Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kubeshark-cli for openSUSE:Factory checked in at 2025-03-25 22:11:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubeshark-cli (Old) and /work/SRC/openSUSE:Factory/.kubeshark-cli.new.2696 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeshark-cli" Tue Mar 25 22:11:25 2025 rev:17 rq:1255788 version:52.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/kubeshark-cli/kubeshark-cli.changes 2025-03-02 12:21:43.792258550 +0100 +++ /work/SRC/openSUSE:Factory/.kubeshark-cli.new.2696/kubeshark-cli.changes 2025-03-25 22:20:01.561539188 +0100 @@ -1,0 +2,25 @@ +Tue Mar 25 05:43:14 UTC 2025 - opensuse_buildserv...@ojkastl.de + +- Update to version 52.6.0: + In this release, we fixed several bugs and added notable + integrations. Highlights include support for OIDC with DEX and + the ability to host Kubeshark behind a reverse proxy using a + custom path. + * Bug Fixes & New Features + - Optimized service map performance for large clusters + (thousands of pods and above). + - Improved SCTP reassembler support. + - Fixed a bug related to LDAP protocol dissection. + - Added OIDC with DEX integration for SSO authentication. + Read more in our OIDC with DEX section. + https://docs.kubeshark.co/en/oidc + - Introduced a watchdog mechanism that terminates the Worker if + it deems it non-functional. This feature is enabled by + default and can be disabled using the Helm value: --set + tap.watchdog.enabled=false + - Added support for hosting Kubeshark behind a reverse proxy + with a custom path. + Read more in our Reverse Proxy with a Custom Path section. + https://docs.kubeshark.co/en/custom_path + +------------------------------------------------------------------- Old: ---- kubeshark-cli-52.5.0.obscpio New: ---- kubeshark-cli-52.6.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubeshark-cli.spec ++++++ --- /var/tmp/diff_new_pack.v579hx/_old 2025-03-25 22:20:02.285569239 +0100 +++ /var/tmp/diff_new_pack.v579hx/_new 2025-03-25 22:20:02.293569571 +0100 @@ -19,7 +19,7 @@ %define executable_name kubeshark Name: kubeshark-cli -Version: 52.5.0 +Version: 52.6.0 Release: 0 Summary: CLI for the API traffic analyzer for Kubernetes License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.v579hx/_old 2025-03-25 22:20:02.329571065 +0100 +++ /var/tmp/diff_new_pack.v579hx/_new 2025-03-25 22:20:02.333571231 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/kubeshark/kubeshark</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v52.5.0</param> + <param name="revision">v52.6.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.v579hx/_old 2025-03-25 22:20:02.353572061 +0100 +++ /var/tmp/diff_new_pack.v579hx/_new 2025-03-25 22:20:02.357572227 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/kubeshark/kubeshark</param> - <param name="changesrevision">eec44040382181dd1f849fac8aa7e05675a8b4a2</param></service></servicedata> + <param name="changesrevision">dc50ef48fd6841d5d45c7a90e1a8aeb8ef66f9ee</param></service></servicedata> (No newline at EOF) ++++++ kubeshark-cli-52.5.0.obscpio -> kubeshark-cli-52.6.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/RELEASE.md.TEMPLATE new/kubeshark-cli-52.6.0/RELEASE.md.TEMPLATE --- old/kubeshark-cli-52.5.0/RELEASE.md.TEMPLATE 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/RELEASE.md.TEMPLATE 2025-03-24 23:03:27.000000000 +0100 @@ -10,7 +10,7 @@ **Mac** (AArch64/Apple M1 silicon) ``` -rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/_VER_/kubeshark_darwin_arm64 && chmod 755 kubeshark +curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/_VER_/kubeshark_darwin_arm64 && chmod 755 kubeshark ``` **Linux** (x86-64) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/cmd/tap.go new/kubeshark-cli-52.6.0/cmd/tap.go --- old/kubeshark-cli-52.5.0/cmd/tap.go 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/cmd/tap.go 2025-03-24 23:03:27.000000000 +0100 @@ -61,4 +61,5 @@ tapCmd.Flags().Bool(configStructs.IngressEnabledLabel, defaultTapConfig.Ingress.Enabled, "Enable Ingress") tapCmd.Flags().Bool(configStructs.TelemetryEnabledLabel, defaultTapConfig.Telemetry.Enabled, "Enable/disable Telemetry") tapCmd.Flags().Bool(configStructs.ResourceGuardEnabledLabel, defaultTapConfig.ResourceGuard.Enabled, "Enable/disable resource guard") + tapCmd.Flags().Bool(configStructs.WatchdogEnabled, defaultTapConfig.Watchdog.Enabled, "Enable/disable watchdog") } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/config/configStructs/tapConfig.go new/kubeshark-cli-52.6.0/config/configStructs/tapConfig.go --- old/kubeshark-cli-52.5.0/config/configStructs/tapConfig.go 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/config/configStructs/tapConfig.go 2025-03-24 23:03:27.000000000 +0100 @@ -44,6 +44,7 @@ PcapKubeconfig = "kubeconfig" PcapDumpEnabled = "enabled" PcapTime = "time" + WatchdogEnabled = "watchdogEnabled" ) type ResourceLimitsHub struct { @@ -190,6 +191,14 @@ Annotations map[string]string `yaml:"annotations" json:"annotations" default:"{}"` } +type RoutingConfig struct { + Front FrontRoutingConfig `yaml:"front" json:"front"` +} + +type FrontRoutingConfig struct { + BasePath string `yaml:"basePath" json:"basePath" default:""` +} + type ReleaseConfig struct { Repo string `yaml:"repo" json:"repo" default:"https://helm.kubeshark.co"` Name string `yaml:"name" json:"name" default:"kubeshark"` @@ -209,6 +218,10 @@ Environment string `yaml:"environment" json:"environment" default:"production"` } +type WatchdogConfig struct { + Enabled bool `yaml:"enabled" json:"enabled" default:"true"` +} + type CapabilitiesConfig struct { NetworkCapture []string `yaml:"networkCapture" json:"networkCapture" default:"[]"` ServiceMeshCapture []string `yaml:"serviceMeshCapture" json:"serviceMeshCapture" default:"[]"` @@ -304,10 +317,12 @@ Tolerations TolerationsConfig `yaml:"tolerations" json:"tolerations" default:"{}"` Auth AuthConfig `yaml:"auth" json:"auth"` Ingress IngressConfig `yaml:"ingress" json:"ingress"` + Routing RoutingConfig `yaml:"routing" json:"routing"` IPv6 bool `yaml:"ipv6" json:"ipv6" default:"true"` Debug bool `yaml:"debug" json:"debug" default:"false"` Telemetry TelemetryConfig `yaml:"telemetry" json:"telemetry"` ResourceGuard ResourceGuardConfig `yaml:"resourceGuard" json:"resourceGuard"` + Watchdog WatchdogConfig `yaml:"watchdog" json:"watchdog"` Sentry SentryConfig `yaml:"sentry" json:"sentry"` DefaultFilter string `yaml:"defaultFilter" json:"defaultFilter" default:"!dns and !error"` LiveConfigMapChangesDisabled bool `yaml:"liveConfigMapChangesDisabled" json:"liveConfigMapChangesDisabled" default:"false"` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/Chart.yaml new/kubeshark-cli-52.6.0/helm-chart/Chart.yaml --- old/kubeshark-cli-52.5.0/helm-chart/Chart.yaml 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/Chart.yaml 2025-03-24 23:03:27.000000000 +0100 @@ -1,6 +1,6 @@ apiVersion: v2 name: kubeshark -version: "52.5" +version: "52.6" description: The API Traffic Analyzer for Kubernetes home: https://kubeshark.co keywords: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/README.md new/kubeshark-cli-52.6.0/helm-chart/README.md --- old/kubeshark-cli-52.5.0/helm-chart/README.md 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/README.md 2025-03-24 23:03:27.000000000 +0100 @@ -196,11 +196,12 @@ | `tap.ingress.host` | Host of the `Ingress` | `ks.svc.cluster.local` | | `tap.ingress.tls` | `Ingress` TLS configuration | `[]` | | `tap.ingress.annotations` | `Ingress` annotations | `{}` | +| `tap.routing.front.basePath` | Set this value to serve `front` under specific base path. Example: `/custompath` (forward slash must be present) | `""` | | `tap.ipv6` | Enable IPv6 support for the front-end | `true` | | `tap.debug` | Enable debug mode | `false` | | `tap.telemetry.enabled` | Enable anonymous usage statistics collection | `true` | | `tap.resourceGuard.enabled` | Enable resource guard worker process, which watches RAM/disk usage and enables/disables traffic capture based on available resources | `false` | -| `tap.sentry.enabled` | Enable sending of error logs to Sentry | `false` | +| `tap.sentry.enabled` | Enable sending of error logs to Sentry | `true` (only for qualified users) | | `tap.sentry.environment` | Sentry environment to label error logs with | `production` | | `tap.defaultFilter` | Sets the default dashboard KFL filter (e.g. `http`). By default, this value is set to filter out noisy protocols such as DNS, UDP, ICMP and TCP. The user can easily change this, **temporarily**, in the Dashboard. For a permanent change, you should change this value in the `values.yaml` or `config.yaml` file. | `"!dns and !error"` | | `tap.liveConfigMapChangesDisabled` | If set to `true`, all user functionality (scripting, targeting settings, global & default KFL modification, traffic recording, traffic capturing on/off, protocol dissectors) involving dynamic ConfigMap changes from UI will be disabled | `false` | @@ -228,7 +229,7 @@ DriverContainer image. Kernel versions can be matched literally or using a regular expression -## Installing with SAML enabled +# Installing with SAML enabled ### Prerequisites: @@ -293,3 +294,226 @@ UaV5sbRtTzYLxpOSQyi8CEFA+A== -----END PRIVATE KEY----- ``` + +# Installing with Dex OIDC authentication + +[**Click here to see full docs**](https://docs.kubeshark.co/en/saml#installing-with-oidc-enabled-dex-idp). + +Choose this option, if **you already have a running instance** of Dex in your cluster & +you want to set up Dex OIDC authentication for Kubeshark users. + +Kubeshark supports authentication using [Dex - A Federated OpenID Connect Provider](https://dexidp.io/). +Dex is an abstraction layer designed for integrating a wide variety of Identity Providers. + +**Requirement:** +Your Dex IdP must have a publicly accessible URL. + +### Pre-requisites: + +**1. If you configured Ingress for Kubeshark:** + +(see section: "Installing with Ingress (EKS) enabled") + +OAuth2 callback URL is: <br/> +`https://<kubeshark-ingress-hostname>/api/oauth2/callback` + +**2. If you did not configure Ingress for Kubeshark:** + +OAuth2 callback URL is: <br/> +`http://0.0.0.0:8899/api/oauth2/callback` + +Use chosen OAuth2 callback URL to replace `<your-kubeshark-host>` in Step 3. + +**3. Add this static client to your Dex IdP configuration (`config.yaml`):** +```yaml +staticClients: + - id: kubeshark + secret: create your own client password + name: Kubeshark + redirectURIs: + - https://<your-kubeshark-host>/api/oauth2/callback +``` + +**Final step:** + +Add these helm values to set up OIDC authentication powered by your Dex IdP: + +```yaml +# values.yaml + +tap: + auth: + enabled: true + type: dex + dexOidc: + issuer: <put Dex IdP issuer URL here> + clientId: kubeshark + clientSecret: create your own client password + refreshTokenLifetime: "3960h" # 165 days + oauth2StateParamExpiry: "10m" +``` + +Once you run `helm install kubeshark kubeshark/kubeshark -f ./values.yaml`, Kubeshark will be installed with (Dex) OIDC authentication enabled. + +--- + +# Installing your own Dex IdP along with Kubeshark + +Choose this option, if **you need to deploy an instance of Dex IdP** along with Kubeshark & +set up Dex OIDC authentication for Kubeshark users. + +Depending on Ingress enabled/disabled, your Dex configuration might differ. + +**Requirement:** +Please, configure Ingress using `tap.ingress` for your Kubeshark installation. For example: + +```yaml +tap: + ingress: + enabled: true + className: "alb" + host: ks.example.com + tls: [] + annotations: + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:7..8:certificate/b...65c + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/scheme: internet-facing +``` + +The following Dex settings will have these values: + +| Setting | Value | +|-------------------------------------------------------|----------------------------------------------| +| `tap.auth.dexOidc.issuer` | `https://ks.example.com/dex` | +| `tap.auth.dexConfig.issuer` | `https://ks.example.com/dex` | +| `tap.auth.dexConfig.staticClients -> redirectURIs` | `https://ks.example.com/api/oauth2/callback` | +| `tap.auth.dexConfig.connectors -> config.redirectURI` | `https://ks.example.com/dex/callback` | + +--- + +### Before proceeding with Dex IdP installation: + +Please, make sure to prepare the following things first. + +1. Choose **[Connectors](https://dexidp.io/docs/connectors/)** to enable in Dex IdP. + - i.e. how many kind of "Log in with ..." options you'd like to offer your users + - You will need to specify connectors in `tap.auth.dexConfig.connectors` +2. Choose type of **[Storage](https://dexidp.io/docs/configuration/storage/)** to use in Dex IdP. + - You will need to specify storage settings in `tap.auth.dexConfig.storage` + - default: `memory` +3. Decide on the OAuth2 `?state=` param expiration time: + - field: `tap.auth.dexOidc.oauth2StateParamExpiry` + - default: `10m` (10 minutes) + - valid time units are `s`, `m`, `h` +4. Decide on the refresh token expiration: + - field 1: `tap.auth.dexOidc.expiry.refreshTokenLifetime` + - field 2: `tap.auth.dexConfig.expiry.refreshTokens.absoluteLifetime` + - default: `3960h` (165 days) + - valid time units are `s`, `m`, `h` +5. Create a unique & secure password to set in these fields: + - field 1: `tap.auth.dexOidc.clientSecret` + - field 2: `tap.auth.dexConfig.staticClients -> secret` + - password must be the same for these 2 fields +6. Discover more possibilities of **[Dex Configuration](https://dexidp.io/docs/configuration/)** + - if you decide to include more configuration options, make sure to add them into `tap.auth.dexConfig` +--- + +### Once you are ready with all the points described above: + +Use these helm `values.yaml` fields to: +- Deploy your own instance of Dex IdP along with Kubeshark +- Enable OIDC authentication for Kubeshark users + +Make sure to: +- Replace `<your-ingress-hostname>` with a correct Kubeshark Ingress host (`tap.auth.ingress.host`). + - refer to section **Installing with Ingress (EKS) enabled** to find out how you can configure Ingress host. + +Helm `values.yaml`: +```yaml +tap: + auth: + enabled: true + type: dex + dexOidc: + issuer: https://<your-ingress-hostname>/dex + + # Client ID/secret must be taken from `tap.auth.dexConfig.staticClients -> id/secret` + clientId: kubeshark + clientSecret: create your own client password + + refreshTokenLifetime: "3960h" # 165 days + oauth2StateParamExpiry: "10m" + dexConfig: + # This field is REQUIRED! + # + # The base path of Dex and the external name of the OpenID Connect service. + # This is the canonical URL that all clients MUST use to refer to Dex. If a + # path is provided, Dex's HTTP service will listen at a non-root URL. + issuer: https://<your-ingress-hostname>/dex + + # Expiration configuration for tokens, signing keys, etc. + expiry: + refreshTokens: + validIfNotUsedFor: "2160h" # 90 days + absoluteLifetime: "3960h" # 165 days + + # This field is REQUIRED! + # + # The storage configuration determines where Dex stores its state. + # See the documentation (https://dexidp.io/docs/storage/) for further information. + storage: + type: memory + + # This field is REQUIRED! + # + # Attention: + # Do not change this field and its values. + # This field is required for internal Kubeshark-to-Dex communication. + # + # HTTP service configuration + web: + http: 0.0.0.0:5556 + + # This field is REQUIRED! + # + # Attention: + # Do not change this field and its values. + # This field is required for internal Kubeshark-to-Dex communication. + # + # Telemetry configuration + telemetry: + http: 0.0.0.0:5558 + + # This field is REQUIRED! + # + # Static clients registered in Dex by default. + staticClients: + - id: kubeshark + secret: create your own client password + name: Kubeshark + redirectURIs: + - https://<your-ingress-hostname>/api/oauth2/callback + + # Enable the password database. + # It's a "virtual" connector (identity provider) that stores + # login credentials in Dex's store. + enablePasswordDB: true + + # Connectors are used to authenticate users against upstream identity providers. + # See the documentation (https://dexidp.io/docs/connectors/) for further information. + # + # Attention: + # When you define a new connector, `config.redirectURI` must be: + # https://<your-ingress-hostname>/dex/callback + # + # Example with Google connector: + # connectors: + # - type: google + # id: google + # name: Google + # config: + # clientID: your Google Cloud Auth app client ID + # clientSecret: your Google Auth app client ID + # redirectURI: https://<your-ingress-hostname>/dex/callback + connectors: [] +``` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/templates/06-front-deployment.yaml new/kubeshark-cli-52.6.0/helm-chart/templates/06-front-deployment.yaml --- old/kubeshark-cli-52.5.0/helm-chart/templates/06-front-deployment.yaml 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/templates/06-front-deployment.yaml 2025-03-24 23:03:27.000000000 +0100 @@ -26,12 +26,16 @@ - env: - name: REACT_APP_AUTH_ENABLED value: '{{- if or (and .Values.cloudLicenseEnabled (not (empty .Values.license))) (not .Values.internetConnectivity) -}} - "false" - {{- else -}} - {{ .Values.cloudLicenseEnabled | ternary "true" .Values.tap.auth.enabled }} - {{- end }}' + {{ (and .Values.tap.auth.enabled (eq .Values.tap.auth.type "dex")) | ternary true false }} + {{- else -}} + {{ .Values.cloudLicenseEnabled | ternary "true" .Values.tap.auth.enabled }} + {{- end }}' - name: REACT_APP_AUTH_TYPE - value: '{{ not (eq .Values.tap.auth.type "") | ternary (.Values.cloudLicenseEnabled | ternary "oidc" .Values.tap.auth.type) " " }}' + value: '{{- if and .Values.cloudLicenseEnabled (not (eq .Values.tap.auth.type "dex")) -}} + default + {{- else -}} + {{ .Values.tap.auth.type }} + {{- end }}' - name: REACT_APP_AUTH_SAML_IDP_METADATA_URL value: '{{ not (eq .Values.tap.auth.saml.idpMetadataUrl "") | ternary .Values.tap.auth.saml.idpMetadataUrl " " }}' - name: REACT_APP_TIMEZONE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/templates/09-worker-daemon-set.yaml new/kubeshark-cli-52.6.0/helm-chart/templates/09-worker-daemon-set.yaml --- old/kubeshark-cli-52.5.0/helm-chart/templates/09-worker-daemon-set.yaml 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/templates/09-worker-daemon-set.yaml 2025-03-24 23:03:27.000000000 +0100 @@ -69,6 +69,9 @@ {{- if .Values.tap.resourceGuard.enabled }} - -enable-resource-guard {{- end }} + {{- if .Values.tap.watchdog.enabled }} + - -enable-watchdog + {{- end }} - -resolution-strategy - '{{ .Values.tap.misc.resolutionStrategy }}' - -staletimeout diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/templates/11-nginx-config-map.yaml new/kubeshark-cli-52.6.0/helm-chart/templates/11-nginx-config-map.yaml --- old/kubeshark-cli-52.5.0/helm-chart/templates/11-nginx-config-map.yaml 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/templates/11-nginx-config-map.yaml 2025-03-24 23:03:27.000000000 +0100 @@ -20,8 +20,8 @@ client_header_buffer_size 32k; large_client_header_buffers 8 64k; - location /api { - rewrite ^/api(.*)$ $1 break; + location {{ default "" (((.Values.tap).routing).front).basePath }}/api { + rewrite ^{{ default "" (((.Values.tap).routing).front).basePath }}/api(.*)$ $1 break; proxy_pass http://kubeshark-hub; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; @@ -35,8 +35,8 @@ proxy_pass_request_headers on; } - location /saml { - rewrite ^/saml(.*)$ /saml$1 break; + location {{ default "" (((.Values.tap).routing).front).basePath }}/saml { + rewrite ^{{ default "" (((.Values.tap).routing).front).basePath }}/saml(.*)$ /saml$1 break; proxy_pass http://kubeshark-hub; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $http_host; @@ -46,6 +46,34 @@ proxy_pass_request_headers on; } +{{- if .Values.tap.auth.dexConfig }} + location /dex { + rewrite ^{{ default "" (((.Values.tap).routing).front).basePath }}/dex(.*)$ /dex$1 break; + proxy_pass http://kubeshark-dex; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $http_host; + proxy_set_header Upgrade websocket; + proxy_set_header Connection Upgrade; + proxy_set_header Authorization $http_authorization; + proxy_pass_header Authorization; + proxy_connect_timeout 4s; + proxy_read_timeout 120s; + proxy_send_timeout 12s; + proxy_pass_request_headers on; + } +{{- end }} + +{{- if (((.Values.tap).routing).front).basePath }} + location {{ .Values.tap.routing.front.basePath }} { + rewrite ^{{ .Values.tap.routing.front.basePath }}(.*)$ $1 break; + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri $uri/ /index.html; + expires -1; + add_header Cache-Control no-cache; + } +{{- end }} + location / { root /usr/share/nginx/html; index index.html index.htm; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/templates/12-config-map.yaml new/kubeshark-cli-52.6.0/helm-chart/templates/12-config-map.yaml --- old/kubeshark-cli-52.5.0/helm-chart/templates/12-config-map.yaml 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/templates/12-config-map.yaml 2025-03-24 23:03:27.000000000 +0100 @@ -18,14 +18,21 @@ INGRESS_HOST: '{{ .Values.tap.ingress.host }}' PROXY_FRONT_PORT: '{{ .Values.tap.proxy.front.port }}' AUTH_ENABLED: '{{- if and .Values.cloudLicenseEnabled (not (empty .Values.license)) -}} - "false" + {{ and .Values.tap.auth.enabled (eq .Values.tap.auth.type "dex") | ternary true false }} {{- else -}} {{ .Values.cloudLicenseEnabled | ternary "true" (.Values.tap.auth.enabled | ternary "true" "") }} {{- end }}' - AUTH_TYPE: '{{ .Values.cloudLicenseEnabled | ternary "oidc" (.Values.tap.auth.type) }}' + AUTH_TYPE: '{{- if and .Values.cloudLicenseEnabled (not (eq .Values.tap.auth.type "dex")) -}} + default + {{- else -}} + {{ .Values.tap.auth.type }} + {{- end }}' AUTH_SAML_IDP_METADATA_URL: '{{ .Values.tap.auth.saml.idpMetadataUrl }}' AUTH_SAML_ROLE_ATTRIBUTE: '{{ .Values.tap.auth.saml.roleAttribute }}' AUTH_SAML_ROLES: '{{ .Values.tap.auth.saml.roles | toJson }}' + AUTH_OIDC_ISSUER: '{{ default "not set" (((.Values.tap).auth).dexOidc).issuer }}' + AUTH_OIDC_REFRESH_TOKEN_LIFETIME: '{{ default "3960h" (((.Values.tap).auth).dexOidc).refreshTokenLifetime }}' + AUTH_OIDC_STATE_PARAM_EXPIRY: '{{ default "10m" (((.Values.tap).auth).dexOidc).oauth2StateParamExpiry }}' TELEMETRY_DISABLED: '{{ not .Values.internetConnectivity | ternary "true" (not .Values.tap.telemetry.enabled | ternary "true" "false") }}' SCRIPTING_DISABLED: '{{- if .Values.tap.liveConfigMapChangesDisabled -}} {{- if .Values.demoModeEnabled -}} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/templates/13-secret.yaml new/kubeshark-cli-52.6.0/helm-chart/templates/13-secret.yaml --- old/kubeshark-cli-52.5.0/helm-chart/templates/13-secret.yaml 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/templates/13-secret.yaml 2025-03-24 23:03:27.000000000 +0100 @@ -9,6 +9,8 @@ stringData: LICENSE: '{{ .Values.license }}' SCRIPTING_ENV: '{{ .Values.scripting.env | toJson }}' + OIDC_CLIENT_ID: '{{ default "not set" (((.Values.tap).auth).dexOidc).clientId }}' + OIDC_CLIENT_SECRET: '{{ default "not set" (((.Values.tap).auth).dexOidc).clientSecret }}' --- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/templates/17-network-policies.yaml new/kubeshark-cli-52.6.0/helm-chart/templates/17-network-policies.yaml --- old/kubeshark-cli-52.5.0/helm-chart/templates/17-network-policies.yaml 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/templates/17-network-policies.yaml 2025-03-24 23:03:27.000000000 +0100 @@ -60,6 +60,31 @@ {{- if .Values.tap.annotations }} {{- toYaml .Values.tap.annotations | nindent 4 }} {{- end }} + name: kubeshark-dex-network-policy + namespace: {{ .Release.Namespace }} +spec: + podSelector: + matchLabels: + app.kubeshark.co/app: dex + policyTypes: + - Ingress + - Egress + ingress: + - ports: + - protocol: TCP + port: 5556 + egress: + - {} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + {{- include "kubeshark.labels" . | nindent 4 }} + annotations: + {{- if .Values.tap.annotations }} + {{- toYaml .Values.tap.annotations | nindent 4 }} + {{- end }} name: kubeshark-worker-network-policy namespace: {{ .Release.Namespace }} spec: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/templates/18-dex-deployment.yaml new/kubeshark-cli-52.6.0/helm-chart/templates/18-dex-deployment.yaml --- old/kubeshark-cli-52.5.0/helm-chart/templates/18-dex-deployment.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/templates/18-dex-deployment.yaml 2025-03-24 23:03:27.000000000 +0100 @@ -0,0 +1,116 @@ +{{- if .Values.tap.auth.dexConfig }} + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubeshark.co/app: dex + {{- include "kubeshark.labels" . | nindent 4 }} + annotations: + {{- if .Values.tap.annotations }} + {{- toYaml .Values.tap.annotations | nindent 4 }} + {{- end }} + name: {{ include "kubeshark.name" . }}-dex + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 # Set the desired number of replicas + selector: + matchLabels: + app.kubeshark.co/app: dex + {{- include "kubeshark.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + app.kubeshark.co/app: dex + {{- include "kubeshark.labels" . | nindent 8 }} + spec: + containers: + - name: kubeshark-dex + image: 'dexidp/dex:v2.42.0-alpine' + ports: + - name: http + containerPort: 5556 + protocol: TCP + - name: telemetry + containerPort: 5558 + protocol: TCP + args: + - dex + - serve + - /etc/dex/dex-config.yaml + imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }} + volumeMounts: + - name: dex-secret-conf-volume + mountPath: /etc/dex/dex-config.yaml + subPath: dex-config.yaml + readOnly: true + livenessProbe: + httpGet: + path: /healthz/live + port: 5558 + periodSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + initialDelaySeconds: 3 + readinessProbe: + httpGet: + path: /healthz/ready + port: 5558 + periodSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + initialDelaySeconds: 3 + timeoutSeconds: 1 + resources: + limits: + cpu: 750m + memory: 1Gi + requests: + cpu: 50m + memory: 50Mi + {{- if .Values.tap.docker.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.tap.docker.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- if gt (len .Values.tap.nodeSelectorTerms.dex) 0}} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + {{- toYaml .Values.tap.nodeSelectorTerms.dex | nindent 12 }} +{{- end }} + {{- if or .Values.tap.dns.nameservers .Values.tap.dns.searches .Values.tap.dns.options }} + dnsConfig: + {{- if .Values.tap.dns.nameservers }} + nameservers: + {{- range .Values.tap.dns.nameservers }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- if .Values.tap.dns.searches }} + searches: + {{- range .Values.tap.dns.searches }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- if .Values.tap.dns.options }} + options: + {{- range .Values.tap.dns.options }} + - name: {{ .name | quote }} + {{- if .value }} + value: {{ .value | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + volumes: + - name: dex-secret-conf-volume + secret: + secretName: kubeshark-dex-conf-secret + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: {{ include "kubeshark.serviceAccountName" . }} + +{{- end }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/templates/19-dex-service.yaml new/kubeshark-cli-52.6.0/helm-chart/templates/19-dex-service.yaml --- old/kubeshark-cli-52.5.0/helm-chart/templates/19-dex-service.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/templates/19-dex-service.yaml 2025-03-24 23:03:27.000000000 +0100 @@ -0,0 +1,25 @@ +{{- if .Values.tap.auth.dexConfig }} + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubeshark.co/app: dex + {{- include "kubeshark.labels" . | nindent 4 }} + annotations: + {{- if .Values.tap.annotations }} + {{- toYaml .Values.tap.annotations | nindent 4 }} + {{- end }} + name: kubeshark-dex + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: kubeshark-dex + port: 80 + targetPort: 5556 + selector: + app.kubeshark.co/app: dex + type: ClusterIP + +{{- end }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/templates/20-dex-secret.yaml new/kubeshark-cli-52.6.0/helm-chart/templates/20-dex-secret.yaml --- old/kubeshark-cli-52.5.0/helm-chart/templates/20-dex-secret.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/templates/20-dex-secret.yaml 2025-03-24 23:03:27.000000000 +0100 @@ -0,0 +1,14 @@ +{{- if .Values.tap.auth.dexConfig }} + +kind: Secret +apiVersion: v1 +metadata: + name: kubeshark-dex-conf-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubeshark.co/app: hub + {{- include "kubeshark.labels" . | nindent 4 }} +data: + dex-config.yaml: {{ .Values.tap.auth.dexConfig | toYaml | b64enc | quote }} + +{{- end }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/templates/NOTES.txt new/kubeshark-cli-52.6.0/helm-chart/templates/NOTES.txt --- old/kubeshark-cli-52.5.0/helm-chart/templates/NOTES.txt 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/templates/NOTES.txt 2025-03-24 23:03:27.000000000 +0100 @@ -34,7 +34,7 @@ {{ if .Values.tap.ingress.enabled }} You can now access the application through the following URL: -http{{ if .Values.tap.ingress.tls }}s{{ end }}://{{ .Values.tap.ingress.host }} +http{{ if .Values.tap.ingress.tls }}s{{ end }}://{{ .Values.tap.ingress.host }}{{ default "" (((.Values.tap).routing).front).basePath }}/ {{- else }} To access the application, follow these steps: @@ -44,6 +44,6 @@ kubectl port-forward -n {{ .Release.Namespace }} service/kubeshark-front 8899:80 2. Once port forwarding is done, you can access the application by visiting the following URL in your web browser: - http://0.0.0.0:8899 + http://0.0.0.0:8899{{ default "" (((.Values.tap).routing).front).basePath }}/ {{- end }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/templates/_helpers.tpl new/kubeshark-cli-52.6.0/helm-chart/templates/_helpers.tpl --- old/kubeshark-cli-52.5.0/helm-chart/templates/_helpers.tpl 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/templates/_helpers.tpl 2025-03-24 23:03:27.000000000 +0100 @@ -86,3 +86,15 @@ {{- end -}} {{- $sentryEnabledVal -}} {{- end -}} + +{{/* +Dex IdP: retrieve a secret for static client with a specific ID +*/}} +{{- define "getDexKubesharkStaticClientSecret" -}} + {{- $clientId := .clientId -}} + {{- range .clients }} + {{- if eq .id $clientId }} + {{- .secret }} + {{- end }} + {{- end }} +{{- end }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/helm-chart/values.yaml new/kubeshark-cli-52.6.0/helm-chart/values.yaml --- old/kubeshark-cli-52.5.0/helm-chart/values.yaml 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/helm-chart/values.yaml 2025-03-24 23:03:27.000000000 +0100 @@ -131,12 +131,17 @@ host: ks.svc.cluster.local tls: [] annotations: {} + routing: + front: + basePath: "" ipv6: true debug: false telemetry: enabled: true resourceGuard: enabled: false + watchdog: + enabled: true sentry: enabled: false environment: production diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-52.5.0/manifests/complete.yaml new/kubeshark-cli-52.6.0/manifests/complete.yaml --- old/kubeshark-cli-52.5.0/manifests/complete.yaml 2025-03-01 21:00:24.000000000 +0100 +++ new/kubeshark-cli-52.6.0/manifests/complete.yaml 2025-03-24 23:03:27.000000000 +0100 @@ -4,10 +4,10 @@ kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-hub-network-policy @@ -34,10 +34,10 @@ kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front-network-policy @@ -61,10 +61,37 @@ kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" + app.kubernetes.io/managed-by: Helm + annotations: + name: kubeshark-dex-network-policy + namespace: default +spec: + podSelector: + matchLabels: + app.kubeshark.co/app: dex + policyTypes: + - Ingress + - Egress + ingress: + - ports: + - protocol: TCP + port: 5556 + egress: + - {} +--- +# Source: kubeshark/templates/17-network-policies.yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + helm.sh/chart: kubeshark-52.6 + app.kubernetes.io/name: kubeshark + app.kubernetes.io/instance: kubeshark + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-worker-network-policy @@ -90,10 +117,10 @@ kind: ServiceAccount metadata: labels: - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-service-account @@ -107,14 +134,16 @@ namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm stringData: LICENSE: '' SCRIPTING_ENV: '{}' + OIDC_CLIENT_ID: 'not set' + OIDC_CLIENT_SECRET: 'not set' --- # Source: kubeshark/templates/13-secret.yaml kind: Secret @@ -124,10 +153,10 @@ namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm stringData: AUTH_SAML_X509_CRT: | @@ -140,10 +169,10 @@ namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm stringData: AUTH_SAML_X509_KEY: | @@ -155,10 +184,10 @@ name: kubeshark-nginx-config-map namespace: default labels: - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm data: default.conf: | @@ -219,10 +248,10 @@ namespace: default labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm data: POD_REGEX: '.*' @@ -236,10 +265,13 @@ INGRESS_HOST: 'ks.svc.cluster.local' PROXY_FRONT_PORT: '8899' AUTH_ENABLED: 'true' - AUTH_TYPE: 'oidc' + AUTH_TYPE: 'default' AUTH_SAML_IDP_METADATA_URL: '' AUTH_SAML_ROLE_ATTRIBUTE: 'role' AUTH_SAML_ROLES: '{"admin":{"canDownloadPCAP":true,"canStopTrafficCapturing":true,"canUpdateTargetedPods":true,"canUseScripting":true,"filter":"","scriptingPermissions":{"canActivate":true,"canDelete":true,"canSave":true},"showAdminConsoleLink":true}}' + AUTH_OIDC_ISSUER: 'not set' + AUTH_OIDC_REFRESH_TOKEN_LIFETIME: '3960h' + AUTH_OIDC_STATE_PARAM_EXPIRY: '10m' TELEMETRY_DISABLED: 'false' SCRIPTING_DISABLED: 'false' TARGETED_PODS_UPDATE_DISABLED: '' @@ -271,10 +303,10 @@ kind: ClusterRole metadata: labels: - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-cluster-role-default @@ -319,10 +351,10 @@ kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-cluster-role-binding-default @@ -341,10 +373,10 @@ kind: Role metadata: labels: - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role @@ -371,10 +403,10 @@ kind: RoleBinding metadata: labels: - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role-binding @@ -394,10 +426,10 @@ metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-hub @@ -416,10 +448,10 @@ kind: Service metadata: labels: - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front @@ -438,10 +470,10 @@ apiVersion: v1 metadata: labels: - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: prometheus.io/scrape: 'true' @@ -451,10 +483,10 @@ spec: selector: app.kubeshark.co/app: worker - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm ports: - name: metrics @@ -467,10 +499,10 @@ apiVersion: v1 metadata: labels: - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: prometheus.io/scrape: 'true' @@ -480,10 +512,10 @@ spec: selector: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm ports: - name: metrics @@ -498,10 +530,10 @@ labels: app.kubeshark.co/app: worker sidecar.istio.io/inject: "false" - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-worker-daemon-set @@ -516,10 +548,10 @@ metadata: labels: app.kubeshark.co/app: worker - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm name: kubeshark-worker-daemon-set namespace: kubeshark @@ -529,7 +561,7 @@ - /bin/sh - -c - mkdir -p /sys/fs/bpf && mount | grep -q '/sys/fs/bpf' || mount -t bpf bpf /sys/fs/bpf - image: 'docker.io/kubeshark/worker:v52.5' + image: 'docker.io/kubeshark/worker:v52.6' imagePullPolicy: Always name: mount-bpf securityContext: @@ -554,11 +586,12 @@ - -servicemesh - -procfs - /hostproc + - -enable-watchdog - -resolution-strategy - 'auto' - -staletimeout - '30' - image: 'docker.io/kubeshark/worker:v52.5' + image: 'docker.io/kubeshark/worker:v52.6' imagePullPolicy: Always name: sniffer ports: @@ -632,7 +665,7 @@ - -disable-tls-log - -loglevel - 'warning' - image: 'docker.io/kubeshark/worker:v52.5' + image: 'docker.io/kubeshark/worker:v52.6' imagePullPolicy: Always name: tracer env: @@ -724,10 +757,10 @@ metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-hub @@ -743,10 +776,10 @@ metadata: labels: app.kubeshark.co/app: hub - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm spec: dnsPolicy: ClusterFirstWithHostNet @@ -776,7 +809,7 @@ value: 'https://api.kubeshark.co' - name: PROFILING_ENABLED value: 'false' - image: 'docker.io/kubeshark/hub:v52.5' + image: 'docker.io/kubeshark/hub:v52.6' imagePullPolicy: Always readinessProbe: periodSeconds: 10 @@ -839,10 +872,10 @@ metadata: labels: app.kubeshark.co/app: front - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front @@ -858,10 +891,10 @@ metadata: labels: app.kubeshark.co/app: front - helm.sh/chart: kubeshark-52.5 + helm.sh/chart: kubeshark-52.6 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "52.5" + app.kubernetes.io/version: "52.6" app.kubernetes.io/managed-by: Helm spec: containers: @@ -869,7 +902,7 @@ - name: REACT_APP_AUTH_ENABLED value: 'true' - name: REACT_APP_AUTH_TYPE - value: 'oidc' + value: 'default' - name: REACT_APP_AUTH_SAML_IDP_METADATA_URL value: ' ' - name: REACT_APP_TIMEZONE @@ -898,7 +931,7 @@ value: 'false' - name: REACT_APP_SENTRY_ENVIRONMENT value: 'production' - image: 'docker.io/kubeshark/front:v52.5' + image: 'docker.io/kubeshark/front:v52.6' imagePullPolicy: Always name: kubeshark-front livenessProbe: ++++++ kubeshark-cli.obsinfo ++++++ --- /var/tmp/diff_new_pack.v579hx/_old 2025-03-25 22:20:02.509578536 +0100 +++ /var/tmp/diff_new_pack.v579hx/_new 2025-03-25 22:20:02.525579201 +0100 @@ -1,5 +1,5 @@ name: kubeshark-cli -version: 52.5.0 -mtime: 1740859224 -commit: eec44040382181dd1f849fac8aa7e05675a8b4a2 +version: 52.6.0 +mtime: 1742853807 +commit: dc50ef48fd6841d5d45c7a90e1a8aeb8ef66f9ee ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/kubeshark-cli/vendor.tar.gz /work/SRC/openSUSE:Factory/.kubeshark-cli.new.2696/vendor.tar.gz differ: char 5, line 1
