Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kubeshark-cli for openSUSE:Factory checked in at 2026-04-18 21:38:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubeshark-cli (Old) and /work/SRC/openSUSE:Factory/.kubeshark-cli.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeshark-cli" Sat Apr 18 21:38:55 2026 rev:31 rq:1347855 version:53.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/kubeshark-cli/kubeshark-cli.changes 2026-04-02 17:43:01.715971731 +0200 +++ /work/SRC/openSUSE:Factory/.kubeshark-cli.new.11940/kubeshark-cli.changes 2026-04-18 21:38:55.559847887 +0200 @@ -1,0 +2,61 @@ +Fri Apr 17 20:01:18 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 53.2.2: + * Release Highlights + Kubeshark 53.2.2 introduces MongoDB protocol dissection, + bringing L7 visibility to MongoDB traffic across the dashboard, + MCP tools, and KFL filtering. Kubernetes metadata enrichment + has been moved from the hub to the worker nodes, significantly + reducing hub load and improving scalability in large clusters. + The eBPF tracer now supports Envoy BoringSSL TLS decryption via + offset-based hooking and introduces a ring buffer-based packet + poller for improved capture performance. + * New Features + - Add MongoDB protocol dissector with request parsing (Phase + 1), MCP transform support, and dashboard UI + - Add Envoy BoringSSL TLS decryption via offset-based hooking + in the eBPF tracer + - Add dashboard-level namespace, worker, and dissector filters + for granular traffic scoping + - Add back-end resolved entry summary display in the dashboard + - Add time preset buttons in snapshot creation dialog for quick + time window selection + - Add external volume support for dissection jobs, enabling + persistent storage across restarts + - Add recvmsg/sendmsg/recvmmsg/sendmmsg/readv/writev syscall + hooks for improved SSL-to-fd tracking + * Improvements + - Move Kubernetes metadata enrichment from hub to worker nodes + — reduces hub load and improves scalability + - Stream pod Modified events to workers when enrichment fields + change, keeping worker-side K8s metadata up to date + - Replace eBPF perf buffer with ring buffer-based packet poller + for improved capture performance and memory efficiency + - Add async pin cleanup for graceful eBPF tracer termination, + improving shutdown reliability + - Update MCP KFL schema to match KFL2 capabilities + - Update Network RCA AI skill resolution tools to + list_workloads/list_ips + - Improve JSON payload detection and formatting in the + dashboard + - Reset API stream on targeting change for consistent real-time + view + - Extract snapshot tar archives directly during download for + dissection + - Pass dissection storage flags to dissection jobs + - TCP flows in CLOSED state now bypass backend capture rules + - Add subPathExpr to worker DaemonSet for shared persistent + storage + - Refactor string splitting in loops for improved performance + - Bump Go base image from 1.25.7 to 1.26.1 + * Bug Fixes + - Fix pod targeting collision for same-named pods in different + namespaces + - Fix KFL K8s field filtering for MCP live queries + - Fix eBPF-TLS capture source icon in the dashboard + - Fix snapshot creation to use only healthy workers + - Fix do_accept() compatibility issue in eBPF tracer + - Fix processing of stop raw capture command + - Fix flaking tests in hub + +------------------------------------------------------------------- Old: ---- kubeshark-cli-53.2.0.obscpio New: ---- kubeshark-cli-53.2.2.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubeshark-cli.spec ++++++ --- /var/tmp/diff_new_pack.Kyrbcr/_old 2026-04-18 21:38:56.971905711 +0200 +++ /var/tmp/diff_new_pack.Kyrbcr/_new 2026-04-18 21:38:56.971905711 +0200 @@ -19,7 +19,7 @@ %define executable_name kubeshark Name: kubeshark-cli -Version: 53.2.0 +Version: 53.2.2 Release: 0 Summary: CLI for the API traffic analyzer for Kubernetes License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Kyrbcr/_old 2026-04-18 21:38:57.011907349 +0200 +++ /var/tmp/diff_new_pack.Kyrbcr/_new 2026-04-18 21:38:57.019907677 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/kubeshark/kubeshark</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v53.2.0</param> + <param name="revision">v53.2.2</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Kyrbcr/_old 2026-04-18 21:38:57.039908496 +0200 +++ /var/tmp/diff_new_pack.Kyrbcr/_new 2026-04-18 21:38:57.043908660 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/kubeshark/kubeshark</param> - <param name="changesrevision">4695acb41e4e89ce22ad231af5ba5fc6ebcf64e3</param></service></servicedata> + <param name="changesrevision">f79885bd359c8dbb8c0a98f6075355bc0fedc59e</param></service></servicedata> (No newline at EOF) ++++++ kubeshark-cli-53.2.0.obscpio -> kubeshark-cli-53.2.2.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/README.md new/kubeshark-cli-53.2.2/README.md --- old/kubeshark-cli-53.2.0/README.md 2026-03-31 21:05:21.000000000 +0200 +++ new/kubeshark-cli-53.2.2/README.md 2026-04-14 10:21:58.000000000 +0200 @@ -23,6 +23,7 @@ - **Download Retrospective PCAPs** — cluster-wide packet captures filtered by nodes, time, workloads, and IPs. Store PCAPs for long-term retention and later investigation. - **Visualize Network Data** — explore traffic matching queries with API, Kubernetes, or network semantics through a real-time dashboard. +- **See Encrypted Traffic in Plain Text** — automatically decrypt TLS/mTLS traffic using eBPF, with no key management or sidecars required. - **Integrate with AI** — connect your favorite AI assistant (e.g. Claude, Copilot) to include network data in AI-driven workflows like incident response and root cause analysis.  @@ -67,15 +68,35 @@ [MCP setup guide →](https://docs.kubeshark.com/en/mcp) +### AI Skills + +Open-source, reusable skills that teach AI agents domain-specific workflows on top of Kubeshark's MCP tools: + +| Skill | Description | +|-------|-------------| +| **[Network RCA](skills/network-rca/)** | Retrospective root cause analysis — snapshots, dissection, PCAP extraction, trend comparison | +| **[KFL](skills/kfl/)** | KFL (Kubeshark Filter Language) expert — writes, debugs, and optimizes traffic filters | + +Install as a Claude Code plugin: + +``` +/plugin marketplace add kubeshark/kubeshark +/plugin install kubeshark +``` + +Or clone and use directly — skills trigger automatically based on conversation context. + +[AI Skills docs →](https://docs.kubeshark.com/en/mcp/skills) + --- -### Network Traffic Indexing +### Query with API, Kubernetes, and Network Semantics -Kubeshark indexes cluster-wide network traffic by parsing it according to protocol specifications, with support for HTTP, gRPC, Redis, Kafka, DNS, and more. This enables queries using Kubernetes semantics (e.g. pod, namespace, node), API semantics (e.g. path, headers, status), and network semantics (e.g. IP, port). No code instrumentation required. +Kubeshark indexes cluster-wide network traffic by parsing it according to protocol specifications, with support for HTTP, gRPC, Redis, Kafka, DNS, and more. A single [KFL query](https://docs.kubeshark.com/en/v2/kfl2) can combine all three semantic layers — Kubernetes identity, API context, and network attributes — to pinpoint exactly the traffic you need. No code instrumentation required. - + -[Learn more →](https://docs.kubeshark.com/en/v2/l7_api_dissection) +[KFL reference →](https://docs.kubeshark.com/en/v2/kfl2) · [Traffic indexing →](https://docs.kubeshark.com/en/v2/l7_api_dissection) ### Workload Dependency Map @@ -87,11 +108,11 @@ ### Traffic Retention & PCAP Export -Capture and retain raw network traffic cluster-wide. Download PCAPs scoped by time range, nodes, workloads, and IPs — ready for Wireshark or any PCAP-compatible tool. +Capture and retain raw network traffic cluster-wide, including decrypted TLS. Download PCAPs scoped by time range, nodes, workloads, and IPs — ready for Wireshark or any PCAP-compatible tool. Store snapshots in cloud storage (S3, Azure Blob, GCS) for long-term retention and cross-cluster sharing. - + -[Snapshots guide →](https://docs.kubeshark.com/en/v2/traffic_snapshots) +[Snapshots guide →](https://docs.kubeshark.com/en/v2/traffic_snapshots) · [Cloud storage →](https://docs.kubeshark.com/en/snapshots_cloud_storage) --- @@ -99,12 +120,12 @@ | Feature | Description | |---------|-------------| -| [**Traffic Snapshots**](https://docs.kubeshark.com/en/v2/traffic_snapshots) | Point-in-time snapshots, export as PCAP for Wireshark | -| [**L7 API Dissection**](https://docs.kubeshark.com/en/v2/l7_api_dissection) | Request/response matching with full payloads and protocol parsing | +| [**Traffic Snapshots**](https://docs.kubeshark.com/en/v2/traffic_snapshots) | Point-in-time snapshots with cloud storage (S3, Azure Blob, GCS), PCAP export for Wireshark | +| [**Traffic Indexing**](https://docs.kubeshark.com/en/v2/l7_api_dissection) | Real-time and delayed L7 indexing with request/response matching and full payloads | | [**Protocol Support**](https://docs.kubeshark.com/en/protocols) | HTTP, gRPC, GraphQL, Redis, Kafka, DNS, and more | -| [**TLS Decryption**](https://docs.kubeshark.com/en/encrypted_traffic) | eBPF-based decryption without key management | -| [**AI-Powered Analysis**](https://docs.kubeshark.com/en/v2/ai_powered_analysis) | Query cluster-wide network data with Claude, Cursor, or any MCP-compatible AI | -| [**Display Filters**](https://docs.kubeshark.com/en/v2/kfl2) | Wireshark-inspired display filters for precise traffic analysis | +| [**TLS Decryption**](https://docs.kubeshark.com/en/encrypted_traffic) | eBPF-based decryption without key management, included in snapshots | +| [**AI Integration**](https://docs.kubeshark.com/en/mcp) | MCP server + open-source AI skills for network RCA and traffic filtering | +| [**KFL Query Language**](https://docs.kubeshark.com/en/v2/kfl2) | CEL-based query language with Kubernetes, API, and network semantics | | [**100% On-Premises**](https://docs.kubeshark.com/en/air_gapped) | Air-gapped support, no external dependencies | --- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/cmd/mcpRunner.go new/kubeshark-cli-53.2.2/cmd/mcpRunner.go --- old/kubeshark-cli-53.2.0/cmd/mcpRunner.go 2026-03-31 21:05:21.000000000 +0200 +++ new/kubeshark-cli-53.2.2/cmd/mcpRunner.go 2026-04-14 10:21:58.000000000 +0200 @@ -86,9 +86,9 @@ } type mcpPrompt struct { - Name string `json:"name"` - Description string `json:"description,omitempty"` - Arguments []mcpPromptArg `json:"arguments,omitempty"` + Name string `json:"name"` + Description string `json:"description,omitempty"` + Arguments []mcpPromptArg `json:"arguments,omitempty"` } type mcpPromptArg struct { @@ -117,11 +117,11 @@ // Hub MCP API response types type hubMCPResponse struct { - Name string `json:"name"` - Description string `json:"description"` - Version string `json:"version"` - Tools []hubMCPTool `json:"tools"` - Prompts []hubMCPPrompt `json:"prompts"` + Name string `json:"name"` + Description string `json:"description"` + Version string `json:"version"` + Tools []hubMCPTool `json:"tools"` + Prompts []hubMCPPrompt `json:"prompts"` } type hubMCPTool struct { @@ -131,9 +131,9 @@ } type hubMCPPrompt struct { - Name string `json:"name"` - Description string `json:"description,omitempty"` - Arguments []hubMCPPromptArg `json:"arguments,omitempty"` + Name string `json:"name"` + Description string `json:"description,omitempty"` + Arguments []hubMCPPromptArg `json:"arguments,omitempty"` } type hubMCPPromptArg struct { @@ -151,10 +151,10 @@ stdout io.Writer backendInitialized bool backendMu sync.Mutex - setFlags []string // --set flags to pass to 'kubeshark tap' when starting - directURL string // If set, connect directly to this URL (no kubectl/proxy) - urlMode bool // True when using direct URL mode - allowDestructive bool // If true, enable start/stop tools + setFlags []string // --set flags to pass to 'kubeshark tap' when starting + directURL string // If set, connect directly to this URL (no kubectl/proxy) + urlMode bool // True when using direct URL mode + allowDestructive bool // If true, enable start/stop tools cachedHubMCP *hubMCPResponse // Cached tools/prompts from Hub cachedAt time.Time // When the cache was populated hubMCPMu sync.Mutex @@ -772,7 +772,6 @@ return prettyJSON.String(), false } - func (s *mcpServer) callGetFileURL(args map[string]any) (string, bool) { filePath, _ := args["path"].(string) if filePath == "" { @@ -869,8 +868,8 @@ // Add namespaces if provided if v, ok := args["namespaces"].(string); ok && v != "" { - namespaces := strings.Split(v, ",") - for _, ns := range namespaces { + namespaces := strings.SplitSeq(v, ",") + for ns := range namespaces { ns = strings.TrimSpace(ns) if ns != "" { cmdArgs = append(cmdArgs, "-n", ns) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/cmd/mcp_test.go new/kubeshark-cli-53.2.2/cmd/mcp_test.go --- old/kubeshark-cli-53.2.0/cmd/mcp_test.go 2026-03-31 21:05:21.000000000 +0200 +++ new/kubeshark-cli-53.2.2/cmd/mcp_test.go 2026-04-14 10:21:58.000000000 +0200 @@ -417,7 +417,7 @@ cmdArgs = append(cmdArgs, v) } if v, _ := tc.args["namespaces"].(string); v != "" { - for _, ns := range strings.Split(v, ",") { + for ns := range strings.SplitSeq(v, ",") { cmdArgs = append(cmdArgs, "-n", strings.TrimSpace(ns)) } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/config/configStruct.go new/kubeshark-cli-53.2.2/config/configStruct.go --- old/kubeshark-cli-53.2.0/config/configStruct.go 2026-03-31 21:05:21.000000000 +0200 +++ new/kubeshark-cli-53.2.2/config/configStruct.go 2026-04-14 10:21:58.000000000 +0200 @@ -128,6 +128,7 @@ "http", "icmp", "kafka", + "mongodb", "redis", // "sctp", // "syscall", @@ -147,6 +148,7 @@ HTTP: []uint16{80, 443, 8080}, AMQP: []uint16{5671, 5672}, KAFKA: []uint16{9092}, + MONGODB: []uint16{27017}, REDIS: []uint16{6379}, LDAP: []uint16{389}, DIAMETER: []uint16{3868}, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/config/configStructs/tapConfig.go new/kubeshark-cli-53.2.2/config/configStructs/tapConfig.go --- old/kubeshark-cli-53.2.0/config/configStructs/tapConfig.go 2026-03-31 21:05:21.000000000 +0200 +++ new/kubeshark-cli-53.2.2/config/configStructs/tapConfig.go 2026-04-14 10:21:58.000000000 +0200 @@ -282,6 +282,7 @@ HTTP []uint16 `yaml:"http" json:"http"` AMQP []uint16 `yaml:"amqp" json:"amqp"` KAFKA []uint16 `yaml:"kafka" json:"kafka"` + MONGODB []uint16 `yaml:"mongodb" json:"mongodb"` REDIS []uint16 `yaml:"redis" json:"redis"` LDAP []uint16 `yaml:"ldap" json:"ldap"` DIAMETER []uint16 `yaml:"diameter" json:"diameter"` @@ -353,8 +354,10 @@ } type DelayedDissectionConfig struct { - CPU string `yaml:"cpu" json:"cpu" default:"1"` - Memory string `yaml:"memory" json:"memory" default:"4Gi"` + CPU string `yaml:"cpu" json:"cpu" default:"1"` + Memory string `yaml:"memory" json:"memory" default:"4Gi"` + StorageSize string `yaml:"storageSize" json:"storageSize" default:""` + StorageClass string `yaml:"storageClass" json:"storageClass" default:""` } type DissectionConfig struct { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/helm-chart/Chart.yaml new/kubeshark-cli-53.2.2/helm-chart/Chart.yaml --- old/kubeshark-cli-53.2.0/helm-chart/Chart.yaml 2026-03-31 21:05:21.000000000 +0200 +++ new/kubeshark-cli-53.2.2/helm-chart/Chart.yaml 2026-04-14 10:21:58.000000000 +0200 @@ -1,6 +1,6 @@ apiVersion: v2 name: kubeshark -version: "53.2.0" +version: "53.2.2" description: The API Traffic Analyzer for Kubernetes home: https://kubeshark.com keywords: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/helm-chart/README.md new/kubeshark-cli-53.2.2/helm-chart/README.md --- old/kubeshark-cli-53.2.0/helm-chart/README.md 2026-03-31 21:05:21.000000000 +0200 +++ new/kubeshark-cli-53.2.2/helm-chart/README.md 2026-04-14 10:21:58.000000000 +0200 @@ -164,6 +164,8 @@ | `tap.snapshots.cloud.gcs.credentialsJson` | Service account JSON key. When set, the chart auto-creates a Secret with `SNAPSHOT_GCS_CREDENTIALS_JSON`. | `""` | | `tap.delayedDissection.cpu` | CPU allocation for delayed dissection jobs | `1` | | `tap.delayedDissection.memory` | Memory allocation for delayed dissection jobs | `4Gi` | +| `tap.delayedDissection.storageSize` | Storage size for dissection job PVC. When empty, falls back to `tap.snapshots.local.storageSize`. When the resolved value is non-empty, a PVC is created; otherwise an `emptyDir` is used. | `""` | +| `tap.delayedDissection.storageClass` | Storage class for dissection job PVC. When empty, falls back to `tap.snapshots.local.storageClass`. | `""` | | `tap.release.repo` | URL of the Helm chart repository | `https://helm.kubeshark.com` | | `tap.release.name` | Helm release name | `kubeshark` | | `tap.release.namespace` | Helm release namespace | `default` | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/helm-chart/templates/02-cluster-role.yaml new/kubeshark-cli-53.2.2/helm-chart/templates/02-cluster-role.yaml --- old/kubeshark-cli-53.2.0/helm-chart/templates/02-cluster-role.yaml 2026-03-31 21:05:21.000000000 +0200 +++ new/kubeshark-cli-53.2.2/helm-chart/templates/02-cluster-role.yaml 2026-04-14 10:21:58.000000000 +0200 @@ -87,6 +87,15 @@ - create - get - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - get + - list + - delete + - apiGroups: - batch resources: - jobs diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/helm-chart/templates/04-hub-deployment.yaml new/kubeshark-cli-53.2.2/helm-chart/templates/04-hub-deployment.yaml --- old/kubeshark-cli-53.2.0/helm-chart/templates/04-hub-deployment.yaml 2026-03-31 21:05:21.000000000 +0200 +++ new/kubeshark-cli-53.2.2/helm-chart/templates/04-hub-deployment.yaml 2026-04-14 10:21:58.000000000 +0200 @@ -56,6 +56,16 @@ - -dissector-memory - '{{ .Values.tap.delayedDissection.memory }}' {{- end }} + {{- $dissectorStorageSize := .Values.tap.delayedDissection.storageSize | default .Values.tap.snapshots.local.storageSize }} + {{- if $dissectorStorageSize }} + - -dissector-storage-size + - '{{ $dissectorStorageSize }}' + {{- end }} + {{- $dissectorStorageClass := .Values.tap.delayedDissection.storageClass | default .Values.tap.snapshots.local.storageClass }} + {{- if $dissectorStorageClass }} + - -dissector-storage-class + - '{{ $dissectorStorageClass }}' + {{- end }} {{- if .Values.tap.gitops.enabled }} - -gitops {{- end }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/helm-chart/templates/09-worker-daemon-set.yaml new/kubeshark-cli-53.2.2/helm-chart/templates/09-worker-daemon-set.yaml --- old/kubeshark-cli-53.2.0/helm-chart/templates/09-worker-daemon-set.yaml 2026-03-31 21:05:21.000000000 +0200 +++ new/kubeshark-cli-53.2.2/helm-chart/templates/09-worker-daemon-set.yaml 2026-04-14 10:21:58.000000000 +0200 @@ -131,6 +131,10 @@ valueFrom: fieldRef: fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName - name: TCP_STREAM_CHANNEL_TIMEOUT_MS value: '{{ .Values.tap.misc.tcpStreamChannelTimeoutMs }}' - name: TCP_STREAM_CHANNEL_TIMEOUT_SHOW @@ -227,6 +231,9 @@ mountPropagation: HostToContainer - mountPath: /app/data name: data +{{- if .Values.tap.persistentStorage }} + subPathExpr: $(NODE_NAME) +{{- end }} {{- if .Values.tap.tls }} - command: - ./tracer @@ -257,6 +264,10 @@ valueFrom: fieldRef: fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName - name: PROFILING_ENABLED value: '{{ .Values.tap.pprof.enabled }}' - name: SENTRY_ENABLED @@ -328,6 +339,9 @@ mountPropagation: HostToContainer - mountPath: /app/data name: data +{{- if .Values.tap.persistentStorage }} + subPathExpr: $(NODE_NAME) +{{- end }} - mountPath: /etc/os-release name: os-release readOnly: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/helm-chart/tests/dissection_storage_test.yaml new/kubeshark-cli-53.2.2/helm-chart/tests/dissection_storage_test.yaml --- old/kubeshark-cli-53.2.0/helm-chart/tests/dissection_storage_test.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/kubeshark-cli-53.2.2/helm-chart/tests/dissection_storage_test.yaml 2026-04-14 10:21:58.000000000 +0200 @@ -0,0 +1,127 @@ +suite: dissection storage configuration +templates: + - templates/04-hub-deployment.yaml +tests: + - it: should fallback to snapshot storageSize when dissection storageSize is empty + asserts: + - contains: + path: spec.template.spec.containers[0].command + content: -dissector-storage-size + - contains: + path: spec.template.spec.containers[0].command + content: "20Gi" + + - it: should fallback to snapshot storageClass when dissection storageClass is empty + set: + tap.snapshots.local.storageClass: gp2 + asserts: + - contains: + path: spec.template.spec.containers[0].command + content: -dissector-storage-class + - contains: + path: spec.template.spec.containers[0].command + content: gp2 + + - it: should not render dissector-storage-class when both dissection and snapshot storageClass are empty + asserts: + - notContains: + path: spec.template.spec.containers[0].command + content: -dissector-storage-class + + - it: should prefer dissection storageSize over snapshot storageSize + set: + tap.delayedDissection.storageSize: 100Gi + tap.snapshots.local.storageSize: 50Gi + asserts: + - contains: + path: spec.template.spec.containers[0].command + content: -dissector-storage-size + - contains: + path: spec.template.spec.containers[0].command + content: "100Gi" + + - it: should prefer dissection storageClass over snapshot storageClass + set: + tap.delayedDissection.storageClass: io2 + tap.snapshots.local.storageClass: gp2 + asserts: + - contains: + path: spec.template.spec.containers[0].command + content: -dissector-storage-class + - contains: + path: spec.template.spec.containers[0].command + content: io2 + + - it: should fallback to snapshot config for both storageSize and storageClass + set: + tap.snapshots.local.storageSize: 30Gi + tap.snapshots.local.storageClass: gp3 + asserts: + - contains: + path: spec.template.spec.containers[0].command + content: -dissector-storage-size + - contains: + path: spec.template.spec.containers[0].command + content: "30Gi" + - contains: + path: spec.template.spec.containers[0].command + content: -dissector-storage-class + - contains: + path: spec.template.spec.containers[0].command + content: gp3 + + - it: should not render dissector-storage-size when both dissection and snapshot storageSize are empty + set: + tap.delayedDissection.storageSize: "" + tap.snapshots.local.storageSize: "" + asserts: + - notContains: + path: spec.template.spec.containers[0].command + content: -dissector-storage-size + + - it: should render all dissector args together with custom values + set: + tap.delayedDissection.cpu: "4" + tap.delayedDissection.memory: 8Gi + tap.delayedDissection.storageSize: 200Gi + tap.delayedDissection.storageClass: local-path + asserts: + - contains: + path: spec.template.spec.containers[0].command + content: -dissector-cpu + - contains: + path: spec.template.spec.containers[0].command + content: "4" + - contains: + path: spec.template.spec.containers[0].command + content: -dissector-memory + - contains: + path: spec.template.spec.containers[0].command + content: 8Gi + - contains: + path: spec.template.spec.containers[0].command + content: -dissector-storage-size + - contains: + path: spec.template.spec.containers[0].command + content: "200Gi" + - contains: + path: spec.template.spec.containers[0].command + content: -dissector-storage-class + - contains: + path: spec.template.spec.containers[0].command + content: local-path + + - it: should still render existing dissector-cpu and dissector-memory args + asserts: + - contains: + path: spec.template.spec.containers[0].command + content: -dissector-cpu + - contains: + path: spec.template.spec.containers[0].command + content: "1" + - contains: + path: spec.template.spec.containers[0].command + content: -dissector-memory + - contains: + path: spec.template.spec.containers[0].command + content: 4Gi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/helm-chart/values.yaml new/kubeshark-cli-53.2.2/helm-chart/values.yaml --- old/kubeshark-cli-53.2.0/helm-chart/values.yaml 2026-03-31 21:05:21.000000000 +0200 +++ new/kubeshark-cli-53.2.2/helm-chart/values.yaml 2026-04-14 10:21:58.000000000 +0200 @@ -37,6 +37,8 @@ delayedDissection: cpu: "1" memory: 4Gi + storageSize: "" + storageClass: "" snapshots: local: storageClass: "" @@ -205,6 +207,7 @@ - http - icmp - kafka + - mongodb - redis - ws - ldap @@ -224,6 +227,8 @@ - 5672 kafka: - 9092 + mongodb: + - 27017 redis: - 6379 ldap: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/manifests/complete.yaml new/kubeshark-cli-53.2.2/manifests/complete.yaml --- old/kubeshark-cli-53.2.0/manifests/complete.yaml 2026-03-31 21:05:21.000000000 +0200 +++ new/kubeshark-cli-53.2.2/manifests/complete.yaml 2026-04-14 10:21:58.000000000 +0200 @@ -4,10 +4,10 @@ kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm name: kubeshark-hub-network-policy namespace: default @@ -33,10 +33,10 @@ kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-front-network-policy @@ -60,10 +60,10 @@ kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-dex-network-policy @@ -87,10 +87,10 @@ kind: NetworkPolicy metadata: labels: - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-worker-network-policy @@ -116,10 +116,10 @@ kind: ServiceAccount metadata: labels: - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm name: kubeshark-service-account namespace: default @@ -132,10 +132,10 @@ namespace: default labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm stringData: LICENSE: '' @@ -151,10 +151,10 @@ namespace: default labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm stringData: AUTH_SAML_X509_CRT: | @@ -167,10 +167,10 @@ namespace: default labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm stringData: AUTH_SAML_X509_KEY: | @@ -182,10 +182,10 @@ name: kubeshark-nginx-config-map namespace: default labels: - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm data: default.conf: | @@ -248,10 +248,10 @@ namespace: default labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm data: POD_REGEX: '.*' @@ -289,7 +289,7 @@ TIMEZONE: ' ' CLOUD_LICENSE_ENABLED: 'true' DUPLICATE_TIMEFRAME: '200ms' - ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,redis,ws,ldap,radius,diameter,udp-flow,tcp-flow,udp-conn,tcp-conn' + ENABLED_DISSECTORS: 'amqp,dns,http,icmp,kafka,mongodb,redis,ws,ldap,radius,diameter,udp-flow,tcp-flow,udp-conn,tcp-conn' CUSTOM_MACROS: '{"https":"tls and (http or http2)"}' DISSECTORS_UPDATING_ENABLED: 'true' SNAPSHOTS_UPDATING_ENABLED: 'true' @@ -299,7 +299,7 @@ PCAP_TIME_INTERVAL: '1m' PCAP_MAX_TIME: '1h' PCAP_MAX_SIZE: '500MB' - PORT_MAPPING: '{"amqp":[5671,5672],"diameter":[3868],"http":[80,443,8080],"kafka":[9092],"ldap":[389],"redis":[6379]}' + PORT_MAPPING: '{"amqp":[5671,5672],"diameter":[3868],"http":[80,443,8080],"kafka":[9092],"ldap":[389],"mongodb":[27017],"redis":[6379]}' RAW_CAPTURE_ENABLED: 'true' RAW_CAPTURE_STORAGE_SIZE: '1Gi' --- @@ -308,10 +308,10 @@ kind: ClusterRole metadata: labels: - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm name: kubeshark-cluster-role-default namespace: default @@ -355,10 +355,10 @@ kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm name: kubeshark-cluster-role-binding-default namespace: default @@ -376,10 +376,10 @@ kind: Role metadata: labels: - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role @@ -415,6 +415,15 @@ - create - get - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - get + - list + - delete + - apiGroups: - batch resources: - jobs @@ -426,10 +435,10 @@ kind: RoleBinding metadata: labels: - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm annotations: name: kubeshark-self-config-role-binding @@ -449,10 +458,10 @@ metadata: labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm name: kubeshark-hub namespace: default @@ -470,10 +479,10 @@ kind: Service metadata: labels: - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm name: kubeshark-front namespace: default @@ -491,10 +500,10 @@ apiVersion: v1 metadata: labels: - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm annotations: prometheus.io/scrape: 'true' @@ -504,10 +513,10 @@ spec: selector: app.kubeshark.com/app: worker - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm ports: - name: metrics @@ -520,10 +529,10 @@ apiVersion: v1 metadata: labels: - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm annotations: prometheus.io/scrape: 'true' @@ -533,10 +542,10 @@ spec: selector: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm ports: - name: metrics @@ -551,10 +560,10 @@ labels: app.kubeshark.com/app: worker sidecar.istio.io/inject: "false" - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm name: kubeshark-worker-daemon-set namespace: default @@ -568,10 +577,10 @@ metadata: labels: app.kubeshark.com/app: worker - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm name: kubeshark-worker-daemon-set namespace: kubeshark @@ -636,6 +645,10 @@ valueFrom: fieldRef: fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName - name: TCP_STREAM_CHANNEL_TIMEOUT_MS value: '10000' - name: TCP_STREAM_CHANNEL_TIMEOUT_SHOW @@ -704,6 +717,10 @@ valueFrom: fieldRef: fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName - name: PROFILING_ENABLED value: 'false' - name: SENTRY_ENABLED @@ -784,10 +801,10 @@ metadata: labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm name: kubeshark-hub namespace: default @@ -802,10 +819,10 @@ metadata: labels: app.kubeshark.com/app: hub - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm spec: dnsPolicy: ClusterFirstWithHostNet @@ -828,6 +845,8 @@ - '1' - -dissector-memory - '4Gi' + - -dissector-storage-size + - '20Gi' - -cloud-api-url - 'https://api.kubeshark.com' env: @@ -913,10 +932,10 @@ metadata: labels: app.kubeshark.com/app: front - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm name: kubeshark-front namespace: default @@ -931,10 +950,10 @@ metadata: labels: app.kubeshark.com/app: front - helm.sh/chart: kubeshark-53.2.0 + helm.sh/chart: kubeshark-53.2.2 app.kubernetes.io/name: kubeshark app.kubernetes.io/instance: kubeshark - app.kubernetes.io/version: "53.2.0" + app.kubernetes.io/version: "53.2.2" app.kubernetes.io/managed-by: Helm spec: containers: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kubeshark-cli-53.2.0/skills/network-rca/SKILL.md new/kubeshark-cli-53.2.2/skills/network-rca/SKILL.md --- old/kubeshark-cli-53.2.0/skills/network-rca/SKILL.md 2026-03-31 21:05:21.000000000 +0200 +++ new/kubeshark-cli-53.2.2/skills/network-rca/SKILL.md 2026-04-14 10:21:58.000000000 +0200 @@ -221,18 +221,48 @@ snapshot's metadata. Snapshots preserve pod-to-IP mappings from capture time, so resolution is accurate even if pods have been rescheduled since. -**Tool**: `resolve_workload` +**Tool**: `list_workloads` -**Example workflow** — extract PCAP for specific workloads: +Use `list_workloads` with `name` + `namespace` for a singular lookup (works +live and against snapshots), or with `snapshot_id` + filters for a broader +scan. -1. Resolve IPs: `resolve_workload` for `orders-594487879c-7ddxf` → `10.0.53.101` -2. Resolve IPs: `resolve_workload` for `payment-service-6b8f9d-x2k4p` → `10.0.53.205` +**Example workflow — singular lookup** — extract PCAP for specific workloads: + +1. Resolve IPs: `list_workloads` with `name: "orders-594487879c-7ddxf"`, `namespace: "prod"` → IPs: `["10.0.53.101"]` +2. Resolve IPs: `list_workloads` with `name: "payment-service-6b8f9d-x2k4p"`, `namespace: "prod"` → IPs: `["10.0.53.205"]` 3. Build BPF: `host 10.0.53.101 or host 10.0.53.205` 4. Export: `export_snapshot_pcap` with that BPF filter +**Example workflow — filtered scan** — extract PCAP for all workloads +matching a pattern in a snapshot: + +1. List workloads: `list_workloads` with `snapshot_id`, `namespaces: ["prod"]`, + `name_regex: "payment.*"` → returns all matching workloads with their IPs +2. Collect all IPs from the response +3. Build BPF: `host 10.0.53.205 or host 10.0.53.210 or ...` +4. Export: `export_snapshot_pcap` with that BPF filter + This gives you a cluster-wide PCAP filtered to exactly the workloads involved in the incident — ready for Wireshark or long-term storage. +### IP-to-Workload Resolution + +When you have an IP address (e.g., from a PCAP or L4 flow) and need to +identify the workload behind it: + +**Tool**: `list_ips` + +Use `list_ips` with `ip` for a singular lookup (works live and against +snapshots), or with `snapshot_id` + filters for a broader scan. + +**Example — singular lookup**: `list_ips` with `ip: "10.0.53.101"`, +`snapshot_id: "snap-abc"` → returns pod/service identity for that IP. + +**Example — filtered scan**: `list_ips` with `snapshot_id: "snap-abc"`, +`namespaces: ["prod"]`, `labels: {"app": "payment"}` → returns all IPs +associated with workloads matching those filters. + --- ## Route 2: Dissection @@ -380,8 +410,9 @@ The two routes are complementary. A common pattern: 1. Start with **Dissection** — let the AI agent search and identify the root cause -2. Once you've pinpointed the problematic workloads, use `resolve_workload` - to get their IPs +2. Once you've pinpointed the problematic workloads, use `list_workloads` + to get their IPs (singular lookup by name+namespace, or filtered scan + by namespace/regex/labels against the snapshot) 3. Switch to **PCAP** — export a filtered PCAP of just those workloads for Wireshark deep-dive, sharing with the network team, or compliance archival @@ -394,7 +425,7 @@ 3. `create_snapshot` covering the incident window (add 15 minutes buffer) 4. **Dissection route**: `start_snapshot_dissection` → `get_api_stats` → `list_api_calls` → `get_api_call` → follow the dependency chain -5. **PCAP route**: `resolve_workload` → `export_snapshot_pcap` with BPF → +5. **PCAP route**: `list_workloads` → `export_snapshot_pcap` with BPF → hand off to Wireshark or archive ### Other Use Cases ++++++ kubeshark-cli.obsinfo ++++++ --- /var/tmp/diff_new_pack.Kyrbcr/_old 2026-04-18 21:38:57.319919963 +0200 +++ /var/tmp/diff_new_pack.Kyrbcr/_new 2026-04-18 21:38:57.327920290 +0200 @@ -1,5 +1,5 @@ name: kubeshark-cli -version: 53.2.0 -mtime: 1774983921 -commit: 4695acb41e4e89ce22ad231af5ba5fc6ebcf64e3 +version: 53.2.2 +mtime: 1776154918 +commit: f79885bd359c8dbb8c0a98f6075355bc0fedc59e ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/kubeshark-cli/vendor.tar.gz /work/SRC/openSUSE:Factory/.kubeshark-cli.new.11940/vendor.tar.gz differ: char 149, line 1
