Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kubeshark-cli for openSUSE:Factory
checked in at 2025-01-05 15:31:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kubeshark-cli (Old)
and /work/SRC/openSUSE:Factory/.kubeshark-cli.new.1881 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeshark-cli"
Sun Jan 5 15:31:27 2025 rev:11 rq:1234888 version:52.3.94
Changes:
--------
--- /work/SRC/openSUSE:Factory/kubeshark-cli/kubeshark-cli.changes
2024-12-10 23:45:42.670003627 +0100
+++ /work/SRC/openSUSE:Factory/.kubeshark-cli.new.1881/kubeshark-cli.changes
2025-01-05 15:31:42.946896077 +0100
@@ -1,0 +2,27 @@
+Sat Jan 04 08:09:40 UTC 2025 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 52.3.94 (52.3.93 was yanked):
+ * :sparkles: Update the Helm chart
+ * :bookmark: Bump the Helm chart version to 52.3.93
+ * extended the https macro to include http2 in addition to http
+ * added https as a default macro (#1680)
+ * Add `CUSTOM_MACROS` to `ConfigMap` (#1674)
+ * Revert "Revert "Initialize kubeshark pinned eBPF resources
+ inside init container (#1665)" (#1676)" (#1678)
+ * Add save/activate/delete role scripting permissions (#1675)
+ * Revert "Initialize kubeshark pinned eBPF resources inside init
+ container (#1665)" (#1676)
+ * Added security capabilities, especially IPC_LOCK (#1671)
+ * Revert "Add `CUSTOM_MACROS` to `ConfigMap`"
+ * Add `CUSTOM_MACROS` to `ConfigMap`
+ * Initialize kubeshark pinned eBPF resources inside init
+ container (#1665)
+ * Replace sniffer 30001 port with 48999 (#1670)
+ * Add hub metrics port (#1666)
+ * removed the loglevel flag (#1669)
+ * Create save/activate/delete role scripting permissions
+ (#1667)
+ * Add --time param to pcapdump (#1664)
+ * from debug to logLevel (#1668)
+
+-------------------------------------------------------------------
Old:
----
kubeshark-cli-52.3.92.obscpio
New:
----
kubeshark-cli-52.3.94.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kubeshark-cli.spec ++++++
--- /var/tmp/diff_new_pack.c3znvH/_old 2025-01-05 15:31:43.982938689 +0100
+++ /var/tmp/diff_new_pack.c3znvH/_new 2025-01-05 15:31:43.986938854 +0100
@@ -1,7 +1,7 @@
#
# spec file for package kubeshark-cli
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
%define executable_name kubeshark
Name: kubeshark-cli
-Version: 52.3.92
+Version: 52.3.94
Release: 0
Summary: CLI for the API traffic analyzer for Kubernetes
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.c3znvH/_old 2025-01-05 15:31:44.018940170 +0100
+++ /var/tmp/diff_new_pack.c3znvH/_new 2025-01-05 15:31:44.018940170 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/kubeshark/kubeshark</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v52.3.92</param>
+ <param name="revision">v52.3.94</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.c3znvH/_old 2025-01-05 15:31:44.038940993 +0100
+++ /var/tmp/diff_new_pack.c3znvH/_new 2025-01-05 15:31:44.042941157 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/kubeshark/kubeshark</param>
- <param
name="changesrevision">cd1d7e4a58d522adb2b3ef3718b660a3983a16a6</param></service></servicedata>
+ <param
name="changesrevision">317357e83b2d77e8df6214d3ae24725abb4573d0</param></service></servicedata>
(No newline at EOF)
++++++ kubeshark-cli-52.3.92.obscpio -> kubeshark-cli-52.3.94.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeshark-cli-52.3.92/cmd/pcapDump.go
new/kubeshark-cli-52.3.94/cmd/pcapDump.go
--- old/kubeshark-cli-52.3.92/cmd/pcapDump.go 2024-12-09 20:42:05.000000000
+0100
+++ new/kubeshark-cli-52.3.94/cmd/pcapDump.go 2025-01-04 00:42:21.000000000
+0100
@@ -3,6 +3,7 @@
import (
"errors"
"path/filepath"
+ "time"
"github.com/creasty/defaults"
"github.com/kubeshark/kubeshark/config/configStructs"
@@ -43,41 +44,26 @@
return err
}
- // Handle copy operation if the copy string is provided
-
- if !cmd.Flags().Changed(configStructs.PcapDumpEnabled) {
- destDir, _ :=
cmd.Flags().GetString(configStructs.PcapDest)
- log.Info().Msg("Copying PCAP files")
- err = copyPcapFiles(clientset, config, destDir)
- if err != nil {
- log.Error().Err(err).Msg("Error copying PCAP
files")
- return err
- }
- } else {
- // Handle start operation if the start string is
provided
-
- enabled, err :=
cmd.Flags().GetBool(configStructs.PcapDumpEnabled)
- if err != nil {
- log.Error().Err(err).Msg("Error getting
pcapdump enable flag")
- return err
- }
- timeInterval, _ :=
cmd.Flags().GetString(configStructs.PcapTimeInterval)
- maxTime, _ :=
cmd.Flags().GetString(configStructs.PcapMaxTime)
- maxSize, _ :=
cmd.Flags().GetString(configStructs.PcapMaxSize)
- err = startStopPcap(clientset, enabled, timeInterval,
maxTime, maxSize)
+ // Parse the `--time` flag
+ timeIntervalStr, _ := cmd.Flags().GetString("time")
+ var cutoffTime *time.Time // Use a pointer to distinguish
between provided and not provided
+ if timeIntervalStr != "" {
+ duration, err := time.ParseDuration(timeIntervalStr)
if err != nil {
- log.Error().Err(err).Msg("Error
starting/stopping PCAP dump")
+ log.Error().Err(err).Msg("Invalid time
interval")
return err
}
+ tempCutoffTime := time.Now().Add(-duration)
+ cutoffTime = &tempCutoffTime
+ }
- if enabled {
- log.Info().Msg("Pcapdump started successfully")
- return nil
- } else {
- log.Info().Msg("Pcapdump stopped successfully")
- return nil
- }
-
+ // Handle copy operation if the copy string is provided
+ destDir, _ := cmd.Flags().GetString(configStructs.PcapDest)
+ log.Info().Msg("Copying PCAP files")
+ err = copyPcapFiles(clientset, config, destDir, cutoffTime)
+ if err != nil {
+ log.Error().Err(err).Msg("Error copying PCAP files")
+ return err
}
return nil
@@ -92,10 +78,7 @@
log.Debug().Err(err).Send()
}
- pcapDumpCmd.Flags().String(configStructs.PcapTimeInterval,
defaultPcapDumpConfig.PcapTimeInterval, "Time interval for PCAP file rotation
(used with --start)")
- pcapDumpCmd.Flags().String(configStructs.PcapMaxTime,
defaultPcapDumpConfig.PcapMaxTime, "Maximum time for retaining old PCAP files
(used with --start)")
- pcapDumpCmd.Flags().String(configStructs.PcapMaxSize,
defaultPcapDumpConfig.PcapMaxSize, "Maximum size of PCAP files before deletion
(used with --start)")
+ pcapDumpCmd.Flags().String(configStructs.PcapTime, "", "Time interval
(e.g., 10m, 1h) in the past for which the pcaps are copied")
pcapDumpCmd.Flags().String(configStructs.PcapDest, "", "Local
destination path for copied PCAP files (can not be used together with
--enabled)")
- pcapDumpCmd.Flags().String(configStructs.PcapKubeconfig, "",
"Enabled/Disable to pcap dumps (can not be used together with --dest)")
-
+ pcapDumpCmd.Flags().String(configStructs.PcapKubeconfig, "", "Path for
kubeconfig (if not provided the default location will be checked)")
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeshark-cli-52.3.92/cmd/pcapDumpRunner.go
new/kubeshark-cli-52.3.94/cmd/pcapDumpRunner.go
--- old/kubeshark-cli-52.3.92/cmd/pcapDumpRunner.go 2024-12-09
20:42:05.000000000 +0100
+++ new/kubeshark-cli-52.3.94/cmd/pcapDumpRunner.go 2025-01-04
00:42:21.000000000 +0100
@@ -6,8 +6,8 @@
"fmt"
"os"
"path/filepath"
- "strconv"
"strings"
+ "time"
"github.com/kubeshark/gopacket"
"github.com/kubeshark/gopacket/layers"
@@ -54,7 +54,7 @@
}
// listFilesInPodDir lists all files in the specified directory inside the pod
across multiple namespaces
-func listFilesInPodDir(ctx context.Context, clientset *clientk8s.Clientset,
config *rest.Config, podName string, namespaces []string, configMapName,
configMapKey string) ([]NamespaceFiles, error) {
+func listFilesInPodDir(ctx context.Context, clientset *clientk8s.Clientset,
config *rest.Config, podName string, namespaces []string, configMapName,
configMapKey string, cutoffTime *time.Time) ([]NamespaceFiles, error) {
var namespaceFilesList []NamespaceFiles
for _, namespace := range namespaces {
@@ -114,12 +114,42 @@
// Split the output (file names) into a list
files := strings.Split(strings.TrimSpace(stdoutBuf.String()),
"\n")
- if len(files) > 0 {
- // Append the NamespaceFiles struct to the list
+ if len(files) == 0 {
+ log.Info().Msgf("No files found in directory %s in pod
%s", srcFilePath, podName)
+ continue
+ }
+
+ var filteredFiles []string
+
+ // Filter files based on cutoff time if provided
+ for _, file := range files {
+ if cutoffTime != nil {
+ parts := strings.Split(file, "-")
+ if len(parts) < 2 {
+ log.Warn().Msgf("Skipping file with
invalid format: %s", file)
+ continue
+ }
+
+ timestampStr := parts[len(parts)-2] +
parts[len(parts)-1][:6] // Extract YYYYMMDDHHMMSS
+ fileTime, err := time.Parse("20060102150405",
timestampStr)
+ if err != nil {
+ log.Warn().Err(err).Msgf("Skipping file
with unparsable timestamp: %s", file)
+ continue
+ }
+
+ if fileTime.Before(*cutoffTime) {
+ continue
+ }
+ }
+ // Add file to filtered list
+ filteredFiles = append(filteredFiles, file)
+ }
+
+ if len(filteredFiles) > 0 {
namespaceFilesList = append(namespaceFilesList,
NamespaceFiles{
Namespace: namespace,
SrcDir: srcDir,
- Files: files,
+ Files: filteredFiles,
})
}
}
@@ -229,63 +259,8 @@
return nil
}
-// setPcapConfigInKubernetes sets the PCAP config for all pods across multiple
namespaces
-func setPcapConfigInKubernetes(ctx context.Context, clientset
*clientk8s.Clientset, podName string, namespaces []string, enabledPcap bool,
timeInterval, maxTime, maxSize string) error {
- for _, namespace := range namespaces {
- // Load the existing ConfigMap in the current namespace
- configMap, err :=
clientset.CoreV1().ConfigMaps(namespace).Get(ctx, "kubeshark-config-map",
metav1.GetOptions{})
- if err != nil {
- log.Error().Err(err).Msgf("failed to get ConfigMap in
namespace %s", namespace)
- continue
- }
-
- // Update the values with user-provided input
- configMap.Data["PCAP_TIME_INTERVAL"] = timeInterval
- configMap.Data["PCAP_MAX_SIZE"] = maxSize
- configMap.Data["PCAP_MAX_TIME"] = maxTime
- configMap.Data["PCAP_DUMP_ENABLE"] =
strconv.FormatBool(enabledPcap)
-
- // Apply the updated ConfigMap back to the cluster in the
current namespace
- _, err = clientset.CoreV1().ConfigMaps(namespace).Update(ctx,
configMap, metav1.UpdateOptions{})
- if err != nil {
- log.Error().Err(err).Msgf("failed to update ConfigMap
in namespace %s", namespace)
- continue
- }
- }
-
- return nil
-}
-
-// startPcap function for starting the PCAP capture
-func startStopPcap(clientset *kubernetes.Clientset, pcapEnable bool,
timeInterval, maxTime, maxSize string) error {
- kubernetesProvider, err := getKubernetesProviderForCli(false, false)
- if err != nil {
- log.Error().Err(err).Send()
- return err
- }
-
- targetNamespaces := kubernetesProvider.GetNamespaces()
-
- // List worker pods
- workerPods, err := listWorkerPods(context.Background(), clientset,
targetNamespaces)
- if err != nil {
- log.Error().Err(err).Msg("Error listing worker pods")
- return err
- }
-
- // Iterate over each pod to start the PCAP capture by updating the
configuration in Kubernetes
- for _, pod := range workerPods {
- err := setPcapConfigInKubernetes(context.Background(),
clientset, pod.Name, targetNamespaces, pcapEnable, timeInterval, maxTime,
maxSize)
- if err != nil {
- log.Error().Err(err).Msgf("Error setting PCAP config
for pod %s", pod.Name)
- continue
- }
- }
- return nil
-}
-
// copyPcapFiles function for copying the PCAP files from the worker pods
-func copyPcapFiles(clientset *kubernetes.Clientset, config *rest.Config,
destDir string) error {
+func copyPcapFiles(clientset *kubernetes.Clientset, config *rest.Config,
destDir string, cutoffTime *time.Time) error {
kubernetesProvider, err := getKubernetesProviderForCli(false, false)
if err != nil {
log.Error().Err(err).Send()
@@ -305,7 +280,7 @@
// Iterate over each pod to get the PCAP directory from config and copy
files
for _, pod := range workerPods {
// Get the list of NamespaceFiles (files per namespace) and
their source directories
- namespaceFiles, err := listFilesInPodDir(context.Background(),
clientset, config, pod.Name, targetNamespaces,
SELF_RESOURCES_PREFIX+SUFFIX_CONFIG_MAP, "PCAP_SRC_DIR")
+ namespaceFiles, err := listFilesInPodDir(context.Background(),
clientset, config, pod.Name, targetNamespaces,
SELF_RESOURCES_PREFIX+SUFFIX_CONFIG_MAP, "PCAP_SRC_DIR", cutoffTime)
if err != nil {
log.Error().Err(err).Msgf("Error listing files in pod
%s", pod.Name)
continue
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeshark-cli-52.3.92/config/config.go
new/kubeshark-cli-52.3.94/config/config.go
--- old/kubeshark-cli-52.3.92/config/config.go 2024-12-09 20:42:05.000000000
+0100
+++ new/kubeshark-cli-52.3.94/config/config.go 2025-01-04 00:42:21.000000000
+0100
@@ -63,6 +63,9 @@
Config = CreateDefaultConfig()
Config.Tap.Debug = DebugMode
+ if DebugMode {
+ Config.LogLevel = "debug"
+ }
cmdName = cmd.Name()
if utils.Contains([]string{
"clean",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeshark-cli-52.3.92/config/configStruct.go
new/kubeshark-cli-52.3.94/config/configStruct.go
--- old/kubeshark-cli-52.3.92/config/configStruct.go 2024-12-09
20:42:05.000000000 +0100
+++ new/kubeshark-cli-52.3.94/config/configStruct.go 2025-01-04
00:42:21.000000000 +0100
@@ -62,6 +62,11 @@
Filter:
"",
CanDownloadPCAP:
true,
CanUseScripting:
true,
+ ScriptingPermissions:
configStructs.ScriptingPermissions{
+ CanSave: true,
+ CanActivate:
true,
+ CanDelete: true,
+ },
CanUpdateTargetedPods:
true,
CanStopTrafficCapturing: true,
ShowAdminConsoleLink:
true,
@@ -113,6 +118,7 @@
Scripting configStructs.ScriptingConfig
`yaml:"scripting" json:"scripting"`
Manifests ManifestsConfig
`yaml:"manifests,omitempty" json:"manifests,omitempty"`
Timezone string
`yaml:"timezone" json:"timezone"`
+ LogLevel string
`yaml:"logLevel" json:"logLevel" default:"warning"`
}
func (config *ConfigStruct) ImagePullPolicy() v1.PullPolicy {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubeshark-cli-52.3.92/config/configStructs/tapConfig.go
new/kubeshark-cli-52.3.94/config/configStructs/tapConfig.go
--- old/kubeshark-cli-52.3.92/config/configStructs/tapConfig.go 2024-12-09
20:42:05.000000000 +0100
+++ new/kubeshark-cli-52.3.94/config/configStructs/tapConfig.go 2025-01-04
00:42:21.000000000 +0100
@@ -43,6 +43,7 @@
PcapTimeInterval = "timeInterval"
PcapKubeconfig = "kubeconfig"
PcapDumpEnabled = "enabled"
+ PcapTime = "time"
)
type ResourceLimitsHub struct {
@@ -71,7 +72,7 @@
}
type WorkerConfig struct {
- SrvPort uint16 `yaml:"srvPort" json:"srvPort" default:"30001"`
+ SrvPort uint16 `yaml:"srvPort" json:"srvPort" default:"48999"`
}
type HubConfig struct {
@@ -116,13 +117,20 @@
Tracer ResourceRequirementsWorker `yaml:"tracer" json:"tracer"`
}
+type ScriptingPermissions struct {
+ CanSave bool `yaml:"canSave" json:"canSave" default:"true"`
+ CanActivate bool `yaml:"canActivate" json:"canActivate" default:"true"`
+ CanDelete bool `yaml:"canDelete" json:"canDelete" default:"true"`
+}
+
type Role struct {
- Filter string `yaml:"filter" json:"filter" default:""`
- CanDownloadPCAP bool `yaml:"canDownloadPCAP"
json:"canDownloadPCAP" default:"false"`
- CanUseScripting bool `yaml:"canUseScripting"
json:"canUseScripting" default:"false"`
- CanUpdateTargetedPods bool `yaml:"canUpdateTargetedPods"
json:"canUpdateTargetedPods" default:"false"`
- CanStopTrafficCapturing bool `yaml:"canStopTrafficCapturing"
json:"canStopTrafficCapturing" default:"false"`
- ShowAdminConsoleLink bool `yaml:"showAdminConsoleLink"
json:"showAdminConsoleLink" default:"false"`
+ Filter string `yaml:"filter"
json:"filter" default:""`
+ CanDownloadPCAP bool `yaml:"canDownloadPCAP"
json:"canDownloadPCAP" default:"false"`
+ CanUseScripting bool `yaml:"canUseScripting"
json:"canUseScripting" default:"false"`
+ ScriptingPermissions ScriptingPermissions
`yaml:"scriptingPermissions" json:"scriptingPermissions"`
+ CanUpdateTargetedPods bool
`yaml:"canUpdateTargetedPods" json:"canUpdateTargetedPods" default:"false"`
+ CanStopTrafficCapturing bool
`yaml:"canStopTrafficCapturing" json:"canStopTrafficCapturing" default:"false"`
+ ShowAdminConsoleLink bool
`yaml:"showAdminConsoleLink" json:"showAdminConsoleLink" default:"false"`
}
type SamlConfig struct {
@@ -201,6 +209,7 @@
PcapMaxTime string `yaml:"maxTime" json:"maxTime" default:"1h"`
PcapMaxSize string `yaml:"maxSize" json:"maxSize" default:"500MB"`
PcapSrcDir string `yaml:"pcapSrcDir" json:"pcapSrcDir"
default:"pcapdump"`
+ PcapTime string `yaml:"time" json:"time" default:"time"`
}
type TapConfig struct {
@@ -243,6 +252,7 @@
Capabilities CapabilitiesConfig `yaml:"capabilities"
json:"capabilities"`
GlobalFilter string `yaml:"globalFilter"
json:"globalFilter" default:""`
EnabledDissectors []string
`yaml:"enabledDissectors" json:"enabledDissectors"`
+ CustomMacros map[string]string `yaml:"customMacros"
json:"customMacros" default:"{\"https\":\"tls and (http or http2)\"}"`
Metrics MetricsConfig `yaml:"metrics"
json:"metrics"`
Pprof PprofConfig `yaml:"pprof"
json:"pprof"`
Misc MiscConfig `yaml:"misc"
json:"misc"`
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeshark-cli-52.3.92/helm-chart/Chart.yaml
new/kubeshark-cli-52.3.94/helm-chart/Chart.yaml
--- old/kubeshark-cli-52.3.92/helm-chart/Chart.yaml 2024-12-09
20:42:05.000000000 +0100
+++ new/kubeshark-cli-52.3.94/helm-chart/Chart.yaml 2025-01-04
00:42:21.000000000 +0100
@@ -1,6 +1,6 @@
apiVersion: v2
name: kubeshark
-version: "52.3.92"
+version: "52.3.94"
description: The API Traffic Analyzer for Kubernetes
home: https://kubeshark.co
keywords:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeshark-cli-52.3.92/helm-chart/README.md
new/kubeshark-cli-52.3.94/helm-chart/README.md
--- old/kubeshark-cli-52.3.92/helm-chart/README.md 2024-12-09
20:42:05.000000000 +0100
+++ new/kubeshark-cli-52.3.94/helm-chart/README.md 2025-01-04
00:42:21.000000000 +0100
@@ -131,7 +131,7 @@
| `tap.docker.overrideImage` | Can be used to directly override
image names | `""` |
| `tap.docker.overrideTag` | Can be used to override image
tags | `""` |
| `tap.proxy.hub.srvPort` | Hub server port. Change if
already occupied. | `8898` |
-| `tap.proxy.worker.srvPort` | Worker server port. Change if
already occupied.| `30001` |
+| `tap.proxy.worker.srvPort` | Worker server port. Change if
already occupied.| `48999` |
| `tap.proxy.front.port` | Front service port. Change if
already occupied.| `8899` |
| `tap.proxy.host` | Change to 0.0.0.0 top open up to
the world. | `127.0.0.1` |
| `tap.regex` | Target (process traffic from)
pods that match regex | `.*` |
@@ -175,7 +175,7 @@
| `tap.auth.saml.x509crt` | A self-signed X.509 `.cert`
contents <br/>(effective, if `tap.auth.type = saml`) | ``
|
| `tap.auth.saml.x509key` | A self-signed X.509 `.key`
contents <br/>(effective, if `tap.auth.type = saml`) | ``
|
| `tap.auth.saml.roleAttribute` | A SAML attribute name
corresponding to user's authorization role <br/>(effective, if `tap.auth.type =
saml`) | `role` |
-| `tap.auth.saml.roles` | A list of SAML authorization
roles and their permissions <br/>(effective, if `tap.auth.type = saml`) |
`{"admin":{"canDownloadPCAP":true,"canUpdateTargetedPods":true,"canUseScripting":true,
"canStopTrafficCapturing":true, "filter":"","showAdminConsoleLink":true}}` |
+| `tap.auth.saml.roles` | A list of SAML authorization
roles and their permissions <br/>(effective, if `tap.auth.type = saml`) |
`{"admin":{"canDownloadPCAP":true,"canUpdateTargetedPods":true,"canUseScripting":true,
"scriptingPermissions":{"canSave":true, "canActivate":true, "canDelete":true},
"canStopTrafficCapturing":true, "filter":"","showAdminConsoleLink":true}}` |
| `tap.ingress.enabled` | Enable `Ingress`
| `false` |
| `tap.ingress.className` | Ingress class name
| `""` |
| `tap.ingress.host` | Host of the `Ingress`
| `ks.svc.cluster.local` |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubeshark-cli-52.3.92/helm-chart/templates/04-hub-deployment.yaml
new/kubeshark-cli-52.3.94/helm-chart/templates/04-hub-deployment.yaml
--- old/kubeshark-cli-52.3.92/helm-chart/templates/04-hub-deployment.yaml
2024-12-09 20:42:05.000000000 +0100
+++ new/kubeshark-cli-52.3.94/helm-chart/templates/04-hub-deployment.yaml
2025-01-04 00:42:21.000000000 +0100
@@ -31,9 +31,8 @@
- ./hub
- -port
- "8080"
- {{- if .Values.tap.debug }}
- - -debug
- {{- end }}
+ - -loglevel
+ - '{{ .Values.logLevel | default "warning" }}'
env:
- name: POD_NAME
valueFrom:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubeshark-cli-52.3.92/helm-chart/templates/09-worker-daemon-set.yaml
new/kubeshark-cli-52.3.94/helm-chart/templates/09-worker-daemon-set.yaml
--- old/kubeshark-cli-52.3.92/helm-chart/templates/09-worker-daemon-set.yaml
2024-12-09 20:42:05.000000000 +0100
+++ new/kubeshark-cli-52.3.94/helm-chart/templates/09-worker-daemon-set.yaml
2025-01-04 00:42:21.000000000 +0100
@@ -25,6 +25,39 @@
name: kubeshark-worker-daemon-set
namespace: kubeshark
spec:
+ initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - mkdir -p /sys/fs/bpf && mount | grep -q '/sys/fs/bpf' || mount -t
bpf bpf /sys/fs/bpf
+ {{- if .Values.tap.docker.overrideTag.worker }}
+ image: '{{ .Values.tap.docker.registry }}/worker:{{
.Values.tap.docker.overrideTag.worker }}{{ include
"kubeshark.dockerTagDebugVersion" . }}'
+ {{ else }}
+ image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq
.Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include
"kubeshark.defaultVersion" .) }}{{ include "kubeshark.dockerTagDebugVersion" .
}}'
+ {{- end }}
+ imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
+ name: check-bpf
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /sys
+ name: sys
+ mountPropagation: Bidirectional
+ - command:
+ - ./tracer
+ - -init-bpf
+ {{- if .Values.tap.docker.overrideTag.worker }}
+ image: '{{ .Values.tap.docker.registry }}/worker:{{
.Values.tap.docker.overrideTag.worker }}{{ include
"kubeshark.dockerTagDebugVersion" . }}'
+ {{ else }}
+ image: '{{ .Values.tap.docker.registry }}/worker:{{ not (eq
.Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include
"kubeshark.defaultVersion" .) }}{{ include "kubeshark.dockerTagDebugVersion" .
}}'
+ {{- end }}
+ imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }}
+ name: init-bpf
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /sys
+ name: sys
containers:
- command:
- ./worker
@@ -36,6 +69,8 @@
- '{{ .Values.tap.metrics.port }}'
- -packet-capture
- '{{ .Values.tap.packetCapture }}'
+ - -loglevel
+ - '{{ .Values.logLevel | default "warning" }}'
{{- if .Values.tap.tls }}
- -unixsocket
{{- end }}
@@ -54,9 +89,6 @@
- '{{ .Values.tap.misc.resolutionStrategy }}'
- -staletimeout
- '{{ .Values.tap.misc.staleTimeoutSeconds }}'
- {{- if .Values.tap.debug }}
- - -debug
- {{- end }}
{{- if .Values.tap.docker.overrideImage.worker }}
image: '{{ .Values.tap.docker.overrideImage.worker }}'
{{- else if .Values.tap.docker.overrideTag.worker }}
@@ -123,6 +155,11 @@
{{ print "- " . }}
{{- end }}
{{- end }}
+ {{- if .Values.tap.capabilities.ebpfCapture }}
+ {{- range .Values.tap.capabilities.ebpfCapture }}
+ {{ print "- " . }}
+ {{- end }}
+ {{- end }}
drop:
- ALL
readinessProbe:
@@ -156,9 +193,6 @@
{{- if ne .Values.tap.packetCapture "ebpf" }}
- -disable-ebpf
{{- end }}
- {{- if .Values.tap.debug }}
- - -debug
- {{- end }}
{{- if .Values.tap.disableTlsLog }}
- -disable-tls-log
{{- end }}
@@ -166,6 +200,8 @@
- -port
- '{{ add .Values.tap.proxy.worker.srvPort 1 }}'
{{- end }}
+ # - -loglevel
+ # - '{{ .Values.logLevel | default "warning" }}'
{{- if .Values.tap.docker.overrideTag.worker }}
image: '{{ .Values.tap.docker.registry }}/worker:{{
.Values.tap.docker.overrideTag.worker }}{{ include
"kubeshark.dockerTagDebugVersion" . }}'
{{ else }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubeshark-cli-52.3.92/helm-chart/templates/12-config-map.yaml
new/kubeshark-cli-52.3.94/helm-chart/templates/12-config-map.yaml
--- old/kubeshark-cli-52.3.92/helm-chart/templates/12-config-map.yaml
2024-12-09 20:42:05.000000000 +0100
+++ new/kubeshark-cli-52.3.94/helm-chart/templates/12-config-map.yaml
2025-01-04 00:42:21.000000000 +0100
@@ -50,6 +50,7 @@
{{- end }}'
DUPLICATE_TIMEFRAME: '{{ .Values.tap.misc.duplicateTimeframe }}'
ENABLED_DISSECTORS: '{{ gt (len .Values.tap.enabledDissectors) 0 | ternary
(join "," .Values.tap.enabledDissectors) "" }}'
+ CUSTOM_MACROS: '{{ toJson .Values.tap.customMacros }}'
DISSECTORS_UPDATING_ENABLED: '{{ .Values.dissectorsUpdatingEnabled |
ternary "true" "false" }}'
DETECT_DUPLICATES: '{{ .Values.tap.misc.detectDuplicates | ternary "true"
"false" }}'
PCAP_DUMP_ENABLE: '{{ .Values.pcapdump.enabled }}'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubeshark-cli-52.3.92/helm-chart/templates/16-hub-service-metrics.yaml
new/kubeshark-cli-52.3.94/helm-chart/templates/16-hub-service-metrics.yaml
--- old/kubeshark-cli-52.3.92/helm-chart/templates/16-hub-service-metrics.yaml
1970-01-01 01:00:00.000000000 +0100
+++ new/kubeshark-cli-52.3.94/helm-chart/templates/16-hub-service-metrics.yaml
2025-01-04 00:42:21.000000000 +0100
@@ -0,0 +1,23 @@
+---
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ {{- include "kubeshark.labels" . | nindent 4 }}
+ annotations:
+ prometheus.io/scrape: 'true'
+ prometheus.io/port: '9100'
+ {{- if .Values.tap.annotations }}
+ {{- toYaml .Values.tap.annotations | nindent 4 }}
+ {{- end }}
+ name: kubeshark-hub-metrics
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ app.kubeshark.co/app: hub
+ {{- include "kubeshark.labels" . | nindent 4 }}
+ ports:
+ - name: metrics
+ protocol: TCP
+ port: 9100
+ targetPort: 9100
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubeshark-cli-52.3.92/helm-chart/templates/16-network-policies.yaml
new/kubeshark-cli-52.3.94/helm-chart/templates/16-network-policies.yaml
--- old/kubeshark-cli-52.3.92/helm-chart/templates/16-network-policies.yaml
2024-12-09 20:42:05.000000000 +0100
+++ new/kubeshark-cli-52.3.94/helm-chart/templates/16-network-policies.yaml
1970-01-01 01:00:00.000000000 +0100
@@ -1,76 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- {{- include "kubeshark.labels" . | nindent 4 }}
- annotations:
- {{- if .Values.tap.annotations }}
- {{- toYaml .Values.tap.annotations | nindent 4 }}
- {{- end }}
- name: kubeshark-hub-network-policy
- namespace: {{ .Release.Namespace }}
-spec:
- podSelector:
- matchLabels:
- app.kubeshark.co/app: hub
- policyTypes:
- - Ingress
- - Egress
- ingress:
- - ports:
- - protocol: TCP
- port: 8080
- egress:
- - {}
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- {{- include "kubeshark.labels" . | nindent 4 }}
- annotations:
- {{- if .Values.tap.annotations }}
- {{- toYaml .Values.tap.annotations | nindent 4 }}
- {{- end }}
- name: kubeshark-front-network-policy
- namespace: {{ .Release.Namespace }}
-spec:
- podSelector:
- matchLabels:
- app.kubeshark.co/app: front
- policyTypes:
- - Ingress
- - Egress
- ingress:
- - ports:
- - protocol: TCP
- port: 8080
- egress:
- - {}
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
- labels:
- {{- include "kubeshark.labels" . | nindent 4 }}
- annotations:
- {{- if .Values.tap.annotations }}
- {{- toYaml .Values.tap.annotations | nindent 4 }}
- {{- end }}
- name: kubeshark-worker-network-policy
- namespace: {{ .Release.Namespace }}
-spec:
- podSelector:
- matchLabels:
- app.kubeshark.co/app: worker
- policyTypes:
- - Ingress
- - Egress
- ingress:
- - ports:
- - protocol: TCP
- port: {{ .Values.tap.proxy.worker.srvPort }}
- - protocol: TCP
- port: {{ .Values.tap.metrics.port }}
- egress:
- - {}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubeshark-cli-52.3.92/helm-chart/templates/17-network-policies.yaml
new/kubeshark-cli-52.3.94/helm-chart/templates/17-network-policies.yaml
--- old/kubeshark-cli-52.3.92/helm-chart/templates/17-network-policies.yaml
1970-01-01 01:00:00.000000000 +0100
+++ new/kubeshark-cli-52.3.94/helm-chart/templates/17-network-policies.yaml
2025-01-04 00:42:21.000000000 +0100
@@ -0,0 +1,79 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ labels:
+ {{- include "kubeshark.labels" . | nindent 4 }}
+ annotations:
+ {{- if .Values.tap.annotations }}
+ {{- toYaml .Values.tap.annotations | nindent 4 }}
+ {{- end }}
+ name: kubeshark-hub-network-policy
+ namespace: {{ .Release.Namespace }}
+spec:
+ podSelector:
+ matchLabels:
+ app.kubeshark.co/app: hub
+ policyTypes:
+ - Ingress
+ - Egress
+ ingress:
+ - ports:
+ - protocol: TCP
+ port: 8080
+ - ports:
+ - protocol: TCP
+ port: 9100
+ egress:
+ - {}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ labels:
+ {{- include "kubeshark.labels" . | nindent 4 }}
+ annotations:
+ {{- if .Values.tap.annotations }}
+ {{- toYaml .Values.tap.annotations | nindent 4 }}
+ {{- end }}
+ name: kubeshark-front-network-policy
+ namespace: {{ .Release.Namespace }}
+spec:
+ podSelector:
+ matchLabels:
+ app.kubeshark.co/app: front
+ policyTypes:
+ - Ingress
+ - Egress
+ ingress:
+ - ports:
+ - protocol: TCP
+ port: 8080
+ egress:
+ - {}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ labels:
+ {{- include "kubeshark.labels" . | nindent 4 }}
+ annotations:
+ {{- if .Values.tap.annotations }}
+ {{- toYaml .Values.tap.annotations | nindent 4 }}
+ {{- end }}
+ name: kubeshark-worker-network-policy
+ namespace: {{ .Release.Namespace }}
+spec:
+ podSelector:
+ matchLabels:
+ app.kubeshark.co/app: worker
+ policyTypes:
+ - Ingress
+ - Egress
+ ingress:
+ - ports:
+ - protocol: TCP
+ port: {{ .Values.tap.proxy.worker.srvPort }}
+ - protocol: TCP
+ port: {{ .Values.tap.metrics.port }}
+ egress:
+ - {}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeshark-cli-52.3.92/helm-chart/values.yaml
new/kubeshark-cli-52.3.94/helm-chart/values.yaml
--- old/kubeshark-cli-52.3.92/helm-chart/values.yaml 2024-12-09
20:42:05.000000000 +0100
+++ new/kubeshark-cli-52.3.94/helm-chart/values.yaml 2025-01-04
00:42:21.000000000 +0100
@@ -16,7 +16,7 @@
front: ""
proxy:
worker:
- srvPort: 30001
+ srvPort: 48999
hub:
srvPort: 8898
front:
@@ -85,6 +85,10 @@
filter: ""
canDownloadPCAP: true
canUseScripting: true
+ scriptingPermissions:
+ canSave: true
+ canActivate: true
+ canDelete: true
canUpdateTargetedPods: true
canStopTrafficCapturing: true
showAdminConsoleLink: true
@@ -134,6 +138,8 @@
- syscall
- ws
- ldap
+ customMacros:
+ https: tls and (http or http2)
metrics:
port: 49100
pprof:
@@ -160,6 +166,7 @@
maxTime: 1h
maxSize: 500MB
pcapSrcDir: pcapdump
+ time: time
kube:
configPath: ""
context: ""
@@ -178,3 +185,4 @@
active: []
console: true
timezone: ""
+logLevel: warning
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubeshark-cli-52.3.92/manifests/complete.yaml
new/kubeshark-cli-52.3.94/manifests/complete.yaml
--- old/kubeshark-cli-52.3.92/manifests/complete.yaml 2024-12-09
20:42:05.000000000 +0100
+++ new/kubeshark-cli-52.3.94/manifests/complete.yaml 2025-01-04
00:42:21.000000000 +0100
@@ -1,13 +1,13 @@
---
-# Source: kubeshark/templates/16-network-policies.yaml
+# Source: kubeshark/templates/17-network-policies.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-hub-network-policy
@@ -23,18 +23,21 @@
- ports:
- protocol: TCP
port: 8080
+ - ports:
+ - protocol: TCP
+ port: 9100
egress:
- {}
---
-# Source: kubeshark/templates/16-network-policies.yaml
+# Source: kubeshark/templates/17-network-policies.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-front-network-policy
@@ -53,15 +56,15 @@
egress:
- {}
---
-# Source: kubeshark/templates/16-network-policies.yaml
+# Source: kubeshark/templates/17-network-policies.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-worker-network-policy
@@ -76,7 +79,7 @@
ingress:
- ports:
- protocol: TCP
- port: 30001
+ port: 48999
- protocol: TCP
port: 49100
egress:
@@ -87,10 +90,10 @@
kind: ServiceAccount
metadata:
labels:
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-service-account
@@ -104,10 +107,10 @@
namespace: default
labels:
app.kubeshark.co/app: hub
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
stringData:
LICENSE: ''
@@ -121,10 +124,10 @@
namespace: default
labels:
app.kubeshark.co/app: hub
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
stringData:
AUTH_SAML_X509_CRT: |
@@ -137,10 +140,10 @@
namespace: default
labels:
app.kubeshark.co/app: hub
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
stringData:
AUTH_SAML_X509_KEY: |
@@ -152,10 +155,10 @@
name: kubeshark-nginx-config-map
namespace: default
labels:
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
data:
default.conf: |
@@ -216,10 +219,10 @@
namespace: default
labels:
app.kubeshark.co/app: hub
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
data:
POD_REGEX: '.*'
@@ -236,7 +239,7 @@
AUTH_TYPE: 'oidc'
AUTH_SAML_IDP_METADATA_URL: ''
AUTH_SAML_ROLE_ATTRIBUTE: 'role'
- AUTH_SAML_ROLES:
'{"admin":{"canDownloadPCAP":true,"canStopTrafficCapturing":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","showAdminConsoleLink":true}}'
+ AUTH_SAML_ROLES:
'{"admin":{"canDownloadPCAP":true,"canStopTrafficCapturing":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","scriptingPermissions":{"canActivate":true,"canDelete":true,"canSave":true},"showAdminConsoleLink":true}}'
TELEMETRY_DISABLED: 'false'
SCRIPTING_DISABLED: ''
TARGETED_PODS_UPDATE_DISABLED: ''
@@ -253,6 +256,7 @@
CLOUD_LICENSE_ENABLED: 'true'
DUPLICATE_TIMEFRAME: '200ms'
ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,sctp,syscall,ws,ldap'
+ CUSTOM_MACROS: '{"https":"tls and (http or http2)"}'
DISSECTORS_UPDATING_ENABLED: 'true'
DETECT_DUPLICATES: 'false'
PCAP_DUMP_ENABLE: 'true'
@@ -266,10 +270,10 @@
kind: ClusterRole
metadata:
labels:
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-cluster-role-default
@@ -314,10 +318,10 @@
kind: ClusterRoleBinding
metadata:
labels:
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-cluster-role-binding-default
@@ -336,10 +340,10 @@
kind: Role
metadata:
labels:
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-self-config-role
@@ -366,10 +370,10 @@
kind: RoleBinding
metadata:
labels:
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-self-config-role-binding
@@ -389,10 +393,10 @@
metadata:
labels:
app.kubeshark.co/app: hub
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-hub
@@ -411,10 +415,10 @@
kind: Service
metadata:
labels:
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-front
@@ -433,10 +437,10 @@
apiVersion: v1
metadata:
labels:
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
prometheus.io/scrape: 'true'
@@ -446,10 +450,10 @@
spec:
selector:
app.kubeshark.co/app: worker
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
ports:
- name: metrics
@@ -457,6 +461,35 @@
port: 49100
targetPort: 49100
---
+# Source: kubeshark/templates/16-hub-service-metrics.yaml
+kind: Service
+apiVersion: v1
+metadata:
+ labels:
+ helm.sh/chart: kubeshark-52.3.94
+ app.kubernetes.io/name: kubeshark
+ app.kubernetes.io/instance: kubeshark
+ app.kubernetes.io/version: "52.3.94"
+ app.kubernetes.io/managed-by: Helm
+ annotations:
+ prometheus.io/scrape: 'true'
+ prometheus.io/port: '9100'
+ name: kubeshark-hub-metrics
+ namespace: default
+spec:
+ selector:
+ app.kubeshark.co/app: hub
+ helm.sh/chart: kubeshark-52.3.94
+ app.kubernetes.io/name: kubeshark
+ app.kubernetes.io/instance: kubeshark
+ app.kubernetes.io/version: "52.3.94"
+ app.kubernetes.io/managed-by: Helm
+ ports:
+ - name: metrics
+ protocol: TCP
+ port: 9100
+ targetPort: 9100
+---
# Source: kubeshark/templates/09-worker-daemon-set.yaml
apiVersion: apps/v1
kind: DaemonSet
@@ -464,10 +497,10 @@
labels:
app.kubeshark.co/app: worker
sidecar.istio.io/inject: "false"
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-worker-daemon-set
@@ -482,25 +515,52 @@
metadata:
labels:
app.kubeshark.co/app: worker
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
name: kubeshark-worker-daemon-set
namespace: kubeshark
spec:
+ initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - mkdir -p /sys/fs/bpf && mount | grep -q '/sys/fs/bpf' || mount -t
bpf bpf /sys/fs/bpf
+ image: 'docker.io/kubeshark/worker:v52.3.94'
+ imagePullPolicy: Always
+ name: check-bpf
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /sys
+ name: sys
+ mountPropagation: Bidirectional
+ - command:
+ - ./tracer
+ - -init-bpf
+ image: 'docker.io/kubeshark/worker:v52.3.94'
+ imagePullPolicy: Always
+ name: init-bpf
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /sys
+ name: sys
containers:
- command:
- ./worker
- -i
- any
- -port
- - '30001'
+ - '48999'
- -metrics-port
- '49100'
- -packet-capture
- 'best'
+ - -loglevel
+ - 'warning'
- -unixsocket
- -servicemesh
- -procfs
@@ -510,7 +570,7 @@
- 'auto'
- -staletimeout
- '30'
- image: 'docker.io/kubeshark/worker:v52.3.92'
+ image: 'docker.io/kubeshark/worker:v52.3.94'
imagePullPolicy: Always
name: sniffer
ports:
@@ -559,6 +619,10 @@
- SYS_ADMIN
- SYS_PTRACE
- DAC_OVERRIDE
+ - SYS_ADMIN
+ - SYS_PTRACE
+ - SYS_RESOURCE
+ - IPC_LOCK
drop:
- ALL
readinessProbe:
@@ -567,14 +631,14 @@
successThreshold: 1
initialDelaySeconds: 5
tcpSocket:
- port: 30001
+ port: 48999
livenessProbe:
periodSeconds: 1
failureThreshold: 3
successThreshold: 1
initialDelaySeconds: 5
tcpSocket:
- port: 30001
+ port: 48999
volumeMounts:
- mountPath: /hostproc
name: proc
@@ -590,7 +654,9 @@
- /hostproc
- -disable-ebpf
- -disable-tls-log
- image: 'docker.io/kubeshark/worker:v52.3.92'
+ # - -loglevel
+ # - 'warning'
+ image: 'docker.io/kubeshark/worker:v52.3.94'
imagePullPolicy: Always
name: tracer
env:
@@ -692,10 +758,10 @@
metadata:
labels:
app.kubeshark.co/app: hub
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-hub
@@ -711,10 +777,10 @@
metadata:
labels:
app.kubeshark.co/app: hub
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
spec:
dnsPolicy: ClusterFirstWithHostNet
@@ -725,6 +791,8 @@
- ./hub
- -port
- "8080"
+ - -loglevel
+ - 'warning'
env:
- name: POD_NAME
valueFrom:
@@ -742,7 +810,7 @@
value: 'https://api.kubeshark.co'
- name: PROFILING_ENABLED
value: 'false'
- image: 'docker.io/kubeshark/hub:v52.3.92'
+ image: 'docker.io/kubeshark/hub:v52.3.94'
imagePullPolicy: Always
readinessProbe:
periodSeconds: 1
@@ -796,10 +864,10 @@
metadata:
labels:
app.kubeshark.co/app: front
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
annotations:
name: kubeshark-front
@@ -815,10 +883,10 @@
metadata:
labels:
app.kubeshark.co/app: front
- helm.sh/chart: kubeshark-52.3.92
+ helm.sh/chart: kubeshark-52.3.94
app.kubernetes.io/name: kubeshark
app.kubernetes.io/instance: kubeshark
- app.kubernetes.io/version: "52.3.92"
+ app.kubernetes.io/version: "52.3.94"
app.kubernetes.io/managed-by: Helm
spec:
containers:
@@ -853,7 +921,7 @@
value: 'false'
- name: REACT_APP_SENTRY_ENVIRONMENT
value: 'production'
- image: 'docker.io/kubeshark/front:v52.3.92'
+ image: 'docker.io/kubeshark/front:v52.3.94'
imagePullPolicy: Always
name: kubeshark-front
livenessProbe:
++++++ kubeshark-cli.obsinfo ++++++
--- /var/tmp/diff_new_pack.c3znvH/_old 2025-01-05 15:31:44.178946751 +0100
+++ /var/tmp/diff_new_pack.c3znvH/_new 2025-01-05 15:31:44.182946915 +0100
@@ -1,5 +1,5 @@
name: kubeshark-cli
-version: 52.3.92
-mtime: 1733773325
-commit: cd1d7e4a58d522adb2b3ef3718b660a3983a16a6
+version: 52.3.94
+mtime: 1735947741
+commit: 317357e83b2d77e8df6214d3ae24725abb4573d0
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/kubeshark-cli/vendor.tar.gz
/work/SRC/openSUSE:Factory/.kubeshark-cli.new.1881/vendor.tar.gz differ: char
5, line 1
