Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Move flag initialization to a separate function #1605

Merged
merged 1 commit into from
Oct 18, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
93 changes: 1 addition & 92 deletions cmd/tetragon/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -727,98 +727,7 @@ func execute() error {
})

flags := rootCmd.PersistentFlags()

flags.String(option.KeyConfigDir, "", "Configuration directory that contains a file for each option")
flags.BoolP(option.KeyDebug, "d", false, "Enable debug messages. Equivalent to '--log-level=debug'")
flags.String(option.KeyHubbleLib, defaults.DefaultTetragonLib, "Location of Tetragon libs (btf and bpf files)")
flags.String(option.KeyBTF, "", "Location of btf")

flags.String(option.KeyProcFS, "/proc/", "Location of procfs to consume existing PIDs")
flags.String(option.KeyKernelVersion, "", "Kernel version")
flags.Int(option.KeyVerbosity, 0, "set verbosity level for eBPF verifier dumps. Pass 0 for silent, 1 for truncated logs, 2 for a full dump")
flags.Int(option.KeyProcessCacheSize, 65536, "Size of the process cache")
flags.Int(option.KeyDataCacheSize, 1024, "Size of the data events cache")
flags.Bool(option.KeyForceSmallProgs, false, "Force loading small programs, even in kernels with >= 5.3 versions")
flags.Bool(option.KeyForceLargeProgs, false, "Force loading large programs, even in kernels with < 5.3 versions")
flags.String(option.KeyExportFilename, "", "Filename for JSON export. Disabled by default")
flags.Int(option.KeyExportFileMaxSizeMB, 10, "Size in MB for rotating JSON export files")
flags.Duration(option.KeyExportFileRotationInterval, 0, "Interval at which to rotate JSON export files in addition to rotating them by size")
flags.Int(option.KeyExportFileMaxBackups, 5, "Number of rotated JSON export files to retain")
flags.Bool(option.KeyExportFileCompress, false, "Compress rotated JSON export files")
flags.String(option.KeyExportFilePerm, defaults.DefaultLogsPermission, "Access permissions on JSON export files")
flags.Int(option.KeyExportRateLimit, -1, "Rate limit (per minute) for event export. Set to -1 to disable")
flags.String(option.KeyLogLevel, "info", "Set log level")
flags.String(option.KeyLogFormat, "text", "Set log format")
flags.Bool(option.KeyEnableK8sAPI, false, "Access Kubernetes API to associate Tetragon events with Kubernetes pods")
flags.String(option.KeyK8sKubeConfigPath, "", "Absolute path of the kubernetes kubeconfig file")
flags.Bool(option.KeyEnableProcessAncestors, true, "Include ancestors in process exec events")
flags.String(option.KeyMetricsServer, "", "Metrics server address (e.g. ':2112'). Disabled by default")
flags.String(option.KeyServerAddress, "localhost:54321", "gRPC server address (e.g. 'localhost:54321' or 'unix:///var/run/tetragon/tetragon.sock'")
flags.String(option.KeyGopsAddr, "", "gops server address (e.g. 'localhost:8118'). Disabled by default")
flags.Bool(option.KeyEnableProcessCred, false, "Enable process_cred events")
flags.Bool(option.KeyEnableProcessNs, false, "Enable namespace information in process_exec and process_kprobe events")
flags.Uint(option.KeyEventQueueSize, 10000, "Set the size of the internal event queue.")

// Tracing policy file
flags.String(option.KeyTracingPolicy, "", "Tracing policy file to load at startup")

flags.String(option.KeyTracingPolicyDir, defaults.DefaultTpDir, "Directory from where to load Tracing Policies")

// Options for debugging/development, not visible to users
flags.String(option.KeyCpuProfile, "", "Store CPU profile into provided file")
flags.MarkHidden(option.KeyCpuProfile)

flags.String(option.KeyMemProfile, "", "Store MEM profile into provided file")
flags.MarkHidden(option.KeyMemProfile)

flags.String(option.KeyPprofAddr, "", "Profile via pprof http")
flags.MarkHidden(option.KeyPprofAddr)

// JSON export aggregation options.
flags.Bool(option.KeyEnableExportAggregation, false, "Enable JSON export aggregation")
flags.Duration(option.KeyExportAggregationWindowSize, 15*time.Second, "JSON export aggregation time window")
flags.Uint64(option.KeyExportAggregationBufferSize, 10000, "Aggregator channel buffer size")

// JSON export filter options
flags.String(option.KeyExportAllowlist, "", "JSON export allowlist")
flags.String(option.KeyExportDenylist, "", "JSON export denylist")

// Field filters options for export
flags.String(option.KeyFieldFilters, "", "Field filters for event exports")

// Network namespace options
flags.String(option.KeyNetnsDir, "/var/run/docker/netns/", "Network namespace dir")

// Allow to disable kprobe multi interface
flags.Bool(option.KeyDisableKprobeMulti, false, "Allow to disable kprobe multi interface")

// Allow to specify perf ring buffer size
flags.String(option.KeyRBSizeTotal, "0", "Set perf ring buffer size in total for all cpus (default 65k per cpu, allows K/M/G suffix)")
flags.String(option.KeyRBSize, "0", "Set perf ring buffer size for single cpu (default 65k, allows K/M/G suffix)")

// Provide option to remove existing pinned BPF programs and maps in Tetragon's
// observer dir on startup. Useful for doing upgrades/downgrades. Set to false to
// disable.
flags.Bool(option.KeyReleasePinnedBPF, true, "Release all pinned BPF programs and maps in Tetragon BPF directory. Enabled by default. Set to false to disable")

// Provide option to enable policy filtering. Because the code is new,
// this is set to false by default.
flags.Bool(option.KeyEnablePolicyFilter, false, "Enable policy filter code (beta)")
flags.Bool(option.KeyEnablePolicyFilterDebug, false, "Enable policy filter debug messages")

// Provide option to enable the pidSet export filters.
flags.Bool(option.KeyEnablePidSetFilter, false, "Enable pidSet export filters. Not recommended for production use")

flags.Bool(option.KeyEnableMsgHandlingLatency, false, "Enable metrics for message handling latency")

flags.StringSlice(option.KeyKmods, []string{}, "List of kernel modules to load symbols from")

flags.String(option.KeyRBQueueSize, "65535", "Set size of channel between ring buffer and sensor go routines (default 65k, allows K/M/G suffix)")

flags.Bool(option.KeyEnablePodInfo, false, "Enable PodInfo custom resource")

flags.Bool(option.KeyExposeKernelAddresses, false, "Expose real kernel addresses in events stack traces")

option.AddFlags(flags)
viper.BindPFlags(flags)
return rootCmd.Execute()
}
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ require (
github.com/prometheus/client_model v0.5.0
github.com/sirupsen/logrus v1.9.3
github.com/spf13/cobra v1.7.0
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.17.0
github.com/sryoya/protorand v0.0.0-20230821135621-5e0808bbd3d8
github.com/stretchr/testify v1.8.4
Expand Down Expand Up @@ -152,7 +153,6 @@ require (
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.10.0 // indirect
github.com/spf13/cast v1.5.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/stoewer/go-strcase v1.3.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/tklauser/go-sysconf v0.3.11 // indirect
Expand Down
96 changes: 96 additions & 0 deletions pkg/option/flags.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,12 @@ package option
import (
"fmt"
"strings"
"time"

"github.com/cilium/tetragon/pkg/defaults"
"github.com/cilium/tetragon/pkg/logger"
"github.com/cilium/tetragon/pkg/strutils"
"github.com/spf13/pflag"
"github.com/spf13/viper"
)

Expand Down Expand Up @@ -175,3 +178,96 @@ func ParseMetricsLabelFilter(labels string) map[string]interface{} {
}
return result
}

func AddFlags(flags *pflag.FlagSet) {
flags.String(KeyConfigDir, "", "Configuration directory that contains a file for each option")
flags.BoolP(KeyDebug, "d", false, "Enable debug messages. Equivalent to '--log-level=debug'")
flags.String(KeyHubbleLib, defaults.DefaultTetragonLib, "Location of Tetragon libs (btf and bpf files)")
flags.String(KeyBTF, "", "Location of btf")

flags.String(KeyProcFS, "/proc/", "Location of procfs to consume existing PIDs")
flags.String(KeyKernelVersion, "", "Kernel version")
flags.Int(KeyVerbosity, 0, "set verbosity level for eBPF verifier dumps. Pass 0 for silent, 1 for truncated logs, 2 for a full dump")
flags.Int(KeyProcessCacheSize, 65536, "Size of the process cache")
flags.Int(KeyDataCacheSize, 1024, "Size of the data events cache")
flags.Bool(KeyForceSmallProgs, false, "Force loading small programs, even in kernels with >= 5.3 versions")
flags.Bool(KeyForceLargeProgs, false, "Force loading large programs, even in kernels with < 5.3 versions")
flags.String(KeyExportFilename, "", "Filename for JSON export. Disabled by default")
flags.Int(KeyExportFileMaxSizeMB, 10, "Size in MB for rotating JSON export files")
flags.Duration(KeyExportFileRotationInterval, 0, "Interval at which to rotate JSON export files in addition to rotating them by size")
flags.Int(KeyExportFileMaxBackups, 5, "Number of rotated JSON export files to retain")
flags.Bool(KeyExportFileCompress, false, "Compress rotated JSON export files")
flags.String(KeyExportFilePerm, defaults.DefaultLogsPermission, "Access permissions on JSON export files")
flags.Int(KeyExportRateLimit, -1, "Rate limit (per minute) for event export. Set to -1 to disable")
flags.String(KeyLogLevel, "info", "Set log level")
flags.String(KeyLogFormat, "text", "Set log format")
flags.Bool(KeyEnableK8sAPI, false, "Access Kubernetes API to associate Tetragon events with Kubernetes pods")
flags.String(KeyK8sKubeConfigPath, "", "Absolute path of the kubernetes kubeconfig file")
flags.Bool(KeyEnableProcessAncestors, true, "Include ancestors in process exec events")
flags.String(KeyMetricsServer, "", "Metrics server address (e.g. ':2112'). Disabled by default")
flags.String(KeyServerAddress, "localhost:54321", "gRPC server address (e.g. 'localhost:54321' or 'unix:///var/run/tetragon/tetragon.sock'")
flags.String(KeyGopsAddr, "", "gops server address (e.g. 'localhost:8118'). Disabled by default")
flags.Bool(KeyEnableProcessCred, false, "Enable process_cred events")
flags.Bool(KeyEnableProcessNs, false, "Enable namespace information in process_exec and process_kprobe events")
flags.Uint(KeyEventQueueSize, 10000, "Set the size of the internal event queue.")

// Tracing policy file
flags.String(KeyTracingPolicy, "", "Tracing policy file to load at startup")

flags.String(KeyTracingPolicyDir, defaults.DefaultTpDir, "Directory from where to load Tracing Policies")

// Options for debugging/development, not visible to users
flags.String(KeyCpuProfile, "", "Store CPU profile into provided file")
flags.MarkHidden(KeyCpuProfile)

flags.String(KeyMemProfile, "", "Store MEM profile into provided file")
flags.MarkHidden(KeyMemProfile)

flags.String(KeyPprofAddr, "", "Profile via pprof http")
flags.MarkHidden(KeyPprofAddr)

// JSON export aggregation options.
flags.Bool(KeyEnableExportAggregation, false, "Enable JSON export aggregation")
flags.Duration(KeyExportAggregationWindowSize, 15*time.Second, "JSON export aggregation time window")
flags.Uint64(KeyExportAggregationBufferSize, 10000, "Aggregator channel buffer size")

// JSON export filter options
flags.String(KeyExportAllowlist, "", "JSON export allowlist")
flags.String(KeyExportDenylist, "", "JSON export denylist")

// Field filters options for export
flags.String(KeyFieldFilters, "", "Field filters for event exports")

// Network namespace options
flags.String(KeyNetnsDir, "/var/run/docker/netns/", "Network namespace dir")

// Allow to disable kprobe multi interface
flags.Bool(KeyDisableKprobeMulti, false, "Allow to disable kprobe multi interface")

// Allow to specify perf ring buffer size
flags.String(KeyRBSizeTotal, "0", "Set perf ring buffer size in total for all cpus (default 65k per cpu, allows K/M/G suffix)")
flags.String(KeyRBSize, "0", "Set perf ring buffer size for single cpu (default 65k, allows K/M/G suffix)")

// Provide option to remove existing pinned BPF programs and maps in Tetragon's
// observer dir on startup. Useful for doing upgrades/downgrades. Set to false to
// disable.
flags.Bool(KeyReleasePinnedBPF, true, "Release all pinned BPF programs and maps in Tetragon BPF directory. Enabled by default. Set to false to disable")

// Provide option to enable policy filtering. Because the code is new,
// this is set to false by default.
flags.Bool(KeyEnablePolicyFilter, false, "Enable policy filter code (beta)")
flags.Bool(KeyEnablePolicyFilterDebug, false, "Enable policy filter debug messages")

// Provide option to enable the pidSet export filters.
flags.Bool(KeyEnablePidSetFilter, false, "Enable pidSet export filters. Not recommended for production use")

flags.Bool(KeyEnableMsgHandlingLatency, false, "Enable metrics for message handling latency")

flags.StringSlice(KeyKmods, []string{}, "List of kernel modules to load symbols from")

flags.String(KeyRBQueueSize, "65535", "Set size of channel between ring buffer and sensor go routines (default 65k, allows K/M/G suffix)")

flags.Bool(KeyEnablePodInfo, false, "Enable PodInfo custom resource")

flags.Bool(KeyExposeKernelAddresses, false, "Expose real kernel addresses in events stack traces")
}