TracingPolicy is a user-configurable Kubernetes custom resource (CR) that
allows users to trace arbitrary events in the kernel and optionally define
actions to take on a match. Policies consist of a hook point (kprobes,
tracepoints, and uprobes are supported), and selectors for in-kernel filtering
and specifying actions. For more details, see
hook points page and the
TracingPolicyallows for powerful, yet low-level configuration and, as such, requires knowledge about the Linux kernel and containers to avoid unexpected issues such as TOCTU bugs.
For the complete custom resource definition (CRD) refer to the YAML file
One practical way to explore the CRD is to use
kubectl explain against a
Kubernetes API server on which it is installed, for example
kubectl explain tracingpolicy.spec.kprobes provides field-specific documentation and details
on kprobe spec.
Tracing Policies can be loaded and unloaded at runtime in Tetragon, or on startup using flags.
- With Kubernetes, you can use
kubectlto add and remove a
- You can use
tetragRPC CLI to add and remove a
- You can use the
--tracing-policy-dirflags, see more in the daemon configuration page.
Learn the basics of Tracing Policy via an example
Hook points for Tracing Policies and arguments description
Perform in-kernel BPF filtering and actions on events