Merge pull request #424 from msherif1234/netns-followup

split out interface discovery processing

Author: mergify[bot]

config/bpfman-deployment/daemonset.yaml

@@ -104,6 +104,9 @@ spec:
             - mountPath: /host/netns
               name: host-netns
               mountPropagation: HostToContainer
+            - mountPath: /var/run/netns
+              name: var-run-netns
+              mountPropagation: HostToContainer
             # The bpfman.toml config file
             - name: bpfman-config
               mountPath: /etc/bpfman/bpfman.toml
@@ -144,6 +147,9 @@ spec:
               name: host-dockerd
             - mountPath: /etc/crictl.yaml
               name: host-crictl-config
+            - mountPath: /var/run/netns
+              name: var-run-netns
+              mountPropagation: HostToContainer
         - name: node-driver-registrar
           image: quay.io/bpfman/csi-node-driver-registrar:v2.13.0
           imagePullPolicy: IfNotPresent
@@ -218,6 +224,9 @@ spec:
         - hostPath:
             path: /run/netns
           name: host-netns
+        - hostPath:
+            path: /var/run/netns
+          name: var-run-netns
         - hostPath:
             path: /run/containerd/containerd.sock
           name: host-containerd

controllers/bpfman-agent/cl_tc_program.go

@@ -270,18 +270,45 @@ func (r *ClTcProgramReconciler) removeLinks(links []bpfmaniov1alpha1.ClTcAttachI
 
 // getExpectedLinks expands *AttachInfo into a list of specific attach
 // points.
-func (r *ClTcProgramReconciler) getExpectedLinks(ctx context.Context, attachInfo bpfmaniov1alpha1.ClTcAttachInfo,
-) ([]bpfmaniov1alpha1.ClTcAttachInfoState, error) {
-	interfaces, err := getInterfaces(&attachInfo.InterfaceSelector, r.ourNode, r.Interfaces)
-	if err != nil {
-		return nil, fmt.Errorf("failed to get interfaces for TcProgram: %v", err)
+func (r *ClTcProgramReconciler) getExpectedLinks(ctx context.Context, attachInfo bpfmaniov1alpha1.ClTcAttachInfo) ([]bpfmaniov1alpha1.ClTcAttachInfoState, error) {
+	nodeLinks := []bpfmaniov1alpha1.ClTcAttachInfoState{}
+	// Helper function to create a ClTcAttachInfoState entry
+	createLinkEntry := func(interfaceName, netnsPath string) bpfmaniov1alpha1.ClTcAttachInfoState {
+		return bpfmaniov1alpha1.ClTcAttachInfoState{
+			AttachInfoStateCommon: bpfmaniov1alpha1.AttachInfoStateCommon{
+				ShouldAttach: true,
+				UUID:         uuid.New().String(),
+				LinkId:       nil,
+				LinkStatus:   bpfmaniov1alpha1.ApAttachNotAttached,
+			},
+			InterfaceName: interfaceName,
+			NetnsPath:     netnsPath,
+			Priority:      attachInfo.Priority,
+			Direction:     attachInfo.Direction,
+			ProceedOn:     attachInfo.ProceedOn,
+		}
 	}
 
-	nodeLinks := []bpfmaniov1alpha1.ClTcAttachInfoState{}
+	// Handle interface discovery
+	if isInterfacesDiscoveryEnabled(&attachInfo.InterfaceSelector) {
+		discoveredInterfaces, err := getDiscoveredInterfaces(&attachInfo.InterfaceSelector, r.Interfaces)
+		if err != nil {
+			return nil, fmt.Errorf("failed to discover interfaces: %w", err)
+		}
+		for _, intf := range discoveredInterfaces {
+			nodeLinks = append(nodeLinks, createLinkEntry(intf.interfaceName, intf.netNSPath))
+		}
+		return nodeLinks, nil
+	}
 
+	// Fetch interfaces if discovery is disabled
+	interfaces, err := getInterfaces(&attachInfo.InterfaceSelector, r.ourNode)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get interfaces for XdpProgram: %w", err)
+	}
+
+	// Handle network namespaces if provided
 	if attachInfo.NetworkNamespaces != nil {
-		// There is a network namespace selector, so see if there are any
-		// matching network namespaces on this node.
 		containerInfo, err := r.Containers.GetContainers(
 			ctx,
 			attachInfo.NetworkNamespaces.Namespace,
@@ -290,72 +317,27 @@ func (r *ClTcProgramReconciler) getExpectedLinks(ctx context.Context, attachInfo
 			r.Logger,
 		)
 		if err != nil {
-			return nil, fmt.Errorf("failed to get container pids: %v", err)
+			return nil, fmt.Errorf("failed to get container pids: %w", err)
 		}
 
-		if containerInfo != nil {
-			// Just use one container per pod to get the pod's network
-			// namespace.
-			containerInfo = GetOneContainerPerPod(containerInfo)
-			for _, container := range *containerInfo {
-				netnsPath := netnsPathFromPID(container.pid)
-				for _, iface := range interfaces {
-					link := bpfmaniov1alpha1.ClTcAttachInfoState{
-						AttachInfoStateCommon: bpfmaniov1alpha1.AttachInfoStateCommon{
-							ShouldAttach: true,
-							UUID:         uuid.New().String(),
-							LinkId:       nil,
-							LinkStatus:   bpfmaniov1alpha1.ApAttachNotAttached,
-						},
-						InterfaceName: iface,
-						NetnsPath:     netnsPath,
-						Priority:      attachInfo.Priority,
-						Direction:     attachInfo.Direction,
-						ProceedOn:     attachInfo.ProceedOn,
-					}
-					nodeLinks = append(nodeLinks, link)
-				}
-			}
-		} else {
-			// This is an error -- either namespacePath or pods must be set.
-			r.Logger.Error(fmt.Errorf("neither namespacePath nor pods is set"), "internal error")
+		if containerInfo == nil {
+			r.Logger.Info("NetworkNamespaces is configured but no matching container found")
+			return nodeLinks, nil
 		}
-	} else {
-		for _, iface := range interfaces {
-			netnsList := getInterfaceNetNsList(&attachInfo.InterfaceSelector, iface, r.Interfaces)
-			if len(netnsList) == 0 {
-				link := bpfmaniov1alpha1.ClTcAttachInfoState{
-					AttachInfoStateCommon: bpfmaniov1alpha1.AttachInfoStateCommon{
-						ShouldAttach: true,
-						UUID:         uuid.New().String(),
-						LinkId:       nil,
-						LinkStatus:   bpfmaniov1alpha1.ApAttachNotAttached,
-					},
-					InterfaceName: iface,
-					Priority:      attachInfo.Priority,
-					Direction:     attachInfo.Direction,
-					ProceedOn:     attachInfo.ProceedOn,
-				}
-				nodeLinks = append(nodeLinks, link)
-			} else {
-				for _, netns := range netnsList[iface] {
-					link := bpfmaniov1alpha1.ClTcAttachInfoState{
-						AttachInfoStateCommon: bpfmaniov1alpha1.AttachInfoStateCommon{
-							ShouldAttach: true,
-							UUID:         uuid.New().String(),
-							LinkId:       nil,
-							LinkStatus:   bpfmaniov1alpha1.ApAttachNotAttached,
-						},
-						InterfaceName: iface,
-						Priority:      attachInfo.Priority,
-						Direction:     attachInfo.Direction,
-						ProceedOn:     attachInfo.ProceedOn,
-						NetnsPath:     netns,
-					}
-					nodeLinks = append(nodeLinks, link)
-				}
+
+		containerInfo = GetOneContainerPerPod(containerInfo)
+		for _, container := range *containerInfo {
+			netnsPath := netnsPathFromPID(container.pid)
+			for _, iface := range interfaces {
+				nodeLinks = append(nodeLinks, createLinkEntry(iface, netnsPath))
 			}
 		}
+		return nodeLinks, nil
+	}
+
+	// Fallback: Assign interfaces without a namespace
+	for _, iface := range interfaces {
+		nodeLinks = append(nodeLinks, createLinkEntry(iface, ""))
 	}
 
 	return nodeLinks, nil

controllers/bpfman-agent/cl_tcx_program.go

@@ -234,17 +234,44 @@ func (r *ClTcxProgramReconciler) removeLinks(links []bpfmaniov1alpha1.ClTcxAttac
 
 // getExpectedLinks expands *AttachInfo into a list of specific attach
 // points.
-func (r *ClTcxProgramReconciler) getExpectedLinks(ctx context.Context, attachInfo bpfmaniov1alpha1.ClTcxAttachInfo,
-) ([]bpfmaniov1alpha1.ClTcxAttachInfoState, error) {
-	interfaces, err := getInterfaces(&attachInfo.InterfaceSelector, r.ourNode, r.Interfaces)
-	if err != nil {
-		return nil, fmt.Errorf("failed to get interfaces for TcxProgram: %v", err)
+func (r *ClTcxProgramReconciler) getExpectedLinks(ctx context.Context, attachInfo bpfmaniov1alpha1.ClTcxAttachInfo) ([]bpfmaniov1alpha1.ClTcxAttachInfoState, error) {
+	nodeLinks := []bpfmaniov1alpha1.ClTcxAttachInfoState{}
+	// Helper function to create a ClTcxAttachInfoState entry
+	createLinkEntry := func(interfaceName, netnsPath string) bpfmaniov1alpha1.ClTcxAttachInfoState {
+		return bpfmaniov1alpha1.ClTcxAttachInfoState{
+			AttachInfoStateCommon: bpfmaniov1alpha1.AttachInfoStateCommon{
+				ShouldAttach: true,
+				UUID:         uuid.New().String(),
+				LinkId:       nil,
+				LinkStatus:   bpfmaniov1alpha1.ApAttachNotAttached,
+			},
+			InterfaceName: interfaceName,
+			NetnsPath:     netnsPath,
+			Priority:      attachInfo.Priority,
+			Direction:     attachInfo.Direction,
+		}
 	}
 
-	nodeLinks := []bpfmaniov1alpha1.ClTcxAttachInfoState{}
+	// Handle interface discovery
+	if isInterfacesDiscoveryEnabled(&attachInfo.InterfaceSelector) {
+		discoveredInterfaces, err := getDiscoveredInterfaces(&attachInfo.InterfaceSelector, r.Interfaces)
+		if err != nil {
+			return nil, fmt.Errorf("failed to discover interfaces: %w", err)
+		}
+		for _, intf := range discoveredInterfaces {
+			nodeLinks = append(nodeLinks, createLinkEntry(intf.interfaceName, intf.netNSPath))
+		}
+		return nodeLinks, nil
+	}
 
+	// Fetch interfaces if discovery is disabled
+	interfaces, err := getInterfaces(&attachInfo.InterfaceSelector, r.ourNode)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get interfaces for XdpProgram: %w", err)
+	}
+
+	// Handle network namespaces if provided
 	if attachInfo.NetworkNamespaces != nil {
-		// If the pod selector is set, we use the pod selector.
 		containerInfo, err := r.Containers.GetContainers(
 			ctx,
 			attachInfo.NetworkNamespaces.Namespace,
@@ -253,69 +280,27 @@ func (r *ClTcxProgramReconciler) getExpectedLinks(ctx context.Context, attachInf
 			r.Logger,
 		)
 		if err != nil {
-			return nil, fmt.Errorf("failed to get container pids: %v", err)
+			return nil, fmt.Errorf("failed to get container pids: %w", err)
 		}
 
-		if containerInfo != nil {
-			// Just use one container per pod to get the pod's network
-			// namespace.
-			containerInfo = GetOneContainerPerPod(containerInfo)
-			for _, container := range *containerInfo {
-				netnsPath := netnsPathFromPID(container.pid)
-				for _, iface := range interfaces {
-					link := bpfmaniov1alpha1.ClTcxAttachInfoState{
-						AttachInfoStateCommon: bpfmaniov1alpha1.AttachInfoStateCommon{
-							ShouldAttach: true,
-							UUID:         uuid.New().String(),
-							LinkId:       nil,
-							LinkStatus:   bpfmaniov1alpha1.ApAttachNotAttached,
-						},
-						InterfaceName: iface,
-						NetnsPath:     netnsPath,
-						Priority:      attachInfo.Priority,
-						Direction:     attachInfo.Direction,
-					}
-					nodeLinks = append(nodeLinks, link)
-				}
-			}
-		} else {
-			// This is an error -- either namespacePath or pods must be set.
-			r.Logger.Error(fmt.Errorf("neither namespacePath nor pods is set"), "internal error")
+		if containerInfo == nil {
+			r.Logger.Info("NetworkNamespaces is configured but no matching container found")
+			return nodeLinks, nil
 		}
-	} else {
-		for _, iface := range interfaces {
-			netnsList := getInterfaceNetNsList(&attachInfo.InterfaceSelector, iface, r.Interfaces)
-			if len(netnsList) == 0 {
-				link := bpfmaniov1alpha1.ClTcxAttachInfoState{
-					AttachInfoStateCommon: bpfmaniov1alpha1.AttachInfoStateCommon{
-						ShouldAttach: true,
-						UUID:         uuid.New().String(),
-						LinkId:       nil,
-						LinkStatus:   bpfmaniov1alpha1.ApAttachNotAttached,
-					},
-					InterfaceName: iface,
-					Priority:      attachInfo.Priority,
-					Direction:     attachInfo.Direction,
-				}
-				nodeLinks = append(nodeLinks, link)
-			} else {
-				for _, netns := range netnsList[iface] {
-					link := bpfmaniov1alpha1.ClTcxAttachInfoState{
-						AttachInfoStateCommon: bpfmaniov1alpha1.AttachInfoStateCommon{
-							ShouldAttach: true,
-							UUID:         uuid.New().String(),
-							LinkId:       nil,
-							LinkStatus:   bpfmaniov1alpha1.ApAttachNotAttached,
-						},
-						InterfaceName: iface,
-						Priority:      attachInfo.Priority,
-						Direction:     attachInfo.Direction,
-						NetnsPath:     netns,
-					}
-					nodeLinks = append(nodeLinks, link)
-				}
+
+		containerInfo = GetOneContainerPerPod(containerInfo)
+		for _, container := range *containerInfo {
+			netnsPath := netnsPathFromPID(container.pid)
+			for _, iface := range interfaces {
+				nodeLinks = append(nodeLinks, createLinkEntry(iface, netnsPath))
 			}
 		}
+		return nodeLinks, nil
+	}
+
+	// Fallback: Assign interfaces without a namespace
+	for _, iface := range interfaces {
+		nodeLinks = append(nodeLinks, createLinkEntry(iface, ""))
 	}
 
 	return nodeLinks, nil