docs: use tetragon YAML docs data for daemon options reference

Previously we were just dumping the result of the `--help` flag. This
commit introduces a shortcode template that uses the YAML data file from
the --generate-docs flag to generate an HTML table displaying all the
flags, their usage and default value.

Signed-off-by: Mahe Tardy <[email protected]>

.github/workflows/generated-files.yaml

@@ -35,7 +35,6 @@ jobs:
           fi
       - name: Check Tetragon daemon flags
         run: |
-          make tetragon
           make generate-flags
           git status
           git diff

Makefile

@@ -168,9 +168,7 @@ verify: tetragon-bpf
 
 .PHONY: generate-flags tetragon tetra tetragon-operator tetragon-bench
 generate-flags: tetragon
-	echo "\`\`\`" > docs/content/en/docs/reference/daemon-flags.md
-	echo "$$(./tetragon --help 2>&1)" >> docs/content/en/docs/reference/daemon-flags.md
-	echo "\`\`\`" >> docs/content/en/docs/reference/daemon-flags.md
+	echo "$$(./tetragon --generate-docs)" > docs/data/tetragon_flags.yaml
 
 tetragon:
 	$(GO_BUILD) ./cmd/tetragon/

api/export-doc.sh

@@ -31,6 +31,7 @@ title: "gRPC API"
 description: >
   This reference is generated from the protocol buffer specification and
   documents the gRPC API of Tetragon.
+weight: 3
 ---
 
 {{< comment >}}

docs/content/en/docs/concepts/tracing-policy/_index.md

@@ -31,7 +31,7 @@ startup using flags.
 - You can use `tetra` gRPC CLI to add and remove a `TracingPolicy`.
 - You can use the `--tracing-policy` and `--tracing-policy-dir` flags to statically add policies at
   startup time, see more in the [daemon configuration page]({{< ref
-  "/docs/reference/tetragon-configuration#configure-tracing-policies-location" >}}).
+  "/docs/reference/daemon-configuration#configure-tracing-policies-location" >}}).
 
 
 Hence, even though Tracing Policies are structured as a Kubernetes CR, they can also be used in

docs/content/en/docs/installation/container.md

@@ -55,7 +55,7 @@ There are multiple ways to set configuration options:
         /usr/bin/tetragon --export-filename /var/log/tetragon/tetragon.log
     ```
 
-    For a complete list of CLI arguments, please check [Tetragon daemon configuration](/docs/reference/tetragon-configuration).
+    For a complete list of CLI arguments, please check [Tetragon daemon configuration]({{< ref "/docs/reference/daemon-configuration" >}}).
 
 
 2. Environment variables
@@ -70,11 +70,11 @@ There are multiple ways to set configuration options:
 
     Every controlling setting can be set using environment variables. Prefix it with the key word `TETRAGON_` then upper case the controlling setting. As an example to set where to export JSON events: `--export-filename` will be `TETRAGON_EXPORT_FILENAME`.
 
-    For a complete list of all controlling settings, please check [tetragon daemon configuration](/docs/reference/tetragon-configuration).
+    For a complete list of all controlling settings, please check [tetragon daemon configuration]({{< ref "/docs/reference/daemon-configuration" >}}).
 
 3. Configuration files mounted as volumes
 
-    On the host machine set the configuration drop-ins inside `/etc/tetragon/tetragon.conf.d/` directory according to the [configuration examples](/docs/reference/tetragon-configuration/#configuration-examples), then mount it as volume:
+    On the host machine set the configuration drop-ins inside `/etc/tetragon/tetragon.conf.d/` directory according to the [configuration examples]({{< ref "/docs/reference/daemon-configuration#configuration-examples" >}}), then mount it as volume:
 
     ```shell
     docker run --name tetragon --rm -d \
@@ -86,5 +86,5 @@ There are multiple ways to set configuration options:
 
     This will map the `/etc/tetragon/tetragon.conf.d/` drop-in directory from the host into the container.
 
-See [Tetragon daemon configuration](/docs/reference/tetragon-configuration) reference for further details.
+See [Tetragon daemon configuration]({{< ref "/docs/reference/daemon-configuration" >}}) reference for further details.
 

docs/content/en/docs/installation/package.md

@@ -71,7 +71,7 @@ can change the configuration by adding drop-ins inside
 command line flags. To restore default settings, remove any added configuration
 inside `/etc/tetragon/tetragon.conf.d/`.
 
-See [Tetragon daemon configuration](/docs/reference/tetragon-configuration) for further details.
+See [Tetragon daemon configuration]({{< ref "/docs/reference/daemon-configuration" >}}) for further details.
 
 ## Upgrade
 
@@ -146,7 +146,7 @@ To access the gRPC API with `tetra` client, set `--server-address` to point to t
    sudo tetra --server-address unix:///var/run/tetragon/tetragon.sock getevents
    ```
 
-See [restrict gRPC API access](/docs/reference/tetragon-configuration/#restrict-grpc-api-access) for further details.
+See [restrict gRPC API access]({{< ref "/docs/reference/daemon-configuration#restrict-grpc-api-access" >}}) for further details.
 
 ### Tetragon Events
 

docs/content/en/docs/reference/tetragon-configuration.md → docs/content/en/docs/reference/daemon-configuration.md

@@ -1,18 +1,21 @@
 ---
-title: "Tetragon Daemon Configuration"
-linkTitle: "Tetragon Daemon Configuration"
-description: "Configure Tetragon daemon"
+title: "Daemon Configuration"
+description: "Explore Tetragon options and configuration mechanisms."
+weight: 1
 ---
 
 Tetragon default controlling settings are set during compilation, so configuration
 is only needed when it is necessary to deviate from those defaults. This
 document lists those controlling settings and how they can be set
-as a CLI arguments or as configuration options from [YAML](https://yaml.org) files.
+as a CLI arguments or as configuration options from YAML files.
 
-## Tetragon Controlling Settings
+## Options
 
-Tetragon CLI arguments:
-{{< readfile "/docs/reference/daemon-flags.md" >}}
+The following table list all Tetragon daemon available options and is
+automatically generated using the tetragon binary `--generate-docs` flag. The
+same information can also be retrieved using `--help`.
+
+{{< tetragon-options >}}
 
 ## Configuration precedence
 

docs/content/en/docs/reference/grpc-api.md

@@ -3,6 +3,7 @@ title: "gRPC API"
 description: >
   This reference is generated from the protocol buffer specification and
   documents the gRPC API of Tetragon.
+weight: 3
 ---
 
 {{< comment >}}

docs/data/tetragon_flags.yaml

@@ -0,0 +1,175 @@
+name: tetragon
+synopsis: |
+    Tetragon - eBPF-based Security Observability and Runtime Enforcement
+usage: tetragon [flags]
+options:
+    - name: bpf-lib
+      default_value: /var/lib/tetragon/
+      usage: Location of Tetragon libs (btf and bpf files)
+    - name: btf
+      usage: Location of btf
+    - name: config-dir
+      usage: Configuration directory that contains a file for each option
+    - name: cpuprofile
+      usage: Store CPU profile into provided file
+    - name: data-cache-size
+      default_value: "1024"
+      usage: Size of the data events cache
+    - name: debug
+      shorthand: d
+      default_value: "false"
+      usage: Enable debug messages. Equivalent to '--log-level=debug'
+    - name: disable-kprobe-multi
+      default_value: "false"
+      usage: Allow to disable kprobe multi interface
+    - name: enable-export-aggregation
+      default_value: "false"
+      usage: Enable JSON export aggregation
+    - name: enable-k8s-api
+      default_value: "false"
+      usage: |
+        Access Kubernetes API to associate Tetragon events with Kubernetes pods
+    - name: enable-msg-handling-latency
+      default_value: "false"
+      usage: Enable metrics for message handling latency
+    - name: enable-pid-set-filter
+      default_value: "false"
+      usage: |
+        Enable pidSet export filters. Not recommended for production use
+    - name: enable-pod-info
+      default_value: "false"
+      usage: Enable PodInfo custom resource
+    - name: enable-policy-filter
+      default_value: "false"
+      usage: Enable policy filter code (beta)
+    - name: enable-policy-filter-debug
+      default_value: "false"
+      usage: Enable policy filter debug messages
+    - name: enable-process-ancestors
+      default_value: "true"
+      usage: Include ancestors in process exec events
+    - name: enable-process-cred
+      default_value: "false"
+      usage: Enable process_cred events
+    - name: enable-process-ns
+      default_value: "false"
+      usage: |
+        Enable namespace information in process_exec and process_kprobe events
+    - name: event-queue-size
+      default_value: "10000"
+      usage: Set the size of the internal event queue.
+    - name: export-aggregation-buffer-size
+      default_value: "10000"
+      usage: Aggregator channel buffer size
+    - name: export-aggregation-window-size
+      default_value: 15s
+      usage: JSON export aggregation time window
+    - name: export-allowlist
+      usage: JSON export allowlist
+    - name: export-denylist
+      usage: JSON export denylist
+    - name: export-file-compress
+      default_value: "false"
+      usage: Compress rotated JSON export files
+    - name: export-file-max-backups
+      default_value: "5"
+      usage: Number of rotated JSON export files to retain
+    - name: export-file-max-size-mb
+      default_value: "10"
+      usage: Size in MB for rotating JSON export files
+    - name: export-file-perm
+      default_value: "600"
+      usage: Access permissions on JSON export files
+    - name: export-file-rotation-interval
+      default_value: 0s
+      usage: |
+        Interval at which to rotate JSON export files in addition to rotating them by size
+    - name: export-filename
+      usage: Filename for JSON export. Disabled by default
+    - name: export-rate-limit
+      default_value: "-1"
+      usage: |
+        Rate limit (per minute) for event export. Set to -1 to disable
+    - name: expose-kernel-addresses
+      default_value: "false"
+      usage: Expose real kernel addresses in events stack traces
+    - name: field-filters
+      usage: Field filters for event exports
+    - name: force-large-progs
+      default_value: "false"
+      usage: |
+        Force loading large programs, even in kernels with < 5.3 versions
+    - name: force-small-progs
+      default_value: "false"
+      usage: |
+        Force loading small programs, even in kernels with >= 5.3 versions
+    - name: generate-docs
+      default_value: "false"
+      usage: Generate documentation in YAML format to stdout
+    - name: gops-address
+      usage: |
+        gops server address (e.g. 'localhost:8118'). Disabled by default
+    - name: help
+      shorthand: h
+      default_value: "false"
+      usage: help for tetragon
+    - name: k8s-kubeconfig-path
+      usage: Absolute path of the kubernetes kubeconfig file
+    - name: kernel
+      usage: Kernel version
+    - name: kmods
+      default_value: '[]'
+      usage: List of kernel modules to load symbols from
+    - name: log-format
+      default_value: text
+      usage: Set log format
+    - name: log-level
+      default_value: info
+      usage: Set log level
+    - name: memprofile
+      usage: Store MEM profile into provided file
+    - name: metrics-label-filter
+      usage: |
+        Comma-separated list of enabled metric labels. (e.g. "namespace,workload,pod,binary") By default all labels are enabled.
+    - name: metrics-server
+      usage: Metrics server address (e.g. ':2112'). Disabled by default
+    - name: netns-dir
+      default_value: /var/run/docker/netns/
+      usage: Network namespace dir
+    - name: pprof-addr
+      usage: Profile via pprof http
+    - name: process-cache-size
+      default_value: "65536"
+      usage: Size of the process cache
+    - name: procfs
+      default_value: /proc/
+      usage: Location of procfs to consume existing PIDs
+    - name: rb-queue-size
+      default_value: "65535"
+      usage: |
+        Set size of channel between ring buffer and sensor go routines (default 65k, allows K/M/G suffix)
+    - name: rb-size
+      default_value: "0"
+      usage: |
+        Set perf ring buffer size for single cpu (default 65k, allows K/M/G suffix)
+    - name: rb-size-total
+      default_value: "0"
+      usage: |
+        Set perf ring buffer size in total for all cpus (default 65k per cpu, allows K/M/G suffix)
+    - name: release-pinned-bpf
+      default_value: "true"
+      usage: |
+        Release all pinned BPF programs and maps in Tetragon BPF directory. Enabled by default. Set to false to disable
+    - name: server-address
+      default_value: localhost:54321
+      usage: |
+        gRPC server address (e.g. 'localhost:54321' or 'unix:///var/run/tetragon/tetragon.sock'
+    - name: tracing-policy
+      usage: Tracing policy file to load at startup
+    - name: tracing-policy-dir
+      default_value: /etc/tetragon/tetragon.tp.d
+      usage: Directory from where to load Tracing Policies
+    - name: verbose
+      default_value: "0"
+      usage: |
+        set verbosity level for eBPF verifier dumps. Pass 0 for silent, 1 for truncated logs, 2 for a full dump

docs/layouts/shortcodes/tetragon-options.html

@@ -0,0 +1,27 @@
+{{ with .Site.Data.tetragon_flags }}
+<table>
+  <thead>
+    <tr>
+      <th>Flag</th>
+      <th>Usage</th>
+      <th>Default Value</th>
+    </tr>
+  </thead>
+  <tbody>
+    {{ range .options }}
+    <tr>
+      <td><code>--{{ .name }}</code></td>
+      <td>{{ .usage }}</td>
+      {{ if .default_value }}
+	<td><code>{{ .default_value }}</code></td>
+      {{ else }}
+	<td></td>
+      {{ end }}
+    </tr>
+    {{ end }}
+  </tbody>
+</table>
+{{ else }}
+  <p>Error: table template failed, check build logs.</p> 
+  {{ warnf "Data file \"tetragon_flags\" seems to be missing. It is needed to display Tetragon options." }}
+{{ end }}