-
Notifications
You must be signed in to change notification settings - Fork 359
/
flags.go
322 lines (246 loc) · 13.9 KB
/
flags.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
// SPDX-License-Identifier: Apache-2.0
// Copyright Authors of Tetragon
package option
import (
"fmt"
"time"
"github.com/cilium/tetragon/pkg/defaults"
"github.com/cilium/tetragon/pkg/logger"
"github.com/cilium/tetragon/pkg/strutils"
"github.com/spf13/pflag"
"github.com/spf13/viper"
)
const (
KeyConfigDir = "config-dir"
KeyDebug = "debug"
KeyHubbleLib = "bpf-lib"
KeyBTF = "btf"
KeyProcFS = "procfs"
KeyKernelVersion = "kernel"
KeyVerbosity = "verbose"
KeyProcessCacheSize = "process-cache-size"
KeyDataCacheSize = "data-cache-size"
KeyForceSmallProgs = "force-small-progs"
KeyForceLargeProgs = "force-large-progs"
KeyLogLevel = "log-level"
KeyLogFormat = "log-format"
KeyEnableK8sAPI = "enable-k8s-api"
KeyK8sKubeConfigPath = "k8s-kubeconfig-path"
KeyEnableProcessAncestors = "enable-process-ancestors"
KeyMetricsServer = "metrics-server"
KeyMetricsLabelFilter = "metrics-label-filter"
KeyServerAddress = "server-address"
KeyGopsAddr = "gops-address"
KeyEnableProcessCred = "enable-process-cred"
KeyEnableProcessNs = "enable-process-ns"
KeyTracingPolicy = "tracing-policy"
KeyTracingPolicyDir = "tracing-policy-dir"
KeyCpuProfile = "cpuprofile"
KeyMemProfile = "memprofile"
KeyPprofAddr = "pprof-addr"
KeyExportFilename = "export-filename"
KeyExportFileMaxSizeMB = "export-file-max-size-mb"
KeyExportFileRotationInterval = "export-file-rotation-interval"
KeyExportFileMaxBackups = "export-file-max-backups"
KeyExportFileCompress = "export-file-compress"
KeyExportRateLimit = "export-rate-limit"
KeyExportFilePerm = "export-file-perm"
KeyEnableExportAggregation = "enable-export-aggregation"
KeyExportAggregationWindowSize = "export-aggregation-window-size"
KeyExportAggregationBufferSize = "export-aggregation-buffer-size"
KeyExportAllowlist = "export-allowlist"
KeyExportDenylist = "export-denylist"
KeyFieldFilters = "field-filters"
KeyRedactionFilters = "redaction-filters"
KeyNetnsDir = "netns-dir"
KeyDisableKprobeMulti = "disable-kprobe-multi"
KeyDisableUprobeMulti = "disable-uprobe-multi"
KeyRBSize = "rb-size"
KeyRBSizeTotal = "rb-size-total"
KeyRBQueueSize = "rb-queue-size"
KeyEventQueueSize = "event-queue-size"
KeyReleasePinnedBPF = "release-pinned-bpf"
KeyEnablePolicyFilter = "enable-policy-filter"
KeyEnablePolicyFilterDebug = "enable-policy-filter-debug"
KeyEnablePidSetFilter = "enable-pid-set-filter"
KeyEnableMsgHandlingLatency = "enable-msg-handling-latency"
KeyKmods = "kmods"
KeyEnablePodInfo = "enable-pod-info"
KeyEnableTracingPolicyCRD = "enable-tracing-policy-crd"
KeyExposeStackAddresses = "expose-stack-addresses"
KeyExposeKernelAddresses = "expose-kernel-addresses"
KeyGenerateDocs = "generate-docs"
KeyUsernameMetadata = "username-metadata"
KeyHealthServerAddress = "health-server-address"
KeyHealthTimeInterval = "health-server-interval"
)
type UsernameMetadaCode int
const (
// Username metadata collection modes
USERNAME_METADATA_DISABLED UsernameMetadaCode = iota
USERNAME_METADATA_UNIX UsernameMetadaCode = 1 // Username from /etc/passwd
)
func (op UsernameMetadaCode) String() string {
return [...]string{
USERNAME_METADATA_DISABLED: "disabled",
USERNAME_METADATA_UNIX: "unix",
}[op]
}
func ReadAndSetFlags() error {
Config.HubbleLib = viper.GetString(KeyHubbleLib)
Config.BTF = viper.GetString(KeyBTF)
Config.ProcFS = viper.GetString(KeyProcFS)
Config.KernelVersion = viper.GetString(KeyKernelVersion)
Config.Verbosity = viper.GetInt(KeyVerbosity)
Config.ForceSmallProgs = viper.GetBool(KeyForceSmallProgs)
Config.ForceLargeProgs = viper.GetBool(KeyForceLargeProgs)
Config.Debug = viper.GetBool(KeyDebug)
Config.EnableProcessCred = viper.GetBool(KeyEnableProcessCred)
Config.EnableProcessNs = viper.GetBool(KeyEnableProcessNs)
Config.EnableK8s = viper.GetBool(KeyEnableK8sAPI)
Config.K8sKubeConfigPath = viper.GetString(KeyK8sKubeConfigPath)
Config.DisableKprobeMulti = viper.GetBool(KeyDisableKprobeMulti)
var err error
if Config.RBSize, err = strutils.ParseSize(viper.GetString(KeyRBSize)); err != nil {
return fmt.Errorf("failed to parse rb-size value: %s", err)
}
if Config.RBSizeTotal, err = strutils.ParseSize(viper.GetString(KeyRBSizeTotal)); err != nil {
return fmt.Errorf("failed to parse rb-size-total value: %s", err)
}
if Config.RBQueueSize, err = strutils.ParseSize(viper.GetString(KeyRBQueueSize)); err != nil {
return fmt.Errorf("failed to parse rb-queue-size value: %s", err)
}
Config.GopsAddr = viper.GetString(KeyGopsAddr)
logLevel := viper.GetString(KeyLogLevel)
logFormat := viper.GetString(KeyLogFormat)
logger.PopulateLogOpts(Config.LogOpts, logLevel, logFormat)
Config.ProcessCacheSize = viper.GetInt(KeyProcessCacheSize)
Config.DataCacheSize = viper.GetInt(KeyDataCacheSize)
Config.MetricsServer = viper.GetString(KeyMetricsServer)
Config.MetricsLabelFilter = DefaultLabelFilter().WithEnabledLabels(ParseMetricsLabelFilter(viper.GetString(KeyMetricsLabelFilter)))
Config.ServerAddress = viper.GetString(KeyServerAddress)
Config.ExportFilename = viper.GetString(KeyExportFilename)
Config.ExportFileMaxSizeMB = viper.GetInt(KeyExportFileMaxSizeMB)
Config.ExportFileRotationInterval = viper.GetDuration(KeyExportFileRotationInterval)
Config.ExportFileMaxBackups = viper.GetInt(KeyExportFileMaxBackups)
Config.ExportFileCompress = viper.GetBool(KeyExportFileCompress)
Config.ExportRateLimit = viper.GetInt(KeyExportRateLimit)
Config.ExportFilePerm = viper.GetString(KeyExportFilePerm)
Config.EnableExportAggregation = viper.GetBool(KeyEnableExportAggregation)
Config.ExportAggregationWindowSize = viper.GetDuration(KeyExportAggregationWindowSize)
Config.ExportAggregationBufferSize = viper.GetUint64(KeyExportAggregationBufferSize)
Config.CpuProfile = viper.GetString(KeyCpuProfile)
Config.MemProfile = viper.GetString(KeyMemProfile)
Config.PprofAddr = viper.GetString(KeyPprofAddr)
Config.EventQueueSize = viper.GetUint(KeyEventQueueSize)
Config.ReleasePinned = viper.GetBool(KeyReleasePinnedBPF)
Config.EnablePolicyFilter = viper.GetBool(KeyEnablePolicyFilter)
Config.EnablePolicyFilterDebug = viper.GetBool(KeyEnablePolicyFilterDebug)
Config.EnableMsgHandlingLatency = viper.GetBool(KeyEnableMsgHandlingLatency)
Config.EnablePidSetFilter = viper.GetBool(KeyEnablePidSetFilter)
Config.TracingPolicyDir = viper.GetString(KeyTracingPolicyDir)
Config.KMods = viper.GetStringSlice(KeyKmods)
Config.EnablePodInfo = viper.GetBool(KeyEnablePodInfo)
Config.EnableTracingPolicyCRD = viper.GetBool(KeyEnableTracingPolicyCRD)
Config.TracingPolicy = viper.GetString(KeyTracingPolicy)
switch viper.GetString(KeyUsernameMetadata) {
case "unix":
Config.UsernameMetadata = int(USERNAME_METADATA_UNIX)
default:
Config.UsernameMetadata = int(USERNAME_METADATA_DISABLED)
}
// manually handle the deprecation of --expose-kernel-addresses
if viper.IsSet(KeyExposeKernelAddresses) {
log.Warnf("Flag --%s has been deprecated, please use --%s instead", KeyExposeKernelAddresses, KeyExposeStackAddresses)
Config.ExposeStackAddresses = viper.GetBool(KeyExposeKernelAddresses)
}
// if both --expose-kernel-addresses and --expose-stack-addresses are set, the latter takes priority
if viper.IsSet(KeyExposeStackAddresses) {
Config.ExposeStackAddresses = viper.GetBool(KeyExposeStackAddresses)
}
Config.HealthServerAddress = viper.GetString(KeyHealthServerAddress)
Config.HealthServerInterval = viper.GetInt(KeyHealthTimeInterval)
return nil
}
func AddFlags(flags *pflag.FlagSet) {
flags.String(KeyConfigDir, "", "Configuration directory that contains a file for each option")
flags.BoolP(KeyDebug, "d", false, "Enable debug messages. Equivalent to '--log-level=debug'")
flags.String(KeyHubbleLib, defaults.DefaultTetragonLib, "Location of Tetragon libs (btf and bpf files)")
flags.String(KeyBTF, "", "Location of btf")
flags.String(KeyProcFS, "/proc/", "Location of procfs to consume existing PIDs")
flags.String(KeyKernelVersion, "", "Kernel version")
flags.Int(KeyVerbosity, 0, "set verbosity level for eBPF verifier dumps. Pass 0 for silent, 1 for truncated logs, 2 for a full dump")
flags.Int(KeyProcessCacheSize, 65536, "Size of the process cache")
flags.Int(KeyDataCacheSize, 1024, "Size of the data events cache")
flags.Bool(KeyForceSmallProgs, false, "Force loading small programs, even in kernels with >= 5.3 versions")
flags.Bool(KeyForceLargeProgs, false, "Force loading large programs, even in kernels with < 5.3 versions")
flags.String(KeyExportFilename, "", "Filename for JSON export. Disabled by default")
flags.Int(KeyExportFileMaxSizeMB, 10, "Size in MB for rotating JSON export files")
flags.Duration(KeyExportFileRotationInterval, 0, "Interval at which to rotate JSON export files in addition to rotating them by size")
flags.Int(KeyExportFileMaxBackups, 5, "Number of rotated JSON export files to retain")
flags.Bool(KeyExportFileCompress, false, "Compress rotated JSON export files")
flags.String(KeyExportFilePerm, defaults.DefaultLogsPermission, "Access permissions on JSON export files")
flags.Int(KeyExportRateLimit, -1, "Rate limit (per minute) for event export. Set to -1 to disable")
flags.String(KeyLogLevel, "info", "Set log level")
flags.String(KeyLogFormat, "text", "Set log format")
flags.Bool(KeyEnableK8sAPI, false, "Access Kubernetes API to associate Tetragon events with Kubernetes pods")
flags.String(KeyK8sKubeConfigPath, "", "Absolute path of the kubernetes kubeconfig file")
flags.Bool(KeyEnableProcessAncestors, true, "Include ancestors in process exec events")
flags.String(KeyMetricsServer, "", "Metrics server address (e.g. ':2112'). Disabled by default")
flags.String(KeyMetricsLabelFilter, "namespace,workload,pod,binary", "Comma-separated list of enabled metrics labels. Unknown labels will be ignored.")
flags.String(KeyServerAddress, "localhost:54321", "gRPC server address (e.g. 'localhost:54321' or 'unix:///var/run/tetragon/tetragon.sock'")
flags.String(KeyGopsAddr, "", "gops server address (e.g. 'localhost:8118'). Disabled by default")
flags.Bool(KeyEnableProcessCred, false, "Enable process_cred events")
flags.Bool(KeyEnableProcessNs, false, "Enable namespace information in process_exec and process_kprobe events")
flags.Uint(KeyEventQueueSize, 10000, "Set the size of the internal event queue.")
// Tracing policy file
flags.String(KeyTracingPolicy, "", "Tracing policy file to load at startup")
flags.String(KeyTracingPolicyDir, defaults.DefaultTpDir, "Directory from where to load Tracing Policies")
// Options for debugging/development, not visible to users
flags.String(KeyCpuProfile, "", "Store CPU profile into provided file")
flags.MarkHidden(KeyCpuProfile)
flags.String(KeyMemProfile, "", "Store MEM profile into provided file")
flags.MarkHidden(KeyMemProfile)
flags.String(KeyPprofAddr, "", "Profile via pprof http")
flags.MarkHidden(KeyPprofAddr)
// JSON export aggregation options.
flags.Bool(KeyEnableExportAggregation, false, "Enable JSON export aggregation")
flags.Duration(KeyExportAggregationWindowSize, 15*time.Second, "JSON export aggregation time window")
flags.Uint64(KeyExportAggregationBufferSize, 10000, "Aggregator channel buffer size")
// JSON export filter options
flags.String(KeyExportAllowlist, "", "JSON export allowlist")
flags.String(KeyExportDenylist, "", "JSON export denylist")
// Field filters options for export
flags.String(KeyFieldFilters, "", "Field filters for event exports")
// Redaction filters
flags.String(KeyRedactionFilters, "", "Redaction filters for events")
// Network namespace options
flags.String(KeyNetnsDir, "/var/run/docker/netns/", "Network namespace dir")
// Allow to disable kprobe multi interface
flags.Bool(KeyDisableKprobeMulti, false, "Allow to disable kprobe multi interface")
// Allow to specify perf ring buffer size
flags.String(KeyRBSizeTotal, "0", "Set perf ring buffer size in total for all cpus (default 65k per cpu, allows K/M/G suffix)")
flags.String(KeyRBSize, "0", "Set perf ring buffer size for single cpu (default 65k, allows K/M/G suffix)")
// Provide option to remove existing pinned BPF programs and maps in Tetragon's
// observer dir on startup. Useful for doing upgrades/downgrades. Set to false to
// disable.
flags.Bool(KeyReleasePinnedBPF, true, "Release all pinned BPF programs and maps in Tetragon BPF directory. Enabled by default. Set to false to disable")
// Provide option to enable policy filtering. Because the code is new,
// this is set to false by default.
flags.Bool(KeyEnablePolicyFilter, false, "Enable policy filter code (beta)")
flags.Bool(KeyEnablePolicyFilterDebug, false, "Enable policy filter debug messages")
// Provide option to enable the pidSet export filters.
flags.Bool(KeyEnablePidSetFilter, false, "Enable pidSet export filters. Not recommended for production use")
flags.Bool(KeyEnableMsgHandlingLatency, false, "Enable metrics for message handling latency")
flags.StringSlice(KeyKmods, []string{}, "List of kernel modules to load symbols from")
flags.String(KeyRBQueueSize, "65535", "Set size of channel between ring buffer and sensor go routines (default 65k, allows K/M/G suffix)")
flags.Bool(KeyEnablePodInfo, false, "Enable PodInfo custom resource")
flags.Bool(KeyEnableTracingPolicyCRD, true, "Enable TracingPolicy and TracingPolicyNamespaced custom resources")
flags.Bool(KeyExposeKernelAddresses, false, "Expose real kernel addresses in events stack traces")
flags.Bool(KeyExposeStackAddresses, false, "Expose real linear addresses in events stack traces")
flags.MarkHidden(KeyExposeKernelAddresses)
flags.Bool(KeyGenerateDocs, false, "Generate documentation in YAML format to stdout")
flags.String(KeyUsernameMetadata, "disabled", "Resolve UIDs to user names for processes running in host namespace")
flags.String(KeyHealthServerAddress, ":6789", "Health server address (e.g. ':6789')(use '' to disabled it)")
flags.Int(KeyHealthTimeInterval, 10, "Health server interval in seconds")
}