Skip to content

Commit

Permalink
doc: document gRPC unix socket
Browse files Browse the repository at this point in the history
Signed-off-by: Djalal Harouni <[email protected]>
  • Loading branch information
tixxdz committed May 3, 2023
1 parent ad4aca3 commit 8163f27
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions docs/content/en/docs/getting-started/configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,3 +75,26 @@ directory into the `/etc/tetragon/tetragon.conf.d/` subdirectory. The latter is
generally recommended. Defaults can be restored by simply deleting this file
and all drop-ins.


### Restrict gRPC API access

The gRPC API supports unix sockets, it can be set using one of the following methods:

1. Use the --server-address controlling setting directly:

`--server-address unix:///var/run/tetragon/tetragon.sock`

2. Or use drop-in configuration file `/etc/hubble-fgs/hubble-fgs.conf.d/server-address` with a content of:

`unix:///var/run/tetragon/tetragon.sock`

Note: Tetragon tarball ships with a default gRPC listening on `unix:///var/run/tetragon/tetragon.sock`.

Then to access the gRPC API with `tetra` client, set `--server-address` to point to the corresponding address:

`sudo tetra --server-address unix:///var/run/tetragon/tetragon.sock getevents`

Note: when reading events with `tetra` client, if its `--server-address` is not specified, it will
try to guess if `Tetragon` daemon is running on the same host and use its `server-address` configuration.

Note: ensure that you have enough privileges to open the gRPC unix socket. It is restricted to privileged users only.

0 comments on commit 8163f27

Please sign in to comment.