diff --git a/cmd/tetragon/main.go b/cmd/tetragon/main.go index c8f82b62bae..a121a152d87 100644 --- a/cmd/tetragon/main.go +++ b/cmd/tetragon/main.go @@ -727,98 +727,7 @@ func execute() error { }) flags := rootCmd.PersistentFlags() - - flags.String(option.KeyConfigDir, "", "Configuration directory that contains a file for each option") - flags.BoolP(option.KeyDebug, "d", false, "Enable debug messages. Equivalent to '--log-level=debug'") - flags.String(option.KeyHubbleLib, defaults.DefaultTetragonLib, "Location of Tetragon libs (btf and bpf files)") - flags.String(option.KeyBTF, "", "Location of btf") - - flags.String(option.KeyProcFS, "/proc/", "Location of procfs to consume existing PIDs") - flags.String(option.KeyKernelVersion, "", "Kernel version") - flags.Int(option.KeyVerbosity, 0, "set verbosity level for eBPF verifier dumps. Pass 0 for silent, 1 for truncated logs, 2 for a full dump") - flags.Int(option.KeyProcessCacheSize, 65536, "Size of the process cache") - flags.Int(option.KeyDataCacheSize, 1024, "Size of the data events cache") - flags.Bool(option.KeyForceSmallProgs, false, "Force loading small programs, even in kernels with >= 5.3 versions") - flags.Bool(option.KeyForceLargeProgs, false, "Force loading large programs, even in kernels with < 5.3 versions") - flags.String(option.KeyExportFilename, "", "Filename for JSON export. Disabled by default") - flags.Int(option.KeyExportFileMaxSizeMB, 10, "Size in MB for rotating JSON export files") - flags.Duration(option.KeyExportFileRotationInterval, 0, "Interval at which to rotate JSON export files in addition to rotating them by size") - flags.Int(option.KeyExportFileMaxBackups, 5, "Number of rotated JSON export files to retain") - flags.Bool(option.KeyExportFileCompress, false, "Compress rotated JSON export files") - flags.String(option.KeyExportFilePerm, defaults.DefaultLogsPermission, "Access permissions on JSON export files") - flags.Int(option.KeyExportRateLimit, -1, "Rate limit (per minute) for event export. Set to -1 to disable") - flags.String(option.KeyLogLevel, "info", "Set log level") - flags.String(option.KeyLogFormat, "text", "Set log format") - flags.Bool(option.KeyEnableK8sAPI, false, "Access Kubernetes API to associate Tetragon events with Kubernetes pods") - flags.String(option.KeyK8sKubeConfigPath, "", "Absolute path of the kubernetes kubeconfig file") - flags.Bool(option.KeyEnableProcessAncestors, true, "Include ancestors in process exec events") - flags.String(option.KeyMetricsServer, "", "Metrics server address (e.g. ':2112'). Disabled by default") - flags.String(option.KeyServerAddress, "localhost:54321", "gRPC server address (e.g. 'localhost:54321' or 'unix:///var/run/tetragon/tetragon.sock'") - flags.String(option.KeyGopsAddr, "", "gops server address (e.g. 'localhost:8118'). Disabled by default") - flags.Bool(option.KeyEnableProcessCred, false, "Enable process_cred events") - flags.Bool(option.KeyEnableProcessNs, false, "Enable namespace information in process_exec and process_kprobe events") - flags.Uint(option.KeyEventQueueSize, 10000, "Set the size of the internal event queue.") - - // Tracing policy file - flags.String(option.KeyTracingPolicy, "", "Tracing policy file to load at startup") - - flags.String(option.KeyTracingPolicyDir, defaults.DefaultTpDir, "Directory from where to load Tracing Policies") - - // Options for debugging/development, not visible to users - flags.String(option.KeyCpuProfile, "", "Store CPU profile into provided file") - flags.MarkHidden(option.KeyCpuProfile) - - flags.String(option.KeyMemProfile, "", "Store MEM profile into provided file") - flags.MarkHidden(option.KeyMemProfile) - - flags.String(option.KeyPprofAddr, "", "Profile via pprof http") - flags.MarkHidden(option.KeyPprofAddr) - - // JSON export aggregation options. - flags.Bool(option.KeyEnableExportAggregation, false, "Enable JSON export aggregation") - flags.Duration(option.KeyExportAggregationWindowSize, 15*time.Second, "JSON export aggregation time window") - flags.Uint64(option.KeyExportAggregationBufferSize, 10000, "Aggregator channel buffer size") - - // JSON export filter options - flags.String(option.KeyExportAllowlist, "", "JSON export allowlist") - flags.String(option.KeyExportDenylist, "", "JSON export denylist") - - // Field filters options for export - flags.String(option.KeyFieldFilters, "", "Field filters for event exports") - - // Network namespace options - flags.String(option.KeyNetnsDir, "/var/run/docker/netns/", "Network namespace dir") - - // Allow to disable kprobe multi interface - flags.Bool(option.KeyDisableKprobeMulti, false, "Allow to disable kprobe multi interface") - - // Allow to specify perf ring buffer size - flags.String(option.KeyRBSizeTotal, "0", "Set perf ring buffer size in total for all cpus (default 65k per cpu, allows K/M/G suffix)") - flags.String(option.KeyRBSize, "0", "Set perf ring buffer size for single cpu (default 65k, allows K/M/G suffix)") - - // Provide option to remove existing pinned BPF programs and maps in Tetragon's - // observer dir on startup. Useful for doing upgrades/downgrades. Set to false to - // disable. - flags.Bool(option.KeyReleasePinnedBPF, true, "Release all pinned BPF programs and maps in Tetragon BPF directory. Enabled by default. Set to false to disable") - - // Provide option to enable policy filtering. Because the code is new, - // this is set to false by default. - flags.Bool(option.KeyEnablePolicyFilter, false, "Enable policy filter code (beta)") - flags.Bool(option.KeyEnablePolicyFilterDebug, false, "Enable policy filter debug messages") - - // Provide option to enable the pidSet export filters. - flags.Bool(option.KeyEnablePidSetFilter, false, "Enable pidSet export filters. Not recommended for production use") - - flags.Bool(option.KeyEnableMsgHandlingLatency, false, "Enable metrics for message handling latency") - - flags.StringSlice(option.KeyKmods, []string{}, "List of kernel modules to load symbols from") - - flags.String(option.KeyRBQueueSize, "65535", "Set size of channel between ring buffer and sensor go routines (default 65k, allows K/M/G suffix)") - - flags.Bool(option.KeyEnablePodInfo, false, "Enable PodInfo custom resource") - - flags.Bool(option.KeyExposeKernelAddresses, false, "Expose real kernel addresses in events stack traces") - + option.AddFlags(flags) viper.BindPFlags(flags) return rootCmd.Execute() } diff --git a/go.mod b/go.mod index 4b8583f3ac1..a20a8b1ef33 100644 --- a/go.mod +++ b/go.mod @@ -33,6 +33,7 @@ require ( github.com/prometheus/client_model v0.5.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.7.0 + github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.17.0 github.com/sryoya/protorand v0.0.0-20230821135621-5e0808bbd3d8 github.com/stretchr/testify v1.8.4 @@ -152,7 +153,6 @@ require ( github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.10.0 // indirect github.com/spf13/cast v1.5.1 // indirect - github.com/spf13/pflag v1.0.5 // indirect github.com/stoewer/go-strcase v1.3.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/tklauser/go-sysconf v0.3.11 // indirect diff --git a/pkg/option/flags.go b/pkg/option/flags.go index 1312502a3c5..c2f3807df2f 100644 --- a/pkg/option/flags.go +++ b/pkg/option/flags.go @@ -6,9 +6,12 @@ package option import ( "fmt" "strings" + "time" + "github.com/cilium/tetragon/pkg/defaults" "github.com/cilium/tetragon/pkg/logger" "github.com/cilium/tetragon/pkg/strutils" + "github.com/spf13/pflag" "github.com/spf13/viper" ) @@ -175,3 +178,96 @@ func ParseMetricsLabelFilter(labels string) map[string]interface{} { } return result } + +func AddFlags(flags *pflag.FlagSet) { + flags.String(KeyConfigDir, "", "Configuration directory that contains a file for each option") + flags.BoolP(KeyDebug, "d", false, "Enable debug messages. Equivalent to '--log-level=debug'") + flags.String(KeyHubbleLib, defaults.DefaultTetragonLib, "Location of Tetragon libs (btf and bpf files)") + flags.String(KeyBTF, "", "Location of btf") + + flags.String(KeyProcFS, "/proc/", "Location of procfs to consume existing PIDs") + flags.String(KeyKernelVersion, "", "Kernel version") + flags.Int(KeyVerbosity, 0, "set verbosity level for eBPF verifier dumps. Pass 0 for silent, 1 for truncated logs, 2 for a full dump") + flags.Int(KeyProcessCacheSize, 65536, "Size of the process cache") + flags.Int(KeyDataCacheSize, 1024, "Size of the data events cache") + flags.Bool(KeyForceSmallProgs, false, "Force loading small programs, even in kernels with >= 5.3 versions") + flags.Bool(KeyForceLargeProgs, false, "Force loading large programs, even in kernels with < 5.3 versions") + flags.String(KeyExportFilename, "", "Filename for JSON export. Disabled by default") + flags.Int(KeyExportFileMaxSizeMB, 10, "Size in MB for rotating JSON export files") + flags.Duration(KeyExportFileRotationInterval, 0, "Interval at which to rotate JSON export files in addition to rotating them by size") + flags.Int(KeyExportFileMaxBackups, 5, "Number of rotated JSON export files to retain") + flags.Bool(KeyExportFileCompress, false, "Compress rotated JSON export files") + flags.String(KeyExportFilePerm, defaults.DefaultLogsPermission, "Access permissions on JSON export files") + flags.Int(KeyExportRateLimit, -1, "Rate limit (per minute) for event export. Set to -1 to disable") + flags.String(KeyLogLevel, "info", "Set log level") + flags.String(KeyLogFormat, "text", "Set log format") + flags.Bool(KeyEnableK8sAPI, false, "Access Kubernetes API to associate Tetragon events with Kubernetes pods") + flags.String(KeyK8sKubeConfigPath, "", "Absolute path of the kubernetes kubeconfig file") + flags.Bool(KeyEnableProcessAncestors, true, "Include ancestors in process exec events") + flags.String(KeyMetricsServer, "", "Metrics server address (e.g. ':2112'). Disabled by default") + flags.String(KeyServerAddress, "localhost:54321", "gRPC server address (e.g. 'localhost:54321' or 'unix:///var/run/tetragon/tetragon.sock'") + flags.String(KeyGopsAddr, "", "gops server address (e.g. 'localhost:8118'). Disabled by default") + flags.Bool(KeyEnableProcessCred, false, "Enable process_cred events") + flags.Bool(KeyEnableProcessNs, false, "Enable namespace information in process_exec and process_kprobe events") + flags.Uint(KeyEventQueueSize, 10000, "Set the size of the internal event queue.") + + // Tracing policy file + flags.String(KeyTracingPolicy, "", "Tracing policy file to load at startup") + + flags.String(KeyTracingPolicyDir, defaults.DefaultTpDir, "Directory from where to load Tracing Policies") + + // Options for debugging/development, not visible to users + flags.String(KeyCpuProfile, "", "Store CPU profile into provided file") + flags.MarkHidden(KeyCpuProfile) + + flags.String(KeyMemProfile, "", "Store MEM profile into provided file") + flags.MarkHidden(KeyMemProfile) + + flags.String(KeyPprofAddr, "", "Profile via pprof http") + flags.MarkHidden(KeyPprofAddr) + + // JSON export aggregation options. + flags.Bool(KeyEnableExportAggregation, false, "Enable JSON export aggregation") + flags.Duration(KeyExportAggregationWindowSize, 15*time.Second, "JSON export aggregation time window") + flags.Uint64(KeyExportAggregationBufferSize, 10000, "Aggregator channel buffer size") + + // JSON export filter options + flags.String(KeyExportAllowlist, "", "JSON export allowlist") + flags.String(KeyExportDenylist, "", "JSON export denylist") + + // Field filters options for export + flags.String(KeyFieldFilters, "", "Field filters for event exports") + + // Network namespace options + flags.String(KeyNetnsDir, "/var/run/docker/netns/", "Network namespace dir") + + // Allow to disable kprobe multi interface + flags.Bool(KeyDisableKprobeMulti, false, "Allow to disable kprobe multi interface") + + // Allow to specify perf ring buffer size + flags.String(KeyRBSizeTotal, "0", "Set perf ring buffer size in total for all cpus (default 65k per cpu, allows K/M/G suffix)") + flags.String(KeyRBSize, "0", "Set perf ring buffer size for single cpu (default 65k, allows K/M/G suffix)") + + // Provide option to remove existing pinned BPF programs and maps in Tetragon's + // observer dir on startup. Useful for doing upgrades/downgrades. Set to false to + // disable. + flags.Bool(KeyReleasePinnedBPF, true, "Release all pinned BPF programs and maps in Tetragon BPF directory. Enabled by default. Set to false to disable") + + // Provide option to enable policy filtering. Because the code is new, + // this is set to false by default. + flags.Bool(KeyEnablePolicyFilter, false, "Enable policy filter code (beta)") + flags.Bool(KeyEnablePolicyFilterDebug, false, "Enable policy filter debug messages") + + // Provide option to enable the pidSet export filters. + flags.Bool(KeyEnablePidSetFilter, false, "Enable pidSet export filters. Not recommended for production use") + + flags.Bool(KeyEnableMsgHandlingLatency, false, "Enable metrics for message handling latency") + + flags.StringSlice(KeyKmods, []string{}, "List of kernel modules to load symbols from") + + flags.String(KeyRBQueueSize, "65535", "Set size of channel between ring buffer and sensor go routines (default 65k, allows K/M/G suffix)") + + flags.Bool(KeyEnablePodInfo, false, "Enable PodInfo custom resource") + + flags.Bool(KeyExposeKernelAddresses, false, "Expose real kernel addresses in events stack traces") +}