diff --git a/kubernetes/07-arkime.yml b/kubernetes/07-arkime.yml index b3b01920f..bbc9bf8dd 100644 --- a/kubernetes/07-arkime.yml +++ b/kubernetes/07-arkime.yml @@ -51,6 +51,8 @@ spec: name: upload-common-env - configMapRef: name: arkime-env + - configMapRef: + name: arkime-offline-env - secretRef: name: arkime-secret-env env: diff --git a/kubernetes/21-zeek-live.yml b/kubernetes/21-zeek-live.yml index f7bde1e28..f145bca23 100644 --- a/kubernetes/21-zeek-live.yml +++ b/kubernetes/21-zeek-live.yml @@ -43,9 +43,6 @@ spec: name: zeek-live-env - configMapRef: name: pcap-capture-env - env: - - name: ZEEK_DISABLED - value: "true" volumeMounts: - mountPath: /var/local/ca-trust/configmap name: zeek-live-var-local-catrust-volume diff --git a/kubernetes/22-suricata-live.yml b/kubernetes/22-suricata-live.yml index 38f2b1655..44df37747 100644 --- a/kubernetes/22-suricata-live.yml +++ b/kubernetes/22-suricata-live.yml @@ -45,9 +45,6 @@ spec: name: suricata-live-env - configMapRef: name: pcap-capture-env - env: - - name: SURICATA_DISABLED - value: "true" volumeMounts: - mountPath: /var/local/ca-trust/configmap name: suricata-live-var-local-catrust-volume diff --git a/kubernetes/23-arkime-live.yml b/kubernetes/23-arkime-live.yml new file mode 100644 index 000000000..5e3fff84d --- /dev/null +++ b/kubernetes/23-arkime-live.yml @@ -0,0 +1,85 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: arkime-live-deployment + namespace: malcolm +spec: + selector: + matchLabels: + name: arkime-live-deployment + replicas: 1 + template: + metadata: + labels: + name: arkime-live-deployment + spec: + containers: + - name: arkime-live-container + image: ghcr.io/mmguero-dev/malcolm/arkime:23.12.1 + imagePullPolicy: Always + stdin: false + tty: true + securityContext: + capabilities: + add: + # IPC_LOCK - to lock memory, preventing swapping + - IPC_LOCK + # SYS_RESOURCE - for increasing memlock limits + - SYS_RESOURCE + # NET_ADMIN and NET_RAW - to turn on promiscuous mode and capture raw packets + - NET_ADMIN + - NET_RAW + # SYS_NICE - to set process nice values, real-time scheduling policies, I/O scheduling + - SYS_NICE + envFrom: + - configMapRef: + name: process-env + - configMapRef: + name: ssl-env + - configMapRef: + name: opensearch-env + - secretRef: + name: auth-env + - configMapRef: + name: upload-common-env + - configMapRef: + name: pcap-capture-env + - configMapRef: + name: arkime-env + - configMapRef: + name: arkime-live-env + - secretRef: + name: arkime-secret-env + volumeMounts: + - mountPath: /var/local/ca-trust/configmap + name: arkime-live-var-local-catrust-volume + - mountPath: /var/local/curlrc/secretmap + name: arkime-live-opensearch-curlrc-secret-volume + - mountPath: "/data/pcap" + name: arkime-live-pcap-volume + initContainers: + - name: arkime-live-dirinit-container + image: ghcr.io/mmguero-dev/malcolm/dirinit:23.12.1 + imagePullPolicy: Always + stdin: false + tty: true + envFrom: + - configMapRef: + name: process-env + env: + - name: PUSER_MKDIR + value: "/data/pcap:arkime-live" + volumeMounts: + - name: arkime-live-pcap-volume + mountPath: "/data/pcap" + volumes: + - name: arkime-live-var-local-catrust-volume + configMap: + name: var-local-catrust + - name: arkime-live-opensearch-curlrc-secret-volume + secret: + secretName: opensearch-curlrc + - name: arkime-live-pcap-volume + persistentVolumeClaim: + claimName: pcap-claim diff --git a/kubernetes/23-freq.yml b/kubernetes/24-freq.yml similarity index 100% rename from kubernetes/23-freq.yml rename to kubernetes/24-freq.yml diff --git a/scripts/malcolm_kubernetes.py b/scripts/malcolm_kubernetes.py index 0bd833bcf..aa6ac8557 100644 --- a/scripts/malcolm_kubernetes.py +++ b/scripts/malcolm_kubernetes.py @@ -197,6 +197,7 @@ MALCOLM_PROFILES_CONTAINERS[PROFILE_MALCOLM] = [ 'api', 'arkime', + 'arkime-live', 'dashboards', 'dashboards-helper', 'filebeat', @@ -220,6 +221,7 @@ ] MALCOLM_PROFILES_CONTAINERS[PROFILE_HEDGEHOG] = [ 'arkime', + 'arkime-live', 'file-monitor', 'filebeat', 'pcap-capture',