You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| `tap.persistentStorage` | Use `persistentVolumeClaim` instead of `emptyDir` | `false` |
146
146
| `tap.persistentStorageStatic` | Use static persistent volume provisioning (explicitly defined `PersistentVolume` ) | `false` |
147
+
| `tap.persistentStoragePvcVolumeMode` | Set the pvc volume mode (Filesystem\|Block) | `Filesystem` |
147
148
| `tap.efsFileSytemIdAndPath` | [EFS file system ID and, optionally, subpath and/or access point](https://github.com/kubernetes-sigs/aws-efs-csi-driver/blob/master/examples/kubernetes/access_points/README.md) `<FileSystemId>:<Path>:<AccessPointId>` | "" |
148
149
| `tap.storageLimit` | Limit of either the `emptyDir` or `persistentVolumeClaim` | `500Mi` |
149
150
| `tap.storageClass` | Storage class of the `PersistentVolumeClaim` | `standard` |
@@ -209,6 +210,7 @@ Example for overriding image names:
209
210
| `tap.metrics.port` | Pod port used to expose Prometheus metrics | `49100` |
210
211
| `tap.enabledDissectors` | This is an array of strings representing the list of supported protocols. Remove or comment out redundant protocols (e.g., dns).| The default list excludes: `udp`and `tcp` |
211
212
| `tap.mountBpf` | BPF filesystem needs to be mounted for eBPF to work properly. This helm value determines whether Kubeshark will attempt to mount the filesystem. This option is not required if filesystem is already mounts. │ `true`|
213
+
| `tap.gitops.enabled` | Enable GitOps functionality. This will allow you to use GitOps to manage your Kubeshark configuration. | `false` |
212
214
| `logs.file` | Logs dump path | `""` |
213
215
| `pcapdump.enabled` | Enable recording of all traffic captured according to other parameters. Whatever Kubeshark captures, considering pod targeting rules, will be stored in pcap files ready to be viewed by tools | `true` |
214
216
| `pcapdump.maxTime` | The time window into the past that will be stored. Older traffic will be discarded. | `2h` |
@@ -222,7 +224,7 @@ Example for overriding image names:
222
224
| `scripting.source` | Source directory of the scripts | `""` |
223
225
| `scripting.watchScripts` | Enable watch mode for the scripts in source directory | `true` |
224
226
| `timezone` | IANA time zone applied to time shown in the front-end | `""` (local time zone applies) |
225
-
| `supportChatEnabled` | Enable real-time support chat channel based on Intercom | `true` |
227
+
| `supportChatEnabled` | Enable real-time support chat channel based on Intercom | `false` |
226
228
| `internetConnectivity` | Turns off API requests that are dependant on Internet connectivity such as `telemetry` and `online-support`. | `true` |
227
229
228
230
KernelMapping pairs kernel versions with a
@@ -351,8 +353,20 @@ tap:
351
353
clientSecret: create your own client password
352
354
refreshTokenLifetime: "3960h"# 165 days
353
355
oauth2StateParamExpiry: "10m"
356
+
bypassSslCaCheck: false
354
357
```
355
358
359
+
---
360
+
361
+
**Note:**<br/>
362
+
Set `tap.auth.dexOidc.bypassSslCaCheck: true`
363
+
to allow Kubeshark communication with Dex IdP having an unknown SSL Certificate Authority.
364
+
365
+
This setting allows you to prevent such SSL CA-related errors:<br/>
366
+
`tls: failed to verify certificate: x509: certificate signed by unknown authority`
367
+
368
+
---
369
+
356
370
Once you run `helm install kubeshark kubeshark/kubeshark -f ./values.yaml`, Kubeshark will be installed with (Dex) OIDC authentication enabled.
0 commit comments