From 336e98cefc6ff22255616a4e180f5e16f95d6670 Mon Sep 17 00:00:00 2001 From: Andre Fredette Date: Mon, 9 Dec 2024 18:44:14 -0500 Subject: [PATCH] WIP: Initial pass at BpfApplication CRD update for load/attach split The main change is that a separate optional list of attach points is included with each program (except for fentry and fexit programs that just include an attach boolean). Otherwise, the info is all the same. The list of attach points may be updated any time after the programs are loaded, which allows the program to be loaded before any attachments are made, and allows attachments to be added after the program has been loaded. Existing controllers have been updated to work with new CRDs, but they only work with a single attach point per program. I've updated the bpfman.io_v1alpha1_bpfapplication.yaml, but the others still have the old format and won't work with the current code. TODO: Add a per-node CRD (BpfProgram analog) to maintain the per-node state for the BpfApplication. Signed-off-by: Andre Fredette --- apis/v1alpha1/bpfapplication_types.go | 6 +- apis/v1alpha1/fentryProgram_types.go | 21 +- apis/v1alpha1/fexitProgram_types.go | 21 +- apis/v1alpha1/kprobeProgram_types.go | 22 +- apis/v1alpha1/shared_types.go | 7 +- apis/v1alpha1/tcProgram_types.go | 16 +- apis/v1alpha1/tcxProgram_types.go | 16 +- apis/v1alpha1/tracepointProgram_types.go | 20 +- apis/v1alpha1/uprobeProgram_types.go | 16 +- apis/v1alpha1/xdpProgram_types.go | 14 +- apis/v1alpha1/zz_generated.deepcopy.go | 247 ++-- ...bpfman-operator.clusterserviceversion.yaml | 104 +- .../manifests/bpfman.io_bpfapplications.yaml | 1235 +++++++++-------- .../manifests/bpfman.io_fentryprograms.yaml | 15 +- bundle/manifests/bpfman.io_fexitprograms.yaml | 15 +- .../manifests/bpfman.io_kprobeprograms.yaml | 48 +- bundle/manifests/bpfman.io_tcprograms.yaml | 268 ++-- bundle/manifests/bpfman.io_tcxprograms.yaml | 222 +-- .../bpfman.io_tracepointprograms.yaml | 25 +- .../manifests/bpfman.io_uprobeprograms.yaml | 200 +-- bundle/manifests/bpfman.io_xdpprograms.yaml | 234 ++-- .../crd/bases/bpfman.io_bpfapplications.yaml | 1235 +++++++++-------- .../crd/bases/bpfman.io_fentryprograms.yaml | 15 +- config/crd/bases/bpfman.io_fexitprograms.yaml | 15 +- .../crd/bases/bpfman.io_kprobeprograms.yaml | 48 +- config/crd/bases/bpfman.io_tcprograms.yaml | 268 ++-- config/crd/bases/bpfman.io_tcxprograms.yaml | 222 +-- .../bases/bpfman.io_tracepointprograms.yaml | 25 +- .../crd/bases/bpfman.io_uprobeprograms.yaml | 200 +-- config/crd/bases/bpfman.io_xdpprograms.yaml | 234 ++-- .../bpfman.io_v1alpha1_bpfapplication.yaml | 59 +- .../bpfman-agent/application-program.go | 14 +- .../bpfman-agent/application-program_test.go | 13 +- .../bpfman-agent/fentry-program_test.go | 3 +- .../bpfman-agent/fexit-program_test.go | 3 +- controllers/bpfman-agent/kprobe-program.go | 8 +- .../bpfman-agent/kprobe-program_test.go | 10 +- controllers/bpfman-agent/tc-program.go | 18 +- controllers/bpfman-agent/tc-program_test.go | 40 +- controllers/bpfman-agent/tcx-program.go | 16 +- controllers/bpfman-agent/tcx-program_test.go | 30 +- .../bpfman-agent/tracepoint-program.go | 17 +- .../bpfman-agent/tracepoint-program_test.go | 2 +- controllers/bpfman-agent/uprobe-program.go | 19 +- .../bpfman-agent/uprobe-program_test.go | 29 +- controllers/bpfman-agent/xdp-program.go | 10 +- controllers/bpfman-agent/xdp-program_test.go | 16 +- .../application-program_test.go | 19 +- .../bpfman-operator/fentry-program_test.go | 4 +- .../bpfman-operator/fexit-program_test.go | 3 +- .../bpfman-operator/kprobe-program_test.go | 10 +- .../bpfman-operator/tc-program_test.go | 14 +- .../bpfman-operator/tcx-program_test.go | 13 +- .../tracepoint-program_test.go | 2 +- .../bpfman-operator/uprobe-program_test.go | 10 +- .../bpfman-operator/xdp-program_test.go | 16 +- 56 files changed, 2955 insertions(+), 2477 deletions(-) diff --git a/apis/v1alpha1/bpfapplication_types.go b/apis/v1alpha1/bpfapplication_types.go index 47360ca0c..9088f83b3 100644 --- a/apis/v1alpha1/bpfapplication_types.go +++ b/apis/v1alpha1/bpfapplication_types.go @@ -138,7 +138,7 @@ type BpfApplicationSpec struct { // BpfApplicationStatus defines the observed state of BpfApplication type BpfApplicationStatus struct { - BpfProgramStatusCommon `json:",inline"` + BpfAppStatus `json:",inline"` } // +genclient @@ -155,8 +155,8 @@ type BpfApplication struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec BpfApplicationSpec `json:"spec,omitempty"` - Status BpfApplicationStatus `json:"status,omitempty"` + Spec BpfApplicationSpec `json:"spec,omitempty"` + Status BpfAppStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true diff --git a/apis/v1alpha1/fentryProgram_types.go b/apis/v1alpha1/fentryProgram_types.go index 4b82fdb43..e48912dbc 100644 --- a/apis/v1alpha1/fentryProgram_types.go +++ b/apis/v1alpha1/fentryProgram_types.go @@ -37,9 +37,8 @@ type FentryProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec FentryProgramSpec `json:"spec"` - // +optional - Status FentryProgramStatus `json:"status,omitempty"` + Spec FentryProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // FentryProgramSpec defines the desired state of FentryProgram @@ -52,13 +51,19 @@ type FentryProgramSpec struct { // FentryProgramInfo defines the Fentry program details type FentryProgramInfo struct { BpfProgramCommon `json:",inline"` - // Function to attach the fentry to. - FunctionName string `json:"func_name"` + FentryLoadInfo `json:",inline"` + // Whether the program should be attached to the function. + // This may be updated after the program has been loaded. + // +optional + // +kubebuilder:default=false + Attach bool `json:"attach,omitempty"` } -// FentryProgramStatus defines the observed state of FentryProgram -type FentryProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` +// FentryLoadInfo contains the program-specific load information for Fentry +// programs +type FentryLoadInfo struct { + // FunctionName is the name of the function to attach the Fentry program to. + FunctionName string `json:"function_name"` } // +kubebuilder:object:root=true diff --git a/apis/v1alpha1/fexitProgram_types.go b/apis/v1alpha1/fexitProgram_types.go index 97467996e..813f8990f 100644 --- a/apis/v1alpha1/fexitProgram_types.go +++ b/apis/v1alpha1/fexitProgram_types.go @@ -37,9 +37,8 @@ type FexitProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec FexitProgramSpec `json:"spec"` - // +optional - Status FexitProgramStatus `json:"status,omitempty"` + Spec FexitProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // FexitProgramSpec defines the desired state of FexitProgram @@ -52,13 +51,19 @@ type FexitProgramSpec struct { // FexitProgramInfo defines the Fexit program details type FexitProgramInfo struct { BpfProgramCommon `json:",inline"` - // Function to attach the fexit to. - FunctionName string `json:"func_name"` + FexitLoadInfo `json:",inline"` + // Whether the program should be attached to the function. + // This may be updated after the program has been loaded. + // +optional + // +kubebuilder:default=false + Attach bool `json:"attach,omitempty"` } -// FexitProgramStatus defines the observed state of FexitProgram -type FexitProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` +// FexitLoadInfo contains the program-specific load information for Fexit +// programs +type FexitLoadInfo struct { + // FunctionName is the name of the function to attach the Fexit program to. + FunctionName string `json:"function_name"` } // +kubebuilder:object:root=true diff --git a/apis/v1alpha1/kprobeProgram_types.go b/apis/v1alpha1/kprobeProgram_types.go index b427e9c44..d53b202e0 100644 --- a/apis/v1alpha1/kprobeProgram_types.go +++ b/apis/v1alpha1/kprobeProgram_types.go @@ -39,16 +39,14 @@ type KprobeProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec KprobeProgramSpec `json:"spec"` - // +optional - Status KprobeProgramStatus `json:"status,omitempty"` + Spec KprobeProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // KprobeProgramSpec defines the desired state of KprobeProgram // +kubebuilder:printcolumn:name="FunctionName",type=string,JSONPath=`.spec.func_name` // +kubebuilder:printcolumn:name="Offset",type=integer,JSONPath=`.spec.offset` // +kubebuilder:printcolumn:name="RetProbe",type=boolean,JSONPath=`.spec.retprobe` -// +kubebuilder:validation:XValidation:message="offset cannot be set for kretprobes",rule="self.retprobe == false || self.offset == 0" type KprobeProgramSpec struct { KprobeProgramInfo `json:",inline"` BpfAppCommon `json:",inline"` @@ -57,7 +55,14 @@ type KprobeProgramSpec struct { // KprobeProgramInfo defines the common fields for KprobeProgram type KprobeProgramInfo struct { BpfProgramCommon `json:",inline"` + // The list of points to which the program should be attached. The list is + // optional and may be udated after the bpf program has been loaded + // +optional + AttachPoints []KprobeAttachInfo `json:"attach_points"` +} +// +kubebuilder:validation:XValidation:message="offset cannot be set for kretprobes",rule="self.retprobe == false || self.offset == 0" +type KprobeAttachInfo struct { // Functions to attach the kprobe to. FunctionName string `json:"func_name"` @@ -71,15 +76,6 @@ type KprobeProgramInfo struct { // +optional // +kubebuilder:default:=false RetProbe bool `json:"retprobe"` - - // // Host PID of container to attach the uprobe in. (Not supported yet by bpfman.) - // // +optional - // ContainerPid string `json:"containerpid"` -} - -// KprobeProgramStatus defines the observed state of KprobeProgram -type KprobeProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` } // +kubebuilder:object:root=true diff --git a/apis/v1alpha1/shared_types.go b/apis/v1alpha1/shared_types.go index c31bd8eb4..b4f54dc20 100644 --- a/apis/v1alpha1/shared_types.go +++ b/apis/v1alpha1/shared_types.go @@ -53,7 +53,8 @@ type ContainerSelector struct { ContainerNames *[]string `json:"containernames,omitempty"` } -// BpfProgramCommon defines the common attributes for all BPF programs +// BpfProgramCommon defines the common attributes required to load all BPF +// programs. type BpfProgramCommon struct { // BpfFunctionName is the name of the function that is the entry point for the BPF // program @@ -86,8 +87,8 @@ type BpfAppCommon struct { ByteCode BytecodeSelector `json:"bytecode"` } -// BpfProgramStatusCommon defines the BpfProgram status -type BpfProgramStatusCommon struct { +// BpfAppStatus defines the BpfProgram status +type BpfAppStatus struct { // Conditions houses the global cluster state for the eBPFProgram. The explicit // condition types are defined internally. // +patchMergeKey=type diff --git a/apis/v1alpha1/tcProgram_types.go b/apis/v1alpha1/tcProgram_types.go index 6db1481b7..4d0002c85 100644 --- a/apis/v1alpha1/tcProgram_types.go +++ b/apis/v1alpha1/tcProgram_types.go @@ -40,9 +40,8 @@ type TcProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec TcProgramSpec `json:"spec"` - // +optional - Status TcProgramStatus `json:"status,omitempty"` + Spec TcProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // +kubebuilder:validation:Enum=unspec;ok;reclassify;shot;pipe;stolen;queued;repeat;redirect;trap;dispatcher_return @@ -57,7 +56,13 @@ type TcProgramSpec struct { // TcProgramInfo defines the tc program details type TcProgramInfo struct { BpfProgramCommon `json:",inline"` + // The list of points to which the program should be attached. The list is + // optional and may be udated after the bpf program has been loaded + // +optional + AttachPoints []TcAttachInfo `json:"attach_points"` +} +type TcAttachInfo struct { // Selector to determine the network interface (or interfaces) InterfaceSelector InterfaceSelector `json:"interfaceselector"` @@ -87,11 +92,6 @@ type TcProgramInfo struct { ProceedOn []TcProceedOnValue `json:"proceedon"` } -// TcProgramStatus defines the observed state of TcProgram -type TcProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` -} - // +kubebuilder:object:root=true // TcProgramList contains a list of TcPrograms type TcProgramList struct { diff --git a/apis/v1alpha1/tcxProgram_types.go b/apis/v1alpha1/tcxProgram_types.go index 6036ca8a4..20c04a5f5 100644 --- a/apis/v1alpha1/tcxProgram_types.go +++ b/apis/v1alpha1/tcxProgram_types.go @@ -40,9 +40,8 @@ type TcxProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec TcxProgramSpec `json:"spec"` - // +optional - Status TcxProgramStatus `json:"status,omitempty"` + Spec TcxProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // TcxProgramSpec defines the desired state of TcxProgram @@ -54,7 +53,13 @@ type TcxProgramSpec struct { // TcxProgramInfo defines the tc program details type TcxProgramInfo struct { BpfProgramCommon `json:",inline"` + // The list of points to which the program should be attached. The list is + // optional and may be udated after the bpf program has been loaded + // +optional + AttachPoints []TcxAttachInfo `json:"attach_points"` +} +type TcxAttachInfo struct { // Selector to determine the network interface (or interfaces) InterfaceSelector InterfaceSelector `json:"interfaceselector"` @@ -77,11 +82,6 @@ type TcxProgramInfo struct { Priority int32 `json:"priority"` } -// TcxProgramStatus defines the observed state of TcProgram -type TcxProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` -} - // +kubebuilder:object:root=true // TcxProgramList contains a list of TcxPrograms type TcxProgramList struct { diff --git a/apis/v1alpha1/tracepointProgram_types.go b/apis/v1alpha1/tracepointProgram_types.go index e692192a8..48ddc1e47 100644 --- a/apis/v1alpha1/tracepointProgram_types.go +++ b/apis/v1alpha1/tracepointProgram_types.go @@ -37,9 +37,8 @@ type TracepointProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec TracepointProgramSpec `json:"spec"` - // +optional - Status TracepointProgramStatus `json:"status,omitempty"` + Spec TracepointProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // TracepointProgramSpec defines the desired state of TracepointProgram @@ -52,15 +51,16 @@ type TracepointProgramSpec struct { // TracepointProgramInfo defines the Tracepoint program details type TracepointProgramInfo struct { BpfProgramCommon `json:",inline"` - - // Names refers to the names of kernel tracepoints to attach the - // bpf program to. - Names []string `json:"names"` + // The list of points to which the program should be attached. The list is + // optional and may be udated after the bpf program has been loaded + // +optional + AttachPoints []TracepointAttachInfo `json:"attach_points"` } -// TracepointProgramStatus defines the observed state of TracepointProgram -type TracepointProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` +type TracepointAttachInfo struct { + // Name refers to the name of a kernel tracepoint to attach the + // bpf program to. + Name string `json:"name"` } // +kubebuilder:object:root=true diff --git a/apis/v1alpha1/uprobeProgram_types.go b/apis/v1alpha1/uprobeProgram_types.go index b98500aad..f3cbc16a2 100644 --- a/apis/v1alpha1/uprobeProgram_types.go +++ b/apis/v1alpha1/uprobeProgram_types.go @@ -41,9 +41,8 @@ type UprobeProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec UprobeProgramSpec `json:"spec"` - // +optional - Status UprobeProgramStatus `json:"status,omitempty"` + Spec UprobeProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // UprobeProgramSpec defines the desired state of UprobeProgram @@ -60,7 +59,13 @@ type UprobeProgramSpec struct { // UprobeProgramInfo contains the information about the uprobe program type UprobeProgramInfo struct { BpfProgramCommon `json:",inline"` + // The list of points to which the program should be attached. The list is + // optional and may be udated after the bpf program has been loaded + // +optional + AttachPoints []UprobeAttachInfo `json:"attach_points"` +} +type UprobeAttachInfo struct { // Function to attach the uprobe to. // +optional FunctionName string `json:"func_name"` @@ -93,11 +98,6 @@ type UprobeProgramInfo struct { Containers *ContainerSelector `json:"containers"` } -// UprobeProgramStatus defines the observed state of UprobeProgram -type UprobeProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` -} - // +kubebuilder:object:root=true // UprobeProgramList contains a list of UprobePrograms type UprobeProgramList struct { diff --git a/apis/v1alpha1/xdpProgram_types.go b/apis/v1alpha1/xdpProgram_types.go index 83f023989..91645ea6a 100644 --- a/apis/v1alpha1/xdpProgram_types.go +++ b/apis/v1alpha1/xdpProgram_types.go @@ -39,9 +39,8 @@ type XdpProgram struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - Spec XdpProgramSpec `json:"spec"` - // +optional - Status XdpProgramStatus `json:"status,omitempty"` + Spec XdpProgramSpec `json:"spec"` + Status BpfAppStatus `json:"status,omitempty"` } // +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return @@ -56,6 +55,13 @@ type XdpProgramSpec struct { // XdpProgramInfo defines the common fields for all XdpProgram types type XdpProgramInfo struct { BpfProgramCommon `json:",inline"` + // The list of points to which the program should be attached. The list is + // optional and may be udated after the bpf program has been loaded + // +optional + AttachPoints []XdpAttachInfo `json:"attach_points"` +} + +type XdpAttachInfo struct { // Selector to determine the network interface (or interfaces) InterfaceSelector InterfaceSelector `json:"interfaceselector"` @@ -83,7 +89,7 @@ type XdpProgramInfo struct { // XdpProgramStatus defines the observed state of XdpProgram type XdpProgramStatus struct { - BpfProgramStatusCommon `json:",inline"` + BpfAppStatus `json:",inline"` } // +kubebuilder:object:root=true diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index 3954623d5..7d4a6f6a2 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -58,6 +58,28 @@ func (in *BpfAppCommon) DeepCopy() *BpfAppCommon { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BpfAppStatus) DeepCopyInto(out *BpfAppStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfAppStatus. +func (in *BpfAppStatus) DeepCopy() *BpfAppStatus { + if in == nil { + return nil + } + out := new(BpfAppStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BpfApplication) DeepCopyInto(out *BpfApplication) { *out = *in @@ -208,7 +230,7 @@ func (in *BpfApplicationSpec) DeepCopy() *BpfApplicationSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BpfApplicationStatus) DeepCopyInto(out *BpfApplicationStatus) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) + in.BpfAppStatus.DeepCopyInto(&out.BpfAppStatus) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfApplicationStatus. @@ -333,28 +355,6 @@ func (in *BpfProgramStatus) DeepCopy() *BpfProgramStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *BpfProgramStatusCommon) DeepCopyInto(out *BpfProgramStatusCommon) { - *out = *in - if in.Conditions != nil { - in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfProgramStatusCommon. -func (in *BpfProgramStatusCommon) DeepCopy() *BpfProgramStatusCommon { - if in == nil { - return nil - } - out := new(BpfProgramStatusCommon) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BytecodeImage) DeepCopyInto(out *BytecodeImage) { *out = *in @@ -425,6 +425,21 @@ func (in *ContainerSelector) DeepCopy() *ContainerSelector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FentryLoadInfo) DeepCopyInto(out *FentryLoadInfo) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FentryLoadInfo. +func (in *FentryLoadInfo) DeepCopy() *FentryLoadInfo { + if in == nil { + return nil + } + out := new(FentryLoadInfo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FentryProgram) DeepCopyInto(out *FentryProgram) { *out = *in @@ -456,6 +471,7 @@ func (in *FentryProgram) DeepCopyObject() runtime.Object { func (in *FentryProgramInfo) DeepCopyInto(out *FentryProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) + out.FentryLoadInfo = in.FentryLoadInfo } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FentryProgramInfo. @@ -518,17 +534,16 @@ func (in *FentryProgramSpec) DeepCopy() *FentryProgramSpec { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FentryProgramStatus) DeepCopyInto(out *FentryProgramStatus) { +func (in *FexitLoadInfo) DeepCopyInto(out *FexitLoadInfo) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FentryProgramStatus. -func (in *FentryProgramStatus) DeepCopy() *FentryProgramStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FexitLoadInfo. +func (in *FexitLoadInfo) DeepCopy() *FexitLoadInfo { if in == nil { return nil } - out := new(FentryProgramStatus) + out := new(FexitLoadInfo) in.DeepCopyInto(out) return out } @@ -564,6 +579,7 @@ func (in *FexitProgram) DeepCopyObject() runtime.Object { func (in *FexitProgramInfo) DeepCopyInto(out *FexitProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) + out.FexitLoadInfo = in.FexitLoadInfo } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FexitProgramInfo. @@ -625,22 +641,6 @@ func (in *FexitProgramSpec) DeepCopy() *FexitProgramSpec { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FexitProgramStatus) DeepCopyInto(out *FexitProgramStatus) { - *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FexitProgramStatus. -func (in *FexitProgramStatus) DeepCopy() *FexitProgramStatus { - if in == nil { - return nil - } - out := new(FexitProgramStatus) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImagePullSecretSelector) DeepCopyInto(out *ImagePullSecretSelector) { *out = *in @@ -685,6 +685,21 @@ func (in *InterfaceSelector) DeepCopy() *InterfaceSelector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KprobeAttachInfo) DeepCopyInto(out *KprobeAttachInfo) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KprobeAttachInfo. +func (in *KprobeAttachInfo) DeepCopy() *KprobeAttachInfo { + if in == nil { + return nil + } + out := new(KprobeAttachInfo) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KprobeProgram) DeepCopyInto(out *KprobeProgram) { *out = *in @@ -716,6 +731,11 @@ func (in *KprobeProgram) DeepCopyObject() runtime.Object { func (in *KprobeProgramInfo) DeepCopyInto(out *KprobeProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) + if in.AttachPoints != nil { + in, out := &in.AttachPoints, &out.AttachPoints + *out = make([]KprobeAttachInfo, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KprobeProgramInfo. @@ -778,17 +798,27 @@ func (in *KprobeProgramSpec) DeepCopy() *KprobeProgramSpec { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KprobeProgramStatus) DeepCopyInto(out *KprobeProgramStatus) { +func (in *TcAttachInfo) DeepCopyInto(out *TcAttachInfo) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + if in.Containers != nil { + in, out := &in.Containers, &out.Containers + *out = new(ContainerSelector) + (*in).DeepCopyInto(*out) + } + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]TcProceedOnValue, len(*in)) + copy(*out, *in) + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KprobeProgramStatus. -func (in *KprobeProgramStatus) DeepCopy() *KprobeProgramStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcAttachInfo. +func (in *TcAttachInfo) DeepCopy() *TcAttachInfo { if in == nil { return nil } - out := new(KprobeProgramStatus) + out := new(TcAttachInfo) in.DeepCopyInto(out) return out } @@ -824,16 +854,12 @@ func (in *TcProgram) DeepCopyObject() runtime.Object { func (in *TcProgramInfo) DeepCopyInto(out *TcProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) - in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) - if in.Containers != nil { - in, out := &in.Containers, &out.Containers - *out = new(ContainerSelector) - (*in).DeepCopyInto(*out) - } - if in.ProceedOn != nil { - in, out := &in.ProceedOn, &out.ProceedOn - *out = make([]TcProceedOnValue, len(*in)) - copy(*out, *in) + if in.AttachPoints != nil { + in, out := &in.AttachPoints, &out.AttachPoints + *out = make([]TcAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } @@ -897,17 +923,22 @@ func (in *TcProgramSpec) DeepCopy() *TcProgramSpec { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TcProgramStatus) DeepCopyInto(out *TcProgramStatus) { +func (in *TcxAttachInfo) DeepCopyInto(out *TcxAttachInfo) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + if in.Containers != nil { + in, out := &in.Containers, &out.Containers + *out = new(ContainerSelector) + (*in).DeepCopyInto(*out) + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcProgramStatus. -func (in *TcProgramStatus) DeepCopy() *TcProgramStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxAttachInfo. +func (in *TcxAttachInfo) DeepCopy() *TcxAttachInfo { if in == nil { return nil } - out := new(TcProgramStatus) + out := new(TcxAttachInfo) in.DeepCopyInto(out) return out } @@ -943,11 +974,12 @@ func (in *TcxProgram) DeepCopyObject() runtime.Object { func (in *TcxProgramInfo) DeepCopyInto(out *TcxProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) - in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) - if in.Containers != nil { - in, out := &in.Containers, &out.Containers - *out = new(ContainerSelector) - (*in).DeepCopyInto(*out) + if in.AttachPoints != nil { + in, out := &in.AttachPoints, &out.AttachPoints + *out = make([]TcxAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } @@ -1011,17 +1043,16 @@ func (in *TcxProgramSpec) DeepCopy() *TcxProgramSpec { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TcxProgramStatus) DeepCopyInto(out *TcxProgramStatus) { +func (in *TracepointAttachInfo) DeepCopyInto(out *TracepointAttachInfo) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TcxProgramStatus. -func (in *TcxProgramStatus) DeepCopy() *TcxProgramStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracepointAttachInfo. +func (in *TracepointAttachInfo) DeepCopy() *TracepointAttachInfo { if in == nil { return nil } - out := new(TcxProgramStatus) + out := new(TracepointAttachInfo) in.DeepCopyInto(out) return out } @@ -1057,9 +1088,9 @@ func (in *TracepointProgram) DeepCopyObject() runtime.Object { func (in *TracepointProgramInfo) DeepCopyInto(out *TracepointProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) - if in.Names != nil { - in, out := &in.Names, &out.Names - *out = make([]string, len(*in)) + if in.AttachPoints != nil { + in, out := &in.AttachPoints, &out.AttachPoints + *out = make([]TracepointAttachInfo, len(*in)) copy(*out, *in) } } @@ -1124,17 +1155,21 @@ func (in *TracepointProgramSpec) DeepCopy() *TracepointProgramSpec { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TracepointProgramStatus) DeepCopyInto(out *TracepointProgramStatus) { +func (in *UprobeAttachInfo) DeepCopyInto(out *UprobeAttachInfo) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) + if in.Containers != nil { + in, out := &in.Containers, &out.Containers + *out = new(ContainerSelector) + (*in).DeepCopyInto(*out) + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TracepointProgramStatus. -func (in *TracepointProgramStatus) DeepCopy() *TracepointProgramStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UprobeAttachInfo. +func (in *UprobeAttachInfo) DeepCopy() *UprobeAttachInfo { if in == nil { return nil } - out := new(TracepointProgramStatus) + out := new(UprobeAttachInfo) in.DeepCopyInto(out) return out } @@ -1170,10 +1205,12 @@ func (in *UprobeProgram) DeepCopyObject() runtime.Object { func (in *UprobeProgramInfo) DeepCopyInto(out *UprobeProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) - if in.Containers != nil { - in, out := &in.Containers, &out.Containers - *out = new(ContainerSelector) - (*in).DeepCopyInto(*out) + if in.AttachPoints != nil { + in, out := &in.AttachPoints, &out.AttachPoints + *out = make([]UprobeAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } @@ -1237,17 +1274,27 @@ func (in *UprobeProgramSpec) DeepCopy() *UprobeProgramSpec { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *UprobeProgramStatus) DeepCopyInto(out *UprobeProgramStatus) { +func (in *XdpAttachInfo) DeepCopyInto(out *XdpAttachInfo) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) + in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) + if in.Containers != nil { + in, out := &in.Containers, &out.Containers + *out = new(ContainerSelector) + (*in).DeepCopyInto(*out) + } + if in.ProceedOn != nil { + in, out := &in.ProceedOn, &out.ProceedOn + *out = make([]XdpProceedOnValue, len(*in)) + copy(*out, *in) + } } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UprobeProgramStatus. -func (in *UprobeProgramStatus) DeepCopy() *UprobeProgramStatus { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XdpAttachInfo. +func (in *XdpAttachInfo) DeepCopy() *XdpAttachInfo { if in == nil { return nil } - out := new(UprobeProgramStatus) + out := new(XdpAttachInfo) in.DeepCopyInto(out) return out } @@ -1283,16 +1330,12 @@ func (in *XdpProgram) DeepCopyObject() runtime.Object { func (in *XdpProgramInfo) DeepCopyInto(out *XdpProgramInfo) { *out = *in in.BpfProgramCommon.DeepCopyInto(&out.BpfProgramCommon) - in.InterfaceSelector.DeepCopyInto(&out.InterfaceSelector) - if in.Containers != nil { - in, out := &in.Containers, &out.Containers - *out = new(ContainerSelector) - (*in).DeepCopyInto(*out) - } - if in.ProceedOn != nil { - in, out := &in.ProceedOn, &out.ProceedOn - *out = make([]XdpProceedOnValue, len(*in)) - copy(*out, *in) + if in.AttachPoints != nil { + in, out := &in.AttachPoints, &out.AttachPoints + *out = make([]XdpAttachInfo, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } } @@ -1358,7 +1401,7 @@ func (in *XdpProgramSpec) DeepCopy() *XdpProgramSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *XdpProgramStatus) DeepCopyInto(out *XdpProgramStatus) { *out = *in - in.BpfProgramStatusCommon.DeepCopyInto(&out.BpfProgramStatusCommon) + in.BpfAppStatus.DeepCopyInto(&out.BpfAppStatus) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XdpProgramStatus. diff --git a/bundle/manifests/bpfman-operator.clusterserviceversion.yaml b/bundle/manifests/bpfman-operator.clusterserviceversion.yaml index 5e79d542d..e66c872e8 100644 --- a/bundle/manifests/bpfman-operator.clusterserviceversion.yaml +++ b/bundle/manifests/bpfman-operator.clusterserviceversion.yaml @@ -23,73 +23,95 @@ metadata: "programs": [ { "kprobe": { - "bpffunctionname": "kprobe_counter", - "func_name": "try_to_wake_up", - "offset": 0, - "retprobe": false + "attach_points": [ + { + "func_name": "try_to_wake_up", + "offset": 0, + "retprobe": false + } + ], + "bpffunctionname": "kprobe_counter" }, "type": "Kprobe" }, { "tracepoint": { - "bpffunctionname": "tracepoint_kill_recorder", - "names": [ - "syscalls/sys_enter_kill" - ] + "attach_points": [ + { + "name": "syscalls/sys_enter_kill" + } + ], + "bpffunctionname": "tracepoint_kill_recorder" }, "type": "Tracepoint" }, { "tc": { - "bpffunctionname": "stats", - "direction": "ingress", - "interfaceselector": { - "primarynodeinterface": true - }, - "priority": 55 + "attach_points": [ + { + "direction": "ingress", + "interfaceselector": { + "primarynodeinterface": true + }, + "priority": 55 + } + ], + "bpffunctionname": "stats" }, "type": "TC" }, { "tcx": { - "bpffunctionname": "tcx_stats", - "direction": "ingress", - "interfaceselector": { - "primarynodeinterface": true - }, - "priority": 500 + "attach_points": [ + { + "direction": "ingress", + "interfaceselector": { + "primarynodeinterface": true + }, + "priority": 500 + } + ], + "bpffunctionname": "tcx_stats" }, "type": "TCX" }, { "type": "Uprobe", "uprobe": { - "bpffunctionname": "uprobe_counter", - "containers": { - "containernames": [ - "bpfman", - "bpfman-agent" - ], - "namespace": "bpfman", - "pods": { - "matchLabels": { - "name": "bpfman-daemon" - } + "attach_points": [ + { + "containers": { + "containernames": [ + "bpfman", + "bpfman-agent" + ], + "namespace": "bpfman", + "pods": { + "matchLabels": { + "name": "bpfman-daemon" + } + } + }, + "func_name": "malloc", + "retprobe": false, + "target": "libc" } - }, - "func_name": "malloc", - "retprobe": false, - "target": "libc" + ], + "bpffunctionname": "uprobe_counter" } }, { "type": "XDP", "xdp": { - "bpffunctionname": "xdp_stats", - "interfaceselector": { - "primarynodeinterface": true - }, - "priority": 55 + "attach_points": [ + { + "interfaceselector": { + "primarynodeinterface": true + }, + "priority": 55 + } + ], + "bpffunctionname": "xdp_stats" } } ] @@ -307,7 +329,7 @@ metadata: capabilities: Basic Install categories: OpenShift Optional containerImage: quay.io/bpfman/bpfman-operator:latest - createdAt: "2024-12-06T14:27:05Z" + createdAt: "2024-12-10T22:10:31Z" features.operators.openshift.io/cnf: "false" features.operators.openshift.io/cni: "false" features.operators.openshift.io/csi: "true" diff --git a/bundle/manifests/bpfman.io_bpfapplications.yaml b/bundle/manifests/bpfman.io_bpfapplications.yaml index cd8cc45cd..8c8c62dae 100644 --- a/bundle/manifests/bpfman.io_bpfapplications.yaml +++ b/bundle/manifests/bpfman.io_bpfapplications.yaml @@ -166,13 +166,20 @@ spec: description: fentry defines the desired state of the application's FentryPrograms. properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Function to attach the fentry to. + function_name: + description: FunctionName is the name of the function to + attach the Fentry program to. type: string mapownerselector: description: |- @@ -226,19 +233,26 @@ spec: x-kubernetes-map-type: atomic required: - bpffunctionname - - func_name + - function_name type: object fexit: description: fexit defines the desired state of the application's FexitPrograms. properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Function to attach the fexit to. + function_name: + description: FunctionName is the name of the function to + attach the Fexit program to. type: string mapownerselector: description: |- @@ -292,20 +306,45 @@ spec: x-kubernetes-map-type: atomic required: - bpffunctionname - - func_name + - function_name type: object kprobe: description: kprobe defines the desired state of the application's KprobePrograms. properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + func_name: + description: Functions to attach the kprobe to. + type: string + offset: + default: 0 + description: |- + Offset added to the address of the function for kprobe. + Not allowed for kretprobes. + format: int64 + type: integer + retprobe: + default: false + description: Whether the program is a kretprobe. Default + is false + type: boolean + required: + - func_name + type: object + x-kubernetes-validations: + - message: offset cannot be set for kretprobes + rule: self.retprobe == false || self.offset == 0 + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Functions to attach the kprobe to. - type: string mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -356,34 +395,46 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: |- - Offset added to the address of the function for kprobe. - Not allowed for kretprobes. - format: int64 - type: integer - retprobe: - default: false - description: Whether the program is a kretprobe. Default - is false - type: boolean required: - bpffunctionname - - func_name type: object kretprobe: description: kretprobe defines the desired state of the application's KretprobePrograms. properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + func_name: + description: Functions to attach the kprobe to. + type: string + offset: + default: 0 + description: |- + Offset added to the address of the function for kprobe. + Not allowed for kretprobes. + format: int64 + type: integer + retprobe: + default: false + description: Whether the program is a kretprobe. Default + is false + type: boolean + required: + - func_name + type: object + x-kubernetes-validations: + - message: offset cannot be set for kretprobes + rule: self.retprobe == false || self.offset == 0 + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Functions to attach the kprobe to. - type: string mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -434,125 +485,157 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: |- - Offset added to the address of the function for kprobe. - Not allowed for kretprobes. - format: int64 - type: integer - retprobe: - default: false - description: Whether the program is a kretprobe. Default - is false - type: boolean required: - bpffunctionname - - func_name type: object tc: description: tc defines the desired state of the application's TcPrograms. properties: - bpffunctionname: + attach_points: description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tc program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface + (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary + interface on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pipe + - dispatcher_return + description: |- + ProceedOn allows the user to call other tc programs in chain on this exit code. + Multiple values are supported by repeating the parameter. + items: + enum: + - unspec + - ok + - reclassify + - shot + - pipe + - stolen + - queued + - repeat + - redirect + - trap + - dispatcher_return + type: string + maxItems: 11 + type: array + required: + - direction + - interfaceselector + - priority + type: object + type: array + bpffunctionname: description: |- - Direction specifies the direction of traffic the tc program should - attach to for a given network device. - enum: - - ingress - - egress + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string - interfaceselector: - description: Selector to determine the network interface - (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface - on the node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -603,147 +686,134 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pipe - - dispatcher_return - description: |- - ProceedOn allows the user to call other tc programs in chain on this exit code. - Multiple values are supported by repeating the parameter. - items: - enum: - - unspec - - ok - - reclassify - - shot - - pipe - - stolen - - queued - - repeat - - redirect - - trap - - dispatcher_return - type: string - maxItems: 11 - type: array required: - bpffunctionname - - direction - - interfaceselector - - priority type: object tcx: description: tcx defines the desired state of the application's TcxPrograms. properties: - bpffunctionname: - description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: + attach_points: description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tcx program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface + (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary + interface on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + required: + - direction + - interfaceselector + - priority + type: object + type: array + bpffunctionname: description: |- - Direction specifies the direction of traffic the tcx program should - attach to for a given network device. - enum: - - ingress - - egress + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string - interfaceselector: - description: Selector to determine the network interface - (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface - on the node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -794,25 +864,28 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer required: - bpffunctionname - - direction - - interfaceselector - - priority type: object tracepoint: description: tracepoint defines the desired state of the application's TracepointPrograms. properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + name: + description: |- + Name refers to the name of a kernel tracepoint to attach the + bpf program to. + type: string + required: + - name + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -868,16 +941,8 @@ spec: type: object type: object x-kubernetes-map-type: atomic - names: - description: |- - Names refers to the names of kernel tracepoints to attach the - bpf program to. - items: - type: string - type: array required: - bpffunctionname - - names type: object type: description: Type specifies the bpf program type @@ -897,84 +962,116 @@ spec: description: uprobe defines the desired state of the application's UprobePrograms. properties: - bpffunctionname: + attach_points: description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: - description: |- - Containers identifes the set of containers in which to attach the uprobe. - If Containers is not specified, the uprobe will be attached in the - bpfman-agent container. The ContainerSelector is very flexible and even - allows the selection of all containers in a cluster. If an attempt is - made to attach uprobes to too many containers, it can have a negative - impact on on the cluster. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the uprobe. + If Containers is not specified, the uprobe will be attached in the + bpfman-agent container. The ContainerSelector is very flexible and even + allows the selection of all containers in a cluster. If an attempt is + made to attach uprobes to too many containers, it can have a negative + impact on on the cluster. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - func_name: - description: Function to attach the uprobe to. + x-kubernetes-map-type: atomic + required: + - pods + type: object + func_name: + description: Function to attach the uprobe to. + type: string + offset: + default: 0 + description: Offset added to the address of the function + for uprobe. + format: int64 + type: integer + pid: + description: |- + Only execute uprobe for given process identification number (PID). If PID + is not provided, uprobe executes for all PIDs. + format: int32 + type: integer + retprobe: + default: false + description: Whether the program is a uretprobe. Default + is false + type: boolean + target: + description: Library name or the absolute path to + a binary or library. + type: string + required: + - target + type: object + type: array + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string mapownerselector: description: |- @@ -1026,113 +1123,123 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: Offset added to the address of the function - for uprobe. - format: int64 - type: integer - pid: - description: |- - Only execute uprobe for given process identification number (PID). If PID - is not provided, uprobe executes for all PIDs. - format: int32 - type: integer - retprobe: - default: false - description: Whether the program is a uretprobe. Default - is false - type: boolean - target: - description: Library name or the absolute path to a binary - or library. - type: string required: - bpffunctionname - - target type: object uretprobe: description: uretprobe defines the desired state of the application's UretprobePrograms. properties: - bpffunctionname: + attach_points: description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: - description: |- - Containers identifes the set of containers in which to attach the uprobe. - If Containers is not specified, the uprobe will be attached in the - bpfman-agent container. The ContainerSelector is very flexible and even - allows the selection of all containers in a cluster. If an attempt is - made to attach uprobes to too many containers, it can have a negative - impact on on the cluster. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the uprobe. + If Containers is not specified, the uprobe will be attached in the + bpfman-agent container. The ContainerSelector is very flexible and even + allows the selection of all containers in a cluster. If an attempt is + made to attach uprobes to too many containers, it can have a negative + impact on on the cluster. + properties: + containernames: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - func_name: - description: Function to attach the uprobe to. + x-kubernetes-map-type: atomic + required: + - pods + type: object + func_name: + description: Function to attach the uprobe to. + type: string + offset: + default: 0 + description: Offset added to the address of the function + for uprobe. + format: int64 + type: integer + pid: + description: |- + Only execute uprobe for given process identification number (PID). If PID + is not provided, uprobe executes for all PIDs. + format: int32 + type: integer + retprobe: + default: false + description: Whether the program is a uretprobe. Default + is false + type: boolean + target: + description: Library name or the absolute path to + a binary or library. + type: string + required: + - target + type: object + type: array + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string mapownerselector: description: |- @@ -1184,126 +1291,140 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: Offset added to the address of the function - for uprobe. - format: int64 - type: integer - pid: - description: |- - Only execute uprobe for given process identification number (PID). If PID - is not provided, uprobe executes for all PIDs. - format: int32 - type: integer - retprobe: - default: false - description: Whether the program is a uretprobe. Default - is false - type: boolean - target: - description: Library name or the absolute path to a binary - or library. - type: string required: - bpffunctionname - - target type: object xdp: description: xdp defines the desired state of the application's XdpPrograms. properties: - bpffunctionname: - description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: + attach_points: description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - interfaceselector: - description: Selector to determine the network interface - (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface - on the node. Only 'true' accepted. - type: boolean - type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + interfaceselector: + description: Selector to determine the network interface + (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary + interface on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the bpf program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pass + - dispatcher_return + items: + enum: + - aborted + - drop + - pass + - tx + - redirect + - dispatcher_return + type: string + maxItems: 6 + type: array + required: + - interfaceselector + - priority + type: object + type: array + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program + type: string mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -1354,34 +1475,8 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the bpf program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pass - - dispatcher_return - items: - enum: - - aborted - - drop - - pass - - tx - - redirect - - dispatcher_return - type: string - maxItems: 6 - type: array required: - bpffunctionname - - interfaceselector - - priority type: object type: object x-kubernetes-validations: @@ -1432,7 +1527,7 @@ spec: - nodeselector type: object status: - description: BpfApplicationStatus defines the observed state of BpfApplication + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_fentryprograms.yaml b/bundle/manifests/bpfman.io_fentryprograms.yaml index 76cefd41c..23d9c3fb8 100644 --- a/bundle/manifests/bpfman.io_fentryprograms.yaml +++ b/bundle/manifests/bpfman.io_fentryprograms.yaml @@ -53,6 +53,12 @@ spec: spec: description: FentryProgramSpec defines the desired state of FentryProgram properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -103,8 +109,9 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - func_name: - description: Function to attach the fentry to. + function_name: + description: FunctionName is the name of the function to attach the + Fentry program to. type: string globaldata: additionalProperties: @@ -218,11 +225,11 @@ spec: required: - bpffunctionname - bytecode - - func_name + - function_name - nodeselector type: object status: - description: FentryProgramStatus defines the observed state of FentryProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_fexitprograms.yaml b/bundle/manifests/bpfman.io_fexitprograms.yaml index 78225dcfb..7fbe95491 100644 --- a/bundle/manifests/bpfman.io_fexitprograms.yaml +++ b/bundle/manifests/bpfman.io_fexitprograms.yaml @@ -53,6 +53,12 @@ spec: spec: description: FexitProgramSpec defines the desired state of FexitProgram properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -103,8 +109,9 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - func_name: - description: Function to attach the fexit to. + function_name: + description: FunctionName is the name of the function to attach the + Fexit program to. type: string globaldata: additionalProperties: @@ -218,11 +225,11 @@ spec: required: - bpffunctionname - bytecode - - func_name + - function_name - nodeselector type: object status: - description: FexitProgramStatus defines the observed state of FexitProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_kprobeprograms.yaml b/bundle/manifests/bpfman.io_kprobeprograms.yaml index e40bed810..c4ed488ee 100644 --- a/bundle/manifests/bpfman.io_kprobeprograms.yaml +++ b/bundle/manifests/bpfman.io_kprobeprograms.yaml @@ -61,6 +61,34 @@ spec: spec: description: KprobeProgramSpec defines the desired state of KprobeProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + func_name: + description: Functions to attach the kprobe to. + type: string + offset: + default: 0 + description: |- + Offset added to the address of the function for kprobe. + Not allowed for kretprobes. + format: int64 + type: integer + retprobe: + default: false + description: Whether the program is a kretprobe. Default is + false + type: boolean + required: + - func_name + type: object + x-kubernetes-validations: + - message: offset cannot be set for kretprobes + rule: self.retprobe == false || self.offset == 0 + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -111,9 +139,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - func_name: - description: Functions to attach the kprobe to. - type: string globaldata: additionalProperties: format: byte @@ -223,28 +248,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: |- - Offset added to the address of the function for kprobe. - Not allowed for kretprobes. - format: int64 - type: integer - retprobe: - default: false - description: Whether the program is a kretprobe. Default is false - type: boolean required: - bpffunctionname - bytecode - - func_name - nodeselector type: object - x-kubernetes-validations: - - message: offset cannot be set for kretprobes - rule: self.retprobe == false || self.offset == 0 status: - description: KprobeProgramStatus defines the observed state of KprobeProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_tcprograms.yaml b/bundle/manifests/bpfman.io_tcprograms.yaml index db4073a6c..c27755a07 100644 --- a/bundle/manifests/bpfman.io_tcprograms.yaml +++ b/bundle/manifests/bpfman.io_tcprograms.yaml @@ -65,6 +65,144 @@ spec: spec: description: TcProgramSpec defines the desired state of TcProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tc program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface (or + interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface + on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pipe + - dispatcher_return + description: |- + ProceedOn allows the user to call other tc programs in chain on this exit code. + Multiple values are supported by repeating the parameter. + items: + enum: + - unspec + - ok + - reclassify + - shot + - pipe + - stolen + - queued + - repeat + - redirect + - trap + - dispatcher_return + type: string + maxItems: 11 + type: array + required: + - direction + - interfaceselector + - priority + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -115,82 +253,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: - description: |- - Direction specifies the direction of traffic the tc program should - attach to for a given network device. - enum: - - ingress - - egress - type: string globaldata: additionalProperties: format: byte @@ -201,23 +263,6 @@ spec: is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures. type: object - interfaceselector: - description: Selector to determine the network interface (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface on the - node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -317,48 +362,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pipe - - dispatcher_return - description: |- - ProceedOn allows the user to call other tc programs in chain on this exit code. - Multiple values are supported by repeating the parameter. - items: - enum: - - unspec - - ok - - reclassify - - shot - - pipe - - stolen - - queued - - repeat - - redirect - - trap - - dispatcher_return - type: string - maxItems: 11 - type: array required: - bpffunctionname - bytecode - - direction - - interfaceselector - nodeselector - - priority type: object status: - description: TcProgramStatus defines the observed state of TcProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_tcxprograms.yaml b/bundle/manifests/bpfman.io_tcxprograms.yaml index f176c2f80..559abce4b 100644 --- a/bundle/manifests/bpfman.io_tcxprograms.yaml +++ b/bundle/manifests/bpfman.io_tcxprograms.yaml @@ -65,6 +65,121 @@ spec: spec: description: TcxProgramSpec defines the desired state of TcxProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tcx program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface (or + interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface + on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + required: + - direction + - interfaceselector + - priority + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -115,82 +230,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: - description: |- - Direction specifies the direction of traffic the tcx program should - attach to for a given network device. - enum: - - ingress - - egress - type: string globaldata: additionalProperties: format: byte @@ -201,23 +240,6 @@ spec: is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures. type: object - interfaceselector: - description: Selector to determine the network interface (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface on the - node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -317,25 +339,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer required: - bpffunctionname - bytecode - - direction - - interfaceselector - nodeselector - - priority type: object status: - description: TcxProgramStatus defines the observed state of TcProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_tracepointprograms.yaml b/bundle/manifests/bpfman.io_tracepointprograms.yaml index add6d12b6..d29d3b587 100644 --- a/bundle/manifests/bpfman.io_tracepointprograms.yaml +++ b/bundle/manifests/bpfman.io_tracepointprograms.yaml @@ -53,6 +53,21 @@ spec: spec: description: TracepointProgramSpec defines the desired state of TracepointProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + name: + description: |- + Name refers to the name of a kernel tracepoint to attach the + bpf program to. + type: string + required: + - name + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -163,13 +178,6 @@ spec: type: object type: object x-kubernetes-map-type: atomic - names: - description: |- - Names refers to the names of kernel tracepoints to attach the - bpf program to. - items: - type: string - type: array nodeselector: description: |- NodeSelector allows the user to specify which nodes to deploy the @@ -222,11 +230,10 @@ spec: required: - bpffunctionname - bytecode - - names - nodeselector type: object status: - description: TracepointProgramStatus defines the observed state of TracepointProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_uprobeprograms.yaml b/bundle/manifests/bpfman.io_uprobeprograms.yaml index 376ccbe27..78c4d1d96 100644 --- a/bundle/manifests/bpfman.io_uprobeprograms.yaml +++ b/bundle/manifests/bpfman.io_uprobeprograms.yaml @@ -69,6 +69,111 @@ spec: spec: description: UprobeProgramSpec defines the desired state of UprobeProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the uprobe. + If Containers is not specified, the uprobe will be attached in the + bpfman-agent container. The ContainerSelector is very flexible and even + allows the selection of all containers in a cluster. If an attempt is + made to attach uprobes to too many containers, it can have a negative + impact on on the cluster. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + func_name: + description: Function to attach the uprobe to. + type: string + offset: + default: 0 + description: Offset added to the address of the function for + uprobe. + format: int64 + type: integer + pid: + description: |- + Only execute uprobe for given process identification number (PID). If PID + is not provided, uprobe executes for all PIDs. + format: int32 + type: integer + retprobe: + default: false + description: Whether the program is a uretprobe. Default is + false + type: boolean + target: + description: Library name or the absolute path to a binary or + library. + type: string + required: + - target + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -119,80 +224,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the uprobe. - If Containers is not specified, the uprobe will be attached in the - bpfman-agent container. The ContainerSelector is very flexible and even - allows the selection of all containers in a cluster. If an attempt is - made to attach uprobes to too many containers, it can have a negative - impact on on the cluster. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - func_name: - description: Function to attach the uprobe to. - type: string globaldata: additionalProperties: format: byte @@ -302,32 +333,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: Offset added to the address of the function for uprobe. - format: int64 - type: integer - pid: - description: |- - Only execute uprobe for given process identification number (PID). If PID - is not provided, uprobe executes for all PIDs. - format: int32 - type: integer - retprobe: - default: false - description: Whether the program is a uretprobe. Default is false - type: boolean - target: - description: Library name or the absolute path to a binary or library. - type: string required: - bpffunctionname - bytecode - nodeselector - - target type: object status: - description: UprobeProgramStatus defines the observed state of UprobeProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/bundle/manifests/bpfman.io_xdpprograms.yaml b/bundle/manifests/bpfman.io_xdpprograms.yaml index 31791544f..35f453647 100644 --- a/bundle/manifests/bpfman.io_xdpprograms.yaml +++ b/bundle/manifests/bpfman.io_xdpprograms.yaml @@ -61,6 +61,127 @@ spec: spec: description: XdpProgramSpec defines the desired state of XdpProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + interfaceselector: + description: Selector to determine the network interface (or + interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface + on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the bpf program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pass + - dispatcher_return + items: + enum: + - aborted + - drop + - pass + - tx + - redirect + - dispatcher_return + type: string + maxItems: 6 + type: array + required: + - interfaceselector + - priority + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -111,74 +232,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object globaldata: additionalProperties: format: byte @@ -189,23 +242,6 @@ spec: is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures. type: object - interfaceselector: - description: Selector to determine the network interface (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface on the - node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -305,39 +341,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the bpf program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pass - - dispatcher_return - items: - enum: - - aborted - - drop - - pass - - tx - - redirect - - dispatcher_return - type: string - maxItems: 6 - type: array required: - bpffunctionname - bytecode - - interfaceselector - nodeselector - - priority type: object status: - description: XdpProgramStatus defines the observed state of XdpProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_bpfapplications.yaml b/config/crd/bases/bpfman.io_bpfapplications.yaml index cc775ec1a..c9b7d34f4 100644 --- a/config/crd/bases/bpfman.io_bpfapplications.yaml +++ b/config/crd/bases/bpfman.io_bpfapplications.yaml @@ -166,13 +166,20 @@ spec: description: fentry defines the desired state of the application's FentryPrograms. properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Function to attach the fentry to. + function_name: + description: FunctionName is the name of the function to + attach the Fentry program to. type: string mapownerselector: description: |- @@ -226,19 +233,26 @@ spec: x-kubernetes-map-type: atomic required: - bpffunctionname - - func_name + - function_name type: object fexit: description: fexit defines the desired state of the application's FexitPrograms. properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Function to attach the fexit to. + function_name: + description: FunctionName is the name of the function to + attach the Fexit program to. type: string mapownerselector: description: |- @@ -292,20 +306,45 @@ spec: x-kubernetes-map-type: atomic required: - bpffunctionname - - func_name + - function_name type: object kprobe: description: kprobe defines the desired state of the application's KprobePrograms. properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + func_name: + description: Functions to attach the kprobe to. + type: string + offset: + default: 0 + description: |- + Offset added to the address of the function for kprobe. + Not allowed for kretprobes. + format: int64 + type: integer + retprobe: + default: false + description: Whether the program is a kretprobe. Default + is false + type: boolean + required: + - func_name + type: object + x-kubernetes-validations: + - message: offset cannot be set for kretprobes + rule: self.retprobe == false || self.offset == 0 + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Functions to attach the kprobe to. - type: string mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -356,34 +395,46 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: |- - Offset added to the address of the function for kprobe. - Not allowed for kretprobes. - format: int64 - type: integer - retprobe: - default: false - description: Whether the program is a kretprobe. Default - is false - type: boolean required: - bpffunctionname - - func_name type: object kretprobe: description: kretprobe defines the desired state of the application's KretprobePrograms. properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + func_name: + description: Functions to attach the kprobe to. + type: string + offset: + default: 0 + description: |- + Offset added to the address of the function for kprobe. + Not allowed for kretprobes. + format: int64 + type: integer + retprobe: + default: false + description: Whether the program is a kretprobe. Default + is false + type: boolean + required: + - func_name + type: object + x-kubernetes-validations: + - message: offset cannot be set for kretprobes + rule: self.retprobe == false || self.offset == 0 + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF program type: string - func_name: - description: Functions to attach the kprobe to. - type: string mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -434,125 +485,157 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: |- - Offset added to the address of the function for kprobe. - Not allowed for kretprobes. - format: int64 - type: integer - retprobe: - default: false - description: Whether the program is a kretprobe. Default - is false - type: boolean required: - bpffunctionname - - func_name type: object tc: description: tc defines the desired state of the application's TcPrograms. properties: - bpffunctionname: + attach_points: description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tc program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface + (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary + interface on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pipe + - dispatcher_return + description: |- + ProceedOn allows the user to call other tc programs in chain on this exit code. + Multiple values are supported by repeating the parameter. + items: + enum: + - unspec + - ok + - reclassify + - shot + - pipe + - stolen + - queued + - repeat + - redirect + - trap + - dispatcher_return + type: string + maxItems: 11 + type: array + required: + - direction + - interfaceselector + - priority + type: object + type: array + bpffunctionname: description: |- - Direction specifies the direction of traffic the tc program should - attach to for a given network device. - enum: - - ingress - - egress + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string - interfaceselector: - description: Selector to determine the network interface - (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface - on the node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -603,147 +686,134 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pipe - - dispatcher_return - description: |- - ProceedOn allows the user to call other tc programs in chain on this exit code. - Multiple values are supported by repeating the parameter. - items: - enum: - - unspec - - ok - - reclassify - - shot - - pipe - - stolen - - queued - - repeat - - redirect - - trap - - dispatcher_return - type: string - maxItems: 11 - type: array required: - bpffunctionname - - direction - - interfaceselector - - priority type: object tcx: description: tcx defines the desired state of the application's TcxPrograms. properties: - bpffunctionname: - description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: + attach_points: description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tcx program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface + (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary + interface on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + required: + - direction + - interfaceselector + - priority + type: object + type: array + bpffunctionname: description: |- - Direction specifies the direction of traffic the tcx program should - attach to for a given network device. - enum: - - ingress - - egress + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string - interfaceselector: - description: Selector to determine the network interface - (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface - on the node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -794,25 +864,28 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer required: - bpffunctionname - - direction - - interfaceselector - - priority type: object tracepoint: description: tracepoint defines the desired state of the application's TracepointPrograms. properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + name: + description: |- + Name refers to the name of a kernel tracepoint to attach the + bpf program to. + type: string + required: + - name + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -868,16 +941,8 @@ spec: type: object type: object x-kubernetes-map-type: atomic - names: - description: |- - Names refers to the names of kernel tracepoints to attach the - bpf program to. - items: - type: string - type: array required: - bpffunctionname - - names type: object type: description: Type specifies the bpf program type @@ -897,84 +962,116 @@ spec: description: uprobe defines the desired state of the application's UprobePrograms. properties: - bpffunctionname: + attach_points: description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: - description: |- - Containers identifes the set of containers in which to attach the uprobe. - If Containers is not specified, the uprobe will be attached in the - bpfman-agent container. The ContainerSelector is very flexible and even - allows the selection of all containers in a cluster. If an attempt is - made to attach uprobes to too many containers, it can have a negative - impact on on the cluster. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the uprobe. + If Containers is not specified, the uprobe will be attached in the + bpfman-agent container. The ContainerSelector is very flexible and even + allows the selection of all containers in a cluster. If an attempt is + made to attach uprobes to too many containers, it can have a negative + impact on on the cluster. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - func_name: - description: Function to attach the uprobe to. + x-kubernetes-map-type: atomic + required: + - pods + type: object + func_name: + description: Function to attach the uprobe to. + type: string + offset: + default: 0 + description: Offset added to the address of the function + for uprobe. + format: int64 + type: integer + pid: + description: |- + Only execute uprobe for given process identification number (PID). If PID + is not provided, uprobe executes for all PIDs. + format: int32 + type: integer + retprobe: + default: false + description: Whether the program is a uretprobe. Default + is false + type: boolean + target: + description: Library name or the absolute path to + a binary or library. + type: string + required: + - target + type: object + type: array + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string mapownerselector: description: |- @@ -1026,113 +1123,123 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: Offset added to the address of the function - for uprobe. - format: int64 - type: integer - pid: - description: |- - Only execute uprobe for given process identification number (PID). If PID - is not provided, uprobe executes for all PIDs. - format: int32 - type: integer - retprobe: - default: false - description: Whether the program is a uretprobe. Default - is false - type: boolean - target: - description: Library name or the absolute path to a binary - or library. - type: string required: - bpffunctionname - - target type: object uretprobe: description: uretprobe defines the desired state of the application's UretprobePrograms. properties: - bpffunctionname: + attach_points: description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: - description: |- - Containers identifes the set of containers in which to attach the uprobe. - If Containers is not specified, the uprobe will be attached in the - bpfman-agent container. The ContainerSelector is very flexible and even - allows the selection of all containers in a cluster. If an attempt is - made to attach uprobes to too many containers, it can have a negative - impact on on the cluster. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the uprobe. + If Containers is not specified, the uprobe will be attached in the + bpfman-agent container. The ContainerSelector is very flexible and even + allows the selection of all containers in a cluster. If an attempt is + made to attach uprobes to too many containers, it can have a negative + impact on on the cluster. + properties: + containernames: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - func_name: - description: Function to attach the uprobe to. + x-kubernetes-map-type: atomic + required: + - pods + type: object + func_name: + description: Function to attach the uprobe to. + type: string + offset: + default: 0 + description: Offset added to the address of the function + for uprobe. + format: int64 + type: integer + pid: + description: |- + Only execute uprobe for given process identification number (PID). If PID + is not provided, uprobe executes for all PIDs. + format: int32 + type: integer + retprobe: + default: false + description: Whether the program is a uretprobe. Default + is false + type: boolean + target: + description: Library name or the absolute path to + a binary or library. + type: string + required: + - target + type: object + type: array + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program type: string mapownerselector: description: |- @@ -1184,126 +1291,140 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: Offset added to the address of the function - for uprobe. - format: int64 - type: integer - pid: - description: |- - Only execute uprobe for given process identification number (PID). If PID - is not provided, uprobe executes for all PIDs. - format: int32 - type: integer - retprobe: - default: false - description: Whether the program is a uretprobe. Default - is false - type: boolean - target: - description: Library name or the absolute path to a binary - or library. - type: string required: - bpffunctionname - - target type: object xdp: description: xdp defines the desired state of the application's XdpPrograms. properties: - bpffunctionname: - description: |- - BpfFunctionName is the name of the function that is the entry point for the BPF - program - type: string - containers: + attach_points: description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: - type: string + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object type: array x-kubernetes-list-type: atomic - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - interfaceselector: - description: Selector to determine the network interface - (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface - on the node. Only 'true' accepted. - type: boolean - type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + interfaceselector: + description: Selector to determine the network interface + (or interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary + interface on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the bpf program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pass + - dispatcher_return + items: + enum: + - aborted + - drop + - pass + - tx + - redirect + - dispatcher_return + type: string + maxItems: 6 + type: array + required: + - interfaceselector + - priority + type: object + type: array + bpffunctionname: + description: |- + BpfFunctionName is the name of the function that is the entry point for the BPF + program + type: string mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -1354,34 +1475,8 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the bpf program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pass - - dispatcher_return - items: - enum: - - aborted - - drop - - pass - - tx - - redirect - - dispatcher_return - type: string - maxItems: 6 - type: array required: - bpffunctionname - - interfaceselector - - priority type: object type: object x-kubernetes-validations: @@ -1432,7 +1527,7 @@ spec: - nodeselector type: object status: - description: BpfApplicationStatus defines the observed state of BpfApplication + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_fentryprograms.yaml b/config/crd/bases/bpfman.io_fentryprograms.yaml index 129fecf6f..c36eec352 100644 --- a/config/crd/bases/bpfman.io_fentryprograms.yaml +++ b/config/crd/bases/bpfman.io_fentryprograms.yaml @@ -53,6 +53,12 @@ spec: spec: description: FentryProgramSpec defines the desired state of FentryProgram properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -103,8 +109,9 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - func_name: - description: Function to attach the fentry to. + function_name: + description: FunctionName is the name of the function to attach the + Fentry program to. type: string globaldata: additionalProperties: @@ -218,11 +225,11 @@ spec: required: - bpffunctionname - bytecode - - func_name + - function_name - nodeselector type: object status: - description: FentryProgramStatus defines the observed state of FentryProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_fexitprograms.yaml b/config/crd/bases/bpfman.io_fexitprograms.yaml index d8e8bbd51..ff3a4c088 100644 --- a/config/crd/bases/bpfman.io_fexitprograms.yaml +++ b/config/crd/bases/bpfman.io_fexitprograms.yaml @@ -53,6 +53,12 @@ spec: spec: description: FexitProgramSpec defines the desired state of FexitProgram properties: + attach: + default: false + description: |- + Whether the program should be attached to the function. + This may be updated after the program has been loaded. + type: boolean bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -103,8 +109,9 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - func_name: - description: Function to attach the fexit to. + function_name: + description: FunctionName is the name of the function to attach the + Fexit program to. type: string globaldata: additionalProperties: @@ -218,11 +225,11 @@ spec: required: - bpffunctionname - bytecode - - func_name + - function_name - nodeselector type: object status: - description: FexitProgramStatus defines the observed state of FexitProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_kprobeprograms.yaml b/config/crd/bases/bpfman.io_kprobeprograms.yaml index 076d269e5..541523e0b 100644 --- a/config/crd/bases/bpfman.io_kprobeprograms.yaml +++ b/config/crd/bases/bpfman.io_kprobeprograms.yaml @@ -61,6 +61,34 @@ spec: spec: description: KprobeProgramSpec defines the desired state of KprobeProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + func_name: + description: Functions to attach the kprobe to. + type: string + offset: + default: 0 + description: |- + Offset added to the address of the function for kprobe. + Not allowed for kretprobes. + format: int64 + type: integer + retprobe: + default: false + description: Whether the program is a kretprobe. Default is + false + type: boolean + required: + - func_name + type: object + x-kubernetes-validations: + - message: offset cannot be set for kretprobes + rule: self.retprobe == false || self.offset == 0 + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -111,9 +139,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - func_name: - description: Functions to attach the kprobe to. - type: string globaldata: additionalProperties: format: byte @@ -223,28 +248,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: |- - Offset added to the address of the function for kprobe. - Not allowed for kretprobes. - format: int64 - type: integer - retprobe: - default: false - description: Whether the program is a kretprobe. Default is false - type: boolean required: - bpffunctionname - bytecode - - func_name - nodeselector type: object - x-kubernetes-validations: - - message: offset cannot be set for kretprobes - rule: self.retprobe == false || self.offset == 0 status: - description: KprobeProgramStatus defines the observed state of KprobeProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_tcprograms.yaml b/config/crd/bases/bpfman.io_tcprograms.yaml index 713629be2..3a660b458 100644 --- a/config/crd/bases/bpfman.io_tcprograms.yaml +++ b/config/crd/bases/bpfman.io_tcprograms.yaml @@ -65,6 +65,144 @@ spec: spec: description: TcProgramSpec defines the desired state of TcProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tc program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface (or + interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface + on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pipe + - dispatcher_return + description: |- + ProceedOn allows the user to call other tc programs in chain on this exit code. + Multiple values are supported by repeating the parameter. + items: + enum: + - unspec + - ok + - reclassify + - shot + - pipe + - stolen + - queued + - repeat + - redirect + - trap + - dispatcher_return + type: string + maxItems: 11 + type: array + required: + - direction + - interfaceselector + - priority + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -115,82 +253,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: - description: |- - Direction specifies the direction of traffic the tc program should - attach to for a given network device. - enum: - - ingress - - egress - type: string globaldata: additionalProperties: format: byte @@ -201,23 +263,6 @@ spec: is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures. type: object - interfaceselector: - description: Selector to determine the network interface (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface on the - node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -317,48 +362,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pipe - - dispatcher_return - description: |- - ProceedOn allows the user to call other tc programs in chain on this exit code. - Multiple values are supported by repeating the parameter. - items: - enum: - - unspec - - ok - - reclassify - - shot - - pipe - - stolen - - queued - - repeat - - redirect - - trap - - dispatcher_return - type: string - maxItems: 11 - type: array required: - bpffunctionname - bytecode - - direction - - interfaceselector - nodeselector - - priority type: object status: - description: TcProgramStatus defines the observed state of TcProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_tcxprograms.yaml b/config/crd/bases/bpfman.io_tcxprograms.yaml index d0eca6137..64cc1a65f 100644 --- a/config/crd/bases/bpfman.io_tcxprograms.yaml +++ b/config/crd/bases/bpfman.io_tcxprograms.yaml @@ -65,6 +65,121 @@ spec: spec: description: TcxProgramSpec defines the desired state of TcxProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + direction: + description: |- + Direction specifies the direction of traffic the tcx program should + attach to for a given network device. + enum: + - ingress + - egress + type: string + interfaceselector: + description: Selector to determine the network interface (or + interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface + on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the tc program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + required: + - direction + - interfaceselector + - priority + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -115,82 +230,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - direction: - description: |- - Direction specifies the direction of traffic the tcx program should - attach to for a given network device. - enum: - - ingress - - egress - type: string globaldata: additionalProperties: format: byte @@ -201,23 +240,6 @@ spec: is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures. type: object - interfaceselector: - description: Selector to determine the network interface (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface on the - node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -317,25 +339,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the tc program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer required: - bpffunctionname - bytecode - - direction - - interfaceselector - nodeselector - - priority type: object status: - description: TcxProgramStatus defines the observed state of TcProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_tracepointprograms.yaml b/config/crd/bases/bpfman.io_tracepointprograms.yaml index bbcc48241..41ca99e40 100644 --- a/config/crd/bases/bpfman.io_tracepointprograms.yaml +++ b/config/crd/bases/bpfman.io_tracepointprograms.yaml @@ -53,6 +53,21 @@ spec: spec: description: TracepointProgramSpec defines the desired state of TracepointProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + name: + description: |- + Name refers to the name of a kernel tracepoint to attach the + bpf program to. + type: string + required: + - name + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -163,13 +178,6 @@ spec: type: object type: object x-kubernetes-map-type: atomic - names: - description: |- - Names refers to the names of kernel tracepoints to attach the - bpf program to. - items: - type: string - type: array nodeselector: description: |- NodeSelector allows the user to specify which nodes to deploy the @@ -222,11 +230,10 @@ spec: required: - bpffunctionname - bytecode - - names - nodeselector type: object status: - description: TracepointProgramStatus defines the observed state of TracepointProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_uprobeprograms.yaml b/config/crd/bases/bpfman.io_uprobeprograms.yaml index 356c58008..1ecf9944e 100644 --- a/config/crd/bases/bpfman.io_uprobeprograms.yaml +++ b/config/crd/bases/bpfman.io_uprobeprograms.yaml @@ -69,6 +69,111 @@ spec: spec: description: UprobeProgramSpec defines the desired state of UprobeProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the uprobe. + If Containers is not specified, the uprobe will be attached in the + bpfman-agent container. The ContainerSelector is very flexible and even + allows the selection of all containers in a cluster. If an attempt is + made to attach uprobes to too many containers, it can have a negative + impact on on the cluster. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + func_name: + description: Function to attach the uprobe to. + type: string + offset: + default: 0 + description: Offset added to the address of the function for + uprobe. + format: int64 + type: integer + pid: + description: |- + Only execute uprobe for given process identification number (PID). If PID + is not provided, uprobe executes for all PIDs. + format: int32 + type: integer + retprobe: + default: false + description: Whether the program is a uretprobe. Default is + false + type: boolean + target: + description: Library name or the absolute path to a binary or + library. + type: string + required: + - target + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -119,80 +224,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the uprobe. - If Containers is not specified, the uprobe will be attached in the - bpfman-agent container. The ContainerSelector is very flexible and even - allows the selection of all containers in a cluster. If an attempt is - made to attach uprobes to too many containers, it can have a negative - impact on on the cluster. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object - func_name: - description: Function to attach the uprobe to. - type: string globaldata: additionalProperties: format: byte @@ -302,32 +333,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - offset: - default: 0 - description: Offset added to the address of the function for uprobe. - format: int64 - type: integer - pid: - description: |- - Only execute uprobe for given process identification number (PID). If PID - is not provided, uprobe executes for all PIDs. - format: int32 - type: integer - retprobe: - default: false - description: Whether the program is a uretprobe. Default is false - type: boolean - target: - description: Library name or the absolute path to a binary or library. - type: string required: - bpffunctionname - bytecode - nodeselector - - target type: object status: - description: UprobeProgramStatus defines the observed state of UprobeProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/crd/bases/bpfman.io_xdpprograms.yaml b/config/crd/bases/bpfman.io_xdpprograms.yaml index 3e15190b0..c0d5a600f 100644 --- a/config/crd/bases/bpfman.io_xdpprograms.yaml +++ b/config/crd/bases/bpfman.io_xdpprograms.yaml @@ -61,6 +61,127 @@ spec: spec: description: XdpProgramSpec defines the desired state of XdpProgram properties: + attach_points: + description: |- + The list of points to which the program should be attached. The list is + optional and may be udated after the bpf program has been loaded + items: + properties: + containers: + description: |- + Containers identifes the set of containers in which to attach the eBPF + program. If Containers is not specified, the BPF program will be attached + in the root network namespace. + properties: + containernames: + description: |- + Name(s) of container(s). If none are specified, all containers in the + pod are selected. + items: + type: string + type: array + namespace: + default: "" + description: Target namespaces. + type: string + pods: + description: |- + Target pods. This field must be specified, to select all pods use + standard metav1.LabelSelector semantics and make it empty. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - pods + type: object + interfaceselector: + description: Selector to determine the network interface (or + interfaces) + maxProperties: 1 + minProperties: 1 + properties: + interfaces: + description: |- + Interfaces refers to a list of network interfaces to attach the BPF + program to. + items: + type: string + type: array + primarynodeinterface: + description: Attach BPF program to the primary interface + on the node. Only 'true' accepted. + type: boolean + type: object + priority: + description: |- + Priority specifies the priority of the bpf program in relation to + other programs of the same type with the same attach point. It is a value + from 0 to 1000 where lower values have higher precedence. + format: int32 + maximum: 1000 + minimum: 0 + type: integer + proceedon: + default: + - pass + - dispatcher_return + items: + enum: + - aborted + - drop + - pass + - tx + - redirect + - dispatcher_return + type: string + maxItems: 6 + type: array + required: + - interfaceselector + - priority + type: object + type: array bpffunctionname: description: |- BpfFunctionName is the name of the function that is the entry point for the BPF @@ -111,74 +232,6 @@ spec: description: Path is used to specify a bytecode object via filepath. type: string type: object - containers: - description: |- - Containers identifes the set of containers in which to attach the eBPF - program. If Containers is not specified, the BPF program will be attached - in the root network namespace. - properties: - containernames: - description: |- - Name(s) of container(s). If none are specified, all containers in the - pod are selected. - items: - type: string - type: array - namespace: - default: "" - description: Target namespaces. - type: string - pods: - description: |- - Target pods. This field must be specified, to select all pods use - standard metav1.LabelSelector semantics and make it empty. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - pods - type: object globaldata: additionalProperties: format: byte @@ -189,23 +242,6 @@ spec: is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures. type: object - interfaceselector: - description: Selector to determine the network interface (or interfaces) - maxProperties: 1 - minProperties: 1 - properties: - interfaces: - description: |- - Interfaces refers to a list of network interfaces to attach the BPF - program to. - items: - type: string - type: array - primarynodeinterface: - description: Attach BPF program to the primary interface on the - node. Only 'true' accepted. - type: boolean - type: object mapownerselector: description: |- MapOwnerSelector is used to select the loaded eBPF program this eBPF program @@ -305,39 +341,13 @@ spec: type: object type: object x-kubernetes-map-type: atomic - priority: - description: |- - Priority specifies the priority of the bpf program in relation to - other programs of the same type with the same attach point. It is a value - from 0 to 1000 where lower values have higher precedence. - format: int32 - maximum: 1000 - minimum: 0 - type: integer - proceedon: - default: - - pass - - dispatcher_return - items: - enum: - - aborted - - drop - - pass - - tx - - redirect - - dispatcher_return - type: string - maxItems: 6 - type: array required: - bpffunctionname - bytecode - - interfaceselector - nodeselector - - priority type: object status: - description: XdpProgramStatus defines the observed state of XdpProgram + description: BpfAppStatus defines the BpfProgram status properties: conditions: description: |- diff --git a/config/samples/bpfman.io_v1alpha1_bpfapplication.yaml b/config/samples/bpfman.io_v1alpha1_bpfapplication.yaml index b7e8f1bb1..4d8fe8613 100644 --- a/config/samples/bpfman.io_v1alpha1_bpfapplication.yaml +++ b/config/samples/bpfman.io_v1alpha1_bpfapplication.yaml @@ -14,45 +14,50 @@ spec: - type: Kprobe kprobe: bpffunctionname: kprobe_counter - func_name: try_to_wake_up - offset: 0 - retprobe: false + attach_points: + - func_name: try_to_wake_up + offset: 0 + retprobe: false - type: Tracepoint tracepoint: bpffunctionname: tracepoint_kill_recorder - names: - - syscalls/sys_enter_kill + attach_points: + - name: syscalls/sys_enter_kill - type: TC tc: bpffunctionname: stats - interfaceselector: - primarynodeinterface: true - priority: 55 - direction: ingress + attach_points: + - interfaceselector: + primarynodeinterface: true + priority: 55 + direction: ingress - type: TCX tcx: bpffunctionname: tcx_stats - interfaceselector: - primarynodeinterface: true - priority: 500 - direction: ingress + attach_points: + - interfaceselector: + primarynodeinterface: true + priority: 500 + direction: ingress - type: Uprobe uprobe: bpffunctionname: uprobe_counter - func_name: malloc - target: libc - retprobe: false - containers: - namespace: bpfman - pods: - matchLabels: - name: bpfman-daemon - containernames: - - bpfman - - bpfman-agent + attach_points: + - func_name: malloc + target: libc + retprobe: false + containers: + namespace: bpfman + pods: + matchLabels: + name: bpfman-daemon + containernames: + - bpfman + - bpfman-agent - type: XDP xdp: bpffunctionname: xdp_stats - interfaceselector: - primarynodeinterface: true - priority: 55 + attach_points: + - interfaceselector: + primarynodeinterface: true + priority: 55 diff --git a/controllers/bpfman-agent/application-program.go b/controllers/bpfman-agent/application-program.go index ac5b019ef..a0bf1117f 100644 --- a/controllers/bpfman-agent/application-program.go +++ b/controllers/bpfman-agent/application-program.go @@ -121,7 +121,7 @@ func (r *BpfApplicationReconciler) Reconcile(ctx context.Context, req ctrl.Reque case bpfmaniov1alpha1.ProgTypeKprobe, bpfmaniov1alpha1.ProgTypeKretprobe: - appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), sanitize(p.Kprobe.FunctionName), p.Kprobe.BpfFunctionName) + appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), sanitize(p.Kprobe.AttachPoints[0].FunctionName), p.Kprobe.BpfFunctionName) kprobeProgram := bpfmaniov1alpha1.KprobeProgram{ ObjectMeta: metav1.ObjectMeta{ Name: buildProgramName(a, p), @@ -144,7 +144,7 @@ func (r *BpfApplicationReconciler) Reconcile(ctx context.Context, req ctrl.Reque case bpfmaniov1alpha1.ProgTypeUprobe, bpfmaniov1alpha1.ProgTypeUretprobe: - appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), sanitize(p.Uprobe.FunctionName), p.Uprobe.BpfFunctionName) + appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), sanitize(p.Uprobe.AttachPoints[0].FunctionName), p.Uprobe.BpfFunctionName) uprobeProgram := bpfmaniov1alpha1.UprobeProgram{ ObjectMeta: metav1.ObjectMeta{ Name: buildProgramName(a, p), @@ -188,13 +188,13 @@ func (r *BpfApplicationReconciler) Reconcile(ctx context.Context, req ctrl.Reque complete, res, err = r.reconcileCommon(ctx, rec, tracepointObjects) case bpfmaniov1alpha1.ProgTypeTC: - _, ifErr := getInterfaces(&p.TC.InterfaceSelector, r.ourNode) + _, ifErr := getInterfaces(&p.TC.AttachPoints[0].InterfaceSelector, r.ourNode) if ifErr != nil { r.Logger.Error(ifErr, "failed to get interfaces for TC Program", "app program name", a.Name, "program index", j) continue } - appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), p.TC.Direction, p.TC.BpfFunctionName) + appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), p.TC.AttachPoints[0].Direction, p.TC.BpfFunctionName) tcProgram := bpfmaniov1alpha1.TcProgram{ ObjectMeta: metav1.ObjectMeta{ Name: buildProgramName(a, p), @@ -216,13 +216,13 @@ func (r *BpfApplicationReconciler) Reconcile(ctx context.Context, req ctrl.Reque complete, res, err = r.reconcileCommon(ctx, rec, tcObjects) case bpfmaniov1alpha1.ProgTypeTCX: - _, ifErr := getInterfaces(&p.TCX.InterfaceSelector, r.ourNode) + _, ifErr := getInterfaces(&p.TCX.AttachPoints[0].InterfaceSelector, r.ourNode) if ifErr != nil { r.Logger.Error(ifErr, "failed to get interfaces for TCX Program", "app program name", a.Name, "program index", j) continue } - appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), p.TCX.Direction, p.TCX.BpfFunctionName) + appProgramId := fmt.Sprintf("%s-%s-%s", strings.ToLower(string(p.Type)), p.TCX.AttachPoints[0].Direction, p.TCX.BpfFunctionName) tcxProgram := bpfmaniov1alpha1.TcxProgram{ ObjectMeta: metav1.ObjectMeta{ Name: buildProgramName(a, p), @@ -244,7 +244,7 @@ func (r *BpfApplicationReconciler) Reconcile(ctx context.Context, req ctrl.Reque complete, res, err = r.reconcileCommon(ctx, rec, tcxObjects) case bpfmaniov1alpha1.ProgTypeXDP: - _, ifErr := getInterfaces(&p.XDP.InterfaceSelector, r.ourNode) + _, ifErr := getInterfaces(&p.XDP.AttachPoints[0].InterfaceSelector, r.ourNode) if ifErr != nil { r.Logger.Error(ifErr, "failed to get interfaces for XDP Program", "app program name", a.Name, "program index", j) diff --git a/controllers/bpfman-agent/application-program_test.go b/controllers/bpfman-agent/application-program_test.go index d3c0195c7..9352f5eaf 100644 --- a/controllers/bpfman-agent/application-program_test.go +++ b/controllers/bpfman-agent/application-program_test.go @@ -71,7 +71,8 @@ func TestBpfApplicationControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFentryFunctionName, }, - FunctionName: fentryFunctionName, + FentryLoadInfo: bpfmaniov1alpha1.FentryLoadInfo{FunctionName: fentryFunctionName}, + Attach: true, }, }, { @@ -80,9 +81,13 @@ func TestBpfApplicationControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfKprobeFunctionName, }, - FunctionName: kprobeFunctionName, - Offset: uint64(kprobeOffset), - RetProbe: kprobeRetprobe, + AttachPoints: []bpfmaniov1alpha1.KprobeAttachInfo{ + { + FunctionName: kprobeFunctionName, + Offset: uint64(kprobeOffset), + RetProbe: kprobeRetprobe, + }, + }, }, }, }, diff --git a/controllers/bpfman-agent/fentry-program_test.go b/controllers/bpfman-agent/fentry-program_test.go index 1a5384162..587ef9d65 100644 --- a/controllers/bpfman-agent/fentry-program_test.go +++ b/controllers/bpfman-agent/fentry-program_test.go @@ -72,7 +72,8 @@ func TestFentryProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, + FentryLoadInfo: bpfmaniov1alpha1.FentryLoadInfo{FunctionName: functionName}, + Attach: true, }, }, } diff --git a/controllers/bpfman-agent/fexit-program_test.go b/controllers/bpfman-agent/fexit-program_test.go index a424384d5..54a3eb068 100644 --- a/controllers/bpfman-agent/fexit-program_test.go +++ b/controllers/bpfman-agent/fexit-program_test.go @@ -72,7 +72,8 @@ func TestFexitProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, + FexitLoadInfo: bpfmaniov1alpha1.FexitLoadInfo{FunctionName: functionName}, + Attach: true, }, }, } diff --git a/controllers/bpfman-agent/kprobe-program.go b/controllers/bpfman-agent/kprobe-program.go index 8b18400b0..136585503 100644 --- a/controllers/bpfman-agent/kprobe-program.go +++ b/controllers/bpfman-agent/kprobe-program.go @@ -126,9 +126,9 @@ func (r *KprobeProgramReconciler) SetupWithManager(mgr ctrl.Manager) error { func (r *KprobeProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfmaniov1alpha1.BpfProgramList, error) { progs := &bpfmaniov1alpha1.BpfProgramList{} - attachPoint := sanitize(r.currentKprobeProgram.Spec.FunctionName) + attachPoint := sanitize(r.currentKprobeProgram.Spec.AttachPoints[0].FunctionName) - annotations := map[string]string{internal.KprobeProgramFunction: r.currentKprobeProgram.Spec.FunctionName} + annotations := map[string]string{internal.KprobeProgramFunction: r.currentKprobeProgram.Spec.AttachPoints[0].FunctionName} prog, err := r.createBpfProgram(attachPoint, r, annotations) if err != nil { @@ -198,8 +198,8 @@ func (r *KprobeProgramReconciler) getLoadRequest(bpfProgram *bpfmaniov1alpha1.Bp Info: &gobpfman.AttachInfo_KprobeAttachInfo{ KprobeAttachInfo: &gobpfman.KprobeAttachInfo{ FnName: bpfProgram.Annotations[internal.KprobeProgramFunction], - Offset: r.currentKprobeProgram.Spec.Offset, - Retprobe: r.currentKprobeProgram.Spec.RetProbe, + Offset: r.currentKprobeProgram.Spec.AttachPoints[0].Offset, + Retprobe: r.currentKprobeProgram.Spec.AttachPoints[0].RetProbe, ContainerPid: &container_pid, }, }, diff --git a/controllers/bpfman-agent/kprobe-program_test.go b/controllers/bpfman-agent/kprobe-program_test.go index 96f1a3744..014d2155d 100644 --- a/controllers/bpfman-agent/kprobe-program_test.go +++ b/controllers/bpfman-agent/kprobe-program_test.go @@ -75,9 +75,13 @@ func TestKprobeProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, - Offset: uint64(offset), - RetProbe: retprobe, + AttachPoints: []bpfmaniov1alpha1.KprobeAttachInfo{ + { + FunctionName: functionName, + Offset: uint64(offset), + RetProbe: retprobe, + }, + }, }, }, } diff --git a/controllers/bpfman-agent/tc-program.go b/controllers/bpfman-agent/tc-program.go index d65134e06..cd1b19996 100644 --- a/controllers/bpfman-agent/tc-program.go +++ b/controllers/bpfman-agent/tc-program.go @@ -100,7 +100,7 @@ func (r *TcProgramReconciler) setCurrentProgram(program client.Object) error { return fmt.Errorf("failed to cast program to TcProgram") } - r.interfaces, err = getInterfaces(&r.currentTcProgram.Spec.InterfaceSelector, r.ourNode) + r.interfaces, err = getInterfaces(&r.currentTcProgram.Spec.AttachPoints[0].InterfaceSelector, r.ourNode) if err != nil { return fmt.Errorf("failed to get interfaces for TcProgram: %v", err) } @@ -179,11 +179,11 @@ func (r *TcProgramReconciler) SetupWithManager(mgr ctrl.Manager) error { func (r *TcProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfmaniov1alpha1.BpfProgramList, error) { progs := &bpfmaniov1alpha1.BpfProgramList{} - if r.currentTcProgram.Spec.Containers != nil { + if r.currentTcProgram.Spec.AttachPoints[0].Containers != nil { // There is a container selector, so see if there are any matching // containers on this node. - containerInfo, err := r.Containers.GetContainers(ctx, r.currentTcProgram.Spec.Containers, r.Logger) + containerInfo, err := r.Containers.GetContainers(ctx, r.currentTcProgram.Spec.AttachPoints[0].Containers, r.Logger) if err != nil { return nil, fmt.Errorf("failed to get container pids: %v", err) } @@ -194,7 +194,7 @@ func (r *TcProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfm for _, iface := range r.interfaces { attachPoint := fmt.Sprintf("%s-%s-%s", iface, - r.currentTcProgram.Spec.Direction, + r.currentTcProgram.Spec.AttachPoints[0].Direction, "no-containers-on-node", ) @@ -217,7 +217,7 @@ func (r *TcProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfm for _, iface := range r.interfaces { attachPoint := fmt.Sprintf("%s-%s-%s-%s", iface, - r.currentTcProgram.Spec.Direction, + r.currentTcProgram.Spec.AttachPoints[0].Direction, container.podName, container.containerName, ) @@ -238,7 +238,7 @@ func (r *TcProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfm } } else { for _, iface := range r.interfaces { - attachPoint := iface + "-" + r.currentTcProgram.Spec.Direction + attachPoint := iface + "-" + r.currentTcProgram.Spec.AttachPoints[0].Direction annotations := map[string]string{internal.TcProgramInterface: iface} prog, err := r.createBpfProgram(attachPoint, r, annotations) @@ -301,10 +301,10 @@ func (r *TcProgramReconciler) getLoadRequest(bpfProgram *bpfmaniov1alpha1.BpfPro } attachInfo := &gobpfman.TCAttachInfo{ - Priority: r.currentTcProgram.Spec.Priority, + Priority: r.currentTcProgram.Spec.AttachPoints[0].Priority, Iface: bpfProgram.Annotations[internal.TcProgramInterface], - Direction: r.currentTcProgram.Spec.Direction, - ProceedOn: tcProceedOnToInt(r.currentTcProgram.Spec.ProceedOn), + Direction: r.currentTcProgram.Spec.AttachPoints[0].Direction, + ProceedOn: tcProceedOnToInt(r.currentTcProgram.Spec.AttachPoints[0].ProceedOn), } containerPidStr, ok := bpfProgram.Annotations[internal.TcContainerPid] diff --git a/controllers/bpfman-agent/tc-program_test.go b/controllers/bpfman-agent/tc-program_test.go index a1b711843..02e7def10 100644 --- a/controllers/bpfman-agent/tc-program_test.go +++ b/controllers/bpfman-agent/tc-program_test.go @@ -74,14 +74,18 @@ func TestTcProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &[]string{fakeInt}, - }, - Priority: 0, - Direction: direction, - ProceedOn: []bpfmaniov1alpha1.TcProceedOnValue{ - bpfmaniov1alpha1.TcProceedOnValue("pipe"), - bpfmaniov1alpha1.TcProceedOnValue("dispatcher_return"), + AttachPoints: []bpfmaniov1alpha1.TcAttachInfo{ + { + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &[]string{fakeInt}, + }, + Priority: 0, + Direction: direction, + ProceedOn: []bpfmaniov1alpha1.TcProceedOnValue{ + bpfmaniov1alpha1.TcProceedOnValue("pipe"), + bpfmaniov1alpha1.TcProceedOnValue("dispatcher_return"), + }, + }, }, }, }, @@ -247,14 +251,18 @@ func TestTcProgramControllerCreateMultiIntf(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &fakeInts, - }, - Priority: 0, - Direction: direction, - ProceedOn: []bpfmaniov1alpha1.TcProceedOnValue{ - bpfmaniov1alpha1.TcProceedOnValue("pipe"), - bpfmaniov1alpha1.TcProceedOnValue("dispatcher_return"), + AttachPoints: []bpfmaniov1alpha1.TcAttachInfo{ + { + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &fakeInts, + }, + Priority: 0, + Direction: direction, + ProceedOn: []bpfmaniov1alpha1.TcProceedOnValue{ + bpfmaniov1alpha1.TcProceedOnValue("pipe"), + bpfmaniov1alpha1.TcProceedOnValue("dispatcher_return"), + }, + }, }, }, }, diff --git a/controllers/bpfman-agent/tcx-program.go b/controllers/bpfman-agent/tcx-program.go index 8df8661f2..ad4f6a749 100644 --- a/controllers/bpfman-agent/tcx-program.go +++ b/controllers/bpfman-agent/tcx-program.go @@ -100,7 +100,7 @@ func (r *TcxProgramReconciler) setCurrentProgram(program client.Object) error { return fmt.Errorf("failed to cast program to TcxProgram") } - r.interfaces, err = getInterfaces(&r.currentTcxProgram.Spec.InterfaceSelector, r.ourNode) + r.interfaces, err = getInterfaces(&r.currentTcxProgram.Spec.AttachPoints[0].InterfaceSelector, r.ourNode) if err != nil { return fmt.Errorf("failed to get interfaces for TcxProgram: %v", err) } @@ -145,11 +145,11 @@ func (r *TcxProgramReconciler) SetupWithManager(mgr ctrl.Manager) error { func (r *TcxProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfmaniov1alpha1.BpfProgramList, error) { progs := &bpfmaniov1alpha1.BpfProgramList{} - if r.currentTcxProgram.Spec.Containers != nil { + if r.currentTcxProgram.Spec.AttachPoints[0].Containers != nil { // There is a container selector, so see if there are any matching // containers on this node. - containerInfo, err := r.Containers.GetContainers(ctx, r.currentTcxProgram.Spec.Containers, r.Logger) + containerInfo, err := r.Containers.GetContainers(ctx, r.currentTcxProgram.Spec.AttachPoints[0].Containers, r.Logger) if err != nil { return nil, fmt.Errorf("failed to get container pids: %v", err) } @@ -160,7 +160,7 @@ func (r *TcxProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpf for _, iface := range r.interfaces { attachPoint := fmt.Sprintf("%s-%s-%s", iface, - r.currentTcxProgram.Spec.Direction, + r.currentTcxProgram.Spec.AttachPoints[0].Direction, "no-containers-on-node", ) @@ -183,7 +183,7 @@ func (r *TcxProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpf for _, iface := range r.interfaces { attachPoint := fmt.Sprintf("%s-%s-%s-%s", iface, - r.currentTcxProgram.Spec.Direction, + r.currentTcxProgram.Spec.AttachPoints[0].Direction, container.podName, container.containerName, ) @@ -204,7 +204,7 @@ func (r *TcxProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpf } } else { for _, iface := range r.interfaces { - attachPoint := iface + "-" + r.currentTcxProgram.Spec.Direction + attachPoint := iface + "-" + r.currentTcxProgram.Spec.AttachPoints[0].Direction annotations := map[string]string{internal.TcxProgramInterface: iface} prog, err := r.createBpfProgram(attachPoint, r, annotations) @@ -267,9 +267,9 @@ func (r *TcxProgramReconciler) getLoadRequest(bpfProgram *bpfmaniov1alpha1.BpfPr } attachInfo := &gobpfman.TCXAttachInfo{ - Priority: r.currentTcxProgram.Spec.Priority, + Priority: r.currentTcxProgram.Spec.AttachPoints[0].Priority, Iface: bpfProgram.Annotations[internal.TcxProgramInterface], - Direction: r.currentTcxProgram.Spec.Direction, + Direction: r.currentTcxProgram.Spec.AttachPoints[0].Direction, } containerPidStr, ok := bpfProgram.Annotations[internal.TcxContainerPid] diff --git a/controllers/bpfman-agent/tcx-program_test.go b/controllers/bpfman-agent/tcx-program_test.go index 090d640de..9c0e6d737 100644 --- a/controllers/bpfman-agent/tcx-program_test.go +++ b/controllers/bpfman-agent/tcx-program_test.go @@ -74,11 +74,15 @@ func TestTcxProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &[]string{fakeInt}, + AttachPoints: []bpfmaniov1alpha1.TcxAttachInfo{ + { + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &[]string{fakeInt}, + }, + Priority: 0, + Direction: direction, + }, }, - Priority: 0, - Direction: direction, }, }, } @@ -170,7 +174,7 @@ func TestTcxProgramControllerCreate(t *testing.T) { Info: &gobpfman.AttachInfo_TcxAttachInfo{ TcxAttachInfo: &gobpfman.TCXAttachInfo{ Iface: fakeInt, - Priority: tcx.Spec.Priority, + Priority: tcx.Spec.AttachPoints[0].Priority, Direction: direction, }, }, @@ -242,11 +246,15 @@ func TestTcxProgramControllerCreateMultiIntf(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &fakeInts, + AttachPoints: []bpfmaniov1alpha1.TcxAttachInfo{ + { + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &fakeInts, + }, + Priority: 10, + Direction: direction, + }, }, - Priority: 10, - Direction: direction, }, }, } @@ -389,7 +397,7 @@ func TestTcxProgramControllerCreateMultiIntf(t *testing.T) { Info: &gobpfman.AttachInfo_TcxAttachInfo{ TcxAttachInfo: &gobpfman.TCXAttachInfo{ Iface: fakeInts[0], - Priority: tcx.Spec.Priority, + Priority: tcx.Spec.AttachPoints[0].Priority, Direction: direction, }, }, @@ -410,7 +418,7 @@ func TestTcxProgramControllerCreateMultiIntf(t *testing.T) { Info: &gobpfman.AttachInfo_TcxAttachInfo{ TcxAttachInfo: &gobpfman.TCXAttachInfo{ Iface: fakeInts[1], - Priority: tcx.Spec.Priority, + Priority: tcx.Spec.AttachPoints[0].Priority, Direction: direction, }, }, diff --git a/controllers/bpfman-agent/tracepoint-program.go b/controllers/bpfman-agent/tracepoint-program.go index 97480369c..16ed6e254 100644 --- a/controllers/bpfman-agent/tracepoint-program.go +++ b/controllers/bpfman-agent/tracepoint-program.go @@ -126,18 +126,17 @@ func (r *TracepointProgramReconciler) SetupWithManager(mgr ctrl.Manager) error { func (r *TracepointProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfmaniov1alpha1.BpfProgramList, error) { progs := &bpfmaniov1alpha1.BpfProgramList{} - for _, tracepoint := range r.currentTracepointProgram.Spec.Names { - attachPoint := sanitize(tracepoint) - annotations := map[string]string{internal.TracepointProgramTracepoint: tracepoint} + tracepoint := r.currentTracepointProgram.Spec.AttachPoints[0].Name + attachPoint := sanitize(tracepoint) + annotations := map[string]string{internal.TracepointProgramTracepoint: tracepoint} - prog, err := r.createBpfProgram(attachPoint, r, annotations) - if err != nil { - return nil, fmt.Errorf("failed to create BpfProgram %s: %v", attachPoint, err) - } - - progs.Items = append(progs.Items, *prog) + prog, err := r.createBpfProgram(attachPoint, r, annotations) + if err != nil { + return nil, fmt.Errorf("failed to create BpfProgram %s: %v", attachPoint, err) } + progs.Items = append(progs.Items, *prog) + return progs, nil } diff --git a/controllers/bpfman-agent/tracepoint-program_test.go b/controllers/bpfman-agent/tracepoint-program_test.go index 3455f72a4..2f5ab986f 100644 --- a/controllers/bpfman-agent/tracepoint-program_test.go +++ b/controllers/bpfman-agent/tracepoint-program_test.go @@ -72,7 +72,7 @@ func TestTracepointProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - Names: []string{tracepointName}, + AttachPoints: []bpfmaniov1alpha1.TracepointAttachInfo{{Name: tracepointName}}, }, }, } diff --git a/controllers/bpfman-agent/uprobe-program.go b/controllers/bpfman-agent/uprobe-program.go index 72f90ed31..884a68a51 100644 --- a/controllers/bpfman-agent/uprobe-program.go +++ b/controllers/bpfman-agent/uprobe-program.go @@ -134,13 +134,14 @@ func (r *UprobeProgramReconciler) SetupWithManager(mgr ctrl.Manager) error { func (r *UprobeProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfmaniov1alpha1.BpfProgramList, error) { progs := &bpfmaniov1alpha1.BpfProgramList{} - sanitizedUprobe := sanitize(r.currentUprobeProgram.Spec.Target) + "-" + sanitize(r.currentUprobeProgram.Spec.FunctionName) + sanitizedUprobe := sanitize(r.currentUprobeProgram.Spec.AttachPoints[0].Target) + "-" + + sanitize(r.currentUprobeProgram.Spec.AttachPoints[0].FunctionName) - if r.currentUprobeProgram.Spec.Containers != nil { + if r.currentUprobeProgram.Spec.AttachPoints[0].Containers != nil { // There is a container selector, so see if there are any matching // containers on this node. - containerInfo, err := r.Containers.GetContainers(ctx, r.currentUprobeProgram.Spec.Containers, r.Logger) + containerInfo, err := r.Containers.GetContainers(ctx, r.currentUprobeProgram.Spec.AttachPoints[0].Containers, r.Logger) if err != nil { return nil, fmt.Errorf("failed to get container pids: %v", err) } @@ -149,7 +150,7 @@ func (r *UprobeProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (* // select any containers on this node. annotations := map[string]string{ - internal.UprobeProgramTarget: r.currentUprobeProgram.Spec.Target, + internal.UprobeProgramTarget: r.currentUprobeProgram.Spec.AttachPoints[0].Target, internal.UprobeNoContainersOnNode: "true", } @@ -167,7 +168,7 @@ func (r *UprobeProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (* for i := range *containerInfo { container := (*containerInfo)[i] - annotations := map[string]string{internal.UprobeProgramTarget: r.currentUprobeProgram.Spec.Target} + annotations := map[string]string{internal.UprobeProgramTarget: r.currentUprobeProgram.Spec.AttachPoints[0].Target} annotations[internal.UprobeContainerPid] = strconv.FormatInt(container.pid, 10) attachPoint := fmt.Sprintf("%s-%s-%s", @@ -185,7 +186,7 @@ func (r *UprobeProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (* } } } else { - annotations := map[string]string{internal.UprobeProgramTarget: r.currentUprobeProgram.Spec.Target} + annotations := map[string]string{internal.UprobeProgramTarget: r.currentUprobeProgram.Spec.AttachPoints[0].Target} attachPoint := sanitizedUprobe @@ -265,10 +266,10 @@ func (r *UprobeProgramReconciler) getLoadRequest(bpfProgram *bpfmaniov1alpha1.Bp } uprobeAttachInfo = &gobpfman.UprobeAttachInfo{ - FnName: &r.currentUprobeProgram.Spec.FunctionName, - Offset: r.currentUprobeProgram.Spec.Offset, + FnName: &r.currentUprobeProgram.Spec.AttachPoints[0].FunctionName, + Offset: r.currentUprobeProgram.Spec.AttachPoints[0].Offset, Target: bpfProgram.Annotations[internal.UprobeProgramTarget], - Retprobe: r.currentUprobeProgram.Spec.RetProbe, + Retprobe: r.currentUprobeProgram.Spec.AttachPoints[0].RetProbe, } if hasContainerPid { diff --git a/controllers/bpfman-agent/uprobe-program_test.go b/controllers/bpfman-agent/uprobe-program_test.go index a22d367d2..de2a39ead 100644 --- a/controllers/bpfman-agent/uprobe-program_test.go +++ b/controllers/bpfman-agent/uprobe-program_test.go @@ -76,10 +76,14 @@ func TestUprobeProgramControllerCreate(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, - Target: target, - Offset: uint64(offset), - RetProbe: retprobe, + AttachPoints: []bpfmaniov1alpha1.UprobeAttachInfo{ + { + FunctionName: functionName, + Target: target, + Offset: uint64(offset), + RetProbe: retprobe, + }, + }, }, }, } @@ -240,6 +244,16 @@ func TestUprobeProgramControllerCreateContainer(t *testing.T) { Pods: metav1.LabelSelector{}, } + attachPoints := []bpfmaniov1alpha1.UprobeAttachInfo{ + { + FunctionName: functionName, + Target: target, + Offset: uint64(offset), + RetProbe: retprobe, + Containers: &containerSelector, + }, + } + // A UprobeProgram object with metadata and spec. Uprobe := &bpfmaniov1alpha1.UprobeProgram{ ObjectMeta: metav1.ObjectMeta{ @@ -256,12 +270,7 @@ func TestUprobeProgramControllerCreateContainer(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, - Target: target, - Offset: uint64(offset), - RetProbe: retprobe, - Containers: &containerSelector, - }, + AttachPoints: attachPoints}, }, } diff --git a/controllers/bpfman-agent/xdp-program.go b/controllers/bpfman-agent/xdp-program.go index 364217908..017fe4108 100644 --- a/controllers/bpfman-agent/xdp-program.go +++ b/controllers/bpfman-agent/xdp-program.go @@ -99,7 +99,7 @@ func (r *XdpProgramReconciler) setCurrentProgram(program client.Object) error { return fmt.Errorf("failed to cast program to XdpProgram") } - r.interfaces, err = getInterfaces(&r.currentXdpProgram.Spec.InterfaceSelector, r.ourNode) + r.interfaces, err = getInterfaces(&r.currentXdpProgram.Spec.AttachPoints[0].InterfaceSelector, r.ourNode) if err != nil { return fmt.Errorf("failed to get interfaces for XdpProgram: %v", err) } @@ -164,11 +164,11 @@ func (r *XdpProgramReconciler) SetupWithManager(mgr ctrl.Manager) error { func (r *XdpProgramReconciler) getExpectedBpfPrograms(ctx context.Context) (*bpfmaniov1alpha1.BpfProgramList, error) { progs := &bpfmaniov1alpha1.BpfProgramList{} - if r.currentXdpProgram.Spec.Containers != nil { + if r.currentXdpProgram.Spec.AttachPoints[0].Containers != nil { // There is a container selector, so see if there are any matching // containers on this node. - containerInfo, err := r.Containers.GetContainers(ctx, r.currentXdpProgram.Spec.Containers, r.Logger) + containerInfo, err := r.Containers.GetContainers(ctx, r.currentXdpProgram.Spec.AttachPoints[0].Containers, r.Logger) if err != nil { return nil, fmt.Errorf("failed to get container pids: %v", err) } @@ -283,9 +283,9 @@ func (r *XdpProgramReconciler) getLoadRequest(bpfProgram *bpfmaniov1alpha1.BpfPr } attachInfo := &gobpfman.XDPAttachInfo{ - Priority: r.currentXdpProgram.Spec.Priority, + Priority: r.currentXdpProgram.Spec.AttachPoints[0].Priority, Iface: bpfProgram.Annotations[internal.XdpProgramInterface], - ProceedOn: xdpProceedOnToInt(r.currentXdpProgram.Spec.ProceedOn), + ProceedOn: xdpProceedOnToInt(r.currentXdpProgram.Spec.AttachPoints[0].ProceedOn), } containerPidStr, ok := bpfProgram.Annotations[internal.XdpContainerPid] diff --git a/controllers/bpfman-agent/xdp-program_test.go b/controllers/bpfman-agent/xdp-program_test.go index 922cd28e4..88c626a23 100644 --- a/controllers/bpfman-agent/xdp-program_test.go +++ b/controllers/bpfman-agent/xdp-program_test.go @@ -89,12 +89,16 @@ func xdpProgramControllerCreate(t *testing.T, multiInterface bool, multiConditio BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &fakeInts, - }, - Priority: 0, - ProceedOn: []bpfmaniov1alpha1.XdpProceedOnValue{bpfmaniov1alpha1.XdpProceedOnValue("pass"), - bpfmaniov1alpha1.XdpProceedOnValue("dispatcher_return"), + AttachPoints: []bpfmaniov1alpha1.XdpAttachInfo{ + { + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &fakeInts, + }, + Priority: 0, + ProceedOn: []bpfmaniov1alpha1.XdpProceedOnValue{bpfmaniov1alpha1.XdpProceedOnValue("pass"), + bpfmaniov1alpha1.XdpProceedOnValue("dispatcher_return"), + }, + }, }, }, }, diff --git a/controllers/bpfman-operator/application-program_test.go b/controllers/bpfman-operator/application-program_test.go index 76fc0770f..8dca7b52e 100644 --- a/controllers/bpfman-operator/application-program_test.go +++ b/controllers/bpfman-operator/application-program_test.go @@ -75,7 +75,8 @@ func appProgramReconcile(t *testing.T, multiCondition bool) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFentryFunctionName, }, - FunctionName: functionFentryName, + FentryLoadInfo: bpfmaniov1alpha1.FentryLoadInfo{FunctionName: functionFentryName}, + Attach: true, }, }, { @@ -84,9 +85,13 @@ func appProgramReconcile(t *testing.T, multiCondition bool) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfKprobeFunctionName, }, - FunctionName: functionKprobeName, - Offset: uint64(offset), - RetProbe: retprobe, + AttachPoints: []bpfmaniov1alpha1.KprobeAttachInfo{ + { + FunctionName: functionKprobeName, + Offset: uint64(offset), + RetProbe: retprobe, + }, + }, }, }, { @@ -95,7 +100,11 @@ func appProgramReconcile(t *testing.T, multiCondition bool) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfTracepointFunctionName, }, - Names: []string{tracepointName}, + AttachPoints: []bpfmaniov1alpha1.TracepointAttachInfo{ + { + Name: tracepointName, + }, + }, }, }, }, diff --git a/controllers/bpfman-operator/fentry-program_test.go b/controllers/bpfman-operator/fentry-program_test.go index 1ffd18af7..4f556c6a8 100644 --- a/controllers/bpfman-operator/fentry-program_test.go +++ b/controllers/bpfman-operator/fentry-program_test.go @@ -63,11 +63,11 @@ func fentryProgramReconcile(t *testing.T, multiCondition bool) { }, }, FentryProgramInfo: bpfmaniov1alpha1.FentryProgramInfo{ - BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, + FentryLoadInfo: bpfmaniov1alpha1.FentryLoadInfo{FunctionName: functionName}, + Attach: true, }, }, } diff --git a/controllers/bpfman-operator/fexit-program_test.go b/controllers/bpfman-operator/fexit-program_test.go index 086e30d9d..faa051bbb 100644 --- a/controllers/bpfman-operator/fexit-program_test.go +++ b/controllers/bpfman-operator/fexit-program_test.go @@ -67,7 +67,8 @@ func fexitProgramReconcile(t *testing.T, multiCondition bool) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, + FexitLoadInfo: bpfmaniov1alpha1.FexitLoadInfo{FunctionName: functionName}, + Attach: true, }, }, } diff --git a/controllers/bpfman-operator/kprobe-program_test.go b/controllers/bpfman-operator/kprobe-program_test.go index 5216fbd77..50c5789f6 100644 --- a/controllers/bpfman-operator/kprobe-program_test.go +++ b/controllers/bpfman-operator/kprobe-program_test.go @@ -69,9 +69,13 @@ func kprobeProgramReconcile(t *testing.T, multiCondition bool) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, - Offset: uint64(offset), - RetProbe: retprobe, + AttachPoints: []bpfmaniov1alpha1.KprobeAttachInfo{ + { + FunctionName: functionName, + Offset: uint64(offset), + RetProbe: retprobe, + }, + }, }, }, } diff --git a/controllers/bpfman-operator/tc-program_test.go b/controllers/bpfman-operator/tc-program_test.go index 032a4d7f8..ba3d8c593 100644 --- a/controllers/bpfman-operator/tc-program_test.go +++ b/controllers/bpfman-operator/tc-program_test.go @@ -66,15 +66,15 @@ func TestTcProgramReconcile(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + AttachPoints: []bpfmaniov1alpha1.TcAttachInfo{{InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ Interfaces: &[]string{fakeInt}, }, - Priority: 0, - Direction: direction, - ProceedOn: []bpfmaniov1alpha1.TcProceedOnValue{ - bpfmaniov1alpha1.TcProceedOnValue("pipe"), - bpfmaniov1alpha1.TcProceedOnValue("dispatcher_return"), - }, + Priority: 0, + Direction: direction, + ProceedOn: []bpfmaniov1alpha1.TcProceedOnValue{ + bpfmaniov1alpha1.TcProceedOnValue("pipe"), + bpfmaniov1alpha1.TcProceedOnValue("dispatcher_return"), + }}}, }, }, } diff --git a/controllers/bpfman-operator/tcx-program_test.go b/controllers/bpfman-operator/tcx-program_test.go index 5623e995f..fd8929633 100644 --- a/controllers/bpfman-operator/tcx-program_test.go +++ b/controllers/bpfman-operator/tcx-program_test.go @@ -66,12 +66,13 @@ func TestTcxProgramReconcile(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &[]string{fakeInt}, - }, - Priority: 0, - Direction: direction, - }, + AttachPoints: []bpfmaniov1alpha1.TcxAttachInfo{{ + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &[]string{fakeInt}, + }, + Priority: 0, + Direction: direction, + }}}, }, } diff --git a/controllers/bpfman-operator/tracepoint-program_test.go b/controllers/bpfman-operator/tracepoint-program_test.go index 8cac0a367..2644f537f 100644 --- a/controllers/bpfman-operator/tracepoint-program_test.go +++ b/controllers/bpfman-operator/tracepoint-program_test.go @@ -64,7 +64,7 @@ func TestTracepointProgramReconcile(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - Names: []string{tracepointName}, + AttachPoints: []bpfmaniov1alpha1.TracepointAttachInfo{{Name: tracepointName}}, }, }, } diff --git a/controllers/bpfman-operator/uprobe-program_test.go b/controllers/bpfman-operator/uprobe-program_test.go index d591165fd..23b9f3aff 100644 --- a/controllers/bpfman-operator/uprobe-program_test.go +++ b/controllers/bpfman-operator/uprobe-program_test.go @@ -67,10 +67,12 @@ func TestUprobeProgramReconcile(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - FunctionName: functionName, - Target: target, - Offset: uint64(offset), - RetProbe: retprobe, + AttachPoints: []bpfmaniov1alpha1.UprobeAttachInfo{{ + FunctionName: functionName, + Target: target, + Offset: uint64(offset), + RetProbe: retprobe, + }}, }, }, } diff --git a/controllers/bpfman-operator/xdp-program_test.go b/controllers/bpfman-operator/xdp-program_test.go index 92223a008..dc3723ea2 100644 --- a/controllers/bpfman-operator/xdp-program_test.go +++ b/controllers/bpfman-operator/xdp-program_test.go @@ -64,13 +64,15 @@ func TestXdpProgramReconcile(t *testing.T) { BpfProgramCommon: bpfmaniov1alpha1.BpfProgramCommon{ BpfFunctionName: bpfFunctionName, }, - InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ - Interfaces: &[]string{fakeInt}, - }, - Priority: 0, - ProceedOn: []bpfmaniov1alpha1.XdpProceedOnValue{bpfmaniov1alpha1.XdpProceedOnValue("pass"), - bpfmaniov1alpha1.XdpProceedOnValue("dispatcher_return"), - }, + AttachPoints: []bpfmaniov1alpha1.XdpAttachInfo{{ + InterfaceSelector: bpfmaniov1alpha1.InterfaceSelector{ + Interfaces: &[]string{fakeInt}, + }, + Priority: 0, + ProceedOn: []bpfmaniov1alpha1.XdpProceedOnValue{bpfmaniov1alpha1.XdpProceedOnValue("pass"), + bpfmaniov1alpha1.XdpProceedOnValue("dispatcher_return"), + }, + }}, }, }, }