aquasecurity · ShohamBit · Dec 30, 2024 · Jan 2, 2025 · Jan 5, 2025 · Jan 5, 2025
diff --git a/builder/Makefile.performance b/builder/Makefile.performance
@@ -50,7 +50,7 @@ help:
 	@echo "    $$ make -f builder/Makefile.performance dashboard-stop"
 	@echo ""
 	@echo "Note: tracee should BE RUNNING before starting dashboard."
-	@echo "Note: run tracee with --pyroscope cmd line option."
+	@echo "Note: run tracee with --server http.pyroscope cmd line option."
 	@echo ""
 
 #
@@ -83,11 +83,11 @@ dashboard-start: | \
 		exit 0
 	fi
 	if [ $(shell $(CMD_PS) -axho args | grep -- "-[p]yroscope" | wc -l) -eq 0 ]; then
-		echo "tracee is NOT RUNNING with --pyroscope"
+		echo "tracee is NOT RUNNING with --server http.pyroscope"
 		exit 0
 	fi
 	if [ $(shell $(CMD_PS) -axho args | grep -- "-[p]prof" | wc -l) -eq 0 ]; then
-		echo "tracee is NOT RUNNING with --pprof"
+		echo "tracee is NOT RUNNING with --server http.pprof"
 		exit 0
 	fi
 	echo ""

diff --git a/builder/entrypoint.sh b/builder/entrypoint.sh
@@ -27,7 +27,7 @@ run_tracee() {
     else
         # default arguments
         $TRACEE_EXE \
-        --metrics \
+        --server http.metrics \
         --cache cache-type=mem \
         --cache mem-cache-size=512 \
         --capabilities bypass=$CAPABILITIES_BYPASS \

diff --git a/cmd/tracee-ebpf/main.go b/cmd/tracee-ebpf/main.go
@@ -129,27 +129,27 @@ func main() {
 				Usage: "path where tracee will install or lookup it's resources",
 			},
 			&cli.BoolFlag{
-				Name:  server.MetricsEndpointFlag,
+				Name:  server.HTTPServer + "." + server.MetricsEndpointFlag,
 				Usage: "enable metrics endpoint",
 				Value: false,
 			},
 			&cli.BoolFlag{
-				Name:  server.HealthzEndpointFlag,
+				Name:  server.HTTPServer + "." + server.HealthzEndpointFlag,
 				Usage: "enable healthz endpoint",
 				Value: false,
 			},
 			&cli.BoolFlag{
-				Name:  server.PProfEndpointFlag,
+				Name:  server.HTTPServer + "." + server.PProfEndpointFlag,
 				Usage: "enable pprof endpoints",
 				Value: false,
 			},
 			&cli.BoolFlag{
-				Name:  server.PyroscopeAgentFlag,
+				Name:  server.HTTPServer + "." + server.PyroscopeAgentEndpointFlag,
 				Usage: "enable pyroscope agent",
 				Value: false,
 			},
 			&cli.StringFlag{
-				Name:  server.HTTPListenEndpointFlag,
+				Name:  server.HTTPServer + "." + server.ListenEndpointFlag,
 				Usage: "listening address of the metrics endpoint server",
 				Value: ":3366",
 			},

diff --git a/cmd/tracee-rules/main.go b/cmd/tracee-rules/main.go
@@ -139,13 +139,13 @@ func main() {
 				return fmt.Errorf("constructing engine: %w", err)
 			}
 
-			httpServer, err := server.PrepareHTTPServer(
-				c.String(server.HTTPListenEndpointFlag),
-				c.Bool(server.MetricsEndpointFlag),
-				c.Bool(server.HealthzEndpointFlag),
-				c.Bool(server.PProfEndpointFlag),
-				c.Bool(server.PyroscopeAgentFlag),
-			)
+			// httpServer, err := server.PrepareHTTPServer(
+			// 	c.String(server.HTTPListenEndpointFlag),
+			// 	c.Bool(server.MetricsEndpointFlag),
+			// 	c.Bool(server.HealthzEndpointFlag),
+			// 	c.Bool(server.PProfEndpointFlag),
+			// 	c.Bool(server.PyroscopeAgentFlag),
+			// )
 			if err != nil {
 				return err
 			}
@@ -158,9 +158,9 @@ func main() {
 			ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
 			defer stop()
 
-			if httpServer != nil {
-				go httpServer.Start(ctx)
-			}
+			// if httpServer != nil {
+			// 	go httpServer.Start(ctx)
+			// }
 
 			e.Start(ctx)
 
@@ -200,12 +200,12 @@ func main() {
 				Usage: "configure output format via templates. Usage: --output-template=path/to/my.tmpl",
 			},
 			&cli.BoolFlag{
-				Name:  server.PProfEndpointFlag,
+				Name:  server.HTTPServer + "." + server.PProfEndpointFlag,
 				Usage: "enable pprof endpoints",
 				Value: false,
 			},
 			&cli.BoolFlag{
-				Name:  server.PyroscopeAgentFlag,
+				Name:  server.HTTPServer + "." + server.PyroscopeAgentEndpointFlag,
 				Usage: "enable pyroscope agent",
 				Value: false,
 			},
@@ -219,17 +219,17 @@ func main() {
 				Value: 1000,
 			},
 			&cli.BoolFlag{
-				Name:  server.MetricsEndpointFlag,
+				Name:  server.HTTPServer + "." + server.MetricsEndpointFlag,
 				Usage: "enable metrics endpoint",
 				Value: false,
 			},
 			&cli.BoolFlag{
-				Name:  server.HealthzEndpointFlag,
+				Name:  server.HTTPServer + "." + server.HealthzEndpointFlag,
 				Usage: "enable healthz endpoint",
 				Value: false,
 			},
 			&cli.StringFlag{
-				Name:  server.HTTPListenEndpointFlag,
+				Name:  server.HTTPServer + "." + server.ListenEndpointFlag,
 				Usage: "listening address of the metrics endpoint server",
 				Value: ":4466",
 			},

diff --git a/cmd/tracee/cmd/root.go b/cmd/tracee/cmd/root.go
@@ -12,7 +12,6 @@ import (
 	"github.com/spf13/viper"
 
 	cmdcobra "github.com/aquasecurity/tracee/pkg/cmd/cobra"
-	"github.com/aquasecurity/tracee/pkg/cmd/flags/server"
 	"github.com/aquasecurity/tracee/pkg/cmd/initialize"
 	"github.com/aquasecurity/tracee/pkg/errfmt"
 	"github.com/aquasecurity/tracee/pkg/logger"
@@ -250,62 +249,14 @@ func initCmd() error {
 
 	// Server flags
 
-	rootCmd.Flags().Bool(
-		server.MetricsEndpointFlag,
-		false,
-		"\t\t\t\t\tEnable metrics endpoint",
-	)
-	err = viper.BindPFlag(server.MetricsEndpointFlag, rootCmd.Flags().Lookup(server.MetricsEndpointFlag))
-	if err != nil {
-		return errfmt.WrapError(err)
-	}
-
-	rootCmd.Flags().Bool(
-		server.HealthzEndpointFlag,
-		false,
-		"\t\t\t\t\tEnable healthz endpoint",
-	)
-	err = viper.BindPFlag(server.HealthzEndpointFlag, rootCmd.Flags().Lookup(server.HealthzEndpointFlag))
-	if err != nil {
-		return errfmt.WrapError(err)
-	}
-
-	rootCmd.Flags().Bool(
-		server.PProfEndpointFlag,
-		false,
-		"\t\t\t\t\tEnable pprof endpoints",
-	)
-	err = viper.BindPFlag(server.PProfEndpointFlag, rootCmd.Flags().Lookup(server.PProfEndpointFlag))
-	if err != nil {
-		return errfmt.WrapError(err)
-	}
-
-	rootCmd.Flags().Bool(
-		server.PyroscopeAgentFlag,
-		false,
-		"\t\t\t\t\tEnable pyroscope agent",
-	)
-	err = viper.BindPFlag(server.PyroscopeAgentFlag, rootCmd.Flags().Lookup(server.PyroscopeAgentFlag))
-	if err != nil {
-		return errfmt.WrapError(err)
-	}
-
-	rootCmd.Flags().String(
-		server.HTTPListenEndpointFlag,
-		":3366",
-		"<url:port>\t\t\t\tListening address of the metrics endpoint server",
-	)
-	err = viper.BindPFlag(server.HTTPListenEndpointFlag, rootCmd.Flags().Lookup(server.HTTPListenEndpointFlag))
-	if err != nil {
-		return errfmt.WrapError(err)
-	}
+	rootCmd.Flags().StringArray(
+		"server",
+		[]string{""},
+		`<type>.<option>=<value>		Configure HTTP or gRPC server options.  <type> is either "http" or "grpc".  Options include:
+  									http: address, metrics, pprof, healthz, pyroscope
+  									grpc: address`)
 
-	rootCmd.Flags().String(
-		server.GRPCListenEndpointFlag,
-		"", // disabled by default
-		"<protocol:addr>\t\t\tListening address of the grpc server eg: tcp:4466, unix:/tmp/tracee.sock (default: disabled)",
-	)
-	err = viper.BindPFlag(server.GRPCListenEndpointFlag, rootCmd.Flags().Lookup(server.GRPCListenEndpointFlag))
+	err = viper.BindPFlag("server", rootCmd.Flags().Lookup("server"))
 	if err != nil {
 		return errfmt.WrapError(err)
 	}

diff --git a/docs/docs/install/config/index.md b/docs/docs/install/config/index.md
@@ -27,24 +27,22 @@ A complete config file with all available options can be found [here](https://gi
 
 ### Server
 
-
-- **`--metrics-endpoint`**: Enables the metrics endpoint.
-
-  __NOTE__: You can view more in the [Prometheus section](../prometheus.md).
+- __`--server`__: Sets options for the HTTP and/or gRPC servers. 
 
   YAML:
-  ```yaml
-  metrics-endpoint: true
-  ```
 
-- **`--grpc-listen-addr`**: Specifies the address for the gRPC server.
-
-  YAML:
   ```yaml
-  grpc-listen-addr: tcp:50051
+  server:
+    http:
+      address: "127.0.0.1:8080"
+      metrics: true
+      healthz: true
+      pprof: true
+      pyroscope: true
+    grpc:
+      address: "unix:/var/run/tracee.sock"
   ```
 
-
 ### Process Tree
 
 - **`--proctree` (`-t`)**: Controls process tree options.

diff --git a/docs/tutorials/deploy-grafana-dashboard.md b/docs/tutorials/deploy-grafana-dashboard.md
@@ -26,7 +26,7 @@ There are two options for accessing Tracee metrics:
 ## Tracee Docker Container Image
 
 These metrics exports are enabled by default in all docker images and can be
-enabled using the `--metrics` flag.
+enabled using the `--server http.metrics` flag.
 
 [tracee]: https://github.com/aquasecurity/tracee/tree/{{ git.tag }}/cmd/tracee
 
@@ -53,7 +53,7 @@ docker run --name tracee -it --rm \
   -v /var/run:/var/run:ro \
   -p 3366:3366 \
   aquasec/tracee:latest \
-  --metrics 
+  --server http.metrics 
 ```
 
 Of course, the forwarded metrics ports can be changed, but you should note that

diff --git a/examples/config/global_config.yaml b/examples/config/global_config.yaml
@@ -28,8 +28,15 @@ capabilities:
 
 metrics-endpoint: true
 
-grpc-listen-addr: tcp:50051
-
+server:
+    http:
+      address: "127.0.0.1:8080"
+      metrics: true
+      healthz: true
+      pprof: true
+      pyroscope: true
+    grpc:
+      address: "unix:/var/run/tracee.sock"
 dnscache: enable
 
 cri:

diff --git a/pkg/cmd/cobra/cobra.go b/pkg/cmd/cobra/cobra.go
@@ -292,24 +292,17 @@ func GetTraceeRunner(c *cobra.Command, version string) (cmd.Runner, error) {
 
 	// Prepare the server
 
-	httpServer, err := server.PrepareHTTPServer(
-		viper.GetString(server.HTTPListenEndpointFlag),
-		viper.GetBool(server.MetricsEndpointFlag),
-		viper.GetBool(server.HealthzEndpointFlag),
-		viper.GetBool(server.PProfEndpointFlag),
-		viper.GetBool(server.PyroscopeAgentFlag),
-	)
+	serverFlag, err := GetFlagsFromViper("server")
 	if err != nil {
 		return runner, err
 	}
-
-	grpcServer, err := flags.PrepareGRPCServer(viper.GetString(server.GRPCListenEndpointFlag))
+	serverRunner, err := server.PrepareServer(serverFlag)
 	if err != nil {
 		return runner, err
 	}
 
-	runner.HTTPServer = httpServer
-	runner.GRPCServer = grpcServer
+	runner.HTTPServer = serverRunner.HTTPServer
+	runner.GRPCServer = serverRunner.GRPCServer
 	runner.TraceeConfig = cfg
 	runner.Printer = p
 	runner.InstallPath = traceeInstallPath

diff --git a/pkg/cmd/cobra/config.go b/pkg/cmd/cobra/config.go
@@ -22,6 +22,8 @@ func GetFlagsFromViper(key string) ([]string, error) {
 	rawValue := viper.Get(key)
 
 	switch key {
+	case "server":
+		flagger = &ServerConfig{}
 	case "cache":
 		flagger = &CacheConfig{}
 	case "proctree":
@@ -122,6 +124,50 @@ func getCRIConfigFlags(rawValue interface{}) ([]string, error) {
 	return flags, nil
 }
 
+//
+// server flag
+//
+
+type ServerConfig struct {
+	Http HttpConfig `mapstructure:"http"`
+	Grpc GrpcConfig `mapstructure:"grpc"`
+}
+type HttpConfig struct {
+	Metrics   bool   `mapstructure:"metrics"`
+	Pprof     bool   `mapstructure:"pprof"`
+	Healthz   bool   `mapstructure:"healthz"`
+	Pyroscope bool   `mapstructure:"pyroscope"`
+	Address   string `mapstructure:"address"`
+}
+
+type GrpcConfig struct {
+	Address string `mapstructure:"address"`
+}
+
+func (s *ServerConfig) flags() []string {
+	flags := make([]string, 0)
+
+	if s.Grpc.Address != "" {
+		flags = append(flags, fmt.Sprintf("grpc.address=%s", s.Grpc.Address))
+	}
+	if s.Http.Address != "" {
+		flags = append(flags, fmt.Sprintf("http.address=%s", s.Http.Address))
+	}
+	if s.Http.Metrics {
+		flags = append(flags, "http.metrics=true")
+	}
+	if s.Http.Pprof {
+		flags = append(flags, "http.pprof=true")
+	}
+	if s.Http.Healthz {
+		flags = append(flags, "http.healthz=true")
+	}
+	if s.Http.Pyroscope {
+		flags = append(flags, "http.pyroscope=true")
+	}
+	return flags
+}
+
 //
 // config flag
 //