File kubeshark-cli.changes of Package kubeshark-cli
-------------------------------------------------------------------
Tue Jun 17 10:51:52 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 52.7.8:
* Bug Fixes & New Features
- Resolved a Make issue that caused the CLI to use an explicit
tag (e.g., v52.3.77) instead of the latest tag (e.g., v52.3).
- Reintroduced online support via Intercom. This can be
disabled using: --set supportChatEnabled=false.
- Fixed a panic related to the WebSocket (WS) protocol.
- Added the ability to download an Agent logic script
(JavaScript file). Once downloaded, the script can be used
locally and managed via source control.
-------------------------------------------------------------------
Tue Jun 03 19:31:34 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 52.7.7 (52.7.6 does not exist):
* Release Highlights
- This release includes several key bug fixes and feature
enhancements. Notably, it adds support for external secret
managers and improves Helm chart semantic versioning (semver)
compliance.
* Bug Fixes & New Features
- Fixed a bug where eBPF traffic capture did not work when
persistent volume storage was used. (#1757).
- Fixed a bug where Kubeshark stopped processing traffic when
Workers restarted (#1760).
- Added an option to configure secrets to be read from
environment variables, enabling the use of external secret
managers for storing items such as licenses or SAML/OIDC
secrets.
- Updated Chart.yaml to use the full semantic version, ensuring
the Helm chart is semver compliant (#1752).
- Improved calculations for throughput, bandwidth, and latency
in the service map.
-------------------------------------------------------------------
Tue Jun 03 19:30:49 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 52.7.5 (52.7.4 does not exist):
* :bookmark: Bump the Helm chart version to 52.7.5
* Set tap.docker.tag to minor version of release (#1761)
-------------------------------------------------------------------
Tue Jun 03 19:29:38 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 52.7.3 (52.7.1 and 52.7.2 do not exist):
* Bump the Helm chart version to 52.7.3
* disabled sctp by default as it is part of debug protocols.
* disable watchdog by default (#1759)
* eBPF capture didn't work in case of persistent storage (#1757)
* Add secret names to inject env variables from (#1756)
* Use full semver version in Chart.yaml (#1754)
* Incerased storage limit from 500Mi to 5Gi (#1755)
* Add kubeshark_dropped_chunks_total metric description (#1753)
-------------------------------------------------------------------
Fri Apr 18 05:29:51 UTC 2025 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- Update to version 52.7.0:
* Release Highlights
This update adds new Helm options, improves GitOps
compatibility, and enhances traffic capture with AF_PACKET. It
also fixes bugs related to CLI exit, packet loss, Kafka
crashes, and watchdog stability.
Keywords: AF_PACKET, BPF, Dex, PVC, Kafka, Packet loss, Scripts
* Bug Fixes & New Features
- Added support for tapping network interface traffic using
AF_PACKET. This can be configured by entering a BPF
expression (e.g., net 0.0.0.0/0) in the BPF OVERRIDE field in
the Settings dialog. Useful when expected traffic is not
being captured.
- Added the Helm value tap.dashboard.completeStreamingEnabled,
which sets the default mode for full (with payload) or
partial (without payload) processing. This option can also be
controlled from the dashboard.
- Added the Helm value tap.auth.dexOidc.bypassSslCaCheck, which
allows communication with a Dex IdP using an unknown SSL
Certificate Authority, preventing SSL CA-related errors.
- Added support for azure-csi-premium for RWX PVC volumes
(https://github.com/kubernetes-sigs/azuredisk-csi-driver/tree/master/deploy/example/sharedisk).
- Disabled the online chat option by default.
- Added support for a GitOps-friendly mode where dynamically
changed configmap and secret values are preserved during Helm
upgrades, avoiding CI/CD system overrides while Kubeshark is
running.
- Enabled the kubeshark CLI to use a proprietary configuration
file.
- Fixed a protocol matcher bug caused by packet loss (#1746).
- Fixed a panic that occasionally occurred in the Kafka
dissector.
- Fixed a bug where the watchdog function could crash the
Worker when no traffic was being processed on the node.
- Fixed a bug in the kubeshark scripts command where it didn't
exit properly upon receiving ^C.
-------------------------------------------------------------------
Tue Mar 25 05:43:14 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 52.6.0:
In this release, we fixed several bugs and added notable
integrations. Highlights include support for OIDC with DEX and
the ability to host Kubeshark behind a reverse proxy using a
custom path.
* Bug Fixes & New Features
- Optimized service map performance for large clusters
(thousands of pods and above).
- Improved SCTP reassembler support.
- Fixed a bug related to LDAP protocol dissection.
- Added OIDC with DEX integration for SSO authentication.
Read more in our OIDC with DEX section.
https://docs.kubeshark.co/en/oidc
- Introduced a watchdog mechanism that terminates the Worker if
it deems it non-functional. This feature is enabled by
default and can be disabled using the Helm value: --set
tap.watchdog.enabled=false
- Added support for hosting Kubeshark behind a reverse proxy
with a custom path.
Read more in our Reverse Proxy with a Custom Path section.
https://docs.kubeshark.co/en/custom_path
-------------------------------------------------------------------
Sun Mar 02 07:40:53 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 52.5.0:
* :bookmark: Bump the Helm chart version to 52.5.0
* Update structs and docs (#1710)
* :wrench: Add `aiAssistantEnabled` helm value (#1717)
* :wrench: Enable BPF-override on `tap.packetCapture: af_packet`
(#1712)
* Update name of merged file (#1716)
* Add `demoModeEnabled` helm value (#1714)
* finished templating `tap.mountBpf` option. (#1711)
-------------------------------------------------------------------
Tue Feb 11 07:21:51 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 52.4.2:
A quick patch release for the v52.4 minor branch.
* Fixed Websocket related panic that was due to an oversized
message size (#1713).
* Removed some redundant warnings from the Workers' logs.
* Optimized Workers CPU consumption.
* Added KFL selectors the the legend components int he legend
section in the Service Map.
-------------------------------------------------------------------
Fri Feb 07 08:25:50 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 52.4.0:
* :bookmark: Bump the Helm chart version to 52.4.0
* Worker component security context refactoring (#1707)
* Remove init container; remove -disable-ebpf option (#1706)
* Readme updated (#1705)
* Fix pull secret aligning (#1703)
* Refactor and simplify pcapdump logic (#1701)
* Add `PortMapping` to `TapConfig` for port number based
dissector prioritization (#1700)
* Automatic patch updates
* Moving to eBPF as a default packet capture method. Making
default packet capture method eBPF, defaulting to AF_PACKET in
case eBPF is not available
-------------------------------------------------------------------
Sat Jan 25 08:06:35 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 52.3.96:
* :bookmark: Bump the Helm chart version to 52.3.96
* Changed two errors to warnings.
* Add dns config (#1698)
* add diameter protocol support (#1696)
* Make node selector component specific (#1694)
* added `-disable-tracer` option (#1695)
* #528 Remove pcap src from configMap (#1693)
* Add helm variable to disable live config-map user actions
(#1689)
* Fix error on getting namespaces for pcap target files (#1691)
* Fix err when using dest arg (#1688)
-------------------------------------------------------------------
Sat Jan 11 16:46:45 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 52.3.95:
* :bookmark: Bump the Helm chart version to 52.3.95
* Update worker liveness/readiness config (#1684)
* support new radius protocol (#1682)
* updated the notes (#1681)
-------------------------------------------------------------------
Sat Jan 04 08:09:40 UTC 2025 - opensuse_buildservice@ojkastl.de
- Update to version 52.3.94 (52.3.93 was yanked):
* :sparkles: Update the Helm chart
* :bookmark: Bump the Helm chart version to 52.3.93
* extended the https macro to include http2 in addition to http
* added https as a default macro (#1680)
* Add `CUSTOM_MACROS` to `ConfigMap` (#1674)
* Revert "Revert "Initialize kubeshark pinned eBPF resources
inside init container (#1665)" (#1676)" (#1678)
* Add save/activate/delete role scripting permissions (#1675)
* Revert "Initialize kubeshark pinned eBPF resources inside init
container (#1665)" (#1676)
* Added security capabilities, especially IPC_LOCK (#1671)
* Revert "Add `CUSTOM_MACROS` to `ConfigMap`"
* Add `CUSTOM_MACROS` to `ConfigMap`
* Initialize kubeshark pinned eBPF resources inside init
container (#1665)
* Replace sniffer 30001 port with 48999 (#1670)
* Add hub metrics port (#1666)
* removed the loglevel flag (#1669)
* Create save/activate/delete role scripting permissions
(#1667)
* Add --time param to pcapdump (#1664)
* from debug to logLevel (#1668)
-------------------------------------------------------------------
Tue Dec 10 08:46:11 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 52.3.92:
* :bookmark: Bump the Helm chart version to 52.3.92
* change the tlx dissector name to tlsx (#1648)
* Added LDAP support (#1647)
* Default startup values change (#1646)
* fixed a bug where a new script can't be added if (#1645)
* Add permissions to watch namespaces (#1644)
-------------------------------------------------------------------
Mon Dec 02 10:01:40 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 52.3.91:
* :bookmark: Bump the Helm chart version to 52.3.91
* fixed a small issues in the Makefile
-------------------------------------------------------------------
Wed Nov 20 12:55:49 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 52.3.90:
* Bump the Helm chart version to 52.3.90
* updated `pcapdump` command's help starting deprecated the
`export` command
* Brought back `.gitignore`` after having been deleted due to a
bad commit.
* removed two binary files uploaded due to a bad earlier commit.
* Fixed a bug in the Makefile
-------------------------------------------------------------------
Tue Nov 12 09:11:39 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 52.3.89:
* :bookmark: Bump the Helm chart version to 52.3.89
* if no scripting source folders, that's not an error
* Remove pfring leftovers from ds (#1642)
* Fix frontend port (#1641)
* Added an option to provide multiple script sources. (#1640)
* Remove PF_RING references (#1638)
* Watch cm creation and sync scripts (#1637)
* Fix helm resource requests/limits templates (#1639)
-------------------------------------------------------------------
Sun Nov 03 17:24:03 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 52.3.88:
* :bookmark: Bump the Helm chart version to 52.3.88
* missing commit
* Improved resource limits and requests Helm templating
* Added an ability to override image names for a case, where when
using a CI, one needs to use individual image names (#1636)
-------------------------------------------------------------------
Thu Oct 31 10:46:01 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 52.3.87:
* :bookmark: Bump the Helm chart version to 52.3.87
-------------------------------------------------------------------
Wed Oct 30 08:35:53 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 52.3.86:
* removed debug comments
* :bookmark: Bump the Helm chart version to 52.3.86
* Revert "Set resource guard to true by default."
-------------------------------------------------------------------
Wed Oct 30 08:10:36 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 52.3.85:
* :bookmark: Bump the Helm chart version to 52.3.85
* fixed an issue that was added for debugging purposes
* Set resource guard to true by default.
* When compiling helm values from golang config structs, ignore
local ~/.kubeshark/config.yaml file if one exists
* Fixed the double action for commands: console and scripts, when
running the proxyRunner
* Revert "🐛 Prevent `hub` host-not-found nginx upstream error in
`front` (#1628)" (#1633)
* Removed the `timestamp>now()` fro the `globalFilter` flag.
* remove `tcp` and `udp` dissectors by default
* changed `tap.stopped` to `false` by default
* scripting improvements
* Add networkpolicies permissions (#1631)
-------------------------------------------------------------------
Fri Oct 18 06:02:09 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 52.3.84:
* added timestamp>now() as a global filter
* set `disableTlsLog` to `true` by default.
* Hub default limit set to 5GB (an arbitrary number)
* show filter presets by default
* change CPU limit to no limit Change memory limit to 3Gi
* scripting-revamp-1 (#1630)
* Prevent `hub` host-not-found nginx upstream error in `front`
(#1628)
* fix lint issue
* Added log lines for verbosity
* Added the scripting `console` command functionality to the
`tap` command Added both the `scripting` and `console` commands
to the `proxy` command Added a `scripting.console`, a boolean
value indicating whether the `console` functionality should be
part of the `tap` and `proxy` commands
* Improved the `console` command made it resilient to Websocket
breaks and redeployment.
-------------------------------------------------------------------
Fri Oct 11 08:45:55 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 52.3.83:
* :bookmark: Bump the Helm chart version to 52.3.83
* :bookmark: Bump the Helm chart version to 72.3.83
* Added some error and info log lines
* Add `tap.presetFiltersChangingEnabled` helm value (#1627)
* Set reasonable `pcapdump` defaults. Storage is now at 10% of
the Worker's allocated storage.
* Tag Tracer as well as the other components upon a new release
* Ensure `scripting` command watched only JS files
* Feat pcapsaver (#1621)
* emit tls item (#1625)
* Update README with resource guard configuration (#1623)
* Add resource guard flag (#1622)
* Regenerate `values.yaml` and `complete.yaml`
* Do not enable `-unixsocket` flag of worker if no tracer is
running (#1619)
* Fixed a bug in the `console` command, where the CLI couldn't
connect to Hub as when the `url.URL` method was used, the Host
included a path
* Add list permissions for kubeshark service account (#1617)
* Add `udp` to list of enabled dissectors (#1616)
* Make the `scritps` command directly use the K8s API without
requiring a connector to Hub (#1615)
* Print instructions for running `kubectl port-forward` command
in case of failure (#1614)
* propagate host root to the tracer (#1613)
* Fix `-staletimeout` worker command value (#1611)
* Template the `-staletimeout` flag (#1610)
* updated Grafana dahsboard
* text change
* text changes
-------------------------------------------------------------------
Mon Sep 23 12:52:09 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- new package kubeshark-cli: CLI for the API traffic analyzer for
Kubernetes
