Configuration
Kubeshark reads configuration elements both from the CLI and from a configuration file that can be located either in $HOME/.kubeshark/config.yaml
or at a different location specified as a CLI flag: --configpath string
.
The Config Command
The config
command generates a Kubeshark config file with default values.
Usage:
kubeshark config [flags]
Flags:
-h, --help help for config
-r, --regenerate Regenerate the config file with default values to path $HOME/.kubeshark/config.yaml or to chosen path using --configpath
Global Flags:
--configpath string Override config file path using --configpath (default "$HOME/.kubeshark/config.yaml")
-d, --debug Enable debug mode.
--set strings Override values using --set
Popular Configuration Elements
Private Docker Registry
Use when you'd like Kubeshark to pull its images from a local Docker repository. This is useful in an Enterprise environment, where images are built and hosted locally.
tap:
docker:
registry: docker.io/kubeshark
tag: latest
imagepullpolicy: Always
Alternatively, use the shell config option:
kubeshark tap -A --docker-registry "docker.io/kubeshark"
Web UI IP and Accessibility
For security reasons, the default address of the proxy host for the Web UI is set to 127.0.0.1
that allows opening only local connections.
tap:
proxy:
host: 127.0.0.1
Alternatively, use the shell config option:
kubeshark tap -A --proxy-host 0.0.0.0
Consider changing this address to 0.0.0.0
or any other publicly accessible IP, to allow public address. Keep in mind that Web UI access isn't encrypted or authenticated.
When you run Kubeshark on a remote server, make sure ports 8898
-8899
are open for external connections.
Worker Storage Limit
Kubeshark Workers store the captured traffic locally at the Node level with no limit other than the limit of the volumes attached to the Nodes. Use the following configuration to set the limit of the storage used by the Workers.
tap:
storagelimit: 200MB
Alternatively, use the shell config option:
kubeshark tap -A --storagelimit 2000MB
Kubeshark Resource Assignment Limits
Use to change the amount of resources assigned to Kubeshark.
tap:
resources:
worker:
cpu-limit: 750m
memory-limit: 1Gi
cpu-requests: 50m
memory-requests: 50Mi
hub:
cpu-limit: 750m
memory-limit: 1Gi
cpu-requests: 50m
memory-requests: 50Mi
Run Kubeshark Headless
By default, Kubeshark opens the Web UI. If you are running Kubeshark on a headless machine and you'd like NOT to open the Web UI, set headless
to true.
headless: true
Alternatively, use the shell config option:
kubeshark tap -A --set headless=true
Public IP and Headless
This is a very popular option that enables running Kubeshark on a public IP and without opening the Web UI.
tap:
proxy:
host: 0.0.0.0
headless: true
Alternatively, use the shell config option:
kubeshark tap -A --proxy-host 0.0.0.0 --set headless=true
You can now access Kubeshark Web UI from a remote server.
As stated above, when you run Kubeshark on a remote server, make sure ports 8898
-8899
are open for external connections.