diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md index 2ac2497c8ba..a263e87c437 100644 --- a/docs/content/en/docs/reference/helm-chart.md +++ b/docs/content/en/docs/reference/helm-chart.md @@ -111,6 +111,9 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | tetragon.ociHookSetup.interface | string | `"oci-hooks"` | interface specifices how the hook is configured. There is only one avaialble value for now: "oci-hooks" (https://github.com/containers/common/blob/main/pkg/hooks/docs/oci-hooks.5.md). | | tetragon.ociHookSetup.resources | object | `{}` | resources for the the oci-hook-setup init container | | tetragon.ociHookSetup.securityContext | object | `{"privileged":true}` | Security context for oci-hook-setup init container | +| tetragon.pprof.address | string | `"localhost"` | The address at which to expose pprof. | +| tetragon.pprof.enabled | bool | `false` | Whether to enable exposing pprof server. | +| tetragon.pprof.port | int | `6060` | The port at which to expose pprof. | | tetragon.processCacheSize | int | `65536` | Tetragon puts processes in an LRU cache. The cache is used to find ancestors for subsequently exec'ed processes. | | tetragon.prometheus.address | string | `""` | The address at which to expose metrics. Set it to "" to expose on all available interfaces. | | tetragon.prometheus.enabled | bool | `true` | Whether to enable exposing Tetragon metrics. | diff --git a/install/kubernetes/tetragon/README.md b/install/kubernetes/tetragon/README.md index 96f37c5df4f..94104cc735a 100644 --- a/install/kubernetes/tetragon/README.md +++ b/install/kubernetes/tetragon/README.md @@ -93,6 +93,9 @@ Helm chart for Tetragon | tetragon.ociHookSetup.interface | string | `"oci-hooks"` | interface specifices how the hook is configured. There is only one avaialble value for now: "oci-hooks" (https://github.com/containers/common/blob/main/pkg/hooks/docs/oci-hooks.5.md). | | tetragon.ociHookSetup.resources | object | `{}` | resources for the the oci-hook-setup init container | | tetragon.ociHookSetup.securityContext | object | `{"privileged":true}` | Security context for oci-hook-setup init container | +| tetragon.pprof.address | string | `"localhost"` | The address at which to expose pprof. | +| tetragon.pprof.enabled | bool | `false` | Whether to enable exposing pprof server. | +| tetragon.pprof.port | int | `6060` | The port at which to expose pprof. | | tetragon.processCacheSize | int | `65536` | Tetragon puts processes in an LRU cache. The cache is used to find ancestors for subsequently exec'ed processes. | | tetragon.prometheus.address | string | `""` | The address at which to expose metrics. Set it to "" to expose on all available interfaces. | | tetragon.prometheus.enabled | bool | `true` | Whether to enable exposing Tetragon metrics. | diff --git a/install/kubernetes/tetragon/templates/tetragon_configmap.yaml b/install/kubernetes/tetragon/templates/tetragon_configmap.yaml index 238ed58e018..98551f17424 100644 --- a/install/kubernetes/tetragon/templates/tetragon_configmap.yaml +++ b/install/kubernetes/tetragon/templates/tetragon_configmap.yaml @@ -67,4 +67,7 @@ data: {{- end }} enable-pod-info: {{ .Values.tetragonOperator.podInfo.enabled | quote }} enable-tracing-policy-crd: {{ .Values.tetragonOperator.tracingPolicy.enabled | quote }} +{{- if .Values.tetragon.pprof.enabled }} + pprof-address: {{ .Values.tetragon.pprof.address }}:{{ .Values.tetragon.pprof.port }} +{{- end }} {{- include "configmap.extra" . | nindent 2 }} diff --git a/install/kubernetes/tetragon/values.yaml b/install/kubernetes/tetragon/values.yaml index 9bd2e99b5bb..91cc8aa6266 100644 --- a/install/kubernetes/tetragon/values.yaml +++ b/install/kubernetes/tetragon/values.yaml @@ -177,6 +177,13 @@ tetragon: address: "localhost" # -- The port at which to expose gops. port: 8118 + pprof: + # -- Whether to enable exposing pprof server. + enabled: false + # -- The address at which to expose pprof. + address: "localhost" + # -- The port at which to expose pprof. + port: 6060 # -- Enable policy filter. This is required for K8s namespace and pod-label filtering. enablePolicyFilter: True # -- Enable policy filter debug messages.