new(userspace/falco): allow to pass multiple --cri options.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2025-08-30 21:25:06 +00:00 · 2022-02-24 11:35:50 +01:00 · 2022-02-24 11:35:50 +01:00 · 1d76df3831
commit 1d76df3831
parent 335d79e79c
3 changed files with 8 additions and 5 deletions
--- a/userspace/falco/app_cmdline_options.cpp
+++ b/userspace/falco/app_cmdline_options.cpp
@ -157,7 +157,7 @@ void cmdline_options::define()
 #endif
 		("A",                             "Monitor all events, including those with EF_DROP_SIMPLE_CONS flag.", cxxopts::value(all_events)->default_value("false"))
 		("b,print-base64",                "Print data buffers in base64. This is useful for encoding binary data that needs to be used over media designed to consume this format.")
-		("cri",                           "Path to CRI socket for container metadata. Use the specified socket to fetch data from a CRI-compatible runtime. If not specified, uses libs default.", cxxopts::value(cri_socket_path), "<path>")
+		("cri",                           "Path to CRI socket for container metadata. Use the specified socket to fetch data from a CRI-compatible runtime. If not specified, uses libs default. It can be passed multiple times to specify socket to be tried until a successful one is found.", cxxopts::value(cri_socket_paths), "<path>")
 		("d,daemon",                      "Run as a daemon.", cxxopts::value(daemon)->default_value("false"))
 		("disable-cri-async",             "Disable asynchronous CRI metadata fetching. This is useful to let the input event wait for the container metadata fetch to finish before moving forward. Async fetching, in some environments leads to empty fields for container metadata when the fetch is not fast enough to be completed asynchronously. This can have a performance penalty on your environment depending on the number of containers and the frequency at which they are created/started/stopped.", cxxopts::value(disable_cri_async)->default_value("false"))
 		("disable-source",                "Disable a specific event source. Available event sources are: syscall, k8s_audit, or any source from a configured source plugin. It can be passed multiple times. Can not disable all event sources.", cxxopts::value(disable_sources), "<event_source>")
--- a/userspace/falco/app_cmdline_options.h
+++ b/userspace/falco/app_cmdline_options.h
@ -37,7 +37,7 @@ public:
 	std::string conf_filename;
 	bool all_events;
 	sinsp_evt::param_fmt event_buffer_format;
-	std::string cri_socket_path;
+	std::vector<std::string> cri_socket_paths;
 	bool daemon;
 	bool disable_cri_async;
 	std::vector<std::string> disable_sources;
--- a/userspace/falco/falco.cpp
+++ b/userspace/falco/falco.cpp
@ -478,10 +478,13 @@ int falco_init(int argc, char **argv)
 		inspector = new sinsp();
 		inspector->set_buffer_format(app.options().event_buffer_format);

-		// If required, set the CRI path
-		if(!app.options().cri_socket_path.empty())
+		// If required, set the CRI paths
+		for (auto &p : app.options().cri_socket_paths)
 		{
-			inspector->set_cri_socket_path(app.options().cri_socket_path);
+			if (!p.empty())
+			{
+				inspector->add_cri_socket_path(p);
+			}
 		}

 		// Decide wether to do sync or async for CRI metadata fetch