v52.3.76

v52.3.76 (2024-08-17)

Release Highlights

Keywords: TCP Connection Analysis, TCP, HTTP2

In this release, we've extended the tcp dissector functionality to include all TCP packets. This enhancement allows users to see the content of all TCP traffic, regardless of whether the protocol is supported or not. When using this dissector, packet content is presented as-is without message reassembly. This enables users to debug traffic and address questions like, "Why am I not seeing traffic?" as well as to conduct thorough pod-to-pod connection analysis.

Additionally, we fixed several critical bugs introduced in previous releases.

New Features & Bug Fixes

• Extended the tcp dissector to include all TCP packets.
• Added the ability to include or exclude this dissector from the list of supported protocols in the values.yaml configuration.
• The tcp dissector is disabled by default and can be explicitly added via a Helm value.
• Added profiling infrastructure.
• Restored the option to disable telemetry.
• Fixed the bug causing the tracer to crash on older kernel versions (issue #1585).
• Fixed various issues related to HTTP/2 support (HTTP/2 over TLS, HTTP/2 Cleartext (H2C)).

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.76/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.76/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.76/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.76/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.76/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.74

v52.3.74 (2024-08-13)

Release Highlights

Keywords:

This release primarily focuses on bug fixes and improvements, building on the recent v52.3.73 release.

New Features & Bug Fixes

• Improved performance of the dashboard (React application).
• Introduced a new dashboard feature that allows dynamic exclusion of namespaces from pod targeting.
• Restored (broken) functionality on ARM architecture (e.g., Mac M1).

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.74/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.74/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.74/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.74/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.74/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.73

v52.3.73 (2024-08-08)

Release Highlights

Keywords: performance, support, capture filters, prometheus,

In this release, one of the main focus points was to allow more granularity in deciding what traffic to process and when, resulting in much-improved resource consumption and reduction of noise (e.g., traffic you're not interested in).

The first feature is a simple yet super useful ability to control Kubeshark resource consumption. Think of it like a dynamic on/off switch: when set to "on," Kubeshark functions as expected, and when set to "off," Kubeshark lays dormant and consumes almost no resources. This is especially useful if you want to have Kubeshark installed but not actually processing traffic and consuming resources, yet ready to start on command (manual or automated).

The second feature is the ability to configure the list of supported protocol dissectors and remove protocols that are of less interest (e.g., DNS). This results in less noise and less resource consumption as the traffic will not be processed. Traffic is captured, but if it belongs to a protocol that isn't supported or is disabled in the configuration, it will not be processed and will be discarded.

The third feature in this group is the ability to exclude namespaces for the pod targeting rules. Until now, we could only add namespaces to the list; now, we can also exclude them. This is useful for specifying what we don’t want to target, as opposed to what we do want to target. An example is excluding kube-system or istio-system, which can be busy yet of no interest.

A simple yet very useful feature is the ability to export any custom metric to Prometheus, making Kubeshark a very useful monitoring tool.

New Features & Bug Fixes

• Added a dashboard ability to dynamically start and stop Kubeshark from processing traffic. When Kubeshark is stopped, it becomes dormant, consuming close to zero resources.
• Added an ability to determine the default start/stop behavior in Helm as a Helm value. The default behavior is set to start Kubeshark stopped and require an explicit action in the dashboard to start traffic processing.
• Removed the replay functionality.
• Added more granularity in determining duplicate traffic.
• Added online support option using Intercom. This option can be disabled by using --set supportChatEnabled=false. The default value is set to true.
• Added capability to export custom metrics to Prometheus in scripting.
• Deprecated the kubeshark pro command.
• Added an ability to configure supported protocol dissectors and remove any protocols that are of no interest (e.g., DNS when it is not interesting).
• Added an ability to exclude namespaces from pod targeting. This is only a backend implementation and can be configured in the Helm values. Dashboard implementation that will allow dynamically changing the list of excluded namespaces is yet to be implemented.

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.73/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.73/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.73/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.73/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.73/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.72

v52.3.72 (2024-07-27)

Release Highlights

Keywords:

New Features & Bug Fixes

• Add an ability to stop Kubeshark from processing new traffic (making it dormant consuming close to zero resources), and restart processing traffic on-demand
• Add an ability to determine the default start/stop behavior in the helm as a helm value (#1557).
• Added an ability to determine start/stop behavior dynamically from the UI
• Removed the replay functionality
• Added more granularity in determining duplicate traffic (#1561)
• Added online support option using Intercom
• Added an option to disable online support (#1573)
• Added capability to export custom metrics to Prometheus in scripting.
• Improved performance of AF_PACKET based packet capture

v52.3.69

v52.3.69 (2024-07-08)

Release Highlights

Keywords: K8s API server, CPU, Memory, Envoy, Istio

In this release, two major efforts were undertaken. The first was to resolve a bug introduced in the previous release that caused elevated CPU and memory consumption. The second was to refactor pod targeting, which included moving all interactions with the K8s API server to the Hub and optimizing the number of such calls. Prior to this refactoring, communication with the K8s API server could have been excessive in extra-large clusters.

Additionally, we fixed a bug enabling Kubeshark to support Istio/Envoy in mTLS STRICT mode.

New Features & Bug Fixes

• Fixed a major bug that caused Kubeshark to process significantly more traffic, resulting in elevated CPU and memory consumption (issue #1554).
• Refactored pod targeting, moving all interactions with the K8s API server to the Hub and optimizing the number of requests to the API server.
• Fixed a bug related to Istio/Envoy support with mTLS in STRICT (issue #1552).

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.69/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.69/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.69/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.69/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.69/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.68

v52.3.68 (2024-06-16)

Release Highlights

Keywords: BPF, Multus, network interfaces, CNIs, SCTP, traffic debugging, PCAP Dumper

This version primarily focuses on increasing support for multiple network interfaces and CNIs such as Multus. Prior to this version, Kubeshark targeted only the default network interface, discarding traffic from additional interfaces if they were used (e.g., by Multus). This release brings support for Multus and multiple network interfaces, capturing all traffic across all interfaces and VLANs.

In addition, two new debug tools have been added to help identify traffic issues and answer questions such as why traffic is not appearing on the dashboard.

Additionally, we have improved the traffic recorder based on real usage feedback and added initial support for the SCTP protocol.

Lastly, in this version, we extended Kubeshark's TLS capture capabilities. Prior versions captured TLS traffic only on port 443. This version extends this ability, and now Kubeshark captures TLS traffic on any port.

New Features & Bug Fixes

• Added a traffic debugging capability that enables users to explicitly add a BPF expression, focusing on specific traffic. This capability is useful for observing traffic based on network characteristics (e.g., IP, subnet, etc.). For example, observing traffic on a secondary interface or a VLAN. This BPF filter overrides any other pod targeting rules. Read more about it here.
• The PCAP Dumper is akin to running tcpdump on the node. It dumps the raw traffic into a named pipe directly from the node before any processing is done. This capability is particularly useful for debugging traffic when it isn't visible on the dashboard. Read more about it here.
• Identified duplicate API calls captured both on the client and server, for example, when the client and server are on different nodes. The duplicate traffic is marked with a dup badge.
• Added partial SCTP protocol support.
• Support for Multus and multiple interfaces. Kubeshark now captures traffic across all network interfaces and VLANs.
• Capture TLS traffic on ports other than 443.
• Improved Traffic Recorder capabilities to capture traffic in situations when the PCAP file has already expired due to a short TTL, which is common in busy clusters.
• Added the ability to extend the PCAP TTL using configuration. Read more here.
• Increased TLS OpenSSL support in situations where OpenSSL is used under custom names. (kubeshark/tracer@147a184)

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.68/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.68/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.68/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.68/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.68/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.62

v52.3.63 (2024-06-01)

Release Highlights

Keywords: eBPF, PF-RING, AF_PACKET, TLS, complimentary pro license

This release primarily focuses on bug fixes that enhance performance, increase TLS capture support, improve name/IP resolution, and fix a bug that prevented kubeshark CLI users from upgrading and leveraging the complimentary pro license. Additionally, we have changed the algorithm for selecting the best traffic capture method, making AF_PACKET the default while allowing users to explicitly choose eBPF or PF_RING as packet capture options.

New Features & Bug Fixes

• Set eBPF and PF-RING as explicit packet capture options, with AF_PACKET as the default.
• Improved name/IP resolution support for kube-probe.
• Enhanced performance by fixing a bug related to K8s watchers that caused elevated CPU usage by workers.
• Added K8s service-related information to the request/response pair metadata.
• Fixed a bug related to the complimentary Pro license automatic provisioning when using kubeshark CLI to log in, sign up, or upgrade (#1546).
• Improved TLS traffic interception (kubeshark/tracer#62).

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.62/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.62/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.62/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.62/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.62/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.59

v52.3.59 (2024-05-24)

Release Highlights

Keywords: OpenShift, eBPF, performance, Kafka

This release focuses on fixing several significant bugs that adversely impacted Kubeshark's performance. We also improved Kubeshark's name/IP resolution using eBPF capabilities, especially in situations where the pods reside on the host network. Finally, we extended our Kafka support to cover the entire protocol.

New Features & Bug Fixes

• Added a necessary SCC to the OpenShift Helm template (#1539)
• Added the ability to indicate specific Docker tags for each software component (e.g., front, worker, hub)(487f0b9)
• Watch node events (3798bf7)
• Full Kafka protocol support
• Improved IP/name resolution, especially in situations where the pod is on the host network, by using cgroup ID
• Fixed a significant bug where Kubeshark didn't detect new pod events and therefore did not capture traffic for these new pods
• Fixed a significant bug where the Workers' CPU usage randomly jumped to 100% (#1544)

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.59/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.59/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.59/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.59/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.59/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.3.0

v52.3.0 (2024-05-02)

Release Highlights

Keywords: eBPF, TLS, Minikube, KinD, Traffic Retention

In this release, we introduce eBPF as the default mechanism for packet capture, provided that the kernel supports cgroup V2. This update includes the use of eBPF for TLS traffic capture, replacing AF_PACKET as the standard method. Additionally, we have implemented long-term traffic retention in AWS S3 and Google GCS as part of the traffic recorder. We have also addressed several bugs related to TLS traffic capture and decryption.

New Features & Bug Fixes

• eBPF is now the default traffic capture source for all traffic, assuming kernel support for cgroup V2 (f4e2d2f).
• Resolved an AWS S3 upload issue, enabling support for all regions beyond the default specified in the configuration.
• Introduced optional, automatic long-term traffic retention as part of the traffic recorder (https://docs.kubeshark.co/en/long_term_retention).
• Fixed a bug in the Tracer where TLS was not decrypted in Minikube and KinD environments (kubeshark/tracer@40334a3). Also fixed kubeshark/tracer#51 and kubeshark/tracer#38.
• Restored TLS capture support for kernel versions prior to 5.5 (kubeshark/tracer@7fb8b81). Fixed #1535.

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.0/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.0/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.0/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.3.0/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.3.0/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.

v52.2.39

v52.2.39 (2024-04-24)

Release Highlights

This release introduces an embedded authentication mechanism that makes it easy to activate the complimentary pro license, which supports clusters larger than two nodes. In addition we fixed a few Tracer related issues that may have caused Tracer to not function well in certain environments.

New Features & Bug Fixes

• Authentication mechanism embedded in the dashboard
• Significantly reduced the number of API calls to the Kubernetes API server on very busy clusters
• Fixed some tracer-related issues that may have caused Tracer to not function well in certain environments

Download Kubeshark for your platform

Mac (x86-64/Intel)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.2.39/kubeshark_darwin_amd64 && chmod 755 kubeshark

Mac (AArch64/Apple M1 silicon)

rm -f kubeshark && curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.2.39/kubeshark_darwin_arm64 && chmod 755 kubeshark

Linux (x86-64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.2.39/kubeshark_linux_amd64 && chmod 755 kubeshark

Linux (AArch64)

curl -Lo kubeshark https://github.com/kubeshark/kubeshark/releases/download/v52.2.39/kubeshark_linux_arm64 && chmod 755 kubeshark

Windows (x86-64)

curl -LO https://github.com/kubeshark/kubeshark/releases/download/v52.2.39/kubeshark.exe

Checksums

SHA256 checksums available for compiled binaries.
Run shasum -a 256 -c kubeshark_OS_ARCH.sha256 to verify.