diff --git a/cmd/tetragon/main.go b/cmd/tetragon/main.go
index 4a76692a37a..5ff0628d654 100644
--- a/cmd/tetragon/main.go
+++ b/cmd/tetragon/main.go
@@ -767,6 +767,10 @@ func startExporter(ctx context.Context, server *server.Server) error {
 }
 
 func Serve(ctx context.Context, listenAddr string, srv *server.Server) error {
+	// we use an empty listen address to effectively disable the gRPC server
+	if len(listenAddr) == 0 {
+		return nil
+	}
 	grpcServer := grpc.NewServer()
 	tetragon.RegisterFineGuidanceSensorsServer(grpcServer, srv)
 	proto, addr, err := server.SplitListenAddr(listenAddr)
diff --git a/docs/data/tetragon_flags.yaml b/docs/data/tetragon_flags.yaml
index 81b48789612..981c7545621 100644
--- a/docs/data/tetragon_flags.yaml
+++ b/docs/data/tetragon_flags.yaml
@@ -185,7 +185,7 @@ options:
     - name: server-address
       default_value: localhost:54321
       usage: |
-        gRPC server address (e.g. 'localhost:54321' or 'unix:///var/run/tetragon/tetragon.sock'
+        gRPC server address (e.g. 'localhost:54321' or 'unix:///var/run/tetragon/tetragon.sock'). An empty address disables the gRPC server
     - name: tracing-policy
       usage: Tracing policy file to load at startup
     - name: tracing-policy-dir
diff --git a/install/kubernetes/tetragon/templates/tetragon_configmap.yaml b/install/kubernetes/tetragon/templates/tetragon_configmap.yaml
index 9e3efb1289c..238ed58e018 100644
--- a/install/kubernetes/tetragon/templates/tetragon_configmap.yaml
+++ b/install/kubernetes/tetragon/templates/tetragon_configmap.yaml
@@ -44,6 +44,7 @@ data:
 {{- if .Values.tetragon.grpc.enabled }}
   server-address: {{ .Values.tetragon.grpc.address }}
 {{- else }}
+  server-address: ""
 {{- end }}
 {{- if .Values.tetragon.healthGrpc.enabled }}
   health-server-address: :{{ .Values.tetragon.healthGrpc.port }}
diff --git a/pkg/option/flags.go b/pkg/option/flags.go
index c7d926e4f48..3902e716e81 100644
--- a/pkg/option/flags.go
+++ b/pkg/option/flags.go
@@ -296,7 +296,7 @@ func AddFlags(flags *pflag.FlagSet) {
 	flags.Bool(KeyEnableProcessAncestors, true, "Include ancestors in process exec events")
 	flags.String(KeyMetricsServer, "", "Metrics server address (e.g. ':2112'). Disabled by default")
 	flags.String(KeyMetricsLabelFilter, "namespace,workload,pod,binary", "Comma-separated list of enabled metrics labels. Unknown labels will be ignored.")
-	flags.String(KeyServerAddress, "localhost:54321", "gRPC server address (e.g. 'localhost:54321' or 'unix:///var/run/tetragon/tetragon.sock'")
+	flags.String(KeyServerAddress, "localhost:54321", "gRPC server address (e.g. 'localhost:54321' or 'unix:///var/run/tetragon/tetragon.sock'). An empty address disables the gRPC server")
 	flags.String(KeyGopsAddr, "", "gops server address (e.g. 'localhost:8118'). Disabled by default")
 	flags.Bool(KeyEnableProcessCred, false, "Enable process_cred events")
 	flags.Bool(KeyEnableProcessNs, false, "Enable namespace information in process_exec and process_kprobe events")