Backports/v0.8: backport generic tracepoint fix and better configuration handling #657
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ upstream main 6d27100 ] Signed-off-by: dechengyuan <dechengyuan@tencent.com>
[ upstream main 977aec2 ] Use a specific directory for tetragon configmap. Right now we are using /etc/tetragon/ as the base for configmap, however in future we want to put CRD rules under that same path /etc/tetragon/tetragon.rules.d/ . So change the mountPath where tetragon-config points from: /etc/tetragon/ => /etc/tetragon/tetragon.conf.d/ Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
[ upstream main b298d8e ] This patch allows to have a better and stable configuration handling mechanism, by allowing tetragon to read its configuration the following order where each next configuration will override previous one if it was set. Note: drop-in configuration snippets are files where each filename is the controlling setting and the content the corresponding value. 1. Drop-in configuration snippets inside the following directories: `/usr/lib/tetragon/tetragon.conf.d/*` `/usr/local/lib/tetragon/tetragon.conf.d/*` 2. `/etc/tetragon/tetragon.yaml` a yaml configuration. 3. Drop-in configuration snippets same as 1. that could override 1. and 2., under: `/etc/tetragon/tetragon.conf.d/*` 4. `config-dir` - drop-in configuration snippets to override all previous settings. This offers the following advantages: 1. Package managers or distros must use /usr/lib/tetragon/ to set the vendor config. 2. Tarballs will use /usr/local/lib/tetragon/ to set its vendor config and override previous configs of 1. if any. 3. Configurations in `/etc/tetragon/` are strictly reserved for the local administrator, who may use this logic to override package managers or the default installed configuration 1. and 2. 4. Administrators can restore defaults settings by simply deleting the configuration file inside /etc/tetragon/ and all drop-ins. 5. Ability to ship sane and secure configurations by default inside the drop-ins without touching the /etc/ directory. 6. Ability to handle updates without touching /etc/ , reducing errors or overriding users administrators configurations. 7. Ability to ship simple systemd units without too much configurations. 8. Ability for administrators to override the systemd unit by placing it /etc/systemd/system/tetragon.service Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
[ Upsteam main 925b6f4 ] Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
[ Upstream main ed2cc04 ] If empty do not start gops server. Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This backports: