feat: Add high level overview to Readme #650
Conversation
Readme.md
Outdated
| @@ -17,6 +17,7 @@ Tracee is composed of the following sub-projects: | |||
| - [libbpgo](libbpfgo) - Go library for eBPF programming using Linux's [libbpf](https://github.com/libbpf/libbpf) | |||
|
|
|||
| ## Getting started | |||
|  | |||
There was a problem hiding this comment.
I wouldn't put this under getting started as it doesn't help the user get started. IMO the end user shouldn't even be aware of the intricacies of the internal components, only developers should. In the new readme (#647 ) this would fit under the "components" section. Appreciate if you could rebase on that PR (once merged)
There was a problem hiding this comment.
Actually, perhaps it would be beneficial to have an architecture.md file, for the sake of introducing contributors to tracee (as opposed to users which have the docs site). at first this doc can just contain this diagram, perhaps in the future we will add content
There was a problem hiding this comment.
There was a problem hiding this comment.
Yeah sure I'm OK with that. I can change it live in architecture.md instead.
|
I need to try excalidraw, diagram looks great! My only comment is the "event detected" by (3). If I understand correctly all of the events are fed to tracee-rules in which case I feel 'event detected' makes more sense to be inside of tracee-rules's box. Perhaps a better thing to put there is "flow of events created by tracee-ebpf"? And the 'events sent' from (2) should be "events created"? |
Right, how about I change it to: |
Signed-off-by: Simarpreet Singh <simar@linux.com>
Signed-off-by: Simarpreet Singh <simar@linux.com>
Signed-off-by: Simarpreet Singh <simar@linux.com>
Fixes: #637
Signed-off-by: Simarpreet Singh simar@linux.com