diff --git a/userspace/falco/app_cmdline_options.cpp b/userspace/falco/app_cmdline_options.cpp index 13391928..7d1173d2 100644 --- a/userspace/falco/app_cmdline_options.cpp +++ b/userspace/falco/app_cmdline_options.cpp @@ -157,7 +157,7 @@ void cmdline_options::define() #endif ("A", "Monitor all events, including those with EF_DROP_SIMPLE_CONS flag.", cxxopts::value(all_events)->default_value("false")) ("b,print-base64", "Print data buffers in base64. This is useful for encoding binary data that needs to be used over media designed to consume this format.") - ("cri", "Path to CRI socket for container metadata. Use the specified socket to fetch data from a CRI-compatible runtime. If not specified, uses libs default.", cxxopts::value(cri_socket_path), "") + ("cri", "Path to CRI socket for container metadata. Use the specified socket to fetch data from a CRI-compatible runtime. If not specified, uses libs default. It can be passed multiple times to specify socket to be tried until a successful one is found.", cxxopts::value(cri_socket_paths), "") ("d,daemon", "Run as a daemon.", cxxopts::value(daemon)->default_value("false")) ("disable-cri-async", "Disable asynchronous CRI metadata fetching. This is useful to let the input event wait for the container metadata fetch to finish before moving forward. Async fetching, in some environments leads to empty fields for container metadata when the fetch is not fast enough to be completed asynchronously. This can have a performance penalty on your environment depending on the number of containers and the frequency at which they are created/started/stopped.", cxxopts::value(disable_cri_async)->default_value("false")) ("disable-source", "Disable a specific event source. Available event sources are: syscall, k8s_audit, or any source from a configured source plugin. It can be passed multiple times. Can not disable all event sources.", cxxopts::value(disable_sources), "") diff --git a/userspace/falco/app_cmdline_options.h b/userspace/falco/app_cmdline_options.h index 37aa954f..377d14f5 100644 --- a/userspace/falco/app_cmdline_options.h +++ b/userspace/falco/app_cmdline_options.h @@ -37,7 +37,7 @@ public: std::string conf_filename; bool all_events; sinsp_evt::param_fmt event_buffer_format; - std::string cri_socket_path; + std::vector cri_socket_paths; bool daemon; bool disable_cri_async; std::vector disable_sources; diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp index 74ae7a4c..8a4bd2e2 100644 --- a/userspace/falco/falco.cpp +++ b/userspace/falco/falco.cpp @@ -478,10 +478,13 @@ int falco_init(int argc, char **argv) inspector = new sinsp(); inspector->set_buffer_format(app.options().event_buffer_format); - // If required, set the CRI path - if(!app.options().cri_socket_path.empty()) + // If required, set the CRI paths + for (auto &p : app.options().cri_socket_paths) { - inspector->set_cri_socket_path(app.options().cri_socket_path); + if (!p.empty()) + { + inspector->add_cri_socket_path(p); + } } // Decide wether to do sync or async for CRI metadata fetch