tetragon/pkg: add user-configurable BPF_F_NO_PREALLOC flag support

[kyledong-suse]

Description

This commit adds support for controlling the BPF_F_NO_PREALLOC flag on BPF maps through CLI flags. Users can now disable preallocation globally or for specific maps to reduce memory usage.

Fixes: #4249

[netlify]

✅ Deploy Preview for tetragon ready!

Name	Link
🔨 Latest commit	5d5bd6e
🔍 Latest deploy log	https://app.netlify.com/projects/tetragon/deploys/69437d4817685e0008b2d054
😎 Deploy Preview	https://deploy-preview-4340--tetragon.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[mtardy]

Looks fine to me but let's see if that would be better to have a global flag instead of a per map flag for NO_PREALLOC disable since you mentioned another map in the issue. I'm really not sure which one is best 🤔

We could even extend this flag to the map we already have using no_prealloc, but maybe that's too much for this patch set and out of scope!

[kyledong-suse]

Thanks for taking time to review this PR @mtardy!
Let's wait @kkourt for his comment about this idea.
If you all agree to have a generic flag to enable/disable BPF_F_NO_PREALLOC, I can modify the title of the issue as well as this PR and commit messages.

[mtardy]

is it ready for re-review @kyledong-suse ? :)

[kyledong-suse]

@mtardy @kkourt I have modified the implementation regarding to the discussion in #4249
It's ready for re-review. Thanks!

[olsajiri]

heya, looks good, left some comments

I need to check the issue properly, but did we discuss performance implications? I guess policy_filter_maps is fine, I'm not sure override_task is that straight forward

thanks

[kyledong-suse]

I need to check the issue properly, but did we discuss performance implications? I guess policy_filter_maps is fine, I'm not sure override_task is that straight forward

It has been discussed a bit in the issue. Additionally, #4204 proposed an idea to use shared override_task map, which will optimize both memory utilization and CPU consumption.

[olsajiri]

@kyledong-suse I think it's ok, I have one more idea for the code, please check 4705b87

• let's mark program.Map object with SetNoPreAlloc when we allow to use BPF_F_NO_PREALLOC, like:
  overrideTasksMap := program.MapBuilderProgram("override_tasks", load).SetNoPreAlloc()
• perhaps GetPreallocFlags could have generic name, maybe just Flags ?
• I think we should change pkg/policyfilter to use program.Map object, so we do not have separate BPF_F_NO_PREALLOC code in there, but that can be follow up, meanwhile just move the BPF_F_NO_PREALLOC setup in single function please check 4705b87

just to make sure I understand the options semantics.. we either enable no-prealloc for all allowed maps (via SetNoPreAlloc) with --bpf-maps-prealloc=false or specificaly enable separated maps with --bpf-maps-disable-prealloc=map1,map2..