Don't allow Tetragon instance to run when there is another one running #2672
Assignees
Labels
kind/enhancement
This improves or streamlines existing functionality
Comments
inliquid
added
the
kind/enhancement
|
I will implement it and prepare PR. |
|
@inliquid thanks, I've assigned the issue to you. |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Is there an existing issue for this?
Is your feature request related to a problem?
This is a follow up of discussion with @kkourt and @tixxdz. Currently Tetragon should be run as the single instance on a node (kernel). Otherwise its behavior can be unpredictable: instances can interfere on eBPF programs and/or maps, both on startup an cleanup. Tetragon writes an error to logfile if it sees another instance already up and running, but we would like to prevent it from starting. There is real-world case, our customer said they would like to "experiment" with Tetragon on a node while there is already an instance which protects this node. These experiments may lead to errors and they can break protection they have.
Describe the feature you would like
Tetragon should not start if it sees there is another instance already up and running. Error message should say that the reason for that, is possible unpredictable behavior because of the interference between instances.
Describe your proposed solution
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: