diff --git a/apis/v1alpha1/bpfapplication_types.go b/apis/v1alpha1/bpfapplication_types.go index 47360ca0c..9088f83b3 100644 --- a/apis/v1alpha1/bpfapplication_types.go +++ b/apis/v1alpha1/bpfapplication_types.go @@ -138,7 +138,7 @@ type BpfApplicationSpec struct { // BpfApplicationStatus defines the observed state of BpfApplication type BpfApplicationStatus struct { - BpfProgramStatusCommon `json:",inline"` + BpfAppStatus `json:",inline"` } // +genclient @@ -155,8 +155,8 @@ type BpfApplication struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec BpfApplicationSpec `json:"spec,omitempty"` - Status BpfApplicationStatus `json:"status,omitempty"` + Spec BpfApplicationSpec `json:"spec,omitempty"` + Status BpfAppStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/v1alpha1/fentryProgram_types.go b/apis/v1alpha1/fentryProgram_types.go index 4b82fdb43..e48912dbc 100644 --- a/apis/v1alpha1/fentryProgram_types.go +++ b/apis/v1alpha1/fentryProgram_types.go @@ -37,9 +37,8 @@ type FentryProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec FentryProgramSpec `json:"spec"` - // +optional - Status FentryProgramStatus `json:"status,omitempty"` + Spec FentryProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // FentryProgramSpec defines the desired state of FentryProgram @@ -52,13 +51,19 @@ type FentryProgramSpec struct { // FentryProgramInfo defines the Fentry program details type FentryProgramInfo struct { BpfProgramCommon `json:",inline"` - // Function to attach the fentry to. - FunctionName string `json:"func_name"` + FentryLoadInfo `json:",inline"` + // Whether the program should be attached to the function. + // This may be updated after the program has been loaded. + // +optional + // +kubebuilder:default=false + Attach bool `json:"attach,omitempty"` } -// FentryProgramStatus defines the observed state of FentryProgram -type FentryProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` +// FentryLoadInfo contains the program-specific load information for Fentry +// programs +type FentryLoadInfo struct { + // FunctionName is the name of the function to attach the Fentry program to. + FunctionName string `json:"function_name"` } // +kubebuilder:object:root=true diff --git a/apis/v1alpha1/fexitProgram_types.go b/apis/v1alpha1/fexitProgram_types.go index 97467996e..813f8990f 100644 --- a/apis/v1alpha1/fexitProgram_types.go +++ b/apis/v1alpha1/fexitProgram_types.go @@ -37,9 +37,8 @@ type FexitProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec FexitProgramSpec `json:"spec"` - // +optional - Status FexitProgramStatus `json:"status,omitempty"` + Spec FexitProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // FexitProgramSpec defines the desired state of FexitProgram @@ -52,13 +51,19 @@ type FexitProgramSpec struct { // FexitProgramInfo defines the Fexit program details type FexitProgramInfo struct { BpfProgramCommon `json:",inline"` - // Function to attach the fexit to. - FunctionName string `json:"func_name"` + FexitLoadInfo `json:",inline"` + // Whether the program should be attached to the function. + // This may be updated after the program has been loaded. + // +optional + // +kubebuilder:default=false + Attach bool `json:"attach,omitempty"` } -// FexitProgramStatus defines the observed state of FexitProgram -type FexitProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` +// FexitLoadInfo contains the program-specific load information for Fexit +// programs +type FexitLoadInfo struct { + // FunctionName is the name of the function to attach the Fexit program to. + FunctionName string `json:"function_name"` } // +kubebuilder:object:root=true diff --git a/apis/v1alpha1/kprobeProgram_types.go b/apis/v1alpha1/kprobeProgram_types.go index b427e9c44..d53b202e0 100644 --- a/apis/v1alpha1/kprobeProgram_types.go +++ b/apis/v1alpha1/kprobeProgram_types.go @@ -39,16 +39,14 @@ type KprobeProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec KprobeProgramSpec `json:"spec"` - // +optional - Status KprobeProgramStatus `json:"status,omitempty"` + Spec KprobeProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // KprobeProgramSpec defines the desired state of KprobeProgram // +kubebuilder:printcolumn:name="FunctionName",type=string,JSONPath=`.spec.func_name` // +kubebuilder:printcolumn:name="Offset",type=integer,JSONPath=`.spec.offset` // +kubebuilder:printcolumn:name="RetProbe",type=boolean,JSONPath=`.spec.retprobe` -// +kubebuilder:validation:XValidation:message="offset cannot be set for kretprobes",rule="self.retprobe == false || self.offset == 0" type KprobeProgramSpec struct { KprobeProgramInfo `json:",inline"` BpfAppCommon `json:",inline"` @@ -57,7 +55,14 @@ type KprobeProgramSpec struct { // KprobeProgramInfo defines the common fields for KprobeProgram type KprobeProgramInfo struct { BpfProgramCommon `json:",inline"` + // The list of points to which the program should be attached. The list is + // optional and may be udated after the bpf program has been loaded + // +optional + AttachPoints []KprobeAttachInfo `json:"attach_points"` +} +// +kubebuilder:validation:XValidation:message="offset cannot be set for kretprobes",rule="self.retprobe == false || self.offset == 0" +type KprobeAttachInfo struct { // Functions to attach the kprobe to. FunctionName string `json:"func_name"` @@ -71,15 +76,6 @@ type KprobeProgramInfo struct { // +optional // +kubebuilder:default:=false RetProbe bool `json:"retprobe"` - - // // Host PID of container to attach the uprobe in. (Not supported yet by bpfman.) - // // +optional - // ContainerPid string `json:"containerpid"` -} - -// KprobeProgramStatus defines the observed state of KprobeProgram -type KprobeProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` } // +kubebuilder:object:root=true diff --git a/apis/v1alpha1/shared_types.go b/apis/v1alpha1/shared_types.go index c31bd8eb4..b4f54dc20 100644 --- a/apis/v1alpha1/shared_types.go +++ b/apis/v1alpha1/shared_types.go @@ -53,7 +53,8 @@ type ContainerSelector struct { ContainerNames *[]string `json:"containernames,omitempty"` } -// BpfProgramCommon defines the common attributes for all BPF programs +// BpfProgramCommon defines the common attributes required to load all BPF +// programs. type BpfProgramCommon struct { // BpfFunctionName is the name of the function that is the entry point for the BPF // program @@ -86,8 +87,8 @@ type BpfAppCommon struct { ByteCode BytecodeSelector `json:"bytecode"` } -// BpfProgramStatusCommon defines the BpfProgram status -type BpfProgramStatusCommon struct { +// BpfAppStatus defines the BpfProgram status +type BpfAppStatus struct { // Conditions houses the global cluster state for the eBPFProgram. The explicit // condition types are defined internally. // +patchMergeKey=type diff --git a/apis/v1alpha1/tcProgram_types.go b/apis/v1alpha1/tcProgram_types.go index 6db1481b7..4d0002c85 100644 --- a/apis/v1alpha1/tcProgram_types.go +++ b/apis/v1alpha1/tcProgram_types.go @@ -40,9 +40,8 @@ type TcProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec TcProgramSpec `json:"spec"` - // +optional - Status TcProgramStatus `json:"status,omitempty"` + Spec TcProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // +kubebuilder:validation:Enum=unspec;ok;reclassify;shot;pipe;stolen;queued;repeat;redirect;trap;dispatcher_return @@ -57,7 +56,13 @@ type TcProgramSpec struct { // TcProgramInfo defines the tc program details type TcProgramInfo struct { BpfProgramCommon `json:",inline"` + // The list of points to which the program should be attached. The list is + // optional and may be udated after the bpf program has been loaded + // +optional + AttachPoints []TcAttachInfo `json:"attach_points"` +} +type TcAttachInfo struct { // Selector to determine the network interface (or interfaces) InterfaceSelector InterfaceSelector `json:"interfaceselector"` @@ -87,11 +92,6 @@ type TcProgramInfo struct { ProceedOn []TcProceedOnValue `json:"proceedon"` } -// TcProgramStatus defines the observed state of TcProgram -type TcProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` -} - // +kubebuilder:object:root=true // TcProgramList contains a list of TcPrograms type TcProgramList struct { diff --git a/apis/v1alpha1/tcxProgram_types.go b/apis/v1alpha1/tcxProgram_types.go index 6036ca8a4..20c04a5f5 100644 --- a/apis/v1alpha1/tcxProgram_types.go +++ b/apis/v1alpha1/tcxProgram_types.go @@ -40,9 +40,8 @@ type TcxProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec TcxProgramSpec `json:"spec"` - // +optional - Status TcxProgramStatus `json:"status,omitempty"` + Spec TcxProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // TcxProgramSpec defines the desired state of TcxProgram @@ -54,7 +53,13 @@ type TcxProgramSpec struct { // TcxProgramInfo defines the tc program details type TcxProgramInfo struct { BpfProgramCommon `json:",inline"` + // The list of points to which the program should be attached. The list is + // optional and may be udated after the bpf program has been loaded + // +optional + AttachPoints []TcxAttachInfo `json:"attach_points"` +} +type TcxAttachInfo struct { // Selector to determine the network interface (or interfaces) InterfaceSelector InterfaceSelector `json:"interfaceselector"` @@ -77,11 +82,6 @@ type TcxProgramInfo struct { Priority int32 `json:"priority"` } -// TcxProgramStatus defines the observed state of TcProgram -type TcxProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` -} - // +kubebuilder:object:root=true // TcxProgramList contains a list of TcxPrograms type TcxProgramList struct { diff --git a/apis/v1alpha1/tracepointProgram_types.go b/apis/v1alpha1/tracepointProgram_types.go index e692192a8..48ddc1e47 100644 --- a/apis/v1alpha1/tracepointProgram_types.go +++ b/apis/v1alpha1/tracepointProgram_types.go @@ -37,9 +37,8 @@ type TracepointProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec TracepointProgramSpec `json:"spec"` - // +optional - Status TracepointProgramStatus `json:"status,omitempty"` + Spec TracepointProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // TracepointProgramSpec defines the desired state of TracepointProgram @@ -52,15 +51,16 @@ type TracepointProgramSpec struct { // TracepointProgramInfo defines the Tracepoint program details type TracepointProgramInfo struct { BpfProgramCommon `json:",inline"` - - // Names refers to the names of kernel tracepoints to attach the - // bpf program to. - Names []string `json:"names"` + // The list of points to which the program should be attached. The list is + // optional and may be udated after the bpf program has been loaded + // +optional + AttachPoints []TracepointAttachInfo `json:"attach_points"` } -// TracepointProgramStatus defines the observed state of TracepointProgram -type TracepointProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` +type TracepointAttachInfo struct { + // Name refers to the name of a kernel tracepoint to attach the + // bpf program to. + Name string `json:"name"` } // +kubebuilder:object:root=true diff --git a/apis/v1alpha1/uprobeProgram_types.go b/apis/v1alpha1/uprobeProgram_types.go index b98500aad..f3cbc16a2 100644 --- a/apis/v1alpha1/uprobeProgram_types.go +++ b/apis/v1alpha1/uprobeProgram_types.go @@ -41,9 +41,8 @@ type UprobeProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec UprobeProgramSpec `json:"spec"` - // +optional - Status UprobeProgramStatus `json:"status,omitempty"` + Spec UprobeProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // UprobeProgramSpec defines the desired state of UprobeProgram @@ -60,7 +59,13 @@ type UprobeProgramSpec struct { // UprobeProgramInfo contains the information about the uprobe program type UprobeProgramInfo struct { BpfProgramCommon `json:",inline"` + // The list of points to which the program should be attached. The list is + // optional and may be udated after the bpf program has been loaded + // +optional + AttachPoints []UprobeAttachInfo `json:"attach_points"` +} +type UprobeAttachInfo struct { // Function to attach the uprobe to. // +optional FunctionName string `json:"func_name"` @@ -93,11 +98,6 @@ type UprobeProgramInfo struct { Containers *ContainerSelector `json:"containers"` } -// UprobeProgramStatus defines the observed state of UprobeProgram -type UprobeProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` -} - // +kubebuilder:object:root=true // UprobeProgramList contains a list of UprobePrograms type UprobeProgramList struct { diff --git a/apis/v1alpha1/xdpProgram_types.go b/apis/v1alpha1/xdpProgram_types.go index 83f023989..91645ea6a 100644 --- a/apis/v1alpha1/xdpProgram_types.go +++ b/apis/v1alpha1/xdpProgram_types.go @@ -39,9 +39,8 @@ type XdpProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec XdpProgramSpec `json:"spec"` - // +optional - Status XdpProgramStatus `json:"status,omitempty"` + Spec XdpProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return @@ -56,6 +55,13 @@ type XdpProgramSpec struct { // XdpProgramInfo defines the common fields for all XdpProgram types type XdpProgramInfo struct { BpfProgramCommon `json:",inline"` + // The list of points to which the program should be attached. The list is + // optional and may be udated after the bpf program has been loaded + // +optional + AttachPoints []XdpAttachInfo `json:"attach_points"` +} + +type XdpAttachInfo struct { // Selector to determine the network interface (or interfaces) InterfaceSelector InterfaceSelector `json:"interfaceselector"` @@ -83,7 +89,7 @@ type XdpProgramInfo struct { // XdpProgramStatus defines the observed state of XdpProgram type XdpProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` + BpfAppStatus `json:",inline"` } // +kubebuilder:object:root=true diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index 3954623d5..7d4a6f6a2 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -58,6 +58,28 @@ func (in *BpfAppCommon) DeepCopy() *BpfAppCommon { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfAppStatus) DeepCopyInto(out *BpfAppStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfAppStatus. +func (in *BpfAppStatus) DeepCopy() *BpfAppStatus { + if in == nil { + return nil + } + out := new(BpfAppStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BpfApplication) DeepCopyInto(out *BpfApplication) { *out = *in @@ -208,7 +230,7 @@ func (in *BpfApplicationSpec) DeepCopy() *BpfApplicationSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BpfApplicationStatus) DeepCopyInto(out *BpfApplicationStatus) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) + in.BpfAppStatus.DeepCopyInto(&out.BpfAppStatus) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationStatus. @@ -333,28 +355,6 @@ func (in *BpfProgramStatus) DeepCopy() *BpfProgramStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BpfProgramStatusCommon) DeepCopyInto(out *BpfProgramStatusCommon) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfProgramStatusCommon. -func (in *BpfProgramStatusCommon) DeepCopy() *BpfProgramStatusCommon { - if in == nil { - return nil - } - out := new(BpfProgramStatusCommon) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BytecodeImage) DeepCopyInto(out *BytecodeImage) { *out = *in @@ -425,6 +425,21 @@ func (in *ContainerSelector) DeepCopy() *ContainerSelector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FentryLoadInfo) DeepCopyInto(out *FentryLoadInfo) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FentryLoadInfo. +func (in *FentryLoadInfo) DeepCopy() *FentryLoadInfo { + if in == nil { + return nil + } + out := new(FentryLoadInfo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FentryProgram) DeepCopyInto(out *FentryProgram) { *out = *in @@ -456,6 +471,7 @@ func (in *FentryProgram) DeepCopyObject() runtime.Object { func (in *FentryProgramInfo) DeepCopyInto(out *FentryProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) + out.FentryLoadInfo = in.FentryLoadInfo } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FentryProgramInfo. @@ -518,17 +534,16 @@ func (in *FentryProgramSpec) DeepCopy() *FentryProgramSpec { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FentryProgramStatus) DeepCopyInto(out *FentryProgramStatus) { +func (in *FexitLoadInfo) DeepCopyInto(out *FexitLoadInfo) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FentryProgramStatus. -func (in *FentryProgramStatus) DeepCopy() *FentryProgramStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FexitLoadInfo. +func (in *FexitLoadInfo) DeepCopy() *FexitLoadInfo { if in == nil { return nil } - out := new(FentryProgramStatus) + out := new(FexitLoadInfo) in.DeepCopyInto(out) return out } @@ -564,6 +579,7 @@ func (in *FexitProgram) DeepCopyObject() runtime.Object { func (in *FexitProgramInfo) DeepCopyInto(out *FexitProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) + out.FexitLoadInfo = in.FexitLoadInfo } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FexitProgramInfo. @@ -625,22 +641,6 @@ func (in *FexitProgramSpec) DeepCopy() *FexitProgramSpec { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FexitProgramStatus) DeepCopyInto(out *FexitProgramStatus) { - *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FexitProgramStatus. -func (in *FexitProgramStatus) DeepCopy() *FexitProgramStatus { - if in == nil { - return nil - } - out := new(FexitProgramStatus) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImagePullSecretSelector) DeepCopyInto(out *ImagePullSecretSelector) { *out = *in @@ -685,6 +685,21 @@ func (in *InterfaceSelector) DeepCopy() *InterfaceSelector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KprobeAttachInfo) DeepCopyInto(out *KprobeAttachInfo) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KprobeAttachInfo. +func (in *KprobeAttachInfo) DeepCopy() *KprobeAttachInfo { + if in == nil { + return nil + } + out := new(KprobeAttachInfo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KprobeProgram) DeepCopyInto(out *KprobeProgram) { *out = *in @@ -716,6 +731,11 @@ func (in *KprobeProgram) DeepCopyObject() runtime.Object { func (in *KprobeProgramInfo) DeepCopyInto(out *KprobeProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) + if in.AttachPoints != nil { + in, out := &in.AttachPoints, &out.AttachPoints + *out = make([]KprobeAttachInfo, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KprobeProgramInfo. @@ -778,17 +798,27 @@ func (in *KprobeProgramSpec) DeepCopy() *KprobeProgramSpec { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KprobeProgramStatus) DeepCopyInto(out *KprobeProgramStatus) { +func (in *TcAttachInfo) DeepCopyInto(out *TcAttachInfo) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + if in.Containers != nil { + in, out := &in.Containers, &out.Containers + *out = new(ContainerSelector) + (*in).DeepCopyInto(*out) + } + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]TcProceedOnValue, len(*in)) + copy(*out, *in) + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KprobeProgramStatus. -func (in *KprobeProgramStatus) DeepCopy() *KprobeProgramStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcAttachInfo. +func (in *TcAttachInfo) DeepCopy() *TcAttachInfo { if in == nil { return nil } - out := new(KprobeProgramStatus) + out := new(TcAttachInfo) in.DeepCopyInto(out) return out } @@ -824,16 +854,12 @@ func (in *TcProgram) DeepCopyObject() runtime.Object { func (in *TcProgramInfo) DeepCopyInto(out *TcProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) - in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) - if in.Containers != nil { - in, out := &in.Containers, &out.Containers - *out = new(ContainerSelector) - (*in).DeepCopyInto(*out) - } - if in.ProceedOn != nil { - in, out := &in.ProceedOn, &out.ProceedOn - *out = make([]TcProceedOnValue, len(*in)) - copy(*out, *in) + if in.AttachPoints != nil { + in, out := &in.AttachPoints, &out.AttachPoints + *out = make([]TcAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } @@ -897,17 +923,22 @@ func (in *TcProgramSpec) DeepCopy() *TcProgramSpec { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TcProgramStatus) DeepCopyInto(out *TcProgramStatus) { +func (in *TcxAttachInfo) DeepCopyInto(out *TcxAttachInfo) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + if in.Containers != nil { + in, out := &in.Containers, &out.Containers + *out = new(ContainerSelector) + (*in).DeepCopyInto(*out) + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcProgramStatus. -func (in *TcProgramStatus) DeepCopy() *TcProgramStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxAttachInfo. +func (in *TcxAttachInfo) DeepCopy() *TcxAttachInfo { if in == nil { return nil } - out := new(TcProgramStatus) + out := new(TcxAttachInfo) in.DeepCopyInto(out) return out } @@ -943,11 +974,12 @@ func (in *TcxProgram) DeepCopyObject() runtime.Object { func (in *TcxProgramInfo) DeepCopyInto(out *TcxProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) - in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) - if in.Containers != nil { - in, out := &in.Containers, &out.Containers - *out = new(ContainerSelector) - (*in).DeepCopyInto(*out) + if in.AttachPoints != nil { + in, out := &in.AttachPoints, &out.AttachPoints + *out = make([]TcxAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } @@ -1011,17 +1043,16 @@ func (in *TcxProgramSpec) DeepCopy() *TcxProgramSpec { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TcxProgramStatus) DeepCopyInto(out *TcxProgramStatus) { +func (in *TracepointAttachInfo) DeepCopyInto(out *TracepointAttachInfo) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxProgramStatus. -func (in *TcxProgramStatus) DeepCopy() *TcxProgramStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracepointAttachInfo. +func (in *TracepointAttachInfo) DeepCopy() *TracepointAttachInfo { if in == nil { return nil } - out := new(TcxProgramStatus) + out := new(TracepointAttachInfo) in.DeepCopyInto(out) return out } @@ -1057,9 +1088,9 @@ func (in *TracepointProgram) DeepCopyObject() runtime.Object { func (in *TracepointProgramInfo) DeepCopyInto(out *TracepointProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) - if in.Names != nil { - in, out := &in.Names, &out.Names - *out = make([]string, len(*in)) + if in.AttachPoints != nil { + in, out := &in.AttachPoints, &out.AttachPoints + *out = make([]TracepointAttachInfo, len(*in)) copy(*out, *in) } } @@ -1124,17 +1155,21 @@ func (in *TracepointProgramSpec) DeepCopy() *TracepointProgramSpec { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TracepointProgramStatus) DeepCopyInto(out *TracepointProgramStatus) { +func (in *UprobeAttachInfo) DeepCopyInto(out *UprobeAttachInfo) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) + if in.Containers != nil { + in, out := &in.Containers, &out.Containers + *out = new(ContainerSelector) + (*in).DeepCopyInto(*out) + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracepointProgramStatus. -func (in *TracepointProgramStatus) DeepCopy() *TracepointProgramStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UprobeAttachInfo. +func (in *UprobeAttachInfo) DeepCopy() *UprobeAttachInfo { if in == nil { return nil } - out := new(TracepointProgramStatus) + out := new(UprobeAttachInfo) in.DeepCopyInto(out) return out } @@ -1170,10 +1205,12 @@ func (in *UprobeProgram) DeepCopyObject() runtime.Object { func (in *UprobeProgramInfo) DeepCopyInto(out *UprobeProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) - if in.Containers != nil { - in, out := &in.Containers, &out.Containers - *out = new(ContainerSelector) - (*in).DeepCopyInto(*out) + if in.AttachPoints != nil { + in, out := &in.AttachPoints, &out.AttachPoints + *out = make([]UprobeAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } @@ -1237,17 +1274,27 @@ func (in *UprobeProgramSpec) DeepCopy() *UprobeProgramSpec { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UprobeProgramStatus) DeepCopyInto(out *UprobeProgramStatus) { +func (in *XdpAttachInfo) DeepCopyInto(out *XdpAttachInfo) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + if in.Containers != nil { + in, out := &in.Containers, &out.Containers + *out = new(ContainerSelector) + (*in).DeepCopyInto(*out) + } + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]XdpProceedOnValue, len(*in)) + copy(*out, *in) + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UprobeProgramStatus. -func (in *UprobeProgramStatus) DeepCopy() *UprobeProgramStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XdpAttachInfo. +func (in *XdpAttachInfo) DeepCopy() *XdpAttachInfo { if in == nil { return nil } - out := new(UprobeProgramStatus) + out := new(XdpAttachInfo) in.DeepCopyInto(out) return out } @@ -1283,16 +1330,12 @@ func (in *XdpProgram) DeepCopyObject() runtime.Object { func (in *XdpProgramInfo) DeepCopyInto(out *XdpProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) - in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) - if in.Containers != nil { - in, out := &in.Containers, &out.Containers - *out = new(ContainerSelector) - (*in).DeepCopyInto(*out) - } - if in.ProceedOn != nil { - in, out := &in.ProceedOn, &out.ProceedOn - *out = make([]XdpProceedOnValue, len(*in)) - copy(*out, *in) + if in.AttachPoints != nil { + in, out := &in.AttachPoints, &out.AttachPoints + *out = make([]XdpAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } @@ -1358,7 +1401,7 @@ func (in *XdpProgramSpec) DeepCopy() *XdpProgramSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *XdpProgramStatus) DeepCopyInto(out *XdpProgramStatus) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) + in.BpfAppStatus.DeepCopyInto(&out.BpfAppStatus) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XdpProgramStatus. diff --git a/bundle/manifests/bpfman-operator.clusterserviceversion.yaml b/bundle/manifests/bpfman-operator.clusterserviceversion.yaml index 5e79d542d..e66c872e8 100644 --- a/bundle/manifests/bpfman-operator.clusterserviceversion.yaml +++ b/bundle/manifests/bpfman-operator.clusterserviceversion.yaml @@ -23,73 +23,95 @@ metadata: "programs": [ { "kprobe": { - "bpffunctionname": "kprobe_counter", - "func_name": "try_to_wake_up", - "offset": 0, - "retprobe": false + "attach_points": [ + { + "func_name": "try_to_wake_up", + "offset": 0, + "retprobe": false + } + ], + "bpffunctionname": "kprobe_counter" }, "type": "Kprobe" }, { "tracepoint": { - "bpffunctionname": "tracepoint_kill_recorder", - "names": [ - "syscalls/sys_enter_kill" - ] + "attach_points": [ + { + "name": "syscalls/sys_enter_kill" + } + ], + "bpffunctionname": "tracepoint_kill_recorder" }, "type": "Tracepoint" }, { "tc": { - "bpffunctionname": "stats", - "direction": "ingress", - "interfaceselector": { - "primarynodeinterface": true - }, - "priority": 55 + "attach_points": [ + { + "direction": "ingress", + "interfaceselector": { + "primarynodeinterface": true + }, + "priority": 55 + } + ], + "bpffunctionname": "stats" }, "type": "TC" }, { "tcx": { - "bpffunctionname": "tcx_stats", - "direction": "ingress", - "interfaceselector": { - "primarynodeinterface": true - }, - "priority": 500 + "attach_points": [ + { + "direction": "ingress", + "interfaceselector": { + "primarynodeinterface": true + }, + "priority": 500 + } + ], + "bpffunctionname": "tcx_stats" }, "type": "TCX" }, { "type": "Uprobe", "uprobe": { - "bpffunctionname": "uprobe_counter", - "containers": { - "containernames": [ - "bpfman", - "bpfman-agent" - ], - "namespace": "bpfman", - "pods": { - "matchLabels": { - "name": "bpfman-daemon" - } + "attach_points": [ + { + "containers": { + "containernames": [ + "bpfman", + "bpfman-agent" + ], + "namespace": "bpfman", + "pods": { + "matchLabels": { + "name": "bpfman-daemon" + } + } + }, + "func_name": "malloc", + "retprobe": false, + "target": "libc" } - }, - "func_name": "malloc", - "retprobe": false, - "target": "libc" + ], + "bpffunctionname": "uprobe_counter" } }, { "type": "XDP", "xdp": { - "bpffunctionname": "xdp_stats", - "interfaceselector": { - "primarynodeinterface": true - }, - "priority": 55 + "attach_points": [ + { + "interfaceselector": { + "primarynodeinterface": true + }, + "priority": 55 + } + ], + "bpffunctionname": "xdp_stats" } } ] @@ -307,7 +329,7 @@ metadata: capabilities: Basic Install categories: OpenShift Optional containerImage: quay.io/bpfman/bpfman-operator:latest - createdAt: "2024-12-06T14:27:05Z" + createdAt: "2024-12-10T22:10:31Z" features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "false" features.operators.openshift.io/csi: "true" diff --git a/bundle/manifests/bpfman.io_bpfapplications.yaml b/bundle/manifests/bpfman.io_bpfapplications.yaml index cd8cc45cd..8c8c62dae 100644 --- a/bundle/manifests/bpfman.io_bpfapplications.yaml +++ b/bundle/manifests/bpfman.io_bpfapplications.yaml @@ -166,13 +166,20 @@ spec: description: fentry defines the desired state of the application's FentryPrograms. properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Function to attach the fentry to. + function_name: + description: FunctionName is the name of the function to + attach the Fentry program to. type: string mapownerselector: description: |- @@ -226,19 +233,26 @@ spec: x-kubernetes-map-type: atomic required: - bpffunctionname - - func_name + - function_name type: object fexit: description: fexit defines the desired state of the application's FexitPrograms. properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Function to attach the fexit to. + function_name: + description: FunctionName is the name of the function to + attach the Fexit program to. type: string mapownerselector: description: |- @@ -292,20 +306,45 @@ spec: x-kubernetes-map-type: atomic required: - bpffunctionname - - func_name + - function_name type: object kprobe: description: kprobe defines the desired state of the application's KprobePrograms. properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + func_name: + description: Functions to attach the kprobe to. + type: string + offset: + default: 0 + description: |- + Offset added to the address of the function for kprobe. + Not allowed for kretprobes. + format: int64 + type: integer + retprobe: + default: false + description: Whether the program is a kretprobe. Default + is false + type: boolean + required: + - func_name + type: object + x-kubernetes-validations: + - message: offset cannot be set for kretprobes + rule: self.retprobe == false || self.offset == 0 + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Functions to attach the kprobe to. - type: string mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -356,34 +395,46 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: |- - Offset added to the address of the function for kprobe. - Not allowed for kretprobes. - format: int64 - type: integer - retprobe: - default: false - description: Whether the program is a kretprobe. Default - is false - type: boolean required: - bpffunctionname - - func_name type: object kretprobe: description: kretprobe defines the desired state of the application's KretprobePrograms. properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + func_name: + description: Functions to attach the kprobe to. + type: string + offset: + default: 0 + description: |- + Offset added to the address of the function for kprobe. + Not allowed for kretprobes. + format: int64 + type: integer + retprobe: + default: false + description: Whether the program is a kretprobe. Default + is false + type: boolean + required: + - func_name + type: object + x-kubernetes-validations: + - message: offset cannot be set for kretprobes + rule: self.retprobe == false || self.offset == 0 + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Functions to attach the kprobe to. - type: string mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -434,125 +485,157 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: |- - Offset added to the address of the function for kprobe. - Not allowed for kretprobes. - format: int64 - type: integer - retprobe: - default: false - description: Whether the program is a kretprobe. Default - is false - type: boolean required: - bpffunctionname - - func_name type: object tc: description: tc defines the desired state of the application's TcPrograms. properties: - bpffunctionname: + attach_points: description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tc program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface + (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary + interface on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pipe + - dispatcher_return + description: |- + ProceedOn allows the user to call other tc programs in chain on this exit code. + Multiple values are supported by repeating the parameter. + items: + enum: + - unspec + - ok + - reclassify + - shot + - pipe + - stolen + - queued + - repeat + - redirect + - trap + - dispatcher_return + type: string + maxItems: 11 + type: array + required: + - direction + - interfaceselector + - priority + type: object + type: array + bpffunctionname: description: |- - Direction specifies the direction of traffic the tc program should - attach to for a given network device. - enum: - - ingress - - egress + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string - interfaceselector: - description: Selector to determine the network interface - (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface - on the node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -603,147 +686,134 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pipe - - dispatcher_return - description: |- - ProceedOn allows the user to call other tc programs in chain on this exit code. - Multiple values are supported by repeating the parameter. - items: - enum: - - unspec - - ok - - reclassify - - shot - - pipe - - stolen - - queued - - repeat - - redirect - - trap - - dispatcher_return - type: string - maxItems: 11 - type: array required: - bpffunctionname - - direction - - interfaceselector - - priority type: object tcx: description: tcx defines the desired state of the application's TcxPrograms. properties: - bpffunctionname: - description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: + attach_points: description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tcx program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface + (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary + interface on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + required: + - direction + - interfaceselector + - priority + type: object + type: array + bpffunctionname: description: |- - Direction specifies the direction of traffic the tcx program should - attach to for a given network device. - enum: - - ingress - - egress + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string - interfaceselector: - description: Selector to determine the network interface - (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface - on the node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -794,25 +864,28 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer required: - bpffunctionname - - direction - - interfaceselector - - priority type: object tracepoint: description: tracepoint defines the desired state of the application's TracepointPrograms. properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + name: + description: |- + Name refers to the name of a kernel tracepoint to attach the + bpf program to. + type: string + required: + - name + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -868,16 +941,8 @@ spec: type: object type: object x-kubernetes-map-type: atomic - names: - description: |- - Names refers to the names of kernel tracepoints to attach the - bpf program to. - items: - type: string - type: array required: - bpffunctionname - - names type: object type: description: Type specifies the bpf program type @@ -897,84 +962,116 @@ spec: description: uprobe defines the desired state of the application's UprobePrograms. properties: - bpffunctionname: + attach_points: description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: - description: |- - Containers identifes the set of containers in which to attach the uprobe. - If Containers is not specified, the uprobe will be attached in the - bpfman-agent container. The ContainerSelector is very flexible and even - allows the selection of all containers in a cluster. If an attempt is - made to attach uprobes to too many containers, it can have a negative - impact on on the cluster. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the uprobe. + If Containers is not specified, the uprobe will be attached in the + bpfman-agent container. The ContainerSelector is very flexible and even + allows the selection of all containers in a cluster. If an attempt is + made to attach uprobes to too many containers, it can have a negative + impact on on the cluster. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - func_name: - description: Function to attach the uprobe to. + x-kubernetes-map-type: atomic + required: + - pods + type: object + func_name: + description: Function to attach the uprobe to. + type: string + offset: + default: 0 + description: Offset added to the address of the function + for uprobe. + format: int64 + type: integer + pid: + description: |- + Only execute uprobe for given process identification number (PID). If PID + is not provided, uprobe executes for all PIDs. + format: int32 + type: integer + retprobe: + default: false + description: Whether the program is a uretprobe. Default + is false + type: boolean + target: + description: Library name or the absolute path to + a binary or library. + type: string + required: + - target + type: object + type: array + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string mapownerselector: description: |- @@ -1026,113 +1123,123 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: Offset added to the address of the function - for uprobe. - format: int64 - type: integer - pid: - description: |- - Only execute uprobe for given process identification number (PID). If PID - is not provided, uprobe executes for all PIDs. - format: int32 - type: integer - retprobe: - default: false - description: Whether the program is a uretprobe. Default - is false - type: boolean - target: - description: Library name or the absolute path to a binary - or library. - type: string required: - bpffunctionname - - target type: object uretprobe: description: uretprobe defines the desired state of the application's UretprobePrograms. properties: - bpffunctionname: + attach_points: description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: - description: |- - Containers identifes the set of containers in which to attach the uprobe. - If Containers is not specified, the uprobe will be attached in the - bpfman-agent container. The ContainerSelector is very flexible and even - allows the selection of all containers in a cluster. If an attempt is - made to attach uprobes to too many containers, it can have a negative - impact on on the cluster. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the uprobe. + If Containers is not specified, the uprobe will be attached in the + bpfman-agent container. The ContainerSelector is very flexible and even + allows the selection of all containers in a cluster. If an attempt is + made to attach uprobes to too many containers, it can have a negative + impact on on the cluster. + properties: + containernames: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - func_name: - description: Function to attach the uprobe to. + x-kubernetes-map-type: atomic + required: + - pods + type: object + func_name: + description: Function to attach the uprobe to. + type: string + offset: + default: 0 + description: Offset added to the address of the function + for uprobe. + format: int64 + type: integer + pid: + description: |- + Only execute uprobe for given process identification number (PID). If PID + is not provided, uprobe executes for all PIDs. + format: int32 + type: integer + retprobe: + default: false + description: Whether the program is a uretprobe. Default + is false + type: boolean + target: + description: Library name or the absolute path to + a binary or library. + type: string + required: + - target + type: object + type: array + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string mapownerselector: description: |- @@ -1184,126 +1291,140 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: Offset added to the address of the function - for uprobe. - format: int64 - type: integer - pid: - description: |- - Only execute uprobe for given process identification number (PID). If PID - is not provided, uprobe executes for all PIDs. - format: int32 - type: integer - retprobe: - default: false - description: Whether the program is a uretprobe. Default - is false - type: boolean - target: - description: Library name or the absolute path to a binary - or library. - type: string required: - bpffunctionname - - target type: object xdp: description: xdp defines the desired state of the application's XdpPrograms. properties: - bpffunctionname: - description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: + attach_points: description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - interfaceselector: - description: Selector to determine the network interface - (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface - on the node. Only 'true' accepted. - type: boolean - type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + interfaceselector: + description: Selector to determine the network interface + (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary + interface on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the bpf program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pass + - dispatcher_return + items: + enum: + - aborted + - drop + - pass + - tx + - redirect + - dispatcher_return + type: string + maxItems: 6 + type: array + required: + - interfaceselector + - priority + type: object + type: array + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program + type: string mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -1354,34 +1475,8 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the bpf program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pass - - dispatcher_return - items: - enum: - - aborted - - drop - - pass - - tx - - redirect - - dispatcher_return - type: string - maxItems: 6 - type: array required: - bpffunctionname - - interfaceselector - - priority type: object type: object x-kubernetes-validations: @@ -1432,7 +1527,7 @@ spec: - nodeselector type: object status: - description: BpfApplicationStatus defines the observed state of BpfApplication + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_fentryprograms.yaml b/bundle/manifests/bpfman.io_fentryprograms.yaml index 76cefd41c..23d9c3fb8 100644 --- a/bundle/manifests/bpfman.io_fentryprograms.yaml +++ b/bundle/manifests/bpfman.io_fentryprograms.yaml @@ -53,6 +53,12 @@ spec: spec: description: FentryProgramSpec defines the desired state of FentryProgram properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -103,8 +109,9 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - func_name: - description: Function to attach the fentry to. + function_name: + description: FunctionName is the name of the function to attach the + Fentry program to. type: string globaldata: additionalProperties: @@ -218,11 +225,11 @@ spec: required: - bpffunctionname - bytecode - - func_name + - function_name - nodeselector type: object status: - description: FentryProgramStatus defines the observed state of FentryProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_fexitprograms.yaml b/bundle/manifests/bpfman.io_fexitprograms.yaml index 78225dcfb..7fbe95491 100644 --- a/bundle/manifests/bpfman.io_fexitprograms.yaml +++ b/bundle/manifests/bpfman.io_fexitprograms.yaml @@ -53,6 +53,12 @@ spec: spec: description: FexitProgramSpec defines the desired state of FexitProgram properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -103,8 +109,9 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - func_name: - description: Function to attach the fexit to. + function_name: + description: FunctionName is the name of the function to attach the + Fexit program to. type: string globaldata: additionalProperties: @@ -218,11 +225,11 @@ spec: required: - bpffunctionname - bytecode - - func_name + - function_name - nodeselector type: object status: - description: FexitProgramStatus defines the observed state of FexitProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_kprobeprograms.yaml b/bundle/manifests/bpfman.io_kprobeprograms.yaml index e40bed810..c4ed488ee 100644 --- a/bundle/manifests/bpfman.io_kprobeprograms.yaml +++ b/bundle/manifests/bpfman.io_kprobeprograms.yaml @@ -61,6 +61,34 @@ spec: spec: description: KprobeProgramSpec defines the desired state of KprobeProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + func_name: + description: Functions to attach the kprobe to. + type: string + offset: + default: 0 + description: |- + Offset added to the address of the function for kprobe. + Not allowed for kretprobes. + format: int64 + type: integer + retprobe: + default: false + description: Whether the program is a kretprobe. Default is + false + type: boolean + required: + - func_name + type: object + x-kubernetes-validations: + - message: offset cannot be set for kretprobes + rule: self.retprobe == false || self.offset == 0 + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -111,9 +139,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - func_name: - description: Functions to attach the kprobe to. - type: string globaldata: additionalProperties: format: byte @@ -223,28 +248,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: |- - Offset added to the address of the function for kprobe. - Not allowed for kretprobes. - format: int64 - type: integer - retprobe: - default: false - description: Whether the program is a kretprobe. Default is false - type: boolean required: - bpffunctionname - bytecode - - func_name - nodeselector type: object - x-kubernetes-validations: - - message: offset cannot be set for kretprobes - rule: self.retprobe == false || self.offset == 0 status: - description: KprobeProgramStatus defines the observed state of KprobeProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_tcprograms.yaml b/bundle/manifests/bpfman.io_tcprograms.yaml index db4073a6c..c27755a07 100644 --- a/bundle/manifests/bpfman.io_tcprograms.yaml +++ b/bundle/manifests/bpfman.io_tcprograms.yaml @@ -65,6 +65,144 @@ spec: spec: description: TcProgramSpec defines the desired state of TcProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tc program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface (or + interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface + on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pipe + - dispatcher_return + description: |- + ProceedOn allows the user to call other tc programs in chain on this exit code. + Multiple values are supported by repeating the parameter. + items: + enum: + - unspec + - ok + - reclassify + - shot + - pipe + - stolen + - queued + - repeat + - redirect + - trap + - dispatcher_return + type: string + maxItems: 11 + type: array + required: + - direction + - interfaceselector + - priority + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -115,82 +253,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: - description: |- - Direction specifies the direction of traffic the tc program should - attach to for a given network device. - enum: - - ingress - - egress - type: string globaldata: additionalProperties: format: byte @@ -201,23 +263,6 @@ spec: is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures. type: object - interfaceselector: - description: Selector to determine the network interface (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface on the - node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -317,48 +362,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pipe - - dispatcher_return - description: |- - ProceedOn allows the user to call other tc programs in chain on this exit code. - Multiple values are supported by repeating the parameter. - items: - enum: - - unspec - - ok - - reclassify - - shot - - pipe - - stolen - - queued - - repeat - - redirect - - trap - - dispatcher_return - type: string - maxItems: 11 - type: array required: - bpffunctionname - bytecode - - direction - - interfaceselector - nodeselector - - priority type: object status: - description: TcProgramStatus defines the observed state of TcProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_tcxprograms.yaml b/bundle/manifests/bpfman.io_tcxprograms.yaml index f176c2f80..559abce4b 100644 --- a/bundle/manifests/bpfman.io_tcxprograms.yaml +++ b/bundle/manifests/bpfman.io_tcxprograms.yaml @@ -65,6 +65,121 @@ spec: spec: description: TcxProgramSpec defines the desired state of TcxProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tcx program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface (or + interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface + on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + required: + - direction + - interfaceselector + - priority + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -115,82 +230,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: - description: |- - Direction specifies the direction of traffic the tcx program should - attach to for a given network device. - enum: - - ingress - - egress - type: string globaldata: additionalProperties: format: byte @@ -201,23 +240,6 @@ spec: is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures. type: object - interfaceselector: - description: Selector to determine the network interface (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface on the - node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -317,25 +339,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer required: - bpffunctionname - bytecode - - direction - - interfaceselector - nodeselector - - priority type: object status: - description: TcxProgramStatus defines the observed state of TcProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_tracepointprograms.yaml b/bundle/manifests/bpfman.io_tracepointprograms.yaml index add6d12b6..d29d3b587 100644 --- a/bundle/manifests/bpfman.io_tracepointprograms.yaml +++ b/bundle/manifests/bpfman.io_tracepointprograms.yaml @@ -53,6 +53,21 @@ spec: spec: description: TracepointProgramSpec defines the desired state of TracepointProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + name: + description: |- + Name refers to the name of a kernel tracepoint to attach the + bpf program to. + type: string + required: + - name + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -163,13 +178,6 @@ spec: type: object type: object x-kubernetes-map-type: atomic - names: - description: |- - Names refers to the names of kernel tracepoints to attach the - bpf program to. - items: - type: string - type: array nodeselector: description: |- NodeSelector allows the user to specify which nodes to deploy the @@ -222,11 +230,10 @@ spec: required: - bpffunctionname - bytecode - - names - nodeselector type: object status: - description: TracepointProgramStatus defines the observed state of TracepointProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_uprobeprograms.yaml b/bundle/manifests/bpfman.io_uprobeprograms.yaml index 376ccbe27..78c4d1d96 100644 --- a/bundle/manifests/bpfman.io_uprobeprograms.yaml +++ b/bundle/manifests/bpfman.io_uprobeprograms.yaml @@ -69,6 +69,111 @@ spec: spec: description: UprobeProgramSpec defines the desired state of UprobeProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the uprobe. + If Containers is not specified, the uprobe will be attached in the + bpfman-agent container. The ContainerSelector is very flexible and even + allows the selection of all containers in a cluster. If an attempt is + made to attach uprobes to too many containers, it can have a negative + impact on on the cluster. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + func_name: + description: Function to attach the uprobe to. + type: string + offset: + default: 0 + description: Offset added to the address of the function for + uprobe. + format: int64 + type: integer + pid: + description: |- + Only execute uprobe for given process identification number (PID). If PID + is not provided, uprobe executes for all PIDs. + format: int32 + type: integer + retprobe: + default: false + description: Whether the program is a uretprobe. Default is + false + type: boolean + target: + description: Library name or the absolute path to a binary or + library. + type: string + required: + - target + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -119,80 +224,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the uprobe. - If Containers is not specified, the uprobe will be attached in the - bpfman-agent container. The ContainerSelector is very flexible and even - allows the selection of all containers in a cluster. If an attempt is - made to attach uprobes to too many containers, it can have a negative - impact on on the cluster. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - func_name: - description: Function to attach the uprobe to. - type: string globaldata: additionalProperties: format: byte @@ -302,32 +333,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: Offset added to the address of the function for uprobe. - format: int64 - type: integer - pid: - description: |- - Only execute uprobe for given process identification number (PID). If PID - is not provided, uprobe executes for all PIDs. - format: int32 - type: integer - retprobe: - default: false - description: Whether the program is a uretprobe. Default is false - type: boolean - target: - description: Library name or the absolute path to a binary or library. - type: string required: - bpffunctionname - bytecode - nodeselector - - target type: object status: - description: UprobeProgramStatus defines the observed state of UprobeProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_xdpprograms.yaml b/bundle/manifests/bpfman.io_xdpprograms.yaml index 31791544f..35f453647 100644 --- a/bundle/manifests/bpfman.io_xdpprograms.yaml +++ b/bundle/manifests/bpfman.io_xdpprograms.yaml @@ -61,6 +61,127 @@ spec: spec: description: XdpProgramSpec defines the desired state of XdpProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + interfaceselector: + description: Selector to determine the network interface (or + interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface + on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the bpf program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pass + - dispatcher_return + items: + enum: + - aborted + - drop + - pass + - tx + - redirect + - dispatcher_return + type: string + maxItems: 6 + type: array + required: + - interfaceselector + - priority + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -111,74 +232,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object globaldata: additionalProperties: format: byte @@ -189,23 +242,6 @@ spec: is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures. type: object - interfaceselector: - description: Selector to determine the network interface (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface on the - node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -305,39 +341,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the bpf program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pass - - dispatcher_return - items: - enum: - - aborted - - drop - - pass - - tx - - redirect - - dispatcher_return - type: string - maxItems: 6 - type: array required: - bpffunctionname - bytecode - - interfaceselector - nodeselector - - priority type: object status: - description: XdpProgramStatus defines the observed state of XdpProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_bpfapplications.yaml b/config/crd/bases/bpfman.io_bpfapplications.yaml index cc775ec1a..c9b7d34f4 100644 --- a/config/crd/bases/bpfman.io_bpfapplications.yaml +++ b/config/crd/bases/bpfman.io_bpfapplications.yaml @@ -166,13 +166,20 @@ spec: description: fentry defines the desired state of the application's FentryPrograms. properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Function to attach the fentry to. + function_name: + description: FunctionName is the name of the function to + attach the Fentry program to. type: string mapownerselector: description: |- @@ -226,19 +233,26 @@ spec: x-kubernetes-map-type: atomic required: - bpffunctionname - - func_name + - function_name type: object fexit: description: fexit defines the desired state of the application's FexitPrograms. properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Function to attach the fexit to. + function_name: + description: FunctionName is the name of the function to + attach the Fexit program to. type: string mapownerselector: description: |- @@ -292,20 +306,45 @@ spec: x-kubernetes-map-type: atomic required: - bpffunctionname - - func_name + - function_name type: object kprobe: description: kprobe defines the desired state of the application's KprobePrograms. properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + func_name: + description: Functions to attach the kprobe to. + type: string + offset: + default: 0 + description: |- + Offset added to the address of the function for kprobe. + Not allowed for kretprobes. + format: int64 + type: integer + retprobe: + default: false + description: Whether the program is a kretprobe. Default + is false + type: boolean + required: + - func_name + type: object + x-kubernetes-validations: + - message: offset cannot be set for kretprobes + rule: self.retprobe == false || self.offset == 0 + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Functions to attach the kprobe to. - type: string mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -356,34 +395,46 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: |- - Offset added to the address of the function for kprobe. - Not allowed for kretprobes. - format: int64 - type: integer - retprobe: - default: false - description: Whether the program is a kretprobe. Default - is false - type: boolean required: - bpffunctionname - - func_name type: object kretprobe: description: kretprobe defines the desired state of the application's KretprobePrograms. properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + func_name: + description: Functions to attach the kprobe to. + type: string + offset: + default: 0 + description: |- + Offset added to the address of the function for kprobe. + Not allowed for kretprobes. + format: int64 + type: integer + retprobe: + default: false + description: Whether the program is a kretprobe. Default + is false + type: boolean + required: + - func_name + type: object + x-kubernetes-validations: + - message: offset cannot be set for kretprobes + rule: self.retprobe == false || self.offset == 0 + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Functions to attach the kprobe to. - type: string mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -434,125 +485,157 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: |- - Offset added to the address of the function for kprobe. - Not allowed for kretprobes. - format: int64 - type: integer - retprobe: - default: false - description: Whether the program is a kretprobe. Default - is false - type: boolean required: - bpffunctionname - - func_name type: object tc: description: tc defines the desired state of the application's TcPrograms. properties: - bpffunctionname: + attach_points: description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tc program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface + (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary + interface on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pipe + - dispatcher_return + description: |- + ProceedOn allows the user to call other tc programs in chain on this exit code. + Multiple values are supported by repeating the parameter. + items: + enum: + - unspec + - ok + - reclassify + - shot + - pipe + - stolen + - queued + - repeat + - redirect + - trap + - dispatcher_return + type: string + maxItems: 11 + type: array + required: + - direction + - interfaceselector + - priority + type: object + type: array + bpffunctionname: description: |- - Direction specifies the direction of traffic the tc program should - attach to for a given network device. - enum: - - ingress - - egress + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string - interfaceselector: - description: Selector to determine the network interface - (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface - on the node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -603,147 +686,134 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pipe - - dispatcher_return - description: |- - ProceedOn allows the user to call other tc programs in chain on this exit code. - Multiple values are supported by repeating the parameter. - items: - enum: - - unspec - - ok - - reclassify - - shot - - pipe - - stolen - - queued - - repeat - - redirect - - trap - - dispatcher_return - type: string - maxItems: 11 - type: array required: - bpffunctionname - - direction - - interfaceselector - - priority type: object tcx: description: tcx defines the desired state of the application's TcxPrograms. properties: - bpffunctionname: - description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: + attach_points: description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tcx program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface + (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary + interface on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + required: + - direction + - interfaceselector + - priority + type: object + type: array + bpffunctionname: description: |- - Direction specifies the direction of traffic the tcx program should - attach to for a given network device. - enum: - - ingress - - egress + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string - interfaceselector: - description: Selector to determine the network interface - (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface - on the node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -794,25 +864,28 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer required: - bpffunctionname - - direction - - interfaceselector - - priority type: object tracepoint: description: tracepoint defines the desired state of the application's TracepointPrograms. properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + name: + description: |- + Name refers to the name of a kernel tracepoint to attach the + bpf program to. + type: string + required: + - name + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -868,16 +941,8 @@ spec: type: object type: object x-kubernetes-map-type: atomic - names: - description: |- - Names refers to the names of kernel tracepoints to attach the - bpf program to. - items: - type: string - type: array required: - bpffunctionname - - names type: object type: description: Type specifies the bpf program type @@ -897,84 +962,116 @@ spec: description: uprobe defines the desired state of the application's UprobePrograms. properties: - bpffunctionname: + attach_points: description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: - description: |- - Containers identifes the set of containers in which to attach the uprobe. - If Containers is not specified, the uprobe will be attached in the - bpfman-agent container. The ContainerSelector is very flexible and even - allows the selection of all containers in a cluster. If an attempt is - made to attach uprobes to too many containers, it can have a negative - impact on on the cluster. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the uprobe. + If Containers is not specified, the uprobe will be attached in the + bpfman-agent container. The ContainerSelector is very flexible and even + allows the selection of all containers in a cluster. If an attempt is + made to attach uprobes to too many containers, it can have a negative + impact on on the cluster. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - func_name: - description: Function to attach the uprobe to. + x-kubernetes-map-type: atomic + required: + - pods + type: object + func_name: + description: Function to attach the uprobe to. + type: string + offset: + default: 0 + description: Offset added to the address of the function + for uprobe. + format: int64 + type: integer + pid: + description: |- + Only execute uprobe for given process identification number (PID). If PID + is not provided, uprobe executes for all PIDs. + format: int32 + type: integer + retprobe: + default: false + description: Whether the program is a uretprobe. Default + is false + type: boolean + target: + description: Library name or the absolute path to + a binary or library. + type: string + required: + - target + type: object + type: array + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string mapownerselector: description: |- @@ -1026,113 +1123,123 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: Offset added to the address of the function - for uprobe. - format: int64 - type: integer - pid: - description: |- - Only execute uprobe for given process identification number (PID). If PID - is not provided, uprobe executes for all PIDs. - format: int32 - type: integer - retprobe: - default: false - description: Whether the program is a uretprobe. Default - is false - type: boolean - target: - description: Library name or the absolute path to a binary - or library. - type: string required: - bpffunctionname - - target type: object uretprobe: description: uretprobe defines the desired state of the application's UretprobePrograms. properties: - bpffunctionname: + attach_points: description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: - description: |- - Containers identifes the set of containers in which to attach the uprobe. - If Containers is not specified, the uprobe will be attached in the - bpfman-agent container. The ContainerSelector is very flexible and even - allows the selection of all containers in a cluster. If an attempt is - made to attach uprobes to too many containers, it can have a negative - impact on on the cluster. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the uprobe. + If Containers is not specified, the uprobe will be attached in the + bpfman-agent container. The ContainerSelector is very flexible and even + allows the selection of all containers in a cluster. If an attempt is + made to attach uprobes to too many containers, it can have a negative + impact on on the cluster. + properties: + containernames: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - func_name: - description: Function to attach the uprobe to. + x-kubernetes-map-type: atomic + required: + - pods + type: object + func_name: + description: Function to attach the uprobe to. + type: string + offset: + default: 0 + description: Offset added to the address of the function + for uprobe. + format: int64 + type: integer + pid: + description: |- + Only execute uprobe for given process identification number (PID). If PID + is not provided, uprobe executes for all PIDs. + format: int32 + type: integer + retprobe: + default: false + description: Whether the program is a uretprobe. Default + is false + type: boolean + target: + description: Library name or the absolute path to + a binary or library. + type: string + required: + - target + type: object + type: array + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string mapownerselector: description: |- @@ -1184,126 +1291,140 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: Offset added to the address of the function - for uprobe. - format: int64 - type: integer - pid: - description: |- - Only execute uprobe for given process identification number (PID). If PID - is not provided, uprobe executes for all PIDs. - format: int32 - type: integer - retprobe: - default: false - description: Whether the program is a uretprobe. Default - is false - type: boolean - target: - description: Library name or the absolute path to a binary - or library. - type: string required: - bpffunctionname - - target type: object xdp: description: xdp defines the desired state of the application's XdpPrograms. properties: - bpffunctionname: - description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: + attach_points: description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - interfaceselector: - description: Selector to determine the network interface - (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface - on the node. Only 'true' accepted. - type: boolean - type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + interfaceselector: + description: Selector to determine the network interface + (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary + interface on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the bpf program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pass + - dispatcher_return + items: + enum: + - aborted + - drop + - pass + - tx + - redirect + - dispatcher_return + type: string + maxItems: 6 + type: array + required: + - interfaceselector + - priority + type: object + type: array + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program + type: string mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -1354,34 +1475,8 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the bpf program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pass - - dispatcher_return - items: - enum: - - aborted - - drop - - pass - - tx - - redirect - - dispatcher_return - type: string - maxItems: 6 - type: array required: - bpffunctionname - - interfaceselector - - priority type: object type: object x-kubernetes-validations: @@ -1432,7 +1527,7 @@ spec: - nodeselector type: object status: - description: BpfApplicationStatus defines the observed state of BpfApplication + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_fentryprograms.yaml b/config/crd/bases/bpfman.io_fentryprograms.yaml index 129fecf6f..c36eec352 100644 --- a/config/crd/bases/bpfman.io_fentryprograms.yaml +++ b/config/crd/bases/bpfman.io_fentryprograms.yaml @@ -53,6 +53,12 @@ spec: spec: description: FentryProgramSpec defines the desired state of FentryProgram properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -103,8 +109,9 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - func_name: - description: Function to attach the fentry to. + function_name: + description: FunctionName is the name of the function to attach the + Fentry program to. type: string globaldata: additionalProperties: @@ -218,11 +225,11 @@ spec: required: - bpffunctionname - bytecode - - func_name + - function_name - nodeselector type: object status: - description: FentryProgramStatus defines the observed state of FentryProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_fexitprograms.yaml b/config/crd/bases/bpfman.io_fexitprograms.yaml index d8e8bbd51..ff3a4c088 100644 --- a/config/crd/bases/bpfman.io_fexitprograms.yaml +++ b/config/crd/bases/bpfman.io_fexitprograms.yaml @@ -53,6 +53,12 @@ spec: spec: description: FexitProgramSpec defines the desired state of FexitProgram properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -103,8 +109,9 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - func_name: - description: Function to attach the fexit to. + function_name: + description: FunctionName is the name of the function to attach the + Fexit program to. type: string globaldata: additionalProperties: @@ -218,11 +225,11 @@ spec: required: - bpffunctionname - bytecode - - func_name + - function_name - nodeselector type: object status: - description: FexitProgramStatus defines the observed state of FexitProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_kprobeprograms.yaml b/config/crd/bases/bpfman.io_kprobeprograms.yaml index 076d269e5..541523e0b 100644 --- a/config/crd/bases/bpfman.io_kprobeprograms.yaml +++ b/config/crd/bases/bpfman.io_kprobeprograms.yaml @@ -61,6 +61,34 @@ spec: spec: description: KprobeProgramSpec defines the desired state of KprobeProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + func_name: + description: Functions to attach the kprobe to. + type: string + offset: + default: 0 + description: |- + Offset added to the address of the function for kprobe. + Not allowed for kretprobes. + format: int64 + type: integer + retprobe: + default: false + description: Whether the program is a kretprobe. Default is + false + type: boolean + required: + - func_name + type: object + x-kubernetes-validations: + - message: offset cannot be set for kretprobes + rule: self.retprobe == false || self.offset == 0 + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -111,9 +139,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - func_name: - description: Functions to attach the kprobe to. - type: string globaldata: additionalProperties: format: byte @@ -223,28 +248,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: |- - Offset added to the address of the function for kprobe. - Not allowed for kretprobes. - format: int64 - type: integer - retprobe: - default: false - description: Whether the program is a kretprobe. Default is false - type: boolean required: - bpffunctionname - bytecode - - func_name - nodeselector type: object - x-kubernetes-validations: - - message: offset cannot be set for kretprobes - rule: self.retprobe == false || self.offset == 0 status: - description: KprobeProgramStatus defines the observed state of KprobeProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_tcprograms.yaml b/config/crd/bases/bpfman.io_tcprograms.yaml index 713629be2..3a660b458 100644 --- a/config/crd/bases/bpfman.io_tcprograms.yaml +++ b/config/crd/bases/bpfman.io_tcprograms.yaml @@ -65,6 +65,144 @@ spec: spec: description: TcProgramSpec defines the desired state of TcProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tc program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface (or + interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface + on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pipe + - dispatcher_return + description: |- + ProceedOn allows the user to call other tc programs in chain on this exit code. + Multiple values are supported by repeating the parameter. + items: + enum: + - unspec + - ok + - reclassify + - shot + - pipe + - stolen + - queued + - repeat + - redirect + - trap + - dispatcher_return + type: string + maxItems: 11 + type: array + required: + - direction + - interfaceselector + - priority + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -115,82 +253,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: - description: |- - Direction specifies the direction of traffic the tc program should - attach to for a given network device. - enum: - - ingress - - egress - type: string globaldata: additionalProperties: format: byte @@ -201,23 +263,6 @@ spec: is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures. type: object - interfaceselector: - description: Selector to determine the network interface (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface on the - node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -317,48 +362,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pipe - - dispatcher_return - description: |- - ProceedOn allows the user to call other tc programs in chain on this exit code. - Multiple values are supported by repeating the parameter. - items: - enum: - - unspec - - ok - - reclassify - - shot - - pipe - - stolen - - queued - - repeat - - redirect - - trap - - dispatcher_return - type: string - maxItems: 11 - type: array required: - bpffunctionname - bytecode - - direction - - interfaceselector - nodeselector - - priority type: object status: - description: TcProgramStatus defines the observed state of TcProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_tcxprograms.yaml b/config/crd/bases/bpfman.io_tcxprograms.yaml index d0eca6137..64cc1a65f 100644 --- a/config/crd/bases/bpfman.io_tcxprograms.yaml +++ b/config/crd/bases/bpfman.io_tcxprograms.yaml @@ -65,6 +65,121 @@ spec: spec: description: TcxProgramSpec defines the desired state of TcxProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tcx program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface (or + interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface + on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + required: + - direction + - interfaceselector + - priority + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -115,82 +230,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: - description: |- - Direction specifies the direction of traffic the tcx program should - attach to for a given network device. - enum: - - ingress - - egress - type: string globaldata: additionalProperties: format: byte @@ -201,23 +240,6 @@ spec: is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures. type: object - interfaceselector: - description: Selector to determine the network interface (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface on the - node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -317,25 +339,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer required: - bpffunctionname - bytecode - - direction - - interfaceselector - nodeselector - - priority type: object status: - description: TcxProgramStatus defines the observed state of TcProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_tracepointprograms.yaml b/config/crd/bases/bpfman.io_tracepointprograms.yaml index bbcc48241..41ca99e40 100644 --- a/config/crd/bases/bpfman.io_tracepointprograms.yaml +++ b/config/crd/bases/bpfman.io_tracepointprograms.yaml @@ -53,6 +53,21 @@ spec: spec: description: TracepointProgramSpec defines the desired state of TracepointProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + name: + description: |- + Name refers to the name of a kernel tracepoint to attach the + bpf program to. + type: string + required: + - name + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -163,13 +178,6 @@ spec: type: object type: object x-kubernetes-map-type: atomic - names: - description: |- - Names refers to the names of kernel tracepoints to attach the - bpf program to. - items: - type: string - type: array nodeselector: description: |- NodeSelector allows the user to specify which nodes to deploy the @@ -222,11 +230,10 @@ spec: required: - bpffunctionname - bytecode - - names - nodeselector type: object status: - description: TracepointProgramStatus defines the observed state of TracepointProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_uprobeprograms.yaml b/config/crd/bases/bpfman.io_uprobeprograms.yaml index 356c58008..1ecf9944e 100644 --- a/config/crd/bases/bpfman.io_uprobeprograms.yaml +++ b/config/crd/bases/bpfman.io_uprobeprograms.yaml @@ -69,6 +69,111 @@ spec: spec: description: UprobeProgramSpec defines the desired state of UprobeProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the uprobe. + If Containers is not specified, the uprobe will be attached in the + bpfman-agent container. The ContainerSelector is very flexible and even + allows the selection of all containers in a cluster. If an attempt is + made to attach uprobes to too many containers, it can have a negative + impact on on the cluster. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + func_name: + description: Function to attach the uprobe to. + type: string + offset: + default: 0 + description: Offset added to the address of the function for + uprobe. + format: int64 + type: integer + pid: + description: |- + Only execute uprobe for given process identification number (PID). If PID + is not provided, uprobe executes for all PIDs. + format: int32 + type: integer + retprobe: + default: false + description: Whether the program is a uretprobe. Default is + false + type: boolean + target: + description: Library name or the absolute path to a binary or + library. + type: string + required: + - target + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -119,80 +224,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the uprobe. - If Containers is not specified, the uprobe will be attached in the - bpfman-agent container. The ContainerSelector is very flexible and even - allows the selection of all containers in a cluster. If an attempt is - made to attach uprobes to too many containers, it can have a negative - impact on on the cluster. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - func_name: - description: Function to attach the uprobe to. - type: string globaldata: additionalProperties: format: byte @@ -302,32 +333,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: Offset added to the address of the function for uprobe. - format: int64 - type: integer - pid: - description: |- - Only execute uprobe for given process identification number (PID). If PID - is not provided, uprobe executes for all PIDs. - format: int32 - type: integer - retprobe: - default: false - description: Whether the program is a uretprobe. Default is false - type: boolean - target: - description: Library name or the absolute path to a binary or library. - type: string required: - bpffunctionname - bytecode - nodeselector - - target type: object status: - description: UprobeProgramStatus defines the observed state of UprobeProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_xdpprograms.yaml b/config/crd/bases/bpfman.io_xdpprograms.yaml index 3e15190b0..c0d5a600f 100644 --- a/config/crd/bases/bpfman.io_xdpprograms.yaml +++ b/config/crd/bases/bpfman.io_xdpprograms.yaml @@ -61,6 +61,127 @@ spec: spec: description: XdpProgramSpec defines the desired state of XdpProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + interfaceselector: + description: Selector to determine the network interface (or + interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface + on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the bpf program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pass + - dispatcher_return + items: + enum: + - aborted + - drop + - pass + - tx + - redirect + - dispatcher_return + type: string + maxItems: 6 + type: array + required: + - interfaceselector + - priority + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -111,74 +232,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object globaldata: additionalProperties: format: byte @@ -189,23 +242,6 @@ spec: is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures. type: object - interfaceselector: - description: Selector to determine the network interface (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface on the - node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -305,39 +341,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the bpf program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pass - - dispatcher_return - items: - enum: - - aborted - - drop - - pass - - tx - - redirect - - dispatcher_return - type: string - maxItems: 6 - type: array required: - bpffunctionname - bytecode - - interfaceselector - nodeselector - - priority type: object status: - description: XdpProgramStatus defines the observed state of XdpProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/samples/bpfman.io_v1alpha1_bpfapplication.yaml b/config/samples/bpfman.io_v1alpha1_bpfapplication.yaml index b7e8f1bb1..4d8fe8613 100644 --- a/config/samples/bpfman.io_v1alpha1_bpfapplication.yaml +++ b/config/samples/bpfman.io_v1alpha1_bpfapplication.yaml @@ -14,45 +14,50 @@ spec: - type: Kprobe kprobe: bpffunctionname: kprobe_counter - func_name: try_to_wake_up - offset: 0 - retprobe: false + attach_points: + - func_name: try_to_wake_up + offset: 0 + retprobe: false - type: Tracepoint tracepoint: bpffunctionname: tracepoint_kill_recorder - names: - - syscalls/sys_enter_kill + attach_points: + - name: syscalls/sys_enter_kill - type: TC tc: bpffunctionname: stats - interfaceselector: - primarynodeinterface: true - priority: 55 - direction: ingress + attach_points: + - interfaceselector: + primarynodeinterface: true + priority: 55 + direction: ingress - type: TCX tcx: bpffunctionname: tcx_stats - interfaceselector: - primarynodeinterface: true - priority: 500 - direction: ingress + attach_points: + - interfaceselector: + primarynodeinterface: true + priority: 500 + direction: ingress - type: Uprobe uprobe: bpffunctionname: uprobe_counter - func_name: malloc - target: libc - retprobe: false - containers: - namespace: bpfman - pods: - matchLabels: - name: bpfman-daemon - containernames: - - bpfman - - bpfman-agent + attach_points: + - func_name: malloc + target: libc + retprobe: false + containers: + namespace: bpfman + pods: + matchLabels: + name: bpfman-daemon + containernames: + - bpfman + - bpfman-agent - type: XDP xdp: bpffunctionname: xdp_stats - interfaceselector: - primarynodeinterface: true - priority: 55 + attach_points: + - interfaceselector: + primarynodeinterface: true + priority: 55 diff --git a/controllers/bpfman-agent/application-program.go b/controllers/bpfman-agent/application-program.go index ac5b019ef..a0bf1117f 100644 --- a/controllers/bpfman-agent/application-program.go +++ b/controllers/bpfman-agent/application-program.go @@ -121,7 +121,7 @@ func (r *BpfApplicationReconciler) Reconcile(ctx context.Context, req ctrl.Reque case bpfmaniov1alpha1.ProgTypeKprobe, bpfmaniov1alpha1.ProgTypeKretprobe: - appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), sanitize(p.Kprobe.FunctionName), p.Kprobe.BpfFunctionName) + appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), sanitize(p.Kprobe.AttachPoints[0].FunctionName), p.Kprobe.BpfFunctionName) kprobeProgram := bpfmaniov1alpha1.KprobeProgram{ ObjectMeta: metav1.ObjectMeta{ Name: buildProgramName(a, p), @@ -144,7 +144,7 @@ func (r *BpfApplicationReconciler) Reconcile(ctx context.Context, req ctrl.Reque case bpfmaniov1alpha1.ProgTypeUprobe, bpfmaniov1alpha1.ProgTypeUretprobe: - appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), sanitize(p.Uprobe.FunctionName), p.Uprobe.BpfFunctionName) + appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), sanitize(p.Uprobe.AttachPoints[0].FunctionName), p.Uprobe.BpfFunctionName) uprobeProgram := bpfmaniov1alpha1.UprobeProgram{ ObjectMeta: metav1.ObjectMeta{ Name: buildProgramName(a, p), @@ -188,13 +188,13 @@ func (r *BpfApplicationReconciler) Reconcile(ctx context.Context, req ctrl.Reque complete, res, err = r.reconcileCommon(ctx, rec, tracepointObjects) case bpfmaniov1alpha1.ProgTypeTC: - _, ifErr := getInterfaces(&p.TC.InterfaceSelector, r.ourNode) + _, ifErr := getInterfaces(&p.TC.AttachPoints[0].InterfaceSelector, r.ourNode) if ifErr != nil { r.Logger.Error(ifErr, "failed to get interfaces for TC Program", "app program name", a.Name, "program index", j) continue } - appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), p.TC.Direction, p.TC.BpfFunctionName) + appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), p.TC.AttachPoints[0].Direction, p.TC.BpfFunctionName) tcProgram := bpfmaniov1alpha1.TcProgram{ ObjectMeta: metav1.ObjectMeta{ Name: buildProgramName(a, p), @@ -216,13 +216,13 @@ func (r *BpfApplicationReconciler) Reconcile(ctx context.Context, req ctrl.Reque complete, res, err = r.reconcileCommon(ctx, rec, tcObjects) case bpfmaniov1alpha1.ProgTypeTCX: - _, ifErr := getInterfaces(&p.TCX.InterfaceSelector, r.ourNode) + _, ifErr := getInterfaces(&p.TCX.AttachPoints[0].InterfaceSelector, r.ourNode) if ifErr != nil { r.Logger.Error(ifErr, "failed to get interfaces for TCX Program", "app program name", a.Name, "program index", j) continue } - appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), p.TCX.Direction, p.TCX.BpfFunctionName) + appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), p.TCX.AttachPoints[0].Direction, p.TCX.BpfFunctionName) tcxProgram := bpfmaniov1alpha1.TcxProgram{ ObjectMeta: metav1.ObjectMeta{ Name: buildProgramName(a, p), @@ -244,7 +244,7 @@ func (r *BpfApplicationReconciler) Reconcile(ctx context.Context, req ctrl.Reque complete, res, err = r.reconcileCommon(ctx, rec, tcxObjects) case bpfmaniov1alpha1.ProgTypeXDP: - _, ifErr := getInterfaces(&p.XDP.InterfaceSelector, r.ourNode) + _, ifErr := getInterfaces(&p.XDP.AttachPoints[0].InterfaceSelector, r.ourNode) if ifErr != nil { r.Logger.Error(ifErr, "failed to get interfaces for XDP Program", "app program name", a.Name, "program index", j) diff --git a/controllers/bpfman-agent/application-program_test.go b/controllers/bpfman-agent/application-program_test.go index d3c0195c7..9352f5eaf 100644 --- a/controllers/bpfman-agent/application-program_test.go +++ b/controllers/bpfman-agent/application-program_test.go @@ -71,7 +71,8 @@ func TestBpfApplicationControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFentryFunctionName, }, - FunctionName: fentryFunctionName, + FentryLoadInfo: bpfmaniov1alpha1.FentryLoadInfo{FunctionName: fentryFunctionName}, + Attach: true, }, }, { @@ -80,9 +81,13 @@ func TestBpfApplicationControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfKprobeFunctionName, }, - FunctionName: kprobeFunctionName, - Offset: uint64(kprobeOffset), - RetProbe: kprobeRetprobe, + AttachPoints: []bpfmaniov1alpha1.KprobeAttachInfo{ + { + FunctionName: kprobeFunctionName, + Offset: uint64(kprobeOffset), + RetProbe: kprobeRetprobe, + }, + }, }, }, }, diff --git a/controllers/bpfman-agent/fentry-program_test.go b/controllers/bpfman-agent/fentry-program_test.go index 1a5384162..587ef9d65 100644 --- a/controllers/bpfman-agent/fentry-program_test.go +++ b/controllers/bpfman-agent/fentry-program_test.go @@ -72,7 +72,8 @@ func TestFentryProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, + FentryLoadInfo: bpfmaniov1alpha1.FentryLoadInfo{FunctionName: functionName}, + Attach: true, }, }, } diff --git a/controllers/bpfman-agent/fexit-program_test.go b/controllers/bpfman-agent/fexit-program_test.go index a424384d5..54a3eb068 100644 --- a/controllers/bpfman-agent/fexit-program_test.go +++ b/controllers/bpfman-agent/fexit-program_test.go @@ -72,7 +72,8 @@ func TestFexitProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, + FexitLoadInfo: bpfmaniov1alpha1.FexitLoadInfo{FunctionName: functionName}, + Attach: true, }, }, } diff --git a/controllers/bpfman-agent/kprobe-program.go b/controllers/bpfman-agent/kprobe-program.go index 8b18400b0..136585503 100644 --- a/controllers/bpfman-agent/kprobe-program.go +++ b/controllers/bpfman-agent/kprobe-program.go @@ -126,9 +126,9 @@ func (r *KprobeProgramReconciler) SetupWithManager(mgr ctrl.Manager) error { func (r *KprobeProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfmaniov1alpha1.BpfProgramList, error) { progs := &bpfmaniov1alpha1.BpfProgramList{} - attachPoint := sanitize(r.currentKprobeProgram.Spec.FunctionName) + attachPoint := sanitize(r.currentKprobeProgram.Spec.AttachPoints[0].FunctionName) - annotations := map[string]string{internal.KprobeProgramFunction: r.currentKprobeProgram.Spec.FunctionName} + annotations := map[string]string{internal.KprobeProgramFunction: r.currentKprobeProgram.Spec.AttachPoints[0].FunctionName} prog, err := r.createBpfProgram(attachPoint, r, annotations) if err != nil { @@ -198,8 +198,8 @@ func (r *KprobeProgramReconciler) getLoadRequest(bpfProgram *bpfmaniov1alpha1.Bp Info: &gobpfman.AttachInfo_KprobeAttachInfo{ KprobeAttachInfo: &gobpfman.KprobeAttachInfo{ FnName: bpfProgram.Annotations[internal.KprobeProgramFunction], - Offset: r.currentKprobeProgram.Spec.Offset, - Retprobe: r.currentKprobeProgram.Spec.RetProbe, + Offset: r.currentKprobeProgram.Spec.AttachPoints[0].Offset, + Retprobe: r.currentKprobeProgram.Spec.AttachPoints[0].RetProbe, ContainerPid: &container_pid, }, }, diff --git a/controllers/bpfman-agent/kprobe-program_test.go b/controllers/bpfman-agent/kprobe-program_test.go index 96f1a3744..014d2155d 100644 --- a/controllers/bpfman-agent/kprobe-program_test.go +++ b/controllers/bpfman-agent/kprobe-program_test.go @@ -75,9 +75,13 @@ func TestKprobeProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, - Offset: uint64(offset), - RetProbe: retprobe, + AttachPoints: []bpfmaniov1alpha1.KprobeAttachInfo{ + { + FunctionName: functionName, + Offset: uint64(offset), + RetProbe: retprobe, + }, + }, }, }, } diff --git a/controllers/bpfman-agent/tc-program.go b/controllers/bpfman-agent/tc-program.go index d65134e06..cd1b19996 100644 --- a/controllers/bpfman-agent/tc-program.go +++ b/controllers/bpfman-agent/tc-program.go @@ -100,7 +100,7 @@ func (r *TcProgramReconciler) setCurrentProgram(program client.Object) error { return fmt.Errorf("failed to cast program to TcProgram") } - r.interfaces, err = getInterfaces(&r.currentTcProgram.Spec.InterfaceSelector, r.ourNode) + r.interfaces, err = getInterfaces(&r.currentTcProgram.Spec.AttachPoints[0].InterfaceSelector, r.ourNode) if err != nil { return fmt.Errorf("failed to get interfaces for TcProgram: %v", err) } @@ -179,11 +179,11 @@ func (r *TcProgramReconciler) SetupWithManager(mgr ctrl.Manager) error { func (r *TcProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfmaniov1alpha1.BpfProgramList, error) { progs := &bpfmaniov1alpha1.BpfProgramList{} - if r.currentTcProgram.Spec.Containers != nil { + if r.currentTcProgram.Spec.AttachPoints[0].Containers != nil { // There is a container selector, so see if there are any matching // containers on this node. - containerInfo, err := r.Containers.GetContainers(ctx, r.currentTcProgram.Spec.Containers, r.Logger) + containerInfo, err := r.Containers.GetContainers(ctx, r.currentTcProgram.Spec.AttachPoints[0].Containers, r.Logger) if err != nil { return nil, fmt.Errorf("failed to get container pids: %v", err) } @@ -194,7 +194,7 @@ func (r *TcProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfm for _, iface := range r.interfaces { attachPoint := fmt.Sprintf("%s-%s-%s", iface, - r.currentTcProgram.Spec.Direction, + r.currentTcProgram.Spec.AttachPoints[0].Direction, "no-containers-on-node", ) @@ -217,7 +217,7 @@ func (r *TcProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfm for _, iface := range r.interfaces { attachPoint := fmt.Sprintf("%s-%s-%s-%s", iface, - r.currentTcProgram.Spec.Direction, + r.currentTcProgram.Spec.AttachPoints[0].Direction, container.podName, container.containerName, ) @@ -238,7 +238,7 @@ func (r *TcProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfm } } else { for _, iface := range r.interfaces { - attachPoint := iface + "-" + r.currentTcProgram.Spec.Direction + attachPoint := iface + "-" + r.currentTcProgram.Spec.AttachPoints[0].Direction annotations := map[string]string{internal.TcProgramInterface: iface} prog, err := r.createBpfProgram(attachPoint, r, annotations) @@ -301,10 +301,10 @@ func (r *TcProgramReconciler) getLoadRequest(bpfProgram *bpfmaniov1alpha1.BpfPro } attachInfo := &gobpfman.TCAttachInfo{ - Priority: r.currentTcProgram.Spec.Priority, + Priority: r.currentTcProgram.Spec.AttachPoints[0].Priority, Iface: bpfProgram.Annotations[internal.TcProgramInterface], - Direction: r.currentTcProgram.Spec.Direction, - ProceedOn: tcProceedOnToInt(r.currentTcProgram.Spec.ProceedOn), + Direction: r.currentTcProgram.Spec.AttachPoints[0].Direction, + ProceedOn: tcProceedOnToInt(r.currentTcProgram.Spec.AttachPoints[0].ProceedOn), } containerPidStr, ok := bpfProgram.Annotations[internal.TcContainerPid] diff --git a/controllers/bpfman-agent/tc-program_test.go b/controllers/bpfman-agent/tc-program_test.go index a1b711843..02e7def10 100644 --- a/controllers/bpfman-agent/tc-program_test.go +++ b/controllers/bpfman-agent/tc-program_test.go @@ -74,14 +74,18 @@ func TestTcProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &[]string{fakeInt}, - }, - Priority: 0, - Direction: direction, - ProceedOn: []bpfmaniov1alpha1.TcProceedOnValue{ - bpfmaniov1alpha1.TcProceedOnValue("pipe"), - bpfmaniov1alpha1.TcProceedOnValue("dispatcher_return"), + AttachPoints: []bpfmaniov1alpha1.TcAttachInfo{ + { + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &[]string{fakeInt}, + }, + Priority: 0, + Direction: direction, + ProceedOn: []bpfmaniov1alpha1.TcProceedOnValue{ + bpfmaniov1alpha1.TcProceedOnValue("pipe"), + bpfmaniov1alpha1.TcProceedOnValue("dispatcher_return"), + }, + }, }, }, }, @@ -247,14 +251,18 @@ func TestTcProgramControllerCreateMultiIntf(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &fakeInts, - }, - Priority: 0, - Direction: direction, - ProceedOn: []bpfmaniov1alpha1.TcProceedOnValue{ - bpfmaniov1alpha1.TcProceedOnValue("pipe"), - bpfmaniov1alpha1.TcProceedOnValue("dispatcher_return"), + AttachPoints: []bpfmaniov1alpha1.TcAttachInfo{ + { + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &fakeInts, + }, + Priority: 0, + Direction: direction, + ProceedOn: []bpfmaniov1alpha1.TcProceedOnValue{ + bpfmaniov1alpha1.TcProceedOnValue("pipe"), + bpfmaniov1alpha1.TcProceedOnValue("dispatcher_return"), + }, + }, }, }, }, diff --git a/controllers/bpfman-agent/tcx-program.go b/controllers/bpfman-agent/tcx-program.go index 8df8661f2..ad4f6a749 100644 --- a/controllers/bpfman-agent/tcx-program.go +++ b/controllers/bpfman-agent/tcx-program.go @@ -100,7 +100,7 @@ func (r *TcxProgramReconciler) setCurrentProgram(program client.Object) error { return fmt.Errorf("failed to cast program to TcxProgram") } - r.interfaces, err = getInterfaces(&r.currentTcxProgram.Spec.InterfaceSelector, r.ourNode) + r.interfaces, err = getInterfaces(&r.currentTcxProgram.Spec.AttachPoints[0].InterfaceSelector, r.ourNode) if err != nil { return fmt.Errorf("failed to get interfaces for TcxProgram: %v", err) } @@ -145,11 +145,11 @@ func (r *TcxProgramReconciler) SetupWithManager(mgr ctrl.Manager) error { func (r *TcxProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfmaniov1alpha1.BpfProgramList, error) { progs := &bpfmaniov1alpha1.BpfProgramList{} - if r.currentTcxProgram.Spec.Containers != nil { + if r.currentTcxProgram.Spec.AttachPoints[0].Containers != nil { // There is a container selector, so see if there are any matching // containers on this node. - containerInfo, err := r.Containers.GetContainers(ctx, r.currentTcxProgram.Spec.Containers, r.Logger) + containerInfo, err := r.Containers.GetContainers(ctx, r.currentTcxProgram.Spec.AttachPoints[0].Containers, r.Logger) if err != nil { return nil, fmt.Errorf("failed to get container pids: %v", err) } @@ -160,7 +160,7 @@ func (r *TcxProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpf for _, iface := range r.interfaces { attachPoint := fmt.Sprintf("%s-%s-%s", iface, - r.currentTcxProgram.Spec.Direction, + r.currentTcxProgram.Spec.AttachPoints[0].Direction, "no-containers-on-node", ) @@ -183,7 +183,7 @@ func (r *TcxProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpf for _, iface := range r.interfaces { attachPoint := fmt.Sprintf("%s-%s-%s-%s", iface, - r.currentTcxProgram.Spec.Direction, + r.currentTcxProgram.Spec.AttachPoints[0].Direction, container.podName, container.containerName, ) @@ -204,7 +204,7 @@ func (r *TcxProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpf } } else { for _, iface := range r.interfaces { - attachPoint := iface + "-" + r.currentTcxProgram.Spec.Direction + attachPoint := iface + "-" + r.currentTcxProgram.Spec.AttachPoints[0].Direction annotations := map[string]string{internal.TcxProgramInterface: iface} prog, err := r.createBpfProgram(attachPoint, r, annotations) @@ -267,9 +267,9 @@ func (r *TcxProgramReconciler) getLoadRequest(bpfProgram *bpfmaniov1alpha1.BpfPr } attachInfo := &gobpfman.TCXAttachInfo{ - Priority: r.currentTcxProgram.Spec.Priority, + Priority: r.currentTcxProgram.Spec.AttachPoints[0].Priority, Iface: bpfProgram.Annotations[internal.TcxProgramInterface], - Direction: r.currentTcxProgram.Spec.Direction, + Direction: r.currentTcxProgram.Spec.AttachPoints[0].Direction, } containerPidStr, ok := bpfProgram.Annotations[internal.TcxContainerPid] diff --git a/controllers/bpfman-agent/tcx-program_test.go b/controllers/bpfman-agent/tcx-program_test.go index 090d640de..9c0e6d737 100644 --- a/controllers/bpfman-agent/tcx-program_test.go +++ b/controllers/bpfman-agent/tcx-program_test.go @@ -74,11 +74,15 @@ func TestTcxProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &[]string{fakeInt}, + AttachPoints: []bpfmaniov1alpha1.TcxAttachInfo{ + { + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &[]string{fakeInt}, + }, + Priority: 0, + Direction: direction, + }, }, - Priority: 0, - Direction: direction, }, }, } @@ -170,7 +174,7 @@ func TestTcxProgramControllerCreate(t *testing.T) { Info: &gobpfman.AttachInfo_TcxAttachInfo{ TcxAttachInfo: &gobpfman.TCXAttachInfo{ Iface: fakeInt, - Priority: tcx.Spec.Priority, + Priority: tcx.Spec.AttachPoints[0].Priority, Direction: direction, }, }, @@ -242,11 +246,15 @@ func TestTcxProgramControllerCreateMultiIntf(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &fakeInts, + AttachPoints: []bpfmaniov1alpha1.TcxAttachInfo{ + { + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &fakeInts, + }, + Priority: 10, + Direction: direction, + }, }, - Priority: 10, - Direction: direction, }, }, } @@ -389,7 +397,7 @@ func TestTcxProgramControllerCreateMultiIntf(t *testing.T) { Info: &gobpfman.AttachInfo_TcxAttachInfo{ TcxAttachInfo: &gobpfman.TCXAttachInfo{ Iface: fakeInts[0], - Priority: tcx.Spec.Priority, + Priority: tcx.Spec.AttachPoints[0].Priority, Direction: direction, }, }, @@ -410,7 +418,7 @@ func TestTcxProgramControllerCreateMultiIntf(t *testing.T) { Info: &gobpfman.AttachInfo_TcxAttachInfo{ TcxAttachInfo: &gobpfman.TCXAttachInfo{ Iface: fakeInts[1], - Priority: tcx.Spec.Priority, + Priority: tcx.Spec.AttachPoints[0].Priority, Direction: direction, }, }, diff --git a/controllers/bpfman-agent/tracepoint-program.go b/controllers/bpfman-agent/tracepoint-program.go index 97480369c..16ed6e254 100644 --- a/controllers/bpfman-agent/tracepoint-program.go +++ b/controllers/bpfman-agent/tracepoint-program.go @@ -126,18 +126,17 @@ func (r *TracepointProgramReconciler) SetupWithManager(mgr ctrl.Manager) error { func (r *TracepointProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfmaniov1alpha1.BpfProgramList, error) { progs := &bpfmaniov1alpha1.BpfProgramList{} - for _, tracepoint := range r.currentTracepointProgram.Spec.Names { - attachPoint := sanitize(tracepoint) - annotations := map[string]string{internal.TracepointProgramTracepoint: tracepoint} + tracepoint := r.currentTracepointProgram.Spec.AttachPoints[0].Name + attachPoint := sanitize(tracepoint) + annotations := map[string]string{internal.TracepointProgramTracepoint: tracepoint} - prog, err := r.createBpfProgram(attachPoint, r, annotations) - if err != nil { - return nil, fmt.Errorf("failed to create BpfProgram %s: %v", attachPoint, err) - } - - progs.Items = append(progs.Items, *prog) + prog, err := r.createBpfProgram(attachPoint, r, annotations) + if err != nil { + return nil, fmt.Errorf("failed to create BpfProgram %s: %v", attachPoint, err) } + progs.Items = append(progs.Items, *prog) + return progs, nil } diff --git a/controllers/bpfman-agent/tracepoint-program_test.go b/controllers/bpfman-agent/tracepoint-program_test.go index 3455f72a4..2f5ab986f 100644 --- a/controllers/bpfman-agent/tracepoint-program_test.go +++ b/controllers/bpfman-agent/tracepoint-program_test.go @@ -72,7 +72,7 @@ func TestTracepointProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - Names: []string{tracepointName}, + AttachPoints: []bpfmaniov1alpha1.TracepointAttachInfo{{Name: tracepointName}}, }, }, } diff --git a/controllers/bpfman-agent/uprobe-program.go b/controllers/bpfman-agent/uprobe-program.go index 72f90ed31..884a68a51 100644 --- a/controllers/bpfman-agent/uprobe-program.go +++ b/controllers/bpfman-agent/uprobe-program.go @@ -134,13 +134,14 @@ func (r *UprobeProgramReconciler) SetupWithManager(mgr ctrl.Manager) error { func (r *UprobeProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfmaniov1alpha1.BpfProgramList, error) { progs := &bpfmaniov1alpha1.BpfProgramList{} - sanitizedUprobe := sanitize(r.currentUprobeProgram.Spec.Target) + "-" + sanitize(r.currentUprobeProgram.Spec.FunctionName) + sanitizedUprobe := sanitize(r.currentUprobeProgram.Spec.AttachPoints[0].Target) + "-" + + sanitize(r.currentUprobeProgram.Spec.AttachPoints[0].FunctionName) - if r.currentUprobeProgram.Spec.Containers != nil { + if r.currentUprobeProgram.Spec.AttachPoints[0].Containers != nil { // There is a container selector, so see if there are any matching // containers on this node. - containerInfo, err := r.Containers.GetContainers(ctx, r.currentUprobeProgram.Spec.Containers, r.Logger) + containerInfo, err := r.Containers.GetContainers(ctx, r.currentUprobeProgram.Spec.AttachPoints[0].Containers, r.Logger) if err != nil { return nil, fmt.Errorf("failed to get container pids: %v", err) } @@ -149,7 +150,7 @@ func (r *UprobeProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (* // select any containers on this node. annotations := map[string]string{ - internal.UprobeProgramTarget: r.currentUprobeProgram.Spec.Target, + internal.UprobeProgramTarget: r.currentUprobeProgram.Spec.AttachPoints[0].Target, internal.UprobeNoContainersOnNode: "true", } @@ -167,7 +168,7 @@ func (r *UprobeProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (* for i := range *containerInfo { container := (*containerInfo)[i] - annotations := map[string]string{internal.UprobeProgramTarget: r.currentUprobeProgram.Spec.Target} + annotations := map[string]string{internal.UprobeProgramTarget: r.currentUprobeProgram.Spec.AttachPoints[0].Target} annotations[internal.UprobeContainerPid] = strconv.FormatInt(container.pid, 10) attachPoint := fmt.Sprintf("%s-%s-%s", @@ -185,7 +186,7 @@ func (r *UprobeProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (* } } } else { - annotations := map[string]string{internal.UprobeProgramTarget: r.currentUprobeProgram.Spec.Target} + annotations := map[string]string{internal.UprobeProgramTarget: r.currentUprobeProgram.Spec.AttachPoints[0].Target} attachPoint := sanitizedUprobe @@ -265,10 +266,10 @@ func (r *UprobeProgramReconciler) getLoadRequest(bpfProgram *bpfmaniov1alpha1.Bp } uprobeAttachInfo = &gobpfman.UprobeAttachInfo{ - FnName: &r.currentUprobeProgram.Spec.FunctionName, - Offset: r.currentUprobeProgram.Spec.Offset, + FnName: &r.currentUprobeProgram.Spec.AttachPoints[0].FunctionName, + Offset: r.currentUprobeProgram.Spec.AttachPoints[0].Offset, Target: bpfProgram.Annotations[internal.UprobeProgramTarget], - Retprobe: r.currentUprobeProgram.Spec.RetProbe, + Retprobe: r.currentUprobeProgram.Spec.AttachPoints[0].RetProbe, } if hasContainerPid { diff --git a/controllers/bpfman-agent/uprobe-program_test.go b/controllers/bpfman-agent/uprobe-program_test.go index a22d367d2..de2a39ead 100644 --- a/controllers/bpfman-agent/uprobe-program_test.go +++ b/controllers/bpfman-agent/uprobe-program_test.go @@ -76,10 +76,14 @@ func TestUprobeProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, - Target: target, - Offset: uint64(offset), - RetProbe: retprobe, + AttachPoints: []bpfmaniov1alpha1.UprobeAttachInfo{ + { + FunctionName: functionName, + Target: target, + Offset: uint64(offset), + RetProbe: retprobe, + }, + }, }, }, } @@ -240,6 +244,16 @@ func TestUprobeProgramControllerCreateContainer(t *testing.T) { Pods: metav1.LabelSelector{}, } + attachPoints := []bpfmaniov1alpha1.UprobeAttachInfo{ + { + FunctionName: functionName, + Target: target, + Offset: uint64(offset), + RetProbe: retprobe, + Containers: &containerSelector, + }, + } + // A UprobeProgram object with metadata and spec. Uprobe := &bpfmaniov1alpha1.UprobeProgram{ ObjectMeta: metav1.ObjectMeta{ @@ -256,12 +270,7 @@ func TestUprobeProgramControllerCreateContainer(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, - Target: target, - Offset: uint64(offset), - RetProbe: retprobe, - Containers: &containerSelector, - }, + AttachPoints: attachPoints}, }, } diff --git a/controllers/bpfman-agent/xdp-program.go b/controllers/bpfman-agent/xdp-program.go index 364217908..017fe4108 100644 --- a/controllers/bpfman-agent/xdp-program.go +++ b/controllers/bpfman-agent/xdp-program.go @@ -99,7 +99,7 @@ func (r *XdpProgramReconciler) setCurrentProgram(program client.Object) error { return fmt.Errorf("failed to cast program to XdpProgram") } - r.interfaces, err = getInterfaces(&r.currentXdpProgram.Spec.InterfaceSelector, r.ourNode) + r.interfaces, err = getInterfaces(&r.currentXdpProgram.Spec.AttachPoints[0].InterfaceSelector, r.ourNode) if err != nil { return fmt.Errorf("failed to get interfaces for XdpProgram: %v", err) } @@ -164,11 +164,11 @@ func (r *XdpProgramReconciler) SetupWithManager(mgr ctrl.Manager) error { func (r *XdpProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfmaniov1alpha1.BpfProgramList, error) { progs := &bpfmaniov1alpha1.BpfProgramList{} - if r.currentXdpProgram.Spec.Containers != nil { + if r.currentXdpProgram.Spec.AttachPoints[0].Containers != nil { // There is a container selector, so see if there are any matching // containers on this node. - containerInfo, err := r.Containers.GetContainers(ctx, r.currentXdpProgram.Spec.Containers, r.Logger) + containerInfo, err := r.Containers.GetContainers(ctx, r.currentXdpProgram.Spec.AttachPoints[0].Containers, r.Logger) if err != nil { return nil, fmt.Errorf("failed to get container pids: %v", err) } @@ -283,9 +283,9 @@ func (r *XdpProgramReconciler) getLoadRequest(bpfProgram *bpfmaniov1alpha1.BpfPr } attachInfo := &gobpfman.XDPAttachInfo{ - Priority: r.currentXdpProgram.Spec.Priority, + Priority: r.currentXdpProgram.Spec.AttachPoints[0].Priority, Iface: bpfProgram.Annotations[internal.XdpProgramInterface], - ProceedOn: xdpProceedOnToInt(r.currentXdpProgram.Spec.ProceedOn), + ProceedOn: xdpProceedOnToInt(r.currentXdpProgram.Spec.AttachPoints[0].ProceedOn), } containerPidStr, ok := bpfProgram.Annotations[internal.XdpContainerPid] diff --git a/controllers/bpfman-agent/xdp-program_test.go b/controllers/bpfman-agent/xdp-program_test.go index 922cd28e4..88c626a23 100644 --- a/controllers/bpfman-agent/xdp-program_test.go +++ b/controllers/bpfman-agent/xdp-program_test.go @@ -89,12 +89,16 @@ func xdpProgramControllerCreate(t *testing.T, multiInterface bool, multiConditio BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &fakeInts, - }, - Priority: 0, - ProceedOn: []bpfmaniov1alpha1.XdpProceedOnValue{bpfmaniov1alpha1.XdpProceedOnValue("pass"), - bpfmaniov1alpha1.XdpProceedOnValue("dispatcher_return"), + AttachPoints: []bpfmaniov1alpha1.XdpAttachInfo{ + { + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &fakeInts, + }, + Priority: 0, + ProceedOn: []bpfmaniov1alpha1.XdpProceedOnValue{bpfmaniov1alpha1.XdpProceedOnValue("pass"), + bpfmaniov1alpha1.XdpProceedOnValue("dispatcher_return"), + }, + }, }, }, }, diff --git a/controllers/bpfman-operator/application-program_test.go b/controllers/bpfman-operator/application-program_test.go index 76fc0770f..8dca7b52e 100644 --- a/controllers/bpfman-operator/application-program_test.go +++ b/controllers/bpfman-operator/application-program_test.go @@ -75,7 +75,8 @@ func appProgramReconcile(t *testing.T, multiCondition bool) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFentryFunctionName, }, - FunctionName: functionFentryName, + FentryLoadInfo: bpfmaniov1alpha1.FentryLoadInfo{FunctionName: functionFentryName}, + Attach: true, }, }, { @@ -84,9 +85,13 @@ func appProgramReconcile(t *testing.T, multiCondition bool) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfKprobeFunctionName, }, - FunctionName: functionKprobeName, - Offset: uint64(offset), - RetProbe: retprobe, + AttachPoints: []bpfmaniov1alpha1.KprobeAttachInfo{ + { + FunctionName: functionKprobeName, + Offset: uint64(offset), + RetProbe: retprobe, + }, + }, }, }, { @@ -95,7 +100,11 @@ func appProgramReconcile(t *testing.T, multiCondition bool) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfTracepointFunctionName, }, - Names: []string{tracepointName}, + AttachPoints: []bpfmaniov1alpha1.TracepointAttachInfo{ + { + Name: tracepointName, + }, + }, }, }, }, diff --git a/controllers/bpfman-operator/fentry-program_test.go b/controllers/bpfman-operator/fentry-program_test.go index 1ffd18af7..4f556c6a8 100644 --- a/controllers/bpfman-operator/fentry-program_test.go +++ b/controllers/bpfman-operator/fentry-program_test.go @@ -63,11 +63,11 @@ func fentryProgramReconcile(t *testing.T, multiCondition bool) { }, }, FentryProgramInfo: bpfmaniov1alpha1.FentryProgramInfo{ - BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, + FentryLoadInfo: bpfmaniov1alpha1.FentryLoadInfo{FunctionName: functionName}, + Attach: true, }, }, } diff --git a/controllers/bpfman-operator/fexit-program_test.go b/controllers/bpfman-operator/fexit-program_test.go index 086e30d9d..faa051bbb 100644 --- a/controllers/bpfman-operator/fexit-program_test.go +++ b/controllers/bpfman-operator/fexit-program_test.go @@ -67,7 +67,8 @@ func fexitProgramReconcile(t *testing.T, multiCondition bool) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, + FexitLoadInfo: bpfmaniov1alpha1.FexitLoadInfo{FunctionName: functionName}, + Attach: true, }, }, } diff --git a/controllers/bpfman-operator/kprobe-program_test.go b/controllers/bpfman-operator/kprobe-program_test.go index 5216fbd77..50c5789f6 100644 --- a/controllers/bpfman-operator/kprobe-program_test.go +++ b/controllers/bpfman-operator/kprobe-program_test.go @@ -69,9 +69,13 @@ func kprobeProgramReconcile(t *testing.T, multiCondition bool) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, - Offset: uint64(offset), - RetProbe: retprobe, + AttachPoints: []bpfmaniov1alpha1.KprobeAttachInfo{ + { + FunctionName: functionName, + Offset: uint64(offset), + RetProbe: retprobe, + }, + }, }, }, } diff --git a/controllers/bpfman-operator/tc-program_test.go b/controllers/bpfman-operator/tc-program_test.go index 032a4d7f8..ba3d8c593 100644 --- a/controllers/bpfman-operator/tc-program_test.go +++ b/controllers/bpfman-operator/tc-program_test.go @@ -66,15 +66,15 @@ func TestTcProgramReconcile(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + AttachPoints: []bpfmaniov1alpha1.TcAttachInfo{{InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ Interfaces: &[]string{fakeInt}, }, - Priority: 0, - Direction: direction, - ProceedOn: []bpfmaniov1alpha1.TcProceedOnValue{ - bpfmaniov1alpha1.TcProceedOnValue("pipe"), - bpfmaniov1alpha1.TcProceedOnValue("dispatcher_return"), - }, + Priority: 0, + Direction: direction, + ProceedOn: []bpfmaniov1alpha1.TcProceedOnValue{ + bpfmaniov1alpha1.TcProceedOnValue("pipe"), + bpfmaniov1alpha1.TcProceedOnValue("dispatcher_return"), + }}}, }, }, } diff --git a/controllers/bpfman-operator/tcx-program_test.go b/controllers/bpfman-operator/tcx-program_test.go index 5623e995f..fd8929633 100644 --- a/controllers/bpfman-operator/tcx-program_test.go +++ b/controllers/bpfman-operator/tcx-program_test.go @@ -66,12 +66,13 @@ func TestTcxProgramReconcile(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &[]string{fakeInt}, - }, - Priority: 0, - Direction: direction, - }, + AttachPoints: []bpfmaniov1alpha1.TcxAttachInfo{{ + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &[]string{fakeInt}, + }, + Priority: 0, + Direction: direction, + }}}, }, } diff --git a/controllers/bpfman-operator/tracepoint-program_test.go b/controllers/bpfman-operator/tracepoint-program_test.go index 8cac0a367..2644f537f 100644 --- a/controllers/bpfman-operator/tracepoint-program_test.go +++ b/controllers/bpfman-operator/tracepoint-program_test.go @@ -64,7 +64,7 @@ func TestTracepointProgramReconcile(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - Names: []string{tracepointName}, + AttachPoints: []bpfmaniov1alpha1.TracepointAttachInfo{{Name: tracepointName}}, }, }, } diff --git a/controllers/bpfman-operator/uprobe-program_test.go b/controllers/bpfman-operator/uprobe-program_test.go index d591165fd..23b9f3aff 100644 --- a/controllers/bpfman-operator/uprobe-program_test.go +++ b/controllers/bpfman-operator/uprobe-program_test.go @@ -67,10 +67,12 @@ func TestUprobeProgramReconcile(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, - Target: target, - Offset: uint64(offset), - RetProbe: retprobe, + AttachPoints: []bpfmaniov1alpha1.UprobeAttachInfo{{ + FunctionName: functionName, + Target: target, + Offset: uint64(offset), + RetProbe: retprobe, + }}, }, }, } diff --git a/controllers/bpfman-operator/xdp-program_test.go b/controllers/bpfman-operator/xdp-program_test.go index 92223a008..dc3723ea2 100644 --- a/controllers/bpfman-operator/xdp-program_test.go +++ b/controllers/bpfman-operator/xdp-program_test.go @@ -64,13 +64,15 @@ func TestXdpProgramReconcile(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &[]string{fakeInt}, - }, - Priority: 0, - ProceedOn: []bpfmaniov1alpha1.XdpProceedOnValue{bpfmaniov1alpha1.XdpProceedOnValue("pass"), - bpfmaniov1alpha1.XdpProceedOnValue("dispatcher_return"), - }, + AttachPoints: []bpfmaniov1alpha1.XdpAttachInfo{{ + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &[]string{fakeInt}, + }, + Priority: 0, + ProceedOn: []bpfmaniov1alpha1.XdpProceedOnValue{bpfmaniov1alpha1.XdpProceedOnValue("pass"), + bpfmaniov1alpha1.XdpProceedOnValue("dispatcher_return"), + }, + }}, }, }, }