky <1990761+alongir@users.noreply.github.com>

cmd/config.go

@@ -2,7 +2,6 @@ package cmd
 
 import (
 	"fmt"
-	"path"
 
 	"github.com/creasty/defaults"
 	"github.com/kubeshark/kubeshark/config"
@@ -52,5 +51,5 @@ func init() {
 		log.Debug().Err(err).Send()
 	}
 
-	configCmd.Flags().BoolP(configStructs.RegenerateConfigName, "r", defaultConfig.Config.Regenerate, fmt.Sprintf("Regenerate the config file with default values to path %s", path.Join(misc.GetDotFolderPath(), "config.yaml")))
+	configCmd.Flags().BoolP(configStructs.RegenerateConfigName, "r", defaultConfig.Config.Regenerate, fmt.Sprintf("Regenerate the config file with default values to path %s", config.GetConfigFilePath(nil)))
 }

cmd/root.go

@@ -33,6 +33,7 @@ func init() {
 
 	rootCmd.PersistentFlags().StringSlice(config.SetCommandName, []string{}, fmt.Sprintf("Override values using --%s", config.SetCommandName))
 	rootCmd.PersistentFlags().BoolP(config.DebugFlag, "d", false, "Enable debug mode")
+	rootCmd.PersistentFlags().String(config.ConfigPathFlag, "", fmt.Sprintf("Set the config path, default: %s", config.GetConfigFilePath(nil)))
 }
 
 // Execute adds all child commands to the root command and sets flags appropriately.

cmd/scripts.go

@@ -123,7 +123,7 @@ func createScript(provider *kubernetes.Provider, script misc.ConfigMapScript) (i
 		}
 
 		if k8serrors.IsConflict(err) {
-			log.Warn().Err(err).Msg("Conflict detected, retrying update...")
+			log.Debug().Err(err).Msg("Conflict detected, retrying update...")
 			time.Sleep(500 * time.Millisecond)
 			continue
 		}
@@ -332,23 +332,29 @@ func watchConfigMap(ctx context.Context, provider *kubernetes.Provider) {
 				continue
 			}
 
-			for event := range watcher.ResultChan() {
-				select {
-				case <-ctx.Done():
-					log.Info().Msg("ConfigMap watcher loop exiting gracefully.")
-					watcher.Stop()
-					return
-
-				default:
+			// Create a goroutine to process events
+			watcherClosed := make(chan struct{})
+			go func() {
+				defer close(watcherClosed)
+				for event := range watcher.ResultChan() {
 					if event.Type == watch.Added {
 						log.Info().Msg("ConfigMap created or modified")
 						runScriptsSync(provider)
 					} else if event.Type == watch.Deleted {
 						log.Warn().Msg("ConfigMap deleted, waiting for recreation...")
-						watcher.Stop()
 						break
 					}
 				}
+			}()
+
+			// Wait for either context cancellation or watcher completion
+			select {
+			case <-ctx.Done():
+				watcher.Stop()
+				log.Info().Msg("ConfigMap watcher stopping due to context cancellation")
+				return
+			case <-watcherClosed:
+				log.Info().Msg("Watcher closed, restarting...")
 			}
 
 			time.Sleep(5 * time.Second)

config/config.go

@@ -28,6 +28,7 @@ const (
 	FieldNameTag   = "yaml"
 	ReadonlyTag    = "readonly"
 	DebugFlag      = "debug"
+	ConfigPathFlag = "config-path"
 )
 
 var (
@@ -82,7 +83,7 @@ func InitConfig(cmd *cobra.Command) error {
 		return err
 	}
 
-	ConfigFilePath = path.Join(misc.GetDotFolderPath(), "config.yaml")
+	ConfigFilePath = GetConfigFilePath(cmd)
 	if err := loadConfigFile(&Config, utils.Contains([]string{
 		"manifests",
 		"license",
@@ -134,21 +135,44 @@ func WriteConfig(config *ConfigStruct) error {
 	return nil
 }
 
-func loadConfigFile(config *ConfigStruct, silent bool) error {
+func GetConfigFilePath(cmd *cobra.Command) string {
+	defaultConfigPath := path.Join(misc.GetDotFolderPath(), "config.yaml")
+
 	cwd, err := os.Getwd()
 	if err != nil {
-		return err
+		return defaultConfigPath
+	}
+
+	if cmd != nil {
+		configPathOverride, err := cmd.Flags().GetString(ConfigPathFlag)
+		if err == nil {
+			if configPathOverride != "" {
+				resolvedConfigPath, err := filepath.Abs(configPathOverride)
+				if err != nil {
+					log.Error().Err(err).Msg("--config-path flag path cannot be resolved")
+				} else {
+					return resolvedConfigPath
+				}
+			}
+		} else {
+			log.Error().Err(err).Msg("--config-path flag parser error")
+		}
 	}
 
 	cwdConfig := filepath.Join(cwd, fmt.Sprintf("%s.yaml", misc.Program))
 	reader, err := os.Open(cwdConfig)
 	if err != nil {
-		reader, err = os.Open(ConfigFilePath)
-		if err != nil {
-			return err
-		}
+		return defaultConfigPath
 	} else {
-		ConfigFilePath = cwdConfig
+		reader.Close()
+		return cwdConfig
+	}
+}
+
+func loadConfigFile(config *ConfigStruct, silent bool) error {
+	reader, err := os.Open(ConfigFilePath)
+	if err != nil {
+		return err
 	}
 	defer reader.Close()
 
@@ -176,9 +200,14 @@ func initFlag(f *pflag.Flag) {
 
 	flagPath = append(flagPath, strings.Split(f.Name, "-")...)
 
+	flagPathJoined := strings.Join(flagPath, ".")
+	if strings.HasSuffix(flagPathJoined, ".config.path") {
+		return
+	}
+
 	sliceValue, isSliceValue := f.Value.(pflag.SliceValue)
 	if !isSliceValue {
-		if err := mergeFlagValue(configElemValue, flagPath, strings.Join(flagPath, "."), f.Value.String()); err != nil {
+		if err := mergeFlagValue(configElemValue, flagPath, flagPathJoined, f.Value.String()); err != nil {
 			log.Warn().Err(err).Send()
 		}
 		return
@@ -191,7 +220,7 @@ func initFlag(f *pflag.Flag) {
 		return
 	}
 
-	if err := mergeFlagValues(configElemValue, flagPath, strings.Join(flagPath, "."), sliceValue.GetSlice()); err != nil {
+	if err := mergeFlagValues(configElemValue, flagPath, flagPathJoined, sliceValue.GetSlice()); err != nil {
 		log.Warn().Err(err).Send()
 	}
 }

config/configStruct.go

@@ -50,6 +50,17 @@ func CreateDefaultConfig() ConfigStruct {
 						},
 					},
 				},
+				Dex: []v1.NodeSelectorTerm{
+					{
+						MatchExpressions: []v1.NodeSelectorRequirement{
+							{
+								Key:      "kubernetes.io/os",
+								Operator: v1.NodeSelectorOpIn,
+								Values:   []string{"linux"},
+							},
+						},
+					},
+				},
 			},
 			Tolerations: configStructs.TolerationsConfig{
 				Workers: []v1.Toleration{
@@ -118,7 +129,7 @@ func CreateDefaultConfig() ConfigStruct {
 				"kafka",
 				"redis",
 				"sctp",
-				"syscall",
+				// "syscall",
 				// "tcp",
 				// "udp",
 				"ws",
@@ -135,6 +146,9 @@ func CreateDefaultConfig() ConfigStruct {
 				LDAP:     []uint16{389},
 				DIAMETER: []uint16{3868},
 			},
+			Dashboard: configStructs.DashboardConfig{
+				CompleteStreamingEnabled: true,
+			},
 		},
 	}
 }
@@ -158,9 +172,9 @@ type ConfigStruct struct {
 	HeadlessMode         bool                          `yaml:"headless" json:"headless" default:"false"`
 	License              string                        `yaml:"license" json:"license" default:""`
 	CloudLicenseEnabled  bool                          `yaml:"cloudLicenseEnabled" json:"cloudLicenseEnabled" default:"true"`
-	AiAssistantEnabled   bool                          `yaml:"aiAssistantEnabled" json:"aiAssistantEnabled" default:"false"`
+	AiAssistantEnabled   bool                          `yaml:"aiAssistantEnabled" json:"aiAssistantEnabled" default:"true"`
 	DemoModeEnabled      bool                          `yaml:"demoModeEnabled" json:"demoModeEnabled" default:"false"`
-	SupportChatEnabled   bool                          `yaml:"supportChatEnabled" json:"supportChatEnabled" default:"true"`
+	SupportChatEnabled   bool                          `yaml:"supportChatEnabled" json:"supportChatEnabled" default:"false"`
 	InternetConnectivity bool                          `yaml:"internetConnectivity" json:"internetConnectivity" default:"true"`
 	Scripting            configStructs.ScriptingConfig `yaml:"scripting" json:"scripting"`
 	Manifests            ManifestsConfig               `yaml:"manifests,omitempty" json:"manifests,omitempty"`

config/configStructs/tapConfig.go

@@ -138,6 +138,7 @@ type NodeSelectorTermsConfig struct {
 	Hub     []v1.NodeSelectorTerm `yaml:"hub" json:"hub" default:"[]"`
 	Workers []v1.NodeSelectorTerm `yaml:"workers" json:"workers" default:"[]"`
 	Front   []v1.NodeSelectorTerm `yaml:"front" json:"front" default:"[]"`
+	Dex     []v1.NodeSelectorTerm `yaml:"dex" json:"dex" default:"[]"`
 }
 
 type TolerationsConfig struct {
@@ -147,8 +148,8 @@ type TolerationsConfig struct {
 }
 
 type ProbeConfig struct {
-	InitialDelaySeconds int `yaml:"initialDelaySeconds" json:"initialDelaySeconds" default:"15"`
-	PeriodSeconds       int `yaml:"periodSeconds" json:"periodSeconds" default:"10"`
+	InitialDelaySeconds int `yaml:"initialDelaySeconds" json:"initialDelaySeconds" default:"5"`
+	PeriodSeconds       int `yaml:"periodSeconds" json:"periodSeconds" default:"5"`
 	SuccessThreshold    int `yaml:"successThreshold" json:"successThreshold" default:"1"`
 	FailureThreshold    int `yaml:"failureThreshold" json:"failureThreshold" default:"3"`
 }
@@ -195,6 +196,10 @@ type RoutingConfig struct {
 	Front FrontRoutingConfig `yaml:"front" json:"front"`
 }
 
+type DashboardConfig struct {
+	CompleteStreamingEnabled bool `yaml:"completeStreamingEnabled" json:"completeStreamingEnabled" default:"true"`
+}
+
 type FrontRoutingConfig struct {
 	BasePath string `yaml:"basePath" json:"basePath" default:""`
 }
@@ -222,6 +227,10 @@ type WatchdogConfig struct {
 	Enabled bool `yaml:"enabled" json:"enabled" default:"true"`
 }
 
+type GitopsConfig struct {
+	Enabled bool `yaml:"enabled" json:"enabled" default:"false"`
+}
+
 type CapabilitiesConfig struct {
 	NetworkCapture     []string `yaml:"networkCapture" json:"networkCapture"  default:"[]"`
 	ServiceMeshCapture []string `yaml:"serviceMeshCapture" json:"serviceMeshCapture"  default:"[]"`
@@ -290,51 +299,54 @@ type SeLinuxOptionsConfig struct {
 }
 
 type TapConfig struct {
-	Docker                       DockerConfig            `yaml:"docker" json:"docker"`
-	Proxy                        ProxyConfig             `yaml:"proxy" json:"proxy"`
-	PodRegexStr                  string                  `yaml:"regex" json:"regex" default:".*"`
-	Namespaces                   []string                `yaml:"namespaces" json:"namespaces" default:"[]"`
-	ExcludedNamespaces           []string                `yaml:"excludedNamespaces" json:"excludedNamespaces" default:"[]"`
-	BpfOverride                  string                  `yaml:"bpfOverride" json:"bpfOverride" default:""`
-	Stopped                      bool                    `yaml:"stopped" json:"stopped" default:"false"`
-	Release                      ReleaseConfig           `yaml:"release" json:"release"`
-	PersistentStorage            bool                    `yaml:"persistentStorage" json:"persistentStorage" default:"false"`
-	PersistentStorageStatic      bool                    `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"`
-	EfsFileSytemIdAndPath        string                  `yaml:"efsFileSytemIdAndPath" json:"efsFileSytemIdAndPath" default:""`
-	StorageLimit                 string                  `yaml:"storageLimit" json:"storageLimit" default:"5000Mi"`
-	StorageClass                 string                  `yaml:"storageClass" json:"storageClass" default:"standard"`
-	DryRun                       bool                    `yaml:"dryRun" json:"dryRun" default:"false"`
-	DnsConfig                    DnsConfig               `yaml:"dns" json:"dns"`
-	Resources                    ResourcesConfig         `yaml:"resources" json:"resources"`
-	Probes                       ProbesConfig            `yaml:"probes" json:"probes"`
-	ServiceMesh                  bool                    `yaml:"serviceMesh" json:"serviceMesh" default:"true"`
-	Tls                          bool                    `yaml:"tls" json:"tls" default:"true"`
-	DisableTlsLog                bool                    `yaml:"disableTlsLog" json:"disableTlsLog" default:"true"`
-	PacketCapture                string                  `yaml:"packetCapture" json:"packetCapture" default:"best"`
-	Labels                       map[string]string       `yaml:"labels" json:"labels" default:"{}"`
-	Annotations                  map[string]string       `yaml:"annotations" json:"annotations" default:"{}"`
-	NodeSelectorTerms            NodeSelectorTermsConfig `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"{}"`
-	Tolerations                  TolerationsConfig       `yaml:"tolerations" json:"tolerations" default:"{}"`
-	Auth                         AuthConfig              `yaml:"auth" json:"auth"`
-	Ingress                      IngressConfig           `yaml:"ingress" json:"ingress"`
-	Routing                      RoutingConfig           `yaml:"routing" json:"routing"`
-	IPv6                         bool                    `yaml:"ipv6" json:"ipv6" default:"true"`
-	Debug                        bool                    `yaml:"debug" json:"debug" default:"false"`
-	Telemetry                    TelemetryConfig         `yaml:"telemetry" json:"telemetry"`
-	ResourceGuard                ResourceGuardConfig     `yaml:"resourceGuard" json:"resourceGuard"`
-	Watchdog                     WatchdogConfig          `yaml:"watchdog" json:"watchdog"`
-	Sentry                       SentryConfig            `yaml:"sentry" json:"sentry"`
-	DefaultFilter                string                  `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !error"`
-	LiveConfigMapChangesDisabled bool                    `yaml:"liveConfigMapChangesDisabled" json:"liveConfigMapChangesDisabled" default:"false"`
-	GlobalFilter                 string                  `yaml:"globalFilter" json:"globalFilter" default:""`
-	EnabledDissectors            []string                `yaml:"enabledDissectors" json:"enabledDissectors"`
-	PortMapping                  PortMapping             `yaml:"portMapping" json:"portMapping"`
-	CustomMacros                 map[string]string       `yaml:"customMacros" json:"customMacros" default:"{\"https\":\"tls and (http or http2)\"}"`
-	Metrics                      MetricsConfig           `yaml:"metrics" json:"metrics"`
-	Pprof                        PprofConfig             `yaml:"pprof" json:"pprof"`
-	Misc                         MiscConfig              `yaml:"misc" json:"misc"`
-	SecurityContext              SecurityContextConfig   `yaml:"securityContext" json:"securityContext"`
-	MountBpf                     bool                    `yaml:"mountBpf" json:"mountBpf" default:"true"`
+	Docker                         DockerConfig            `yaml:"docker" json:"docker"`
+	Proxy                          ProxyConfig             `yaml:"proxy" json:"proxy"`
+	PodRegexStr                    string                  `yaml:"regex" json:"regex" default:".*"`
+	Namespaces                     []string                `yaml:"namespaces" json:"namespaces" default:"[]"`
+	ExcludedNamespaces             []string                `yaml:"excludedNamespaces" json:"excludedNamespaces" default:"[]"`
+	BpfOverride                    string                  `yaml:"bpfOverride" json:"bpfOverride" default:""`
+	Stopped                        bool                    `yaml:"stopped" json:"stopped" default:"false"`
+	Release                        ReleaseConfig           `yaml:"release" json:"release"`
+	PersistentStorage              bool                    `yaml:"persistentStorage" json:"persistentStorage" default:"false"`
+	PersistentStorageStatic        bool                    `yaml:"persistentStorageStatic" json:"persistentStorageStatic" default:"false"`
+	PersistentStoragePvcVolumeMode string                  `yaml:"persistentStoragePvcVolumeMode" json:"persistentStoragePvcVolumeMode" default:"FileSystem"`
+	EfsFileSytemIdAndPath          string                  `yaml:"efsFileSytemIdAndPath" json:"efsFileSytemIdAndPath" default:""`
+	StorageLimit                   string                  `yaml:"storageLimit" json:"storageLimit" default:"5000Mi"`
+	StorageClass                   string                  `yaml:"storageClass" json:"storageClass" default:"standard"`
+	DryRun                         bool                    `yaml:"dryRun" json:"dryRun" default:"false"`
+	DnsConfig                      DnsConfig               `yaml:"dns" json:"dns"`
+	Resources                      ResourcesConfig         `yaml:"resources" json:"resources"`
+	Probes                         ProbesConfig            `yaml:"probes" json:"probes"`
+	ServiceMesh                    bool                    `yaml:"serviceMesh" json:"serviceMesh" default:"true"`
+	Tls                            bool                    `yaml:"tls" json:"tls" default:"true"`
+	DisableTlsLog                  bool                    `yaml:"disableTlsLog" json:"disableTlsLog" default:"true"`
+	PacketCapture                  string                  `yaml:"packetCapture" json:"packetCapture" default:"best"`
+	Labels                         map[string]string       `yaml:"labels" json:"labels" default:"{}"`
+	Annotations                    map[string]string       `yaml:"annotations" json:"annotations" default:"{}"`
+	NodeSelectorTerms              NodeSelectorTermsConfig `yaml:"nodeSelectorTerms" json:"nodeSelectorTerms" default:"{}"`
+	Tolerations                    TolerationsConfig       `yaml:"tolerations" json:"tolerations" default:"{}"`
+	Auth                           AuthConfig              `yaml:"auth" json:"auth"`
+	Ingress                        IngressConfig           `yaml:"ingress" json:"ingress"`
+	Routing                        RoutingConfig           `yaml:"routing" json:"routing"`
+	IPv6                           bool                    `yaml:"ipv6" json:"ipv6" default:"true"`
+	Debug                          bool                    `yaml:"debug" json:"debug" default:"false"`
+	Dashboard                      DashboardConfig         `yaml:"dashboard" json:"dashboard"`
+	Telemetry                      TelemetryConfig         `yaml:"telemetry" json:"telemetry"`
+	ResourceGuard                  ResourceGuardConfig     `yaml:"resourceGuard" json:"resourceGuard"`
+	Watchdog                       WatchdogConfig          `yaml:"watchdog" json:"watchdog"`
+	Gitops                         GitopsConfig            `yaml:"gitops" json:"gitops"`
+	Sentry                         SentryConfig            `yaml:"sentry" json:"sentry"`
+	DefaultFilter                  string                  `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !error"`
+	LiveConfigMapChangesDisabled   bool                    `yaml:"liveConfigMapChangesDisabled" json:"liveConfigMapChangesDisabled" default:"false"`
+	GlobalFilter                   string                  `yaml:"globalFilter" json:"globalFilter" default:""`
+	EnabledDissectors              []string                `yaml:"enabledDissectors" json:"enabledDissectors"`
+	PortMapping                    PortMapping             `yaml:"portMapping" json:"portMapping"`
+	CustomMacros                   map[string]string       `yaml:"customMacros" json:"customMacros" default:"{\"https\":\"tls and (http or http2)\"}"`
+	Metrics                        MetricsConfig           `yaml:"metrics" json:"metrics"`
+	Pprof                          PprofConfig             `yaml:"pprof" json:"pprof"`
+	Misc                           MiscConfig              `yaml:"misc" json:"misc"`
+	SecurityContext                SecurityContextConfig   `yaml:"securityContext" json:"securityContext"`
+	MountBpf                       bool                    `yaml:"mountBpf" json:"mountBpf" default:"true"`
 }
 
 func (config *TapConfig) PodRegex() *regexp.Regexp {

helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: kubeshark
-version: "52.6"
+version: "52.7"
 description: The API Traffic Analyzer for Kubernetes
 home: https://kubeshark.co
 keywords:

helm-chart/README.md

@@ -144,6 +144,7 @@ Example for overriding image names:
 | `tap.release.namespace`                   | Helm release namespace                        | `default`                                               |
 | `tap.persistentStorage`                   | Use `persistentVolumeClaim` instead of `emptyDir` | `false`                                             |
 | `tap.persistentStorageStatic`             | Use static persistent volume provisioning (explicitly defined `PersistentVolume` ) | `false`            |
+| `tap.persistentStoragePvcVolumeMode` | Set the pvc volume mode (Filesystem\|Block) | `Filesystem` |
 | `tap.efsFileSytemIdAndPath`               | [EFS file system ID and, optionally, subpath and/or access point](https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/examples/kubernetes/access_points/README.md) `<FileSystemId>:<Path>:<AccessPointId>`  | ""                             |
 | `tap.storageLimit`                        | Limit of either the `emptyDir` or `persistentVolumeClaim` | `500Mi`                                     |
 | `tap.storageClass`                        | Storage class of the `PersistentVolumeClaim`          | `standard`                                      |
@@ -209,6 +210,7 @@ Example for overriding image names:
 | `tap.metrics.port`                  | Pod port used to expose Prometheus metrics          | `49100`                                                  |
 | `tap.enabledDissectors`                   | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `udp` and `tcp` |
 | `tap.mountBpf`                            | BPF filesystem needs to be mounted for eBPF to work properly. This helm value determines whether Kubeshark will attempt to mount the filesystem. This option is not required if filesystem is already mounts. │ `true`|
+| `tap.gitops.enabled`                          | Enable GitOps functionality. This will allow you to use GitOps to manage your Kubeshark configuration. | `false` |
 | `logs.file`                               | Logs dump path                      | `""`                                                    |
 | `pcapdump.enabled`                        | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools                 | `true`                                                                                                  |
 | `pcapdump.maxTime`                        | The time window into the past that will be stored. Older traffic will be discarded.  | `2h`  |
@@ -222,7 +224,7 @@ Example for overriding image names:
 | `scripting.source`                        | Source directory of the scripts                | `""`                                                    |
 | `scripting.watchScripts`                  | Enable watch mode for the scripts in source directory          | `true`                                                  |
 | `timezone`                                | IANA time zone applied to time shown in the front-end | `""` (local time zone applies) |
-| `supportChatEnabled`                      | Enable real-time support chat channel based on Intercom | `true` |
+| `supportChatEnabled`                      | Enable real-time support chat channel based on Intercom | `false` |
 | `internetConnectivity`                    | Turns off API requests that are dependant on Internet connectivity such as `telemetry` and `online-support`. | `true` |
 
 KernelMapping pairs kernel versions with a
@@ -351,8 +353,20 @@ tap:
       clientSecret: create your own client password
       refreshTokenLifetime: "3960h" # 165 days
       oauth2StateParamExpiry: "10m"
+      bypassSslCaCheck: false
 ```
 
+---
+
+**Note:**<br/>
+Set `tap.auth.dexOidc.bypassSslCaCheck: true`
+to allow Kubeshark communication with Dex IdP having an unknown SSL Certificate Authority.
+
+This setting allows you to prevent such SSL CA-related errors:<br/>
+`tls: failed to verify certificate: x509: certificate signed by unknown authority`
+
+---
+
 Once you run `helm install kubeshark kubeshark/kubeshark -f ./values.yaml`, Kubeshark will be installed with (Dex) OIDC authentication enabled.
 
 ---
@@ -443,6 +457,7 @@ tap:
       
       refreshTokenLifetime: "3960h" # 165 days
       oauth2StateParamExpiry: "10m"
+      bypassSslCaCheck: false
     dexConfig:
       # This field is REQUIRED!
       # 

helm-chart/templates/02-cluster-role.yaml

@@ -63,12 +63,26 @@ rules:
     resourceNames:
       - kubeshark-secret
       - kubeshark-config-map
+      - kubeshark-secret-default
+      - kubeshark-config-map-default
     resources:
       - secrets
       - configmaps
     verbs:
+      - create
       - get
       - watch
       - list
       - update
       - patch
+      - delete
+  - apiGroups:
+      - ""
+      - v1
+    resources:
+      - secrets
+      - configmaps
+      - pods/log
+    verbs:
+      - create
+      - get

helm-chart/templates/04-hub-deployment.yaml

@@ -33,6 +33,9 @@ spec:
             - "8080"
             - -loglevel
             - '{{ .Values.logLevel | default "warning" }}'
+            {{- if .Values.tap.gitops.enabled }}
+            - -gitops
+            {{- end }}
           env:
           - name: POD_NAME
             valueFrom:

helm-chart/templates/06-front-deployment.yaml

@@ -36,6 +36,12 @@ spec:
                       {{- else -}}
                         {{ .Values.tap.auth.type }}
                       {{- end }}'
+            - name: REACT_APP_COMPLETE_STREAMING_ENABLED
+              value: '{{- if and (hasKey .Values.tap "dashboard") (hasKey .Values.tap.dashboard "completeStreamingEnabled") -}}
+                        {{ eq .Values.tap.dashboard.completeStreamingEnabled true | ternary "true" "false" }}
+                      {{- else -}}
+                        true
+                      {{- end }}'
             - name: REACT_APP_AUTH_SAML_IDP_METADATA_URL
               value: '{{ not (eq .Values.tap.auth.saml.idpMetadataUrl "") | ternary .Values.tap.auth.saml.idpMetadataUrl " " }}'
             - name: REACT_APP_TIMEZONE

helm-chart/templates/08-persistent-volume-claim.yaml

@@ -33,6 +33,7 @@ metadata:
   name: kubeshark-persistent-volume-claim
   namespace: {{ .Release.Namespace }}
 spec:
+  volumeMode: {{ .Values.tap.persistentStoragePvcVolumeMode }}
   accessModes:
     - ReadWriteMany
   resources:

helm-chart/templates/12-config-map.yaml

@@ -1,7 +1,7 @@
 kind: ConfigMap
 apiVersion: v1
 metadata:
-  name: kubeshark-config-map
+  name: {{ include "kubeshark.configmapName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubeshark.co/app: hub
@@ -33,6 +33,15 @@ data:
     AUTH_OIDC_ISSUER: '{{ default "not set" (((.Values.tap).auth).dexOidc).issuer }}'
     AUTH_OIDC_REFRESH_TOKEN_LIFETIME: '{{ default "3960h" (((.Values.tap).auth).dexOidc).refreshTokenLifetime }}'
     AUTH_OIDC_STATE_PARAM_EXPIRY: '{{ default "10m" (((.Values.tap).auth).dexOidc).oauth2StateParamExpiry }}'
+    AUTH_OIDC_BYPASS_SSL_CA_CHECK: '{{- if and
+                                      (hasKey .Values.tap "auth")
+                                      (hasKey .Values.tap.auth "dexOidc")
+                                      (hasKey .Values.tap.auth.dexOidc "bypassSslCaCheck")
+                                    -}}
+                                      {{ eq .Values.tap.auth.dexOidc.bypassSslCaCheck true | ternary "true" "false" }}
+                                    {{- else -}}
+                                      false
+                                    {{- end }}'
     TELEMETRY_DISABLED: '{{ not .Values.internetConnectivity | ternary "true" (not .Values.tap.telemetry.enabled | ternary "true" "false") }}'
     SCRIPTING_DISABLED: '{{- if .Values.tap.liveConfigMapChangesDisabled -}}
                            {{- if .Values.demoModeEnabled -}}

helm-chart/templates/13-secret.yaml

@@ -1,7 +1,7 @@
 kind: Secret
 apiVersion: v1
 metadata:
-  name: kubeshark-secret
+  name: {{ include "kubeshark.secretName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubeshark.co/app: hub

helm-chart/templates/18-cleanup-job.yaml

@@ -0,0 +1,24 @@
+{{ if .Values.tap.gitops.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: kubeshark-cleanup-job
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    spec:
+      serviceAccountName: {{ include "kubeshark.serviceAccountName" . }}
+      restartPolicy: Never
+      containers:
+        - name: cleanup
+        {{- if .Values.tap.docker.overrideImage.hub }}
+          image: '{{ .Values.tap.docker.overrideImage.hub }}'
+        {{- else if .Values.tap.docker.overrideTag.hub }}
+          image: '{{ .Values.tap.docker.registry }}/hub:{{ .Values.tap.docker.overrideTag.hub }}'
+        {{ else }}
+          image: '{{ .Values.tap.docker.registry }}/hub:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}'
+        {{- end }}
+          command: ["/app/cleanup"]
+{{ end -}}

helm-chart/templates/NOTES.txt

@@ -28,7 +28,7 @@ Notices:
 - Support chat using Intercom is enabled. It can be disabled using `--set supportChatEnabled=false`
 {{- end }}
 {{- if eq .Values.license ""}}
-- No license key was detected. You can get your license key from https://console.kubeshark.co/.
+- No license key was detected. You can either log-in/sign-up through the dashboard, or download the license key from https://console.kubeshark.co/.
 {{- end }}
 
 {{ if .Values.tap.ingress.enabled }}

helm-chart/templates/_helpers.tpl

@@ -49,6 +49,18 @@ Create the name of the service account to use
 {{- printf "%s-service-account" .Release.Name }}
 {{- end }}
 
+{{/*
+Set configmap and secret names based on gitops.enabled
+*/}}
+{{- define "kubeshark.configmapName" -}}
+kubeshark-config-map{{ if .Values.tap.gitops.enabled }}-default{{ end }}
+{{- end -}}
+
+{{- define "kubeshark.secretName" -}}
+kubeshark-secret{{ if .Values.tap.gitops.enabled }}-default{{ end }}
+{{- end -}}
+
+
 {{/*
 Escape double quotes in a string
 */}}

helm-chart/values.yaml

@@ -33,6 +33,7 @@ tap:
     namespace: default
   persistentStorage: false
   persistentStorageStatic: false
+  persistentStoragePvcVolumeMode: FileSystem
   efsFileSytemIdAndPath: ""
   storageLimit: 5000Mi
   storageClass: standard
@@ -65,13 +66,13 @@ tap:
         memory: 50Mi
   probes:
     hub:
-      initialDelaySeconds: 15
-      periodSeconds: 10
+      initialDelaySeconds: 5
+      periodSeconds: 5
       successThreshold: 1
       failureThreshold: 3
     sniffer:
-      initialDelaySeconds: 15
-      periodSeconds: 10
+      initialDelaySeconds: 5
+      periodSeconds: 5
       successThreshold: 1
       failureThreshold: 3
   serviceMesh: true
@@ -99,6 +100,12 @@ tap:
         operator: In
         values:
         - linux
+    dex:
+    - matchExpressions:
+      - key: kubernetes.io/os
+        operator: In
+        values:
+        - linux
   tolerations:
     hub: []
     workers:
@@ -136,12 +143,16 @@ tap:
       basePath: ""
   ipv6: true
   debug: false
+  dashboard:
+    completeStreamingEnabled: true
   telemetry:
     enabled: true
   resourceGuard:
     enabled: false
   watchdog:
     enabled: true
+  gitops:
+    enabled: false
   sentry:
     enabled: false
     environment: production
@@ -156,7 +167,6 @@ tap:
   - kafka
   - redis
   - sctp
-  - syscall
   - ws
   - ldap
   - radius
@@ -238,9 +248,9 @@ dumpLogs: false
 headless: false
 license: ""
 cloudLicenseEnabled: true
-aiAssistantEnabled: false
+aiAssistantEnabled: true
 demoModeEnabled: false
-supportChatEnabled: true
+supportChatEnabled: false
 internetConnectivity: true
 scripting:
   env: {}

manifests/complete.yaml

@@ -4,10 +4,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub-network-policy
@@ -34,10 +34,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front-network-policy
@@ -61,10 +61,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-dex-network-policy
@@ -88,10 +88,10 @@ apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-worker-network-policy
@@ -117,10 +117,10 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-service-account
@@ -134,10 +134,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
 stringData:
     LICENSE: ''
@@ -153,10 +153,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
 stringData:
   AUTH_SAML_X509_CRT: |
@@ -169,10 +169,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
 stringData:
   AUTH_SAML_X509_KEY: |
@@ -184,10 +184,10 @@ metadata:
   name: kubeshark-nginx-config-map
   namespace: default
   labels:
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
 data:
   default.conf: |
@@ -248,10 +248,10 @@ metadata:
   namespace: default
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
 data:
     POD_REGEX: '.*'
@@ -272,6 +272,7 @@ data:
     AUTH_OIDC_ISSUER: 'not set'
     AUTH_OIDC_REFRESH_TOKEN_LIFETIME: '3960h'
     AUTH_OIDC_STATE_PARAM_EXPIRY: '10m'
+    AUTH_OIDC_BYPASS_SSL_CA_CHECK: 'false'
     TELEMETRY_DISABLED: 'false'
     SCRIPTING_DISABLED: 'false'
     TARGETED_PODS_UPDATE_DISABLED: ''
@@ -286,9 +287,9 @@ data:
     PCAP_ERROR_TTL: '60s'
     TIMEZONE: ' '
     CLOUD_LICENSE_ENABLED: 'true'
-    AI_ASSISTANT_ENABLED: 'false'
+    AI_ASSISTANT_ENABLED: 'true'
     DUPLICATE_TIMEFRAME: '200ms'
-    ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,sctp,syscall,ws,ldap,radius,diameter'
+    ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,sctp,ws,ldap,radius,diameter'
     CUSTOM_MACROS: '{"https":"tls and (http or http2)"}'
     DISSECTORS_UPDATING_ENABLED: 'true'
     DETECT_DUPLICATES: 'false'
@@ -303,10 +304,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-cluster-role-default
@@ -351,10 +352,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-cluster-role-binding-default
@@ -373,10 +374,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role
@@ -388,25 +389,39 @@ rules:
     resourceNames:
       - kubeshark-secret
       - kubeshark-config-map
+      - kubeshark-secret-default
+      - kubeshark-config-map-default
     resources:
       - secrets
       - configmaps
     verbs:
+      - create
       - get
       - watch
       - list
       - update
       - patch
+      - delete
+  - apiGroups:
+      - ""
+      - v1
+    resources:
+      - secrets
+      - configmaps
+      - pods/log
+    verbs:
+      - create
+      - get
 ---
 # Source: kubeshark/templates/03-cluster-role-binding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-self-config-role-binding
@@ -426,10 +441,10 @@ kind: Service
 metadata:
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub
@@ -448,10 +463,10 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front
@@ -470,10 +485,10 @@ kind: Service
 apiVersion: v1
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
     prometheus.io/scrape: 'true'
@@ -483,10 +498,10 @@ metadata:
 spec:
   selector:
     app.kubeshark.co/app: worker
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   ports:
   - name: metrics
@@ -499,10 +514,10 @@ kind: Service
 apiVersion: v1
 metadata:
   labels:
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
     prometheus.io/scrape: 'true'
@@ -512,10 +527,10 @@ metadata:
 spec:
   selector:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   ports:
   - name: metrics
@@ -530,10 +545,10 @@ metadata:
   labels:
     app.kubeshark.co/app: worker
     sidecar.istio.io/inject: "false"
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-worker-daemon-set
@@ -548,10 +563,10 @@ spec:
     metadata:
       labels:
         app.kubeshark.co/app: worker
-        helm.sh/chart: kubeshark-52.6
+        helm.sh/chart: kubeshark-52.7
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.6"
+        app.kubernetes.io/version: "52.7"
         app.kubernetes.io/managed-by: Helm
       name: kubeshark-worker-daemon-set
       namespace: kubeshark
@@ -561,7 +576,7 @@ spec:
           - /bin/sh
           - -c
           - mkdir -p /sys/fs/bpf && mount | grep -q '/sys/fs/bpf' || mount -t bpf bpf /sys/fs/bpf
-          image: 'docker.io/kubeshark/worker:v52.6'
+          image: 'docker.io/kubeshark/worker:v52.7'
           imagePullPolicy: Always
           name: mount-bpf
           securityContext:
@@ -591,7 +606,7 @@ spec:
             - 'auto'
             - -staletimeout
             - '30'
-          image: 'docker.io/kubeshark/worker:v52.6'
+          image: 'docker.io/kubeshark/worker:v52.7'
           imagePullPolicy: Always
           name: sniffer
           ports:
@@ -635,17 +650,17 @@ spec:
           securityContext:
             privileged: true
           readinessProbe:
-            periodSeconds: 10
+            periodSeconds: 5
             failureThreshold: 3
             successThreshold: 1
-            initialDelaySeconds: 15
+            initialDelaySeconds: 5
             tcpSocket:
               port: 48999
           livenessProbe:
-            periodSeconds: 10
+            periodSeconds: 5
             failureThreshold: 3
             successThreshold: 1
-            initialDelaySeconds: 15
+            initialDelaySeconds: 5
             tcpSocket:
               port: 48999
           volumeMounts:
@@ -665,7 +680,7 @@ spec:
             - -disable-tls-log
             - -loglevel
             - 'warning'
-          image: 'docker.io/kubeshark/worker:v52.6'
+          image: 'docker.io/kubeshark/worker:v52.7'
           imagePullPolicy: Always
           name: tracer
           env:
@@ -757,10 +772,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.co/app: hub
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-hub
@@ -776,10 +791,10 @@ spec:
     metadata:
       labels:
         app.kubeshark.co/app: hub
-        helm.sh/chart: kubeshark-52.6
+        helm.sh/chart: kubeshark-52.7
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.6"
+        app.kubernetes.io/version: "52.7"
         app.kubernetes.io/managed-by: Helm
     spec:
       dnsPolicy: ClusterFirstWithHostNet
@@ -809,20 +824,20 @@ spec:
             value: 'https://api.kubeshark.co'
           - name: PROFILING_ENABLED
             value: 'false'
-          image: 'docker.io/kubeshark/hub:v52.6'
+          image: 'docker.io/kubeshark/hub:v52.7'
           imagePullPolicy: Always
           readinessProbe:
-            periodSeconds: 10
+            periodSeconds: 5
             failureThreshold: 3
             successThreshold: 1
-            initialDelaySeconds: 15
+            initialDelaySeconds: 5
             tcpSocket:
               port: 8080
           livenessProbe:
-            periodSeconds: 10
+            periodSeconds: 5
             failureThreshold: 3
             successThreshold: 1
-            initialDelaySeconds: 15
+            initialDelaySeconds: 5
             tcpSocket:
               port: 8080
           resources:
@@ -872,10 +887,10 @@ kind: Deployment
 metadata:
   labels:
     app.kubeshark.co/app: front
-    helm.sh/chart: kubeshark-52.6
+    helm.sh/chart: kubeshark-52.7
     app.kubernetes.io/name: kubeshark
     app.kubernetes.io/instance: kubeshark
-    app.kubernetes.io/version: "52.6"
+    app.kubernetes.io/version: "52.7"
     app.kubernetes.io/managed-by: Helm
   annotations:
   name: kubeshark-front
@@ -891,10 +906,10 @@ spec:
     metadata:
       labels:
         app.kubeshark.co/app: front
-        helm.sh/chart: kubeshark-52.6
+        helm.sh/chart: kubeshark-52.7
         app.kubernetes.io/name: kubeshark
         app.kubernetes.io/instance: kubeshark
-        app.kubernetes.io/version: "52.6"
+        app.kubernetes.io/version: "52.7"
         app.kubernetes.io/managed-by: Helm
     spec:
       containers:
@@ -903,6 +918,8 @@ spec:
               value: 'true'
             - name: REACT_APP_AUTH_TYPE
               value: 'default'
+            - name: REACT_APP_COMPLETE_STREAMING_ENABLED
+              value: 'true'
             - name: REACT_APP_AUTH_SAML_IDP_METADATA_URL
               value: ' '
             - name: REACT_APP_TIMEZONE
@@ -922,16 +939,16 @@ spec:
             - name: 'REACT_APP_CLOUD_LICENSE_ENABLED'
               value: 'true'
             - name: 'REACT_APP_AI_ASSISTANT_ENABLED'
-              value: 'false'
-            - name: REACT_APP_SUPPORT_CHAT_ENABLED
               value: 'true'
+            - name: REACT_APP_SUPPORT_CHAT_ENABLED
+              value: 'false'
             - name: REACT_APP_DISSECTORS_UPDATING_ENABLED
               value: 'true'
             - name: REACT_APP_SENTRY_ENABLED
               value: 'false'
             - name: REACT_APP_SENTRY_ENVIRONMENT
               value: 'production'
-          image: 'docker.io/kubeshark/front:v52.6'
+          image: 'docker.io/kubeshark/front:v52.7'
           imagePullPolicy: Always
           name: kubeshark-front
           livenessProbe: