v52.3.92

Release Highlights 🎈🎉 New Protocol Alert: LDAP 🎈🎉

In this release, we've addressed several bugs and introduced significant enhancements:

• LDAP Protocol Support: Kubeshark now supports the LDAPv3 protocol, expanding its protocol analysis capabilities.

• Dashboard Color Scheme Refresh: The dashboard's color scheme has been updated for improved visual clarity.

• Enhanced Scripting Capabilities: Improvements have been made to the scripting functionality, enhancing user experience.

Additionally, Kubeshark can now remediate by blocking the ingress and egress of a pod when suspicious behavior is detected.

Keywords: LDAP, scripting, eBPF, dashboard

New Features & Bug Fixes

• Fixed an issue where adding a new script after deleting a previous one disrupted the scripts list (#1663).

• Renamed the tls dissector to tlsx to prevent confusion with HTTPS TLS.

• Enhanced source/destination resolution for pods that started before Kubeshark when using eBPF as the packet capture method (enabled with --set tap.packetCapture=ebpf).

• Added a helper function to block egress and ingress for specific pods.

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.92/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.92/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.92/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.92/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.92/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.91

v52.3.91 (2024-12-01)

Release Highlights

Keywords: DNS, OpenSSL, eBPF

This release focuses primarily on bug fixes and improving the resilience of Kubeshark.

New Features & Bug Fixes

• Added the ability to view Kubeshark logs (hub and workers) directly in the dashboard.
• Fixed an issue in the service map where arrows disappeared under certain conditions.
• Enhanced DNS entry presentation by including the record type.
• Have the dashboard display source and destination process names and IDs when using eBPF as the traffic capture source.
• Added the capability to export and download all dashboard data as CSV files.
• Introduced support for the OpenSSL version of WGET.
• Improved and simplified the scripting logging mechanism.

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.91/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.91/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.91/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.91/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.91/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.90

v52.3.90 (2024-11-20)

Release Highlights

Keywords: BoringSSL, TLS, scripting, eBPF, cgroupV1

This release introduces two major enhancements:

1. BoringSSL Support: This update enables Istio users to inspect encrypted Envoy-to-Envoy traffic in plaintext. BoringSSL, a TLS termination library used by Envoy/Istio, now allows traffic decryption, enhancing visibility and troubleshooting in environments where Istio is configured with mTLS in STRICT mode.

2. eBPF with cgroup v1 Support: Users can now utilize the eBPF packet capture method on older operating systems with cgroup v1 support. This provides significant advantages over the AF_PACKET method, delivering improved performance and visibility.

New Features & Bug Fixes

• BoringSSL Integration: Added support for inspecting Envoy-encrypted traffic in plaintext, especially useful for Istio setups using mTLS in STRICT mode.
• eBPF Traffic Capture for cgroup v1: Introduced a new eBPF-based traffic capture method with support for both cgroup v1 and v2, making it compatible with a wider range of operating systems.
• Bug Fixes: Addressed multiple bugs, including issue #1643.
• Improved Scripting Console: Added the ability to deactivate scripts directly from the scripting console, enhancing the scripting user experience.

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.90/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.90/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.90/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.90/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.90/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.89

v52.3.89 (2024-11-10)

Release Highlights

Keywords: scripts, PF-RING, gRPC, HTTP/2, Prometheus

This release primarily addresses bug fixes reported by users.

New Features & Bug Fixes

• CPU and memory limits can now be defined as integers or strings.
• kubeshark scripts now detects kubeshark restarts and automatically syncs local scripts to kubeshark-config-map. This allows for synchronizing local scripts to kubeshark-config-map with a single command.
• Removed all remnants of the deprecated PF-RING option.
• Enhanced network error detection and reporting by retaining artifacts of requests or responses that result in network errors.
• Improved display of non-ASCII characters, especially in protocols such as TCP and SCTP.
• Added support for the DNS protocol over TCP.
• Added support for reporting custom metrics in vector form to Prometheus.
• Fixed a bug that could cause browser issues when displaying an entry with gRPC or HTTP/2.
• Fixed a bug where entry names would blink for very long path names.

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.89/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.89/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.89/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.89/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.89/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.88

v52.3.88 (2024-11-03)

Release Highlights

In this release, alongside a few bug fixes, we've added functionality to override specific image names—a feature required for certain CI platforms that host each image in a private repository.

This release also includes a significant milestone for scripting functionality, introducing a completely redesigned UI for script creation and runtime console. The update features a robust web code editor and many other valuable improvements.

New Features & Bug Fixes

• Added the ability to override image names in values.yaml for each specific image, enabling compatibility with platforms that store images in private repositories.
• Extended script execution capabilities to the Hub, in addition to the existing support for the workers. Now, the Hub can also run scripts, as well as consolidate the results from the Workers.
• Fixed numerous script-related bugs.
• Enhanced performance by switching from text-based JSON to Golang binary objects (GOB) for communication between the workers and the Hub.
• Resolved a frontend issue where entries would blink due to an asynchronous operation that shortened long phrases.
• Fixed an error in the service map where changing perspective (pod, service, namespace) would cause an empty screen if traffic wasn't streaming.
• Fixed an issue where total size in bytes was always shown as zero for TCP packets. TCP packets now display their actual sizes.
• Introduced a completely new UI for scripting.

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.88/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.88/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.88/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.88/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.88/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.87

v52.3.87 (2024-10-30)

Release Highlights

Quick fix to v52.3.86, related to running eBPF on GKE.

New Features & Bug Fixes

• Added a missing permission required to run eBPF on certain K8s stacks (e.g. GKE) (kubeshark/tracer@5c27dc6).

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.87/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.87/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.87/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.87/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.87/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.86

v52.3.86 (2024-10-29)

Release Highlights

Quick fix to v52.3.85. tap.resourceGuard.enabled was set to false by default.

New Features & Bug Fixes

• Reverted previous commit (629fb11)

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.86/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.86/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.86/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.86/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.86/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.85

v52.3.85 (2024-10-29)

Release Highlights

Keywords: eBPF, Cilium, Scripting, AWS Kinesis, Performance

In this release, we fixed multiple bugs and made several improvements. Kubeshark's eBPF implementation can now work safely with the Cilium CNI. We also added new helper functions, including one that supports uploading data to AWS Kinesis.

New Features & Bug Fixes

• Changed traffic capture to start by default (tap.stopped=false). This behavior can be adjusted with a configuration value.
• Removed the globalFilter that previously prevented access to the recording screen. Issue #1632
• Set tap.resourceGuard.enabled to true by default. This ensures that by default, if resource utilization (CPU, memory, disk) exceeds 90% on any node, traffic capture and processing will pause for that node, until utilization falls below 90%.
• Enhanced pod/container identification in environments with Envoy.
• Addressed critical vulnerabilities. Issue #1598 - thanks to @cmontemuino ❤️❤️❤️
• Added an AWS Kinesis scripting helper.
• Introduced a webhookForm scripting helper to support multipart/form-data content type.
• Fixed several scripting and eBPF-related bugs.
• Started measuring round-trip time in microseconds instead of milliseconds (in K8s everything is much faster).
• Resolved an eBPF-related bug that previously limited compatibility with Cilium CNI. They’re best friends now :)

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.85/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.85/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.85/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.85/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.85/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.84

v52.3.84 (2024-10-17)

Release Highlights

Keywords: Scripts, Tracer

In this release, we fixed several tracer-related issues and improved our scripting-related features.

New Features & Bug Fixes

• Fixed a Tracer issue with older kernel versions (#1629).
• Fixed a Tracer issue reported by a user (#1479).
• Enabled scripting console logs to be shown as part of kubeshark tap's logs. Scripts can now generate logs and reports, which are visible in kubeshark tap's logs.
• Enabled the kubeshark console command to persist across multiple Kubeshark deployments.
• Added an active/inactive state for scripts, allowing them to be added in an inactive state by default.
• Scripts can be activated or deactivated using the Scripting Dashboard.
• A list of active script titles can be set using the scripting.active configuration variable.
• Removed CPU limits and increased memory limits for Hub and Workers to support a wider variety of cluster sizes. Limits can be reintroduced by users on demand.
• Added timestamp>now() to tap.globalFilter by default to ensure only new traffic is presented. This can be changed on the settings page or by setting the tap.globalFilter configuration value.

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.84/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.84/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.84/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.84/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.84/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.83

v52.3.83 (2024-10-09)

Release Highlights

Keywords: Scripting, WebSocket, UDP, TLS, HTTPS, Recording, TCPDump, Capture Filters

In this release, along with fixing several bugs, we enhanced our scripting capabilities, added a UDP dissector, improved TLS/HTTPS support, and introduced a new feature that enables continuous recording of all captured traffic—think TCPDump for Kubernetes.

New Features & Bug Fixes

• Resolved several bugs related to capture filters that previously caused inconsistent behavior.
• Improved the kubeshark script command to synchronize scripting code from a local folder to the Kubernetes ConfigMap. You can now use a simple CLI to point to a local folder, ensuring that any changes are reflected in the kubeshark-config-map, with workers automatically reloading the updated scripts.
• Fixed a bug that affected the console CLI command (e.g., kubeshark console), which previously prevented scripting logs from being displayed outside of the dashboard.
• Added UDP support to the list of supported dissectors, allowing Kubeshark to display all UDP packets.
• Enhanced TLS/HTTPS support to display all encrypted TCP packets, along with various TLS 1.x handshake messages (e.g., ClientHello, ServerHello). Additionally, when supported TLS termination libraries such as OpenSSL are used, the full message is parsed.
• Kubeshark now supports continuous automatic recording of all traffic, managing storage allocation and time windows. The recordings can be copied locally on demand using the kubeshark pcapdump command.
• Added support for capturing and processing TLS traffic from short-lived processes that are not part of the Kubernetes manifest (e.g., SSH-ing into a pod or node and using curl with an HTTPS URL).
• Fixed a bug related to Kubernetes watchers by replacing them with cache informers, improving pod-targeting functionality.
• Added an API health endpoint that indicates the health of all workers, particularly the BPF expressions set on each worker. This is especially useful for understanding what types of traffic Kubeshark is monitoring and ignoring.
• Fixed broken WebSocket protocol support (#1624).

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.83/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.83/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.83/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.83/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.83/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.