docs: update FAQ on kernel config with tetra probe config

AritraDey-Dev · mtardy · mtardy · commit 8b4512791942 · 2025-11-05T11:59:52.000+01:00
The kernel configuration section now provides a comprehensive and well-structured guide for users to verify their system compatibility with Tetragon. Fixes #4114 Co-authored-by: Mahe Tardy <mahe.tardy@gmail.com> Signed-off-by: Mahe Tardy <mahe.tardy@gmail.com> Signed-off-by: Aritra Dey <adey01027@gmail.com>
diff --git a/docs/content/en/docs/installation/faq.md b/docs/content/en/docs/installation/faq.md
@@ -28,6 +28,84 @@ which might take some work on older kernels.
 
 ### What are the Linux kernel configuration options needed to run Tetragon?
 
+Tetragon requires specific kernel configuration options to function properly.
+You can verify your kernel configuration and runtime capabilities using the
+following approaches.
+
+#### Check kernel configuration with `tetra probe config`
+
+As a first step to verify your kernel configuration, you can use the
+`tetra probe config` command. This will output a list of detected kernel
+features relevant to Tetragon. Missing features can indicate that your kernel
+is not configured correctly.
+
+```shell
+tetra probe config
+```
+
+The output should be similar to this:
+
+```
+ONFIG_AUDIT:y
+CONFIG_AUDITSYSCALL:y
+CONFIG_BPF:y
+CONFIG_BPF_EVENTS:y
+CONFIG_BPF_JIT:y
+CONFIG_BPF_JIT_DEFAULT_ON:y
+CONFIG_BPF_KPROBE_OVERRIDE:y
+CONFIG_BPF_SYSCALL:y
+CONFIG_CGROUPS:y
+CONFIG_DEBUG_INFO_BTF:y
+CONFIG_DEBUG_INFO_BTF_MODULES:y
+CONFIG_FTRACE_SYSCALLS:y
+CONFIG_HAVE_BPF_JIT:n
+CONFIG_HAVE_EBPF_JIT:y
+CONFIG_SECURITY:y
+```
+
+#### Probe features at runtime with `tetra probe`
+
+To probe if your kernel has sufficient features turned on at runtime, you can
+run `tetra probe`, this command requires root privileges, notably to load probe
+BPF programs:
+
+```shell
+sudo tetra probe
+```
+
+You can also run this command directly from the tetragon container image on a
+Kubernetes cluster node. For example:
+
+```shell
+kubectl run bpf-probe --image=quay.io/cilium/tetragon-ci:latest \
+    --privileged --restart=Never -it --rm --command -- tetra probe
+```
+
+The output should be similar to this (with boolean values depending on your
+actual configuration):
+
+```
+override_return: true
+buildid: true
+kprobe_multi: false
+uprobe_multi false
+fmodret: true
+fmodret_syscall: true
+signal: true
+large: true
+link_pin: true
+lsm: false
+missed_stats_kprobe_multi: false
+missed_stats_kprobe: false
+batch_update: true
+uprobe_refctroff: true
+audit_loginuid: true
+probe_write_user: true
+uprobe_regs_change: false
+```
+
+#### List of required kernel configurations
+
 This is the list of needed configuration options, note that this might evolve
 quickly with new Tetragon features:
 
@@ -79,33 +157,6 @@ CONFIG_MEMCG_V1=y
 CONFIG_CPUSETS_V1=y
 ```
 
-At runtime, to probe if your kernel has sufficient features turned on, you can
-run `tetra` with root privileges with the `probe` command:
-
-```shell
-sudo tetra probe
-```
-
-You can also run this command directly from the tetragon container image on a
-Kubernetes cluster node. For example:
-
-```shell
-kubectl run bpf-probe --image=quay.io/cilium/tetragon-ci:latest --privileged --restart=Never -it --rm --command -- tetra probe
-```
-
-The output should be similar to this (with boolean values depending on your
-actual configuration):
-
-```
-override_return: true
-buildid: true
-kprobe_multi: false
-fmodret: true
-fmodret_syscall: true
-signal: true
-large: true
-```
-
 ### Tetragon failed to start complaining about a missing BTF file
 
 You might have encountered the following issues:
