WIP: Initial pass at BpfApplication CRD update for load/attach split

The main change is that a separate optional list of attach points is
included with each program (except for fentry and fexit programs that just
include an attach boolean). Otherwise, the info is all the same.

The list of attach points may be updated any time after the programs
are loaded, which allows the program to be loaded before any attachments are
made, and allows attachments to be added after the program has been loaded.

Existing controllers have been updated to work with new CRDs, but they only
work with a single attach point per program.

I've updated the bpfman.io_v1alpha1_bpfapplication.yaml, but the others still have
the old format and won't work with the current code.

TODO: Add a per-node CRD (BpfProgram analog) to maintain the per-node
state for the BpfApplication.

Signed-off-by: Andre Fredette <[email protected]>

Author: anfredette

apis/v1alpha1/bpfapplication_types.go

@@ -138,7 +138,7 @@ type BpfApplicationSpec struct {
 
 // BpfApplicationStatus defines the observed state of BpfApplication
 type BpfApplicationStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
+	BpfAppStatus `json:",inline"`
 }
 
 // +genclient
@@ -155,8 +155,8 @@ type BpfApplication struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec   BpfApplicationSpec   `json:"spec,omitempty"`
-	Status BpfApplicationStatus `json:"status,omitempty"`
+	Spec   BpfApplicationSpec `json:"spec,omitempty"`
+	Status BpfAppStatus       `json:"status,omitempty"`
 }
 
 // +kubebuilder:object:root=true

apis/v1alpha1/fentryProgram_types.go

@@ -37,9 +37,8 @@ type FentryProgram struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec FentryProgramSpec `json:"spec"`
-	// +optional
-	Status FentryProgramStatus `json:"status,omitempty"`
+	Spec   FentryProgramSpec `json:"spec"`
+	Status BpfAppStatus      `json:"status,omitempty"`
 }
 
 // FentryProgramSpec defines the desired state of FentryProgram
@@ -52,13 +51,19 @@ type FentryProgramSpec struct {
 // FentryProgramInfo defines the Fentry program details
 type FentryProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
-	// Function to attach the fentry to.
-	FunctionName string `json:"func_name"`
+	FentryLoadInfo   `json:",inline"`
+	// Whether the program should be attached to the function.
+	// This may be updated after the program has been loaded.
+	// +optional
+	// +kubebuilder:default=false
+	Attach bool `json:"attach,omitempty"`
 }
 
-// FentryProgramStatus defines the observed state of FentryProgram
-type FentryProgramStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
+// FentryLoadInfo contains the program-specific load information for Fentry
+// programs
+type FentryLoadInfo struct {
+	// FunctionName is the name of the function to attach the Fentry program to.
+	FunctionName string `json:"function_name"`
 }
 
 // +kubebuilder:object:root=true

apis/v1alpha1/fexitProgram_types.go

@@ -37,9 +37,8 @@ type FexitProgram struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec FexitProgramSpec `json:"spec"`
-	// +optional
-	Status FexitProgramStatus `json:"status,omitempty"`
+	Spec   FexitProgramSpec `json:"spec"`
+	Status BpfAppStatus     `json:"status,omitempty"`
 }
 
 // FexitProgramSpec defines the desired state of FexitProgram
@@ -52,13 +51,19 @@ type FexitProgramSpec struct {
 // FexitProgramInfo defines the Fexit program details
 type FexitProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
-	// Function to attach the fexit to.
-	FunctionName string `json:"func_name"`
+	FexitLoadInfo    `json:",inline"`
+	// Whether the program should be attached to the function.
+	// This may be updated after the program has been loaded.
+	// +optional
+	// +kubebuilder:default=false
+	Attach bool `json:"attach,omitempty"`
 }
 
-// FexitProgramStatus defines the observed state of FexitProgram
-type FexitProgramStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
+// FexitLoadInfo contains the program-specific load information for Fexit
+// programs
+type FexitLoadInfo struct {
+	// FunctionName is the name of the function to attach the Fexit program to.
+	FunctionName string `json:"function_name"`
 }
 
 // +kubebuilder:object:root=true

apis/v1alpha1/kprobeProgram_types.go

@@ -39,16 +39,14 @@ type KprobeProgram struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec KprobeProgramSpec `json:"spec"`
-	// +optional
-	Status KprobeProgramStatus `json:"status,omitempty"`
+	Spec   KprobeProgramSpec `json:"spec"`
+	Status BpfAppStatus      `json:"status,omitempty"`
 }
 
 // KprobeProgramSpec defines the desired state of KprobeProgram
 // +kubebuilder:printcolumn:name="FunctionName",type=string,JSONPath=`.spec.func_name`
 // +kubebuilder:printcolumn:name="Offset",type=integer,JSONPath=`.spec.offset`
 // +kubebuilder:printcolumn:name="RetProbe",type=boolean,JSONPath=`.spec.retprobe`
-// +kubebuilder:validation:XValidation:message="offset cannot be set for kretprobes",rule="self.retprobe == false || self.offset == 0"
 type KprobeProgramSpec struct {
 	KprobeProgramInfo `json:",inline"`
 	BpfAppCommon      `json:",inline"`
@@ -57,7 +55,14 @@ type KprobeProgramSpec struct {
 // KprobeProgramInfo defines the common fields for KprobeProgram
 type KprobeProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
+	// The list of points to which the program should be attached.  The list is
+	// optional and may be udated after the bpf program has been loaded
+	// +optional
+	AttachPoints []KprobeAttachInfo `json:"attach_points"`
+}
 
+// +kubebuilder:validation:XValidation:message="offset cannot be set for kretprobes",rule="self.retprobe == false || self.offset == 0"
+type KprobeAttachInfo struct {
 	// Functions to attach the kprobe to.
 	FunctionName string `json:"func_name"`
 
@@ -71,15 +76,6 @@ type KprobeProgramInfo struct {
 	// +optional
 	// +kubebuilder:default:=false
 	RetProbe bool `json:"retprobe"`
-
-	// // Host PID of container to attach the uprobe in. (Not supported yet by bpfman.)
-	// // +optional
-	// ContainerPid string `json:"containerpid"`
-}
-
-// KprobeProgramStatus defines the observed state of KprobeProgram
-type KprobeProgramStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
 }
 
 // +kubebuilder:object:root=true

apis/v1alpha1/shared_types.go

@@ -53,7 +53,8 @@ type ContainerSelector struct {
 	ContainerNames *[]string `json:"containernames,omitempty"`
 }
 
-// BpfProgramCommon defines the common attributes for all BPF programs
+// BpfProgramCommon defines the common attributes required to load all BPF
+// programs.
 type BpfProgramCommon struct {
 	// BpfFunctionName is the name of the function that is the entry point for the BPF
 	// program
@@ -86,8 +87,8 @@ type BpfAppCommon struct {
 	ByteCode BytecodeSelector `json:"bytecode"`
 }
 
-// BpfProgramStatusCommon defines the BpfProgram status
-type BpfProgramStatusCommon struct {
+// BpfAppStatus defines the BpfProgram status
+type BpfAppStatus struct {
 	// Conditions houses the global cluster state for the eBPFProgram. The explicit
 	// condition types are defined internally.
 	// +patchMergeKey=type

apis/v1alpha1/tcProgram_types.go

@@ -40,9 +40,8 @@ type TcProgram struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec TcProgramSpec `json:"spec"`
-	// +optional
-	Status TcProgramStatus `json:"status,omitempty"`
+	Spec   TcProgramSpec `json:"spec"`
+	Status BpfAppStatus  `json:"status,omitempty"`
 }
 
 // +kubebuilder:validation:Enum=unspec;ok;reclassify;shot;pipe;stolen;queued;repeat;redirect;trap;dispatcher_return
@@ -57,7 +56,13 @@ type TcProgramSpec struct {
 // TcProgramInfo defines the tc program details
 type TcProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
+	// The list of points to which the program should be attached.  The list is
+	// optional and may be udated after the bpf program has been loaded
+	// +optional
+	AttachPoints []TcAttachInfo `json:"attach_points"`
+}
 
+type TcAttachInfo struct {
 	// Selector to determine the network interface (or interfaces)
 	InterfaceSelector InterfaceSelector `json:"interfaceselector"`
 
@@ -87,11 +92,6 @@ type TcProgramInfo struct {
 	ProceedOn []TcProceedOnValue `json:"proceedon"`
 }
 
-// TcProgramStatus defines the observed state of TcProgram
-type TcProgramStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
-}
-
 // +kubebuilder:object:root=true
 // TcProgramList contains a list of TcPrograms
 type TcProgramList struct {

apis/v1alpha1/tcxProgram_types.go

@@ -40,9 +40,8 @@ type TcxProgram struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec TcxProgramSpec `json:"spec"`
-	// +optional
-	Status TcxProgramStatus `json:"status,omitempty"`
+	Spec   TcxProgramSpec `json:"spec"`
+	Status BpfAppStatus   `json:"status,omitempty"`
 }
 
 // TcxProgramSpec defines the desired state of TcxProgram
@@ -54,7 +53,13 @@ type TcxProgramSpec struct {
 // TcxProgramInfo defines the tc program details
 type TcxProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
+	// The list of points to which the program should be attached.  The list is
+	// optional and may be udated after the bpf program has been loaded
+	// +optional
+	AttachPoints []TcxAttachInfo `json:"attach_points"`
+}
 
+type TcxAttachInfo struct {
 	// Selector to determine the network interface (or interfaces)
 	InterfaceSelector InterfaceSelector `json:"interfaceselector"`
 
@@ -77,11 +82,6 @@ type TcxProgramInfo struct {
 	Priority int32 `json:"priority"`
 }
 
-// TcxProgramStatus defines the observed state of TcProgram
-type TcxProgramStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
-}
-
 // +kubebuilder:object:root=true
 // TcxProgramList contains a list of TcxPrograms
 type TcxProgramList struct {

apis/v1alpha1/tracepointProgram_types.go

@@ -37,9 +37,8 @@ type TracepointProgram struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec TracepointProgramSpec `json:"spec"`
-	// +optional
-	Status TracepointProgramStatus `json:"status,omitempty"`
+	Spec   TracepointProgramSpec `json:"spec"`
+	Status BpfAppStatus          `json:"status,omitempty"`
 }
 
 // TracepointProgramSpec defines the desired state of TracepointProgram
@@ -52,15 +51,16 @@ type TracepointProgramSpec struct {
 // TracepointProgramInfo defines the Tracepoint program details
 type TracepointProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
-
-	// Names refers to the names of kernel tracepoints to attach the
-	// bpf program to.
-	Names []string `json:"names"`
+	// The list of points to which the program should be attached.  The list is
+	// optional and may be udated after the bpf program has been loaded
+	// +optional
+	AttachPoints []TracepointAttachInfo `json:"attach_points"`
 }
 
-// TracepointProgramStatus defines the observed state of TracepointProgram
-type TracepointProgramStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
+type TracepointAttachInfo struct {
+	// Name refers to the name of a kernel tracepoint to attach the
+	// bpf program to.
+	Name string `json:"name"`
 }
 
 // +kubebuilder:object:root=true

apis/v1alpha1/uprobeProgram_types.go

@@ -41,9 +41,8 @@ type UprobeProgram struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec UprobeProgramSpec `json:"spec"`
-	// +optional
-	Status UprobeProgramStatus `json:"status,omitempty"`
+	Spec   UprobeProgramSpec `json:"spec"`
+	Status BpfAppStatus      `json:"status,omitempty"`
 }
 
 // UprobeProgramSpec defines the desired state of UprobeProgram
@@ -60,7 +59,13 @@ type UprobeProgramSpec struct {
 // UprobeProgramInfo contains the information about the uprobe program
 type UprobeProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
+	// The list of points to which the program should be attached.  The list is
+	// optional and may be udated after the bpf program has been loaded
+	// +optional
+	AttachPoints []UprobeAttachInfo `json:"attach_points"`
+}
 
+type UprobeAttachInfo struct {
 	// Function to attach the uprobe to.
 	// +optional
 	FunctionName string `json:"func_name"`
@@ -93,11 +98,6 @@ type UprobeProgramInfo struct {
 	Containers *ContainerSelector `json:"containers"`
 }
 
-// UprobeProgramStatus defines the observed state of UprobeProgram
-type UprobeProgramStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
-}
-
 // +kubebuilder:object:root=true
 // UprobeProgramList contains a list of UprobePrograms
 type UprobeProgramList struct {

apis/v1alpha1/xdpProgram_types.go

@@ -39,9 +39,8 @@ type XdpProgram struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec XdpProgramSpec `json:"spec"`
-	// +optional
-	Status XdpProgramStatus `json:"status,omitempty"`
+	Spec   XdpProgramSpec `json:"spec"`
+	Status BpfAppStatus   `json:"status,omitempty"`
 }
 
 // +kubebuilder:validation:Enum=aborted;drop;pass;tx;redirect;dispatcher_return
@@ -56,6 +55,13 @@ type XdpProgramSpec struct {
 // XdpProgramInfo defines the common fields for all XdpProgram types
 type XdpProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
+	// The list of points to which the program should be attached.  The list is
+	// optional and may be udated after the bpf program has been loaded
+	// +optional
+	AttachPoints []XdpAttachInfo `json:"attach_points"`
+}
+
+type XdpAttachInfo struct {
 	// Selector to determine the network interface (or interfaces)
 	InterfaceSelector InterfaceSelector `json:"interfaceselector"`
 
@@ -83,7 +89,7 @@ type XdpProgramInfo struct {
 
 // XdpProgramStatus defines the observed state of XdpProgram
 type XdpProgramStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
+	BpfAppStatus `json:",inline"`
 }
 
 // +kubebuilder:object:root=true