Add flags to make it possible using k8s api without TP CRDs

Fixes: #1880 Signed-off-by: Alexey Olshanskiy <gh@aohoy.dev>
cilium · Jan 20, 2024 · 93a66fd · 93a66fd
1 parent afae997
commit 93a66fd
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 41 deletions.
diff --git a/cmd/tetragon/main.go b/cmd/tetragon/main.go
@@ -72,6 +72,7 @@ import (
 	apiextensionsclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
 	apiextensionsinformer "k8s.io/apiextensions-apiserver/pkg/client/informers/externalversions/apiextensions/v1"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/cache"
 )
 
@@ -357,50 +358,16 @@ func tetragonExecute() error {
 	var k8sWatcher watcher.K8sResourceWatcher
 	if option.Config.EnableK8s {
 		log.Info("Enabling Kubernetes API")
-		crds := map[string]struct{}{
-			v1alpha1.TPName:           {},
-			v1alpha1.TPNamespacedName: {},
-		}
-		if option.Config.EnablePodInfo {
-			crds[v1alpha1.PIName] = struct{}{}
-		}
 		config, err := k8sconf.K8sConfig()
 		if err != nil {
 			return err
 		}
-		log.WithField("crds", crds).Info("Waiting for required CRDs")
-		var wg sync.WaitGroup
-		wg.Add(1)
-		k8sClient := kubernetes.NewForConfigOrDie(config)
-		crdClient := apiextensionsclientset.NewForConfigOrDie(config)
-		crdInformer := apiextensionsinformer.NewCustomResourceDefinitionInformer(crdClient, 0*time.Second, nil)
-		_, err = crdInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{
-			AddFunc: func(obj interface{}) {
-				crdObject, ok := obj.(*v1.CustomResourceDefinition)
-				if !ok {
-					log.WithField("obj", obj).Warn("Received an invalid object")
-					return
-				}
-				if _, ok := crds[crdObject.Name]; ok {
-					log.WithField("crd", crdObject.Name).Info("Found CRD")
-					delete(crds, crdObject.Name)
-					if len(crds) == 0 {
-						log.Info("Found all the required CRDs")
-						wg.Done()
-					}
-				}
-			},
-		})
-		if err != nil {
-			log.WithError(err).Error("failed to add event handler")
+
+		if err := waitCRDs(config); err != nil {
 			return err
 		}
-		stop := make(chan struct{})
-		go func() {
-			crdInformer.Run(stop)
-		}()
-		wg.Wait()
-		close(stop)
+
+		k8sClient := kubernetes.NewForConfigOrDie(config)
 		k8sWatcher = watcher.NewK8sWatcher(k8sClient, 60*time.Second)
 	} else {
 		log.Info("Disabling Kubernetes API")
@@ -452,7 +419,7 @@ func tetragonExecute() error {
 	log.WithField("enabled", option.Config.ExportFilename != "").WithField("fileName", option.Config.ExportFilename).Info("Exporter configuration")
 	obs.AddListener(pm)
 	saveInitInfo()
-	if option.Config.EnableK8s {
+	if option.Config.EnableK8s && option.Config.EnableTracingPolicyCRD {
 		go crd.WatchTracePolicy(ctx, observer.GetSensorManager())
 	}
 
@@ -496,6 +463,57 @@ func tetragonExecute() error {
 	return obs.Start(ctx)
 }
 
+func waitCRDs(config *rest.Config) error {
+	crds := make(map[string]struct{})
+
+	if option.Config.EnableTracingPolicyCRD {
+		crds[v1alpha1.TPName] = struct{}{}
+		crds[v1alpha1.TPNamespacedName] = struct{}{}
+	}
+	if option.Config.EnablePodInfo {
+		crds[v1alpha1.PIName] = struct{}{}
+	}
+
+	if len(crds) == 0 {
+		log.Info("No CRDs are enabled")
+		return nil
+	}
+
+	log.WithField("crds", crds).Info("Waiting for required CRDs")
+	var wg sync.WaitGroup
+	wg.Add(1)
+	crdClient := apiextensionsclientset.NewForConfigOrDie(config)
+	crdInformer := apiextensionsinformer.NewCustomResourceDefinitionInformer(crdClient, 0*time.Second, nil)
+	_, err := crdInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{
+		AddFunc: func(obj interface{}) {
+			crdObject, ok := obj.(*v1.CustomResourceDefinition)
+			if !ok {
+				log.WithField("obj", obj).Warn("Received an invalid object")
+				return
+			}
+			if _, ok := crds[crdObject.Name]; ok {
+				log.WithField("crd", crdObject.Name).Info("Found CRD")
+				delete(crds, crdObject.Name)
+				if len(crds) == 0 {
+					log.Info("Found all the required CRDs")
+					wg.Done()
+				}
+			}
+		},
+	})
+	if err != nil {
+		log.WithError(err).Error("failed to add event handler")
+		return err
+	}
+	stop := make(chan struct{})
+	go func() {
+		crdInformer.Run(stop)
+	}()
+	wg.Wait()
+	close(stop)
+	return nil
+}
+
 func loadTpFromDir(ctx context.Context, dir string) error {
 	tpMaxDepth := 1
 	tpFS := os.DirFS(dir)

diff --git a/docs/data/tetragon_flags.yaml b/docs/data/tetragon_flags.yaml
diff --git a/pkg/option/config.go b/pkg/option/config.go
@@ -83,7 +83,8 @@ type config struct {
 
 	KMods []string
 
-	EnablePodInfo bool
+	EnablePodInfo          bool
+	EnableTracingPolicyCRD bool
 
 	ExposeKernelAddresses bool
 }

diff --git a/pkg/option/flags.go b/pkg/option/flags.go
@@ -86,7 +86,8 @@ const (
 
 	KeyKmods = "kmods"
 
-	KeyEnablePodInfo = "enable-pod-info"
+	KeyEnablePodInfo          = "enable-pod-info"
+	KeyEnableTracingPolicyCRD = "enable-tracing-policy-crd"
 
 	KeyExposeKernelAddresses = "expose-kernel-addresses"
 
@@ -165,6 +166,7 @@ func ReadAndSetFlags() error {
 	Config.KMods = viper.GetStringSlice(KeyKmods)
 
 	Config.EnablePodInfo = viper.GetBool(KeyEnablePodInfo)
+	Config.EnableTracingPolicyCRD = viper.GetBool(KeyEnableTracingPolicyCRD)
 
 	Config.TracingPolicy = viper.GetString(KeyTracingPolicy)
 
@@ -271,6 +273,7 @@ func AddFlags(flags *pflag.FlagSet) {
 	flags.String(KeyRBQueueSize, "65535", "Set size of channel between ring buffer and sensor go routines (default 65k, allows K/M/G suffix)")
 
 	flags.Bool(KeyEnablePodInfo, false, "Enable PodInfo custom resource")
+	flags.Bool(KeyEnableTracingPolicyCRD, true, "Enable TracingPolicy and TracingPolicyNamespaced custom resources")
 
 	flags.Bool(KeyExposeKernelAddresses, false, "Expose real kernel addresses in events stack traces")