update(userspace/falco): add configuration entry for webserver threadiness

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
2025-06-25 14:22:15 +00:00 · 2022-06-23 09:16:26 +00:00 · 2022-06-23 09:16:26 +00:00 · 2b7bcc87a7
commit 2b7bcc87a7
parent 0eacd41cd5
5 changed files with 20 additions and 6 deletions
--- a/userspace/falco/app_actions/start_webserver.cpp
+++ b/userspace/falco/app_actions/start_webserver.cpp
@ -27,8 +27,14 @@ application::run_result application::start_webserver()
 	if(!is_capture_mode() && m_state->config->m_webserver_enabled)
 	{
 		std::string ssl_option = (m_state->config->m_webserver_ssl_enabled ? " (SSL)" : "");
-		falco_logger::log(LOG_INFO, "Starting internal webserver, listening on port " + to_string(m_state->config->m_webserver_listen_port) + ssl_option + "\n");
+		falco_logger::log(LOG_INFO, "Starting health webserver with threadiness "
+			+ to_string(m_state->config->m_webserver_threadiness)
+			+ ", listening on port "
+			+ to_string(m_state->config->m_webserver_listen_port)
+			+ ssl_option + "\n");
+
 		m_state->webserver.start(
+			m_state->config->m_webserver_threadiness,
 			m_state->config->m_webserver_listen_port, 
 			m_state->config->m_webserver_k8s_healthz_endpoint,
 			m_state->config->m_webserver_ssl_certificate, 
--- a/userspace/falco/configuration.cpp
+++ b/userspace/falco/configuration.cpp
@ -35,6 +35,7 @@ falco_configuration::falco_configuration():
 	m_buffered_outputs(false),
 	m_time_format_iso_8601(false),
 	m_webserver_enabled(false),
+	m_webserver_threadiness(0),
 	m_webserver_listen_port(8765),
 	m_webserver_k8s_healthz_endpoint("/healthz"),
 	m_webserver_ssl_enabled(false),
@ -207,10 +208,15 @@ void falco_configuration::init(string conf_filename, const vector<string> &cmdli
 	falco_logger::log_syslog = m_config->get_scalar<bool>("log_syslog", true);

 	m_webserver_enabled = m_config->get_scalar<bool>("webserver.enabled", false);
+	m_webserver_threadiness = m_config->get_scalar<uint32_t>("webserver.threadiness", 0);
 	m_webserver_listen_port = m_config->get_scalar<uint32_t>("webserver.listen_port", 8765);
 	m_webserver_k8s_healthz_endpoint = m_config->get_scalar<string>("webserver.k8s_healthz_endpoint", "/healthz");
 	m_webserver_ssl_enabled = m_config->get_scalar<bool>("webserver.ssl_enabled", false);
 	m_webserver_ssl_certificate = m_config->get_scalar<string>("webserver.ssl_certificate", "/etc/falco/falco.pem");
+	if(m_webserver_threadiness == 0)
+	{
+		m_webserver_threadiness = falco::utils::hardware_concurrency();
+	}

 	std::list<string> syscall_event_drop_acts;
 	m_config->get_sequence(syscall_event_drop_acts, "syscall_event_drops.actions");
--- a/userspace/falco/configuration.h
+++ b/userspace/falco/configuration.h
@ -250,6 +250,7 @@ public:
 	std::string m_grpc_root_certs;

 	bool m_webserver_enabled;
+	uint32_t m_webserver_threadiness;
 	uint32_t m_webserver_listen_port;
 	std::string m_webserver_k8s_healthz_endpoint;
 	bool m_webserver_ssl_enabled;
--- a/userspace/falco/webserver.cpp
+++ b/userspace/falco/webserver.cpp
@ -24,10 +24,11 @@ falco_webserver::~falco_webserver()
 }

 void falco_webserver::start(
-		uint32_t listen_port,
-		std::string& healthz_endpoint,
-		std::string &ssl_certificate,
-		bool ssl_enabled)
+        uint32_t threadiness,
+        uint32_t listen_port,
+        std::string& healthz_endpoint,
+        std::string &ssl_certificate,
+        bool ssl_enabled)
 {
    if (m_running)
    {
@ -48,7 +49,6 @@ void falco_webserver::start(
    }

    // configure server
-    auto threadiness = std::min(2u, falco::utils::hardware_concurrency());
    m_server->new_task_queue = [&threadiness] { return new httplib::ThreadPool(threadiness); };

    // setup healthz endpoint
--- a/userspace/falco/webserver.h
+++ b/userspace/falco/webserver.h
@ -26,6 +26,7 @@ class falco_webserver
 public:
 	virtual ~falco_webserver();
 	virtual void start(
+		uint32_t threadiness,
 		uint32_t listen_port,
 		std::string& healthz_endpoint,
 		std::string &ssl_certificate,