WIP: Initial pass at BpfApplication CRD update for load/attach split

The main change is that a separate optional list of attach points is
included with each program (except for fentry and fexit programs that just
include an attach boolean). Otherwise, the info is all the same.

The list of attach points may be updated any time after the programs
are loaded, which allows the program to be loaded before any attachments are
made, and allows attachments to be added after the program has been loaded.

Existing controllers have been updated to work with new CRDs, but they only
work with a single attach point per program.

I've updated the bpfman.io_v1alpha1_bpfapplication.yaml, but the others still have
the old format and won't work with the current code.

TODO: Add a per-node CRD (BpfProgram analog) to maintain the per-node
state for the BpfApplication.

Signed-off-by: Andre Fredette <[email protected]>

Author: anfredette

apis/v1alpha1/bpfApplication_types.go

@@ -138,7 +138,7 @@ type BpfApplicationSpec struct {
 
 // BpfApplicationStatus defines the observed state of BpfApplication
 type BpfApplicationStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
+	BpfAppStatus `json:",inline"`
 }
 
 // +genclient
@@ -155,8 +155,8 @@ type BpfApplication struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec   BpfApplicationSpec   `json:"spec,omitempty"`
-	Status BpfApplicationStatus `json:"status,omitempty"`
+	Spec   BpfApplicationSpec `json:"spec,omitempty"`
+	Status BpfAppStatus       `json:"status,omitempty"`
 }
 
 // +kubebuilder:object:root=true

apis/v1alpha1/bpfNsApplication_types.go

@@ -85,7 +85,7 @@ type BpfNsApplication struct {
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
 	Spec   BpfNsApplicationSpec `json:"spec,omitempty"`
-	Status BpfApplicationStatus `json:"status,omitempty"`
+	Status BpfAppStatus         `json:"status,omitempty"`
 }
 
 // +kubebuilder:object:root=true

apis/v1alpha1/fentryProgram_types.go

@@ -37,9 +37,8 @@ type FentryProgram struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec FentryProgramSpec `json:"spec"`
-	// +optional
-	Status FentryProgramStatus `json:"status,omitempty"`
+	Spec   FentryProgramSpec `json:"spec"`
+	Status BpfAppStatus      `json:"status,omitempty"`
 }
 
 // FentryProgramSpec defines the desired state of FentryProgram
@@ -52,13 +51,19 @@ type FentryProgramSpec struct {
 // FentryProgramInfo defines the Fentry program details
 type FentryProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
-	// Function to attach the fentry to.
-	FunctionName string `json:"func_name"`
+	FentryLoadInfo   `json:",inline"`
+	// Whether the program should be attached to the function.
+	// This may be updated after the program has been loaded.
+	// +optional
+	// +kubebuilder:default=false
+	Attach bool `json:"attach,omitempty"`
 }
 
-// FentryProgramStatus defines the observed state of FentryProgram
-type FentryProgramStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
+// FentryLoadInfo contains the program-specific load information for Fentry
+// programs
+type FentryLoadInfo struct {
+	// FunctionName is the name of the function to attach the Fentry program to.
+	FunctionName string `json:"function_name"`
 }
 
 // +kubebuilder:object:root=true

apis/v1alpha1/fexitProgram_types.go

@@ -37,9 +37,8 @@ type FexitProgram struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec FexitProgramSpec `json:"spec"`
-	// +optional
-	Status FexitProgramStatus `json:"status,omitempty"`
+	Spec   FexitProgramSpec `json:"spec"`
+	Status BpfAppStatus     `json:"status,omitempty"`
 }
 
 // FexitProgramSpec defines the desired state of FexitProgram
@@ -52,13 +51,19 @@ type FexitProgramSpec struct {
 // FexitProgramInfo defines the Fexit program details
 type FexitProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
-	// Function to attach the fexit to.
-	FunctionName string `json:"func_name"`
+	FexitLoadInfo    `json:",inline"`
+	// Whether the program should be attached to the function.
+	// This may be updated after the program has been loaded.
+	// +optional
+	// +kubebuilder:default=false
+	Attach bool `json:"attach,omitempty"`
 }
 
-// FexitProgramStatus defines the observed state of FexitProgram
-type FexitProgramStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
+// FexitLoadInfo contains the program-specific load information for Fexit
+// programs
+type FexitLoadInfo struct {
+	// FunctionName is the name of the function to attach the Fexit program to.
+	FunctionName string `json:"function_name"`
 }
 
 // +kubebuilder:object:root=true

apis/v1alpha1/kprobeProgram_types.go

@@ -39,16 +39,14 @@ type KprobeProgram struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec KprobeProgramSpec `json:"spec"`
-	// +optional
-	Status KprobeProgramStatus `json:"status,omitempty"`
+	Spec   KprobeProgramSpec `json:"spec"`
+	Status BpfAppStatus      `json:"status,omitempty"`
 }
 
 // KprobeProgramSpec defines the desired state of KprobeProgram
 // +kubebuilder:printcolumn:name="FunctionName",type=string,JSONPath=`.spec.func_name`
 // +kubebuilder:printcolumn:name="Offset",type=integer,JSONPath=`.spec.offset`
 // +kubebuilder:printcolumn:name="RetProbe",type=boolean,JSONPath=`.spec.retprobe`
-// +kubebuilder:validation:XValidation:message="offset cannot be set for kretprobes",rule="self.retprobe == false || self.offset == 0"
 type KprobeProgramSpec struct {
 	KprobeProgramInfo `json:",inline"`
 	BpfAppCommon      `json:",inline"`
@@ -57,7 +55,14 @@ type KprobeProgramSpec struct {
 // KprobeProgramInfo defines the common fields for KprobeProgram
 type KprobeProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
+	// The list of points to which the program should be attached.  The list is
+	// optional and may be udated after the bpf program has been loaded
+	// +optional
+	AttachPoints []KprobeAttachInfo `json:"attach_points"`
+}
 
+// +kubebuilder:validation:XValidation:message="offset cannot be set for kretprobes",rule="self.retprobe == false || self.offset == 0"
+type KprobeAttachInfo struct {
 	// Functions to attach the kprobe to.
 	FunctionName string `json:"func_name"`
 
@@ -73,11 +78,6 @@ type KprobeProgramInfo struct {
 	RetProbe bool `json:"retprobe"`
 }
 
-// KprobeProgramStatus defines the observed state of KprobeProgram
-type KprobeProgramStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
-}
-
 // +kubebuilder:object:root=true
 // KprobeProgramList contains a list of KprobePrograms
 type KprobeProgramList struct {

apis/v1alpha1/shared_types.go

@@ -100,8 +100,8 @@ type BpfAppCommon struct {
 	ByteCode BytecodeSelector `json:"bytecode"`
 }
 
-// BpfProgramStatusCommon defines the BpfProgram status
-type BpfProgramStatusCommon struct {
+// BpfAppStatus defines the BpfProgram status
+type BpfAppStatus struct {
 	// Conditions houses the global cluster state for the eBPFProgram. The explicit
 	// condition types are defined internally.
 	// +patchMergeKey=type

apis/v1alpha1/tcNsProgram_types.go

@@ -41,7 +41,7 @@ type TcNsProgram struct {
 
 	Spec TcNsProgramSpec `json:"spec"`
 	// +optional
-	Status TcProgramStatus `json:"status,omitempty"`
+	Status BpfAppStatus `json:"status,omitempty"`
 }
 
 // TcNsProgramSpec defines the desired state of TcNsProgram
@@ -50,10 +50,16 @@ type TcNsProgramSpec struct {
 	BpfAppCommon    `json:",inline"`
 }
 
-// TcNsProgramInfo defines the tc program details
+// TcProgramInfo defines the tc program details
 type TcNsProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
+	// The list of points to which the program should be attached.  The list is
+	// optional and may be udated after the bpf program has been loaded
+	// +optional
+	AttachPoints []TcNsAttachInfo `json:"attach_points"`
+}
 
+type TcNsAttachInfo struct {
 	// Selector to determine the network interface (or interfaces)
 	InterfaceSelector InterfaceSelector `json:"interfaceselector"`
 

apis/v1alpha1/tcProgram_types.go

@@ -40,9 +40,8 @@ type TcProgram struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec TcProgramSpec `json:"spec"`
-	// +optional
-	Status TcProgramStatus `json:"status,omitempty"`
+	Spec   TcProgramSpec `json:"spec"`
+	Status BpfAppStatus  `json:"status,omitempty"`
 }
 
 // +kubebuilder:validation:Enum=unspec;ok;reclassify;shot;pipe;stolen;queued;repeat;redirect;trap;dispatcher_return
@@ -57,7 +56,13 @@ type TcProgramSpec struct {
 // TcProgramInfo defines the tc program details
 type TcProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
+	// The list of points to which the program should be attached.  The list is
+	// optional and may be udated after the bpf program has been loaded
+	// +optional
+	AttachPoints []TcAttachInfo `json:"attach_points"`
+}
 
+type TcAttachInfo struct {
 	// Selector to determine the network interface (or interfaces)
 	InterfaceSelector InterfaceSelector `json:"interfaceselector"`
 
@@ -87,11 +92,6 @@ type TcProgramInfo struct {
 	ProceedOn []TcProceedOnValue `json:"proceedon"`
 }
 
-// TcProgramStatus defines the observed state of TcProgram
-type TcProgramStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
-}
-
 // +kubebuilder:object:root=true
 // TcProgramList contains a list of TcPrograms
 type TcProgramList struct {

apis/v1alpha1/tcxNsProgram_types.go

@@ -41,7 +41,7 @@ type TcxNsProgram struct {
 
 	Spec TcxNsProgramSpec `json:"spec"`
 	// +optional
-	Status TcxProgramStatus `json:"status,omitempty"`
+	Status BpfAppStatus `json:"status,omitempty"`
 }
 
 // TcxNsProgramSpec defines the desired state of TcxNsProgram
@@ -53,12 +53,19 @@ type TcxNsProgramSpec struct {
 // TcxNsProgramInfo defines the TCX Ns Program details
 type TcxNsProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
+	// The list of points to which the program should be attached.  The list is
+	// optional and may be udated after the bpf program has been loaded
+	// +optional
+	AttachPoints []TcxNsAttachInfo `json:"attach_points"`
+}
 
+type TcxNsAttachInfo struct {
 	// Selector to determine the network interface (or interfaces)
 	InterfaceSelector InterfaceSelector `json:"interfaceselector"`
 
 	// Containers identifies the set of containers in which to attach the eBPF
-	// program.
+	// program. If Containers is not specified, the BPF program will be attached
+	// in the root network namespace.
 	Containers ContainerNsSelector `json:"containers"`
 
 	// Direction specifies the direction of traffic the tcx program should

apis/v1alpha1/tcxProgram_types.go

@@ -40,9 +40,8 @@ type TcxProgram struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	Spec TcxProgramSpec `json:"spec"`
-	// +optional
-	Status TcxProgramStatus `json:"status,omitempty"`
+	Spec   TcxProgramSpec `json:"spec"`
+	Status BpfAppStatus   `json:"status,omitempty"`
 }
 
 // TcxProgramSpec defines the desired state of TcxProgram
@@ -54,7 +53,13 @@ type TcxProgramSpec struct {
 // TcxProgramInfo defines the tc program details
 type TcxProgramInfo struct {
 	BpfProgramCommon `json:",inline"`
+	// The list of points to which the program should be attached.  The list is
+	// optional and may be udated after the bpf program has been loaded
+	// +optional
+	AttachPoints []TcxAttachInfo `json:"attach_points"`
+}
 
+type TcxAttachInfo struct {
 	// Selector to determine the network interface (or interfaces)
 	InterfaceSelector InterfaceSelector `json:"interfaceselector"`
 
@@ -77,11 +82,6 @@ type TcxProgramInfo struct {
 	Priority int32 `json:"priority"`
 }
 
-// TcxProgramStatus defines the observed state of TcxProgram
-type TcxProgramStatus struct {
-	BpfProgramStatusCommon `json:",inline"`
-}
-
 // +kubebuilder:object:root=true
 // TcxProgramList contains a list of TcxPrograms
 type TcxProgramList struct {