Disable profiling port in bpfman-agent to avoid host network conflicts #457
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
frobware
commented
Jul 21, 2025
frobware
commented
- Vendor container runtime dependencies
- Implement container runtime abstraction package
- Add bpfman-crictl command-line tool
- Add validation script for bpfman-crictl functionality
- Migrate agent controllers to use native CRI client
- Complete crictl elimination from agent containers
- Disable profiling port in bpfman-agent to avoid host network conflicts
Adds CRI-API client libraries and supporting packages required for direct container runtime communication. This enables the operator to interact with container runtimes without external tool dependencies. - Adds k8s.io/cri-api for container runtime interface - Includes gogo/protobuf for protocol buffer support - Updates vendor modules for CRI integration Signed-off-by: Andrew McDermott <[email protected]>
Provides a clean abstraction layer for container runtime interactions to replace direct crictl command execution. - Implements CRI client for runtime communication - Provides container discovery and inspection functions - Abstracts socket detection and connection handling - Enables type-safe container operations Signed-off-by: Andrew McDermott <[email protected]>
Introduces a purpose-built container runtime client to replace crictl dependency. This tool provides only the functionality needed by the bpfman operator. - Implements crictl-compatible container inspection commands - Provides lightweight alternative to external crictl binary - Supports container discovery and listing operations - Enables self-contained container runtime interactions Signed-off-by: Andrew McDermott <[email protected]>
Introduces a testing script to validate bpfman-crictl behaviour against real container runtime environments. This ensures compatibility and correctness of the crictl replacement. - Validates container discovery and inspection operations - Tests CRI socket detection and connection handling - Verifies output format compatibility with crictl - Enables regression testing for runtime interactions Signed-off-by: Andrew McDermott <[email protected]>
Replaces external crictl command execution with direct CRI API calls through the pkg/crictl abstraction. This improves performance and reduces external dependencies for container runtime operations. - Removes crictl subprocess execution from agent controllers - Implements direct CRI client usage for container operations - Improves error handling and type safety - Reduces container runtime interaction latency Signed-off-by: Andrew McDermott <[email protected]>
Removes external crictl dependency from agent container images whilst adding the native bpfman-crictl binary. This completes the transition to self-contained container runtime operations. - Removes crictl package installation from agent containers - Adds bpfman-crictl binary to container images - Reduces container size and external dependencies - Provides equivalent runtime functionality through native tooling Signed-off-by: Andrew McDermott <[email protected]>
The bpfman-agent runs with hostNetwork=true, causing port 6060 to be bound on every node. Since there is currently no configuration option in the bpfman-config ConfigMap to disable or change this port, the hardcoded profiling argument is commented out. This change allows production deployments to proceed without port conflicts whilst preserving the profiling capability for development environments where it can be easily uncommented and re-enabled as needed. Signed-off-by: Andrew McDermott <[email protected]>
frobware
pushed a commit
to frobware/bpfman-operator
that referenced
this pull request
Sep 5, 2025
…s/component-update-ocp-bpfman-operator chore(deps): update ocp-bpfman-operator to 47e06d8
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.